Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
203
security advisorymoderatesecurity updateMageia 8 Security Advisory: MGASA-2022-0426 for Sudo Heap Overflow
Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, . MGASA-2022-0426 - Updated sudo packages fix security vulnerability Publication date: 17 Nov 2022 URL: https://advisories.mageia.org/MGASA-2022-0426.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-43995 Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture. (CVE-2022-43995) References: - https://bugs.mageia.org/show_bug.cgi?id=31089 - https://lists.suse.com/pipermail/sle-security-updates/2022-November/012820.html - - https://www.cve.org/CVERecord?id=CVE-2022-43995 SRPMS: - 8/core/sudo-1.9.5p2-2.1.mga8 . A security patch for Mageia has been implemented to rectify a heap overflow vulnerability caused by an out-of-bounds error during authentication processes.. Sudo Update,Mageia Security,Heap Overflow,Authentication Exploit,Security Fix. . Severity: Important. LinuxSecurity.com Team
Nov 17, 2022
•Important
Mageia
202
security advisoryimportantntp updateopenSUSE Leap 42.1 Security Advisory: Important NTP Authentication Exploit
An update that solves 5 vulnerabilities and has four fixes An update that solves 5 vulnerabilities and has four fixes An update that solves 5 vulnerabilities and has four fixes is now available. is now available.. openSUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:1636-1 Rating: important References: #979302 #979981 #981422 #982056 #982064 #982065 #982066 #982067 #982068 Cross-References: CVE-2016-4953 CVE-2016-4954 CVE-2016-4955 CVE-2016-4956 CVE-2016-4957 Affected Products: openSUSE Leap 42.1 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has four fixes is now available. Description: ntp was updated to version 4.2.8p8 to fix five security issues. These security issues were fixed: - CVE-2016-4953: Bad authentication demobilizes ephemeral associations (bsc#982065). - CVE-2016-4954: Processing spoofed server packets (bsc#982066). - CVE-2016-4955: Autokey association reset (bsc#982067). - CVE-2016-4956: Broadcast interleave (bsc#982068). - CVE-2016-4957: CRYPTO_NAK crash (bsc#982064). These non-security issues were fixed: - Keep the parent process alive until the daemon has finished initialisation, to make sure that the PID file exists when the parent returns. - bsc#979302: Change the process name of the forking DNS worker process to avoid the impression that ntpd is started twice. - bsc#981422: Don't ignore SIGCHILD because it breaks wait(). - bsc#979981: ntp-wait does not accept fractional seconds, so use 1 instead of 0.2 in ntp-wait.service. - Separate the creation of ntp.keys and key #1 in it to avoid problems when upgrading installations that have the file, but no key #1, which is needed e.g. by "rcntp addserver". This update was imported fromthe SUSE:SLE-12-SP1:Update update project. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-750=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (i586 x86_64): ntp-4.2.8p8-24.1 ntp-debuginfo-4.2.8p8-24.1 ntp-debugsource-4.2.8p8-24.1 ntp-doc-4.2.8p8-24.1 References: https://www.suse.com/security/cve/CVE-2016-4953.html https://www.suse.com/security/cve/CVE-2016-4954.html https://www.suse.com/security/cve/CVE-2016-4955.html https://www.suse.com/security/cve/CVE-2016-4956.html https://www.suse.com/security/cve/CVE-2016-4957.html https://bugzilla.suse.com/979302 https://bugzilla.suse.com/979981 https://bugzilla.suse.com/981422 https://bugzilla.suse.com/982056 https://bugzilla.suse.com/982064 https://bugzilla.suse.com/982065 https://bugzilla.suse.com/982066 https://bugzilla.suse.com/982067 https://bugzilla.suse.com/982068 . A vital upgrade for openSUSE ntp addresses numerous significant vulnerabilities and boosts overall system stability and efficiency.. openSUSE, NTP Patch, Security Update, System Exploits. . Severity: Important. LinuxSecurity.com Team
Jun 20, 2016
•Important
OpenSUSE
98
security advisorysecurity updatered hatRed Hat: RHSA-2013:0869-01 Critical: Tomcat6 Authentication Exploits
Updated tomcat6 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: tomcat6 security update Advisory ID: RHSA-2013:0869-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2013:0869.html Issue date: 2013-05-28 CVE Names: CVE-2013-1976 CVE-2013-2051 ==================================================================== 1. Summary: Updated tomcat6 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - noarch Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Enterprise Linux Server Optional (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch 3. Description: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A flaw was found in the way the tomcat6 init script handled the tomcat6-initd.log log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. (CVE-2013-1976) Note: With this update, tomcat6-initd.log has been movedfrom /var/log/tomcat6/ to the /var/log/ directory. It was found that the RHSA-2013:0623 update did not correctly fix CVE-2012-5887, a weakness in the Tomcat DIGEST authentication implementation. A remote attacker could use this flaw to perform replay attacks in some circumstances. Additionally, this problem also prevented users from being able to authenticate using DIGEST authentication. (CVE-2013-2051) Red Hat would like to thank Simon Fayer of Imperial College London for reporting the CVE-2013-1976 issue. Users of Tomcat are advised to upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 927622 - CVE-2013-1976 tomcat: Improper TOMCAT_LOG management in init script (DoS, ACE) 959047 - CVE-2013-2051 tomcat: DIGEST authentication vulnerable to replay attacks 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: noarch: tomcat6-6.0.24-55.el6_4.noarch.rpm tomcat6-admin-webapps-6.0.24-55.el6_4.noarch.rpm tomcat6-docs-webapp-6.0.24-55.el6_4.noarch.rpm tomcat6-el-2.1-api-6.0.24-55.el6_4.noarch.rpm tomcat6-javadoc-6.0.24-55.el6_4.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-55.el6_4.noarch.rpm tomcat6-lib-6.0.24-55.el6_4.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-55.el6_4.noarch.rpm tomcat6-webapps-6.0.24-55.el6_4.noarch.rpm Red Hat Enterprise Linux HPC Node Optional (v.6): Source: noarch: tomcat6-6.0.24-55.el6_4.noarch.rpm tomcat6-admin-webapps-6.0.24-55.el6_4.noarch.rpm tomcat6-docs-webapp-6.0.24-55.el6_4.noarch.rpm tomcat6-el-2.1-api-6.0.24-55.el6_4.noarch.rpm tomcat6-javadoc-6.0.24-55.el6_4.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-55.el6_4.noarch.rpm tomcat6-lib-6.0.24-55.el6_4.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-55.el6_4.noarch.rpm tomcat6-webapps-6.0.24-55.el6_4.noarch.rpm Red Hat Enterprise Linux Server (v. 6): Source: noarch: tomcat6-6.0.24-55.el6_4.noarch.rpm tomcat6-el-2.1-api-6.0.24-55.el6_4.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-55.el6_4.noarch.rpm tomcat6-lib-6.0.24-55.el6_4.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-55.el6_4.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: noarch: tomcat6-admin-webapps-6.0.24-55.el6_4.noarch.rpm tomcat6-docs-webapp-6.0.24-55.el6_4.noarch.rpm tomcat6-javadoc-6.0.24-55.el6_4.noarch.rpm tomcat6-webapps-6.0.24-55.el6_4.noarch.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: noarch: tomcat6-6.0.24-55.el6_4.noarch.rpm tomcat6-el-2.1-api-6.0.24-55.el6_4.noarch.rpm tomcat6-jsp-2.1-api-6.0.24-55.el6_4.noarch.rpm tomcat6-lib-6.0.24-55.el6_4.noarch.rpm tomcat6-servlet-2.5-api-6.0.24-55.el6_4.noarch.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: noarch: tomcat6-admin-webapps-6.0.24-55.el6_4.noarch.rpm tomcat6-docs-webapp-6.0.24-55.el6_4.noarch.rpm tomcat6-javadoc-6.0.24-55.el6_4.noarch.rpm tomcat6-webapps-6.0.24-55.el6_4.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2013-1976 https://access.redhat.com/security/cve/CVE-2013-2051 https://access.redhat.com/security/updates/classification#important https://access.redhat.com/errata/RHSA-2013:0623.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2013Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRpO3jXlSAg2UNWIIRAgkWAJ4qV0pSfxgVYdLvOh+E5Ebef8oxcQCgoNt8 H0fJvQl+bJb42R/zAlye4aQ=2iUZ -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
May 28, 2013
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!