Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 4 articles for you...
98
security advisorymoderateinformation leakRed Hat 8 RHSA-2023-2870-01 Moderate: freeRADIUS Information Leak
An update for the freeradius:3.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: freeradius:3.0 security update Advisory ID: RHSA-2023:2870-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2870 Issue date: 2023-05-16 CVE Names: CVE-2022-41859 CVE-2022-41860 CVE-2022-41861 ==================================================================== 1. Summary: An update for the freeradius:3.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. Security Fix(es): * freeradius: Information leakage in EAP-PWD (CVE-2022-41859) * freeradius: Crash on unknown option in EAP-SIM (CVE-2022-41860) * freeradius: Crash on invalid abinary data (CVE-2022-41861) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes linked from the Referencessection. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2078483 - CVE-2022-41859 freeradius: Information leakage in EAP-PWD 2078485 - CVE-2022-41860 freeradius: Crash on unknown option in EAP-SIM 2078487 - CVE-2022-41861 freeradius: Crash on invalid abinary data 6. Package List: Red Hat Enterprise Linux AppStream (v.8): Source: freeradius-3.0.20-14.module+el8.8.0+17558+3f8a93b9.src.rpm aarch64: freeradius-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm freeradius-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm freeradius-debugsource-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm freeradius-devel-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm freeradius-doc-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm freeradius-krb5-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm freeradius-krb5-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm freeradius-ldap-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm freeradius-ldap-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm freeradius-mysql-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm freeradius-mysql-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm freeradius-perl-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm freeradius-perl-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm freeradius-postgresql-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm freeradius-postgresql-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm freeradius-rest-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm freeradius-rest-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm freeradius-sqlite-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm freeradius-sqlite-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm freeradius-unixODBC-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm freeradius-unixODBC-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm freeradius-utils-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm freeradius-utils-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm python3-freeradius-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm python3-freeradius-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.aarch64.rpm ppc64le: freeradius-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm freeradius-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm freeradius-debugsource-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm freeradius-devel-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm freeradius-doc-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm freeradius-krb5-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm freeradius-krb5-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm freeradius-ldap-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm freeradius-ldap-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm freeradius-mysql-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm freeradius-mysql-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm freeradius-perl-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm freeradius-perl-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm freeradius-postgresql-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm freeradius-postgresql-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm freeradius-rest-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm freeradius-rest-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm freeradius-sqlite-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm freeradius-sqlite-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm freeradius-unixODBC-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm freeradius-unixODBC-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm freeradius-utils-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm freeradius-utils-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm python3-freeradius-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm python3-freeradius-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.ppc64le.rpm s390x: freeradius-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm freeradius-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm freeradius-debugsource-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm freeradius-devel-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm freeradius-doc-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm freeradius-krb5-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm freeradius-krb5-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm freeradius-ldap-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm freeradius-ldap-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm freeradius-mysql-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm freeradius-mysql-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm freeradius-perl-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm freeradius-perl-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm freeradius-postgresql-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm freeradius-postgresql-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm freeradius-rest-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm freeradius-rest-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm freeradius-sqlite-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm freeradius-sqlite-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm freeradius-unixODBC-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm freeradius-unixODBC-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm freeradius-utils-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm freeradius-utils-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm python3-freeradius-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm python3-freeradius-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.s390x.rpm x86_64: freeradius-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm freeradius-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm freeradius-debugsource-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm freeradius-devel-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm freeradius-doc-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm freeradius-krb5-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm freeradius-krb5-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm freeradius-ldap-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm freeradius-ldap-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm freeradius-mysql-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm freeradius-mysql-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm freeradius-perl-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm freeradius-perl-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm freeradius-postgresql-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm freeradius-postgresql-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm freeradius-rest-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm freeradius-rest-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm freeradius-sqlite-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm freeradius-sqlite-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm freeradius-unixODBC-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm freeradius-unixODBC-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm freeradius-utils-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm freeradius-utils-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm python3-freeradius-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm python3-freeradius-debuginfo-3.0.20-14.module+el8.8.0+17558+3f8a93b9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-41859 https://access.redhat.com/security/cve/CVE-2022-41860 https://access.redhat.com/security/cve/CVE-2022-41861 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/8.8_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBZGNw09zjgjWX9erEAQgtzRAAjlyD8uI8FfESOtIeR1n/NpQY9LXdp2J8 gu8Zb2WITaVFMHMuXcWHn+PdDywpsmJyTtv8kVd3/c51KiAWnIW2efb1kmsOpY+h 3igUWG00vfnixCvV1ghk5IHvY3e0QUtzinC5HVtcZqhBIP/ek5ZxXR328q69/gmf hWgT3HHWh0QMRBTwYhj09wWdVXz87zb3Pc/ZkoWEMWMNDdY00iV2OZW09HRzP+zq Qn8YBMHGX+yuX3SnOrjCYg1RXsn+Lev0iYz6gAHhuMTwmknCRAKhhvtmaeaOu43G jlMiS6mZWRbyzcAbKHjbw+PJXGF1M5WfMRjSSUsbQzcfiNKA3HDiHF/bXnZDFhPu Mo6nhgX1ofAUYUnbGMZnrE3uLm1Bw8tGS30lXjn+LxWO03c+94mS3xV1KslukCgA p0k1e+sPAEbOcNEuo+SE+HUnt+1zebfaSkdZPalJKunUeD29vjbUHQ7yE0eC/VXd YtppGvnZSFAcy0noOElvDHl0p2RcrJYZQeVjZMbWb6VqBMLfYGmzpLJGzU+IcHeC i153a+ArRi+4FmkBMne/wRg1SzfjlOSUZR2cbFCOkh70ugSU98VPJ0H5CHjiNxb3 QSI16Q8647Ckn5pC5ctoFF/vY2o0ivJVS/K75f4/qv5JiLnk0KAGeG2RgAVuYeNk KOFlmlXluBY=1hXc -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 16, 2023
•Important
Red Hat
98
security advisorymoderateRed Hat EnterpriseRed Hat Enterprise 8 RHSA-2022:6439-01 Moderate Booth Security Fix
An update for booth is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: booth security update Advisory ID: RHSA-2022:6439-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:6439 Issue date: 2022-09-13 CVE Names: CVE-2022-2553 ==================================================================== 1. Summary: An update for booth is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux High Availability (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Resilient Storage (v. 8) - noarch, ppc64le, s390x, x86_64 3. Description: The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network. Tickets facilitated by a Booth formation are the units of authorization that can be bound to certain resources. This will ensure that the resources are run at only one (granted) site at a time. Security Fix(es): * booth: authfile directive in booth config file is completely ignored. (CVE-2022-2553) For more details about the security issue(s), including the impact, aCVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2109251 - CVE-2022-2553 booth: authfile directive in booth config file is completely ignored. 6. Package List: Red Hat Enterprise Linux High Availability (v. 8): Source: booth-1.0-199.1.ac1d34c.git.el8_6.1.src.rpm aarch64: booth-1.0-199.1.ac1d34c.git.el8_6.1.aarch64.rpm booth-core-1.0-199.1.ac1d34c.git.el8_6.1.aarch64.rpm booth-core-debuginfo-1.0-199.1.ac1d34c.git.el8_6.1.aarch64.rpm booth-debugsource-1.0-199.1.ac1d34c.git.el8_6.1.aarch64.rpm noarch: booth-arbitrator-1.0-199.1.ac1d34c.git.el8_6.1.noarch.rpm booth-site-1.0-199.1.ac1d34c.git.el8_6.1.noarch.rpm booth-test-1.0-199.1.ac1d34c.git.el8_6.1.noarch.rpm ppc64le: booth-1.0-199.1.ac1d34c.git.el8_6.1.ppc64le.rpm booth-core-1.0-199.1.ac1d34c.git.el8_6.1.ppc64le.rpm booth-core-debuginfo-1.0-199.1.ac1d34c.git.el8_6.1.ppc64le.rpm booth-debugsource-1.0-199.1.ac1d34c.git.el8_6.1.ppc64le.rpm s390x: booth-1.0-199.1.ac1d34c.git.el8_6.1.s390x.rpm booth-core-1.0-199.1.ac1d34c.git.el8_6.1.s390x.rpm booth-core-debuginfo-1.0-199.1.ac1d34c.git.el8_6.1.s390x.rpm booth-debugsource-1.0-199.1.ac1d34c.git.el8_6.1.s390x.rpm x86_64: booth-1.0-199.1.ac1d34c.git.el8_6.1.x86_64.rpm booth-core-1.0-199.1.ac1d34c.git.el8_6.1.x86_64.rpm booth-core-debuginfo-1.0-199.1.ac1d34c.git.el8_6.1.x86_64.rpm booth-debugsource-1.0-199.1.ac1d34c.git.el8_6.1.x86_64.rpm Red Hat Enterprise Linux Resilient Storage (v.8): Source: booth-1.0-199.1.ac1d34c.git.el8_6.1.src.rpm noarch: booth-arbitrator-1.0-199.1.ac1d34c.git.el8_6.1.noarch.rpm booth-site-1.0-199.1.ac1d34c.git.el8_6.1.noarch.rpm booth-test-1.0-199.1.ac1d34c.git.el8_6.1.noarch.rpm ppc64le: booth-1.0-199.1.ac1d34c.git.el8_6.1.ppc64le.rpm booth-core-1.0-199.1.ac1d34c.git.el8_6.1.ppc64le.rpm booth-core-debuginfo-1.0-199.1.ac1d34c.git.el8_6.1.ppc64le.rpm booth-debugsource-1.0-199.1.ac1d34c.git.el8_6.1.ppc64le.rpm s390x: booth-1.0-199.1.ac1d34c.git.el8_6.1.s390x.rpm booth-core-1.0-199.1.ac1d34c.git.el8_6.1.s390x.rpm booth-core-debuginfo-1.0-199.1.ac1d34c.git.el8_6.1.s390x.rpm booth-debugsource-1.0-199.1.ac1d34c.git.el8_6.1.s390x.rpm x86_64: booth-1.0-199.1.ac1d34c.git.el8_6.1.x86_64.rpm booth-core-1.0-199.1.ac1d34c.git.el8_6.1.x86_64.rpm booth-core-debuginfo-1.0-199.1.ac1d34c.git.el8_6.1.x86_64.rpm booth-debugsource-1.0-199.1.ac1d34c.git.el8_6.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-2553 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYyCCANzjgjWX9erEAQgmDw/+LGjXrBm2PJZV3ZvzkgW4k35JQtPjeg2V QTWhHNBEhfCVCbjpTKixN4RDSYYvaI5iVMMLiPkwoRP766Us7kwTYeuWEnBxhEaP Ff8awUzdI96OFicainqx1/DD8V8QJ7yyBVC1UhdjoF5K5pMQ0Tnm7TSoM/6At/xo WUTuNOkE+sIqg9q8HvyPM6tAfPpqjCdUJKGUBPnQNuiX2VR+HIbtqYns8fNO9R+F RmN+zF//m5y9x5pucsum0suE9bhew6e0rLd7uYq/0xxtC0N++CtMDVKJpckj1jof EoSHv9wTSbhI7UrPThnmGOFIBysCxMwS69US7W15lBfwRdlTAemX4s03/YVYSWl3 mtzFjGjpQZrJMbePCp6XNzHAi4S/l80w3yQhhj1UXNpq9t949/zEb7Rzhq1mZd8s UOK2ZC0RzFCfS8XgyHtEHWYrkoV2velBgVSSZjypqm3we3YH8IrWDCvKDrU7tDBu L3FNJlM3jhQWD5VQVtcyK5ec6k7mpw4XpCat5qpIKbgtDNs/uQS7RkR0MZFUq2gO ld63ntJSEz512dotgtutthWBZlT42lRvcbB+0H/pA8tLPX3oO2BUxAiC/iYp2UGk 0A3ZVrrs4sOgQ05vTr1VV/heImoJUOI9uNDk7E5ZgUYxueEnqjkDyNqjfuDwdbBN QVeO1P1XOiI=b0k/ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Sep 13, 2022
Red Hat
202
security advisorysecurity updatemoderate severityopenSUSE: 2021:3020-1 Moderate: apache2-mod_auth_openidc Security Issues
An update that fixes four vulnerabilities is now available. . openSUSE Security Update: Security update for apache2-mod_auth_openidc ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:3020-1 Rating: moderate References: #1188638 #1188639 #1188848 #1188849 Cross-References: CVE-2021-32785 CVE-2021-32786 CVE-2021-32791 CVE-2021-32792 CVSS scores: CVE-2021-32785 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-32786 (SUSE): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N CVE-2021-32791 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-32792 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for apache2-mod_auth_openidc fixes the following issues: - CVE-2021-32785: format string bug via hiredis (bsc#1188638) - CVE-2021-32786: open redirect in logout functionality (bsc#1188639) - CVE-2021-32791: Hardcoded static IV and AAD with a reused key in AES GCM encryption (bsc#1188849) - CVE-2021-32792: XSS when using OIDCPreservePost On (bsc#1188848) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-3020=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): apache2-mod_auth_openidc-2.3.8-3.15.1 apache2-mod_auth_openidc-debuginfo-2.3.8-3.15.1 apache2-mod_auth_openidc-debugsource-2.3.8-3.15.1 References: https://www.suse.com/security/cve/CVE-2021-32785.html https://www.suse.com/security/cve/CVE-2021-32786.html https://www.suse.com/security/cve/CVE-2021-32791.html https://www.suse.com/security/cve/CVE-2021-32792.html https://bugzilla.suse.com/1188638 https://bugzilla.suse.com/1188639 https://bugzilla.suse.com/1188848 https://bugzilla.suse.com/1188849 . The latest openSUSE patch resolves several security vulnerabilities in apache2-mod_auth_openidc, classified with a moderate severity level.. openSUSE, security update, apache2, apache2-mod_auth_openidc. . LinuxSecurity.com Team
Sep 13, 2021
OpenSUSE
100
security advisorySUSEemail securitySUSE: 2021:2123-1 Important: Dovecot23 Credential Theft Risk
An update that fixes two vulnerabilities is now available. . SUSE Security Update: Security update for dovecot23 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2123-1 Rating: important References: #1187418 #1187419 Cross-References: CVE-2021-29157 CVE-2021-33515 CVSS scores: CVE-2021-29157 (SUSE): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-33515 (SUSE): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for dovecot23 fixes the following issues: - CVE-2021-29157: Local attacker can login as any user and access their emails (bsc#1187418) - CVE-2021-33515: Attacker can potentially steal user credentials and mails (bsc#1187419) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-2123=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-2123=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): dovecot23-2.3.11.3-55.1 dovecot23-backend-mysql-2.3.11.3-55.1 dovecot23-backend-mysql-debuginfo-2.3.11.3-55.1 dovecot23-backend-pgsql-2.3.11.3-55.1 dovecot23-backend-pgsql-debuginfo-2.3.11.3-55.1 dovecot23-backend-sqlite-2.3.11.3-55.1 dovecot23-backend-sqlite-debuginfo-2.3.11.3-55.1 dovecot23-debuginfo-2.3.11.3-55.1 dovecot23-debugsource-2.3.11.3-55.1 dovecot23-devel-2.3.11.3-55.1 dovecot23-fts-2.3.11.3-55.1 dovecot23-fts-debuginfo-2.3.11.3-55.1 dovecot23-fts-lucene-2.3.11.3-55.1 dovecot23-fts-lucene-debuginfo-2.3.11.3-55.1 dovecot23-fts-solr-2.3.11.3-55.1 dovecot23-fts-solr-debuginfo-2.3.11.3-55.1 dovecot23-fts-squat-2.3.11.3-55.1 dovecot23-fts-squat-debuginfo-2.3.11.3-55.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): dovecot23-2.3.11.3-55.1 dovecot23-backend-mysql-2.3.11.3-55.1 dovecot23-backend-mysql-debuginfo-2.3.11.3-55.1 dovecot23-backend-pgsql-2.3.11.3-55.1 dovecot23-backend-pgsql-debuginfo-2.3.11.3-55.1 dovecot23-backend-sqlite-2.3.11.3-55.1 dovecot23-backend-sqlite-debuginfo-2.3.11.3-55.1 dovecot23-debuginfo-2.3.11.3-55.1 dovecot23-debugsource-2.3.11.3-55.1 dovecot23-devel-2.3.11.3-55.1 dovecot23-fts-2.3.11.3-55.1 dovecot23-fts-debuginfo-2.3.11.3-55.1 dovecot23-fts-lucene-2.3.11.3-55.1 dovecot23-fts-lucene-debuginfo-2.3.11.3-55.1 dovecot23-fts-solr-2.3.11.3-55.1 dovecot23-fts-solr-debuginfo-2.3.11.3-55.1 dovecot23-fts-squat-2.3.11.3-55.1 dovecot23-fts-squat-debuginfo-2.3.11.3-55.1 References: https://www.suse.com/security/cve/CVE-2021-29157.html https://www.suse.com/security/cve/CVE-2021-33515.html https://bugzilla.suse.com/1187418 https://bugzilla.suse.com/1187419 . SUSE Security Patch for dovecot23 addresses two critical vulnerabilities, enhancing the security of email user verification and safeguarding login information.. SUSE Security Update, email security, authentication issues. . Severity: Important. LinuxSecurity.com Team
Jun 22, 2021
•Important
SuSE
98
security advisoryRed HatupdateRHEL 6: RHSA-2020:5526-01 Low: Red Hat Single Sign-On 7.4.4 Security Update
New Red Hat Single Sign-On 7.4.4 packages are now available for Red Hat Enterprise Linux 6. 2. Relevant releases/architectures: Red Hat Single Sign-On 7.4 for RHEL 6 Server - noarch. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Single Sign-On 7.4.4 security update on RHEL 6 Advisory ID: RHSA-2020:5526-01 Product: Red Hat Single Sign-On Advisory URL: https://access.redhat.com/errata/RHSA-2020:5526 Issue date: 2020-12-15 CVE Names: CVE-2020-27826 ==================================================================== 1. Summary: New Red Hat Single Sign-On 7.4.4 packages are now available for Red Hat Enterprise Linux 6. 2. Relevant releases/architectures: Red Hat Single Sign-On 7.4 for RHEL 6 Server - noarch 3. Description: Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.4 on RHEL 6 serves as a replacement for Red Hat Single Sign-On 7.4.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * keycloak: Account REST API can update user metadata attributes (CVE-2020-27826) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1905089 - CVE-2020-27826 keycloak: Account REST API can update user metadata attributes 6. Package List: Red Hat Single Sign-On 7.4 for RHEL 6Server: Source: rh-sso7-keycloak-9.0.10-1.redhat_00001.1.el6sso.src.rpm noarch: rh-sso7-keycloak-9.0.10-1.redhat_00001.1.el6sso.noarch.rpm rh-sso7-keycloak-server-9.0.10-1.redhat_00001.1.el6sso.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-27826 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIUAwUBX9jv2tzjgjWX9erEAQgDZg/3Xc0l4uVDy97Wz0Dyp5N+e8drRrjhkI8j pRdyT+EW8Dn32MC8wU7xkQdG6n2nSPmuFMo8oro6QPMvWKveQmmpeIkYagc2UHI8 WY7wmWJKi6xxEdoKtwKRpaFqkccXZMb11HsJAucBOSZtvl0v7YukLP++6v2Uxn8s td+3Y26Y+4s8K1y2qIryETewRbuSVymxn+NVlgDRllF4I8XRQb1dsjGmeNdpNA5D UYZEj3FYsmBLmeRWOHG9CC+Q6gBPiWfXDrc0zICJ/j0aIKwBlvecNkYzeuzoqUlm Wpm5TuAY/js2FgqJ/UAS3WxG7dX7VacyWHCdMnqPOifjBCD53N1eMFFYmR/dplS5 30kvUaKCQzcPp7a2rEPz3wTcWW9Si5/T3D60QLgSbhEqmaNGcYLvysNTSPyafkAG cIOrbbB5y30u5+9CJIpqyAZfbioBPQUN7zkTGFkAf/r/812DwvtXG5Qiohg4s5je lREAyO9pyyIQe7xDrDfz87hf/VHdyrkVv1hz7ezq3McxHLzyg7SIGLFr82iaTBPK 2cK/bAFm2l40iyH300UToalNYxxvsdZYhvPzE/ybj7gyR0OrXly7h/q0pWxJ8nwc 6n7oCTnZ/HJu0Xma7aXHuFOO1rIlZHq3qgcZX+AL2EGBWiW65CX4i+EITr7KVXAG 0RN3Tfyt4A==addJ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Dec 15, 2020
•Low
Red Hat
89
security advisoryfedoraupdateFedora 30 Samba Update: Important Security Fixes For DoS Issues
Update to Samba 4.10.10 - Security fixes for CVE-2019-10218, CVE-2019-14833, CVE-2019-14847. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-460ad648e7 2019-11-16 01:04:07.206755 --------------------------------------------------------------------------------Name : samba Product : Fedora 30 Version : 4.10.10 Release : 0.fc30 URL : Summary : Server and Client software to interoperate with Windows machines Description : Samba is the standard Windows interoperability suite of programs for Linux and Unix. --------------------------------------------------------------------------------Update Information: Update to Samba 4.10.10 - Security fixes for CVE-2019-10218, CVE-2019-14833, CVE-2019-14847 --------------------------------------------------------------------------------ChangeLog: * Tue Oct 29 2019 Guenther Deschner - 4.10.10-0 - Update to Samba 4.10.10 - resolves: #1763137, #1766558 - Security fixes for CVE-2019-10218 - resolves: #1764126, #1766559 - Security fixes for CVE-2019-14833 - resolves: #1764142, #1766847 - Security fixes for CVE-2019-14847 * Thu Oct 17 2019 Guenther Deschner - 4.10.9-0 - Update to Samba 4.10.9 * Tue Sep 3 2019 Guenther Deschner - 4.10.8-0 - Update to Samba 4.10.8 - resolves: #1746225, #1748308 - Security fixes for CVE-2019-10197 * Thu Aug 22 2019 Guenther Deschner - 4.10.7-0 - Update to Samba 4.10.7 * Fri Aug 16 2019 Alexander Bokovoy - 4.10.6-1 - Fix Samba bug - Fixes: Windows systems cannot resolve IPA users and groups over LSA RPC * Mon Jul 8 2019 Guenther Deschner - 4.10.6-0 - Update to Samba 4.10.6 * Mon Jul 1 2019 Guenther Deschner - 4.10.5-2 - resolves: #1718113 - Avoid deprecated time.clock in wafsamba - resolves: #1711638 - Update to latest waf version 2.0.17 * Thu Jun 20 2019 Guenther Deschner - 4.10.5-1 - resolves: #1602824 - Make vfs_fruit operable with other remote VFS modules - resolves: #1716455 - Avoidpathconf() in get_real_filename() VFS calls - resolves: #1706090, #1700791 - Fix smbspool * Wed Jun 19 2019 Guenther Deschner - 4.10.5-0 - Update to Samba 4.10.5 - resolves: #1711816, #1721872 - Security fixes for CVE-2019-12435 - resolves: #1711837, #1721873 - Security fixes for CVE-2019-12436 * Tue May 28 2019 Guenther Deschner - 4.10.4-1 - Add missing ctdb directories - resolves: #1656777 * Wed May 22 2019 Guenther Deschner - 4.10.4-0 - Update to Samba 4.10.4 * Tue May 14 2019 Guenther Deschner - 4.10.3-0 - Update to Samba 4.10.3 - resolves: #1705877, #1709679 - Security fixes for CVE-2018-16860 * Sun Apr 28 2019 Alexander Bokovoy - 4.10.2-1.1 - Rebuild against krb5 1.17-14 * Mon Apr 15 2019 Andreas Schneider - 4.10.2-1 - resolves: #1699230 - Rebuild for MIT Kerberos soname bump of libkadm5srv --------------------------------------------------------------------------------References: [ 1 ] Bug #1763137 - CVE-2019-10218 samba: smb client vulnerable to filenames containing path separators https://bugzilla.redhat.com/show_bug.cgi?id=1763137 [ 2 ] Bug #1764126 - CVE-2019-14833 samba: AD DC check password script does not receive full password when non-ASCII characters are used https://bugzilla.redhat.com/show_bug.cgi?id=1764126 [ 3 ] Bug #1764142 - CVE-2019-14847 samba: samba AD DC LDAP denial of service via dirsync https://bugzilla.redhat.com/show_bug.cgi?id=1764142 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-460ad648e7' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Nov 15, 2019
•Important
Fedora
89
security advisoryFedorasambaFedora 31 FEDORA-2019-57d43f3b58 Critical: Samba Security Fixes
Update code to deal with removal of DES support in MIT Kerberos. ---- Update to Samba 4.11.2 - Security fixes for CVE-2019-10218, CVE-2019-14833 ---- Since MIT Kerberos deprecated use of DES encryption type, restore Samba AD domain controller functionality by not using DES encryption keys. Only AES and RC4 keys would work.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-57d43f3b58 2019-11-14 01:11:58.739660 --------------------------------------------------------------------------------Name : samba Product : Fedora 31 Version : 4.11.2 Release : 1.fc31 URL : Summary : Server and Client software to interoperate with Windows machines Description : Samba is the standard Windows interoperability suite of programs for Linux and Unix. --------------------------------------------------------------------------------Update Information: Update code to deal with removal of DES support in MIT Kerberos. ---- Update to Samba 4.11.2 - Security fixes for CVE-2019-10218, CVE-2019-14833 ---- Since MIT Kerberos deprecated use of DES encryption type, restore Samba AD domain controller functionality by not using DES encryption keys. Only AES and RC4 keys would work. --------------------------------------------------------------------------------ChangeLog: * Wed Nov 6 2019 Alexander Bokovoy - 4.11.2-1 - Update DES removal patch * Tue Oct 29 2019 Guenther Deschner - 4.11.2-0 - Update to Samba 4.11.2 - resolves: #1763137, #1766558 - Security fixes for CVE-2019-10218 - resolves: #1764126, #1766559 - Security fixes for CVE-2019-14833 * Sun Oct 27 2019 Alexander Bokovoy - 4.11.1-1 - resolves: #1757071 - Deploy new samba DC fails * Fri Oct 18 2019 Guenther Deschner - 4.11.1-0 - Update to Samba 4.11.1 --------------------------------------------------------------------------------References: [ 1 ] Bug #1763137 - CVE-2019-10218 samba: smb client vulnerable to filenames containing pathseparators https://bugzilla.redhat.com/show_bug.cgi?id=1763137 [ 2 ] Bug #1764126 - CVE-2019-14833 samba: AD DC check password script does not receive full password when non-ASCII characters are used https://bugzilla.redhat.com/show_bug.cgi?id=1764126 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-57d43f3b58' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Nov 13, 2019
•Critical
Fedora
89
security advisorysecurity updateFedoraFedora 31: FEDORA-2019-f21ad78845 Moderate: WordPress XSS Attacks
**WordPress 5.2.4 Security Release** WordPress versions 5.2.3 and earlier are affected by these bugs, which are fixed in version 5.2.4. **Security Updates** * Props to Evan Ricafort for finding an issue where stored XSS (cross-site scripting) could be added via the Customizer. * Props to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts. * Props to. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-f21ad78845 2019-10-26 17:17:38.272504 --------------------------------------------------------------------------------Name : wordpress Product : Fedora 31 Version : 5.2.4 Release : 1.fc31 URL : https://wordpress.org/ Summary : Blog tool and publishing platform Description : Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora --------------------------------------------------------------------------------Update Information: **WordPress 5.2.4 Security Release** WordPress versions 5.2.3 and earlier are affected by these bugs, which are fixed in version 5.2.4. **Security Updates** * Props to Evan Ricafort for finding an issue where stored XSS (cross-site scripting) could be added via the Customizer. * Props to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts. * Props to Weston Ruter for finding a way to create a stored XSS to inject Javascript into style tags. * Props to David Newman for highlighting a method to poison the cache of JSON GET requests via the Vary: Origin header. * Props to Eugene Kolodenker who found a server-side request forgery in the way that URLs are validated. * Props to Ben Bidner of the WordPress Security Team who discovered issues related to referrer validation in theadmin. --------------------------------------------------------------------------------ChangeLog: * Tue Oct 15 2019 Remi Collet - 5.2.4-1 - WordPress 5.2.4 Security Release --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-f21ad78845' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Oct 26, 2019
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!