Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

Stay Secure with the Latest Linux Advisories

Opensuse Large Esm H800
openSUSE

openSUSE Chromedriver Moderate Security Issues Fixed 2026-10958-1

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed libmozjs Moderate Update CVE-2025-70103

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed Perl HTML Parser Moderate CVE-2026-8829 Advisory

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H800
openSUSE

openSUSE Tumbleweed kernel-devel Moderate Security Issue 2026-10954-1

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed Gleam Moderate Threat Fixed 2026-10953-1

Calendar White Jun 08, 2026
moderate
Ubuntu Large Esm H900
Ubuntu

Ubuntu 25.10 Systemd Critical Arbitrary Code Exec DNS Issues USN-8402-1

Calendar White Jun 08, 2026
Critical
Opensuse Large Esm H800
openSUSE

openSUSE Epiphany Important Password Handling Issue CVE-2023-26081

Calendar White Jun 08, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS 8399-1 Pillow Denial of Service Risk CVE-2026-42308

Calendar White Jun 08, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS Poppler Critical DoS Code Execution Vuln USN-8400-1

Calendar White Jun 08, 2026
Critical
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 4 articles for you...
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedoracritical update

Fedora 37: 2022-e139408490 Critical Open Redirect in mod_auth_openidc

This module enables an Apache 2.x web server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-e139408490 2022-12-25 01:06:43.535589 --------------------------------------------------------------------------------Name : mod_auth_openidc Product : Fedora 37 Version : 2.4.12.2 Release : 1.fc37 URL : https://github.com/OpenIDC/mod_auth_openidc Summary : OpenID Connect auth module for Apache HTTP Server Description : This module enables an Apache 2.x web server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. --------------------------------------------------------------------------------Update Information: CVE-2022-23527 mod_auth_openidc: Open Redirect in oidc_validate_redirect_url() using tab character --------------------------------------------------------------------------------ChangeLog: * Fri Dec 16 2022 Tomas Halman - 2.4.12.2-1 Rebase to 2.4.12.2 version - Resolves: rhbz#2153658 - CVE-2022-23527 mod_auth_openidc: Open Redirect in oidc_validate_redirect_url() using tab character --------------------------------------------------------------------------------References: [ 1 ] Bug #2153657 - CVE-2022-23527 mod_auth_openidc: Open Redirect in oidc_validate_redirect_url() using tab character [fedora-36] https://bugzilla.redhat.com/show_bug.cgi?id=2153657 [ 2 ] Bug #2153658 - CVE-2022-23527 mod_auth_openidc: Open Redirect in oidc_validate_redirect_url() using tab character [fedora-37] https://bugzilla.redhat.com/show_bug.cgi?id=2153658 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-e139408490' at the command line. For more information, refer to the dnf documentation availableat https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . The Apache HTTP Server's OpenID Connect extension has been critically updated to address a significant Open Redirect vulnerability.. mod_auth_openidc Update,Fedora Security Advisory,Open Redirect Apache Module. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Dec 25, 2022 Critical Fedora
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydebianinformation disclosure

Debian: DSA-3278-1 Moderate: Libapache Mod-Jk Information Leak Advisory

An information disclosure flaw due to incorrect JkMount/JkUnmount directives processing was found in the Apache 2 module mod_jk to forward requests from the Apache web server to Tomcat. A JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a . - ------------------------------------------------------------------------- Debian Security Advisory DSA-3278-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Markus Koschany June 03, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libapache-mod-jk CVE ID : CVE-2014-8111 Debian Bug : 783233 An information disclosure flaw due to incorrect JkMount/JkUnmount directives processing was found in the Apache 2 module mod_jk to forward requests from the Apache web server to Tomcat. A JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to potentially access a private artifact in a tree that would otherwise not be accessible to them. For the oldstable distribution (wheezy), this problem has been fixed in version 1:1.2.37-1+deb7u1. For the stable distribution (jessie), this problem has been fixed in version 1:1.2.37-4+deb8u1. For the testing distribution (stretch), this problem has been fixed in version 1:1.2.40+svn150520-1. For the unstable distribution (sid), this problem has been fixed in version 1:1.2.40+svn150520-1. We recommend that you upgrade your libapache-mod-jk packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian advisory DSA-3290-2 highlights a vulnerability in libcurl. Users are urged to apply updates for enhanced protection.. information Disclosure, libapache-mod-jk, debian advisory, apache moduleupdate. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jun 03, 2015 Important Debian
Banner 2 1028x280 1708121730 1 1771599631
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydebianapache module

Debian: DSA-2992-1 Important: OpenSSL Vulnerability Alert

Martin Holst Swende discovered a flaw in the way chunked requests are handled in ModSecurity, an Apache module whose purpose is to tighten the Web application security. A remote attacker could use this flaw to bypass intended mod_security restrictions by using chunked transfer . - ------------------------------------------------------------------------- Debian Security Advisory DSA-2991-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Salvatore Bonaccorso July 27, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : modsecurity-apache CVE ID : CVE-2013-5705 Martin Holst Swende discovered a flaw in the way chunked requests are handled in ModSecurity, an Apache module whose purpose is to tighten the Web application security. A remote attacker could use this flaw to bypass intended mod_security restrictions by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header, allowing to send requests containing content that should have been removed by mod_security. For the stable distribution (wheezy), this problem has been fixed in version 2.6.6-6+deb7u2. For the testing distribution (jessie), this problem has been fixed in version 2.7.7-1. For the unstable distribution (sid), this problem has been fixed in version 2.7.7-1. We recommend that you upgrade your modsecurity-apache packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Enhance modsecurity-apache to rectify a flaw permitting evasion in chunked requests on Debian platforms.. Modsecurity Update, Apache Security Flaw, Debian Advisory. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jul 27, 2014 Important Debian
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisoryred hatimportant

Red Hat: RHSA-2014-0791-01 Critical: mod_wsgi Vulnerability Advisory

An updated mod_wsgi package that fixes two security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: mod_wsgi security update Advisory ID: RHSA-2014:0788-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2014:0788.html Issue date: 2014-06-25 CVE Names: CVE-2014-0240 CVE-2014-0242 ==================================================================== 1. Summary: An updated mod_wsgi package that fixes two security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The mod_wsgi adapter is an Apache module that provides a WSGI-compliant interface for hosting Python-based web applications within Apache. It was found that mod_wsgi did not properly drop privileges if the call to setuid() failed. If mod_wsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system. (CVE-2014-0240) Note: mod_wsgi is not intended to provide privilege separation for WSGI applications. Systems relying on mod_wsgi to limit or sandboxthe privileges of mod_wsgi applications should migrate to a different solution with proper privilege separation. It was discovered that mod_wsgi could leak memory of a hosted web application via the "Content-Type" header. A remote attacker could possibly use this flaw to disclose limited portions of the web application's memory. (CVE-2014-0242) Red Hat would like to thank Graham Dumpleton for reporting these issues. Upstream acknowledges Róbert Kisteleki as the original reporter of CVE-2014-0240, and Buck Golemon as the original reporter of CVE-2014-0242. All mod_wsgi users are advised to upgrade to this updated package, which contains backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1101863 - CVE-2014-0240 mod_wsgi: possible privilege escalation in setuid() failure scenarios 1101873 - CVE-2014-0242 mod_wsgi: information leak 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: mod_wsgi-3.2-6.el6_5.src.rpm i386: mod_wsgi-3.2-6.el6_5.i686.rpm mod_wsgi-debuginfo-3.2-6.el6_5.i686.rpm x86_64: mod_wsgi-3.2-6.el6_5.x86_64.rpm mod_wsgi-debuginfo-3.2-6.el6_5.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: mod_wsgi-3.2-6.el6_5.src.rpm x86_64: mod_wsgi-3.2-6.el6_5.x86_64.rpm mod_wsgi-debuginfo-3.2-6.el6_5.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: mod_wsgi-3.2-6.el6_5.src.rpm i386: mod_wsgi-3.2-6.el6_5.i686.rpm mod_wsgi-debuginfo-3.2-6.el6_5.i686.rpm ppc64: mod_wsgi-3.2-6.el6_5.ppc64.rpm mod_wsgi-debuginfo-3.2-6.el6_5.ppc64.rpm s390x: mod_wsgi-3.2-6.el6_5.s390x.rpm mod_wsgi-debuginfo-3.2-6.el6_5.s390x.rpm x86_64: mod_wsgi-3.2-6.el6_5.x86_64.rpm mod_wsgi-debuginfo-3.2-6.el6_5.x86_64.rpm Red HatEnterprise Linux Workstation (v. 6): Source: mod_wsgi-3.2-6.el6_5.src.rpm i386: mod_wsgi-3.2-6.el6_5.i686.rpm mod_wsgi-debuginfo-3.2-6.el6_5.i686.rpm x86_64: mod_wsgi-3.2-6.el6_5.x86_64.rpm mod_wsgi-debuginfo-3.2-6.el6_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2014-0240 https://access.redhat.com/security/cve/CVE-2014-0242 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTqwhXXlSAg2UNWIIRAuOQAJ9oXAFcIhqRdUyken6/RIV6N6whPwCgpPap 1u+qQOjPAKjHBRCGRuS3k3I=uUHk -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Vital mod_wsgi security patch for Red Hat addresses privilege escalation and memory leak vulnerabilities. Update recommended.. mod_wsgi, red hat security, privilege risk, apache module, python applications. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jun 25, 2014 Important Red Hat
Banner 2 1028x280 1708121730 1 1771599631
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorymoderatesecurity update

Red Hat: RHSA-2023:1987-01 Moderate: mod_ssl Security Patch

An updated mod_nss package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: mod_nss security update Advisory ID: RHSA-2013:1779-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2013:1779.html Issue date: 2013-12-03 CVE Names: CVE-2013-4566 ==================================================================== 1. Summary: An updated mod_nss package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The mod_nss module provides strong cryptography for the Apache HTTP Server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, using the Network Security Services (NSS) security library. A flaw was found in the way mod_nss handled the NSSVerifyClient setting for the per-directory context. When configured to not require a client certificate for the initial connection and only require it for a specific directory, mod_nss failed toenforce this requirement and allowed a client to access the directory when no valid client certificate was provided. (CVE-2013-4566) Red Hat would like to thank Albert Smith of OUSD(AT&L) for reporting this issue. All mod_nss users should upgrade to this updated package, which contains a backported patch to correct this issue. The httpd service must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1016832 - CVE-2013-4566 mod_nss: incorrect handling of NSSVerifyClient in directory context 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: mod_nss-1.0.8-8.el5_10.i386.rpm mod_nss-debuginfo-1.0.8-8.el5_10.i386.rpm x86_64: mod_nss-1.0.8-8.el5_10.x86_64.rpm mod_nss-debuginfo-1.0.8-8.el5_10.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: i386: mod_nss-1.0.8-8.el5_10.i386.rpm mod_nss-debuginfo-1.0.8-8.el5_10.i386.rpm ia64: mod_nss-1.0.8-8.el5_10.ia64.rpm mod_nss-debuginfo-1.0.8-8.el5_10.ia64.rpm ppc: mod_nss-1.0.8-8.el5_10.ppc.rpm mod_nss-debuginfo-1.0.8-8.el5_10.ppc.rpm s390x: mod_nss-1.0.8-8.el5_10.s390x.rpm mod_nss-debuginfo-1.0.8-8.el5_10.s390x.rpm x86_64: mod_nss-1.0.8-8.el5_10.x86_64.rpm mod_nss-debuginfo-1.0.8-8.el5_10.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: i386: mod_nss-1.0.8-19.el6_5.i686.rpm mod_nss-debuginfo-1.0.8-19.el6_5.i686.rpm x86_64: mod_nss-1.0.8-19.el6_5.x86_64.rpm mod_nss-debuginfo-1.0.8-19.el6_5.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: x86_64: mod_nss-1.0.8-19.el6_5.x86_64.rpm mod_nss-debuginfo-1.0.8-19.el6_5.x86_64.rpm Red Hat Enterprise Linux Server (v.6): Source: i386: mod_nss-1.0.8-19.el6_5.i686.rpm mod_nss-debuginfo-1.0.8-19.el6_5.i686.rpm ppc64: mod_nss-1.0.8-19.el6_5.ppc64.rpm mod_nss-debuginfo-1.0.8-19.el6_5.ppc64.rpm s390x: mod_nss-1.0.8-19.el6_5.s390x.rpm mod_nss-debuginfo-1.0.8-19.el6_5.s390x.rpm x86_64: mod_nss-1.0.8-19.el6_5.x86_64.rpm mod_nss-debuginfo-1.0.8-19.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: i386: mod_nss-1.0.8-19.el6_5.i686.rpm mod_nss-debuginfo-1.0.8-19.el6_5.i686.rpm x86_64: mod_nss-1.0.8-19.el6_5.x86_64.rpm mod_nss-debuginfo-1.0.8-19.el6_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2013-4566 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSngyWXlSAg2UNWIIRApUcAKDBTUOXsHSak0LL4MpnXiB4PvsYTgCfbPiE Jva6bHVAzMoKKmQjxhc9g8k=D+38 -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . The latest update for the mod_nss package addresses a significant security vulnerability in Red Hat Enterprise Linux versions 5 and 6, bolstering safeguards.. Red Hat Security, mod_nss Update, Security Advisory, Apache Module Fix. . LinuxSecurity.com Team

Calendar 2 Dec 03, 2013 Red Hat
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydenial of servicesoftware update

Debian: DSA-2532-1 Severe: libapache2-mod-rpaf Denial of Service Risk

Sébastien Bocahu discovered that the reverse proxy add forward module for the Apache webserver is vulnerable to a denial of service attack through a single crafted request with many headers. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-2532-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Thijs Kinkhorst August 22, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libapache2-mod-rpaf Vulnerability : denial of service Problem type : remote Debian-specific: no Debian Bug : 683984 Sébastien Bocahu discovered that the reverse proxy add forward module for the Apache webserver is vulnerable to a denial of service attack through a single crafted request with many headers. For the stable distribution (squeeze), this problem has been fixed in version 0.5-3+squeeze1. For the testing distribution (wheezy) and unstable distribution (sid), this problem has been fixed in version 0.6-1. We recommend that you upgrade your libapache2-mod-rpaf packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Uncover the patch release DSA-2532-1 for libapache2-mod-rpaf which mitigates threats related to remote denial of service vulnerabilities.. libapache2-mod-rpaf, denial of service, debian security, apache security. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Aug 22, 2012 Critical Debian
Banner 2 1028x280 1708121730 1 1771599631
87
Ls Advisories Debian Esm H240
Price Tag 1security advisoryremote exploitdebian

Debian DSA-2279-1 Critical: SQL Injection in Libapache2-mod-authnz-external

It was discovered that libapache2-mod-authnz-external, an apache authentication module, is prone to an SQL injection via the $user paramter. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-2279-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Steffen Joeris July 19, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libapache2-mod-authnz-external Vulnerability : SQL injection Problem type : remote Debian-specific: no CVE ID : CVE-2011-2688 Debian Bug : 633637 It was discovered that libapache2-mod-authnz-external, an apache authentication module, is prone to an SQL injection via the $user paramter. For the stable distribution (squeeze), this problem has been fixed in version 3.2.4-2+squeeze1. The oldstable distribution (lenny) does not contain libapache2-mod-authnz-external For the testing distribution (wheezy), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 3.2.4-2.1. We recommend that you upgrade your libapache2-mod-authnz-external packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian's advisory DSA-2279-1 details a patch for libapache2-mod-authnz-external addressing a SQL injection risk. Users should upgrade their packages to protect against unauthorized access.. libapache2-mod-authnz-external,sql injection,debian advisory. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jul 19, 2011 Critical Debian
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydebianprogramming error

Debian: DSA-1550-1 Moderate: suphp Local Escalation Threat

It was discovered that suphp, an Apache module to run PHP scripts with owner permissions handles symlinks insecurely, which may lead to privilege escalation by local users. . - ------------------------------------------------------------------------Debian Security Advisory DSA-1550-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Moritz Muehlenhoff April 17, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------Package : suphp Vulnerability : programming error Problem type : local Debian-specific: no CVE Id(s) : CVE-2008-1614 Debian Bug : 475431 It was discovered that suphp, an Apache module to run PHP scripts with owner permissions handles symlinks insecurely, which may lead to privilege escalation by local users. For the stable distribution (etch), this problem has been fixed in version 0.6.2-1+etch0. For the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your suphp packages. Upgrade instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 4.0 (stable) - -------------------Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc and s390. Source archives: Size/MD5 checksum: 84478 1a1eede94aac39e7e7a2b6113c1ecc92 Size/MD5 checksum: 372241 3ee72ad0198587b533045add6681c884 Size/MD5 checksum: 790 3aa0720205a32221eb52a981ddcdfd89 alpha architecture (DEC Alpha) Size/MD5 checksum: 15648b8fadf36126f8f6a33630370260e277f Size/MD5 checksum: 93420 cffd9423e55b7f4b4ddc332b7f039045 Size/MD5 checksum: 17640 3dadfc97bba8c09fc415fd36f08e0d80 amd64 architecture (AMD x86_64 (AMD64)) Size/MD5 checksum: 15330 4d08416e7e914acdb6f26249de4d8aa6 Size/MD5 checksum: 83372 67e1aaacf2ab9fe93f3869465e0825c6 Size/MD5 checksum: 17214 580934d3a0ef003d62fe2baf2f0a58d8 arm architecture (ARM) Size/MD5 checksum: 93974 4e5d85f6c81e3c838af9d394bb967d32 Size/MD5 checksum: 16518 c59d80322cd3eb62b8e39623a20a665c Size/MD5 checksum: 14792 dbe97d39a6bfa069b1704c11d7230cf7 hppa architecture (HP PA RISC) Size/MD5 checksum: 92534 f0e9f893e92cc4ee3540096d1b719c22 Size/MD5 checksum: 15940 79b30f1a14baf9feb9290513b16d079f Size/MD5 checksum: 18070 b46a68761c0bafbc5b4e05d5500ded75 i386 architecture (Intel ia32) Size/MD5 checksum: 16834 7f11e90a62d921b5db283f3ade65d726 Size/MD5 checksum: 15130 7728dd5ffa43ec81d94113b0511fa92b Size/MD5 checksum: 82364 8c7696c278a9c9693ed3c46be3c087c3 ia64 architecture (Intel ia64) Size/MD5 checksum: 19814 5aa2a4f35444853a9aed5e428ac707b7 Size/MD5 checksum: 17088 30455e4e07ccaea8f3fa246aaa4322eb Size/MD5 checksum: 104372 84cd23d6177fb776f3b7816745c79532 mips architecture (MIPS (Big Endian)) Size/MD5 checksum: 79722 c6045f7f612218f2e3a31ef35d1bde66 Size/MD5 checksum: 15060 dd6841e4b5f1d8d8ae8bf187808f6bf4 Size/MD5 checksum: 16974 5a1c0ade8c20b703cdb654b84e6d4a2f mipsel architecture (MIPS (Little Endian)) Size/MD5 checksum: 79196 b93468fa514e31688cd5bad1ea31879d Size/MD5 checksum: 16954 57f4652573880cc60e023a99a7c0cd7b Size/MD5 checksum: 15056 6b0578906d3431a71fdd95b29a8208ca powerpc architecture (PowerPC) Size/MD5 checksum: 16586 f31ba2b8492ab15a36d04c57f124ba27 Size/MD5 checksum: 18462 5b6fa3933397f8156036e8cd05a2f23d Size/MD5 checksum: 80246 5947075d36dbbc22331745f24c2e22f4 s390 architecture (IBM S/390) Size/MD5 checksum: 72420 e12e97657ccd10331027e9f7276b4767 Size/MD5 checksum: 15634 f62b4b178ee5b09476fdfc7ea19a02b2 Size/MD5 checksum: 17578 a686adaadafa18f74d18b19434236cc5 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian Security Bulletin DSA-1550-1 mitigates the potential privilege elevation vulnerability within the suphp component designed for the Apache web server.. Suphp Packages, Apache Security, Local Escalation. . LinuxSecurity.com Team

Calendar 2 Apr 17, 2008 Debian
Banner 2 1028x280 1708121730 1 1771599631
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here