Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 0 articles for you...
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisorydenial of serviceprivilege escalation

Ubuntu 18.04 LTS USN-5259-3 Moderate: Fix Cron Regression Issues

USN-5259-1 and USN-5259-2 introduced a regression in Cron.. =========================================================================Ubuntu Security Notice USN-5259-3 May 11, 2022 cron regression ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM Summary: USN-5259-1 and USN-5259-2 introduced a regression in Cron. Software Description: - cron: process scheduling daemon Details: USN-5259-1 and USN-5259-2 fixed vulnerabilities in Cron. Unfortunately that update was incomplete and could introduce a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the postinst maintainer script in Cron unsafely handled file permissions during package install or update operations. An attacker could possibly use this issue to perform a privilege escalation attack. (CVE-2017-9525) Florian Weimer discovered that Cron incorrectly handled certain memory operations during crontab file creation. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-9704) It was discovered that Cron incorrectly handled user input during crontab file creation. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-9705) It was discovered that Cron contained a use-after-free vulnerability in its force_rescan_user function. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-9706) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: cron 3.0pl1-128.1ubuntu1.2 Ubuntu 16.04 ESM: cron 3.0pl1-128ubuntu2+esm2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5259-1 https://ubuntu.com/security/notices/USN-5259-2 https://ubuntu.com/security/notices/USN-5259-3 https://bugs.launchpad.net/ubuntu/+source/cron/+bug/1971895 CVE-2017-9525 Package Information: https://launchpad.net/ubuntu/+source/cron/3.0pl1-128.1ubuntu1.2 . Addresses the issues with Cron regression found in Ubuntu 16.04 and 18.04 LTS stemming from earlier system updates, alongside risks of privilege escalation.. Ubuntu Cron Update, Security Notice, Package Management, Regression Fix. . LinuxSecurity.com Team

Calendar 2 May 10, 2022 Ubuntu
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisorydenial of serviceUbuntu

Ubuntu 18.04 LTS: USN-5259-2 Critical: Cron Privilege Escalation and DoS

Several security issues were fixed in Cron.. Ubuntu Security Notice USN-5259-2 May 06, 2022 cron vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: Several security issues were fixed in Cron. Software Description: - cron: process scheduling daemon Details: USN-5259-1 fixed several vulnerabilities in Cron. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: It was discovered that the postinst maintainer script in Cron unsafely handled file permissions during package install or update operations. An attacker could possibly use this issue to perform a privilege escalation attack. (CVE-2017-9525) Florian Weimer discovered that Cron incorrectly handled certain memory operations during crontab file creation. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-9704) It was discovered that Cron incorrectly handled user input during crontab file creation. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-9705) It was discovered that Cron contained a use-after-free vulnerability in its force_rescan_user function. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-9706) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: cron 3.0pl1-128.1ubuntu1.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5259-2 https://ubuntu.com/security/notices/USN-5259-1 CVE-2017-9525, CVE-2019-9704, CVE-2019-9705, CVE-2019-9706 Package Information: https://launchpad.net/ubuntu/+source/cron/3.0pl1-128.1ubuntu1.1 . Ubuntu SecurityAdvisory USN-5260-3 tackles severe issues in the SSH service that impact user access and system integrity.. Ubuntu Security Notice,Cron Update,Privilege Escalation,Denial of Service. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 May 06, 2022 Critical Ubuntu
Banner 3 1028x280 1708121785 1771599793
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisorydenial of servicecritical issue

Ubuntu 16.04 USN-5259-1 Critical: Cron Privilege Escalation & DoS

Several security issues were fixed in Cron.. =========================================================================Ubuntu Security Notice USN-5259-1 February 01, 2022 cron vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: Several security issues were fixed in Cron. Software Description: - cron: process scheduling daemon Details: It was discovered that the postinst maintainer script in Cron unsafely handled file permissions during package install or update operations. An attacker could possibly use this issue to perform a privilege escalation attack. (CVE-2017-9525) Florian Weimer discovered that Cron incorrectly handled certain memory operations during crontab file creation. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-9704) It was discovered that Cron incorrectly handled user input during crontab file creation. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-9705) It was discovered that Cron contained a use-after-free vulnerability in its force_rescan_user function. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-9706) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: cron 3.0pl1-128ubuntu2+esm1 In general, a standard system update will make all the necessary changes. References: CVE-2017-9525, CVE-2019-9704, CVE-2019-9705, CVE-2019-9706 . Ubuntu Security Announcement USN-5260-1 addresses significant vulnerabilities in OpenSSL impacting Ubuntu 18.04 LTS. Immediate upgrade advised.. Cron Security Issues, Ubuntu Security Updates, Denial of Service. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Feb 01, 2022 Critical Ubuntu
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorydebiandos

Debian 9: DLA-2801-1 Critical: Cron Escalation and DoS Fix

Brief introduction CVE-2017-9525 . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2801-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Adrian Bunk October 30, 2021 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : cron Version : 3.0pl1-128+deb9u2 CVE ID : CVE-2017-9525 CVE-2019-9704 CVE-2019-9705 CVE-2019-9706 Debian Bug : 809167 Brief introduction CVE-2017-9525 Fix group crontab to root escalation via postinst. CVE-2019-9704 A very large crontab created by a user could crash the daemon. CVE-2019-9705 Enforce maximum crontab line count of 10000 to prevent a malicious user from creating an excessivly large crontab. CVE-2019-9706 Fix for possible DoS by use-after-free. Additionally, a bypass of /etc/cron.{allow,deny} on failure to open has been fixed. If these files exist, then they must be readable by the user executing crontab(1). Users will now be denied by default if they aren't. For Debian 9 stretch, these problems have been fixed in version 3.0pl1-128+deb9u2. We recommend that you upgrade your cron packages. For the detailed security status of cron please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/cron Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Debian LTS Advisory DLA-2903-1 addresses multiple vulnerabilities in the openssl package; updating is suggested to ensure system security.. Debian Security Update,Cron Issues,CVE Fixes. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Oct 30, 2021 Critical Debian LTS
Banner 3 1028x280 1708121785 1771599793
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorydenial of servicedebian

Debian: DLA-1723-1 Moderate: Cron Scheduler Security Issues

Various security problems have been discovered in Debian's CRON scheduler. CVE-2017-9525 . Package : cron Version : 3.0pl1-127+deb8u2 CVE ID : CVE-2017-9525 CVE-2019-9704 CVE-2019-9705 CVE-2019-9706 Debian Bug : 809167 Various security problems have been discovered in Debian's CRON scheduler. CVE-2017-9525 Fix group crontab to root escalation via the Debian package's postinst script as described by Alexander Peslyak (Solar Designer) in https://www.openwall.com/lists/oss-security/2017/06/08/3 CVE-2019-9704 DoS: Fix unchecked return of calloc(). Florian Weimer discovered that a missing check for the return value of calloc() could crash the daemon, which could be triggered by a very large crontab created by a user. CVE-2019-9705 Enforce maximum crontab line count of 1000 to prevent a malicious user from creating an excessivly large crontab. The daemon will log a warning for existing files, and crontab(1) will refuse to create new ones. CVE-2019-9706 A user reported a use-after-free condition in the cron daemon, leading to a possible Denial-of-Service scenario by crashing the daemon. For Debian 8 "Jessie", these problems have been fixed in version 3.0pl1-127+deb8u2. We recommend that you upgrade your cron packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: This email address is being protected from spambots. You need JavaScript enabled to view it., https://sunweavers.net/ . Package : cron Version : 3.0pl1-127+deb8u2 CVE ID : CVE-2017-9525 CVE-2019-9704 CVE-2019-9705 CVE-20. various, security, problems, debian's, scheduler, cve-2017-9525, package. . LinuxSecurity.com Team

Calendar 2 Mar 21, 2019 Debian LTS
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisoryprivilege escalationpackage update

Ubuntu 6.06 LTS-9.04 USN-778-1 Moderate: Cron Privilege Escalation

It was discovered that cron did not properly check the return code ofthe setgid() and initgroups() system calls. A local attacker could usethis to escalate group privileges. Please note that cron versions 3.0pl1-64and later were already patched to address the more serious setuid() checkreferred to by CVE-2006-2607. [More...]. ==========================================================Ubuntu Security Notice USN-778-1 June 01, 2009 cron vulnerability CVE-2006-2607 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: cron 3.0pl1-92ubuntu1.1 Ubuntu 8.04 LTS: cron 3.0pl1-100ubuntu2.1 Ubuntu 8.10: cron 3.0pl1-104+ubuntu5.1 Ubuntu 9.04: cron 3.0pl1-105ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that cron did not properly check the return code of the setgid() and initgroups() system calls. A local attacker could use this to escalate group privileges. Please note that cron versions 3.0pl1-64 and later were already patched to address the more serious setuid() check referred to by CVE-2006-2607. Updated packages for Ubuntu 6.06 LTS: Source archives: Size/MD5: 49957 be99a97742618d1ee98841b007261478 Size/MD5: 693 90bd74d44d50f316995ce641b5c1748f http://security.ubuntu.com/ubuntu/pool/main/c/cron/cron_3.0pl1.orig.tar.gz Size/MD5: 59245 4c64aece846f8483daf440f8e3dd210f amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 66132 3c3567e4041ca920f58aff3ec370785e i386 architecture (x86 compatible Intel/AMD): Size/MD5: 60362 a4f44b8d8c9781053d8f545ebcde2011 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 69354 b1c666c74fd2711fb0f942d57326333b sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 61404 7bb09fbd5e5a2c8f479b2cb5296b6053 Updated packages for Ubuntu 8.04 LTS: Source archives: Size/MD5: 67887 a5af279d0b7acafd0d885707e2301a97 Size/MD5: 795 3680f051b5bbaa54252da7d92f10f232 http://security.ubuntu.com/ubuntu/pool/main/c/cron/cron_3.0pl1.orig.tar.gz Size/MD5: 59245 4c64aece846f8483daf440f8e3dd210f amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 83894 72449a38f5c3ce3b3716e386a1d1fd2f i386 architecture (x86 compatible Intel/AMD): Size/MD5: 79432 240d6d01e1d33d9d606c19780571b0d6 lpia architecture (Low Power Intel Architecture): Size/MD5: 78234 ec5c95520d9e3e94a572c8095e976f0b powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 91154 5a110f1e1094522323f5773f39b10c93 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 81388 6f546235162b4c89bc247453418fadfa Updated packages for Ubuntu 8.10: Source archives: Size/MD5: 69691 5dc135e1d9ffa07bf88a0d11cafad393 Size/MD5: 1189 650b8107492613cab5713a594b3662e7 http://security.ubuntu.com/ubuntu/pool/main/c/cron/cron_3.0pl1.orig.tar.gz Size/MD5: 59245 4c64aece846f8483daf440f8e3dd210f amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 88220 889eec9f40f176e3eca03961b2eb6c02 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 83228 40aaf042c987c54d18d2dda7bd1d9b6c lpia architecture (Low Power Intel Architecture): Size/MD5: 81730 480f1d0080ba57093ad5ea831e0eb408 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 91906 92ede863ffb9ee89e95d0f0a736d6677 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 8601898da4980996f8f0a09759ded88cd0f6d Updated packages for Ubuntu 9.04: Source archives: Size/MD5: 70384 eb0ce0dd8aab4df19f1e499ac10436b8 Size/MD5: 1185 d1b008b50afc357bedbfbc0b8980c547 http://security.ubuntu.com/ubuntu/pool/main/c/cron/cron_3.0pl1.orig.tar.gz Size/MD5: 59245 4c64aece846f8483daf440f8e3dd210f amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 89016 3d8f8e87c84ac90fdf2c89556656ce32 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 83898 109b7ff37a0f60977448a59571bf0493 lpia architecture (Low Power Intel Architecture): Size/MD5: 82642 e74dfc0bf984db836b34aa19a64b8a24 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 92660 fc4bb8046c76e905a4f05461af635a50 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 86816 1594345cabfc8957565cc5f771eb1f57 . Ubuntu USN-779-1 fixes a vulnerability in the systemd package that could lead to unauthorized access. Ensure you update the affected components promptly to maintain security.. Ubuntu Cron Security Advisory, Privilege Escalation Attack, Local Attacker Mitigation. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jun 01, 2009 Important Ubuntu
Banner 3 1028x280 1708121785 1771599793
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorysecurity updatelocal privilege escalation

SUSE 10.1: 2006-027 Moderate: Cron Local Privilege Escalation Risk

Vixie Cron is the default CRON daemon in all SUSE Linux based Vixie Cron is the default CRON daemon in all SUSE Linux based distributions. distributions. The code in do_command.c in Vixie cron does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: cron Announcement ID: SUSE-SA:2006:027 Date: Wed, 31 May 2006 15:00:00 +0000 Affected Products: SUSE LINUX 10.1 SUSE LINUX 10.0 SUSE LINUX 9.3 SUSE LINUX 9.2 SUSE LINUX 9.1 SuSE Linux Desktop 1.0 SuSE Linux Enterprise Server 8 SUSE SLES 9 UnitedLinux 1.0 Vulnerability Type: local privilege escalation Severity (1-10): 7 SUSE Default Package: yes Cross-References: CVE-2006-2607 Content of This Advisory: 1) Security Vulnerability Resolved: local privilege escalation using cron Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion Vixie Cron is the default CRON daemon in all SUSE Linux based distributions. The code in do_command.c in Vixie cron does not check the returncode of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits. This problem is known to affect only distributions with Linux 2.6 kernels, but the package was updated for all distributions for completeness. This problem is tracked by the Mitre CVE ID CVE-2006-2607. 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes Please restart cron after the update. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv to apply the update, replacing with the filename of the downloaded RPM package. x86 Platform: SUSE LINUX 10.1: e497e8d493f1b94c0891af1026be4d0a SUSE LINUX 10.0: a7daa9be8f6d1f3d5b87904e934ee235 SUSE LINUX 9.3: feabbd699c9504dc4cf0bf0ba91e6f2d SUSE LINUX 9.2: 0979cea40c43166044c66364b148101b SUSE LINUX 9.1: e140f798e6146f52ca2621a6ef678a45 Power PC Platform: SUSE LINUX 10.1: 0b0550667503fc422ae7601b4cb513e6 SUSE LINUX 10.0: 711aeec2e8bfcb02835478e3c5bc62c8 x86-64 Platform: SUSE LINUX 10.1: 01885af8563e8f2e093b7741e0e7ee95 SUSE LINUX 10.0: 3716db1e6d608fc4714b8ac137c94059 SUSE LINUX 9.3: 4287461b019ece311e32082fd87bc0a9 SUSE LINUX 9.2: 574294ae7f583add41bd45774988cb4e SUSE LINUX 9.1: 6b26840c02592f7978d841f99743371d Sources: SUSE LINUX 10.1: f43d85f87f2571b7a72c580f40027abd SUSE LINUX 10.0: 78ea0581677076016e90b109e6154b12 SUSE LINUX 9.3: 9a1b7e7f96f6daaa2ce77f922ff9df9a SUSE LINUX 9.2: 26adb41a9c1beb796184323a0c0fed8a SUSE LINUX 9.1: 84e82588b2fcd45ff23e02502acbc8d2 c0aa0ac7fb31ae24da6404b0e0cdc218 Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: UnitedLinux 1.0 SUSE SLES 9 SuSE Linux Desktop 1.0 SuSE Linux Enterprise Server 8 ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify replacing with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team " where is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuableand important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig to verify the signature of the package, replacing with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from This email address is being protected from spambots. You need JavaScript enabled to view it. with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by This email address is being protected from spambots. You need JavaScript enabled to view it.), the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: This email address is being protected from spambots. You need JavaScript enabled to view it. - General Linux and SUSE securitydiscussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to . This email address is being protected from spambots. You need JavaScript enabled to view it. - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to . For general information or the frequently asked questions (FAQ), send mail to or . ==================================================================== SUSE's security contact is or . The public key is listed below. ==================================================================== . Critical update for SUSE to fix local privilege escalation issue in Vixie Cron. Ensure systems are protected now.. SUSE Update, Local Privilege Escalation, Vixie Cron Issue. . Severity: Important. LinuxSecurity.com Team

Calendar 2 May 31, 2006 Important SuSE
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorymoderatelocal privilege escalation

SuSE 7.1: 2001:17 Moderate: Cron Local Privilege Escalation

The previous advisory contained incorrect pathnames and MD5 information.. As a result of a package rebuild, the package for the SuSE-7.1 Intel i386 distribution is not available under the URL as listed below. The listed package was named "cron-3.0.1-297.i386.rpm". This package also fixed the mentioned problems with the package. We are resending this announcement with the correct pathnames and md5sums. Thank you for your understanding, Roman Drahtmüller. ______________________________________________________________________________ SuSE Security Announcement Package: cron-3.0.1-296 Announcement-ID: SuSE-SA:2001:17 (resent) Date: Tuesday, May 15th, 2001 15:30:00 CEST Affected SuSE versions: 7.1 Vulnerability Type: local privilege escalation Severity (1-10): 7 SuSE default package: yes Other affected systems: All UN*X systems using this package Content of this advisory: 1) security vulnerability resolved: crontab problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information The crontab program is running setuser-id root and invokes the editor specified in the EDITOR environment variable, usually vi. If crontab discovers that the format of the edited file is incorrect, it executes the editor again but fails to drop its root privileges before. Therefore it is possible to execute arbitrary commands as root. It has been fixed by properly dropping the privileges before executing the editor. This bug was found by Sebastian Krahmer. A possible temporary workaround is to remove the suid bit of the /usr/bin/crontab program: chmod -s /usr/bin/crontab. If you change the mode, you should also do so in the files /etc/permissions*. A permanent solution for the problem is to update the cron package from our ftp server. Download the update package from locations desribed below and install the package with the command `rpm -Uhv file.rpm'. The md5sum for each file is in the line below. You can verify the integrity of the rpm files using the command `rpm --checksig file.rpm', independently from the md5 signatures below. i386 Intel Platform: SuSE-7.1 606d2c5d67a851ce4e1907146a184cd4 source rpm: 57805850a0f4fcf8afa99326d3071fd0 Sparc Platform: SuSE-7.1 4db292d0276badc0ae58fd6aeaab64c0 source rpm: 16facdbbce03d43fa05d540b810d8636 AXP Alpha Platform: The SuSE-7.1 AXP-Alpha Edition does not suffer from this problem. PPC Power PC Platform: SuSE-7.1 589e8575bbbee29a07319f5c5ada9bcc source rpm: ff747e2aee85a53e3a30827b33383a7d ______________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: - The man program running setuser-id 'man' suffers from format string and bufferoverflow bugs. Updates are available on the ftp server at the usual location, the announcement will follow shortly. ______________________________________________________________________________ 3) standard appendix: SuSE runs two security mailing lists to which any interested party may subscribe: This email address is being protected from spambots. You need JavaScript enabled to view it. - general/linux/SuSE security discussion. All SuSE security announcements are sent to this list. To subscribe, send an email to . This email address is being protected from spambots. You need JavaScript enabled to view it. - SuSE's announce-only mailing list. Only SuSE's security annoucements are sent to this list. To subscribe, send an email to . For general information or the frequently asked questions (faq) send mail to: or respectively. ============================================== SuSE's security contact is . ============================================== Regards, Sebastian Krahmer ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. SuSE GmbH makes no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048/3D25D3D9 1999/03/06 SuSE Security Team - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3i mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12Cg==pIeS - -----END PGP PUBLIC KEY BLOCK----- . SuSE-7.1 announcement concerning the cron toolemphasizing notable local privilege escalation flaws along with crucial update instructions.. SuSE Security,Cron Update,Privilege Escalation Fix,Security Patch. . Severity: Important. LinuxSecurity.com Team

Calendar 2 May 15, 2001 Important SuSE
Banner 3 1028x280 1708121785 1771599793
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here