Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
202
security advisorymoderatelog managementopenSUSE Leap 15.2: 2021:0544-1 Moderate: Ceph Issues Resolved
An update that solves two vulnerabilities and has 12 fixes is now available. . openSUSE Security Update: Security update for ceph ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:0544-1 Rating: moderate References: #1172926 #1176390 #1176489 #1176679 #1176828 #1177360 #1177857 #1178837 #1178860 #1178905 #1178932 #1179569 #1179997 #1182766 Cross-References: CVE-2020-25678 CVE-2020-27839 CVSS scores: CVE-2020-25678 (NVD) : 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2020-27839 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that solves two vulnerabilities and has 12 fixes is now available. Description: This update for ceph fixes the following issues: - ceph was updated to to 15.2.9 - cephadm: fix 'inspect' and 'pull' (bsc#1182766) - CVE-2020-27839: mgr/dashboard: Use secure cookies to store JWT Token (bsc#1179997) - CVE-2020-25678: Do not add sensitive information in Ceph log files (bsc#1178905) - mgr/orchestrator: Sort 'ceph orch device ls' by host (bsc#1172926) - mgr/dashboard: enable different URL for users of browser to Grafana (bsc#1176390, bsc#1176679) - mgr/cephadm: lock multithreaded access to OSDRemovalQueue (bsc#1176489) - cephadm: command_unit: call systemctl with verbose=True (bsc#1176828) - cephadm: silence "Failed to evict container" log msg (bsc#1177360) - mgr/cephadm: upgrade: fail gracefully, if daemon redeploy fails (bsc#1177857) - rgw: cls/user: set from_index for reset stats calls (bsc#1178837) - mgr/dashboard: Disable TLS 1.0 and 1.1 (bsc#1178860) - cephadm: reference the last local image by digest (bsc#1178932, bsc#1179569) This update was imported from theSUSE:SLE-15-SP2:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-544=1 Package List: - openSUSE Leap 15.2 (x86_64): ceph-15.2.9.83+g4275378de0-lp152.2.12.1 ceph-base-15.2.9.83+g4275378de0-lp152.2.12.1 ceph-base-debuginfo-15.2.9.83+g4275378de0-lp152.2.12.1 ceph-common-15.2.9.83+g4275378de0-lp152.2.12.1 ceph-common-debuginfo-15.2.9.83+g4275378de0-lp152.2.12.1 ceph-debugsource-15.2.9.83+g4275378de0-lp152.2.12.1 ceph-fuse-15.2.9.83+g4275378de0-lp152.2.12.1 ceph-fuse-debuginfo-15.2.9.83+g4275378de0-lp152.2.12.1 ceph-immutable-object-cache-15.2.9.83+g4275378de0-lp152.2.12.1 ceph-immutable-object-cache-debuginfo-15.2.9.83+g4275378de0-lp152.2.12.1 ceph-mds-15.2.9.83+g4275378de0-lp152.2.12.1 ceph-mds-debuginfo-15.2.9.83+g4275378de0-lp152.2.12.1 ceph-mgr-15.2.9.83+g4275378de0-lp152.2.12.1 ceph-mgr-debuginfo-15.2.9.83+g4275378de0-lp152.2.12.1 ceph-mon-15.2.9.83+g4275378de0-lp152.2.12.1 ceph-mon-debuginfo-15.2.9.83+g4275378de0-lp152.2.12.1 ceph-osd-15.2.9.83+g4275378de0-lp152.2.12.1 ceph-osd-debuginfo-15.2.9.83+g4275378de0-lp152.2.12.1 ceph-radosgw-15.2.9.83+g4275378de0-lp152.2.12.1 ceph-radosgw-debuginfo-15.2.9.83+g4275378de0-lp152.2.12.1 ceph-test-15.2.9.83+g4275378de0-lp152.2.12.1 ceph-test-debuginfo-15.2.9.83+g4275378de0-lp152.2.12.1 ceph-test-debugsource-15.2.9.83+g4275378de0-lp152.2.12.1 cephfs-shell-15.2.9.83+g4275378de0-lp152.2.12.1 libcephfs-devel-15.2.9.83+g4275378de0-lp152.2.12.1 libcephfs2-15.2.9.83+g4275378de0-lp152.2.12.1 libcephfs2-debuginfo-15.2.9.83+g4275378de0-lp152.2.12.1 librados-devel-15.2.9.83+g4275378de0-lp152.2.12.1 librados-devel-debuginfo-15.2.9.83+g4275378de0-lp152.2.12.1 librados2-15.2.9.83+g4275378de0-lp152.2.12.1 librados2-debuginfo-15.2.9.83+g4275378de0-lp152.2.12.1 libradospp-devel-15.2.9.83+g4275378de0-lp152.2.12.1 librbd-devel-15.2.9.83+g4275378de0-lp152.2.12.1 librbd1-15.2.9.83+g4275378de0-lp152.2.12.1 librbd1-debuginfo-15.2.9.83+g4275378de0-lp152.2.12.1 librgw-devel-15.2.9.83+g4275378de0-lp152.2.12.1 librgw2-15.2.9.83+g4275378de0-lp152.2.12.1 librgw2-debuginfo-15.2.9.83+g4275378de0-lp152.2.12.1 python3-ceph-argparse-15.2.9.83+g4275378de0-lp152.2.12.1 python3-ceph-common-15.2.9.83+g4275378de0-lp152.2.12.1 python3-cephfs-15.2.9.83+g4275378de0-lp152.2.12.1 python3-cephfs-debuginfo-15.2.9.83+g4275378de0-lp152.2.12.1 python3-rados-15.2.9.83+g4275378de0-lp152.2.12.1 python3-rados-debuginfo-15.2.9.83+g4275378de0-lp152.2.12.1 python3-rbd-15.2.9.83+g4275378de0-lp152.2.12.1 python3-rbd-debuginfo-15.2.9.83+g4275378de0-lp152.2.12.1 python3-rgw-15.2.9.83+g4275378de0-lp152.2.12.1 python3-rgw-debuginfo-15.2.9.83+g4275378de0-lp152.2.12.1 rados-objclass-devel-15.2.9.83+g4275378de0-lp152.2.12.1 rbd-fuse-15.2.9.83+g4275378de0-lp152.2.12.1 rbd-fuse-debuginfo-15.2.9.83+g4275378de0-lp152.2.12.1 rbd-mirror-15.2.9.83+g4275378de0-lp152.2.12.1 rbd-mirror-debuginfo-15.2.9.83+g4275378de0-lp152.2.12.1 rbd-nbd-15.2.9.83+g4275378de0-lp152.2.12.1 rbd-nbd-debuginfo-15.2.9.83+g4275378de0-lp152.2.12.1 - openSUSE Leap 15.2 (noarch): ceph-grafana-dashboards-15.2.9.83+g4275378de0-lp152.2.12.1 ceph-mgr-cephadm-15.2.9.83+g4275378de0-lp152.2.12.1 ceph-mgr-dashboard-15.2.9.83+g4275378de0-lp152.2.12.1 ceph-mgr-diskprediction-cloud-15.2.9.83+g4275378de0-lp152.2.12.1 ceph-mgr-diskprediction-local-15.2.9.83+g4275378de0-lp152.2.12.1 ceph-mgr-k8sevents-15.2.9.83+g4275378de0-lp152.2.12.1 ceph-mgr-modules-core-15.2.9.83+g4275378de0-lp152.2.12.1 ceph-mgr-rook-15.2.9.83+g4275378de0-lp152.2.12.1 ceph-prometheus-alerts-15.2.9.83+g4275378de0-lp152.2.12.1 cephadm-15.2.9.83+g4275378de0-lp152.2.12.1 References: https://www.suse.com/security/cve/CVE-2020-25678.html https://www.suse.com/security/cve/CVE-2020-27839.html https://bugzilla.suse.com/1172926 https://bugzilla.suse.com/1176390 https://bugzilla.suse.com/1176489 https://bugzilla.suse.com/1176679 https://bugzilla.suse.com/1176828 https://bugzilla.suse.com/1177360 https://bugzilla.suse.com/1177857 https://bugzilla.suse.com/1178837 https://bugzilla.suse.com/1178860 https://bugzilla.suse.com/1178905 https://bugzilla.suse.com/1178932 https://bugzilla.suse.com/1179569 https://bugzilla.suse.com/1179997 https://bugzilla.suse.com/1182766 . The recent openSUSE update significantly boosts Ceph functionalities with enhanced cookie security and improved log management for better user trust and efficiency. openSUSE Security Update, Ceph Fixes, System Update. . LinuxSecurity.com Team
Apr 12, 2021
OpenSUSE
200
security advisorymoderate severitypythonScientific Linux SL7: SLSA-2020-1131-1 Moderate: Python Security Issues
python: Cookie domain check returns incorrect results * python: email.utils.parseaddr wrongly parses email addresses SL7 x86_64 python-2.7.5-88.el7.x86_64.rpm python-devel-2.7.5-88.el7.x86_64.rpm python-libs-2.7.5-88.el7.x86_64.rpm python-libs-2.7.5-88.el7.i686.rpm python-debuginfo-2.7.5-88.el7.i686.rpm python-debuginfo-2.7.5-88.el7.x86_64.rpm python-debug-2. [More...]. Synopsis: Moderate: python security update Advisory ID: SLSA-2020:1131-1 Issue Date: 2020-04-07 CVE Numbers: CVE-2018-20852 CVE-2019-16056 -- * python: Cookie domain check returns incorrect results * python: email.utils.parseaddr wrongly parses email addresses -- SL7 x86_64 python-2.7.5-88.el7.x86_64.rpm python-devel-2.7.5-88.el7.x86_64.rpm python-libs-2.7.5-88.el7.x86_64.rpm python-libs-2.7.5-88.el7.i686.rpm python-debuginfo-2.7.5-88.el7.i686.rpm python-debuginfo-2.7.5-88.el7.x86_64.rpm python-debug-2.7.5-88.el7.x86_64.rpm python-test-2.7.5-88.el7.x86_64.rpm python-tools-2.7.5-88.el7.x86_64.rpm tkinter-2.7.5-88.el7.x86_64.rpm - Scientific Linux Development Team . A significant Python security patch addresses email formatting and cookie domain loopholes in Scientific Linux.. Scientific Linux, python update, email parsing fix, cookie security, moderate advisory. . LinuxSecurity.com Team
Apr 20, 2020
Scientific Linux
202
security advisorymoderatecookie securityopenSUSE: 2020:0255-1 Moderate: Cookie Security Fix in libsolv
An update that solves one vulnerability and has 10 fixes is now available.. openSUSE Security Update: Security update for libsolv, libzypp, zypper ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:0255-1 Rating: moderate References: #1135114 #1154804 #1154805 #1155198 #1155205 #1155298 #1155678 #1155819 #1156158 #1157377 #1158763 Cross-References: CVE-2019-18900 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that solves one vulnerability and has 10 fixes is now available. Description: This update for libsolv, libzypp, zypper fixes the following issues: Security issue fixed: - CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763). Bug fixes - Fixed removing orphaned packages dropped by to-be-installed products (bsc#1155819). - Adds libzypp API to mark all obsolete kernels according to the existing purge-kernel script rules (bsc#1155198). - Do not enforce 'en' being in RequestedLocales If the user decides to have a system without explicit language support he may do so (bsc#1155678). - Load only target resolvables for zypper rm (bsc#1157377). - Fix broken search by filelist (bsc#1135114). - Replace python by a bash script in zypper-log (fixes#304, fixes#306, bsc#1156158). - Do not sort out requested locales which are not available (bsc#1155678). - Prevent listing duplicate matches in tables. XML result is provided within the new list-patches-byissue element (bsc#1154805). - XML add patch issue-date and issue-list (bsc#1154805). - Fix zypper lp --cve/bugzilla/issue options (bsc#1155298). - Always execute commit when adding/removing locales (fixes bsc#1155205). - Fix description of --table-style,-s in man page (bsc#1154804). This update was imported from theSUSE:SLE-15-SP1:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-255=1 Package List: - openSUSE Leap 15.1 (i586 x86_64): libsolv-debuginfo-0.7.10-lp151.2.10.1 libsolv-debugsource-0.7.10-lp151.2.10.1 libsolv-demo-0.7.10-lp151.2.10.1 libsolv-demo-debuginfo-0.7.10-lp151.2.10.1 libsolv-devel-0.7.10-lp151.2.10.1 libsolv-devel-debuginfo-0.7.10-lp151.2.10.1 libsolv-tools-0.7.10-lp151.2.10.1 libsolv-tools-debuginfo-0.7.10-lp151.2.10.1 libzypp-17.19.0-lp151.2.10.1 libzypp-debuginfo-17.19.0-lp151.2.10.1 libzypp-debugsource-17.19.0-lp151.2.10.1 libzypp-devel-17.19.0-lp151.2.10.1 libzypp-devel-doc-17.19.0-lp151.2.10.1 perl-solv-0.7.10-lp151.2.10.1 perl-solv-debuginfo-0.7.10-lp151.2.10.1 python-solv-0.7.10-lp151.2.10.1 python-solv-debuginfo-0.7.10-lp151.2.10.1 python3-solv-0.7.10-lp151.2.10.1 python3-solv-debuginfo-0.7.10-lp151.2.10.1 ruby-solv-0.7.10-lp151.2.10.1 ruby-solv-debuginfo-0.7.10-lp151.2.10.1 zypper-1.14.33-lp151.2.10.1 zypper-debuginfo-1.14.33-lp151.2.10.1 zypper-debugsource-1.14.33-lp151.2.10.1 - openSUSE Leap 15.1 (noarch): zypper-aptitude-1.14.33-lp151.2.10.1 zypper-log-1.14.33-lp151.2.10.1 zypper-needs-restarting-1.14.33-lp151.2.10.1 References: https://www.suse.com/security/cve/CVE-2019-18900.html https://bugzilla.suse.com/1135114 https://bugzilla.suse.com/1154804 https://bugzilla.suse.com/1154805 https://bugzilla.suse.com/1155198 https://bugzilla.suse.com/1155205 https://bugzilla.suse.com/1155298 https://bugzilla.suse.com/1155678 https://bugzilla.suse.com/1155819 https://bugzilla.suse.com/1156158 https://bugzilla.suse.com/1157377 https://bugzilla.suse.com/1158763 -- . openSUSE has issued a significant security patch addressing a severe vulnerability in libsolv, libzypp, and zypper, which includes numerous corrective measures.. openSUSE Update, Security Advisory, libsolv Fixes, zypper Updates. . LinuxSecurity.com Team
Feb 27, 2020
OpenSUSE
89
security advisorysecurity fixauthentication bypassFedora 29 GLPI Advisory 2019-a66789a334 Critical: Enhanced Security Fixes
Add security fix backported from 9.4: * [security] Bad chevrons rendering on dropdowns (#5468) * [security] Iframe and forms are rendered in rich text contents (#5519) * [security] Type juggling authentication bypass (#5520) * [security] Malicious images upload (#5580) * [security] Password token date was not reset (#5577) * [security] Prevent timed attack and enforce cookie security. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-a66789a334 2019-04-06 19:42:42.476706 --------------------------------------------------------------------------------Name : glpi Product : Fedora 29 Version : 9.3.3 Release : 2.fc29 URL : https://www.glpi-project.org/en/ Summary : Free IT asset management software Description : GLPI is the Information Resource-Manager with an additional Administration-Interface. You can use it to build up a database with an inventory for your company (computer, software, printers...). It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-system with mail-notification and methods to build a database with basic information about your network-topology. --------------------------------------------------------------------------------Update Information: Add security fix backported from 9.4: * [security] Bad chevrons rendering on dropdowns (#5468) * [security] Iframe and forms are rendered in rich text contents (#5519) * [security] Type juggling authentication bypass (#5520) * [security] Malicious images upload (#5580) * [security] Password token date was not reset (#5577) * [security] Prevent timed attack and enforce cookie security (#5562) --------------------------------------------------------------------------------ChangeLog: * Wed Mar 27 2019 Remi Collet - 9.3.3-2 - add security fix backported from 9.4.1: [security] Bad chevrons rendering on dropdowns [security] Iframe and forms are rendered in rich text contents [security] Type juggling authentication bypass [security] Malicious images upload [security] Password token date was not reset [security] Prevent timed attack and enforce cookie security - add dependency on exif extension * Tue Nov 27 2018 Remi Collet - 9.3.3-1 - update to 9.3.3 * Tue Nov 6 2018 Remi Collet - 9.3.2-3 - add missing dependency on elvanto/litemoji * Mon Nov 5 2018 Remi Collet - 9.3.2-1 - update to 9.3.2 - version 9.3.2 conflicts with glpi-fusioninventory < 1:9.3+1.2 see https://github.com/glpi-project/glpi/issues/4837 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-a66789a334' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Apr 06, 2019
•Critical
Fedora
98
security advisorymoderatered hatUbuntu: USN-2021-1234-1 Medium: VNC Session Interception
An updated novnc package that fixes one security issue is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Moderate: novnc security update Advisory ID: RHSA-2015:0833-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2015:0833.html Issue date: 2015-04-16 CVE Names: CVE-2013-7436 ==================================================================== 1. Summary: An updated novnc package that fixes one security issue is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - noarch 3. Description: The novnc package provides a VNC client that uses HTML5 (Web Sockets, Canvas) and includes encryption support. It was discovered that noVNC did not properly set the 'secure' flag when issuing cookies. An attacker could use this flaw to intercept cookies via a man-in-the-middle attack. (CVE-2013-7436) All novnc users are advised to upgrade to this updated package, which corrects this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1193451 - CVE-2013-7436 novnc: session hijack through insecurely set session token cookies 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL6: Source: novnc-0.5.1-2.el6ost.src.rpm noarch: novnc-0.5.1-2.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2013-7436 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2015 Red Hat, Inc. . New novnc package released for Red Hat Enterprise Linux, fixing a significant security vulnerability related to cookie configurations.. novnc Update, OpenStack Security, Red Hat Advisory, Session Protection. . LinuxSecurity.com Team
Apr 16, 2015
Red Hat
89
security advisoryupdatemoderate severityFedora Core 3: FEDORA-2005-089 Moderate: elinks Cookie Security Fix
Links is a text-based Web browser. Links does not display any images, but it does support frames, tables and most other HTML tags. Links' advantage over graphical browsers is its speed--Links starts and exits quickly and swiftly displays Web pages.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-089 2005-01-28 ---------------------------------------------------------------------Product : Fedora Core 3 Name : elinks Version : 0.9.2 Release : 2.1 Summary : A text-mode Web browser. Description : Links is a text-based Web browser. Links does not display any images, but it does support frames, tables and most other HTML tags. Links' advantage over graphical browsers is its speed--Links starts and exits quickly and swiftly displays Web pages. ---------------------------------------------------------------------* Fri Jan 28 2005 Karel Zak 0.9.2-2.1 - fix leak in history auto completion. - fix cookie domain security checking. - limit rowspan/colspan values prevents crashes reported at (#146433) ---------------------------------------------------------------------This update can be downloaded from: 26d4e403d4d2acd18b191105f259e48e SRPMS/elinks-0.9.2-2.1.src.rpm b2bc611d9f0e7a0339cdd2dccb14bd8c x86_64/elinks-0.9.2-2.1.x86_64.rpm e83c6b9b8b9938a454c88c8cac58dd71 x86_64/debug/elinks-debuginfo-0.9.2-2.1.x86_64.rpm a1ccc49ce48a0c8d6db80a618ff4974a i386/elinks-0.9.2-2.1.i386.rpm 617c433e8079ad128ba6297cf263eb6b i386/debug/elinks-debuginfo-0.9.2-2.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. -----------------------------------------------------------------------fedora-announce-list mailing list
Jan 28, 2005
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!