Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
89
security advisoryFedoracritical updateFedora 35: FEDORA-2022-548484eeb9 Critical: Kernel 5.17.14 Crash Fix
The 5.17.14 stable kernel update contains a number of important fixes across the tree.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-548484eeb9 2022-06-16 01:25:59.231258 --------------------------------------------------------------------------------Name : kernel Product : Fedora 35 Version : 5.17.14 Release : 200.fc35 URL : https://www.kernel.org/ Summary : The Linux kernel Description : The kernel meta package --------------------------------------------------------------------------------Update Information: The 5.17.14 stable kernel update contains a number of important fixes across the tree. --------------------------------------------------------------------------------ChangeLog: * Thu Jun 9 2022 Justin M. Forbes [5.17.14-0] - Config updates for stable backports (Justin M. Forbes) --------------------------------------------------------------------------------References: [ 1 ] Bug #2092542 - CVE-2022-1973 kernel: a double-free in ntfs3 log_replay may lead to a crash https://bugzilla.redhat.com/show_bug.cgi?id=2092542 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-548484eeb9' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jun 15, 2022
•Critical
Fedora
100
security advisorysecurity issuebuffer overflowSUSE: 2019:0801-1 Important: Kernel Security Update for Live Patching
An update that solves two vulnerabilities and has 53 fixes is now available. . SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0801-1 Rating: important References: #1012382 #1020413 #1065600 #1070767 #1075697 #1082943 #1087092 #1090435 #1102959 #1103429 #1106929 #1109137 #1109248 #1119019 #1119843 #1120691 #1120902 #1121713 #1121805 #1124235 #1125315 #1125446 #1126389 #1126772 #1126773 #1126805 #1127082 #1127155 #1127561 #1127725 #1127731 #1127961 #1128166 #1128452 #1128565 #1128696 #1128756 #1128893 #1129080 #1129179 #1129237 #1129238 #1129239 #1129240 #1129241 #1129413 #1129414 #1129415 #1129416 #1129417 #1129418 #1129419 #1129581 #1129770 #1129923 Cross-References: CVE-2019-2024 CVE-2019-9213 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has 53 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.176 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166). - CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179). The following non-security bugs were fixed: - ax25: fix possible use-after-free (bnc#1012382). - block_dev: fix crash onchained bios with O_DIRECT (bsc#1090435). - block: do not use bio-> bi_vcnt to figure out segment number (bsc#1128893). - bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces (bsc#1020413). - bpf: fix replace_map_fd_with_map_ptr's ldimm64 second imm field (bsc#1012382). - btrfs: ensure that a DUP or RAID1 block group has exactly two stripes (bsc#1128452). - ceph: avoid repeatedly adding inode to mdsc-> snap_flush_list (bsc#1126773). - ch: add missing mutex_lock()/mutex_unlock() in ch_release() (bsc#1124235). - ch: fixup refcounting imbalance for SCSI devices (bsc#1124235). - copy_mount_string: Limit string length to PATH_MAX (bsc#1082943). - device property: Fix the length used in PROPERTY_ENTRY_STRING() (bsc#1129770). - drivers: hv: vmbus: Check for ring when getting debug info (bsc#1126389). - drm: Fix error handling in drm_legacy_addctx (bsc#1106929) - drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON (bsc#1106929) - drm/nouveau/pmu: do not print reply values if exec is false (bsc#1106929) - drm/radeon/evergreen_cs: fix missing break in switch statement (bsc#1106929) - drm/vmwgfx: Do not double-free the mode stored in par-> set_mode (bsc#1103429) - enic: add wq clean up budget (bsc#1075697, bsc#1120691. bsc#1102959). - enic: do not overwrite error code (bnc#1012382). - fbdev: chipsfb: remove set but not used variable 'size' (bsc#1106929) - ibmvnic: Report actual backing device speed and duplex values (bsc#1129923). - ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - input: mms114 - fix license module information (bsc#1087092). - iommu/dmar: Fix buffer overflow during PCI bus notification (bsc#1129237). - iommu/io-pgtable-arm-v7s: Only kmemleak_ignore L2 tables (bsc#1129238). - iommu/vt-d: Check identity map for hot-added devices (bsc#1129239). - iommu/vt-d: Fix NULL pointer reference in intel_svm_bind_mm() (bsc#1129240). - ixgbe: fix crash in build_skb Rx code path (git-fixes). - kabi: protect struct inet_peer (kabi). - kallsyms: Handle too long symbols in kallsyms.c (bsc#1126805). - KMPs: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137). - kvm: arm/arm64: vgic-its: Check CBASER/BASER validity before enabling the ITS (bsc#1109248). - kvm: arm/arm64: vgic-its: Check GITS_BASER Valid bit before saving tables (bsc#1109248). - kvm: arm/arm64: vgic-its: Fix return value for device table restore (bsc#1109248). - kvm: arm/arm64: vgic-its: Fix vgic_its_restore_collection_table returned value (bsc#1109248). - kvm: nVMX: Do not halt vcpu when L1 is injecting events to L2 (bsc#1129413). - kvm: nVMX: Free the VMREAD/VMWRITE bitmaps if alloc_kvm_area() fails (bsc#1129414). - kvm: nVMX: NMI-window and interrupt-window exiting should wake L2 from HLT (bsc#1129415). - kvm: nVMX: Set VM instruction error for VMPTRLD of unbacked page (bsc#1129416). - kvm: VMX: Do not allow reexecute_instruction() when skipping MMIO instr (bsc#1129417). - kvm: vmx: Set IA32_TSC_AUX for legacy mode guests (bsc#1129418). - kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs (bsc#1127082). - kvm: x86: IA32_ARCH_CAPABILITIES is always supported (bsc#1129419). - libceph: handle an empty authorize reply (bsc#1126772). - mdio_bus: Fix use-after-free on device_register fails (git-fixes). - mfd: as3722: Handle interrupts on suspend (bnc#1012382). - mfd: as3722: Mark PM functions as __maybe_unused (bnc#1012382). - mISDN: fix a race in dev_expire_timer() (bnc#1012382). - mlxsw: pci: Correctly determine if descriptor queue is full (git-fixes). - mlxsw: reg: Use correct offset in field definiton (git-fixes). - mm, devm_memremap_pages: mark devm_memremap_pages() EXPORT_SYMBOL_GPL (bnc#1012382). - mm,memory_hotplug: fix scan_movable_pages() for gigantic hugepages (bsc#1127731). - net: Add header for usage offls64() (bnc#1012382). - net: Do not allocate page fragments that are not skb aligned (bnc#1012382). - net: dsa: bcm_sf2: Do not assume DSA master supports WoL (git-fixes). - net: dsa: mv88e6xxx: fix port VLAN maps (git-fixes). - net: Fix for_each_netdev_feature on Big endian (bnc#1012382). - net: fix IPv6 prefix route residue (bnc#1012382). - net/hamradio/6pack: Convert timers to use timer_setup() (git-fixes). - net/hamradio/6pack: use mod_timer() to rearm timers (git-fixes). - net: ipv4: use a dedicated counter for icmp_v4 redirect packets (bnc#1012382). - net: lan78xx: Fix race in tx pending skb size calculation (git-fixes). - net/mlx4_core: drop useless LIST_HEAD (git-fixes). - net/mlx4_core: Fix qp mtt size calculation (git-fixes). - net/mlx4_core: Fix reset flow when in command polling mode (git-fixes). - net/mlx4: Fix endianness issue in qp context params (git-fixes). - net/mlx5: Continue driver initialization despite debugfs failure (git-fixes). - net/mlx5e: Fix TCP checksum in LRO buffers (git-fixes). - net/mlx5: Fix driver load bad flow when having fw initializing timeout (git-fixes). - net/mlx5: fix uaccess beyond "count" in debugfs read/write handlers (git-fixes). - net/mlx5: Fix use-after-free in self-healing flow (git-fixes). - net/mlx5: Return success for PAGE_FAULT_RESUME in internal error state (git-fixes). - net: mv643xx_eth: fix packet corruption with TSO and tiny unaligned packets (git-fixes). - net: phy: Avoid polling PHY with PHY_IGNORE_INTERRUPTS (git-fixes). - net: phy: bcm7xxx: Fix shadow mode 2 disabling (git-fixes). - net: qca_spi: Fix race condition in spi transfers (git-fixes). - net: stmmac: Fix a race in EEE enable callback (bnc#1012382). - net: stmmac: Fix a race in EEE enable callback (git-fixes). - net: thunderx: set tso_hdrs pointer to NULL in nicvf_free_snd_queue (git-fixes). - net/x25: do not hold the cpu too long in x25_new_lci() (bnc#1012382). -PCI/PME: Fix hotplug/sysfs remove deadlock in pcie_pme_remove() (bsc#1129241). - perf/x86: Add sysfs entry to freeze counters on SMI (bsc#1121805). - perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() (bsc#1121805). - perf/x86/intel: Do not enable freeze-on-smi for PerfMon V1 (bsc#1121805). - perf/x86/intel: Fix memory corruption (bsc#1121805). - perf/x86/intel: Generalize dynamic constraint creation (bsc#1121805). - perf/x86/intel: Implement support for TSX Force Abort (bsc#1121805). - perf/x86/intel: Make cpuc allocations consistent (bsc#1121805). - phy: micrel: Ensure interrupts are reenabled on resume (git-fixes). - powerpc/pseries: Add CPU dlpar remove functionality (bsc#1128756). - powerpc/pseries: Consolidate CPU hotplug code to hotplug-cpu.c (bsc#1128756). - powerpc/pseries: Factor out common cpu hotplug code (bsc#1128756). - powerpc/pseries: Perform full re-add of CPU for topology update post-migration (bsc#1128756). - pppoe: fix reception of frames with no mac header (git-fixes). - pptp: dst_release sk_dst_cache in pptp_sock_destruct (git-fixes). - pseries/energy: Use OF accessor function to read ibm,drc-indexes (bsc#1129080). - rdma/bnxt_re: Synchronize destroy_qp with poll_cq (bsc#1125446). - Revert "mm, devm_memremap_pages: mark devm_memremap_pages() EXPORT_SYMBOL_GPL" (bnc#1012382). - Revert "x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls" (bsc#1128565). - s390/qeth: cancel close_dev work before removing a card (LTC#175898, bsc#1127561). - scsi: aacraid: Fix missing break in switch statement (bsc#1128696). - scsi: ibmvscsi: Fix empty event pool access during host removal (bsc#1119019). - scsi: lpfc: do not set queue-> page_count to 0 if pc_sli4_params.wqpcnt is invalid (bsc#1127725). - scsi: qla2xxx: Fix early srb free on abort (bsc#1121713). - scsi: qla2xxx: Fix for double free of SRB structure (bsc#1121713). - scsi: qla2xxx: Increase aborttimeout value (bsc#1121713). - scsi: qla2xxx: Move {get|rel}_sp to base_qpair struct (bsc#1121713). - scsi: qla2xxx: Return switch command on a timeout (bsc#1121713). - scsi: qla2xxx: Turn off IOCB timeout timer on IOCB completion (bsc#1121713). - scsi: qla2xxx: Use correct qpair for ABTS/CMD (bsc#1121713). - scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() (bsc#1125315). - sky2: Increase D3 delay again (bnc#1012382). - tcp: clear icsk_backoff in tcp_write_queue_purge() (bnc#1012382). - tcp: tcp_v4_err() should be more careful (bnc#1012382). - team: avoid complex list operations in team_nl_cmd_options_set() (bnc#1012382). - team: Free BPF filter when unregistering netdev (git-fixes). - tracing: Do not free iter-> trace in fail path of tracing_open_pipe() (bsc#1129581). - vsock: cope with memory allocation failure at socket creation time (bnc#1012382). - vxlan: test dev-> flags & IFF_UP before calling netif_rx() (bnc#1012382). - wireless: airo: potential buffer overflow in sprintf() (bsc#1120902). - x86: Add TSX Force Abort CPUID/MSR (bsc#1121805). - x86: Fix incorrect value for X86_FEATURE_TSX_FORCE_ABORT - x86: livepatch: Treat R_X86_64_PLT32 as R_X86_64_PC32 (bnc#1012382). - xen, cpu_hotplug: Prevent an out of bounds access (bsc#1065600). - xen: remove pre-xen3 fallback handlers (bsc#1065600). - xfs: remove filestream item xfs_inode reference (bsc#1127961). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2019-801=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_176-94_88-default-1-4.9.1 kgraft-patch-4_4_176-94_88-default-debuginfo-1-4.9.1 References: https://www.suse.com/security/cve/CVE-2019-2024.html https://www.suse.com/security/cve/CVE-2019-9213.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1020413 https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1070767 https://bugzilla.suse.com/1075697 https://bugzilla.suse.com/1082943 https://bugzilla.suse.com/1087092 https://bugzilla.suse.com/1090435 https://bugzilla.suse.com/1102959 https://bugzilla.suse.com/1103429 https://bugzilla.suse.com/1106929 https://bugzilla.suse.com/1109137 https://bugzilla.suse.com/1109248 https://bugzilla.suse.com/1119019 https://bugzilla.suse.com/1119843 https://bugzilla.suse.com/1120691 https://bugzilla.suse.com/1120902 https://bugzilla.suse.com/1121713 https://bugzilla.suse.com/1121805 https://bugzilla.suse.com/1124235 https://bugzilla.suse.com/1125315 https://bugzilla.suse.com/1125446 https://bugzilla.suse.com/1126389 https://bugzilla.suse.com/1126772 https://bugzilla.suse.com/1126773 https://bugzilla.suse.com/1126805 https://bugzilla.suse.com/1127082 https://bugzilla.suse.com/1127155 https://bugzilla.suse.com/1127561 https://bugzilla.suse.com/1127725 https://bugzilla.suse.com/1127731 https://bugzilla.suse.com/1127961 https://bugzilla.suse.com/1128166 https://bugzilla.suse.com/1128452 https://bugzilla.suse.com/1128565 https://bugzilla.suse.com/1128696 https://bugzilla.suse.com/1128756 https://bugzilla.suse.com/1128893 https://bugzilla.suse.com/1129080 https://bugzilla.suse.com/1129179 https://bugzilla.suse.com/1129237 https://bugzilla.suse.com/1129238 https://bugzilla.suse.com/1129239 https://bugzilla.suse.com/1129240 https://bugzilla.suse.com/1129241 https://bugzilla.suse.com/1129413 https://bugzilla.suse.com/1129414 https://bugzilla.suse.com/1129415 https://bugzilla.suse.com/1129416 https://bugzilla.suse.com/1129417 https://bugzilla.suse.com/1129418 https://bugzilla.suse.com/1129419 https://bugzilla.suse.com/1129581 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1129923 _______________________________________________ sle-security-updates mailing list
Mar 29, 2019
•Important
SuSE
100
security advisorymoderatenetwork securitySUSE: 2018:4128-1 Moderate: Openvswitch Security Update Details
An update that fixes three vulnerabilities is now available. . SUSE Security Update: Security update for openvswitch ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:4128-1 Rating: moderate References: #1104467 Cross-References: CVE-2018-17204 CVE-2018-17205 CVE-2018-17206 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for openvswitch to version 2.7.6 fixes the following issues: These security issues were fixed: - CVE-2018-17205: Prevent OVS crash when reverting old flows in bundle commit (bsc#1104467). - CVE-2018-17206: Avoid buffer overread in BUNDLE action decoding (bsc#1104467). - CVE-2018-17204:When decoding a group mod, it validated the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tried to use the type and command earlier, when it might still be invalid. This caused an assertion failure (via OVS_NOT_REACHED) (bsc#1104467). These non-security issues were fixed: - ofproto/bond: Fix bond reconfiguration race condition. - ofproto/bond: Fix bond post recirc rule leak. - ofproto/bond: fix interal flow leak of tcp-balance bond - systemd: Restart openvswitch service if a daemon crashes - conntrack: Fix checks for TCP, UDP, and IPv6 header sizes. - ofp-actions: Fix translation of set_field for nw_ecn - netdev-dpdk: Fix mempool segfault. - ofproto-dpif-upcall: Fix flow setup/delete race. - learn: Fix memory leak in learn_parse_sepc() - netdev-dpdk: fix mempool_configure error state - vswitchd: Add --cleanup option to the 'appctl exit' command - ofp-parse: Fix memory leak on error path in parse_ofp_group_mod_file(). - actions: Fix memory leak on error path inparse_ct_lb_action(). - dpif-netdev: Fix use-after-free error in reconfigure_datapath(). - bridge: Fix memory leak in bridge_aa_update_trunks(). - dpif-netlink: Fix multiple-free and fd leak on error path. - ofp-print: Avoid array overread in print_table_instruction_features(). - flow: Fix buffer overread in flow_hash_symmetric_l3l4(). - systemd: start vswitchd after udev - ofp-util: Check length of buckets in ofputil_pull_ofp15_group_mod(). - ovsdb-types: Fix memory leak on error path. - tnl-ports: Fix loss of tunneling upon removal of a single tunnel port. - netdev: check for NULL fields in netdev_get_addrs - netdev-dpdk: vhost get stats fix. - netdev-dpdk: use 64-bit arithmetic when converting rates. - ofp-util: Fix buffer overread in ofputil_decode_bundle_add(). - ofp-util: Fix memory leaks on error cases in ofputil_decode_group_mod(). - ofp-util: Fix memory leaks when parsing OF1.5 group properties. - ofp-actions: Fix buffer overread in decode_LEARN_specs(). - flow: Fix buffer overread for crafted IPv6 packets. - ofp-actions: Properly interpret "output:in_port". - ovs-ofctl: Avoid read overrun in ofperr_decode_msg(). - odp-util: Avoid misaligned references to ip6_hdr. - ofproto-dpif-upcall: Fix action attr iteration. - ofproto-dpif-upcall: Fix key attr iteration. - netdev-dpdk: vhost get stats fix. - netdev-dpdk: use 64-bit arithmetic when converting rates. - ofp-util: Fix buffer overread in ofputil_decode_bundle_add(). - ofp-util: Fix memory leaks on error cases in ofputil_decode_group_mod(). - ofp-util: Fix memory leaks when parsing OF1.5 group properties. - odp-util: Fix buffer overread in parsing string form of ODP flows. - ovs-vsctl: Fix segfault when attempting to del-port from parent bridge. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: -SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2942=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): openvswitch-2.7.6-3.23.1 openvswitch-debuginfo-2.7.6-3.23.1 openvswitch-debugsource-2.7.6-3.23.1 References: https://www.suse.com/security/cve/CVE-2018-17204.html https://www.suse.com/security/cve/CVE-2018-17205.html https://www.suse.com/security/cve/CVE-2018-17206.html https://bugzilla.suse.com/1104467 _______________________________________________ sle-security-updates mailing list
Dec 14, 2018
SuSE
89
security advisorymoderateupdateFedora 27: FEDORA-2018-3236af7d00 Moderate: Zchunk Crash Prevention
This update does sanity checking when an application passes in a checksum to verify. Before this release, applications could pass in non-hex values for the checksum, which could cause zchunk to crash. Now non-hex values will be rejected.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-3236af7d00 2018-11-11 02:39:32.167644 --------------------------------------------------------------------------------Name : zchunk Product : Fedora 27 Version : 0.9.14 Release : 1.fc27 URL : https://github.com/zchunk/zchunk Summary : Compressed file format that allows easy deltas Description : zchunk is a compressed file format that splits the file into independent chunks. This allows you to only download the differences when downloading a new version of the file, and also makes zchunk files efficient over rsync. zchunk files are protected with strong checksums to verify that the file you downloaded is in fact the file you wanted. --------------------------------------------------------------------------------Update Information: This update does sanity checking when an application passes in a checksum to verify. Before this release, applications could pass in non-hex values for the checksum, which could cause zchunk to crash. Now non-hex values will be rejected. --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-3236af7d00' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Nov 11, 2018
Fedora
89
security advisorysecurity issueFedoraFedora 26 json-c Security Update - Crash Prevention Implementation
- Patch: - Avoid invalid free and crash explicitly instead of silently enabling the caller to commit undefined behaviour.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-6d952bdc53 2017-12-24 19:39:51.839762 --------------------------------------------------------------------------------Name : json-c Product : Fedora 26 Version : 0.12.1 Release : 5.fc26 URL : https://github.com/json-c/json-c Summary : JSON implementation in C Description : JSON-C implements a reference counting object model that allows you to easily construct JSON objects in C, output them as JSON formatted strings and parse JSON formatted strings back into the C representation of JSON objects. It aims to conform to RFC 7159. --------------------------------------------------------------------------------Update Information: - Patch: - Avoid invalid free and crash explicitly instead of silently enabling the caller to commit undefined behaviour. --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade json-c' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Dec 24, 2017
•Critical
Fedora
89
security advisoryFedoraDoSFedora 25: FEDORA-2017-7803508155 critical: python-cjson denial of service
This update prevents `python-cjson` from crashing when attempting to parse heavily nested JSON structures (which could be exploited for denial of service purposes, against any application that uses `python-cjson` to parse arbitrary input).. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2017-7803508155 2017-02-25 19:18:00.756223 -------------------------------------------------------------------------------- Name : python-cjson Product : Fedora 25 Version : 1.1.0 Release : 9.fc25 URL : https://pypi.org/project/python-cjson/ Summary : Fast JSON encoder/decoder for Python Description : This module implements a very fast JSON encoder/decoder for Python. JSON stands for JavaScript Object Notation and is a text based lightweight data exchange format which is easy for humans to read/write and for machines to parse/generate. JSON is completely language independent and has multiple implementations in most of the programming languages, making it ideal for data exchange and storage. The module is written in C and it is up to 250 times faster when compared to the other python JSON implementations which are written directly in python. This speed gain varies with the complexity of the data and the operation and is the the range of 10-200 times for encoding operations and in the range of 100-250 times for decoding operations. -------------------------------------------------------------------------------- Update Information: This update prevents `python-cjson` from crashing when attempting to parse heavily nested JSON structures (which could be exploited for denial of service purposes, against any application that uses `python-cjson` to parse arbitrary input). -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade python-cjson' at the command line. For more information, refer to the dnf documentation availableat https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Feb 26, 2017
•Critical
Fedora
172
security advisorydenial of serviceubuntuUbuntu 13.04: USN-1874-1 Critical: DBus Denial Of Service
DBus could be made to crash if it received specially crafted input.. =========================================================================Ubuntu Security Notice USN-1874-1 June 13, 2013 dbus vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.04 - Ubuntu 12.10 - Ubuntu 12.04 LTS Summary: DBus could be made to crash if it received specially crafted input. Software Description: - dbus: simple interprocess messaging system Details: Alexandru Cornea discovered that DBus incorrectly handled certain messages. A local attacker could use this issue to cause system services to crash, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.04: libdbus-1-3 1.6.8-1ubuntu6.1 Ubuntu 12.10: libdbus-1-3 1.6.4-1ubuntu4.1 Ubuntu 12.04 LTS: libdbus-1-3 1.4.18-1ubuntu1.4 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-1874-1 CVE-2013-2168 Package Information: https://launchpad.net/ubuntu/+source/dbus/1.6.8-1ubuntu6.1 https://launchpad.net/ubuntu/+source/dbus/1.6.4-1ubuntu4.1 https://launchpad.net/ubuntu/+source/dbus/1.4.18-1ubuntu1.4 . A DBus flaw found in Ubuntu enables local adversaries to destabilize system services. Apply updates to avert potential denial of service.. DBus Vulnerability, Ubuntu Update, Denial of Service, Crash Prevention. . Severity: Critical. LinuxSecurity.com Team
Jun 13, 2013
•Critical
Ubuntu
89
security advisorysoftware updateFedora CoreFedora Core 2 2005-088 Low Severity: Elinks Browser Update
. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-088 2005-01-28 ---------------------------------------------------------------------Product : Fedora Core 2 Name : elinks Version : 0.9.1 Release : 1.1 Summary : text mode www browser with support for frames Description : Links is a text-based Web browser. Links does not display any images, but it does support frames, tables and most other HTML tags. Links' advantage over graphical browsers is its speed--Links starts and exits quickly and swiftly displays Web pages. ---------------------------------------------------------------------* Fri Jan 28 2005 Karel Zak 0.9.1-1.1 - limit rowspan/colspan values prevents crashes reported at (#146433) ---------------------------------------------------------------------This update can be downloaded from: 7f878decef9183495b384fdef0da2c94 SRPMS/elinks-0.9.1-1.1.src.rpm 2621386f0786c7ea6d856b8e991bd5a9 x86_64/elinks-0.9.1-1.1.x86_64.rpm a57e808b4937970023125742c9c33a35 x86_64/debug/elinks-debuginfo-0.9.1-1.1.x86_64.rpm fb882d2ef1b16accd3e01688c46e9204 i386/elinks-0.9.1-1.1.i386.rpm a96a555af29580e42374627af9ffbc1e i386/debug/elinks-debuginfo-0.9.1-1.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. -----------------------------------------------------------------------fedora-announce-list mailing list
Jan 28, 2005
•Low
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!