Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
100
security advisoryvulnerabilitySUSESUSE: 2022:2891-1 Important: Freerdp Input Checks Security Fix
An update that fixes two vulnerabilities is now available. . SUSE Security Update: Security update for freerdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2891-1 Rating: important References: #1191895 Cross-References: CVE-2021-41159 CVE-2022-41160 CVSS scores: CVE-2021-41159 (NVD) : 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N CVE-2021-41159 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for freerdp fixes the following issues: - CVE-2021-41159: Fixed improper validation of client input (bsc#1191895). - CVE-2022-41160: Fixed improper region checks (bsc#1191895). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2891=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-2891=1 - SUSE Linux Enterprise Module forPackagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2891=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): freerdp-2.1.2-150200.15.18.1 freerdp-debuginfo-2.1.2-150200.15.18.1 freerdp-debugsource-2.1.2-150200.15.18.1 freerdp-devel-2.1.2-150200.15.18.1 freerdp-proxy-2.1.2-150200.15.18.1 freerdp-proxy-debuginfo-2.1.2-150200.15.18.1 freerdp-server-2.1.2-150200.15.18.1 freerdp-server-debuginfo-2.1.2-150200.15.18.1 freerdp-wayland-2.1.2-150200.15.18.1 freerdp-wayland-debuginfo-2.1.2-150200.15.18.1 libfreerdp2-2.1.2-150200.15.18.1 libfreerdp2-debuginfo-2.1.2-150200.15.18.1 libuwac0-0-2.1.2-150200.15.18.1 libuwac0-0-debuginfo-2.1.2-150200.15.18.1 libwinpr2-2.1.2-150200.15.18.1 libwinpr2-debuginfo-2.1.2-150200.15.18.1 uwac0-0-devel-2.1.2-150200.15.18.1 winpr2-devel-2.1.2-150200.15.18.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): freerdp-2.1.2-150200.15.18.1 freerdp-debuginfo-2.1.2-150200.15.18.1 freerdp-debugsource-2.1.2-150200.15.18.1 freerdp-devel-2.1.2-150200.15.18.1 freerdp-proxy-2.1.2-150200.15.18.1 freerdp-proxy-debuginfo-2.1.2-150200.15.18.1 libfreerdp2-2.1.2-150200.15.18.1 libfreerdp2-debuginfo-2.1.2-150200.15.18.1 libwinpr2-2.1.2-150200.15.18.1 libwinpr2-debuginfo-2.1.2-150200.15.18.1 winpr2-devel-2.1.2-150200.15.18.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): freerdp-2.1.2-150200.15.18.1 freerdp-debuginfo-2.1.2-150200.15.18.1 freerdp-debugsource-2.1.2-150200.15.18.1 freerdp-devel-2.1.2-150200.15.18.1 freerdp-proxy-2.1.2-150200.15.18.1 freerdp-proxy-debuginfo-2.1.2-150200.15.18.1 libfreerdp2-2.1.2-150200.15.18.1 libfreerdp2-debuginfo-2.1.2-150200.15.18.1 libwinpr2-2.1.2-150200.15.18.1 libwinpr2-debuginfo-2.1.2-150200.15.18.1 winpr2-devel-2.1.2-150200.15.18.1 References: https://www.suse.com/security/cve/CVE-2021-41159.html https://www.suse.com/security/cve/CVE-2022-41160.html https://bugzilla.suse.com/1191895 . Essential patches released for Freerdp in SUSE updates tackling several significant vulnerabilities.. SUSE Security Update,FREERDP,Critical Fixes,Client Input Checks. . Severity: Important. LinuxSecurity.com Team
Aug 25, 2022
•Important
SuSE
172
security advisorydenial of servicearbitrary code executionUbuntu 18.10 and 18.04 LTS: USN-3845-2 Security Advisory for FreeRDP
Several security issues were fixed in FreeRDP.. ========================================================================Ubuntu Security Notice USN-3845-2 May 28, 2019 freerdp vulnerabilities ======================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.10 - Ubuntu 18.04 LTS Summary: Several security issues were fixed in FreeRDP. Software Description: - freerdp: RDP client for Windows Terminal Services Details: USN-3845-1 fixed several vulnerabilities in FreeRDP. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 18.10. Original advisory details: Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8784, CVE-2018-8785) Eyal Itkin discovered FreeRDP incorrectly handled bitmaps. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-8786, CVE-2018-8787) Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8788) Eyal Itkin discovered FreeRDP incorrectly handled NTLM authentication. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8789) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10: libfreerdp-client1.1 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.10.1 Ubuntu 18.04 LTS: libfreerdp-client1.1 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-3845-2 https://ubuntu.com/security/notices/USN-3845-1 CVE-2018-8786, CVE-2018-8787, CVE-2018-8788, CVE-2018-8789 Package Information: https://launchpad.net/ubuntu/+source/freerdp/1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.10.1 https://launchpad.net/ubuntu/+source/freerdp/1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 . Several FreeRDP security issues in Ubuntu addressed in this advisory. Updates include critical threats to services.. FreeRDP Security Issues, Ubuntu Update Advisory, Denial of Service, Arbitrary Code Execution. . Severity: Critical. LinuxSecurity.com Team
May 28, 2019
•Critical
Ubuntu
89
security advisoryFedoraupdate informationFedora 23 Subversion Security Advisory: Integer Overflow Fixes
This update includes the latest stable release of _Apache Subversion_, version **1.9.3**. ### User-visible changes: #### Client-side bugfixes: * svn: fix possible crash in auth credentials cache * cleanup: avoid unneeded memory growth during pristine cleanup * diff: fix crash when repository is on server root * fix translations for commit notifications * ra_serf: fix crash in. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-afdb0e8aaa 2015-12-22 17:48:56.359287 -------------------------------------------------------------------------------- Name : subversion Product : Fedora 23 Version : 1.9.3 Release : 1.fc23 URL : https://subversion.apache.org/ Summary : A Modern Concurrent Version Control System Description : Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subversion is intended to be a compelling replacement for CVS. -------------------------------------------------------------------------------- Update Information: This update includes the latest stable release of _Apache Subversion_, version **1.9.3**. ### User-visible changes: #### Client-side bugfixes: * svn: fix possible crash in auth credentials cache * cleanup: avoid unneeded memory growth during pristine cleanup * diff: fix crash when repository is on server root * fix translations for commit notifications * ra_serf: fix crash in multistatus parser * svn: report lock/unlock errors as failures * svn: cleanup user deleted external registrations * svn: allow simple resolving of binary file text conflicts * svnlook: properly remove tempfiles on diff errors * ra_serf: report built- and run-time versions of libserf * ra_serf: set Content- Type header in outgoing requests * svn: fix mergingdeletes of svn:eol-style CRLF/CR files * ra_local: disable zero-copy code path #### Server-side bugfixes: * mod_authz_svn: fix authz with mod_auth_kerb/mod_auth_ntlm ( [issue 4602]()) * mod_dav_svn: fix display of process ID in cache statistics * mod_dav_svn: use LimitXMLRequestBody for skel-encoded requests * svnadmin dump: preserve no-op changes * fsfs: avoid unneeded I/O when opening transactions #### Bindings bugfixes: * javahl: fix ABI incompatibilty with 1.8 * javahl: allow non- absolute paths in SVNClient.vacuum ### Developer-visible changes: #### General: * fix patch filter invocation in svn_client_patch() * add \@since information to config defines * fix running the tests in compatibility mode * clarify documentation of svn_fs_node_created_rev() #### API changes: * fix overflow detection in svn_stringbuf_remove and _replace * don't ignore some of the parameters to svn_ra_svn_create_conn3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1289959 - CVE-2015-5343 subversion: (mod_dav_svn) integer overflow when parsing skel-encoded request bodies https://bugzilla.redhat.com/show_bug.cgi?id=1289959 [ 2 ] Bug #1289958 - CVE-2015-5259 subversion: integer overflow in the svn:// protocol parser https://bugzilla.redhat.com/show_bug.cgi?id=1289958 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update subversion' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailinglist
Dec 22, 2015
•Important
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!