Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
219
security advisorymoderatesecurity updateRocky Linux 8 RLSA-2021:3081 Moderate Cloud-Init Security Update
Moderate: cloud-init security update. \{'type': 'Security', 'shortCode': 'RL', 'name': 'RLSA-2021:3081', 'synopsis': 'Moderate: cloud-init security update', 'severity': 'Moderate', 'topic': 'An update for cloud-init is now available for Rocky Linux 8.\nRocky Linux Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.', 'description': 'The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts.\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.', 'solution': None, 'affectedProducts': ['Rocky Linux 8'], 'fixes': ['1940967'], 'cves': ['Red Hat:::https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3429.json:::CVE-2021-3429'], 'references': [], 'publishedAt': '2021-08-12T21:08:37.051568Z', 'rpms': ['cloud-init-20.3-10.el8_4.5.noarch.rpm', 'cloud-init-20.3-10.el8_4.5.src.rpm']}\. An important cloud-init security patch for Rocky Linux 8 has been released, addressing vulnerabilities associated with startup scripts.. Rocky Linux Cloud-Init Update, Cloud-Init Security Advisory, Rocky Linux 8 Security Fix. . LinuxSecurity.com Team
Sep 02, 2022
Rocky Linux
98
security advisorysecurity updateimportantRed Hat 6.4 RHSA-2013-0849 Important: KVM Root Access Issue
The Red Hat Enterprise Linux 6.4 KVM Guest Image for cloud instances had an empty root password by default. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: KVM image security update Advisory ID: RHSA-2013:0849-01 Product: Red Hat Common Advisory URL: https://access.redhat.com/errata/RHSA-2013:0849.html Issue date: 2013-05-23 CVE Names: CVE-2013-2069 ==================================================================== 1. Summary: The Red Hat Enterprise Linux 6.4 KVM Guest Image for cloud instances had an empty root password by default. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Description: Red Hat provides a Red Hat Enterprise Linux 6.4 KVM Guest Image for cloud instances. This image is provided as a minimally configured system image which is available for use as-is or for configuration and customization as required by end users. The Red Hat Enterprise Linux 6.4 KVM Guest Image for cloud instances had an empty root password by default. To address this, Red Hat has created an updated image that locks the root password by default. This updated image is now available on RHN. To correct existing Red Hat Enterprise Linux 6.4 KVM Guest Images, any images or systems built using this Red Hat Enterprise Linux 6.4 KVM Guest Image, or any currently running Red Hat Enterprise Linux instances instantiated from this image, users can lock the root password by issuing, as root, the command: passwd -l root Note: The default OpenSSH configuration disallows password logins when the password is empty,preventing a remote attacker from logging in without a password. Root Cause Kickstart can be used to automate operating system installations. A Kickstart file specifies settings for an installation. Once the installation system boots, it can read a Kickstart file and carry out the installation process without any further input from a user. Kickstart is used as part of the process of creating Images of Red Hat Enterprise Linux for cloud providers. It was discovered that when no 'rootpw' command was specified in a Kickstart file, the image creator tools gave the root user an empty password rather than leaving the password locked, which could allow a local user to gain access to the root account (CVE-2013-2069). We have corrected this issue by updating the Kickstart file used to build affected images to lock the password file. This issue was caused by the way a tool was used to create Images, and not due to a security vulnerability in Red Hat Enterprise Linux. To import the image into an OpenStack environment, download the image from Red Hat Network to a system that has the python-glanceclient package installed. Refer to the OpenStack Getting Started Guide, linked to in the References, for information on importing the image into an OpenStack environment. After successfully importing, it is also highly recommended that the "glance delete" command is used to delete any previous versions of the image that exist in the Glance image registry. 3. Solution: The updated image is available from RHN, linked to in the References. 4. Bugs fixed (http://bugzilla.redhat.com/): 964299 - CVE-2013-2069 livecd-tools: improper handling of passwords 5. References: https://access.redhat.com/security/cve/CVE-2013-2069 https://access.redhat.com/security/updates/classification#important https://access.redhat.com 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4(GNU/Linux) iD8DBQFRniBxXlSAg2UNWIIRApctAJ4pgh+eBx9yhMkVFSx4jaZbHBTs6ACgxWaQ Q3S06teWs2skOC1AcFJjkqc=3f+H -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
May 23, 2013
•Important
Red Hat
98
security advisoryRed HatupdateRed Hat 6.4 KVM Guest Image RHSA-2013:0849-01 Important Root Password Issue
The Red Hat Enterprise Linux 6.4 KVM Guest Image for cloud instances had an empty root password by default. The Red Hat Security Response Team has rated this update as having [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Important: KVM image security update Advisory ID: RHSA-2013:0849-01 Product: Red Hat Common Advisory URL: https://access.redhat.com/errata/RHSA-2013:0849.html Issue date: 2013-05-23 CVE Names: CVE-2013-2069 ==================================================================== 1. Summary: The Red Hat Enterprise Linux 6.4 KVM Guest Image for cloud instances had an empty root password by default. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Description: Red Hat provides a Red Hat Enterprise Linux 6.4 KVM Guest Image for cloud instances. This image is provided as a minimally configured system image which is available for use as-is or for configuration and customization as required by end users. The Red Hat Enterprise Linux 6.4 KVM Guest Image for cloud instances had an empty root password by default. To address this, Red Hat has created an updated image that locks the root password by default. This updated image is now available on RHN. To correct existing Red Hat Enterprise Linux 6.4 KVM Guest Images, any images or systems built using this Red Hat Enterprise Linux 6.4 KVM Guest Image, or any currently running Red Hat Enterprise Linux instances instantiated from this image, users can lock the root password by issuing, as root, the command: passwd -l root Note: The default OpenSSH configuration disallows password logins when the password is empty, preventing a remote attacker from logging in without a password. Root Cause Kickstart can be used toautomate operating system installations. A Kickstart file specifies settings for an installation. Once the installation system boots, it can read a Kickstart file and carry out the installation process without any further input from a user. Kickstart is used as part of the process of creating Images of Red Hat Enterprise Linux for cloud providers. It was discovered that when no 'rootpw' command was specified in a Kickstart file, the image creator tools gave the root user an empty password rather than leaving the password locked, which could allow a local user to gain access to the root account (CVE-2013-2069). We have corrected this issue by updating the Kickstart file used to build affected images to lock the password file. This issue was caused by the way a tool was used to create Images, and not due to a security vulnerability in Red Hat Enterprise Linux. To import the image into an OpenStack environment, download the image from Red Hat Network to a system that has the python-glanceclient package installed. Refer to the OpenStack Getting Started Guide, linked to in the References, for information on importing the image into an OpenStack environment. After successfully importing, it is also highly recommended that the "glance delete" command is used to delete any previous versions of the image that exist in the Glance image registry. 3. Solution: The updated image is available from RHN, linked to in the References. 4. Bugs fixed (http://bugzilla.redhat.com/): 964299 - CVE-2013-2069 livecd-tools: improper handling of passwords 5. References: https://access.redhat.com/security/cve/CVE-2013-2069 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. . Patch release for Red Hat KVM virtual machine image to resolve null root password vulnerability. Critical notice for cloud deployments.. KVM Image Update, Red HatSecurity Fix, Cloud Instance Security, Important Advisory. . Severity: Important. LinuxSecurity.com Team
May 23, 2013
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!