Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
217
security advisorysecurity updateimportant updateOracle Linux 8 ELSA-2022-0830 Important Update for .NET Threats
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2022-0830 https://linux.oracle.com/errata/ELSA-2022-0830.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: aspnetcore-runtime-5.0-5.0.15-1.0.1.el8_5.x86_64.rpm aspnetcore-targeting-pack-5.0-5.0.15-1.0.1.el8_5.x86_64.rpm dotnet-apphost-pack-5.0-5.0.15-1.0.1.el8_5.x86_64.rpm dotnet-hostfxr-5.0-5.0.15-1.0.1.el8_5.x86_64.rpm dotnet-runtime-5.0-5.0.15-1.0.1.el8_5.x86_64.rpm dotnet-sdk-5.0-5.0.212-1.0.1.el8_5.x86_64.rpm dotnet-targeting-pack-5.0-5.0.15-1.0.1.el8_5.x86_64.rpm dotnet-templates-5.0-5.0.212-1.0.1.el8_5.x86_64.rpm dotnet-sdk-5.0-source-built-artifacts-5.0.212-1.0.1.el8_5.x86_64.rpm SRPMS: https://oss.oracle.com:443/ol8/SRPMS-updates/dotnet5.0-5.0.212-1.0.1.el8_5.src.rpm Related CVEs: CVE-2020-8927 CVE-2022-24464 CVE-2022-24512 Description of changes: [5.0.212-1.0.1] - Support AArch64 on Oracle Linux [Orabug: 32738620] - Include new Oracle Linux runtime IDs Add 1000-Add-missing-OL-RIDs.patch [5.0.212-1] - Update to .NET SDK 5.0.212 and Runtime 5.0.15 - Resolves: RHBZ#2060496 _______________________________________________ El-errata mailing list
Mar 11, 2022
•Important
Oracle
98
security advisorysecurity updateRed HatRed Hat Decision Manager 7.10.0 RHSA-2021-0603 Important SQL Injection Fix
An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability . -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Decision Manager 7.10.0 security update Advisory ID: RHSA-2021:0603-01 Product: Red Hat Decision Manager Advisory URL: https://access.redhat.com/errata/RHSA-2021:0603 Issue date: 2021-02-17 CVE Names: CVE-2020-9488 CVE-2020-13956 CVE-2020-14338 CVE-2020-25638 ==================================================================== 1. Summary: An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.10.0 serves as an update to Red Hat Decision Manager 7.9.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * hibernate-core-kie-server-ee8: hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used (CVE-2020-25638) * httpclient: apache-httpclient: incorrecthandling of malformed authority component in request URIs (CVE-2020-13956) * xercesimpl: wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl (CVE-2020-14338) * log4j-core: log4j: improper validation of certificate with host mismatch in SMTP appender (CVE-2020-9488) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender 1860054 - CVE-2020-14338 wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl 1881353 - CVE-2020-25638 hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used 1886587 - CVE-2020-13956 apache-httpclient: incorrect handling of malformed authority component in request URIs 5. References: https://access.redhat.com/security/cve/CVE-2020-9488 https://access.redhat.com/security/cve/CVE-2020-13956 https://access.redhat.com/security/cve/CVE-2020-14338 https://access.redhat.com/security/cve/CVE-2020-25638 https://access.redhat.com/security/updates/classification#important 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE-----Version: GnuPG v1 iQIVAwUBYC0c/tzjgjWX9erEAQgwPQ//RNhUtWiZoo1eQIdFmY+FnTigYjNlA39l yBEOgjab1M5QVVPg00nrBep3Cf3E3IxCghMpHvr8QzhLfqXBLeEZaTQmdMbEul5g TfHni6K4zkf1plRfT42EhJqIny0FxKd94pXfSuCVNMJFKq+IcMXr8XFWPhy3ygwN UHVaLQI235WKkFpjOB4gFv/H+OLifp4RzN0a2FQdL4Jgsn8Cy+634FpQJXSYVkg0 /W45zRL6pkB9LPxSAkj69yG5e3kk/cjY9N/9KgVwnmEAdaUp6/BLaLFdDWIoIALf cKUkeYm2zTfUmawvDn3H3Z23hkvCXyJ9W8rp7Yup779DdEWWeXQzIhX0b0/+uUsO g5PtRJhlBwHIABC6JY6360GxgyUKihmLasqLUwz2Og8c04NDdvoRjqytZZ5R8EM1 uvV03zeoQFsnD8spLLM5tjoCg98ObMPMV5OaYrlDXnsr4Py27u5iYh46a13zDD1c ef1HGBOjVKecwFSCfUnvk7KZVQFmyRL417+tN/n7F4jjTEl9C1HF6cGnmHHHpCXV xEX7ZF8bxeGKp274IlmjZ60V6emIMMCsWpS1iKNuaFC2azBbNU8vl2nlY5nJWsyk qq/5d0FLJ8El8An4VDd6mq4cs7GaO+BOJL81YSunyCBiPcGBCFjxx9CKDbx4/Y7a oWs1EUGG6o4=hNTN -----END PGP SIGNATURE-------RHSA-announce mailing list
Feb 17, 2021
•Important
Red Hat
200
security advisoryimportant updateapplication threatScientific Linux: SLSA-2016:0430-1 Important Xerces-C Security Flaw
Important: xerces-c security update. Date: Thu, 10 Mar 2016 19:03:01 -0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Important: xerces-c on SL7.x x86_64 MIME-Version: 1.0 Message-ID: Synopsis: Important: xerces-c security update Advisory ID: SLSA-2016:0430-1 Issue Date: 2016-03-10 CVE Numbers: CVE-2016-0729 -- It was discovered that the Xerces-C XML parser did not properly process certain XML input. By providing specially crafted XML data to an application using Xerces-C for XML processing, a remote attacker could exploit this flaw to cause an application crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2016-0729) After installing the update, all applications using Xerces-C must be restarted for the update to take effect. -- SL7 x86_64 xerces-c-3.1.1-8.el7_2.i686.rpm xerces-c-3.1.1-8.el7_2.x86_64.rpm xerces-c-debuginfo-3.1.1-8.el7_2.i686.rpm xerces-c-debuginfo-3.1.1-8.el7_2.x86_64.rpm xerces-c-devel-3.1.1-8.el7_2.i686.rpm xerces-c-devel-3.1.1-8.el7_2.x86_64.rpm noarch xerces-c-doc-3.1.1-8.el7_2.noarch.rpm - Scientific Linux Development Team . The latest security patch for Xerces-C in Scientific Linux mitigates severe vulnerabilities that could potentially facilitate unauthorized remote code execution.. xerces-c security, xerces-c update, Scientific Linux security. . Severity: Important. LinuxSecurity.com Team
Mar 10, 2016
•Important
Scientific Linux
98
security advisorycritical issueRed HatRed Hat: 2014:1118-01 Important: glibc Buffer Overflow Risk
Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9 Extended Update Support, Red Hat Enterprise Linux 6.2 Advanced Update Support, and Red Hat Enterprise Linux 6.4 Extended Update Support. [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Important: glibc security update Advisory ID: RHSA-2014:1118-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2014:1118.html Issue date: 2014-09-02 CVE Names: CVE-2014-5119 ==================================================================== 1. Summary: Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9 Extended Update Support, Red Hat Enterprise Linux 6.2 Advanced Update Support, and Red Hat Enterprise Linux 6.4 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AUS (v. 6.2 server) - x86_64 Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4) - x86_64 Red Hat Enterprise Linux EUS (v. 5.9 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.4) - x86_64 Red Hat Enterprise Linux LL (v. 5.6 server) - i386, ia64, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.4) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.4) - i386, ppc64, s390x, x86_64 3. Description: The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Withoutthese two libraries, a Linux system cannot function properly. An off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function. An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that application. (CVE-2014-5119) All glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1119128 - CVE-2014-5119 glibc: off-by-one error leading to a heap-based buffer overflow flaw in __gconv_translit_find() 6. Package List: Red Hat Enterprise Linux LL (v. 5.6server): Source: glibc-2.5-58.el5_6.5.src.rpm i386: glibc-2.5-58.el5_6.5.i386.rpm glibc-2.5-58.el5_6.5.i686.rpm glibc-common-2.5-58.el5_6.5.i386.rpm glibc-debuginfo-2.5-58.el5_6.5.i386.rpm glibc-debuginfo-2.5-58.el5_6.5.i686.rpm glibc-debuginfo-common-2.5-58.el5_6.5.i386.rpm glibc-devel-2.5-58.el5_6.5.i386.rpm glibc-headers-2.5-58.el5_6.5.i386.rpm glibc-utils-2.5-58.el5_6.5.i386.rpm nscd-2.5-58.el5_6.5.i386.rpm ia64: glibc-2.5-58.el5_6.5.i686.rpm glibc-2.5-58.el5_6.5.ia64.rpm glibc-common-2.5-58.el5_6.5.ia64.rpm glibc-debuginfo-2.5-58.el5_6.5.i686.rpm glibc-debuginfo-2.5-58.el5_6.5.ia64.rpm glibc-debuginfo-common-2.5-58.el5_6.5.i386.rpm glibc-devel-2.5-58.el5_6.5.ia64.rpm glibc-headers-2.5-58.el5_6.5.ia64.rpm glibc-utils-2.5-58.el5_6.5.ia64.rpm nscd-2.5-58.el5_6.5.ia64.rpm x86_64: glibc-2.5-58.el5_6.5.i686.rpm glibc-2.5-58.el5_6.5.x86_64.rpm glibc-common-2.5-58.el5_6.5.x86_64.rpm glibc-debuginfo-2.5-58.el5_6.5.i386.rpm glibc-debuginfo-2.5-58.el5_6.5.i686.rpm glibc-debuginfo-2.5-58.el5_6.5.x86_64.rpm glibc-debuginfo-common-2.5-58.el5_6.5.i386.rpm glibc-devel-2.5-58.el5_6.5.i386.rpm glibc-devel-2.5-58.el5_6.5.x86_64.rpm glibc-headers-2.5-58.el5_6.5.x86_64.rpm glibc-utils-2.5-58.el5_6.5.x86_64.rpm nscd-2.5-58.el5_6.5.x86_64.rpm Red Hat Enterprise Linux EUS (v. 5.9server): Source: glibc-2.5-107.el5_9.7.src.rpm i386: glibc-2.5-107.el5_9.7.i386.rpm glibc-2.5-107.el5_9.7.i686.rpm glibc-common-2.5-107.el5_9.7.i386.rpm glibc-debuginfo-2.5-107.el5_9.7.i386.rpm glibc-debuginfo-2.5-107.el5_9.7.i686.rpm glibc-debuginfo-common-2.5-107.el5_9.7.i386.rpm glibc-devel-2.5-107.el5_9.7.i386.rpm glibc-headers-2.5-107.el5_9.7.i386.rpm glibc-utils-2.5-107.el5_9.7.i386.rpm nscd-2.5-107.el5_9.7.i386.rpm ia64: glibc-2.5-107.el5_9.7.i686.rpm glibc-2.5-107.el5_9.7.ia64.rpm glibc-common-2.5-107.el5_9.7.ia64.rpm glibc-debuginfo-2.5-107.el5_9.7.i686.rpm glibc-debuginfo-2.5-107.el5_9.7.ia64.rpm glibc-debuginfo-common-2.5-107.el5_9.7.i386.rpm glibc-devel-2.5-107.el5_9.7.ia64.rpm glibc-headers-2.5-107.el5_9.7.ia64.rpm glibc-utils-2.5-107.el5_9.7.ia64.rpm nscd-2.5-107.el5_9.7.ia64.rpm ppc: glibc-2.5-107.el5_9.7.ppc.rpm glibc-2.5-107.el5_9.7.ppc64.rpm glibc-common-2.5-107.el5_9.7.ppc.rpm glibc-debuginfo-2.5-107.el5_9.7.ppc.rpm glibc-debuginfo-2.5-107.el5_9.7.ppc64.rpm glibc-devel-2.5-107.el5_9.7.ppc.rpm glibc-devel-2.5-107.el5_9.7.ppc64.rpm glibc-headers-2.5-107.el5_9.7.ppc.rpm glibc-utils-2.5-107.el5_9.7.ppc.rpm nscd-2.5-107.el5_9.7.ppc.rpm s390x: glibc-2.5-107.el5_9.7.s390.rpm glibc-2.5-107.el5_9.7.s390x.rpm glibc-common-2.5-107.el5_9.7.s390x.rpm glibc-debuginfo-2.5-107.el5_9.7.s390.rpm glibc-debuginfo-2.5-107.el5_9.7.s390x.rpm glibc-devel-2.5-107.el5_9.7.s390.rpm glibc-devel-2.5-107.el5_9.7.s390x.rpm glibc-headers-2.5-107.el5_9.7.s390x.rpm glibc-utils-2.5-107.el5_9.7.s390x.rpm nscd-2.5-107.el5_9.7.s390x.rpm x86_64: glibc-2.5-107.el5_9.7.i686.rpm glibc-2.5-107.el5_9.7.x86_64.rpm glibc-common-2.5-107.el5_9.7.x86_64.rpm glibc-debuginfo-2.5-107.el5_9.7.i386.rpm glibc-debuginfo-2.5-107.el5_9.7.i686.rpm glibc-debuginfo-2.5-107.el5_9.7.x86_64.rpm glibc-debuginfo-common-2.5-107.el5_9.7.i386.rpm glibc-devel-2.5-107.el5_9.7.i386.rpm glibc-devel-2.5-107.el5_9.7.x86_64.rpm glibc-headers-2.5-107.el5_9.7.x86_64.rpm glibc-utils-2.5-107.el5_9.7.x86_64.rpm nscd-2.5-107.el5_9.7.x86_64.rpm Red Hat EnterpriseLinux HPC Node EUS (v. 6.4): Source: glibc-2.12-1.107.el6_4.6.src.rpm x86_64: glibc-2.12-1.107.el6_4.6.i686.rpm glibc-2.12-1.107.el6_4.6.x86_64.rpm glibc-common-2.12-1.107.el6_4.6.x86_64.rpm glibc-debuginfo-2.12-1.107.el6_4.6.i686.rpm glibc-debuginfo-2.12-1.107.el6_4.6.x86_64.rpm glibc-debuginfo-common-2.12-1.107.el6_4.6.i686.rpm glibc-debuginfo-common-2.12-1.107.el6_4.6.x86_64.rpm glibc-devel-2.12-1.107.el6_4.6.i686.rpm glibc-devel-2.12-1.107.el6_4.6.x86_64.rpm glibc-headers-2.12-1.107.el6_4.6.x86_64.rpm glibc-utils-2.12-1.107.el6_4.6.x86_64.rpm nscd-2.12-1.107.el6_4.6.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4): Source: glibc-2.12-1.107.el6_4.6.src.rpm x86_64: glibc-debuginfo-2.12-1.107.el6_4.6.i686.rpm glibc-debuginfo-2.12-1.107.el6_4.6.x86_64.rpm glibc-debuginfo-common-2.12-1.107.el6_4.6.i686.rpm glibc-debuginfo-common-2.12-1.107.el6_4.6.x86_64.rpm glibc-static-2.12-1.107.el6_4.6.i686.rpm glibc-static-2.12-1.107.el6_4.6.x86_64.rpm Red Hat Enterprise Linux AUS (v. 6.2 server): Source: glibc-2.12-1.47.el6_2.13.src.rpm x86_64: glibc-2.12-1.47.el6_2.13.i686.rpm glibc-2.12-1.47.el6_2.13.x86_64.rpm glibc-common-2.12-1.47.el6_2.13.x86_64.rpm glibc-debuginfo-2.12-1.47.el6_2.13.i686.rpm glibc-debuginfo-2.12-1.47.el6_2.13.x86_64.rpm glibc-debuginfo-common-2.12-1.47.el6_2.13.i686.rpm glibc-debuginfo-common-2.12-1.47.el6_2.13.x86_64.rpm glibc-devel-2.12-1.47.el6_2.13.i686.rpm glibc-devel-2.12-1.47.el6_2.13.x86_64.rpm glibc-headers-2.12-1.47.el6_2.13.x86_64.rpm glibc-utils-2.12-1.47.el6_2.13.x86_64.rpm nscd-2.12-1.47.el6_2.13.x86_64.rpm Red Hat Enterprise Linux Server EUS (v.6.4): Source: glibc-2.12-1.107.el6_4.6.src.rpm i386: glibc-2.12-1.107.el6_4.6.i686.rpm glibc-common-2.12-1.107.el6_4.6.i686.rpm glibc-debuginfo-2.12-1.107.el6_4.6.i686.rpm glibc-debuginfo-common-2.12-1.107.el6_4.6.i686.rpm glibc-devel-2.12-1.107.el6_4.6.i686.rpm glibc-headers-2.12-1.107.el6_4.6.i686.rpm glibc-utils-2.12-1.107.el6_4.6.i686.rpm nscd-2.12-1.107.el6_4.6.i686.rpm ppc64: glibc-2.12-1.107.el6_4.6.ppc.rpm glibc-2.12-1.107.el6_4.6.ppc64.rpm glibc-common-2.12-1.107.el6_4.6.ppc64.rpm glibc-debuginfo-2.12-1.107.el6_4.6.ppc.rpm glibc-debuginfo-2.12-1.107.el6_4.6.ppc64.rpm glibc-debuginfo-common-2.12-1.107.el6_4.6.ppc.rpm glibc-debuginfo-common-2.12-1.107.el6_4.6.ppc64.rpm glibc-devel-2.12-1.107.el6_4.6.ppc.rpm glibc-devel-2.12-1.107.el6_4.6.ppc64.rpm glibc-headers-2.12-1.107.el6_4.6.ppc64.rpm glibc-utils-2.12-1.107.el6_4.6.ppc64.rpm nscd-2.12-1.107.el6_4.6.ppc64.rpm s390x: glibc-2.12-1.107.el6_4.6.s390.rpm glibc-2.12-1.107.el6_4.6.s390x.rpm glibc-common-2.12-1.107.el6_4.6.s390x.rpm glibc-debuginfo-2.12-1.107.el6_4.6.s390.rpm glibc-debuginfo-2.12-1.107.el6_4.6.s390x.rpm glibc-debuginfo-common-2.12-1.107.el6_4.6.s390.rpm glibc-debuginfo-common-2.12-1.107.el6_4.6.s390x.rpm glibc-devel-2.12-1.107.el6_4.6.s390.rpm glibc-devel-2.12-1.107.el6_4.6.s390x.rpm glibc-headers-2.12-1.107.el6_4.6.s390x.rpm glibc-utils-2.12-1.107.el6_4.6.s390x.rpm nscd-2.12-1.107.el6_4.6.s390x.rpm x86_64: glibc-2.12-1.107.el6_4.6.i686.rpm glibc-2.12-1.107.el6_4.6.x86_64.rpm glibc-common-2.12-1.107.el6_4.6.x86_64.rpm glibc-debuginfo-2.12-1.107.el6_4.6.i686.rpm glibc-debuginfo-2.12-1.107.el6_4.6.x86_64.rpm glibc-debuginfo-common-2.12-1.107.el6_4.6.i686.rpm glibc-debuginfo-common-2.12-1.107.el6_4.6.x86_64.rpm glibc-devel-2.12-1.107.el6_4.6.i686.rpm glibc-devel-2.12-1.107.el6_4.6.x86_64.rpm glibc-headers-2.12-1.107.el6_4.6.x86_64.rpm glibc-utils-2.12-1.107.el6_4.6.x86_64.rpm nscd-2.12-1.107.el6_4.6.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v.6.2): Source: glibc-2.12-1.47.el6_2.13.src.rpm x86_64: glibc-debuginfo-2.12-1.47.el6_2.13.i686.rpm glibc-debuginfo-2.12-1.47.el6_2.13.x86_64.rpm glibc-debuginfo-common-2.12-1.47.el6_2.13.i686.rpm glibc-debuginfo-common-2.12-1.47.el6_2.13.x86_64.rpm glibc-static-2.12-1.47.el6_2.13.i686.rpm glibc-static-2.12-1.47.el6_2.13.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.4): Source: glibc-2.12-1.107.el6_4.6.src.rpm i386: glibc-debuginfo-2.12-1.107.el6_4.6.i686.rpm glibc-debuginfo-common-2.12-1.107.el6_4.6.i686.rpm glibc-static-2.12-1.107.el6_4.6.i686.rpm ppc64: glibc-debuginfo-2.12-1.107.el6_4.6.ppc.rpm glibc-debuginfo-2.12-1.107.el6_4.6.ppc64.rpm glibc-debuginfo-common-2.12-1.107.el6_4.6.ppc.rpm glibc-debuginfo-common-2.12-1.107.el6_4.6.ppc64.rpm glibc-static-2.12-1.107.el6_4.6.ppc.rpm glibc-static-2.12-1.107.el6_4.6.ppc64.rpm s390x: glibc-debuginfo-2.12-1.107.el6_4.6.s390.rpm glibc-debuginfo-2.12-1.107.el6_4.6.s390x.rpm glibc-debuginfo-common-2.12-1.107.el6_4.6.s390.rpm glibc-debuginfo-common-2.12-1.107.el6_4.6.s390x.rpm glibc-static-2.12-1.107.el6_4.6.s390.rpm glibc-static-2.12-1.107.el6_4.6.s390x.rpm x86_64: glibc-debuginfo-2.12-1.107.el6_4.6.i686.rpm glibc-debuginfo-2.12-1.107.el6_4.6.x86_64.rpm glibc-debuginfo-common-2.12-1.107.el6_4.6.i686.rpm glibc-debuginfo-common-2.12-1.107.el6_4.6.x86_64.rpm glibc-static-2.12-1.107.el6_4.6.i686.rpm glibc-static-2.12-1.107.el6_4.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2014-5119 https://access.redhat.com/security/updates/classification#important https://access.redhat.com/solutions/1176253 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2014 Red Hat, Inc. . Crucial glibc vulnerability patch released for various Red Hat Enterprise Linux versions counteringsevere security issues.. Red Hat Advisory, glibc Update, Linux Security Fix. . Severity: Important. LinuxSecurity.com Team
Sep 02, 2014
•Important
Red Hat
172
security advisorydenial of servicecriticalUbuntu 10.04 LTS & 10.10 USN-1320-1 Critical: FFmpeg Application Threats
FFmpeg could be made to crash or run programs as your login if it opened a specially crafted file.. =========================================================================Ubuntu Security Notice USN-1320-1 January 05, 2012 ffmpeg vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: FFmpeg could be made to crash or run programs as your login if it opened a specially crafted file. Software Description: - ffmpeg: multimedia player, server and encoder Details: Steve Manzuik discovered that FFmpeg incorrectly handled certain malformed Matroska files. If a user were tricked into opening a crafted Matroska file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-3504) Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed QDM2 streams. If a user were tricked into opening a crafted QDM2 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-4351) Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed VP3 streams. If a user were tricked into opening a crafted file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 10.10. (CVE-2011-4352) Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed VP5 and VP6 streams. If a user were tricked into opening a crafted file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-4353) It was discovered that FFmpeg incorrectlyhandled certain malformed VMD files. If a user were tricked into opening a crafted VMD file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-4364) Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed SVQ1 streams. If a user were tricked into opening a crafted SVQ1 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-4579) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 10.10: libavcodec52 4:0.6-2ubuntu6.3 libavformat52 4:0.6-2ubuntu6.3 Ubuntu 10.04 LTS: libavcodec52 4:0.5.1-1ubuntu1.3 libavformat52 4:0.5.1-1ubuntu1.3 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-1320-1 CVE-2011-3504, CVE-2011-4351, CVE-2011-4352, CVE-2011-4353, CVE-2011-4364, CVE-2011-4579 Package Information: https://launchpad.net/ubuntu/+source/ffmpeg/4:0.6-2ubuntu6.3 https://launchpad.net/ubuntu/+source/ffmpeg/4:0.5.1-1ubuntu1.3 . Recent FFmpeg vulnerabilities can cause system failures or expose risks of arbitrary code execution. It's vital to upgrade Ubuntu to fortify against maliciously crafted content.. FFmpeg vulnerabilities, Ubuntu 10.04 security, multimedia application threat, system crash risk. . Severity: Critical. LinuxSecurity.com Team
Jan 05, 2012
•Critical
Ubuntu
172
security advisorymoderateprivilege escalationUbuntu 5.04: USN-367-1 Moderate: Pike SQL Injection Risk
An SQL injection was discovered in Pike's PostgreSQL module. Applications using a PostgreSQL database and uncommon character encodings could be fooled into running arbitrary SQL commands, which could result in privilege escalation within the application, application data exposure, or denial of service. . =========================================================== Ubuntu Security Notice USN-367-1 October 18, 2006 pike7.6 vulnerability CVE-2006-4041 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: pike7.6-pg 7.6.13-1ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: An SQL injection was discovered in Pike's PostgreSQL module. Applications using a PostgreSQL database and uncommon character encodings could be fooled into running arbitrary SQL commands, which could result in privilege escalation within the application, application data exposure, or denial of service. Please refer to https://ubuntu.com/security/notices/USN-288-1 for more detailled information. Updated packages for Ubuntu 5.04: Source archives: Size/MD5: 33641 9cf8608d265816c30f5f604fa6a085eb Size/MD5: 1503 f6610676627575bd075b4438dcf26407 Size/MD5: 7979900 4fb4a8111e8986161579f8187c13f512 Architecture independent packages: Size/MD5: 226590 0837073b4efeb38bd85b81f5cd82752d Size/MD5: 17166 4a6458eeb774539a7be8f749c8aef786 Size/MD5: 4081894 0542352cd88d41baf409a12ee8f7ff6a Size/MD5: 17264 c89ebcf1da22be06083884416db1bb67 Size/MD5: 5543468 f11f83cdaa2341d94d66a9a68539cea4 Size/MD5: 17328bc2e9528b1d347b4611135f6746a48e3 amd64 architecture (Athlon64, Opteron, EM64T Xeon) Size/MD5: 26784 524734dc76b7f2d83b823ea04adede2c Size/MD5: 2504566 8d7bafdd7bd5da0a037fc6dd72d5896c Size/MD5: 7898 20a9f03a4cc7858d6fe41f9d807dcc34 Size/MD5: 46996 922c5ad973ce3ee6e12d7b4e9fd35942 Size/MD5: 177272 2f617d45dad2000863ddf0e4f6156761 Size/MD5: 375688 56553800698c6af17e0529f9d3055589 Size/MD5: 24204 05266a27dea198e4a8ce41dd3cb7db9d Size/MD5: 11078 38af730e74c3b4762ea56c1944f9b6b7 Size/MD5: 26982 c040777a742396d7927b1aa1a16510a9 Size/MD5: 13920 2b58a270c3a05ec676d4a0c9a95bb65b Size/MD5: 18226 5c8a244cb18f0db31425c5d2e07dea6b Size/MD5: 10558 c58f84b2b91d8ad2ca8ed56cd9fe4d66 Size/MD5: 40046 698ba11b04180b9678fd28ea44a91dd4 Size/MD5: 21570 73b99aa071038b408795bf558700d532 i386 architecture (x86 compatible Intel/AMD) Size/MD5: 26038 33cfb9daa27f2be541ea15ca354a766c Size/MD5: 2345406 3bccde928aaf725183e700945402562f Size/MD5: 6892 d82fa6a9e69100c798589bbf60be9300 Size/MD5: 43454 18c14ce8e3d8a9fdce57d59ccf0b11f4 Size/MD5: 157982 ce4fa6ce49adbcda87a065033bc22e64 Size/MD5: 347378 8c21b64507fca8895eba418a68458670 Size/MD5: 20438 f165dc0b423dfe157f049e8d571fe48f Size/MD5: 10456 503c2bbfb519b689d54d590fb13ff015 Size/MD5: 26444 4d67d9ca1c5d1ef5b3cda008069219e8 Size/MD5: 12644 938262e46ae2c8fe6247524bb4bf300f Size/MD5: 16390 b39ff4d00a981a6bf7256c09b8b82bc1 Size/MD5: 9534 1cf017901fac9d2ddd2d2685111fe572 Size/MD5: 35238 1732ea63d757083cfbf7db56c2923de1 Size/MD5: 21232 305e4f8271b3b26c46bcc2ca76dc0ce3 powerpc architecture (Apple Macintosh G3/G4/G5) Size/MD5: 28138 48a69bd22fb04761562df0ea9e020ad5 Size/MD5: 2455642 b7006d7fe8504704eed012cebd6cc785 Size/MD5: 8506 4aaf4c863d8b43d2486294af3ee105d0 Size/MD5: 51092 49a99c1ed52740a8b69451313ef4b4bb Size/MD5: 164228 5b37b48ded275a7818ac3c6d18421da9 Size/MD5: 384170 42d9ceb09c2e2f7c1e7313359c63a22e Size/MD5: 21986 5c4d2434106fba8eb14eca7162f441d7 Size/MD5: 12884 19b544ccbb615a217d6f48e59b121a67 Size/MD5: 28542 fc637d29410d809c8516be66fc6b745a Size/MD5: 14622 8b04b07e5ff7dcdc849ba54c121a6d39 Size/MD5: 18484 54d061f36a33019ef59510754d12f3e6 Size/MD5: 11932 9cc5e318d0ff0e7be4a2f1c35d6a26a6 Size/MD5: 40242 a3615314bb1872f0ef7809e34b4fc932 Size/MD5: 23146 9de4aa435bb12d2f383df4d2fe7e868b . Uncover the Cascade flaw in Debian 7.0 that compromises MySQL components, resulting in possible data leaks.. PostgreSQL SQL Injection Threat, Ubuntu Security Fix, Pike Vulnerability Alert. . Severity: Important. LinuxSecurity.com Team
Oct 18, 2006
•Important
Ubuntu
87
security advisorybuffer overflowcriticalDebian 2.2 DSA-103-1 Critical: Glibc Buffer Overflow Threat
A buffer overflow has been found in the globbing code for glibc.This code which is used to glob patterns for filenames and iscommonly used in applications like shells and FTP servers.. ------------------------------------------------------------------------ Debian Security Advisory DSA-103-1
Jan 13, 2002
•Critical
Debian
98
security advisoryRed Hat Powertoolsmoderate severityRedHat Powertools 6.x RHSA-2000:032-02 Moderate: Kdelibs Suid-Root Issue
kdelibs vulnerability for suid-root KDE applications. ` --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: kdelibs vulnerability for suid-root KDE applications Advisory ID: RHSA-2000:032-02 Issue date: 2000-06-07 Updated on: 2000-06-07 Product: Red Hat Powertools Keywords: N/A Cross references: N/A --------------------------------------------------------------------- 1. Topic: In kdelibs 1.1.2 there are security issues for some applications when they are run suid root. 2. Relevant releases/architectures: Red Hat Powertools 6.0 - i386 Red Hat Powertools 6.1 - i386 Red Hat Powertools 6.2 - i386 3. Problem description: In kdelibs 1.1.2, there are security issues with the way some applications perform when they are run suid root. The only application vulnerable is kwintv from Powertools. With our PAM configuration, the suid bit for kwintv is not necessary. 4. Solution: For each RPM for your particular architecture, run: rpm -Uvh [filename] where filename is the name of the RPM. 5. Bug IDs fixed ( for more info): N/A 6. RPMs required: Red Hat Powertools 6.2: intel: sources: 7. Verification: MD5 sum Package Name -------------------------------------------------------------------------- 3757f47ebfcec111e6a63167873653ee 6.2/SRPMS/kwintv-0.7.5-2.src.rpm 72e10bb7dfb96a7c655a7f3db79d47a1 6.2/i386/kwintv-0.7.5-2.i386.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg 8. References: N/A `. Ubuntu released an urgent security bulletin addressing weaknesses in gnome-libs that could affect setuid applications, detailing corrective measures and evaluatingtheir level of risk.. kdelibs Vulnerability, RedHat Security, Suid-root Applications. . LinuxSecurity.com Team
Jun 07, 2000
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!