Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 531
Alerts This Week
Warning Icon 1 531

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -1 articles for you...
202

openSUSE Leap 15.2: 2021:1471-1 Important Samba DoS Attack Fix

An update that fixes three vulnerabilities is now available. . openSUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:1471-1 Rating: important References: #1014440 #1192214 #1192284 Cross-References: CVE-2016-2124 CVE-2020-25717 CVE-2021-23192 CVSS scores: CVE-2020-25717 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2021-23192 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for samba fixes the following issues: - CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos (bsc#1014440). - CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a user could become root on domain members (bsc#1192284). - CVE-2021-23192: Fixed dcerpc requests to don't check all fragments against the first auth_state (bsc#1192214). This update was imported from the SUSE:SLE-15-SP2:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-1471=1 Package List: - openSUSE Leap 15.2 (i586 x86_64): ctdb-4.11.14+git.308.666c63d4eea-lp152.3.28.1 ctdb-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 ctdb-pcp-pmda-4.11.14+git.308.666c63d4eea-lp152.3.28.1 ctdb-pcp-pmda-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 ctdb-tests-4.11.14+git.308.666c63d4eea-lp152.3.28.1 ctdb-tests-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libdcerpc-binding0-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libdcerpc-binding0-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libdcerpc-devel-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libdcerpc-samr-devel-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libdcerpc-samr0-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libdcerpc-samr0-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libdcerpc0-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libdcerpc0-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libndr-devel-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libndr-krb5pac-devel-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libndr-krb5pac0-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libndr-krb5pac0-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libndr-nbt-devel-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libndr-nbt0-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libndr-nbt0-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libndr-standard-devel-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libndr-standard0-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libndr-standard0-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libndr0-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libndr0-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libnetapi-devel-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libnetapi0-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libnetapi0-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsamba-credentials-devel-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsamba-credentials0-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsamba-credentials0-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsamba-errors-devel-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsamba-errors0-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsamba-errors0-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsamba-hostconfig-devel-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsamba-hostconfig0-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsamba-hostconfig0-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsamba-passdb-devel-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsamba-passdb0-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsamba-passdb0-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsamba-policy-devel-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsamba-policy-python3-devel-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsamba-policy0-python3-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsamba-policy0-python3-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsamba-util-devel-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsamba-util0-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsamba-util0-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsamdb-devel-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsamdb0-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsamdb0-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsmbclient-devel-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsmbclient0-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsmbclient0-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsmbconf-devel-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsmbconf0-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsmbconf0-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsmbldap-devel-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsmbldap2-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsmbldap2-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libtevent-util-devel-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libtevent-util0-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libtevent-util0-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libwbclient-devel-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libwbclient0-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libwbclient0-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 samba-4.11.14+git.308.666c63d4eea-lp152.3.28.1 samba-ad-dc-4.11.14+git.308.666c63d4eea-lp152.3.28.1 samba-ad-dc-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 samba-client-4.11.14+git.308.666c63d4eea-lp152.3.28.1 samba-client-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 samba-core-devel-4.11.14+git.308.666c63d4eea-lp152.3.28.1 samba-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 samba-debugsource-4.11.14+git.308.666c63d4eea-lp152.3.28.1 samba-dsdb-modules-4.11.14+git.308.666c63d4eea-lp152.3.28.1 samba-dsdb-modules-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 samba-libs-4.11.14+git.308.666c63d4eea-lp152.3.28.1 samba-libs-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 samba-libs-python3-4.11.14+git.308.666c63d4eea-lp152.3.28.1 samba-libs-python3-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 samba-python3-4.11.14+git.308.666c63d4eea-lp152.3.28.1 samba-python3-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 samba-test-4.11.14+git.308.666c63d4eea-lp152.3.28.1 samba-test-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 samba-winbind-4.11.14+git.308.666c63d4eea-lp152.3.28.1 samba-winbind-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 - openSUSE Leap 15.2 (x86_64): libdcerpc-binding0-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libdcerpc-samr0-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libdcerpc-samr0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libdcerpc0-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libdcerpc0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libndr-krb5pac0-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libndr-nbt0-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libndr-nbt0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libndr-standard0-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libndr-standard0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libndr0-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libndr0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libnetapi-devel-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libnetapi0-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libnetapi0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsamba-credentials0-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsamba-credentials0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsamba-errors0-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsamba-errors0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsamba-hostconfig0-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsamba-passdb0-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsamba-passdb0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsamba-policy0-python3-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsamba-policy0-python3-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsamba-util0-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsamba-util0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsamdb0-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsamdb0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsmbclient0-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsmbclient0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsmbconf0-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsmbconf0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsmbldap2-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libsmbldap2-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libtevent-util0-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libtevent-util0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libwbclient0-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1 libwbclient0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 samba-ad-dc-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1 samba-ad-dc-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 samba-ceph-4.11.14+git.308.666c63d4eea-lp152.3.28.1 samba-ceph-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 samba-client-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1 samba-client-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 samba-libs-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1 samba-libs-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 samba-libs-python3-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1 samba-libs-python3-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 samba-winbind-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1 samba-winbind-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1 - openSUSE Leap 15.2 (noarch): samba-doc-4.11.14+git.308.666c63d4eea-lp152.3.28.1 References: https://www.suse.com/security/cve/CVE-2016-2124.html https://www.suse.com/security/cve/CVE-2020-25717.html https://www.suse.com/security/cve/CVE-2021-23192.html https://bugzilla.suse.com/1014440 https://bugzilla.suse.com/1192214 https://bugzilla.suse.com/1192284 . Recent updates to openSUSE's Samba module have tackled urgent security vulnerabilities that compromise system reliability and user authentication mechanisms.. openSUSE Samba Update, System Integrity, Authentication Flaw Fixes. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Nov 15, 2021 Important OpenSUSE
98

Red Hat Enterprise Linux 7 RHSA-2016:2575-02 Moderate: Curl Bug Fix

An update for curl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: curl security, bug fix, and enhancement update Advisory ID: RHSA-2016:2575-02 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:2575.html Issue date: 2016-11-03 CVE Names: CVE-2016-5419 CVE-2016-5420 CVE-2016-7141 ==================================================================== 1. Summary: An update for curl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * It was found that the libcurl library did not prevent TLS session resumption when the client certificate had changed. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection witha different client certificate. (CVE-2016-5419) * It was found that the libcurl library did not check the client certificate when choosing the TLS connection to reuse. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. (CVE-2016-5420) * It was found that the libcurl library using the NSS (Network Security Services) library as TLS/SSL backend incorrectly re-used client certificates for subsequent TLS connections in certain cases. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. (CVE-2016-7141) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1260178 - curl and libcurl truncates username/password in URL to 255 characters1269855 - Certificate verification fails with multiple https urls [el7/curl] 1275769 - curl requires public ssh key file [RHEL-7] 1305974 - --disable-epsv option ignored for IPv6 hosts 1347904 - Ceph RGW deadlocks in curl_multi_wait 1362183 - CVE-2016-5419 curl: TLS session resumption client cert bypass 1362190 - CVE-2016-5420 curl: Re-using connection with wrong client cert 1373229 - CVE-2016-7141 curl: Incorrect reuse of client certificates 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: curl-7.29.0-35.el7.src.rpm x86_64: curl-7.29.0-35.el7.x86_64.rpm curl-debuginfo-7.29.0-35.el7.i686.rpm curl-debuginfo-7.29.0-35.el7.x86_64.rpm libcurl-7.29.0-35.el7.i686.rpm libcurl-7.29.0-35.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v.7): x86_64: curl-debuginfo-7.29.0-35.el7.i686.rpm curl-debuginfo-7.29.0-35.el7.x86_64.rpm libcurl-devel-7.29.0-35.el7.i686.rpm libcurl-devel-7.29.0-35.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: curl-7.29.0-35.el7.src.rpm x86_64: curl-7.29.0-35.el7.x86_64.rpm curl-debuginfo-7.29.0-35.el7.i686.rpm curl-debuginfo-7.29.0-35.el7.x86_64.rpm libcurl-7.29.0-35.el7.i686.rpm libcurl-7.29.0-35.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: curl-debuginfo-7.29.0-35.el7.i686.rpm curl-debuginfo-7.29.0-35.el7.x86_64.rpm libcurl-devel-7.29.0-35.el7.i686.rpm libcurl-devel-7.29.0-35.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: curl-7.29.0-35.el7.src.rpm aarch64: curl-7.29.0-35.el7.aarch64.rpm curl-debuginfo-7.29.0-35.el7.aarch64.rpm libcurl-7.29.0-35.el7.aarch64.rpm libcurl-devel-7.29.0-35.el7.aarch64.rpm ppc64: curl-7.29.0-35.el7.ppc64.rpm curl-debuginfo-7.29.0-35.el7.ppc.rpm curl-debuginfo-7.29.0-35.el7.ppc64.rpm libcurl-7.29.0-35.el7.ppc.rpm libcurl-7.29.0-35.el7.ppc64.rpm libcurl-devel-7.29.0-35.el7.ppc.rpm libcurl-devel-7.29.0-35.el7.ppc64.rpm ppc64le: curl-7.29.0-35.el7.ppc64le.rpm curl-debuginfo-7.29.0-35.el7.ppc64le.rpm libcurl-7.29.0-35.el7.ppc64le.rpm libcurl-devel-7.29.0-35.el7.ppc64le.rpm s390x: curl-7.29.0-35.el7.s390x.rpm curl-debuginfo-7.29.0-35.el7.s390.rpm curl-debuginfo-7.29.0-35.el7.s390x.rpm libcurl-7.29.0-35.el7.s390.rpm libcurl-7.29.0-35.el7.s390x.rpm libcurl-devel-7.29.0-35.el7.s390.rpm libcurl-devel-7.29.0-35.el7.s390x.rpm x86_64: curl-7.29.0-35.el7.x86_64.rpm curl-debuginfo-7.29.0-35.el7.i686.rpm curl-debuginfo-7.29.0-35.el7.x86_64.rpm libcurl-7.29.0-35.el7.i686.rpm libcurl-7.29.0-35.el7.x86_64.rpm libcurl-devel-7.29.0-35.el7.i686.rpm libcurl-devel-7.29.0-35.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v.7): Source: curl-7.29.0-35.el7.src.rpm x86_64: curl-7.29.0-35.el7.x86_64.rpm curl-debuginfo-7.29.0-35.el7.i686.rpm curl-debuginfo-7.29.0-35.el7.x86_64.rpm libcurl-7.29.0-35.el7.i686.rpm libcurl-7.29.0-35.el7.x86_64.rpm libcurl-devel-7.29.0-35.el7.i686.rpm libcurl-devel-7.29.0-35.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2016-5419 https://access.redhat.com/security/cve/CVE-2016-5420 https://access.redhat.com/security/cve/CVE-2016-7141 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/Red_Hat_Enterprise_Linux/7/html/7.3_Release_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYGvp/XlSAg2UNWIIRAlEJAJsGXP/eFO+jx+W8B0wiD9WQ4SEg1gCgqmMq 0TzSpjGHS/3pkZhQmcghKqM=YdqC -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian GNU/Linux 10 patches wget with significant severity corrections for vulnerabilities, improving system security.. curl Update, TLS Security, Red Hat Enterprise, Security Fixes. . LinuxSecurity.com Team

Calendar%202 Nov 03, 2016 Red Hat
87

Debian: DSA-3662-1 Moderate: Inspircd SASL Authentication Risk

It was discovered that incorrect SASL authentication in the Inspircd IRC server may lead to users impersonating other users. For the stable distribution (jessie), this problem has been fixed in . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3662-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff September 08, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : inspircd CVE ID : CVE-2016-7142 It was discovered that incorrect SASL authentication in the Inspircd IRC server may lead to users impersonating other users. For the stable distribution (jessie), this problem has been fixed in version 2.0.17-1+deb8u2. For the unstable distribution (sid), this problem has been fixed in version 2.0.23-1. We recommend that you upgrade your inspircd packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . The security advisory DSA-3673-2 highlights vulnerabilities in BIND DNS server configurations, improving overall network protection for users.. Debian Inspircd Security Update, SASL Authentication Flaw, Security Impersonation Risk. . LinuxSecurity.com Team

Calendar%202 Sep 08, 2016 Debian
200

Scientific Linux: 2010-02-16 Moderate: NetworkManager Authentication Risk

Moderate: NetworkManager security update. Date: Tue, 16 Feb 2010 15:27:49 -0600 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Moderate: NetworkManager on SL5.x i386/x86_64 Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it." Synopsis: Moderate: NetworkManager security update Issue date: 2010-02-16 CVE Names: CVE-2009-4144 CVE-2009-4145 CVE-2009-4145 NetworkManager: information disclosure by nm-connection-editor CVE-2009-4144 NetworkManager: WPA enterprise network not verified when certificate is removed A missing network certificate verification flaw was found in NetworkManager. If a user created a WPA Enterprise or 802.1x wireless network connection that was verified using a Certificate Authority (CA) certificate, and then later removed that CA certificate file, NetworkManager failed to verify the identity of the network on the following connection attempts. In these situations, a malicious wireless network spoofing the original network could trick a user into disclosing authentication credentials or communicating over an untrusted network. (CVE-2009-4144) An information disclosure flaw was found in NetworkManager's nm-connection-editor D-Bus interface. If a user edited network connection options using nm-connection-editor, a summary of those changes was broadcasted over the D-Bus message bus, possibly disclosing sensitive information (such as wireless network authentication credentials) to other local users. (CVE-2009-4145) SL 5.x SRPMS: NetworkManager-0.7.0-9.el5_4.src.rpm i386: NetworkManager-0.7.0-9.el5_4.i386.rpm NetworkManager-devel-0.7.0-9.el5_4.i386.rpm NetworkManager-glib-0.7.0-9.el5_4.i386.rpm NetworkManager-glib-devel-0.7.0-9.el5_4.i386.rpm NetworkManager-gnome-0.7.0-9.el5_4.i386.rpm x86_64: NetworkManager-0.7.0-9.el5_4.i386.rpm NetworkManager-0.7.0-9.el5_4.x86_64.rpm NetworkManager-devel-0.7.0-9.el5_4.i386.rpm NetworkManager-devel-0.7.0-9.el5_4.x86_64.rpm NetworkManager-glib-0.7.0-9.el5_4.i386.rpm NetworkManager-glib-0.7.0-9.el5_4.x86_64.rpm NetworkManager-glib-devel-0.7.0-9.el5_4.i386.rpm NetworkManager-glib-devel-0.7.0-9.el5_4.x86_64.rpm NetworkManager-gnome-0.7.0-9.el5_4.x86_64.rpm -Connie Sieh -Troy Dawson . Timely security fix for NetworkManager on Scientific Linux SL5.x addressing potential information leaks and WPA authentication issues.. NetworkManager Security Update, Scientific Linux, Authentication Risk. . LinuxSecurity.com Team

Calendar%202 Feb 16, 2010 Scientific Linux
91

Gentoo GLSA 200804-24 Important: DBMail Authentication Vulnerability Alert

A vulnerability in DBMail could allow for passwordless login to any account under certain configurations.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200804-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: DBmail: Data disclosure Date: April 18, 2008 Bugs: #218154 ID: 200804-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability in DBMail could allow for passwordless login to any account under certain configurations. Background ========= DBMail is a mail storage and retrieval daemon that uses SQL databases as its data store. IMAP and POP3 can be used to retrieve mails from the database. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-mail/dbmail < 2.2.9 > = 2.2.9 Description ========== A vulnerability in DBMail's authldap module when used in conjunction with an Active Directory server has been reported by vugluskr. When passing a zero length password to the module, it tries to bind anonymously to the LDAP server. If the LDAP server allows anonymous binds, this bind succeeds and results in a successful authentication to DBMail. Impact ===== By passing an empty password string to the server, an attacker could be able to log in to any account. Workaround ========= There is no known workaround at this time. Resolution ========= All DBMail users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-mail/dbmail-2.2.9" References ========= [ 1 ]CVE-2007-6714 https://www.cve.org/CVERecord?id=CVE-2007-6714 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200804-24 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . Gentoo GLSA 202303-15: MyApp has exposure to unauthorized access due to setup errors. Severity: Medium. Update advised.. Gentoo Linux, DBMail, Authentication Risk. . Severity: Low. LinuxSecurity.com Team

Calendar%202 Apr 19, 2008 Low Gentoo
172

Ubuntu: USN-459-1 Important: Python Web Server Vulnerability

A flaw was discovered in MoinMoin's error reporting when using the AttachFile action. By tricking a user into viewing a crafted MoinMoin URL, an attacker could execute arbitrary JavaScript as the current MoinMoin user, possibly exposing the user's authentication information for the domain where MoinMoin was hosted. . =========================================================== Ubuntu Security Notice USN-458-1 May 07, 2007 moin vulnerabilities CVE-2007-2423 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: python2.4-moinmoin 1.5.2-1ubuntu2.3 Ubuntu 6.10: python2.4-moinmoin 1.5.3-1ubuntu1.3 Ubuntu 7.04: python-moinmoin 1.5.3-1.1ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: A flaw was discovered in MoinMoin's error reporting when using the AttachFile action. By tricking a user into viewing a crafted MoinMoin URL, an attacker could execute arbitrary JavaScript as the current MoinMoin user, possibly exposing the user's authentication information for the domain where MoinMoin was hosted. (CVE-2007-2423) Flaws were discovered in MoinMoin's ACL handling for calendars and includes. Unauthorized users would be able to read pages that would otherwise be unavailable to them. Updated packages for Ubuntu 6.06 LTS: Source archives: Size/MD5: 39487 c3b1dfe20a3bb839def08020159321ef Size/MD5: 702 584b400e32f0fae1aef2fa69ffed2bd8 Size/MD5: 3975925 689ed7aa9619aa207398b996d68b4b87 Architecture independent packages: Size/MD5: 1507924c53bc6a1452309b150dc86d0884feea6 Size/MD5: 69548 cc8dd84cef4cd95749a7f3914c55b49b Size/MD5: 834738 950146660e787274fe0d69a8ab2bff5d Updated packages for Ubuntu 6.10: Source archives: Size/MD5: 40234 e232754328aa47d1f2c5be8252392bf3 Size/MD5: 726 86bb330aafbfb7c428950f8646fc084b Size/MD5: 4187091 e95ec46ee8de9527a39793108de22f7d Architecture independent packages: Size/MD5: 1574744 57f533196afd6198798b24eaa105d596 Size/MD5: 73640 64019d9f0109287760bfd5b4660cdc4b Size/MD5: 909078 f6deadb7c99624b72b08b973c0973f8f Updated packages for Ubuntu 7.04: Source archives: Size/MD5: 38905 30c1f2043f7629767530923b797026c5 Size/MD5: 671 7209cfa3f1a21c1a45dcb2ddf16cabb9 Size/MD5: 4187091 e95ec46ee8de9527a39793108de22f7d Architecture independent packages: Size/MD5: 1574964 e73dd559227f0712c5d453b80a08f388 Size/MD5: 914232 26c1e3c3344c2666c1150a77b0ffcccc . Critical vulnerabilities in MoinMoin on Ubuntu jeopardize user credentials. It's advised to perform an upgrade for enhanced protection.. MoinMoin Security, JavaScript Attack, Ubuntu Patching, Update Recommendation. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 08, 2007 Important Ubuntu
91

Gentoo: GLSA 200404-05 High: ipsec-tools X.509 Connection Risk

ipsec-tools contains a vulnerability that affects connections authenticated with X.509 certificates.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200404-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: ipsec-tools contains an X.509 certificates vulnerability. Date: April 07, 2004 Bugs: #47013 ID: 200404-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= ipsec-tools contains a vulnerability that affects connections authenticated with X.509 certificates. Background ========= From : "IPsec-Tools is a port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation." Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- net-firewall/ipsec-tools = 0.2.5 Description ========== racoon (a utility in the ipsec-tools package) does not verify digital signatures on Phase1 packets. This means that anybody holding the correct X.509 certificate would be able to establish a connection, even if they did not have the corresponding private key. Impact ===== Since digital signatures are not verified by the racoon tool, an attacker may be able to connect to the VPN gateway and/or execute a man-in-the-middle attack. Workaround ========= A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package. Resolution ========= ipsec-tools users should upgrade to version 0.2.5 or later: # emerge sync # emerge -pv "> =net-firewall/ipsec-tools-0.2.5" # emerge ">=net-firewall/ipsec-tools-0.2.5" Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. . Discover Gentoo's advisory GLSA 200404-05 highlighting a serious X.509 certificate vulnerability in ipsec-tools.. ipsec-tools, x509, gentoo linux, security advisory, certificate risk. . LinuxSecurity.com Team

Calendar%202 Apr 07, 2004 Gentoo
98

Red Hat Linux: RHSA-2002:084-17 Critical: pam_ldap Format Issue

Updated nss_ldap packages are now available for Red Hat Linux 6.2, 7.0,7.1,7.2, and 7.3. These packages fix a string format vulnerability in thepam_ldap module.. ` --------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: Updated nss_ldap packages fix pam_ldap vulnerability Advisory ID: RHSA-2002:084-17 Issue date: 2002-05-07 Updated on: 2002-05-26 Product: Red Hat Linux Keywords: pam_ldap format string syslog security Cross references: Obsoletes: RHSA-2000:024 CVE Names: CAN-2002-0374 --------------------------------------------------------------------- 1. Topic: Updated nss_ldap packages are now available for Red Hat Linux 6.2, 7.0, 7.1,7.2, and 7.3. These packages fix a string format vulnerability in the pam_ldap module. 2. Relevant releases/architectures: Red Hat Linux 6.2 - alpha, i386, sparc Red Hat Linux 7.0 - alpha, i386 Red Hat Linux 7.1 - alpha, i386, ia64 Red Hat Linux 7.2 - i386, ia64 Red Hat Linux 7.3 - i386 3. Problem description: The pam_ldap module provides authentication for user access to a system by consulting a directory using LDAP. Versions of pam_ldap prior to version 144 include a format string bug in the logging function. The packages included in this erratum update pam_ldap to version 144, fixing this bug. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0374 to this issue. Due to differences in the default behavior of the pam_ldap module when performing account management, the version of authconfig included in Red Hat Linux 7.2 will generate incorrect /etc/pam.d/system-auth files for this version of pam_ldap. This update includes an updated version of authconfig for Red Hat Linux 7.2 which addresses this problem (versions of authconfig included with Red Hat Linux 7, 7.1, and 7.3 are not affected). Our thanks go to the pam_ldap team at padl.com for bringing this toour attention. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed ( for more info): 6. RPMs required: Red Hat Linux 6.2: SRPMS: alpha: i386: sparc: Red Hat Linux 7.0: SRPMS: alpha: i386: Red Hat Linux 7.1: SRPMS: alpha: i386: ia64: Red Hat Linux 7.2: SRPMS: i386: ia64: Red Hat Linux 7.3: SRPMS: i386: 7. Verification: MD5 sum Package Name -------------------------------------------------------------------------- 02160b0b00ebc1f1c7966e3568eaf7f6 6.2/en/os/SRPMS/nss_ldap-189-1.6.2.src.rpm b2e869b6aabbd2c2cc64133f684f64bc 6.2/en/os/alpha/nss_ldap-189-1.6.2.alpha.rpm 8276550d54abfcaccb1e3aa1b6198ffd 6.2/en/os/i386/nss_ldap-189-1.6.2.i386.rpm 614b76ab7c51ebcc3390651af5c9de80 6.2/en/os/sparc/nss_ldap-189-1.6.2.sparc.rpm 1eb57f3965d1c68d7891c8a858573ae1 7.0/en/os/SRPMS/nss_ldap-189-1.7.src.rpm 6f3838a447d9766b782886695df52149 7.0/en/os/alpha/nss_ldap-189-1.7.alpha.rpm 8484f482a1a6816a0c5e1dade2d7fd33 7.0/en/os/i386/nss_ldap-189-1.7.i386.rpm 1eb57f3965d1c68d7891c8a858573ae1 7.1/en/os/SRPMS/nss_ldap-189-1.7.src.rpm 6f3838a447d9766b782886695df521497.1/en/os/alpha/nss_ldap-189-1.7.alpha.rpm 8484f482a1a6816a0c5e1dade2d7fd33 7.1/en/os/i386/nss_ldap-189-1.7.i386.rpm 5805176343cfd2b7e033ce8cf8d0706d 7.1/en/os/ia64/nss_ldap-189-1.7.ia64.rpm 7216e533cd6cab1ff4fb46171a585b43 7.2/en/os/SRPMS/authconfig-4.1.19.2-1.src.rpm d977011dc7bbc3eea5b3e01ce7d364d9 7.2/en/os/SRPMS/nss_ldap-189-2.src.rpm 7282baea30503699772dd3e2aa866a11 7.2/en/os/i386/authconfig-4.1.19.2-1.i386.rpm d2b2402e6c59f886556872d6b2bc2f16 7.2/en/os/i386/nss_ldap-189-2.i386.rpm 0c451e5cb1cb7e5a5d7152aa91ee3834 7.2/en/os/ia64/authconfig-4.1.19.2-1.ia64.rpm 7d07126091032adfdae1d2192b9ca264 7.2/en/os/ia64/nss_ldap-189-2.ia64.rpm d977011dc7bbc3eea5b3e01ce7d364d9 7.3/en/os/SRPMS/nss_ldap-189-2.src.rpm d2b2402e6c59f886556872d6b2bc2f16 7.3/en/os/i386/nss_ldap-189-2.i386.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: About You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg 8. References: https://github.com/PADL CVE -CVE-2002-0374 Copyright(c) 2000, 2001, 2002 Red Hat, Inc. `. Updated nss_ldap packages on CentOS enhance syntax parsing in the pam_ldap module for better security.. nss_ldap,pam_ldap,Red Hat security,package update. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 26, 2002 Critical Red Hat
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200