Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
197
security advisorydenial of servicedebianDebian 10 Buster: DLA-3142-1 Moderate D-Bus DoS Threat Advisory
Evgeny Vereshchagin discovered multiple vulnerabilities in D-Bus, a simple interprocess messaging system, which may result in denial of service by an authenticated user. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3142-1
Oct 10, 2022
Debian LTS
172
security advisorysecurity issuesoftware updateUbuntu 16.04 LTS: USN-4590-1 Moderate: Collabtive Arbitrary Code
Collabtive could be made to run programs if it received specially crafted network traffic from an authenticated user.. =========================================================================Ubuntu Security Notice USN-4590-1 October 19, 2020 collabtive vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Collabtive could be made to run programs if it received specially crafted network traffic from an authenticated user. Software Description: - collabtive: Web-based project management software Details: It was discovered that Collabtive did not properly validate avatar image file uploads. An authenticated user could exploit this with a crafted file to cause Collabtive to execute arbitrary code. (CVE-2015-0258) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: collabtive 2.0+dfsg-6ubuntu1.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4590-1 CVE-2015-0258 Package Information: https://launchpad.net/ubuntu/+source/collabtive/2.0+dfsg-6ubuntu1.1 . Ubuntu Security Notice USN-4590-1 addresses a security flaw in Collabtive impacting 16.04 LTS. Patches have been provided.. ubuntu security, collabtive vulnerability, software update, security notice, CVE-2015-0258. . LinuxSecurity.com Team
Oct 19, 2020
Ubuntu
87
security advisoryupdatedebianDebian: DSA-4056-1 Critical Update for Nova Filter Bypass Issue
George Shuklin from servers.com discovered that Nova, a cloud computing fabric controller, did not correctly enforce its image- or hosts-filters. This allowed an authenticated user to bypass those filters by simply rebuilding an instance. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-4056-1
Dec 07, 2017
•Critical
Debian
98
security advisoryRed Hat Enterprise Linuxmoderate impactAddressing Moderate Swift Object Deletion Problems in OpenStack 6.0 RHEL
Updated openstack-swift packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-swift security update Advisory ID: RHSA-2015:1681-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2015:1681.html Issue date: 2015-08-24 CVE Names: CVE-2015-1856 ==================================================================== 1. Summary: Updated openstack-swift packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7 - noarch 3. Description: OpenStack Object Storage (swift) provides object storage in virtual containers, which allows users to store and retrieve files (arbitrary data). The service's distributed architecture supports horizontal scaling; redundancy as failure-proofing is provided through software-based data replication. Because Object Storage supports asynchronous eventual consistency replication, it is well suited to multiple data-center deployment. A flaw was found in openstack-swift where an authenticated user may delete the most recent version of a versioned object regardless of ownership. To exploit this flaw an attacker most know the name of the object and have listing access to the x-versions-location container. (CVE-2015-1856) Red Hat wouldlike to thank the OpenStack project for reporting this issue. Upstream acknowledges Clay Gerrard of SwiftStack as the original reporter. All users of openstack-swift are advised to upgrade to these updated packages, which correct this issue. After installing this update, the OpenStack Object Storage services will be restarted automatically. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1209994 - CVE-2015-1856 OpenStack Swift: unauthorized deletion of versioned Swift object 6. Package List: Red Hat Enterprise Linux OpenStack Platform 6.0 for RHEL 7: Source: openstack-swift-2.2.0-4.el7ost.src.rpm noarch: openstack-swift-2.2.0-4.el7ost.noarch.rpm openstack-swift-account-2.2.0-4.el7ost.noarch.rpm openstack-swift-container-2.2.0-4.el7ost.noarch.rpm openstack-swift-doc-2.2.0-4.el7ost.noarch.rpm openstack-swift-object-2.2.0-4.el7ost.noarch.rpm openstack-swift-proxy-2.2.0-4.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-1856 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV251KXlSAg2UNWIIRAtWlAKDA6zAkOV4UPJUKNDGQ+0WSBBpbDwCgwaFy XtSM4QngCYEOJcjwXwL7tZQ=lPYq -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Aug 24, 2015
Red Hat
172
security advisoryUbuntuupdate instructionsUbuntu 11.04: USN-1266-1 Moderate: OpenLDAP Crash Risk for Auth Users
An OpenLDAP server could potentially be made to crash if it received specially crafted network traffic from an authenticated user.. =========================================================================Ubuntu Security Notice USN-1266-1 November 17, 2011 openldap vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: An OpenLDAP server could potentially be made to crash if it received specially crafted network traffic from an authenticated user. Software Description: - openldap: OpenLDAP utilities Details: It was discovered that slapd contained an off-by-one error. An authenticated attacker could potentially exploit this by sending a crafted crafted LDIF entry containing an empty postalAddress. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: slapd 2.4.25-1.1ubuntu4.1 Ubuntu 11.04: slapd 2.4.23-6ubuntu6.1 Ubuntu 10.10: slapd 2.4.23-0ubuntu3.7 Ubuntu 10.04 LTS: slapd 2.4.21-0ubuntu5.6 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-1266-1 CVE-2011-4079 Package Information: https://launchpad.net/ubuntu/+source/openldap/2.4.25-1.1ubuntu4.1 https://launchpad.net/ubuntu/+source/openldap/2.4.23-6ubuntu6.1 https://launchpad.net/ubuntu/+source/openldap/2.4.23-0ubuntu3.7 https://launchpad.net/ubuntu/+source/openldap/2.4.21-0ubuntu5.6 . The OpenLDAP weakness in various Ubuntu versions may cause server instabilities when processing specially designed network packets.. OpenLDAP Exploit, Authenticated User Attack, Server Crash Risk. . LinuxSecurity.com Team
Nov 17, 2011
Ubuntu
172
security advisorycriticalMySQLUbuntu 8.04 LTS: USN-671-1 Critical: MySQL DoS and Table Overwrite
It was discovered that MySQL could be made to overwrite existing table files in the data directory. An authenticated user could use the DATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege checks. This update alters table creation behaviour by disallowing the use of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY options. (CVE-2008-2079, CVE-2008-4097 and CVE-2008-4098) It was discovered that MySQL did not handle empty bit-string literals properly. An attacker could exploit this problem and cause the MySQL server to crash, leading to a denial of service. (CVE-2008-3963) . ==========================================================Ubuntu Security Notice USN-671-1 November 17, 2008 mysql-dfsg-5.0 vulnerabilities CVE-2008-2079, CVE-2008-3963, CVE-2008-4097, CVE-2008-4098 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: mysql-server-5.0 5.0.22-0ubuntu6.06.11 Ubuntu 7.10: mysql-server-5.0 5.0.45-1ubuntu3.4 Ubuntu 8.04 LTS: mysql-server-5.0 5.0.51a-3ubuntu5.4 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that MySQL could be made to overwrite existing table files in the data directory. An authenticated user could use the DATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege checks. This update alters table creation behaviour by disallowing the use of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY options. (CVE-2008-2079, CVE-2008-4097 and CVE-2008-4098) It was discovered that MySQL did not handle empty bit-string literals properly. An attacker could exploit thisproblem and cause the MySQL server to crash, leading to a denial of service. (CVE-2008-3963) Updated packages for Ubuntu 6.06 LTS: Source archives: Size/MD5: 166038 5bb9d1f41b8a34e3f935d87cf8ea553c Size/MD5: 1124 dfb2b087d32df29aa9697dd004c488c4 Size/MD5: 18446645 2b8f36364373461190126817ec872031 Architecture independent packages: Size/MD5: 38944 2f54e68e4fa140998c0cb78a70fc119e Size/MD5: 41488 ef268bffd224ccf90dd590820de702a7 Size/MD5: 38948 6bd7b45911f2bacec67d578ee812f110 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 6729886 af2c395368182937c76d5f165d478df3 Size/MD5: 1423924 58ca08b4eef39c0e2d34aaa2cddf42cb Size/MD5: 6897622 fc9e0c76dbde4321de287a102c002db2 Size/MD5: 22493516 ec7f8f5c669bb7f1ca0b7d54bd63ca7d i386 architecture (x86 compatible Intel/AMD): Size/MD5: 6142732 d411a303d293fd8559f042ce230615d1 Size/MD5: 1384350 1dcfa047e463b45f45942ac0bea623b1 Size/MD5: 6280092 9a555aa506be5086d952af12afbf5b3d Size/MD5: 21352916 0285f357ed2a35ecbd81b7f13fcbe0dd powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 6886660 c3f1cef7637a94b3c4ba3d3cc74a4a36 Size/MD5: 1464208 1ab2aa38f4e27b74e3d3e962e44977e3 Size/MD5: 6944814 311ed284fb1456d3e20fc49b53ae1020 Size/MD5: 22708138 87480f1d414b63dd32f9bc017786573e sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 6435552 66ae0f7ef9fef58a118965e54af6d751 Size/MD5: 1436346 e2c0b9566472e770eb2d58be24de248c Size/MD5: 6542200 09a89f54af6584167a1cae9cffbc735f Size/MD5: 21974286 cab9ee96e01b4df8243bf74767819088 Updated packages for Ubuntu 7.10: Source archives: Size/MD5: 243362 6b79d30861b757447d41706e3731e395 Size/MD5: 1302 9a87569e45aded8c98c43d53c12d30de Size/MD5: 17801680ab450aa2e9b89f3b4e01fd12375b1bee Architecture independent packages: Size/MD5: 48538 8338809ac72972866d2363a6ce681c15 Size/MD5: 56744 71342b47c409b2b4e4ead8c8cef4e7f8 Size/MD5: 50738 2e37d678979ce0a893092d1ff949d4e1 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 7564626 120e18e6fc2d3208b0531cac5d8209a0 Size/MD5: 1917186 838695d874b436643792bec417299410 Size/MD5: 7999284 e73b18453d17f783e5e4c4653e7ff893 Size/MD5: 27571570 6f0e6edd92ab9f107149952c4fc5e14d i386 architecture (x86 compatible Intel/AMD): Size/MD5: 7043450 a33ba64ed57deb1bef09ddae94abe8c0 Size/MD5: 1867614 f16cc5ff9ffdf951f47da895a4f40f93 Size/MD5: 7497426 43ab893a69ae8bf09d8795281509d50d Size/MD5: 26786564 33eceaf638a2d9042d32b41b2498394a lpia architecture (Low Power Intel Architecture): Size/MD5: 7023394 ce3cbd8d1d3636158e26aac448f17e6e Size/MD5: 1843862 33187655eeaf528d82620681bab73a9b Size/MD5: 7518330 457f957ebbf1cc88d7bd433354b99d8b Size/MD5: 26760376 b52d4eea4a46f8eab45d1b991dd6bfae powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 7762838 9ba0474b47f276590162a3c85c0d382f Size/MD5: 1949498 2fe6fd7147097a2dbe1768b12a505fc9 Size/MD5: 8066000 0a14243fe3631806abb5de27bd3e03dc Size/MD5: 28023398 138612db5e9249bb2c54f4d71a0914d3 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 7173132 2b4016c87626737b6a970ed169c80a24 Size/MD5: 1877642 14963beda22c01f734c403822d561ef8 Size/MD5: 7583722 c1a60b545f38172c683d76ea953f41f6 Size/MD5: 27140728 b79d11ad9b4cf9b20a92ca1bfccf6eeb Updated packages for Ubuntu 8.04 LTS: Source archives: Size/MD5: 314416 a98a2519ef59bc5b0cef4940c4961f35 Size/MD5: 1430 57f5a32ccf3d46aefcb56407fc238007 Size/MD5: 179466646fae978908ad5eb790fa3f24f16dadba Architecture independent packages: Size/MD5: 52052 8200893fa342e477a2af354d141015e7 Size/MD5: 60302 8e8d4aa0af490eeadde3d1684c669de1 Size/MD5: 54240 34a21b40b4e18dd8dbfbf5ca30fd8e53 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 7594702 71f4511bd9ce2275d080bf4f27e8f4dd Size/MD5: 1877812 afa3900abcb025df70ccc444444a006a Size/MD5: 8241010 cdb59824c82d8412a4f324f38f9c1260 Size/MD5: 28018274 b106f4f668381cd55a5da7d40be9e7ce i386 architecture (x86 compatible Intel/AMD): Size/MD5: 7216262 f252c8299c00e805022a99374561eeba Size/MD5: 1836766 247b3c027653b3f6cd9b89320ba7572e Size/MD5: 7826312 f948d312520c64c0d73982e162201f09 Size/MD5: 27427752 090b315903161e7f72d0b7e2be804ee1 lpia architecture (Low Power Intel Architecture): Size/MD5: 7160694 d0bd82cf31dae1cec8ca04241baba49d Size/MD5: 1826820 3bb18a419dceccfb58aa5d3cd99bf31a Size/MD5: 7840058 80f24b9ce82a2f93f4ed8ce635114e7a Size/MD5: 27357990 65e92cb0e552509a820410351456fa97 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 7587468 045eee93159914db564084d88a3d5304 Size/MD5: 1915302 eef9aedee7b37cb81a9a980d42049406 Size/MD5: 8241574 7f57a684310fe601446729a3e539b49f Size/MD5: 28344344 d3be9955a55a22ced19fe9d25b129bd6 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 7199786 d2c692836274f21677499177121e046b Size/MD5: 1846000 b0456b96173850dfa4eb597c4d42f4ac Size/MD5: 7830916 cd55ac1ad14ce9713de2e8c9397c1018 Size/MD5: 27642386 8cf989c15071150c10abc1175c048022 . Important Ubuntu security notice regarding MySQL weaknesses impacting several LTS versions. Ensure your systems are updated immediately.. MySQL Security Updates, Ubuntu 6.06 Vulnerabilities, MySQL DoS Risks. . Severity: Critical.LinuxSecurity.com Team
Nov 17, 2008
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!