Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 0 articles for you...
100
security advisorymoderate severitysuseSUSE: 2024:1987-1 Important: Skopeo Authenticated Access Issues
* bsc#1224123 Cross-References: * CVE-2024-28180 * CVE-2024-3727 . # Security update for skopeo Announcement ID: SUSE-SU-2024:1987-1 Rating: important References: * bsc#1224123 Cross-References: * CVE-2024-28180 * CVE-2024-3727 CVSS scores: * CVE-2024-3727 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP5 * Basesystem Module 15-SP6 * openSUSE Leap 15.3 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for skopeo fixes the following issues: * Update to version 1.14.4: * CVE-2024-3727: Fixed a vulnerability that allows attackers to trigger unexpected authenticatedregistry accesses on behalf of a victim user, resource exhaustion, local path traversal and other attacks. (bsc#1224123) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-1987=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-1987=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-1987=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-1987=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1987=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1987=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1987=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-1987=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1987=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-1987=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1987=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-1987=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2024-1987=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-1987=1 * SUSE EnterpriseStorage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-1987=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-1987=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-1987=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-1987=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * skopeo-debuginfo-1.14.4-150300.11.11.1 * skopeo-1.14.4-150300.11.11.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * skopeo-debuginfo-1.14.4-150300.11.11.1 * skopeo-1.14.4-150300.11.11.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * skopeo-debuginfo-1.14.4-150300.11.11.1 * skopeo-1.14.4-150300.11.11.1 * Basesystem Module 15-SP6 (noarch) * skopeo-bash-completion-1.14.4-150300.11.11.1 * skopeo-zsh-completion-1.14.4-150300.11.11.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * skopeo-debuginfo-1.14.4-150300.11.11.1 * skopeo-1.14.4-150300.11.11.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * skopeo-debuginfo-1.14.4-150300.11.11.1 * skopeo-1.14.4-150300.11.11.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * skopeo-debuginfo-1.14.4-150300.11.11.1 * skopeo-1.14.4-150300.11.11.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * skopeo-debuginfo-1.14.4-150300.11.11.1 * skopeo-1.14.4-150300.11.11.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * skopeo-debuginfo-1.14.4-150300.11.11.1 * skopeo-1.14.4-150300.11.11.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) * skopeo-debuginfo-1.14.4-150300.11.11.1 * skopeo-1.14.4-150300.11.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * skopeo-debuginfo-1.14.4-150300.11.11.1 * skopeo-1.14.4-150300.11.11.1 * SUSE Linux Enterprise Server for SAPApplications 15 SP4 (ppc64le x86_64) * skopeo-debuginfo-1.14.4-150300.11.11.1 * skopeo-1.14.4-150300.11.11.1 * SUSE Manager Proxy 4.3 (x86_64) * skopeo-debuginfo-1.14.4-150300.11.11.1 * skopeo-1.14.4-150300.11.11.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * skopeo-debuginfo-1.14.4-150300.11.11.1 * skopeo-1.14.4-150300.11.11.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * skopeo-debuginfo-1.14.4-150300.11.11.1 * skopeo-1.14.4-150300.11.11.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * skopeo-debuginfo-1.14.4-150300.11.11.1 * skopeo-1.14.4-150300.11.11.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * skopeo-debuginfo-1.14.4-150300.11.11.1 * skopeo-1.14.4-150300.11.11.1 * openSUSE Leap 15.3 (noarch) * skopeo-bash-completion-1.14.4-150300.11.11.1 * skopeo-fish-completion-1.14.4-150300.11.11.1 * skopeo-zsh-completion-1.14.4-150300.11.11.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * skopeo-debuginfo-1.14.4-150300.11.11.1 * skopeo-1.14.4-150300.11.11.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * skopeo-debuginfo-1.14.4-150300.11.11.1 * skopeo-1.14.4-150300.11.11.1 * openSUSE Leap 15.6 (noarch) * skopeo-bash-completion-1.14.4-150300.11.11.1 * skopeo-fish-completion-1.14.4-150300.11.11.1 * skopeo-zsh-completion-1.14.4-150300.11.11.1 ## References: * https://www.suse.com/security/cve/CVE-2024-28180.html * https://www.suse.com/security/cve/CVE-2024-3727.html * https://bugzilla.suse.com/show_bug.cgi?id=1224123 . Critical system enhancement for skopeo addressing two vulnerabilities impacting various SUSE distributions along with detailed patching guidance.. skopeo security advisory,suse update,important security patch,resource exhaustion fix. . Severity: Important. LinuxSecurity.com Team
Jun 11, 2024
•Important
SuSE
89
security advisoryfedorasecurity fixFedora 37: 2023-5b6510a584 Critical: Redis Authenticated Crash Issue
**Redis 7.0.11** Released Mon Apr 17 16:00:00 IST 2023 Upgrade urgency: SECURITY, contains fixes to security issues. Security Fixes: * (**CVE-2023-28856**) Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access Bug Fixes * Add a missing fsync of AOF file in rare cases (#11973) * Disconnect pub-sub. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-5b6510a584 2023-04-27 00:35:44.907244 --------------------------------------------------------------------------------Name : redis Product : Fedora 37 Version : 7.0.11 Release : 1.fc37 URL : https://redis.io Summary : A persistent key-value database Description : Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Redis works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log. Redis also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth. Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Redis behave like a cache. You can use Redis from most programming languages also. --------------------------------------------------------------------------------Update Information: **Redis 7.0.11** Released Mon Apr 17 16:00:00 IST 2023 Upgrade urgency: SECURITY, contains fixes to security issues. Security Fixes: * (**CVE-2023-28856**) Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access Bug Fixes * Add a missing fsync of AOF file in rare cases (#11973) * Disconnect pub-sub subscribers when revoking allchannels permission (#11992) --------------------------------------------------------------------------------ChangeLog: * Tue Apr 18 2023 Remi Collet - 7.0.11-1 - Upstream 7.0.11 release. --------------------------------------------------------------------------------References: [ 1 ] Bug #2187525 - CVE-2023-28856 redis: Insufficient validation of HINCRBYFLOAT command https://bugzilla.redhat.com/show_bug.cgi?id=2187525 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-5b6510a584' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Apr 27, 2023
•Critical
Fedora
197
security advisorycode executiondirectory traversalDebian 8: DLA-2175-1 Critical: PHP-Horde-Trean Directory Traversal
A directory traversal vulnerability resulting from insufficient input sanitization was discovered in the Horde Application Framework. An authenticated remote attacker could use this flaw to execute code in the . Package : php-horde-trean Version : 1.1.1-2+deb8u1 CVE ID : CVE-2020-8865 Debian Bug : 955019 A directory traversal vulnerability resulting from insufficient input sanitization was discovered in the Horde Application Framework. An authenticated remote attacker could use this flaw to execute code in the context of the web server user. For Debian 8 "Jessie", this problem has been fixed in version 1.1.1-2+deb8u1. We recommend that you upgrade your php-horde-trean packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Boost your defenses with the latest php-horde-trean patch for Debian that resolves a critical code execution vulnerability.. php-horde-trean, directory traversal, Debian update, security patch. . Severity: Critical. LinuxSecurity.com Team
Apr 14, 2020
•Critical
Debian LTS
203
security advisorydenial of serviceout-of-boundsMageia 7: MGASA-2019-0411 High: 389-ds-base LDAP Denial of Service
he updated packages fix security vulnerabilities and a packaging problem: An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make . MGASA-2019-0411 - Updated 389-ds-base packages fix security vulnerabilities Publication date: 25 Dec 2019 URL: https://advisories.mageia.org/MGASA-2019-0411.html Type: security Affected Mageia releases: 7 CVE: CVE-2018-1054, CVE-2018-10871, CVE-2019-3883, CVE-2019-14824 he updated packages fix security vulnerabilities and a packaging problem: An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service. (CVE-2018-1054) 389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext passwords. (CVE-2018-10871) In 389-ds-base up to version 1.4.1.2, requests are handled by workersthreads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un- encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service. (CVE-2019-3883) A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, thiscould allow an authenticated attacker to view private attributes, such as password hashes. (CVE-2019-14824) There were conflicts between files from svrcore and 389-ds-base which prevented the installation of 389-ds (mga#25709) References: - https://bugs.mageia.org/show_bug.cgi?id=25824 - https://bugs.mageia.org/show_bug.cgi?id=25709 - http://lists.suse.com/pipermail/sle-security-updates/2019-August/005817.html - - https://www.cve.org/CVERecord?id=CVE-2018-1054 - https://www.cve.org/CVERecord?id=CVE-2018-10871 - https://www.cve.org/CVERecord?id=CVE-2019-3883 - https://www.cve.org/CVERecord?id=CVE-2019-14824 SRPMS: - 7/core/389-ds-base-1.4.0.26-1.1.mga7 . The most recent Mageia release resolves significant security flaws in 389-ds-base concerning LDAP processing and unencrypted passwords.. Mageia, 389-ds-base, security update, LDAP flaws, denial of service. . LinuxSecurity.com Team
Dec 25, 2019
Mageia
98
security advisorysecurity updatered hatRed Hat Enterprise Linux 7: RHSA-2019-2577-01 Important: Ceph Update
An update is now available for Red Hat Ceph Storage 3.3 on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: ceph security update Advisory ID: RHSA-2019:2577-01 Product: Red Hat Ceph Storage Advisory URL: https://access.redhat.com/errata/RHSA-2019:2577 Issue date: 2019-08-28 CVE Names: CVE-2019-10222 ==================================================================== 1. Summary: An update is now available for Red Hat Ceph Storage 3.3 on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Ceph Storage 3.3 MON - ppc64le, x86_64 Red Hat Ceph Storage 3.3 OSD - ppc64le, x86_64 Red Hat Ceph Storage 3.3 Tools - ppc64le, x86_64 3. Description: Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Security Fix(es): * ceph: Unauthenticated clients can crash ceph RGW configured with beast as frontend (CVE-2019-10222) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1739292- CVE-2019-10222 ceph: Unauthenticated clients can crash ceph RGW configured with beast as frontend 6. Package List: Red Hat Ceph Storage 3.3 MON: Source: ceph-12.2.12-48.el7cp.src.rpm ppc64le: ceph-base-12.2.12-48.el7cp.ppc64le.rpm ceph-common-12.2.12-48.el7cp.ppc64le.rpm ceph-debuginfo-12.2.12-48.el7cp.ppc64le.rpm ceph-mgr-12.2.12-48.el7cp.ppc64le.rpm ceph-mon-12.2.12-48.el7cp.ppc64le.rpm ceph-selinux-12.2.12-48.el7cp.ppc64le.rpm libcephfs-devel-12.2.12-48.el7cp.ppc64le.rpm libcephfs2-12.2.12-48.el7cp.ppc64le.rpm librados-devel-12.2.12-48.el7cp.ppc64le.rpm librados2-12.2.12-48.el7cp.ppc64le.rpm libradosstriper1-12.2.12-48.el7cp.ppc64le.rpm librbd-devel-12.2.12-48.el7cp.ppc64le.rpm librbd1-12.2.12-48.el7cp.ppc64le.rpm librgw-devel-12.2.12-48.el7cp.ppc64le.rpm librgw2-12.2.12-48.el7cp.ppc64le.rpm python-cephfs-12.2.12-48.el7cp.ppc64le.rpm python-rados-12.2.12-48.el7cp.ppc64le.rpm python-rbd-12.2.12-48.el7cp.ppc64le.rpm python-rgw-12.2.12-48.el7cp.ppc64le.rpm x86_64: ceph-base-12.2.12-48.el7cp.x86_64.rpm ceph-common-12.2.12-48.el7cp.x86_64.rpm ceph-debuginfo-12.2.12-48.el7cp.x86_64.rpm ceph-mgr-12.2.12-48.el7cp.x86_64.rpm ceph-mon-12.2.12-48.el7cp.x86_64.rpm ceph-selinux-12.2.12-48.el7cp.x86_64.rpm ceph-test-12.2.12-48.el7cp.x86_64.rpm libcephfs-devel-12.2.12-48.el7cp.x86_64.rpm libcephfs2-12.2.12-48.el7cp.x86_64.rpm librados-devel-12.2.12-48.el7cp.x86_64.rpm librados2-12.2.12-48.el7cp.x86_64.rpm libradosstriper1-12.2.12-48.el7cp.x86_64.rpm librbd-devel-12.2.12-48.el7cp.x86_64.rpm librbd1-12.2.12-48.el7cp.x86_64.rpm librgw-devel-12.2.12-48.el7cp.x86_64.rpm librgw2-12.2.12-48.el7cp.x86_64.rpm python-cephfs-12.2.12-48.el7cp.x86_64.rpm python-rados-12.2.12-48.el7cp.x86_64.rpm python-rbd-12.2.12-48.el7cp.x86_64.rpm python-rgw-12.2.12-48.el7cp.x86_64.rpm Red Hat Ceph Storage 3.3OSD: Source: ceph-12.2.12-48.el7cp.src.rpm ppc64le: ceph-base-12.2.12-48.el7cp.ppc64le.rpm ceph-common-12.2.12-48.el7cp.ppc64le.rpm ceph-debuginfo-12.2.12-48.el7cp.ppc64le.rpm ceph-osd-12.2.12-48.el7cp.ppc64le.rpm ceph-selinux-12.2.12-48.el7cp.ppc64le.rpm libcephfs-devel-12.2.12-48.el7cp.ppc64le.rpm libcephfs2-12.2.12-48.el7cp.ppc64le.rpm librados-devel-12.2.12-48.el7cp.ppc64le.rpm librados2-12.2.12-48.el7cp.ppc64le.rpm libradosstriper1-12.2.12-48.el7cp.ppc64le.rpm librbd-devel-12.2.12-48.el7cp.ppc64le.rpm librbd1-12.2.12-48.el7cp.ppc64le.rpm librgw-devel-12.2.12-48.el7cp.ppc64le.rpm librgw2-12.2.12-48.el7cp.ppc64le.rpm python-cephfs-12.2.12-48.el7cp.ppc64le.rpm python-rados-12.2.12-48.el7cp.ppc64le.rpm python-rbd-12.2.12-48.el7cp.ppc64le.rpm python-rgw-12.2.12-48.el7cp.ppc64le.rpm x86_64: ceph-base-12.2.12-48.el7cp.x86_64.rpm ceph-common-12.2.12-48.el7cp.x86_64.rpm ceph-debuginfo-12.2.12-48.el7cp.x86_64.rpm ceph-osd-12.2.12-48.el7cp.x86_64.rpm ceph-selinux-12.2.12-48.el7cp.x86_64.rpm ceph-test-12.2.12-48.el7cp.x86_64.rpm libcephfs-devel-12.2.12-48.el7cp.x86_64.rpm libcephfs2-12.2.12-48.el7cp.x86_64.rpm librados-devel-12.2.12-48.el7cp.x86_64.rpm librados2-12.2.12-48.el7cp.x86_64.rpm libradosstriper1-12.2.12-48.el7cp.x86_64.rpm librbd-devel-12.2.12-48.el7cp.x86_64.rpm librbd1-12.2.12-48.el7cp.x86_64.rpm librgw-devel-12.2.12-48.el7cp.x86_64.rpm librgw2-12.2.12-48.el7cp.x86_64.rpm python-cephfs-12.2.12-48.el7cp.x86_64.rpm python-rados-12.2.12-48.el7cp.x86_64.rpm python-rbd-12.2.12-48.el7cp.x86_64.rpm python-rgw-12.2.12-48.el7cp.x86_64.rpm Red Hat Ceph Storage 3.3Tools: Source: ceph-12.2.12-48.el7cp.src.rpm ppc64le: ceph-base-12.2.12-48.el7cp.ppc64le.rpm ceph-common-12.2.12-48.el7cp.ppc64le.rpm ceph-debuginfo-12.2.12-48.el7cp.ppc64le.rpm ceph-fuse-12.2.12-48.el7cp.ppc64le.rpm ceph-mds-12.2.12-48.el7cp.ppc64le.rpm ceph-radosgw-12.2.12-48.el7cp.ppc64le.rpm ceph-selinux-12.2.12-48.el7cp.ppc64le.rpm libcephfs-devel-12.2.12-48.el7cp.ppc64le.rpm libcephfs2-12.2.12-48.el7cp.ppc64le.rpm librados-devel-12.2.12-48.el7cp.ppc64le.rpm librados2-12.2.12-48.el7cp.ppc64le.rpm libradosstriper1-12.2.12-48.el7cp.ppc64le.rpm librbd-devel-12.2.12-48.el7cp.ppc64le.rpm librbd1-12.2.12-48.el7cp.ppc64le.rpm librgw-devel-12.2.12-48.el7cp.ppc64le.rpm librgw2-12.2.12-48.el7cp.ppc64le.rpm python-cephfs-12.2.12-48.el7cp.ppc64le.rpm python-rados-12.2.12-48.el7cp.ppc64le.rpm python-rbd-12.2.12-48.el7cp.ppc64le.rpm python-rgw-12.2.12-48.el7cp.ppc64le.rpm rbd-mirror-12.2.12-48.el7cp.ppc64le.rpm x86_64: ceph-base-12.2.12-48.el7cp.x86_64.rpm ceph-common-12.2.12-48.el7cp.x86_64.rpm ceph-debuginfo-12.2.12-48.el7cp.x86_64.rpm ceph-fuse-12.2.12-48.el7cp.x86_64.rpm ceph-mds-12.2.12-48.el7cp.x86_64.rpm ceph-radosgw-12.2.12-48.el7cp.x86_64.rpm ceph-selinux-12.2.12-48.el7cp.x86_64.rpm libcephfs-devel-12.2.12-48.el7cp.x86_64.rpm libcephfs2-12.2.12-48.el7cp.x86_64.rpm librados-devel-12.2.12-48.el7cp.x86_64.rpm librados2-12.2.12-48.el7cp.x86_64.rpm libradosstriper1-12.2.12-48.el7cp.x86_64.rpm librbd-devel-12.2.12-48.el7cp.x86_64.rpm librbd1-12.2.12-48.el7cp.x86_64.rpm librgw-devel-12.2.12-48.el7cp.x86_64.rpm librgw2-12.2.12-48.el7cp.x86_64.rpm python-cephfs-12.2.12-48.el7cp.x86_64.rpm python-rados-12.2.12-48.el7cp.x86_64.rpm python-rbd-12.2.12-48.el7cp.x86_64.rpm python-rgw-12.2.12-48.el7cp.x86_64.rpm rbd-mirror-12.2.12-48.el7cp.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2019-10222 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXWazU9zjgjWX9erEAQiNlRAAm+82xAScGeAB4Oj/DUQYbjTW9tE5joaS U2d/Rh+lrDgHi8d04BhT1thuUomgRxcv6EWi6MgXc5xI/oZK+nxlZy1B9LFbrSdb H4qZKx2TmduGwoCRwrwCpnwveODXFC+gjUyAI88tHQ6i0TlAEsgQAX/qNLQfFU+f eoy6gO08vIhpgNuBL49mcBvr2in5oPeKqn6+QyjKE2qELn7t/4ZrsOPzDmSRiDJQ /xNPpN1rp6YDxZBXgx32Up6KcoMH9w5jFTr1r/+YIQUWztrweLe1WBUglp/O39z/ SMrLvHmVtfdeyDwVoCJd6nywITDdTwXj56KiZw069HNHdKVqrjo/9pwJgYu9KpX3 jFeTsQjLO1nlbayPEy3f4zSDwT3D0308rMYHUI2jLyM0ELKc3eIuqdvh0xpULX5K B/VtHOHRhKCGA/VlRnAzMeFVaZ6B2PhjHUL1hcr0CIVHD6DYgU5I4jXZ/Uzhyk4/ IJs0yRQWmBMIvYOVHhYprfBWUFuAIkmbvQJO72K8onjqkLkXc4RCH+tXHu8q2/Ev C2mEqZcz3rTy4YsIy9Hwu5L/4oYDkPW2dscpY0moMLtrj5w5rv8JJ0zAxBRanqrR 3Ms5zXrgjuxEWANxDt3Utr4Z3e9vEFfGGZUo6+pJq8UEce/cofndNJ9dKJMV91mE K0mCB1BNiBA=io+/ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 28, 2019
•Important
Red Hat
200
security advisoryimportantmemory leakScientific Linux SL7: SLSA-2017-2471-1 Important Spice Server Update
A vulnerability was discovered in spice server's protocol handling. An authenticated attacker could send specially crafted messages to the spice server, causing out-of-bounds memory accesses, leading to parts of server memory being leaked or a crash. (CVE-2017-7506) This issue was discovered by Frediano Ziglio (Red Hat). SL7 x86_64 spice-debuginfo-0.12.8-2.el7.1.x86_64.rpm spice-se [More...]. Synopsis: Important: spice security update Advisory ID: SLSA-2017:2471-1 Issue Date: 2017-08-15 CVE Numbers: CVE-2017-7506 -- Security Fix(es): * A vulnerability was discovered in spice server's protocol handling. An authenticated attacker could send specially crafted messages to the spice server, causing out-of-bounds memory accesses, leading to parts of server memory being leaked or a crash. (CVE-2017-7506) This issue was discovered by Frediano Ziglio (Red Hat). -- SL7 x86_64 spice-debuginfo-0.12.8-2.el7.1.x86_64.rpm spice-server-0.12.8-2.el7.1.x86_64.rpm spice-server-devel-0.12.8-2.el7.1.x86_64.rpm - Scientific Linux Development Team . Crucial patch rollout tackling a severe flaw in the server's memory management on CentOS systems.. spice server update, SL7 security advisory, memory access issues, Linux security patch. . Severity: Important. LinuxSecurity.com Team
Aug 21, 2017
•Important
Scientific Linux
197
security advisorybuffer overflowcriticalDebian LTS DLA-1026-1 Critical: Xorg-Server Buffer Overflow Threat
CVE-2017-10971 A user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness . Hash: SHA512 Package : xorg-server Version : 2:1.12.4-6+deb7u7 CVE ID : CVE-2017-10971 CVE-2017-10972 Debian Bug : 867492 867492 CVE-2017-10971 A user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events. CVE-2017-10972 Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server allowed authenticated malicious users to access potentially privileged data from the X server. For Debian 7 "Wheezy", these problems have been fixed in version 2:1.12.4-6+deb7u7. We recommend that you upgrade your xorg-server packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Debian LTS patches resolve security vulnerabilities in xorg-server, which could lead to system crashes and unauthorized code execution. Upgrade strongly advised!. Debian LTS,xorg-server upgrade,security issues,authenticated access,buffer overflow. . Severity: Critical. LinuxSecurity.com Team
Jul 14, 2017
•Critical
Debian LTS
91
security advisoryGentoonormal severityGentoo: GLSA-201707-12 Normal: RoundCube Access Vulnerability
A vulnerability in RoundCube may allow authenticated users to bypass security restrictions.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201707-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: RoundCube: Security bypass Date: July 08, 2017 Bugs: #618322 ID: 201707-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability in RoundCube may allow authenticated users to bypass security restrictions. Background ========= Free and open source webmail software for the masses, written in PHP. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mail-client/roundcube < 1.2.5 > = 1.2.5 Description ========== Authenticated users can arbitrarily reset passwords due to a problem caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin. Impact ===== Authenticated users can bypass security restrictions and elevate privileges. Workaround ========= There is no known workaround at this time. Resolution ========= All RoundCube users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =mail-client/roundcube-1.2.5" References ========= [ 1 ] CVE-2017-8114 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8114 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201707-11 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuringthe confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jul 08, 2017
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!