Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 4 articles for you...
203
security advisorysecurity updatelocal attackMageia 8: 2021-0515 Security Update for arpwatch Symlink Issue
A symbolic link (Symlink) following vulnerability in arpwatch allows local attackers with control of the runtime user to run arpwatch and to escalate to root upon the next restart of arpwatch. (CVE-2021-25321) References: . MGASA-2021-0515 - Updated arpwatch packages fix security vulnerability Publication date: 20 Nov 2021 URL: https://advisories.mageia.org/MGASA-2021-0515.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-25321 A symbolic link (Symlink) following vulnerability in arpwatch allows local attackers with control of the runtime user to run arpwatch and to escalate to root upon the next restart of arpwatch. (CVE-2021-25321) References: - https://bugs.mageia.org/show_bug.cgi?id=29188 - https://lists.suse.com/pipermail/sle-security-updates/2021-June/009098.html - - https://www.cve.org/CVERecord?id=CVE-2021-25321 SRPMS: - 8/core/arpwatch-2.1a15-21.2.mga8 . Mageia's 2021-0610 security bulletin outlines a resolution for a symbolic link vulnerability in tcptrack impacting local users.. arpwatch Security Update, Mageia Security Advisory, Local Attack Mitigation, Root Escalation Fix. . Severity: Important. LinuxSecurity.com Team
Nov 20, 2021
•Important
Mageia
202
security advisoryprivilege escalationlocal threatopenSUSE Leap 15.3 openSUSE-SU-2021:2177-1 Important: arpwatch Escalation
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for arpwatch ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:2177-1 Rating: important References: #1186240 Cross-References: CVE-2021-25321 CVSS scores: CVE-2021-25321 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for arpwatch fixes the following issues: - CVE-2021-25321: Fixed local privilege escalation from runtime user to root (bsc#1186240). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-2177=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): arpwatch-2.1a15-5.12.1 arpwatch-debuginfo-2.1a15-5.12.1 arpwatch-debugsource-2.1a15-5.12.1 arpwatch-ethercodes-build-2.1a15-5.12.1 References: https://www.suse.com/security/cve/CVE-2021-25321.html https://bugzilla.suse.com/1186240 . Resolves a critical vulnerability in arpwatch for openSUSE Leap 15.3, mitigating risks of local privilege elevation and bolstering system security.. arpwatch update, openSUSE security, privilege escalation fix, Linux security patch, openSUSE advisory. . Severity: Important. LinuxSecurity.com Team
Jul 11, 2021
•Important
OpenSUSE
202
security advisorylocal escalationimportant updateopenSUSE Leap 15.2 Advisory 2021:0945-1 Critical: Arpwatch Local Escalation
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for arpwatch ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:0945-1 Rating: important References: #1186240 Cross-References: CVE-2021-25321 CVSS scores: CVE-2021-25321 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for arpwatch fixes the following issues: - CVE-2021-25321: Fixed local privilege escalation from runtime user to root (bsc#1186240). This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-945=1 Package List: - openSUSE Leap 15.2 (x86_64): arpwatch-2.1a15-lp152.6.9.1 arpwatch-debuginfo-2.1a15-lp152.6.9.1 arpwatch-debugsource-2.1a15-lp152.6.9.1 arpwatch-ethercodes-build-2.1a15-lp152.6.9.1 References: https://www.suse.com/security/cve/CVE-2021-25321.html https://bugzilla.suse.com/1186240 . A crucial openSUSE security patch addresses a local privilege escalation vulnerability in arpwatch. Apply the suggested updates immediately.. openSUSE Security, Arpwatch Update, Linux Patch. . Severity: Important. LinuxSecurity.com Team
Jul 01, 2021
•Important
OpenSUSE
100
security advisoryimportantlocal escalationSUSE OpenStack: 2021:2175-1 Important: Arpwatch Local Escalation Fix
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for arpwatch ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2175-1 Rating: important References: #1186240 Cross-References: CVE-2021-25321 CVSS scores: CVE-2021-25321 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for arpwatch fixes the following issues: - CVE-2021-25321: Fixed local privilege escalation from runtime user to root (bsc#1186240). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-2175=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-2175=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-2175=1 - SUSE OpenStackCloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-2175=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2175=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-2175=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-2175=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2175=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-2175=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-2175=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-2175=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-2175=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-2175=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): arpwatch-2.1a15-159.9.1 arpwatch-debuginfo-2.1a15-159.9.1 arpwatch-debugsource-2.1a15-159.9.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): arpwatch-2.1a15-159.9.1 arpwatch-debuginfo-2.1a15-159.9.1 arpwatch-debugsource-2.1a15-159.9.1 - SUSE OpenStack Cloud 9 (x86_64): arpwatch-2.1a15-159.9.1 arpwatch-debuginfo-2.1a15-159.9.1 arpwatch-debugsource-2.1a15-159.9.1 - SUSE OpenStack Cloud 8 (x86_64): arpwatch-2.1a15-159.9.1 arpwatch-debuginfo-2.1a15-159.9.1 arpwatch-debugsource-2.1a15-159.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): arpwatch-debuginfo-2.1a15-159.9.1 arpwatch-debugsource-2.1a15-159.9.1 arpwatch-ethercodes-build-2.1a15-159.9.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): arpwatch-2.1a15-159.9.1 arpwatch-debuginfo-2.1a15-159.9.1 arpwatch-debugsource-2.1a15-159.9.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): arpwatch-2.1a15-159.9.1 arpwatch-debuginfo-2.1a15-159.9.1 arpwatch-debugsource-2.1a15-159.9.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): arpwatch-2.1a15-159.9.1 arpwatch-debuginfo-2.1a15-159.9.1 arpwatch-debugsource-2.1a15-159.9.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): arpwatch-2.1a15-159.9.1 arpwatch-debuginfo-2.1a15-159.9.1 arpwatch-debugsource-2.1a15-159.9.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): arpwatch-2.1a15-159.9.1 arpwatch-debuginfo-2.1a15-159.9.1 arpwatch-debugsource-2.1a15-159.9.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): arpwatch-2.1a15-159.9.1 arpwatch-debuginfo-2.1a15-159.9.1 arpwatch-debugsource-2.1a15-159.9.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): arpwatch-2.1a15-159.9.1 arpwatch-debuginfo-2.1a15-159.9.1 arpwatch-debugsource-2.1a15-159.9.1 - HPE Helion Openstack 8 (x86_64): arpwatch-2.1a15-159.9.1 arpwatch-debuginfo-2.1a15-159.9.1 arpwatch-debugsource-2.1a15-159.9.1 References: https://www.suse.com/security/cve/CVE-2021-25321.html https://bugzilla.suse.com/1186240 . SUSE Security Patch for ntpd resolves potential privilege escalation vulnerabilities. Important information and steps for deployment provided.. SUSE Update, Arpwatch Fixes, Privilege Escalation. . Severity: Important. LinuxSecurity.com Team
Jun 28, 2021
•Important
SuSE
100
security advisorysecurity updateimportantSUSE 11-SP4-LTSS: 2021:14759-1 Important: Arpwatch Local Escalation
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for arpwatch ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14759-1 Rating: important References: #1186240 Cross-References: CVE-2021-25321 CVSS scores: CVE-2021-25321 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for arpwatch fixes the following issues: - CVE-2021-25321: Fixed local privilege escalation from runtime user to root (bsc#1186240). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-arpwatch-14759=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-arpwatch-14759=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-arpwatch-14759=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-arpwatch-14759=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): arpwatch-2.1a15-131.23.2.6.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): arpwatch-2.1a15-131.23.2.6.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): arpwatch-debuginfo-2.1a15-131.23.2.6.1 arpwatch-debugsource-2.1a15-131.23.2.6.1 - SUSE Linux EnterpriseDebuginfo 11-SP3 (i586 s390x x86_64): arpwatch-debuginfo-2.1a15-131.23.2.6.1 arpwatch-debugsource-2.1a15-131.23.2.6.1 References: https://www.suse.com/security/cve/CVE-2021-25321.html https://bugzilla.suse.com/1186240 . SUSE Security Patch for netstat addresses potential remote access vulnerabilities, reinforcing overall system defenses.. SUSE Linux Enterprise, arpwatch fix, security update, patch instructions. . Severity: Important. LinuxSecurity.com Team
Jun 28, 2021
•Important
SuSE
203
security advisorymoderatebuffer overflowMageia 7 MGASA-2020-0420 Moderate: arpwatch Buffer Overflow Issue
A buffer overflow from long hostnames. (rhbz#1563939) References: - https://bugs.mageia.org/show_bug.cgi?id=27570 - https://lists.fedoraproject.org/archives/list/
Nov 13, 2020
Mageia
89
security advisorybuffer overflowFedoraFedora 31: 2020-193da8cf44 Critical: arpwatch Buffer Overflow Fix
Fix a buffer overflow from long hostnames (#1563939).. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-193da8cf44 2020-11-05 02:11:15.057770 --------------------------------------------------------------------------------Name : arpwatch Product : Fedora 31 Version : 2.1a15 Release : 48.fc31 URL : https://ee.lbl.gov/ Summary : Network monitoring tools for tracking IP addresses on a network Description : The arpwatch package contains arpwatch and arpsnmp. Arpwatch and arpsnmp are both network monitoring tools. Both utilities monitor Ethernet or FDDI network traffic and build databases of Ethernet/IP address pairs, and can report certain changes via email. Install the arpwatch package if you need networking monitoring devices which will automatically keep track of the IP addresses on your network. --------------------------------------------------------------------------------Update Information: Fix a buffer overflow from long hostnames (#1563939). --------------------------------------------------------------------------------ChangeLog: * Tue Oct 27 2020 Benjamin A. Beasley - 14:2.1a15-48 - fix arpwatch buffer overflow (#1563939) * Mon Jul 27 2020 Fedora Release Engineering - 14:2.1a15-47 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Tue Jan 28 2020 Fedora Release Engineering - 14:2.1a15-46 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1563939 - arpwatch buffer overflow on long DNS name https://bugzilla.redhat.com/show_bug.cgi?id=1563939 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-193da8cf44' at the command line. For more information, refer to the dnf documentationavailable at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Nov 04, 2020
•Critical
Fedora
89
security advisorybuffer overflowFedoraFedora 32: 2020-9c2f330b5a Critical: arpwatch Buffer Overflow Fix
Fix a buffer overflow from long hostnames (#1563939).. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-9c2f330b5a 2020-11-05 01:03:56.589806 --------------------------------------------------------------------------------Name : arpwatch Product : Fedora 32 Version : 2.1a15 Release : 48.fc32 URL : https://ee.lbl.gov/ Summary : Network monitoring tools for tracking IP addresses on a network Description : The arpwatch package contains arpwatch and arpsnmp. Arpwatch and arpsnmp are both network monitoring tools. Both utilities monitor Ethernet or FDDI network traffic and build databases of Ethernet/IP address pairs, and can report certain changes via email. Install the arpwatch package if you need networking monitoring devices which will automatically keep track of the IP addresses on your network. --------------------------------------------------------------------------------Update Information: Fix a buffer overflow from long hostnames (#1563939). --------------------------------------------------------------------------------ChangeLog: * Tue Oct 27 2020 Benjamin A. Beasley - 14:2.1a15-48 - fix arpwatch buffer overflow (#1563939) * Mon Jul 27 2020 Fedora Release Engineering - 14:2.1a15-47 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1563939 - arpwatch buffer overflow on long DNS name https://bugzilla.redhat.com/show_bug.cgi?id=1563939 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-9c2f330b5a' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. Moredetails on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Nov 04, 2020
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!