Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
89
security advisorymoderatefedoraFedora 36: HIGH - Axel Encryption Vulnerability (FEDORA-2022-8rf1gh3e34)
Update to new release. 2.17.8+ include the security fix for CVE-2020-13614 axel: TLS implementation lacks hostname verification leading to possible confidentiality breach. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-5214bd8f14 2021-05-05 01:20:25.877561 --------------------------------------------------------------------------------Name : axel Product : Fedora 34 Version : 2.17.10 Release : 1.fc34 URL : https://github.com/axel-download-accelerator/axel Summary : Light command line download accelerator for Linux and Unix Description : Axel tries to accelerate HTTP/FTP downloading process by using multiple connections for one file. It can use multiple mirrors for a download. Axel has no dependencies and is lightweight, so it might be useful as a wget clone on byte-critical systems. --------------------------------------------------------------------------------Update Information: Update to new release. 2.17.8+ include the security fix for CVE-2020-13614 axel: TLS implementation lacks hostname verification leading to possible confidentiality breach --------------------------------------------------------------------------------ChangeLog: * Mon Apr 26 2021 Frantisek Zatloukal - 2.17.10-1 - Updated to axel-2.17.10 --------------------------------------------------------------------------------References: [ 1 ] Bug #1848468 - CVE-2020-13614 axel: TLS implementation lacks hostname verification leading to possible confidentiality breach [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1848468 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-5214bd8f14' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed withthe Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 04, 2021
Fedora
202
security advisorymoderatesoftware updateopenSUSE: 2020:0785-1 Moderate: axel SSL Certificate Hostnames Issue
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for axel ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:0785-1 Rating: moderate References: #1172159 Cross-References: CVE-2020-13614 Affected Products: openSUSE Backports SLE-15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for axel fixes the following issues: axel was updated to 2.17.8: * CVE-2020-13614: SSL Certificate Hostnames were not verified (boo#1172159) * Replaced progressbar line clearing with terminal control sequence * Fixed parsing of Content-Disposition HTTP header * Fixed User-Agent HTTP header never being included Update to version 2.17.7: - Buildsystem fixes - Fixed release date for man-pages on BSD - Explicitly close TCP sockets on SSL connections too - Fixed HTTP basic auth header generation - Changed the default progress report to "alternate output mode" - Improved English in README.md Update to version 2.17.6: - Fixed handling of non-recoverable HTTP errors - Cleanup of connection setup code - Fixed manpage reproducibility issue - Use tracker instead of PTS from Debian Update to version 2.17.5: - Fixed progress indicator misalignment - Cleaned up the wget-like progress output code - Improved progress output flushing Update to version 2.17.4: - Fixed build with bionic libc (Android) - TCP Fast Open support on Linux - TCP code cleanup - Removed dependency on libm - Data types and format strings cleanup - String handling cleanup - Format string checking GCC attributes added - Buildsystem fixes and improvements - Updates to the documentation - Updated all translations - Fixed Footnotes in documentation - Fixed a typo in README.md Update toversion 2.17.3: - Builds now use canonical host triplet instead of `uname -s` - Fixed build on Darwin / Mac OS X - Fixed download loops caused by last byte pointer being off by one - Fixed linking issues (i18n and posix threads) - Updated build instructions - Code cleanup - Added autoconf-archive to building instructions Update to version 2.17.2: - Fixed HTTP request-ranges to be zero-based - Fixed typo "too may" -> "too many" - Replaced malloc + memset calls with calloc - Sanitize progress bar buffer len passed to memset Update to version 2.17.1: - Fixed comparison error in axel_divide - Make sure maxconns is at least 1 Update to version 2.17: - Fixed composition of URLs in redirections - Fixed request range calculation - Updated all translations - Updated build documentation - Major code cleanup - Cleanup of alternate progress output - Removed global string buffers - Fixed min and max macros - Moved User-Agent header to conf-> add_header - Use integers for speed ratio and delay calculation - Added support for parsing IPv6 literal hostname - Fixed filename extraction from URL - Fixed request-target message to proxy - Handle secure protocol's schema even with SSL disabled - Fixed Content-Disposition filename value decoding - Strip leading hyphens in extracted filenames This update was imported from the openSUSE:Leap:15.1:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP1: zypper in -t patch openSUSE-2020-785=1 Package List: - openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64): axel-2.17.8-bp151.4.3.1 References: https://www.suse.com/security/cve/CVE-2020-13614.html https://bugzilla.suse.com/1172159 -- . This Fedora SecurityUpdate rectifies a TLS authentication flaw in wget, improving both robustness and safety. Discover further details.. openSUSE Security Update, axel update, SSL verification fix. . LinuxSecurity.com Team
Jun 08, 2020
OpenSUSE
202
security advisorymoderatethreatopenSUSE: 2020:0778-1 Moderate Security Update for axel SSL Issue
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for axel ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:0778-1 Rating: moderate References: #1172159 Cross-References: CVE-2020-13614 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for axel fixes the following issues: axel was updated to 2.17.8: * CVE-2020-13614: SSL Certificate Hostnames were not verified (boo#1172159) * Replaced progressbar line clearing with terminal control sequence * Fixed parsing of Content-Disposition HTTP header * Fixed User-Agent HTTP header never being included Update to version 2.17.7: - Buildsystem fixes - Fixed release date for man-pages on BSD - Explicitly close TCP sockets on SSL connections too - Fixed HTTP basic auth header generation - Changed the default progress report to "alternate output mode" - Improved English in README.md Update to version 2.17.6: - Fixed handling of non-recoverable HTTP errors - Cleanup of connection setup code - Fixed manpage reproducibility issue - Use tracker instead of PTS from Debian Update to version 2.17.5: - Fixed progress indicator misalignment - Cleaned up the wget-like progress output code - Improved progress output flushing Update to version 2.17.4: - Fixed build with bionic libc (Android) - TCP Fast Open support on Linux - TCP code cleanup - Removed dependency on libm - Data types and format strings cleanup - String handling cleanup - Format string checking GCC attributes added - Buildsystem fixes and improvements - Updates to the documentation - Updated all translations - Fixed Footnotes in documentation - Fixed a typo in README.md Update to version2.17.3: - Builds now use canonical host triplet instead of `uname -s` - Fixed build on Darwin / Mac OS X - Fixed download loops caused by last byte pointer being off by one - Fixed linking issues (i18n and posix threads) - Updated build instructions - Code cleanup - Added autoconf-archive to building instructions Update to version 2.17.2: - Fixed HTTP request-ranges to be zero-based - Fixed typo "too may" -> "too many" - Replaced malloc + memset calls with calloc - Sanitize progress bar buffer len passed to memset Update to version 2.17.1: - Fixed comparison error in axel_divide - Make sure maxconns is at least 1 Update to version 2.17: - Fixed composition of URLs in redirections - Fixed request range calculation - Updated all translations - Updated build documentation - Major code cleanup - Cleanup of alternate progress output - Removed global string buffers - Fixed min and max macros - Moved User-Agent header to conf-> add_header - Use integers for speed ratio and delay calculation - Added support for parsing IPv6 literal hostname - Fixed filename extraction from URL - Fixed request-target message to proxy - Handle secure protocol's schema even with SSL disabled - Fixed Content-Disposition filename value decoding - Strip leading hyphens in extracted filenames Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-778=1 Package List: - openSUSE Leap 15.1 (x86_64): axel-2.17.8-lp151.3.3.1 axel-debuginfo-2.17.8-lp151.3.3.1 axel-debugsource-2.17.8-lp151.3.3.1 References: https://www.suse.com/security/cve/CVE-2020-13614.html https://bugzilla.suse.com/1172159 -- . A recent patch for the axel tool addresses vulnerabilities linked toSSL validation. It's crucial to update your systems to uphold security standards.. axel update, openSUSE patch, SSL certificate security, openSUSE vulnerability. . LinuxSecurity.com Team
Jun 08, 2020
OpenSUSE
91
security advisorybuffer overflowexploitGentoo Linux Axel Exploit Identified: GLSA-200504-09 Normal Severity
A buffer overflow vulnerability has been found in Axel which could lead to the execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200504-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Axel: Vulnerability in HTTP redirection handling Date: April 12, 2005 Bugs: #88264 ID: 200504-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A buffer overflow vulnerability has been found in Axel which could lead to the execution of arbitrary code. Background ========= Axel is a console-based FTP/HTTP download accelerator. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/axel < 1.0b > = 1.0b Description ========== A possible buffer overflow has been reported in the HTTP redirection handling code in conn.c. Impact ===== A remote attacker could exploit this vulnerability by setting up a malicious site and enticing a user to connect to it. This could possibly lead to the execution of arbitrary code with the permissions of the user running Axel. Workaround ========= There is no known workaround at this time. Resolution ========= All Axel users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-misc/axel-1.0b" References ========= [ 1 ] CAN-2005-0390 https://www.cve.org/CVERecord?id=CVE-CAN-2005-0390 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200504-09 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Apr 12, 2005
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!