Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
172
security advisorymoderateubuntuUbuntu 22.04 LTS USN-5575-1 Moderate: Libxslt Code Exposure
Several security issues were fixed in Libxslt.. =========================================================================Ubuntu Security Notice USN-5575-1 August 22, 2022 libxslt vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in Libxslt. Software Description: - libxslt: XSLT processing library Details: Nicolas Grégoire discovered that Libxslt incorrectly handled certain XML. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-5815) Alexey Neyman incorrectly handled certain HTML pages. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. (CVE-2021-30560) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: libxslt1.1 1.1.34-4ubuntu0.22.04.1 Ubuntu 20.04 LTS: libxslt1.1 1.1.34-4ubuntu0.20.04.1 Ubuntu 18.04 LTS: libxslt1.1 1.1.29-5ubuntu0.3 In general, a standard system update will make all the necessary changes. References: CVE-2019-5815, CVE-2021-30560 Package Information: https://launchpad.net/ubuntu/+source/libxslt/1.1.34-4ubuntu0.22.04.1 https://launchpad.net/ubuntu/+source/libxslt/1.1.34-4ubuntu0.20.04.1 https://launchpad.net/ubuntu/+source/libxslt/1.1.29-5ubuntu0.3 . Immediate attention to security vulnerabilities in Libxslt is crucial for Ubuntu environments to prevent potential data leaks and unauthorized code execution threats.. Libxslt Security Advisory, Ubuntu Security Notice, Update Instructions. . LinuxSecurity.com Team
Aug 22, 2022
Ubuntu
203
security advisorymoderatesecurity issueMageia 7: MGASA-2021-0072 Moderate: Tomcat JSP Code Exposure
When serving resources from a network location using the NTFS file system it was possible to bypass security constraints and/or view the source code for JSPs in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was caused by the inconsistent behaviour of the Windows API (FindFirstFileW) in some circumstances . MGASA-2021-0072 - Updated tomcat packages fix a security vulnerability Publication date: 06 Feb 2021 URL: https://advisories.mageia.org/MGASA-2021-0072.html Type: security Affected Mageia releases: 7 CVE: CVE-2021-24122 When serving resources from a network location using the NTFS file system it was possible to bypass security constraints and/or view the source code for JSPs in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was caused by the inconsistent behaviour of the Windows API (FindFirstFileW) in some circumstances (CVE-2021-24122). References: - https://bugs.mageia.org/show_bug.cgi?id=28093 - https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.40 - https://www.openwall.com/lists/oss-security/2021/01/14/1 - https://www.cve.org/CVERecord?id=CVE-2021-24122 SRPMS: - 7/core/tomcat-9.0.39-1.1.mga7 . Revised tomcat versions in MGASA-2021-0072 address a vulnerability related to NTFS file processing and potential exposure of JSP scripts.. Mageia Security Advisory,TOMCAT Update,Security Vulnerability. . LinuxSecurity.com Team
Feb 06, 2021
Mageia
197
security advisorydebianaccess controlDebian 7 Wheezy DLA-1108-1 Moderate: Tomcat7 JSP Code Exposure
The Tomcat security team discovered that when using a VirtualDirContext it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request. . Hash: SHA512 Package : tomcat7 Version : 7.0.28-4+deb7u15 CVE ID : CVE-2017-12616 The Tomcat security team discovered that when using a VirtualDirContext it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request. For Debian 7 "Wheezy", these problems have been fixed in version 7.0.28-4+deb7u15. We recommend that you upgrade your tomcat7 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Debian releases Tomcat8 security patches addressing flaws that allow circumvention of various access controls and vulnerabilities in EL-implemented JSP code.. Tomcat Security, Debian Update, Access Control, Software Patch. . LinuxSecurity.com Team
Sep 24, 2017
Debian LTS
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!