Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
100
security advisorypatchimportantSUSE: 2023:2823-1 Important: RabbitMQ-C Insecure Credentials Fix
* bsc#1212499 Cross-References: * CVE-2023-35789 . # Security update for rabbitmq-c Announcement ID: SUSE-SU-2023:2823-1 Rating: important References: * bsc#1212499 Cross-References: * CVE-2023-35789 CVSS scores: * CVE-2023-35789 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2023-35789 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for rabbitmq-c fixes the following issues: * CVE-2023-35789: Fixed insecure credentials submission (bsc#1212499). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in-t patch SUSE-2023-2823=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2823=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2823=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-2823=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-2823=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2823=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2823=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2823=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2823=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2823=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2823=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2823=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2823=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2823=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * librabbitmq-devel-0.10.0-150300.5.6.1 * rabbitmq-c-debugsource-0.10.0-150300.5.6.1 * librabbitmq4-debuginfo-0.10.0-150300.5.6.1 * rabbitmq-c-tools-0.10.0-150300.5.6.1 * rabbitmq-c-debuginfo-0.10.0-150300.5.6.1 * librabbitmq4-0.10.0-150300.5.6.1 * rabbitmq-c-tools-debuginfo-0.10.0-150300.5.6.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * librabbitmq-devel-0.10.0-150300.5.6.1 * rabbitmq-c-debugsource-0.10.0-150300.5.6.1 * librabbitmq4-debuginfo-0.10.0-150300.5.6.1 * rabbitmq-c-tools-0.10.0-150300.5.6.1 * rabbitmq-c-debuginfo-0.10.0-150300.5.6.1 * librabbitmq4-0.10.0-150300.5.6.1 * rabbitmq-c-tools-debuginfo-0.10.0-150300.5.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * librabbitmq-devel-0.10.0-150300.5.6.1 * rabbitmq-c-debugsource-0.10.0-150300.5.6.1 * librabbitmq4-debuginfo-0.10.0-150300.5.6.1 * rabbitmq-c-tools-0.10.0-150300.5.6.1 * rabbitmq-c-debuginfo-0.10.0-150300.5.6.1 * librabbitmq4-0.10.0-150300.5.6.1 * rabbitmq-c-tools-debuginfo-0.10.0-150300.5.6.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * librabbitmq-devel-0.10.0-150300.5.6.1 * rabbitmq-c-debugsource-0.10.0-150300.5.6.1 * librabbitmq4-debuginfo-0.10.0-150300.5.6.1 * rabbitmq-c-debuginfo-0.10.0-150300.5.6.1 * librabbitmq4-0.10.0-150300.5.6.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * librabbitmq-devel-0.10.0-150300.5.6.1 * rabbitmq-c-debugsource-0.10.0-150300.5.6.1 * librabbitmq4-debuginfo-0.10.0-150300.5.6.1 * rabbitmq-c-debuginfo-0.10.0-150300.5.6.1 * librabbitmq4-0.10.0-150300.5.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * librabbitmq-devel-0.10.0-150300.5.6.1 * rabbitmq-c-debugsource-0.10.0-150300.5.6.1 * librabbitmq4-debuginfo-0.10.0-150300.5.6.1 * rabbitmq-c-debuginfo-0.10.0-150300.5.6.1 * librabbitmq4-0.10.0-150300.5.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * librabbitmq-devel-0.10.0-150300.5.6.1 * rabbitmq-c-debugsource-0.10.0-150300.5.6.1 * librabbitmq4-debuginfo-0.10.0-150300.5.6.1 * rabbitmq-c-debuginfo-0.10.0-150300.5.6.1 * librabbitmq4-0.10.0-150300.5.6.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * librabbitmq-devel-0.10.0-150300.5.6.1 * rabbitmq-c-debugsource-0.10.0-150300.5.6.1 * librabbitmq4-debuginfo-0.10.0-150300.5.6.1 *rabbitmq-c-debuginfo-0.10.0-150300.5.6.1 * librabbitmq4-0.10.0-150300.5.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * librabbitmq-devel-0.10.0-150300.5.6.1 * rabbitmq-c-debugsource-0.10.0-150300.5.6.1 * librabbitmq4-debuginfo-0.10.0-150300.5.6.1 * rabbitmq-c-debuginfo-0.10.0-150300.5.6.1 * librabbitmq4-0.10.0-150300.5.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * librabbitmq-devel-0.10.0-150300.5.6.1 * rabbitmq-c-debugsource-0.10.0-150300.5.6.1 * librabbitmq4-debuginfo-0.10.0-150300.5.6.1 * rabbitmq-c-debuginfo-0.10.0-150300.5.6.1 * librabbitmq4-0.10.0-150300.5.6.1 * SUSE Manager Proxy 4.2 (x86_64) * librabbitmq-devel-0.10.0-150300.5.6.1 * rabbitmq-c-debugsource-0.10.0-150300.5.6.1 * librabbitmq4-debuginfo-0.10.0-150300.5.6.1 * rabbitmq-c-debuginfo-0.10.0-150300.5.6.1 * librabbitmq4-0.10.0-150300.5.6.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * librabbitmq-devel-0.10.0-150300.5.6.1 * rabbitmq-c-debugsource-0.10.0-150300.5.6.1 * librabbitmq4-debuginfo-0.10.0-150300.5.6.1 * rabbitmq-c-debuginfo-0.10.0-150300.5.6.1 * librabbitmq4-0.10.0-150300.5.6.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * librabbitmq-devel-0.10.0-150300.5.6.1 * rabbitmq-c-debugsource-0.10.0-150300.5.6.1 * librabbitmq4-debuginfo-0.10.0-150300.5.6.1 * rabbitmq-c-debuginfo-0.10.0-150300.5.6.1 * librabbitmq4-0.10.0-150300.5.6.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * librabbitmq-devel-0.10.0-150300.5.6.1 * rabbitmq-c-debugsource-0.10.0-150300.5.6.1 * librabbitmq4-debuginfo-0.10.0-150300.5.6.1 * rabbitmq-c-debuginfo-0.10.0-150300.5.6.1 * librabbitmq4-0.10.0-150300.5.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-35789.html * https://bugzilla.suse.com/show_bug.cgi?id=1212499 . Crucial Announcement for RabbitMQ-C Addressing Authentication Challenges and Enhancing Security Protocols in SUSEDistributions. RabbitMQ-C Update,SUSE Security Advisory,Critical Patch,Credential Exposure. . Severity: Important. LinuxSecurity.com Team
Feb 27, 2024
•Important
SuSE
100
security advisorysecurity issueimportantSUSE: 2020:3568-1 Important Mutt Credentials Exposure - Important Fix
An update that solves one vulnerability and has one errata is now available. . SUSE Security Update: Security update for mutt ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3568-1 Rating: important References: #1179035 #1179113 Cross-References: CVE-2020-28896 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for mutt fixes the following issues: - CVE-2020-28896: incomplete connection termination could lead to sending credentials over unencrypted connections (bsc#1179035) - Avoid that message with a million tiny parts can freeze MUA for several minutes (bsc#1179113) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-3568=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-3568=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2020-3568=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3568=1 - SUSELinux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3568=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3568=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3568=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): mutt-1.10.1-3.11.1 mutt-debuginfo-1.10.1-3.11.1 mutt-debugsource-1.10.1-3.11.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): mutt-doc-1.10.1-3.11.1 mutt-lang-1.10.1-3.11.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): mutt-1.10.1-3.11.1 mutt-debuginfo-1.10.1-3.11.1 mutt-debugsource-1.10.1-3.11.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): mutt-doc-1.10.1-3.11.1 mutt-lang-1.10.1-3.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): mutt-1.10.1-3.11.1 mutt-debuginfo-1.10.1-3.11.1 mutt-debugsource-1.10.1-3.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): mutt-doc-1.10.1-3.11.1 mutt-lang-1.10.1-3.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): mutt-1.10.1-3.11.1 mutt-debuginfo-1.10.1-3.11.1 mutt-debugsource-1.10.1-3.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): mutt-doc-1.10.1-3.11.1 mutt-lang-1.10.1-3.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): mutt-1.10.1-3.11.1 mutt-debuginfo-1.10.1-3.11.1 mutt-debugsource-1.10.1-3.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): mutt-doc-1.10.1-3.11.1 mutt-lang-1.10.1-3.11.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): mutt-1.10.1-3.11.1 mutt-debuginfo-1.10.1-3.11.1 mutt-debugsource-1.10.1-3.11.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): mutt-doc-1.10.1-3.11.1 mutt-lang-1.10.1-3.11.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): mutt-1.10.1-3.11.1 mutt-debuginfo-1.10.1-3.11.1 mutt-debugsource-1.10.1-3.11.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): mutt-doc-1.10.1-3.11.1 mutt-lang-1.10.1-3.11.1 References: https://www.suse.com/security/cve/CVE-2020-28896.html https://bugzilla.suse.com/1179035 https://bugzilla.suse.com/1179113 . Tackle the mutt vulnerability within SUSE by implementing this vital update. Protect against potential credential exposures through unsafe connections.. Mutt Update,SUSE Security Patches,Credential Exposure Fix,Unsecured Connection Mitigation. . Severity: Important. LinuxSecurity.com Team
Nov 30, 2020
•Important
SuSE
172
security advisoryexposureubuntuUbuntu: 4420-1 Moderate: Cinder and Os-Brick Sensitive Data Exposure
Cinder and os-brick could be made to expose sensitive information.. =========================================================================Ubuntu Security Notice USN-4420-1 July 07, 2020 cinder, python-os-brick vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Cinder and os-brick could be made to expose sensitive information. Software Description: - cinder: OpenStack storage service - python-os-brick: Library for managing local volume attaches Details: David Hill and Eric Harney discovered that Cinder and os-brick incorrectly handled ScaleIO backend credentials. An attacker could possibly use this issue to expose sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: python3-cinder 2:16.1.0-0ubuntu1 python3-os-brick 3.0.1-0ubuntu1.2 Ubuntu 18.04 LTS: python-cinder 2:12.0.9-0ubuntu1.2 python-os-brick 2.3.0-0ubuntu1.2 python3-os-brick 2.3.0-0ubuntu1.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4420-1 CVE-2020-10755 Package Information: https://launchpad.net/ubuntu/+source/cinder/2:16.1.0-0ubuntu1 https://launchpad.net/ubuntu/+source/python-os-brick/3.0.1-0ubuntu1.2 https://launchpad.net/ubuntu/+source/cinder/2:12.0.9-0ubuntu1.2 https://launchpad.net/ubuntu/+source/python-os-brick/2.3.0-0ubuntu1.2 . Ensure your Ubuntu 20.04 and 18.04 LTS installations are updated promptly to mitigate vulnerabilities in cinder and os-brick, which could risk exposing confidential information.. Cinder Vulnerability, Os-Brick Issue, Ubuntu Security Notice, Sensitive Data Exposure. . Severity: Important. LinuxSecurity.com Team
Jul 07, 2020
•Important
Ubuntu
98
security advisorysecurity updateaccess controlRed Hat OpenStack 15: Important Keystone Credentials Issue RHSA-2019-4358-01
An update for openstack-keystone is now available for Red Hat OpenStack Platform 15 (Stein). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: openstack-keystone security update Advisory ID: RHSA-2019:4358-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2019:4358 Issue date: 2019-12-19 CVE Names: CVE-2019-19687 ==================================================================== 1. Summary: An update for openstack-keystone is now available for Red Hat OpenStack Platform 15 (Stein). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 15.0 - noarch 3. Description: The OpenStack Identity service (keystone) authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins. Security Fix(es): * Credentials API allows non-admin to list and retrieve all userscredentials (CVE-2019-19687) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed(https://bugzilla.redhat.com/): 1781470 - CVE-2019-19687 openstack-keystone: Credentials API allows non-admin to list and retrieve all users credentials 6. Package List: Red Hat OpenStack Platform 15.0: Source: openstack-keystone-15.0.1-0.20190720060412.5f27c4b.1.el8ost.src.rpm noarch: openstack-keystone-15.0.1-0.20190720060412.5f27c4b.1.el8ost.noarch.rpm python3-keystone-15.0.1-0.20190720060412.5f27c4b.1.el8ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-19687 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXfvPCtzjgjWX9erEAQhscA/+JPQtUDhyQwtzei16r9+RMXMNu9kzScZc ZaRJXZuF3nyG3qoOI2GPoS8Vn3oVvW2sHgpJczoWusW2tBtuupPK02ezuRFCNx31 i8PqIu9WYJL11UeCSrlyemIC6c0VR4K5+b/i+crmDvBoTzJLDL7TUb8EqznjhGhA lvFAvEGbAE2yM8YXMS/mMh/1VK8Mxo7jIYXLODr1rV6x1F+9SquYcnKC8ehMNfui ZuOlConk+cZtJuU29VR0d6JVNox9VQujT0nLyUyAJBE3ZMm5YgwBps9WGunTpTcJ UDWal2TMGEXxtE+LZrK4aeNoZvsKGVHxVYcry9zcKW94/k84krSW8PixUxZBNTXc xm+Dbk1twjsnnJq2nNL/FdujExs1O8YO30t5Ruy1oIYqKOShMkBhfhcnjLccytTf L4x3+n8vtFHTEreT5/Ie3QW5AVxUwsaWSxoMkg+9NyMEdbnVW5VIpuFJ6NlmilBC 4R4aMz5u0RRTxkElAgJVirQ9NogKNmUK1G/7O9LkBEMDUScWuqvTPIS18zrM7Kb+ Z/zGmD2ObTqP6x5zKSbvxYigqCdr0UzEz34zvlCi2qsbQereMwvTunNEebJTsayX RRt3Bjdyy1SBgLn1XvNDOS86MyNjM/Wu33Abv+f476luNT+1cnmj6ZfhprqiUYvQ XrjAwnHgF+w=XY9T -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Dec 19, 2019
•Important
Red Hat
172
security advisoryDoSUbuntuUbuntu 13.04 USN-1842-1 Critical: KDE-Libs Credentials Leak
KDE-Libs could be made to expose web credentials.. =========================================================================Ubuntu Security Notice USN-1842-1 May 29, 2013 kde4libs vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.04 - Ubuntu 12.10 - Ubuntu 12.04 LTS Summary: KDE-Libs could be made to expose web credentials. Software Description: - kde4libs: KDE 4 core applications and libraries Details: It was discovered that KIO would sometimes display web authentication credentials under certain error conditions. If a user were tricked into opening a specially crafted web page, an attacker could potentially exploit this to expose confidential information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.04: libkio5 4:4.10.2-0ubuntu2.2 Ubuntu 12.10: libkio5 4:4.9.5-0ubuntu0.2 Ubuntu 12.04 LTS: libkio5 4:4.8.5-0ubuntu0.2 After a standard system update you need to restart any applications that use KIO from KDE-Libs, such as Konqueror, to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-1842-1 CVE-2013-2074 Package Information: https://launchpad.net/ubuntu/+source/kde4libs/4:4.10.2-0ubuntu2.2 https://launchpad.net/ubuntu/+source/kde4libs/4:4.9.5-0ubuntu0.2 https://launchpad.net/ubuntu/+source/kde4libs/4:4.8.5-0ubuntu0.2 . KDE-Libs security flaw compromises online login details in Ubuntu; urgent patches released for impacted versions.. KDE-Libs, Web Credentials, Ubuntu Security Advisory. . Severity: Critical. LinuxSecurity.com Team
May 29, 2013
•Critical
Ubuntu
91
security advisorygentoorace conditionGentoo: GLSA-200711-33 Low Severity: nss_ldap Information Disclosure
A race condition might lead to theft of user credentials or information disclosure in services using nss_ldap.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200711-33 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: nss_ldap: Information disclosure Date: November 25, 2007 Bugs: #198390 ID: 200711-33 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A race condition might lead to theft of user credentials or information disclosure in services using nss_ldap. Background ========= nss_ldap is a Name Service Switch module which allows 'passwd', 'group' and 'host' database information to be pulled from LDAP. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-auth/nss_ldap < 258 > = 258 Description ========== Josh Burley reported that nss_ldap does not properly handle the LDAP connections due to a race condition that can be triggered by multi-threaded applications using nss_ldap, which might lead to requested data being returned to a wrong process. Impact ===== Remote attackers could exploit this race condition by sending queries to a vulnerable server using nss_ldap, possibly leading to theft of user credentials or information disclosure (e.g. Dovecot returning wrong mailbox contents). Workaround ========= There is no known workaround at this time. Resolution ========= All nss_ldap users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot--verbose "> =sys-auth/nss_ldap-258" References ========= [ 1 ] CVE-2007-5794 https://www.cve.org/CVERecord?id=CVE-2007-5794 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200711-33 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Nov 25, 2007
•Low
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!