Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -4 articles for you...
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorysecurity updatered hat enterprise linux

Red Hat: RHSA-2023:4060-01 Important: .NET 6.0 Security Fix

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: .NET 6.0 security, bug fix, and enhancement update Advisory ID: RHSA-2023:4060-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:4060 Issue date: 2023-07-13 CVE Names: CVE-2023-33170 ==================================================================== 1. Summary: An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, s390x, x86_64 Red Hat Enterprise Linux CRB (v. 9) - aarch64, s390x, x86_64 3. Description: .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. The following packages have been upgraded to a later upstream version: dotnet6.0 (SDK 6.0.120, Runtime 6.0.20). (BZ#2219640) Security Fix(es): * dotnet: race condition in Core SignInManager PasswordSignInAsync method (CVE-2023-33170) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in thisadvisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2221854 - CVE-2023-33170 dotnet: race condition in Core SignInManager PasswordSignInAsync method 6. Package List: Red Hat Enterprise Linux AppStream (v.9): Source: dotnet6.0-6.0.120-1.el9_2.src.rpm aarch64: aspnetcore-runtime-6.0-6.0.20-1.el9_2.aarch64.rpm aspnetcore-targeting-pack-6.0-6.0.20-1.el9_2.aarch64.rpm dotnet-apphost-pack-6.0-6.0.20-1.el9_2.aarch64.rpm dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el9_2.aarch64.rpm dotnet-hostfxr-6.0-6.0.20-1.el9_2.aarch64.rpm dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el9_2.aarch64.rpm dotnet-runtime-6.0-6.0.20-1.el9_2.aarch64.rpm dotnet-runtime-6.0-debuginfo-6.0.20-1.el9_2.aarch64.rpm dotnet-sdk-6.0-6.0.120-1.el9_2.aarch64.rpm dotnet-sdk-6.0-debuginfo-6.0.120-1.el9_2.aarch64.rpm dotnet-targeting-pack-6.0-6.0.20-1.el9_2.aarch64.rpm dotnet-templates-6.0-6.0.120-1.el9_2.aarch64.rpm dotnet6.0-debuginfo-6.0.120-1.el9_2.aarch64.rpm dotnet6.0-debugsource-6.0.120-1.el9_2.aarch64.rpm s390x: aspnetcore-runtime-6.0-6.0.20-1.el9_2.s390x.rpm aspnetcore-targeting-pack-6.0-6.0.20-1.el9_2.s390x.rpm dotnet-apphost-pack-6.0-6.0.20-1.el9_2.s390x.rpm dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el9_2.s390x.rpm dotnet-hostfxr-6.0-6.0.20-1.el9_2.s390x.rpm dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el9_2.s390x.rpm dotnet-runtime-6.0-6.0.20-1.el9_2.s390x.rpm dotnet-runtime-6.0-debuginfo-6.0.20-1.el9_2.s390x.rpm dotnet-sdk-6.0-6.0.120-1.el9_2.s390x.rpm dotnet-sdk-6.0-debuginfo-6.0.120-1.el9_2.s390x.rpm dotnet-targeting-pack-6.0-6.0.20-1.el9_2.s390x.rpm dotnet-templates-6.0-6.0.120-1.el9_2.s390x.rpm dotnet6.0-debuginfo-6.0.120-1.el9_2.s390x.rpm dotnet6.0-debugsource-6.0.120-1.el9_2.s390x.rpm x86_64: aspnetcore-runtime-6.0-6.0.20-1.el9_2.x86_64.rpm aspnetcore-targeting-pack-6.0-6.0.20-1.el9_2.x86_64.rpm dotnet-apphost-pack-6.0-6.0.20-1.el9_2.x86_64.rpm dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el9_2.x86_64.rpm dotnet-hostfxr-6.0-6.0.20-1.el9_2.x86_64.rpm dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el9_2.x86_64.rpm dotnet-runtime-6.0-6.0.20-1.el9_2.x86_64.rpm dotnet-runtime-6.0-debuginfo-6.0.20-1.el9_2.x86_64.rpm dotnet-sdk-6.0-6.0.120-1.el9_2.x86_64.rpm dotnet-sdk-6.0-debuginfo-6.0.120-1.el9_2.x86_64.rpm dotnet-targeting-pack-6.0-6.0.20-1.el9_2.x86_64.rpm dotnet-templates-6.0-6.0.120-1.el9_2.x86_64.rpm dotnet6.0-debuginfo-6.0.120-1.el9_2.x86_64.rpm dotnet6.0-debugsource-6.0.120-1.el9_2.x86_64.rpm Red Hat Enterprise Linux CRB (v. 9): aarch64: dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el9_2.aarch64.rpm dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el9_2.aarch64.rpm dotnet-runtime-6.0-debuginfo-6.0.20-1.el9_2.aarch64.rpm dotnet-sdk-6.0-debuginfo-6.0.120-1.el9_2.aarch64.rpm dotnet-sdk-6.0-source-built-artifacts-6.0.120-1.el9_2.aarch64.rpm dotnet6.0-debuginfo-6.0.120-1.el9_2.aarch64.rpm dotnet6.0-debugsource-6.0.120-1.el9_2.aarch64.rpm s390x: dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el9_2.s390x.rpm dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el9_2.s390x.rpm dotnet-runtime-6.0-debuginfo-6.0.20-1.el9_2.s390x.rpm dotnet-sdk-6.0-debuginfo-6.0.120-1.el9_2.s390x.rpm dotnet-sdk-6.0-source-built-artifacts-6.0.120-1.el9_2.s390x.rpm dotnet6.0-debuginfo-6.0.120-1.el9_2.s390x.rpm dotnet6.0-debugsource-6.0.120-1.el9_2.s390x.rpm x86_64: dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el9_2.x86_64.rpm dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el9_2.x86_64.rpm dotnet-runtime-6.0-debuginfo-6.0.20-1.el9_2.x86_64.rpm dotnet-sdk-6.0-debuginfo-6.0.120-1.el9_2.x86_64.rpm dotnet-sdk-6.0-source-built-artifacts-6.0.120-1.el9_2.x86_64.rpm dotnet6.0-debuginfo-6.0.120-1.el9_2.x86_64.rpm dotnet6.0-debugsource-6.0.120-1.el9_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-33170 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIcBAEBCAAGBQJkr/5NAAoJENzjgjWX9erEFeIP/0eodY1a60wpWhLN8tmNX2xP S3+95XTHaQNIU1DCqBOHcLOQucvIskXAQH0P3/VPnMNgppsYTVj+eudFUF/kXjR2 ETjnVGEV4P9ALjHBb5rn+HN8QxswdMUEBxODu7fw4otTzrkFMeCmxRYiDaSPhBlT oZOP5GSDCeEN06Do2/PNYiZOlV7yqHi9iq1QkUAIAmiw2OZs3NaAFhmff19LqXUO 5rriHOeBYCe2ZoYJgImPvHetMSznCLEKqIpJPGG4C1GlSLouIk8gAhFAHQWX6nLo 3ha2cZolrq7EeTi6osixxE3R0lkqFzyDWvJUOOJbr3uHT7q3ba81F8/zleaUU2zU n8ii/kj/6flCm/U/w6c1LssyspdK+DR2ZTdBAKIMBm08tMXacf1RBiBdV3deo2VA bFZ3/RipAQfyaACq4Xk6UCxvzmoaK58zcc7TdEDTtPcy1fvZ2g3MrkcmvCh7ZJL6 YX6UF9Sls2S346uYXqg41z7Sw3e2YWZi8P8GRrZBGYceSaz3LNw/y33GORwdPY80 RpVP/oru7IyztwhwkCoL5zaCeaWEKuB3NJo8yv1wYqX3g0HqOIAjNGYmpYrgxbom DSnz9IT2SZ0SmUTFMzqnjQkPOWaZdiyEX0s261QOcMannmDJzuD8GELv9EDd03DE CvGvV2H4I0WZTf7UNJ9y =lrx9 -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Notice: The latest .NET 6.0 update for Red Hat Enterprise Linux 9 resolves significant security vulnerabilities and includes essential bug corrections.. Red Hat Enterprise Linux, Dotnet Security Fixes, Important Bug Updates. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jul 13, 2023 Important Red Hat
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisoryRed Hatimportant

Red Hat 7.2: RHSA-2021-3399-01 Important Kernel Security Fix

An update for kernel is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2021:3399-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3399 Issue date: 2021-08-31 CVE Names: CVE-2021-3347 CVE-2021-22555 CVE-2021-32399 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.2) - noarch, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.2) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Use after free via PI futex state (CVE-2021-3347) * kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c (CVE-2021-22555) * kernel: race condition for removal of the HCI controller (CVE-2021-32399) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [CKI kernel builds]: x86 binaries in non-x86 kernel rpms breaks systemtap [7.9.z] (BZ#1975163) 4. Solution: For details on how to apply thisupdate, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1922249 - CVE-2021-3347 kernel: Use after free via PI futex state 1970807 - CVE-2021-32399 kernel: race condition for removal of the HCI controller 1980101 - CVE-2021-22555 kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.2): Source: kernel-3.10.0-327.100.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.100.1.el7.noarch.rpm kernel-doc-3.10.0-327.100.1.el7.noarch.rpm x86_64: kernel-3.10.0-327.100.1.el7.x86_64.rpm kernel-debug-3.10.0-327.100.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.100.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.100.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.100.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.100.1.el7.x86_64.rpm kernel-devel-3.10.0-327.100.1.el7.x86_64.rpm kernel-headers-3.10.0-327.100.1.el7.x86_64.rpm kernel-tools-3.10.0-327.100.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.100.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.100.1.el7.x86_64.rpm perf-3.10.0-327.100.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.100.1.el7.x86_64.rpm python-perf-3.10.0-327.100.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.100.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.2): x86_64: kernel-debug-debuginfo-3.10.0-327.100.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.100.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.100.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.100.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.100.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.100.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.100.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are availablefrom https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-3347 https://access.redhat.com/security/cve/CVE-2021-22555 https://access.redhat.com/security/cve/CVE-2021-32399 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYS6G+9zjgjWX9erEAQjlXA/+NY7jrOKKWEkuepexvRMye18HZW5BE9jN Lxdg268Nkif95eNmtd+gS0qracaO4HR9Iv01nDoNqf75NsK7FV03eN5Z8LYwrm6r t/b4S4fVRU7bWwUlDE5s8HAhAHLmQ0t2B1cb/XII6R8sSdYG5jHAiFQB1VDS9Z1u Fi8ICfvM2wJZWVZguZWsXzZvLYYBxUxhE0rHcoCuoTIXHIi/QuFtpJ/QBZyAaphz AVtuRYQ62xOB3Xh7DWiPJK3dYFTqADqyENU58W7cQ2p6/w+Q8XTBZwXmtO0Skli2 A0PTrSGDYkvEiBPz9iSKzrLlkrOAB2V3s5dnzB1gEqJC1k9JNn8EnG1rPvW5p3Kk M6FFBb+AJ9CZ9yn7N1zzclEZTMZPkIIduUUAijFHff2uH1nQFwadWuo3UFu3L0G+ e0al2Sh64/fJ7QMJBEwA1fQsk36h8rJgBcMKGEdQ+cEE3rUmymg23cANAZTvSq1G zFfkJFRHZ6ydjuk//6mVDwuM9GA/Uhd+xu7PHf4PTnE5VZDDfebP69LEV+zHlobh MSKRHMFDap2h5AO6QNm/g+oH/NS8C1I3/c76SmkTU0ebvrcsWrx9ZZ63jRH/nncd 0YgwIwmkgBZTf/o5tjJxugIix5g4mwsJOf/x2o44t5gXb7Iug+xEPb6+K3NinFRM hVDE3gCjZ3U=5gdy -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . A kernel security enhancement for Red Hat Enterprise Linux 7.2 addresses critical vulnerabilities with considerable implications. Discover further details.. RedHat Kernel Update, Linux Security Fix, Important Kernel Update, Bug Patch RedHat. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Aug 31, 2021 Important Red Hat
Banner 1 1028x280 1708121660 1771599717
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydebianregression fix

Debian: DSA-4191-2 Critical: Redmine Regression Bug Fix

The redmine security update announced as DSA-4191-1 caused regressions with multi-value fields while doing queries on project issues due to an bug in the patch to address CVE-2017-15569. Updated packages are now available to correct this issue. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-4191-2 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Salvatore Bonaccorso June 03, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : redmine Debian Bug : 900283 The redmine security update announced as DSA-4191-1 caused regressions with multi-value fields while doing queries on project issues due to an bug in the patch to address CVE-2017-15569. Updated packages are now available to correct this issue. For the stable distribution (stretch), this problem has been fixed in version 3.3.1-4+deb9u2. We recommend that you upgrade your redmine packages. For the detailed security status of redmine please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/redmine Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian has issued DSA-4191-2 for redmine, correcting issues introduced by the last patch. Recent changes resolve multiple bugs in the updated software.. redmine, regression fix, debian advisory, bug patch, security update. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jun 03, 2018 Critical Debian
100
Ls Advisories Suse Esm H240
Price Tag 1security advisoryupdateremote code execution

SUSE Linux 10.2: 2007-020 Moderate: PHP Remote Code Execution

Multiple bugs have been fixed in the PHP4 and PHP5 script interpreters. Multiple bugs have been fixed in the PHP4 and PHP5 script interpreters. These include the following security related problems: CVE-2007-0906: Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) [More...]. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: php4,php5 Announcement ID: SUSE-SA:2007:020 Date: Thu, 15 Mar 2007 12:00:00 +0000 Affected Products: SUSE LINUX 9.3 SUSE LINUX 10.0 SUSE LINUX 10.1 openSUSE 10.2 UnitedLinux 1.0 SuSE Linux Enterprise Server 8 SuSE Linux Openexchange Server 4 SuSE Linux Standard Server 8 SuSE Linux School Server SUSE LINUX Retail Solution 8 SUSE SLES 9 Open Enterprise Server Novell Linux POS 9 SLE SDK 10 SUSE SLES 10 Vulnerability Type: remote code execution Severity (1-10): 5 SUSE Default Package: no Cross-References: CVE-2006-6383, CVE-2007-0906, CVE-2007-0907 CVE-2007-0908, CVE-2007-0909, CVE-2007-0910 CVE-2007-0911, CVE-2007-1380, CVE-2007-1399 Content of This Advisory: 1) Security Vulnerability Resolved: php5 and php4 security update Problem Description 2)Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion Multiple bugs have been fixed in the PHP4 and PHP5 script interpreters. These include the following security related problems: CVE-2007-0906: Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions. CVE-2007-0907: Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function. CVE-2007-0908: The wddx extension in PHP before 5.2.1 allows remote attackers to obtain sensitive information via unspecified vectors. CVE-2007-0909: Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function. CVE-2007-0910: Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors. CVE-2007-0911: Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash). CVE-2006-6383: PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path,which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path. This security update also fixes some bugs reported by the Month of PHP bugs project: MOPB-10-2007 / CVE-2007-1380: The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read. MOPB-16-2007 / CVE-2007-1399: Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback. Note that this problem is caught by the FORTIFY SOURCE extension in SUSE Linux 10.0 and newer products and just leads to a controlled abort of the PHP interpreter. 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes Please close and restart all running instances of Apache after the update. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv to apply the update, replacing with the filename of the downloaded RPM package. x86 Platform: openSUSE 10.2: f2f48e532fef257c6e7a9594b395bbbd 503528c34dd46c11b626a1115e4e7acc f0d2552bdec0eeb3ab8bf2545ba3cddb bf3d450e2eb99b34a06daf7513983471 f818ce63be457d9c1a1239cb4df43140 21e05debffe309a6d726152c54f76051 b0c379af470fca3c2f3f4c12182a4f7a cb7afff7393ef5e7fe9a40787decb6f9 0951fe02fb2f0c604dbcc8ac5eeaf16c 3dd7c25a21d2a484ca879904f3bee4a9 4a813bc9d22f5a9e7764f4ac6685609d 098c31663c9da3e220773c7f02d0c0fd f439e2e8c687ce0dbd07b9575a4365f3 02d86d4c8630df2a1c011a0b8b36bce3 0ef98613fdd02136e71e41c8140172db fe27a4c38d1a60a263ee224759e3ac44 72593a052c560bf67e13b0023f3853cf a28748136ac0c812336dbb526a640388 a6fddefdd69e1cd16a2dbc05a00d307c e4fc9ceaf7f994f7d071984b27986cb5 c1e3ca85fcf3eab7528c08d96d87b2ba 93b3138e1440d984979131c4b6811c83 5130d3ba12debbce19e36104880dc379 f3328696c8419532be94f0c9a9e17b2d ce718ed9e21a8ff508da8c27a270e703 7cdc2d0d8fa4848dac1f8fca234082c5 SUSE LINUX 10.1: 3927e0480ecf4c74be6b5a8cc1060eb0 c4cedba0d109f6ceffaa13a6bf682e7e a8fd499fa084131487ec38812b64e8b1 e22cac0de384f810e51c2e677c0beded ed084d4f73e420ac65bbb6478ea90d94 805c64b2bcd4acc30457292c4727c3cf 632ab11aa56d0e845a32ecc08d8d0c2b 6253f962a8ea1edd629d9fafebca88d3 00e6376b3ea3ed8eef975ded52a2652d 369c20a57b8040440ff7d7e25b00206f b0932eb0d69a3416e507bd3f9f0c1c8d 039b6caa677523d29bcbfb4c7c28171b f94f405677516b60a1c5dffcd5d81aa7 82927d40442d020d64798565dd0301a2 3e420f4f25f7dfd4b8cd9c325c687569 ffde7c9bb5717808234d366e1a0df80a 70b78fcb59a61b121b72a4672b32426b 77d1917ebfb039869b07dbd3f73463db 257ef91fab5b5ff97f7f2a3c641b852b 67fd6fbfe544bf149dad76a187949588 45f165b82620c8a7ec97da3ed835c825 2841c3c4d8085801dbd078358e2d3120 2a0db72494fa3c9a3600897660b879f2 b9a3634905d99004644396707d9dd12e 88d1174b3880fc99aaf6f9ad0f639d2c 1932e85a7a064be2220e09a29b404227 SUSE LINUX 10.0: ce1d9363eb0efdeeedea70eae077659a d928f472fa80d6c73723688297aaa32c 707f34cea2252ae1d40f80bfbd7a2b65 3aa9a918847df1f3a95e7501c28fdd0f b5e399b9ed76f9687b0691aeaf303989 fcc4a39cc6f5c94ba268a02f13350c56 0dcfff6ecd68539c58781c00e9874b53 8c3801ddfa4777f3b58f2385112bd1e3 df7885a9a69c5bbb3866a30b31744a1f b2e7e4f2625f414546cfe099173d37f2 09f8fe0946bd6dcc6b41bbd1aaf00436 33addc9de8ab5247f336211ef9c015d0 afe58d2b22065a51a81a9ee03bb177e4 98ef5c8ee8c37debb35b4be7bd4795e0 2159657aefb7e679864d794266a230ee 2ac681c5b3c5f6dfbec713aa00a75df0 e3de03a595f64256ad9506e5bb05bae0 96751ce807d72d437018d97d63a82d54 707833a0c9377312de2eb3517fdb06c5 f366c3f53d8d39a0ed258b6904b570f9 2690790d45e14b5309731b86f5ee88ad b991a6bb83d0e60552ac441c7f2b2ba7 1d3804bb3efe9e97cc9405c3c277ec02 1ced5441f663014c78796844a672ac99 abf2b770c25ce0f593b8cf5aa603d3f8 84e4e07f2983d5f4f03731c3baaac83f d8cb2cc83f823e502ae6ca24ff65a9d8 8536c90069d133cfef77f70647911d05 e4363b38b9f803e5f7127240de2bcd55 2a4482240e2e4205973fcbd13023400a ef2978fa60e61107842ea4a9fba29a94 9d9369aa0bf820fde4ec8beca7ed9a9c 1f64e8ec3d4dc75fca197ed080c5ea58 f2854c347f1df295c8665ed0c3cee408 219f71b053b5adfdc10bc981a914840a 94f545526d60f3d9791023dec171c4de 175b6bee59231a8f0821de0ef3e62708 c3a909e0c962aea9294434c2ecd8f625 f703e49dbf9f78f77b299cc0b2cef2d0 e7a7868d5f63a672fd7a87480dc6bb77 ec6963d22bb68e0ec3024fb8d4b6cd40 SUSE LINUX 9.3: b64d7ea34f122ff8e4ee5dc84c93b88f 76629e3c134e05c294d5ee117544acc2 9fb5247d927e2b32f79a434358082e33 1a6e808bc51cb4ba8c030c6dd3c5702c 83a2ec6069c1ee73be65ff7639111294 b2f89a8fd833330d7181b370fa3aadf8 c8fb2468da1145b1d3a0185bd5a966b0 0b421bcafe05955dc6c36cfbfb43ee58 913d64b9b6cae70aa6052c995e44a226 768f56aee0e7e87980b5fca599c00017 5aeef12f372eb3c9dfc0e74bf59fbcca afa6ce46410733abef5979f8abfdeb04 58ab5812623571cc7f9414a4e03949c9 a2d6221d6bded4e29c14b96da228e72d d1166b80e8548e8f6e812191a2184505 71990d9cf8819507c6bd69270335d50c 71b45ae6fc694a409d3a75efe7996551 e311d27cc61cd047f2fb8ee5fd37fa5d 0ffdb01631d22f06cfea0c8b0010030b b37021436773bde8fb80fd1ce600cc2c 8e25e4d8a92e0b0000517dd29b3413e6 cba8aef706c8a77bbbe1f635465ffcdb fe6738ae4f9f9e0f01b21ffac3b82f0c 41935fd3c56d91600938ccc257428adc 7e610b3b503d663c46fc3e5649b729ec 542df95c1575f41ff5fa41e205f4cbc3 1e5916878e1b6878b48beb3c01a5acb3 0262910f143b23d984ba50b2e08f2361 ff696b891fea9466a6e79d823870727b 5a6d4ce953115979cc1d871b4db3e070 45da7460e75de58b6908dba002e0544b fbf8501fcabb5524d52c7f38f005d01a 984403d4e005c35544e513c5652f3fff b7ba99118504fab1f9be54dec3bccb67 7e86de685685af5f0876a375a54a03de ab74c1e6f503b99867a481e61f16d43f 7605693d2583717f368a255944a27cb5 d1a33171f22821d2c0805544d5d6983a 93c363acc0194d21d9f5c27585d833fc 3f17403906b03dd1ab8a4ddbff7f6bf8 63b9061a3c379a19b1225a03920f91fa 13fd64117d5407e7f6ca87ba22500049 PowerPC Platform: openSUSE 10.2: 49370a0dac0af9a5d35b9c3b28d766ad 91bdda88f54fc85e17b0e9f00a95518b 4e7a334891c9e5049aee295b8a4c4b63 5958c63254a663131ce88a052983638a 09fb2c7747dd2f37e7cfced288d1e171 3e22fb6fa31665f53a4b94bb12e7b18e 9e3d96b8b3f86b7fa2460b6f7c7d82c5 c49f1ef80d881fd5c8e545ebaa7b00cd e1d39a0fa46bbabe26e04885f35a5f28 90c6e1db4a5b488ccc7699eb22afdc88 c9f97777204d0a881a7c42e01bb16f04 6c8777fe96a505a132b223ac8b21056a b7b9e653f01e0cbc0bbe485e53ad81f1 35065a9c2a2b857b2f00f7b1a3e73c0c 987da01184a438f28dc3c8f7cbc0b56c 76c973da08f1d782a951374d474283f4 fa821e797ecd0276bb88a0528d67405b 1cd3cfabdb8dd36b7c3e7ee15c8e0404 dfc209b1fee0fb75039bac84717a2370 ba18af0da3667f2dcc87aea49cb13073 59d20f1fe24c3d70f5fea4a1233cfdf6 08f9b28ff19364d8eb4fd29642264038 5fdb9372584b410de2501d7cd0908f8e e077f3a24ea9bab13f22065ac51abd9c fb14edcb82d13d48250488160fc96f2b 27f8a733b70b5b3df9bcab5fd2e26605 SUSE LINUX 10.1: 96a8765eb048051895047b98b14cef79 7f152ba79bf24394a3db4e1a4746fd9b 8452c7f97658cc67fc7696b1cf5e2202 6d89109092b50b323f529251c5b8dfa9 11e429790c8c3b273a8fe5d3de2a5730 de04a3a5aaf7794e9b62d1921f6ab19b a8849faaa13421176972ea3304e19aaf 8abedac9d65993b5505abb8bde861df9 1cf5ba89a4301274e0f6522fbf46786b 9073d1860574d46aadfe11d3221e0f2c fad3f6cd03fa37ea5bed275d9d802bcb e5a6b5b333829d8e479edb9c26b70e2a 8a6b54dec45bbe4890c3bc6d221fbd22 5a15f6184aed34830276f59a8d441e35 7ff6fbf4934a09ba47d09f6fb1c992ae 6978dbf06c3a6e8bd1c159ef3b84c46a cd5c52bb5d8864869fa0882687a4a40a 444322bafbe6c41f59320cdf08c3ee8e 726ec744656ac7100a0cd7d4b1d1a4fc 22559ce0e3c5c525f38f989238d1684b 55bb9238a9932d679206f329d0c209ac afac8eb1a744c9dd4613d19cf95f651c db6069e3f3e98706463eb73bdd7729f6 d7f0ec56d89508cdb6b02e1c9cce6cf5 e194b94cc138f9765fb582afa9ef091f a5c84f731f22831ee6ccbe4b13435247 SUSE LINUX 10.0: 2e07d17e6a777b893c9526c9db744996 760d7139a5d09b2d012112d32058a618 1dfa7c78ff075809dff0a5471a1a88b6 32e9ad8b13d43b28335e567e5a48eed6 40ff643bebdfd44a38af18554f29ab9e 59d340c1856945f0165b04c1f2420e24 f3bff51a10bf47b8443b59947c9195c9 e76e10edac3c6484152704068f9c0bb5 7ae3436f4ee555608ac8c9e4aebe2b35 d63bfae1763e0b3ad03f68ee8bb1de18 05e60500a1e87eaa1baac699682efeea 63980ae15254d7394ed32bc954522295 0c888a0c88659d4bf5471a3be5f0831a 273438360f55e1207d096eb2156bdfe8 d99a9ad906511d7d11e19bb11da7284f 2cfbfa4449c283f946c62053e28e47cb 1d7704379ba7118f307da5351a426ed5 0681bfaa2b5e66a6c1f02acb262700f3 94481066b3a4c00263529fe7b5cdc696 3d4c9be7f6bce2ee3b09b8d1ea1a3927 005a5b23fbd021818b4307c8a9509832 75cc453f1128bce8513159bfb86fb1ff 05048c18601503c8ffdeab2b0a1635c1 5af7337aa8964eb2eadb0d22c40ecb79 45746aacd4d4beb608249d0fe7d18da2 118b9ac1abf8b214938272bbde0bf38b dfe7ef4c738ea4506092c07d77889e61 f5490695fbaa5bde29f0b59c58622b0c 7a4e24ba512e78dfecebc2f6ec1e436d 2129bba97312f6c3071fbbdab99d07f7 533ebb1bfe2af508654e4444cf94f591 c2c34c2c8d46416cb181f0dfac480cf9 059f696f5241cfad83f450f0022fd925 657db304cbbe3ee7971495d1eb5191d2 1657b02e4c593b193a26d1d1f34c5004 cd53e8ea3ed08ac9be063cc5f742dcd8 6e6b8cf312472043135f7b7a993c24e4 8670cdcffb49b9b611d117a52342bf84 26223d4dcd3942c504c9da98e12e5907 x86-64 Platform: openSUSE 10.2: 6fc7baec7b5ec5ca6d3d07d74827aecc c66d9af139ad3b400508853dfeda09fd 8035f925c26a0d4fb06e91e54b8c6d05 17dd2121b6710e9ba18210ef531bec1e d95da72c9e77724d3b603ede1bb9c914 80ad1109a779bfab84da41ad3207ef71 5c23b8279a5a7073de28c855983214b1 9cb38772ebb7de686872c6d82d648ab0 99feebfe9a7630874a604af784f181f1 1df97f146a31b34de52bda12a845112a 0860a628bc53fb46d396e594e62cd3fd 8b08709305f9a322df6de8e3f6bccf27 a82697ed69ed138c77213abbebfcf853 56376e6c7983e3232a786ce3b7be4aa7 68e744f409ece9e3ebb54e1635cbea81 8ad060629c9e4ecee5f4e5b1bead92e6 bf08f399b780a8eefd9a1f573c780932 e65570a8f2ea458189ff915928473b5b db54468157f4a51fe8326c873b8d1549 00a8f2f1950d34746791d59261f5fb1a 1530d575261ccd4b23c001d2312933f4 c4dbd19e34ab84061524cadbe7cd2c4e 192f1ff8ae9bb423185a62a28e521ad7 98e74d43115262bf5c2acba07f465fbe b025401b4013248ec586278e3d1ce23b 9cdcaee5b2f2e5c0c980e18168c321af SUSE LINUX 10.1: 4fd8d3fa9744edd5d7f83f95efde8dbf f0c2f62a61536c536fc7823604f535ae af10d837432c9c73f1dba82d638cd3b2 3d16d559e804d068804c7309357ce14a c2f82c5c554f2ff5fd94c427245f6075 ada96bd2d11eefbae636d523f0a907fa aaf4d830ec47a2414d0549d8d2ec54d2 f765f9ffc0227e75c5bed9da63a83b57 3b2ea32c19c591563c7b190f250b7cea ff5fc5fcc18190628c179273efcb0fc0 36e911e68dd41699ba5204709b77a92e c9ff817e3e3567ae57208f4741fae3a6 39c26262a603f6435621efb4bedcc466 e281185be8f10044c02c8fd072c50f75 e1c9750409ed17ff024d6921d06f5eb2 bb2606332148cc2ccb43421e95364fa0 b75e42616ee017fa1af98ef0fb9abdfc aa3d99e202f326161d32a5492c95fd15 2c4e75b9d7bc4fc950e64caa9d8849f2 09042a4bb4fe75fe1d13910dc3b271be 3ec76fa30dce97bf39a38b30349487a0 0cb6f0ca7ca0d4ed78b60e99fc510b38 742992ef40458fa2b94c9d1405d92701 d1251f1b468f444e858b8be6c60e6a77 90c1320bbc5e7354ba9d189a152c4559 1e79521e5a2febd20ccfa3b0573c3432 SUSE LINUX 10.0: 925516a11b920e10489c1cf5bdf871eb f6f15dc828084191ec5d2e2641638371 d8285a7d9a4631a3b136e3df02905ac4 d1dea83ebba87c93da8c0c10cc50518f 7f8be06667f3be70c50fff464396bc00 f326c18b79cb38ae322d6fa4d017fc33 0eae16871bdded2a254141349320cdc3 e77f72fa9dcd5c221b95a72a7d28392f a0a6b70c368de79f4dc67e08ba669d38 81f36a9101e13af4851cfd3352c970b8 6446a1e4eaa2d7491d7e6cf77bafc605 4b1dd084f492c2146461978c4b32e3f4 2a376b42917264e6ca0272071394eca6 a277896ba45191dfc4e8c1f227101aa3 3a174a8827455f05f31cbcb64365c7ff de9be6eb9df1d511643e2556d8db3e15 8de27ff48379f08e3432ca68796fe4fb 302e716290d6d25fe5e2856d686e1e6d 67c3765f4c290ec2374601cb37fb14dc 84e87d9548fdc8e58d25c21b32785d61 412ee31631d23f0ea69a49b6f3476855 5d665cecdb179352d9daee78ae341d3c 8e73ad5f45a549b415e2f0377de76a90 03a0a80e990d92e864d48bcd60c95677 bc51d867ec17930815a177831072f623 797ac418702fa602aae8954c9015d613 00e4f452b244b388f992ce71e0877b2d a30de85bf0749d4d2926b65d24234c4c 063d3d4eb77d8c6d3fff329384f02c0a 70464454a2fceab33e4cea0b254d7e51 df8ff7a4420eb8ba7033f333a87bae43 d22609c830fe2374d836acd72396740f 3c3c04769a76c72ecc861a2885e17ec7 30d795b17a5466d9b084804558ad9752 df3ef7d2905ae6d7cf142b32f572aad6 4c7cc9ec050f864d7a59a7279cddeaa7 25c9dce3ae41bb304979a849e4053442 d342f0ede7e2c551981c0c21da51e730 c7112ad40246f8266184ec7ef8b7d3fa dbf8bf0d818a3546bc6afb376c89b401 87332ebcf13f46c8b5c688cab2866058 f2c73bc637cd12522ae8c86f70a62ad1 SUSE LINUX 9.3: 24c98fc36a7faedeb779ee3b4e7f73d5 f149fb043389b18f07636d5420d04859 e4b857236ec89f4df684f395fe2a61f7 19beaafa8455cb98942d0f3d5b02040b 020249f005fc4c83ddc82d93a9af555d b5f0f23719fee99f7be239f4626bfaf8 c107e9024a50fa776cc86f1b92772b38 32e519b534c9cb80317846887c72ed48 05364fe8e32876398df9969cdc3449d3 ec18bfb5c0951198107b689ebb10ad43 1e16bdfb510fb7fa16d83f8b4cd0785f 2b55db2d8f7e96ede5620e0d8f7eae1f 1ba53024f74739ce15112572c2a4bda0 61a8c92d790f1c57de862ca0a9f4ecb4 5f29a4a5e1070e69392839babfc9d807 df12f1e25c87c6759e9345e43b581aad 0dd8c6e5334e71c05d9ca288d47d02cc 90c2e65ea424eec06c2bfa8f66e3723a 37037d199b1b98deaac852867a598c40 49e60a5c8a34eb49259d7715ec41997f ec2da88d11ffc3f4bd44e208b5a067fa 7d92a633ec5c977ec9a6a397c95f6b93 3e8bd1deb04c3c43f6cb93c48f71aba8 e7e43bd96742374b7ab5863b685a28b3 d5b0ab6c51eed967c8349436bcfdff45 cdef9f778140ce0b1e1341c7825a44af 591036b10c3fd895ec839670e2ed054d d93d1069b2fa4d18c362ce32196b3e28 165d04fe427b8aa5156a5e25e382855b dec99b3448519cc4de53ecc46de2d857 d59f0276ea7d364677954f97b4d75a34 758be866ae6ac8579d2f35f061832b72 aaff90fa07e919e693d28775d8bb9836 d37113b54225deaf5429e0a500ab1bce 3b18b0e056a97101eaacdfb6ba0afb66 5a2d02e6e6ee2d9f1d835084356598bb 1df56255aeaacdbb2f3cda07f4415bc0 2d1022c22576ab61220752954d3d2c6b 61ccceb26be012b279c3ad6c7caefd64 3a21ebb1f5044c1230b4951bb49b3108 368d4b69de42fd1710c7e0d2578fe124 8e19f2b753c8db27b07fb9fa19390e78 0ab3c2307a3acf9da9fda3f7b7fc58d1 Sources: openSUSE 10.2: a1df0dc4add87807ff937b0b03d3e2f1 SUSE LINUX 10.1: 1d5a89b185eb0dd5a5b62f4b711dc2ac SUSE LINUX 10.0: bc4579898653534197b3203e5b2c8c17 6993a1bafdb3a19e1a66e5eda2d862ef SUSE LINUX 9.3: f87c049c55af281c456769dc620b0ee7 ce9e2f1c8500dbb0b8b1edead40d2550 Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: SUSE SLES 10 http://support.novell.com/techcenter/psdb/f36e1cd46e4c288ce275fae334efd2b8.html SLE SDK 10 http://support.novell.com/techcenter/psdb/f36e1cd46e4c288ce275fae334efd2b8.html Open Enterprise Server http://support.novell.com/techcenter/psdb/9331ab8ca1a0615674f5dd979bd4b413.html Novell Linux POS 9 http://support.novell.com/techcenter/psdb/9331ab8ca1a0615674f5dd979bd4b413.html SUSE SLES 9 http://support.novell.com/techcenter/psdb/9331ab8ca1a0615674f5dd979bd4b413.html UnitedLinux 1.0 http://support.novell.com/techcenter/psdb/301e29c1284be2d64596c7d1fbd6cca0.html SuSE Linux Openexchange Server 4 http://support.novell.com/techcenter/psdb/301e29c1284be2d64596c7d1fbd6cca0.html SuSE Linux Enterprise Server 8 http://support.novell.com/techcenter/psdb/301e29c1284be2d64596c7d1fbd6cca0.html SuSE Linux Standard Server 8 http://support.novell.com/techcenter/psdb/301e29c1284be2d64596c7d1fbd6cca0.html SuSE Linux School Server http://support.novell.com/techcenter/psdb/301e29c1284be2d64596c7d1fbd6cca0.html SUSE LINUX Retail Solution 8 http://support.novell.com/techcenter/psdb/301e29c1284be2d64596c7d1fbd6cca0.html ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify replacing with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team " where is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of therpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig to verify the signature of the package, replacing with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from This email address is being protected from spambots. You need JavaScript enabled to view it. with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by This email address is being protected from spambots. You need JavaScript enabled to view it.), the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: This email address is being protected from spambots. You need JavaScript enabled to view it. - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to . This email address is being protected from spambots. You need JavaScript enabled to view it. - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to . ==================================================================== SUSE's security contact is or . The public key is listed below. ==================================================================== . Urgent advisory for PHP on SUSE Linux highlights critical risks from remote code execution vulnerabilities and essential bug fixes requiring immediate attention. SUSE Security Update, PHP Fix, Remote Code Execution, Bug Patch. . LinuxSecurity.com Team

Calendar 2 Mar 15, 2007 SuSE
Banner 1 1028x280 1708121660 1771599717
200
Ls Advisories Scientific Esm H240
Price Tag 1security advisorycriticalsecurity fix

Security Advisory Update for Thunderbird on Scientific Linux SL 301-308

Updated thunderbird packages that fix several security bugs . Date: Mon, 5 Mar 2007 16:49:35 -0600 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: ERRATA for "thunderbird" on SL 301,302,303,304,305,307,308 i386,x86_64 now available Comments: To: This email address is being protected from spambots. You need JavaScript enabled to view it. The following ERRATA for SL 301,302,303,304,305,307,308 i386,x86_64 are now available from: Synopsis: Updated thunderbird packages that fix several security bugs are now available for Scientific Linux 3 Severity: critical Issued on: 2007-03-02 CVEs: CVE-2007-0981 CVE-2007-0775 CVE-2007-0777 CVE-2007-0779 CVE-2007-0778 CVE-2007-0008 CVE-2007-1092 CVE-2007-0995 CVE-2007-0994 CVE-2007-0996 CVE-2007-0780 CVE-2006-6077 CVE-2007-0009 CVE-2007-0800 SRPMS thunderbird-1.5.0.10-0.1.SL3.src.rpm i386 thunderbird-1.5.0.10-0.1.SL3.i386.rpm x86_64 thunderbird-1.5.0.10-0.1.SL3.x86_64.rpm --Troy Dawson --Connie Sieh . New security patches for Thunderbird have been released to address significant vulnerabilities in Scientific Linux versions 301-308.. thunderbird Packages Update, Scientific Linux Security, Bug Fix, Software Update, Security Advisory. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Mar 05, 2007 Critical Scientific Linux
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here