Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
98
security advisorymoderateRed Hat Enterprise LinuxRed Hat Enterprise Linux 8 RHSA-2022-5313-01 Moderate Curl Update
An update for curl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: curl security update Advisory ID: RHSA-2022:5313-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:5313 Issue date: 2022-06-28 CVE Names: CVE-2022-22576 CVE-2022-27774 CVE-2022-27776 CVE-2022-27782 ==================================================================== 1. Summary: An update for curl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: OAUTH2 bearer bypass in connection re-use (CVE-2022-22576) * curl: credential leak on redirect (CVE-2022-27774) * curl: auth/cookie leak on redirect (CVE-2022-27776) * curl: TLS and SSH connection too eager reuse (CVE-2022-27782) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in thisadvisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2077541 - CVE-2022-22576 curl: OAUTH2 bearer bypass in connection re-use 2077547 - CVE-2022-27774 curl: credential leak on redirect 2078408 - CVE-2022-27776 curl: auth/cookie leak on redirect 2082215 - CVE-2022-27782 curl: TLS and SSH connection too eager reuse 6. Package List: Red Hat Enterprise Linux BaseOS (v.8): Source: curl-7.61.1-22.el8_6.3.src.rpm aarch64: curl-7.61.1-22.el8_6.3.aarch64.rpm curl-debuginfo-7.61.1-22.el8_6.3.aarch64.rpm curl-debugsource-7.61.1-22.el8_6.3.aarch64.rpm curl-minimal-debuginfo-7.61.1-22.el8_6.3.aarch64.rpm libcurl-7.61.1-22.el8_6.3.aarch64.rpm libcurl-debuginfo-7.61.1-22.el8_6.3.aarch64.rpm libcurl-devel-7.61.1-22.el8_6.3.aarch64.rpm libcurl-minimal-7.61.1-22.el8_6.3.aarch64.rpm libcurl-minimal-debuginfo-7.61.1-22.el8_6.3.aarch64.rpm ppc64le: curl-7.61.1-22.el8_6.3.ppc64le.rpm curl-debuginfo-7.61.1-22.el8_6.3.ppc64le.rpm curl-debugsource-7.61.1-22.el8_6.3.ppc64le.rpm curl-minimal-debuginfo-7.61.1-22.el8_6.3.ppc64le.rpm libcurl-7.61.1-22.el8_6.3.ppc64le.rpm libcurl-debuginfo-7.61.1-22.el8_6.3.ppc64le.rpm libcurl-devel-7.61.1-22.el8_6.3.ppc64le.rpm libcurl-minimal-7.61.1-22.el8_6.3.ppc64le.rpm libcurl-minimal-debuginfo-7.61.1-22.el8_6.3.ppc64le.rpm s390x: curl-7.61.1-22.el8_6.3.s390x.rpm curl-debuginfo-7.61.1-22.el8_6.3.s390x.rpm curl-debugsource-7.61.1-22.el8_6.3.s390x.rpm curl-minimal-debuginfo-7.61.1-22.el8_6.3.s390x.rpm libcurl-7.61.1-22.el8_6.3.s390x.rpm libcurl-debuginfo-7.61.1-22.el8_6.3.s390x.rpm libcurl-devel-7.61.1-22.el8_6.3.s390x.rpm libcurl-minimal-7.61.1-22.el8_6.3.s390x.rpm libcurl-minimal-debuginfo-7.61.1-22.el8_6.3.s390x.rpm x86_64: curl-7.61.1-22.el8_6.3.x86_64.rpm curl-debuginfo-7.61.1-22.el8_6.3.i686.rpm curl-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm curl-debugsource-7.61.1-22.el8_6.3.i686.rpm curl-debugsource-7.61.1-22.el8_6.3.x86_64.rpm curl-minimal-debuginfo-7.61.1-22.el8_6.3.i686.rpm curl-minimal-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm libcurl-7.61.1-22.el8_6.3.i686.rpm libcurl-7.61.1-22.el8_6.3.x86_64.rpm libcurl-debuginfo-7.61.1-22.el8_6.3.i686.rpm libcurl-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm libcurl-devel-7.61.1-22.el8_6.3.i686.rpm libcurl-devel-7.61.1-22.el8_6.3.x86_64.rpm libcurl-minimal-7.61.1-22.el8_6.3.i686.rpm libcurl-minimal-7.61.1-22.el8_6.3.x86_64.rpm libcurl-minimal-debuginfo-7.61.1-22.el8_6.3.i686.rpm libcurl-minimal-debuginfo-7.61.1-22.el8_6.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-22576 https://access.redhat.com/security/cve/CVE-2022-27774 https://access.redhat.com/security/cve/CVE-2022-27776 https://access.redhat.com/security/cve/CVE-2022-27782 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYr5BRdzjgjWX9erEAQhdgQ//SAIbgxo+jTlZmL873HlVUQc8nn8D8e8D 0Ow2NAYQZi9F/dyTESf+ZAw7wlJQQoljTlS5U8sip2xrH32FsxUuO+Ykld5K/hDw wNKgVlmn6DRPy1+ScbFLvBTvmdPMrJXTgVSbDkMEben6jF8VusxXahDCE9eSY//A hRmxm93uLGX+ru/GDCNIkPU3hU8IQ1F3tOvBc56PwugD5EF6QCpeprau4IHBoA9e p2Scv7nefCiCq9iADMYAha2YBk0tONVFhM5KH/vAxE19Fr9ZhzijJefEHo0Hy3QT 7+8Z1kmxUumPVL/qGTuOZAENXMZEE+ZU/tGxKygdbLD0yHH2KPNEknB8bpF4ejt+ mBtON2nMSa9ueAEsLi445pB24HhZLWj1iExH9AmSYVvo5+BviJeX3bYaPuD/s+wg fG8MtlNJfzNlAQWwN6syN8fYAY/v2gEbEKyaO95UsohDaUmhz0oxpUFEncsEsp54 rOgoD/YLdBsP8T9nRryiimNmTwoLPwDx5ADo5jjXVBicesLjMFMlwPz/nKoDjHnd 7+BtdlLqr8jtyTF3WGUtpTYarW35m0e8aFlTKCqQkRwpLyH+2SNcNwI69k7ga/tr HD4B9K/fUiPUvZdjWLq+nZokvVUiT40GDAQOaYS76WRaUEac90mxJ8KcuC90aUCt IYRjWPuYk30=9GwM -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 30, 2022
Red Hat
100
security advisorymoderateupdateSUSE: 2022:1680-1 Moderate: Curl Auth Leak and OAUTH2 Bypass
An update that fixes two vulnerabilities is now available. . SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1680-1 Rating: moderate References: #1198614 #1198766 Cross-References: CVE-2022-22576 CVE-2022-27776 CVSS scores: CVE-2022-22576 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-27776 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for curl fixes the following issues: - CVE-2022-27776: Fixed Auth/cookie leak on redirect (bsc#1198766) - CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1680=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1680=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): curl-debuginfo-7.60.0-11.37.1 curl-debugsource-7.60.0-11.37.1 libcurl-devel-7.60.0-11.37.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): curl-7.60.0-11.37.1 curl-debuginfo-7.60.0-11.37.1 curl-debugsource-7.60.0-11.37.1 libcurl4-7.60.0-11.37.1 libcurl4-debuginfo-7.60.0-11.37.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libcurl4-32bit-7.60.0-11.37.1 libcurl4-debuginfo-32bit-7.60.0-11.37.1 References: https://www.suse.com/security/cve/CVE-2022-22576.html https://www.suse.com/security/cve/CVE-2022-27776.html https://bugzilla.suse.com/1198614 https://bugzilla.suse.com/1198766 . Red Hat Security Patch includes a wget remedy addressing minor vulnerabilities such as credential exposures. Maintain your security!. curl Fix, SUSE Advisory, Moderate Security Patch. . LinuxSecurity.com Team
May 16, 2022
SuSE
89
security advisoryFedoracurlFedora 36: 2022-3517572083 Moderate: Curl Connection Security Issues
- fix credential leak on redirect (CVE-2022-27774) - fix auth/cookie leak on redirect (CVE-2022-27776) - fix bad local IPv6 connection reuse (CVE-2022-27775) - fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-3517572083 2022-05-07 04:08:14.318757 --------------------------------------------------------------------------------Name : curl Product : Fedora 36 Version : 7.82.0 Release : 4.fc36 URL : https://curl.se/ Summary : A utility for getting files from remote servers (FTP, HTTP, and others) Description : curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. --------------------------------------------------------------------------------Update Information: - fix credential leak on redirect (CVE-2022-27774) - fix auth/cookie leak on redirect (CVE-2022-27776) - fix bad local IPv6 connection reuse (CVE-2022-27775) - fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576) --------------------------------------------------------------------------------ChangeLog: * Mon May 2 2022 Kamil Dudka - 7.82.0-4 - fix leak of SRP credentials in redirects (CVE-2022-27774) * Thu Apr 28 2022 Kamil Dudka - 7.82.0-3 - fix credential leak on redirect (CVE-2022-27774) - fix auth/cookie leak on redirect (CVE-2022-27776) - fix bad local IPv6 connection reuse (CVE-2022-27775) - fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576) --------------------------------------------------------------------------------References: [ 1 ] Bug#2079167 - CVE-2022-22576 curl: OAUTH2 bearer bypass in connection re-use [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2079167 [ 2 ] Bug #2079169 - CVE-2022-27774 curl: credential leak on redirect [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2079169 [ 3 ] Bug #2079171 - CVE-2022-27775 curl: bad local IPv6 connection reuse [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2079171 [ 4 ] Bug #2079174 - CVE-2022-27776 curl: auth/cookie leak on redirect [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2079174 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-3517572083' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 07, 2022
•Important
Fedora
89
security advisoryFedorakerberosFedora 35: 2021-d54e02d1b2 Moderate: cifs-utils Kerberos Auth Leak
Fix for CVE-2021-20208 Update to 6.13 cifs.upcall: fix regression in kerberos mount mount.cifs: fix crash when mount point does not exist ---- Fix for CVE-2021-20208: cifs.upcall kerberos auth leak in container. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-d54e02d1b2 2021-09-24 20:04:10.622566 --------------------------------------------------------------------------------Name : cifs-utils Product : Fedora 35 Version : 6.13 Release : 3.fc35 URL : https://wiki.samba.org/index.php/LinuxCIFS_utils Summary : Utilities for mounting and managing CIFS mounts Description : The SMB/CIFS protocol is a standard file sharing protocol widely deployed on Microsoft Windows machines. This package contains tools for mounting shares on Linux using the SMB/CIFS protocol. The tools in this package work in conjunction with support in the kernel to allow one to mount a SMB/CIFS share onto a client and use it as if it were a standard Linux file system. --------------------------------------------------------------------------------Update Information: Fix for CVE-2021-20208 Update to 6.13 cifs.upcall: fix regression in kerberos mount mount.cifs: fix crash when mount point does not exist ---- Fix for CVE-2021-20208: cifs.upcall kerberos auth leak in container --------------------------------------------------------------------------------ChangeLog: * Thu Sep 23 2021 Bruno Wolff III - 6.13-3 - Actually use the patches * Thu Sep 23 2021 Bruno Wolff III - 6.13-2 - Pull in a couple of upstream fixes slotted for the next release - fix regression in kerberos mount - fix crash when mount point does not exist * Wed Sep 22 2021 Bruno Wolff III - 6.13-1 - Fix for CVE-2021-20208: cifs.upcall kerberos auth leak in container - get/setcifsacl tools are improved to support changing owner, group and SACLs --------------------------------------------------------------------------------This update can beinstalled with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-d54e02d1b2' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Sep 24, 2021
Fedora
100
security advisoryupdateimportantSUSE: 2021:1455-1 Important: cifs-utils Auth Leak and Injection Issue
An update that solves two vulnerabilities and has two fixes is now available. . SUSE Security Update: Security update for cifs-utils ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1455-1 Rating: important References: #1152930 #1174477 #1183239 #1184815 Cross-References: CVE-2020-14342 CVE-2021-20208 CVSS scores: CVE-2020-14342 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-14342 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2021-20208 (NVD) : 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N CVE-2021-20208 (SUSE): 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for cifs-utils fixes the following security issues: - CVE-2021-20208: Fixed a potential kerberos auth leak escaping from container. (bsc#1183239) - CVE-2020-14342: Fixed a shell command injection vulnerability in mount.cifs. (bsc#1174477) This update for cifs-utils fixes the following issues: - Solve invalid directory mounting. When attempting to change the current working directory into non-existing directories, mount.cifs crashes. (bsc#1152930) - Fixed a bug where it was no longer possible to mount CIFS filesystem after the last maintenance update. (bsc#1184815) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1455=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-1455=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1455=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-1455=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): cifs-utils-6.9-3.14.1 cifs-utils-debuginfo-6.9-3.14.1 cifs-utils-debugsource-6.9-3.14.1 cifs-utils-devel-6.9-3.14.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): cifs-utils-6.9-3.14.1 cifs-utils-debuginfo-6.9-3.14.1 cifs-utils-debugsource-6.9-3.14.1 cifs-utils-devel-6.9-3.14.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): cifs-utils-6.9-3.14.1 cifs-utils-debuginfo-6.9-3.14.1 cifs-utils-debugsource-6.9-3.14.1 cifs-utils-devel-6.9-3.14.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): cifs-utils-6.9-3.14.1 cifs-utils-debuginfo-6.9-3.14.1 cifs-utils-debugsource-6.9-3.14.1 cifs-utils-devel-6.9-3.14.1 References: https://www.suse.com/security/cve/CVE-2020-14342.html https://www.suse.com/security/cve/CVE-2021-20208.html https://bugzilla.suse.com/1152930 https://bugzilla.suse.com/1174477 https://bugzilla.suse.com/1183239 https://bugzilla.suse.com/1184815 . SUSE Security Bulletin for samba-client tackling critical flaws and delivering resolutions ready for installation.. SUSE Linux,cifs-utils Update,Security Fixes,Security Advisory. . Severity: Important. LinuxSecurity.com Team
Apr 30, 2021
•Important
SuSE
100
security advisorymoderate severitySUSE LinuxSUSE: 2021:1159-1 Moderate Fix for Auth Leak in cifs-utils
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for cifs-utils ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1159-1 Rating: moderate References: #1183239 Cross-References: CVE-2021-20208 CVSS scores: CVE-2021-20208 (SUSE): 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cifs-utils fixes the following issues: - CVE-2021-20208: Fixed a potential kerberos auth leak escaping from container (bsc#1183239) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1159=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1159=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): cifs-utils-debuginfo-6.9-13.14.1 cifs-utils-debugsource-6.9-13.14.1 cifs-utils-devel-6.9-13.14.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): cifs-utils-6.9-13.14.1 cifs-utils-debuginfo-6.9-13.14.1 cifs-utils-debugsource-6.9-13.14.1 References: https://www.suse.com/security/cve/CVE-2021-20208.html https://bugzilla.suse.com/1183239 . Recent Debian patch for samba-client addresses security vulnerability in credential handling, enhancing protection and reliability.. SUSE Linux Update,cifs-utilsvulnerability,Security Patch,Auth Leak Fix. . LinuxSecurity.com Team
Apr 13, 2021
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!