Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
89
security advisoryFedorasecurity fixFedora 9: 2009-4883 Moderate: OpenSC pkcs11-tool Command Issue
A minor update fixing security problem within pkcs11-tool command. . -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-4883 2009-05-12 23:51:45 -------------------------------------------------------------------------------- Name : opensc Product : Fedora 9 Version : 0.11.8 Release : 1.fc9 URL : Summary : Smart card library and applications Description : OpenSC is a package for for accessing smart card devices. Basic functionality (e.g. SELECT FILE, READ BINARY) should work on any ISO 7816-4 compatible smart card. Encryption and decryption using private keys on the smart card is possible with PKCS #15 compatible cards, such as the FINEID (Finnish Electronic IDentity) card. Swedish Posten eID cards have also been confirmed to work. -------------------------------------------------------------------------------- Update Information: A minor update fixing security problem within pkcs11-tool command. -------------------------------------------------------------------------------- ChangeLog: * Mon May 11 2009 Tomas Mraz - 0.11.8-1 - new upstream version - fixes security issue * Fri Feb 27 2009 Tomas Mraz - 0.11.7-1 - new upstream version - fixes CVE-2009-0368 * Thu Feb 26 2009 Fedora Release Engineering - 0.11.6-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Thu Jan 15 2009 Tomas Mraz - 0.11.6-2 - Add explicit requires for pcsc-lite-libs. Dlopen libpcsclite with the full soname. * Tue Sep 2 2008 Tomas Mraz - 0.11.6-1 - Update to latest upstream, fixes CVE-2008-2235 * Thu Apr 10 2008 Hans de Goede - 0.11.4-5 - BuildRequire libassuan-devel instead of libassuan-static (bz 441812) -------------------------------------------------------------------------------- References: [ 1 ] Bug #499862 - opensec: insecure public exponent in opensc 0.11.7 https://bugzilla.redhat.com/show_bug.cgi?id=499862 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update opensc' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
Sep 20, 2023
•Important
Fedora
172
security advisoryubuntucommand issueUbuntu 23.04 USN-6050-1 Critical: Git Command Handling Flaws
Several security issues were fixed in Git.. =========================================================================Ubuntu Security Notice USN-6050-1 May 01, 2023 git vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in Git. Software Description: - git: fast, scalable, distributed revision control system Details: It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwriting some paths. (CVE-2023-25652) Maxime Escourbiac and Yassine BENGANA discovered that Git incorrectly handled some gettext machinery. An attacker could possibly use this issue to allows the malicious placement of crafted messages. (CVE-2023-25815) André Baptista and Vítor Pinho discovered that Git incorrectly handled certain configurations. An attacker could possibly use this issue to arbitrary configuration injection. (CVE-2023-29007) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: git 1:2.39.2-1ubuntu1.1 Ubuntu 22.10: git 1:2.37.2-1ubuntu1.5 Ubuntu 22.04 LTS: git 1:2.34.1-1ubuntu1.9 Ubuntu 20.04 LTS: git 1:2.25.1-1ubuntu3.11 Ubuntu 18.04 LTS: git 1:2.17.1-1ubuntu0.18 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6050-1 CVE-2023-25652, CVE-2023-25815, CVE-2023-29007 Package Information: https://launchpad.net/ubuntu/+source/git/1:2.39.2-1ubuntu1.1 https://launchpad.net/ubuntu/+source/git/1:2.37.2-1ubuntu1.5 https://launchpad.net/ubuntu/+source/git/1:2.34.1-1ubuntu1.9 https://launchpad.net/ubuntu/+source/git/1:2.25.1-1ubuntu3.11 https://launchpad.net/ubuntu/+source/git/1:2.17.1-1ubuntu0.18 . Numerous vulnerabilities addressed in Git for Ubuntu versions 18.04 through 23.04, encompassing command processing and configuration injection flaws.. Ubuntu Git Security, Git Command Issues, Ubuntu Updates, Git Advisories. . Severity: Critical. LinuxSecurity.com Team
May 01, 2023
•Critical
Ubuntu
89
security advisorycriticalFedoraFedora 29: FEDORA-2018-f467c36c2b Critical: Git Path Command Issue
Upstream bugfix and security update. Refer to the [release notes]() for general information and upstream commit [321fd82389](https://github.com/git/git/commit/321fd82389) for details on CVE-2018-19486.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-f467c36c2b 2018-11-28 02:40:45.982831 --------------------------------------------------------------------------------Name : git Product : Fedora 29 Version : 2.19.2 Release : 1.fc29 URL : https://git-scm.com/ Summary : Fast Version Control System Description : Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, including tools for integrating with other SCMs, install the git-all meta-package. --------------------------------------------------------------------------------Update Information: Upstream bugfix and security update. Refer to the [release notes]() for general information and upstream commit [321fd82389](https://github.com/git/git/commit/321fd82389) for details on CVE-2018-19486. --------------------------------------------------------------------------------ChangeLog: * Wed Nov 21 2018 Todd Zullinger - 2.19.2-1 - Update to 2.19.2 * Tue Oct 23 2018 Todd Zullinger - Skip test BuildRequires when --without tests is used - Simplify gpg verification of Source0 - Use %{without ...} macro consistently - Add comments to %endif statements - Add glibc-langpack-en BuildRequires for en_US.UTF-8 locale * Mon Oct 22 2018 Pavel Cahyna - 2.19.1-2 - Update condition for the t5540-http-push-webdav test for future RHEL --------------------------------------------------------------------------------References: [ 1 ] Bug #1653143 - CVE-2018-19486 git: Improper handling of PATH allowsfor commands to executed from current directory https://bugzilla.redhat.com/show_bug.cgi?id=1653143 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-f467c36c2b' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Nov 28, 2018
•Critical
Fedora
89
security advisorymoderatesecurity updateFedora 24: FEDORA-2017-5f01b12345 Moderate: Sudo Function Bug
- update to 1.8.18p1 - fixes CVE-2016-7076. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-48614c8b69 2016-11-25 00:28:29.451135 -------------------------------------------------------------------------------- Name : sudo Product : Fedora 23 Version : 1.8.18p1 Release : 1.fc23 URL : Summary : Allows restricted root access for specified usersDescription : Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per-host basis, copious logging of each command (providing a clear audit trail of who did what), a configurable timeout of the sudo command, and the ability to use the same configuration file (sudoers) on many different machines. -------------------------------------------------------------------------------- Update Information: - update to 1.8.18p1 - fixes CVE-2016-7076 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1384982 - CVE-2016-7076 sudo: noexec bypass via wordexp() https://bugzilla.redhat.com/show_bug.cgi?id=1384982 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade sudo' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Nov 25, 2016
•Important
Fedora
98
security advisoryimportantsecurity impactRed Hat OpenShift 3.0 RHSA-2015:1650-01 Important Command Risk
Updated openshift packages that fix one security issue are now available for Red Hat OpenShift Enterprise 3.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: openshift security update Advisory ID: RHSA-2015:1650-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2015:1650 Issue date: 2015-08-20 CVE Names: CVE-2015-5222 ==================================================================== 1. Summary: Updated openshift packages that fix one security issue are now available for Red Hat OpenShift Enterprise 3.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHOSE 3.0 - x86_64 3. Description: Red Hat OpenShift Enterprise is a cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments. An improper permission check issue was discovered in the server admission control component in OpenShift. A user with build permissions could use this flaw to execute arbitrary shell commands on a build pod with the privileges of the root user. (CVE-2015-5222) This issue was discovered by Cesar Wong of the Red Hat OpenShift Enterprise Team. All OpenShift Enterprise users are advised to upgrade to these updated packages, which correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed(https://bugzilla.redhat.com/): 1255120 - CVE-2015-5222 OpenShift3: Exec operations should be forbidden to privileged pods such as builder pods 6. Package List: RHOSE 3.0: Source: openshift-3.0.1.0-1.git.527.f8d5fed.el7ose.src.rpm x86_64: openshift-3.0.1.0-1.git.527.f8d5fed.el7ose.x86_64.rpm openshift-clients-3.0.1.0-1.git.527.f8d5fed.el7ose.x86_64.rpm openshift-master-3.0.1.0-1.git.527.f8d5fed.el7ose.x86_64.rpm openshift-node-3.0.1.0-1.git.527.f8d5fed.el7ose.x86_64.rpm openshift-sdn-ovs-3.0.1.0-1.git.527.f8d5fed.el7ose.x86_64.rpm tuned-profiles-openshift-node-3.0.1.0-1.git.527.f8d5fed.el7ose.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5222 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFV1inUXlSAg2UNWIIRAuobAKCMiKaoYSfe/XbCvrRsax8LnO9g2QCdEBvt GCBc46D+kcZCDnr2IK8zwoM=uVu6 -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Aug 20, 2015
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!