Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
203
security advisorydenial of servicecriticalMageia 7: 2021-0019 Critical Cherokee Denial Of Service
Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokee_buffer_add call within cherokee_validator_parse_basic or cherokee_validator_parse_digest. . MGASA-2021-0019 - Updated cherokee packages fix security vulnerability Publication date: 10 Jan 2021 URL: https://advisories.mageia.org/MGASA-2021-0019.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-12845 Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokee_buffer_add call within cherokee_validator_parse_basic or cherokee_validator_parse_digest. (CVE-2020-12845). References: - https://bugs.mageia.org/show_bug.cgi?id=27736 - https://www.cve.org/CVERecord?id=CVE-2020-12845 SRPMS: - 7/core/cherokee-1.2.103-17.1.mga7 . Apache 2.4.41 to 2.4.54 has a potential remote code execution vulnerability due to an integer overflow caused by specially crafted HTTP headers.. Cherokee Update, Mageia Security, Denial Of Service Fix, Server Crash Risk. . Severity: Critical. LinuxSecurity.com Team
Jan 10, 2021
•Critical
Mageia
91
security advisorydenial of serviceGentooGentoo: GLSA 202012-09 Low Severity: Cherokee DoS Advisory
Multiple vulnerabilities have been found in Cherokee, the worst of which could result in a Denial of Service condition.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202012-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Cherokee: Multiple vulnerabilities Date: December 23, 2020 Bugs: #715204 ID: 202012-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in Cherokee, the worst of which could result in a Denial of Service condition. Background ========= Cherokee is an extra-light web server. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-servers/cherokee
Dec 23, 2020
•Low
Gentoo
89
security advisorymoderateupdateFedora 21: FEDORA-2015-6392 Moderate Cherokee Authentication Bypass
Resolves bz 1114461 - CVE-2014-4668 cherokee: authentication bypass when LDAP server allows unauthenticated binds. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-6392 2015-04-18 05:44:32 -------------------------------------------------------------------------------- Name : cherokee Product : Fedora 21 Version : 1.2.103 Release : 6.fc21 URL : http://cherokee-project.com/ Summary : Flexible and Fast Webserver Description : Cherokee is a very fast, flexible and easy to configure Web Server. It supports the widespread technologies nowadays: FastCGI, SCGI, PHP, CGI, TLS and SSL encrypted connections, Virtual hosts, Authentication, on the fly encoding, Apache compatible log files, and much more. -------------------------------------------------------------------------------- Update Information: Resolves bz 1114461 - CVE-2014-4668 cherokee: authentication bypass when LDAP server allows unauthenticated binds -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 15 2015 Pavel Lisý - 1.2.103-6 - Resolves bz 1114461 - CVE-2014-4668 cherokee: authentication bypass when LDAP server allows unauthenticated binds - Resolves bz 1094901 - cherokee: script and/or trigger should not directly enable systemd units - Resolves bz 959170 - cherokee-worker and cherokee-admin want to use execstack (EL5) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1114461 - CVE-2014-4668 cherokee: authentication bypass when LDAP server allows unauthenticated binds [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1114461 [ 2 ] Bug #1094901 - cherokee: script and/or trigger should not directly enable systemd units https://bugzilla.redhat.com/show_bug.cgi?id=1094901 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update cherokee' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Apr 27, 2015
•Important
Fedora
89
security advisorycriticalFedoraFedora 20: SECURITY: Cherokee Authentication Bypass Critical Update
Resolves bz 1114461 - CVE-2014-4668 cherokee: authentication bypass when LDAP server allows unauthenticated binds. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-6279 2015-04-18 05:39:28 -------------------------------------------------------------------------------- Name : cherokee Product : Fedora 20 Version : 1.2.103 Release : 6.fc20 URL : http://cherokee-project.com/ Summary : Flexible and Fast Webserver Description : Cherokee is a very fast, flexible and easy to configure Web Server. It supports the widespread technologies nowadays: FastCGI, SCGI, PHP, CGI, TLS and SSL encrypted connections, Virtual hosts, Authentication, on the fly encoding, Apache compatible log files, and much more. -------------------------------------------------------------------------------- Update Information: Resolves bz 1114461 - CVE-2014-4668 cherokee: authentication bypass when LDAP server allows unauthenticated binds -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 15 2015 Pavel Lisý - 1.2.103-6 - Resolves bz 1114461 - CVE-2014-4668 cherokee: authentication bypass when LDAP server allows unauthenticated binds - Resolves bz 1094901 - cherokee: script and/or trigger should not directly enable systemd units - Resolves bz 959170 - cherokee-worker and cherokee-admin want to use execstack (EL5) * Sat Aug 16 2014 Fedora Release Engineering - 1.2.103-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering - 1.2.103-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Wed Mar 5 2014 Toshio Kuratomi - 1.2.103-3 - Remove the upstream cherokee logo due to: https://pagure.io/fesco/issue/1230 * Sat Aug 3 2013 Fedora Release Engineering - 1.2.103-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Thu May 16 2013 Pavel Lisý - 1.2.103-1 - latest 1.2.x upstreamrelease - Resolves bz 961057 - RFE: Cherokee 1.2.103 is available - Resolves bz 961056 - RFE: Cherokee 1.2.103 is available - Resolves bz 954199 - cherokee 1.2.103 is available - Resolves bz 958337 - Update request for Cherokee - Resolves bz 858542 - Cherokee should not be built with trace/backtrace support for performance -------------------------------------------------------------------------------- References: [ 1 ] Bug #1114461 - CVE-2014-4668 cherokee: authentication bypass when LDAP server allows unauthenticated binds [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1114461 [ 2 ] Bug #1094901 - cherokee: script and/or trigger should not directly enable systemd units https://bugzilla.redhat.com/show_bug.cgi?id=1094901 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update cherokee' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Apr 27, 2015
•Critical
Fedora
89
security advisorymoderatefedoraFedora 22 FEDORA-2015-6194 Moderate: Cherokee Authentication Bypass
Resolves bz 1114461 - CVE-2014-4668 cherokee: authentication bypass when LDAP server allows unauthenticated binds. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-6194 2015-04-17 17:08:15 -------------------------------------------------------------------------------- Name : cherokee Product : Fedora 22 Version : 1.2.103 Release : 6.fc22 URL : http://cherokee-project.com/ Summary : Flexible and Fast Webserver Description : Cherokee is a very fast, flexible and easy to configure Web Server. It supports the widespread technologies nowadays: FastCGI, SCGI, PHP, CGI, TLS and SSL encrypted connections, Virtual hosts, Authentication, on the fly encoding, Apache compatible log files, and much more. -------------------------------------------------------------------------------- Update Information: Resolves bz 1114461 - CVE-2014-4668 cherokee: authentication bypass when LDAP server allows unauthenticated binds -------------------------------------------------------------------------------- References: [ 1 ] Bug #1114461 - CVE-2014-4668 cherokee: authentication bypass when LDAP server allows unauthenticated binds [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1114461 [ 2 ] Bug #1094901 - cherokee: script and/or trigger should not directly enable systemd units https://bugzilla.redhat.com/show_bug.cgi?id=1094901 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update cherokee' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announcemailing list
Apr 22, 2015
Fedora
91
security advisorydenial of servicehigh severityGentoo: GLSA-202401-01 Critical: Nginx Integer Overflow Vulnerability
Cherokee contains a format string vulnerability that could lead to denial of service or the execution of arbitary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200411-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Cherokee: Format string vulnerability Date: November 01, 2004 Bugs: #67667 ID: 200411-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Cherokee contains a format string vulnerability that could lead to denial of service or the execution of arbitary code. Background ========= Cherokee is an extra-light web server. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-servers/cherokee = 0.4.17.1 Description ========== Florian Schilhabel from the Gentoo Linux Security Audit Team found a format string vulnerability in the cherokee_logger_ncsa_write_string() function. Impact ===== Using a specially crafted URL when authenticating via auth_pam, a malicious user may be able to crash the server or execute arbitrary code on the target machine with permissions of the user running Cherokee. Workaround ========= There is no known workaround at this time. Resolution ========= All Cherokee users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =www-servers/cherokee-0.4.17.1" Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200411-02 Concerns? ======== Security is a primary focus of GentooLinux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Nov 01, 2004
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!