Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
100
security advisorymoderatesoftware updateSUSE: 2018:1489-1 Moderate Security Advisory for Bzr Code Issue
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for bzr ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1489-1 Rating: moderate References: #1058214 Cross-References: CVE-2017-14176 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: Bzr was updated to fix a security issue: - CVE-2017-14176: Avoid code execution using ssh:// url injection (boo#1058214) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-bzr-13637=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-bzr-13637=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): bzr-1.8-3.5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): bzr-debuginfo-1.8-3.5.1 bzr-debugsource-1.8-3.5.1 References: https://www.suse.com/security/cve/CVE-2017-14176.html https://bugzilla.suse.com/1058214 . Ubuntu Security Notice for git resolves a low-severity vulnerability related to http url manipulation. Implement suggested patches.. SUSE Security Update,bzr Patch,Moderate Severity Fix,ssh URL Injection. . LinuxSecurity.com Team
Jun 01, 2018
SuSE
172
security advisorymoderateremote code executionUbuntu 12.04 ESM: USN-3411-2 Moderate: Bazaar Remote Code Execution
Bazaar could be made run programs as your login if it opened a specially crafted URL.. =========================================================================Ubuntu Security Notice USN-3411-2 October 24, 2017 bzr vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 ESM Summary: Bazaar could be made run programs as your login if it opened a specially crafted URL. Software Description: - bzr: easy to use distributed version control system Details: USN-3411-1 fixed a vulnerability in Bazaar. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Adam Collard discovered that Bazaar did not properly handle host names in 'bzr+ssh://' URLs. A remote attacker could use this to construct a bazaar repository URL that when accessed could run arbitrary code with the privileges of the user. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM: bzr 2.5.1-0ubuntu2.1 python-bzrlib 2.5.1-0ubuntu2.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-3411-2 https://ubuntu.com/security/notices/USN-3411-1 CVE-2017-14176 . A security flaw in the Bazaar system permits execution of unapproved applications on Ubuntu platforms. Make sure to install updates to resolve the vulnerability.. Bazaar Vulnerability, Remote Code Execution, Ubuntu Update. . LinuxSecurity.com Team
Oct 24, 2017
Ubuntu
197
security advisorydenial of servicecriticalDebian 7 Wheezy DLA-1107-1 Urgent: bzr Denial of Service and Code Execution
CVE-2013-2099 Bazaar bundles SSL certificate checking code from Python, which had a bug that could cause a denial of service via resource . Hash: SHA256 Package : bzr Version : 2.6.0~bzr6526-1+deb7u1 CVE ID : CVE-2013-2099 CVE-2017-14176 Debian Bug : 709068 874429 CVE-2013-2099 Bazaar bundles SSL certificate checking code from Python, which had a bug that could cause a denial of service via resource consumption through multiple wildcards in certificate hostnames. CVE-2017-14176 Adam Collard found that host names in 'bzr+ssh' URLs were not parsed correctly by Bazaar, allowing remote attackers to run arbitrary code by tricking a user into a maliciously crafted URL. For Debian 7 "Wheezy", these problems have been fixed in version 2.6.0~bzr6526-1+deb7u1. We recommend that you upgrade your bzr packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Essential security patches for bzr in Debian tackle vulnerabilities related to denial of service and potential remote code execution threats. It's advisable to perform an upgrade.. Debian Security Update, bzr Denial of Service, SSL Certificate Checking. . Severity: Critical. LinuxSecurity.com Team
Sep 23, 2017
•Critical
Debian LTS
172
security advisorycode executionremote code executionUbuntu 17.04 USN-3411-1: Risk of Code Execution in Bazaar Software
Bazaar could be made run programs as your login if it opened aspecially crafted URL.. =========================================================================Ubuntu Security Notice USN-3411-1 September 06, 2017 bzr vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.04 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Bazaar could be made run programs as your login if it opened a specially crafted URL. Software Description: - bzr: easy to use distributed version control system Details: Adam Collard discovered that Bazaar did not properly handle host names in 'bzr+ssh://' URLs. A remote attacker could use this to construct a bazaar repository URL that when accessed could run arbitrary code with the privileges of the user. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.04: bzr 2.7.0+bzr6619-7ubuntu0.1 python-bzrlib 2.7.0+bzr6619-7ubuntu0.1 Ubuntu 16.04 LTS: bzr 2.7.0-2ubuntu3.1 python-bzrlib 2.7.0-2ubuntu3.1 Ubuntu 14.04 LTS: bzr 2.6.0+bzr6593-1ubuntu1.6 python-bzrlib 2.6.0+bzr6593-1ubuntu1.6 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-3411-1 https://bugs.launchpad.net/bzr/+bug/1710979 Package Information: https://launchpad.net/ubuntu/+source/bzr/2.7.0+bzr6619-7ubuntu0.1 https://launchpad.net/ubuntu/+source/bzr/2.7.0-2ubuntu3.1 https://launchpad.net/ubuntu/+source/bzr/2.6.0+bzr6593-1ubuntu1.6 . Ubuntu Security Notice USN-3411-2 outlines a vulnerability in Bazaar that could enable remote code execution via specially crafted links.. Bazaar Security, Remote Code Execution, Software Update, Ubuntu 17.04. . Severity: Critical. LinuxSecurity.com Team
Sep 06, 2017
•Critical
Ubuntu
89
security advisoryFedorabug fixFedora 21 bzr Security Update: Addressing CVE-2013-7440 DoS Issue
Security fix for CVE-2013-7440. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-11995 2015-07-28 22:47:08 -------------------------------------------------------------------------------- Name : bzr Product : Fedora 21 Version : 2.6.0 Release : 7.fc21 URL : Summary : Friendly distributed version control system Description : Bazaar is a distributed revision control system that is powerful, friendly, and scalable. It is the successor of Baz-1.x which, in turn, was a user-friendly reimplementation of GNU Arch. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2013-7440 -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 21 2015 Petr Stodulka - 2.6.0-7 - use match_hostname from python-backports-ssl_match_hostname instead of copy of match_hostname from Python3 (#1230678) - added requires for python-backports-ssl_match_hostname -------------------------------------------------------------------------------- References: [ 1 ] Bug #1224999 - CVE-2013-7440 python: wildcard matching rules do not follow RFC 6125 https://bugzilla.redhat.com/show_bug.cgi?id=1224999 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update bzr' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Aug 15, 2015
•Critical
Fedora
89
security advisoryFedoraDoSFedora 22: Critical DoS Vulnerability Updates for Bzr Now Available
Security fix for CVE-2013-7440. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-12001 2015-07-28 22:47:21 -------------------------------------------------------------------------------- Name : bzr Product : Fedora 22 Version : 2.6.0 Release : 8.fc22 URL : Summary : Friendly distributed version control system Description : Bazaar is a distributed revision control system that is powerful, friendly, and scalable. It is the successor of Baz-1.x which, in turn, was a user-friendly reimplementation of GNU Arch. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2013-7440 -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 21 2015 Petr Stodulka - 2.6-8 - use match_hostname from standard ssl library instead of copy of match_hostname from Python3 (#1230678) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1224999 - CVE-2013-7440 python: wildcard matching rules do not follow RFC 6125 https://bugzilla.redhat.com/show_bug.cgi?id=1224999 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update bzr' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Aug 15, 2015
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!