Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
89
security advisoryFedorasecurity fixFedora 40: rust-uu_tee Security Advisory - Minor Security Fixes
This update contains builds from a mini-mass-rebuild for Rust applications (and some C-style libraries). Rebuilding with the Rust 1.78 toolchain should fix incomplete debug information for the Rust standard library (and the resulting low-quality stack traces). Additionally, builds will have picked up fixes for some minor low-priority. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-ce2936b568 2024-05-26 01:25:15.719720 -------------------------------------------------------------------------------- Name : rust-uu_tee Product : Fedora 40 Version : 0.0.23 Release : 3.fc40 URL : Summary : tee ~ (uutils) display input and copy to FILE Description : tee ~ (uutils) display input and copy to FILE. -------------------------------------------------------------------------------- Update Information: This update contains builds from a mini-mass-rebuild for Rust applications (and some C-style libraries). Rebuilding with the Rust 1.78 toolchain should fix incomplete debug information for the Rust standard library (and the resulting low-quality stack traces). Additionally, builds will have picked up fixes for some minor low-priority security and / or safety fixes in crate dependencies that had not yet been handled via a separate (targeted) rebuild: h2 v0.3.26+ (denial-of-service): https://rustsec.org/advisories/RUSTSEC-2024-0332.html glib v0.19.4+ and backports (UB): core/pull/1343 hashbrown v0.14.5+ (UB): https://github.com/rust-lang/hashbrown/pull/511 rustls v0.22.4+, v0.21.11+ (denial-of-service): https://rustsec.org/advisories/RUSTSEC-2024-0336.html -------------------------------------------------------------------------------- ChangeLog: * Thu May 23 2024 Fabio Valentini - 0.0.23-3 - Rebuild with Rust 1.78 to fix incomplete debuginfo and backtraces -------------------------------------------------------------------------------- This update can be installed with the "dnf"update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-ce2936b568' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
May 26, 2024
•Important
Fedora
98
security advisoryred hatimportantRed Hat Enterprise: RHSA-2010-0753-01 Important: PDF Flaws
Updated kdegraphics packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: kdegraphics security update Advisory ID: RHSA-2010:0753-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2010:0753.html Issue date: 2010-10-07 CVE Names: CVE-2010-3702 CVE-2010-3704 ==================================================================== 1. Summary: Updated kdegraphics packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: The kdegraphics packages contain applications for the K Desktop Environment, including KPDF, a viewer for Portable Document Format (PDF) files. An uninitialized pointer use flaw was discovered in KPDF. An attacker could create a malicious PDF file that, when opened, would cause KPDF to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error wasfound in the way KPDF parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause KPDF to crash or, potentially, execute arbitrary code. (CVE-2010-3704) Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 595245 - CVE-2010-3702 xpdf: uninitialized Gfx::parser pointer dereference 638960 - CVE-2010-3704 xpdf: array indexing error in FoFiType1::parse() 6. Package List: Red Hat Enterprise Linux AS version 4: Source: i386: kdegraphics-3.3.1-18.el4_8.1.i386.rpm kdegraphics-debuginfo-3.3.1-18.el4_8.1.i386.rpm kdegraphics-devel-3.3.1-18.el4_8.1.i386.rpm ia64: kdegraphics-3.3.1-18.el4_8.1.ia64.rpm kdegraphics-debuginfo-3.3.1-18.el4_8.1.ia64.rpm kdegraphics-devel-3.3.1-18.el4_8.1.ia64.rpm ppc: kdegraphics-3.3.1-18.el4_8.1.ppc.rpm kdegraphics-debuginfo-3.3.1-18.el4_8.1.ppc.rpm kdegraphics-devel-3.3.1-18.el4_8.1.ppc.rpm s390: kdegraphics-3.3.1-18.el4_8.1.s390.rpm kdegraphics-debuginfo-3.3.1-18.el4_8.1.s390.rpm kdegraphics-devel-3.3.1-18.el4_8.1.s390.rpm s390x: kdegraphics-3.3.1-18.el4_8.1.s390x.rpm kdegraphics-debuginfo-3.3.1-18.el4_8.1.s390x.rpm kdegraphics-devel-3.3.1-18.el4_8.1.s390x.rpm x86_64: kdegraphics-3.3.1-18.el4_8.1.x86_64.rpm kdegraphics-debuginfo-3.3.1-18.el4_8.1.x86_64.rpm kdegraphics-devel-3.3.1-18.el4_8.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: i386: kdegraphics-3.3.1-18.el4_8.1.i386.rpm kdegraphics-debuginfo-3.3.1-18.el4_8.1.i386.rpm kdegraphics-devel-3.3.1-18.el4_8.1.i386.rpm x86_64: kdegraphics-3.3.1-18.el4_8.1.x86_64.rpm kdegraphics-debuginfo-3.3.1-18.el4_8.1.x86_64.rpm kdegraphics-devel-3.3.1-18.el4_8.1.x86_64.rpm Red HatEnterprise Linux ES version 4: Source: i386: kdegraphics-3.3.1-18.el4_8.1.i386.rpm kdegraphics-debuginfo-3.3.1-18.el4_8.1.i386.rpm kdegraphics-devel-3.3.1-18.el4_8.1.i386.rpm ia64: kdegraphics-3.3.1-18.el4_8.1.ia64.rpm kdegraphics-debuginfo-3.3.1-18.el4_8.1.ia64.rpm kdegraphics-devel-3.3.1-18.el4_8.1.ia64.rpm x86_64: kdegraphics-3.3.1-18.el4_8.1.x86_64.rpm kdegraphics-debuginfo-3.3.1-18.el4_8.1.x86_64.rpm kdegraphics-devel-3.3.1-18.el4_8.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: i386: kdegraphics-3.3.1-18.el4_8.1.i386.rpm kdegraphics-debuginfo-3.3.1-18.el4_8.1.i386.rpm kdegraphics-devel-3.3.1-18.el4_8.1.i386.rpm ia64: kdegraphics-3.3.1-18.el4_8.1.ia64.rpm kdegraphics-debuginfo-3.3.1-18.el4_8.1.ia64.rpm kdegraphics-devel-3.3.1-18.el4_8.1.ia64.rpm x86_64: kdegraphics-3.3.1-18.el4_8.1.x86_64.rpm kdegraphics-debuginfo-3.3.1-18.el4_8.1.x86_64.rpm kdegraphics-devel-3.3.1-18.el4_8.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: kdegraphics-3.5.4-17.el5_5.1.i386.rpm kdegraphics-debuginfo-3.5.4-17.el5_5.1.i386.rpm x86_64: kdegraphics-3.5.4-17.el5_5.1.x86_64.rpm kdegraphics-debuginfo-3.5.4-17.el5_5.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: i386: kdegraphics-debuginfo-3.5.4-17.el5_5.1.i386.rpm kdegraphics-devel-3.5.4-17.el5_5.1.i386.rpm x86_64: kdegraphics-debuginfo-3.5.4-17.el5_5.1.i386.rpm kdegraphics-debuginfo-3.5.4-17.el5_5.1.x86_64.rpm kdegraphics-devel-3.5.4-17.el5_5.1.i386.rpm kdegraphics-devel-3.5.4-17.el5_5.1.x86_64.rpm RHEL Optional Productivity Applications (v. 5 server): Source: i386: kdegraphics-3.5.4-17.el5_5.1.i386.rpm kdegraphics-debuginfo-3.5.4-17.el5_5.1.i386.rpm kdegraphics-devel-3.5.4-17.el5_5.1.i386.rpm x86_64: kdegraphics-3.5.4-17.el5_5.1.x86_64.rpm kdegraphics-debuginfo-3.5.4-17.el5_5.1.i386.rpm kdegraphics-debuginfo-3.5.4-17.el5_5.1.x86_64.rpm kdegraphics-devel-3.5.4-17.el5_5.1.i386.rpm kdegraphics-devel-3.5.4-17.el5_5.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on howto verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2010-3702 https://access.redhat.com/security/cve/CVE-2010-3704 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFMre/oXlSAg2UNWIIRAqVkAJ94ZjMEDOnK09NeIqI9ppHuC0RbgwCgk40+ h1+GwY5YwEPr0FqbrxsrErk=zuAV -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Oct 07, 2010
•Important
Red Hat
89
security advisoryFedorabug fixFedora 10: FEDORA-2009-9427 Moderate: KIO SSL Certificate Issue
This updates KDE to 4.3.1, the latest upstream bugfix release. The main improvements are: * KDE 4.3 is now also available in Croatian. * A crash when editing toolbar setup has been fixed. * Support for transferring files through SSH using KIO::Fish has been fixed. * A number of bugs in KWin, KDE's window and compositing manager has been fixed. * A large number of bugs in KMail, KDE's email client are now gone. See https://kde.org/announcements/announce-4.3.1/ for more information. In addition, this update: * fixes a potential security issue (CVE-2009-2702) with certificate validation in the KIO KSSL code. It is believed that the affected code is not actually used (the code in Qt, for which a security update was already issued, is) and thus the issue is only potential, but KSSL is being patched just in case, * splits PolicyKit-kde out of kdebase-workspace again to avoid forcing it onto GNOME-based setups, where PolicyKit-gnome is desired instead (#519654).. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-9427 2009-09-09 00:48:07 -------------------------------------------------------------------------------- Name : kdegames Product : Fedora 10 Version : 4.3.1 Release : 4.fc10 URL : https://kde.org/ Summary : K Desktop Environment 4 - Games Description : Games for the K Desktop Environment 4, including: * bomber * bovo * kapman * katomic * kblackbox * kblocks * kbounce * kbreakout * kdiamond * kfourinline * kgoldrunner * killbots * kiriki * kjumpingcube * klines * kmahjongg * kmines * knetwalk * kolf * kollision * konquest * kpat * kreversi * ksame * kshisen * ksirk * ksnakeduel / ksnake * ksinkships * kspaceduel * ksquares * ksudoku * ktuberling * kubrick * lskat -------------------------------------------------------------------------------- Update Information: This updates KDE to 4.3.1, the latest upstream bugfix release. The main improvements are: * KDE 4.3 is now also available inCroatian. * A crash when editing toolbar setup has been fixed. * Support for transferring files through SSH using KIO::Fish has been fixed. * A number of bugs in KWin, KDE's window and compositing manager has been fixed. * A large number of bugs in KMail, KDE's email client are now gone. See https://kde.org/announcements/announce-4.3.1/ for more information. In addition, this update: * fixes a potential security issue (CVE-2009-2702) with certificate validation in the KIO KSSL code. It is believed that the affected code is not actually used (the code in Qt, for which a security update was already issued, is) and thus the issue is only potential, but KSSL is being patched just in case, * splits PolicyKit-kde out of kdebase-workspace again to avoid forcing it onto GNOME-based setups, where PolicyKit-gnome is desired instead (#519654). -------------------------------------------------------------------------------- ChangeLog: * Sat Sep 12 2009 Kevin Kofler - 4.3.1-4 - also fix ktron.desktop rebranding for non-US locales * Thu Sep 10 2009 Than Ngo - 4.3.1-3 - drop ktron/kbattleship in RHEL * Thu Sep 10 2009 Rex Dieter - 4.3.1-2 - adjust trademarks patch to include ktron.desktop * Fri Aug 28 2009 Than Ngo - 4.3.1-1 - 4.3.1 * Wed Aug 5 2009 Rex Dieter 4.3.0-2 - Conflicts: kdegames3 < 3.5.10-6 - %check: desktop-file-validate - use %?_isa in -libs deps * Thu Jul 30 2009 Than Ngo - 4.3.0-1 - 4.3.0 * Fri Jul 24 2009 Fedora Release Engineering - 6:4.2.98-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Wed Jul 22 2009 Than Ngo - 4.2.98-1 - 4.3rc3 * Fri Jul 10 2009 Than Ngo - 4.2.96-1 - 4.3rc2 * Sat Jul 4 2009 Kevin Kofler - 4.2.95-2 - reenable and rebrand the ship sinking game and the snake duel game (#502359) * Fri Jun 26 2009 Than Ngo - 4.2.95-1 - 4.3rc1 * Thu Jun 4 2009 Rex Dieter - 4.2.90-1 - KDE-4.3 beta2 (4.2.90) * Wed May 13 2009 Lukáš Tinkl - 4.2.85-1 - KDE 4.3 beta 1 * Wed Apr 8 2009 Kevin Kofler - 4.2.2-6 - fix KsirK crash when starting a 2ndlocal game with Qt 4.5 (#486380) * Sat Apr 4 2009 Kevin Kofler - 4.2.2-4 - fix KsirK crash when starting a local game with Qt 4.5 (#486380, kde#187235) * Thu Apr 2 2009 Rex Dieter - 4.2.2-3 - fix ggz scriptlet logic * Wed Apr 1 2009 Rex Dieter - 4.2.2-2 - optimize scriptlets * Tue Mar 31 2009 Lukáš Tinkl - 4.2.2-1 - KDE 4.2.2 * Fri Feb 27 2009 Than Ngo - 4.2.1-1 - 4.2.1 * Thu Feb 26 2009 Than Ngo - 4.2.0-5 - fix build problem against gcc-4.4 * Wed Feb 25 2009 Fedora Release Engineering - 6:4.2.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Sat Feb 14 2009 Rex Dieter - 4.2.0-3 - %description: omit mention of awol kbackgammon * Sat Jan 31 2009 Rex Dieter - 4.2.0-2 - unowned dirs (#438314) * Thu Jan 22 2009 Than Ngo - 4.2.0-1 - 4.2.0 * Wed Jan 7 2009 Than Ngo - 4.1.96-1 - 4.2rc1 * Fri Dec 12 2008 4.1.85-1 - 4.2beta2 * Fri Dec 5 2008 Kevin Kofler 6:4.1.80-4 - rebuild for fixed kde-filesystem (macros.kde4) (get rid of rpaths) * Thu Dec 4 2008 Kevin Kofler 6:4.1.80-3 - add missing BR qca2-devel (for ksirk) - add killbots, kapman and bomber to the description * Thu Nov 20 2008 Than Ngo 4.1.80-2 - merged * Thu Nov 20 2008 Lorenzo Villani 6:4.1.80-1 - 4.1.80 - BR cmake > = 2.6.2 - make install/fast - drop _default_patch_fuzz 2 * Wed Nov 12 2008 Than Ngo 4.1.3-1 - 4.1.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #520661 - CVE-2009-2702 kdelibs: kssl incorrect verification of SSL certificate with NUL in subjectAltName https://bugzilla.redhat.com/show_bug.cgi?id=520661 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update kdegames' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
Sep 15, 2009
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!