Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
98
security advisorycross-site scriptingRed Hat Enterprise LinuxRed Hat: RHSA-2011-0850-01 Important: Flash Player XSS Threat
An updated Adobe Flash Player package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: flash-plugin security update Advisory ID: RHSA-2011:0850-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://access.redhat.com/errata/RHSA-2011:0850.html Issue date: 2011-06-06 CVE Names: CVE-2011-2107 ==================================================================== 1. Summary: An updated Adobe Flash Player package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed on the Adobe security page APSB11-13, listed in the References section. (CVE-2011-2107) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.3.181.22 4. Solution: Beforeapplying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 710981 - CVE-2011-2107 flash-plugin: Cross-site scripting vulnerability (APSB11-13) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-10.3.181.22-1.el5.i386.rpm x86_64: flash-plugin-10.3.181.22-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-10.3.181.22-1.el5.i386.rpm x86_64: flash-plugin-10.3.181.22-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-10.3.181.22-1.el6.i686.rpm x86_64: flash-plugin-10.3.181.22-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-10.3.181.22-1.el6.i686.rpm x86_64: flash-plugin-10.3.181.22-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-10.3.181.22-1.el6.i686.rpm x86_64: flash-plugin-10.3.181.22-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2011-2107 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFN7OqAXlSAg2UNWIIRApgjAKCldmXlUbDzD/uUwi8XnweoaBZ00gCeIzcZ 1XCuXnfYCW/M6oYmVu+sw+U=AUfZ -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Jun 06, 2011
•Important
Red Hat
98
security advisorydenial of servicekernel updateRed Hat 2.1 RHSA-2006:0191-01 Critical: Multiple Kernel Exploits
Updated kernel packages that fix a number of security issues as well as other bugs are now available for Red Hat Enterprise Linux 2.1 (32 bit architectures) This security advisory has been rated as having important security impact by the Red Hat Security Response Team.. - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2006:0191-01 Advisory URL: https://access.redhat.com/errata/RHSA-2006:0191.html Issue date: 2006-02-01 Updated on: 2006-02-01 Product: Red Hat Enterprise Linux CVE Names: CVE-2002-2185 CVE-2004-1058 CVE-2004-1073 CVE-2005-0124 CVE-2005-0400 CVE-2005-0815 CVE-2005-2458 CVE-2005-2709 CVE-2005-2973 CVE-2005-3180 CVE-2005-3275 CVE-2005-3806 - ---------------------------------------------------------------------1. Summary: Updated kernel packages that fix a number of security issues as well as other bugs are now available for Red Hat Enterprise Linux 2.1 (32 bit architectures) This security advisory has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Problem description: The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below: - - a flaw in network IGMP processing that a allowed a remote user on the local network to cause a denial of service (disabling of multicast reports) if the system is running multicast applications (CVE-2002-2185, moderate) - - a race condition that allowed local users to read the environment variables of another process (CVE-2004-1058, low) - - a flaw in the open_exec function of execve that allowed a local user to readsetuid ELF binaries that should otherwise be protected by standard permissions. (CVE-2004-1073, moderate). Red Hat originally reported this flaw as being fixed by RHSA-2004:504, but a patch for this issue was missing from that update. - - a flaw in the coda module that allowed a local user to cause a denial of service (crash) or possibly gain privileges (CVE-2005-0124, moderate) - - a potential leak of kernel data from ext2 file system handling (CVE-2005-0400, low) - - flaws in ISO-9660 file system handling that allowed the mounting of an invalid image on a CD-ROM to cause a denial of service (crash) or potentially execute arbitrary code (CVE-2005-0815, moderate) - - a flaw in gzip/zlib handling internal to the kernel that may allow a local user to cause a denial of service (crash) (CVE-2005-2458, low) - - a flaw in procfs handling during unloading of modules that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2709, moderate) - - a flaw in IPv6 network UDP port hash table lookups that allowed a local user to cause a denial of service (hang) (CVE-2005-2973, important) - - a network buffer info leak using the orinoco driver that allowed a remote user to possibly view uninitialized data (CVE-2005-3180, important) - - a flaw in IPv4 network TCP and UDP netfilter handling that allowed a local user to cause a denial of service (crash) (CVE-2005-3275, important) - - a flaw in the IPv6 flowlabel code that allowed a local user to cause a denial of service (crash) (CVE-2005-3806, important) The following bugs were also addressed: - - Handle set_brk() errors in binfmt_elf/aout - - Correct error handling in shmem_ioctl - - Correct scsi error return - - Fix netdump time keeping bug - - Fix netdump link-down freeze - - Fix FAT fs deadlock All Red Hat Enterprise Linux 2.1 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed inthis erratum. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 133115 - CVE-2004-1058 /proc/ /cmdline information disclosure 137214 - netconsole freezes during printk() when output link not up 144155 - binfmt_aout DoS 146081 - CVE-2005-0124 Coverity: coda fs flaw 152401 - CVE-2005-0400 ext2 mkdir() directory entry random kernel memory leak 152407 - CVE-2005-0815 isofs range checking flaws 152553 - CVE-2004-1073 looks unfixed in RHEL2.1 165682 - CVE-2005-2458 gzip/zlib flaws 168926 - CVE-2005-2709 More sysctl flaws 170280 - CVE-2005-3180 orinoco driver information leakage 170777 - CVE-2005-2973 ipv6 infinite loop 171387 - CVE-2005-3275 NAT DoS 174085 - CVE-2005-3806 ipv6 DOS 174811 - CVE-2002-2185 IGMP DoS 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: 31a7a8bf00a649471f351e4c8527793d kernel-2.4.9-e.68.src.rpm i386: 65d2bb250a3647ca0042aeb1963a30b8 kernel-2.4.9-e.68.athlon.rpm 5df6d6315fab4e0bccc72f3e3b848e80 kernel-2.4.9-e.68.i686.rpm b5161ec68ef49c692a791815f8addce1 kernel-BOOT-2.4.9-e.68.i386.rpm 6862bc8e59b6d764525a095492849e75 kernel-debug-2.4.9-e.68.i686.rpm fd8225c7d253bc954042421e8190b79b kernel-doc-2.4.9-e.68.i386.rpm a0d9c5c91191994d754c00e9422b052a kernel-enterprise-2.4.9-e.68.i686.rpm 9b34d912bded4d839a717acec5437776 kernel-headers-2.4.9-e.68.i386.rpm e26872f9afdf55393554a7753717d58a kernel-smp-2.4.9-e.68.athlon.rpm dce34945223d1b037aab1dbc2bc19a1f kernel-smp-2.4.9-e.68.i686.rpm 9fbcbe7084d697a330f502c4749be39a kernel-source-2.4.9-e.68.i386.rpm 5e067e3c643f50e4155f2b31e340c5ca kernel-summit-2.4.9-e.68.i686.rpm Red HatEnterprise Linux ES version 2.1: SRPMS: 31a7a8bf00a649471f351e4c8527793d kernel-2.4.9-e.68.src.rpm i386: 65d2bb250a3647ca0042aeb1963a30b8 kernel-2.4.9-e.68.athlon.rpm 5df6d6315fab4e0bccc72f3e3b848e80 kernel-2.4.9-e.68.i686.rpm b5161ec68ef49c692a791815f8addce1 kernel-BOOT-2.4.9-e.68.i386.rpm 6862bc8e59b6d764525a095492849e75 kernel-debug-2.4.9-e.68.i686.rpm fd8225c7d253bc954042421e8190b79b kernel-doc-2.4.9-e.68.i386.rpm 9b34d912bded4d839a717acec5437776 kernel-headers-2.4.9-e.68.i386.rpm e26872f9afdf55393554a7753717d58a kernel-smp-2.4.9-e.68.athlon.rpm dce34945223d1b037aab1dbc2bc19a1f kernel-smp-2.4.9-e.68.i686.rpm 9fbcbe7084d697a330f502c4749be39a kernel-source-2.4.9-e.68.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: 31a7a8bf00a649471f351e4c8527793d kernel-2.4.9-e.68.src.rpm i386: 65d2bb250a3647ca0042aeb1963a30b8 kernel-2.4.9-e.68.athlon.rpm 5df6d6315fab4e0bccc72f3e3b848e80 kernel-2.4.9-e.68.i686.rpm b5161ec68ef49c692a791815f8addce1 kernel-BOOT-2.4.9-e.68.i386.rpm 6862bc8e59b6d764525a095492849e75 kernel-debug-2.4.9-e.68.i686.rpm fd8225c7d253bc954042421e8190b79b kernel-doc-2.4.9-e.68.i386.rpm a0d9c5c91191994d754c00e9422b052a kernel-enterprise-2.4.9-e.68.i686.rpm 9b34d912bded4d839a717acec5437776 kernel-headers-2.4.9-e.68.i386.rpm e26872f9afdf55393554a7753717d58a kernel-smp-2.4.9-e.68.athlon.rpm dce34945223d1b037aab1dbc2bc19a1f kernel-smp-2.4.9-e.68.i686.rpm 9fbcbe7084d697a330f502c4749be39a kernel-source-2.4.9-e.68.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7.References: https://www.cve.org/CVERecord?id=CVE-2002-2185 https://www.cve.org/CVERecord?id=CVE-2004-1058 https://www.cve.org/CVERecord?id=CVE-2004-1073 https://www.cve.org/CVERecord?id=CVE-2005-0124 https://www.cve.org/CVERecord?id=CVE-2005-0400 https://www.cve.org/CVERecord?id=CVE-2005-0815 https://www.cve.org/CVERecord?id=CVE-2005-2458 https://www.cve.org/CVERecord?id=CVE-2005-2709 https://www.cve.org/CVERecord?id=CVE-2005-2973 https://www.cve.org/CVERecord?id=CVE-2005-3180 https://www.cve.org/CVERecord?id=CVE-2005-3275 https://www.cve.org/CVERecord?id=CVE-2005-3806 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2006 Red Hat, Inc. . Obtain the most recent security patches from Red Hat for the kernel, resolving several significant vulnerabilities in Enterprise Linux.. Kernel Update, Security Advisory, Red Hat Enterprise Linux, Critical Issues. . Severity: Important. LinuxSecurity.com Team
Feb 01, 2006
•Important
Red Hat
98
security advisoryRed Hat Enterprise Linuxcritical security impactRed Hat: 2005:788-01 Critical: HelixPlayer Format String Issue
An updated HelixPlayer package that fixes a string format issue is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team.. - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Critical: HelixPlayer security update Advisory ID: RHSA-2005:788-01 Advisory URL: https://access.redhat.com/errata/RHSA-2005:788.html Issue date: 2005-09-27 Updated on: 2005-09-27 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-2710 - ---------------------------------------------------------------------1. Summary: An updated HelixPlayer package that fixes a string format issue is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ppc, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, x86_64 Red Hat Enterprise Linux WS version 4 - i386, x86_64 3. Problem description: HelixPlayer is a media player. A format string bug was discovered in the way HelixPlayer processes RealPix (.rp) files. It is possible for a malformed RealPix file to execute arbitrary code as the user running HelixPlayer. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2710 to this issue. All users of HelixPlayer are advised to upgrade to this updated package, which contains HelixPlayer version 10.0.6 and is not vulnerable to this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in theappropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 168078 - CAN-2005-2710 HelixPlayer Format String Flaw 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: 77bcadb90099c21c579ad8f51d4c7292 HelixPlayer-1.0.6-0.EL4.1.src.rpm i386: 40ff8c8ac5f9acc8019db7bd91a1f819 HelixPlayer-1.0.6-0.EL4.1.i386.rpm ppc: 1604bc8fa9eb7d6ef1733d3b047b8cc9 HelixPlayer-1.0.6-0.EL4.1.ppc.rpm x86_64: 40ff8c8ac5f9acc8019db7bd91a1f819 HelixPlayer-1.0.6-0.EL4.1.i386.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: 77bcadb90099c21c579ad8f51d4c7292 HelixPlayer-1.0.6-0.EL4.1.src.rpm i386: 40ff8c8ac5f9acc8019db7bd91a1f819 HelixPlayer-1.0.6-0.EL4.1.i386.rpm x86_64: 40ff8c8ac5f9acc8019db7bd91a1f819 HelixPlayer-1.0.6-0.EL4.1.i386.rpm Red Hat Enterprise Linux ES version 4: SRPMS: 77bcadb90099c21c579ad8f51d4c7292 HelixPlayer-1.0.6-0.EL4.1.src.rpm i386: 40ff8c8ac5f9acc8019db7bd91a1f819 HelixPlayer-1.0.6-0.EL4.1.i386.rpm x86_64: 40ff8c8ac5f9acc8019db7bd91a1f819 HelixPlayer-1.0.6-0.EL4.1.i386.rpm Red Hat Enterprise Linux WS version 4: SRPMS: 77bcadb90099c21c579ad8f51d4c7292 HelixPlayer-1.0.6-0.EL4.1.src.rpm i386: 40ff8c8ac5f9acc8019db7bd91a1f819 HelixPlayer-1.0.6-0.EL4.1.i386.rpm x86_64: 40ff8c8ac5f9acc8019db7bd91a1f819 HelixPlayer-1.0.6-0.EL4.1.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CAN-2005-2710 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2005 Red Hat, Inc. . Ubuntu has released an important patch for VLC Media Player that resolves a buffer overflow vulnerability, aimed at blocking unauthorized code execution.. HelixPlayer Update, Red Hat Security Advisory, Linux Media Player Fix. . Severity:Critical. LinuxSecurity.com Team
Sep 27, 2005
•Critical
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!