Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
89
security advisoryfedorasoftware updateFedora 32: FEDORA-2020-8560db8779 Moderate: Cacti CSRF Issues
- Update to 1.2.12 Release notes: . --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-8560db8779 2020-06-05 02:28:39.634538 --------------------------------------------------------------------------------Name : cacti Product : Fedora 32 Version : 1.2.12 Release : 1.fc32 URL : Summary : An rrd based graphing tool Description : Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. --------------------------------------------------------------------------------Update Information: - Update to 1.2.12 Release notes: --------------------------------------------------------------------------------ChangeLog: * Wed May 27 2020 Morten Stevens - 1.2.12-1 - Update to 1.2.12 --------------------------------------------------------------------------------References: [ 1 ] Bug #1830785 - cacti-1.2.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=1830785 [ 2 ] Bug #1840312 - CVE-2020-13231 cacti: CSRF at admin email [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1840312 [ 3 ] Bug #1840317 - CVE-2020-13230 cacti: improper access control on disabling a user [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1840317 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-8560db8779' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jun 04, 2020
Fedora
98
security advisoryred hatimportant updateRedHat Critical Advisory RHSA-2019-2483-01 on Single Sign-On Issue
A security update is now available for Red Hat Single Sign-On 7.3 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Single Sign-On 7.3.3 security update Advisory ID: RHSA-2019:2483-01 Product: Red Hat Single Sign-On Advisory URL: https://access.redhat.com/errata/RHSA-2019:2483 Issue date: 2019-08-13 CVE Names: CVE-2019-10199 CVE-2019-10201 ==================================================================== 1. Summary: A security update is now available for Red Hat Single Sign-On 7.3 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.3 serves as a replacement for Red Hat Single Sign-On 7.3.2, and includes bug fixes and enhancements, which are documented in the Release Notes, linked to in the References section. Security Fix(es): * keycloak: SAML broker does not check existence of signature on document allowing any user impersonation (CVE-2019-10201) * keycloak: CSRF check missing in My Resources functionality in the Account Console (CVE-2019-10199) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update,back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1728609 - CVE-2019-10201 keycloak: SAML broker does not check existence of signature on document allowing any user impersonation 1729261 - CVE-2019-10199 keycloak: CSRF check missing in My Resources functionality in the Account Console 5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): KEYCLOAK-10286 - (7.3.z) Change to new Red Hat logo in RH-SSO admin UI KEYCLOAK-10398 - (7.3.z) Update Red Hat logo in RH-SSO documentation 6. References: https://access.redhat.com/security/cve/CVE-2019-10199 https://access.redhat.com/security/cve/CVE-2019-10201 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso&downloadType=securityPatches&version=7.3 https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/ 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXVMdVtzjgjWX9erEAQhavA/9GR3oVgLlsv/TREYzI8bXp2VIHciFIlyq kSCpEGJRCf+tPeWsn97fOAmHaQFYraU59QtTBeBXusfJ4g2fxhhWJUaaJFhNgi1+ BYvV+EtEziw1S0KtdRMa9LerUNBl058WfykeAn2PVpq7Fl1iDoQNV0Fj5FaiHV0d 2KyUjrKDIBrc5L+JOLa87j62snEhBwX861EA1+BfncRRzFNgoiOlC7Lhy7FswljB v0sklAgsYet/2c/w4C4AhNFfsIqbOGP5rAR5PoqNL8Ahw+pF0sRzK0V24ZMIIUSO 7ISvqVihZ8bK3aOApDOHuhMCajSMeXM5Jgh2iaoLn/3UQW77N3Sod9Mmi0UmQMmY 95Akr2mXtO5rSPMOyEtjo4WJ4/Yp6Y/im6J2VToNFfSBaxp5l7sajU1et4X6RPfR a5ij5kRmuu8RLC1/R8W/PNnf/dB59U95+Ts37ROkLHz/ItJSNAI2rgZlLddocxeZ XNOGYIQxlfY9puvvfIO3bD1wsBPqpTi8aQnCNd/3Ajfjb8wNLd9egbGS1SYQ2oA7 oq19PEqdXcOkSxt3df8I4d5cmss98eXN7zuq3djAxxFBTx8H9DCwiRvM36UV/yHN tfzOBo69G6s9OMMg6YvXlUzysWs4ROAmQKSsVztnqGlj6MDpppXFPIAEJKAC1OaU Zb4HEN78/uQ=OyPB -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 13, 2019
•Important
Red Hat
89
security advisoryfedorasecurity fixFedora 22: 2016-e1fe01e96e Critical: phpMyAdmin XSS and CSRF Fixes
phpMyAdmin 4.5.4 (2016-01-28) big sets is not working - Table list not saved in db QBE bookmarked search - While 'changing a column', query fails with a syntax error after the 'CHARSET=' keyword - Avoid syntax error in javascript messages on invalid PHP setting for max_input_vars - Properly handle errors in upacking zip archive - Set PHP's. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-e1fe01e96e 2016-02-01 02:27:04.519021 -------------------------------------------------------------------------------- Name : phpMyAdmin Product : Fedora 22 Version : 4.5.4 Release : 1.fc22 URL : https://www.phpmyadmin.net/ Summary : Handle the administration of MySQL over the World Wide Web Description : phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface (managing databases, tables, fields, relations, indexes, users, permissions), while you still have the ability to directly execute any SQL statement. Features include an intuitive web interface, support for most MySQL features (browse and drop databases, tables, views, fields and indexes, create, copy, drop, rename and alter databases, tables, fields and indexes, maintenance server, databases and tables, with proposals on server configuration, execute, edit and bookmark any SQL-statement, even batch-queries, manage MySQL usersand privileges, manage stored procedures and triggers), import data from CSV and SQL, export data to various formats: CSV, SQL, XML, PDF, OpenDocument Text and Spreadsheet, Word, Excel, LATEX and others, administering multiple servers, creating PDF graphics of your database layout, creating complex queries using Query-by-example (QBE), searching globally in a database or a subset of it, transforming stored data into any format using a set of predefined functions, like displaying BLOB-data as image or download-link and muchmore... -------------------------------------------------------------------------------- Update Information: phpMyAdmin 4.5.4 (2016-01-28) ============================= - live data edit of big sets is not working - Table list not saved in db QBE bookmarked search - While 'changing a column', query fails with a syntax error after the 'CHARSET=' keyword - Avoid syntax error in javascript messages on invalid PHP setting for max_input_vars - Properly handle errors in upacking zip archive - Set PHP's internal encoding to UTF-8 - Fixed Kanji encoding in some specific cases - Check whether iconv works before using it - Avoid conversion of MySQL error messages - Undefined index: parameters - Undefined index: field_name_orig - Undefined index: host - 'Add to central columns' (per column button) does nothing - SQL duplicate entry error trying to INSERT in designer_settings table - Fix handling of databases with dot in a name - Fix hiding of page content behind menu - FROM clause not generated after loading search bookmark - Fix creating/editing VIEW with DEFINER containing special chars - Do not invoke FLUSH PRIVILEGES when server in --skip-grant-tables - Misleading message for configuration storage - Table pagination does nothing when session expired - Index comments not working properly - Better handle local storage errors - Improve detection of privileges for privilege adjusting - Undefined property: stdClass::$releases at version check when disabled in config - SQL comment and variable stripped from bookmark on save - Gracefully handle errors in regex based javascript search - [Security] Multiple full path disclosure vulnerabilities, see PMASA-2016-1 - [Security] Unsafe generation of CSRF token, see PMASA-2016-2 - [Security] Multiple XSS vulnerabilities, see PMASA-2016-3 - [Security] Insecure password generation in JavaScript, see PMASA-2016-4 - [Security] Unsafe comparison of CSRF token, see PMASA-2016-5 - [Security] Multiple full path disclosure vulnerabilities, see PMASA-2016-6 - [Security] XSS vulnerability innormalization page, see PMASA-2016-7 - [Security] Full path disclosure vulnerability in SQL parser, see PMASA-2016-8 - [Security] XSS vulnerability in SQL editor, see PMASA-2016-9 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1302676 - CVE-2016-2038 phpMyAdmin: Multiple full path disclosure vulnerabilities (PMASA-2016-1) https://bugzilla.redhat.com/show_bug.cgi?id=1302676 [ 2 ] Bug #1302677 - CVE-2016-2039 phpMyAdmin: Unsafe generation of XSRF/CSRF token (PMASA-2016-2) https://bugzilla.redhat.com/show_bug.cgi?id=1302677 [ 3 ] Bug #1302679 - CVE-2016-2040 phpMyAdmin: Multiple XSS vulnerabilities (PMASA-2016-3) https://bugzilla.redhat.com/show_bug.cgi?id=1302679 [ 4 ] Bug #1302680 - CVE-2016-1927 phpMyAdmin: Insecure password generation in JavaScript (PMASA-2016-4) https://bugzilla.redhat.com/show_bug.cgi?id=1302680 [ 5 ] Bug #1302681 - CVE-2016-2041 phpMyAdmin: Unsafe comparison of XSRF/CSRF token (PMASA-2016-5) https://bugzilla.redhat.com/show_bug.cgi?id=1302681 [ 6 ] Bug #1302682 - CVE-2016-2042 phpMyAdmin: Multiple full path disclosure vulnerabilities (PMASA-2016-6) https://bugzilla.redhat.com/show_bug.cgi?id=1302682 [ 7 ] Bug #1302684 - CVE-2016-2043 phpMyAdmin: XSS vulnerability in normalization page (PMASA-2016-7) https://bugzilla.redhat.com/show_bug.cgi?id=1302684 [ 8 ] Bug #1302685 - CVE-2016-2044 phpMyAdmin: Full path disclosure vulnerability in SQL parser (PMASA-2016-8) https://bugzilla.redhat.com/show_bug.cgi?id=1302685 [ 9 ] Bug #1302686 - CVE-2016-2045 phpMyAdmin: XSS vulnerability in SQL editor (PMASA-2016-9) https://bugzilla.redhat.com/show_bug.cgi?id=1302686 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update phpMyAdmin' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signedwith the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Feb 01, 2016
•Critical
Fedora
89
security advisorysecurity updatefedoraFedora: php-horde-horde Security Advisory for CSRF Issues
**horde 5.2.8** * [mjr] SECURITY: Protect against CSRF attacks on various admin pages. * [jan] Don't apply access keys to checkbox and radiobox rows in the sidebar (Bug #14103). * [jan] Send correct MIME type for non-statically cached javascript files. * [mjr] Added configuration support for version 2 of WorldWeatherOnline's API. **ingo 3.2.7** * [jan] Update Italian. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-a381facfd9 2015-11-04 18:17:28.547625 -------------------------------------------------------------------------------- Name : php-horde-horde Product : Fedora 21 Version : 5.2.8 Release : 1.fc21 URL : https://www.horde.org/apps/horde Summary : Horde Application Framework Description : The Horde Application Framework is a flexible, modular, general-purpose web application framework written in PHP. It provides an extensive array of components that are targeted at the common problems and tasks involved in developing modern web applications. It is the basis for a large number of production-level web applications, notably the Horde Groupware suites. For more information on Horde or the Horde Groupware suites, visit https://www.horde.org/ -------------------------------------------------------------------------------- Update Information: **horde 5.2.8** * [mjr] SECURITY: Protect against CSRF attacks on various admin pages. * [jan] Don't apply access keys to checkbox and radiobox rows in the sidebar (Bug #14103). * [jan] Send correct MIME type for non-statically cached javascript files. * [mjr] Added configuration support for version 2 of WorldWeatherOnline's API. **ingo 3.2.7** * [jan] Update Italian translation. * [mjr] Add database migration for fixing corrupt rule ordering. * [mjr] Fix corruption of rule order when reordering rules in certain cases. **imp 6.2.11** * [mjr] Request that the contacts API only consider email fields when detecting duplicates during automatic saving of attendees tothe address book (Bug #14119). * [jan] Don't show 'Create Keys' button if creating PGP keys is disabled (
Nov 04, 2015
•Important
Fedora
89
security advisoryfedoraupdateFedora 21: Fix for Critical Ipython CSRF Issue 2015-11767 Now Available
Fix CSRF issue. - Fix font-awesome paths (bug #1219956) - Add upstream patch to fix PyQt4 import (bug #1219997) - Use python2 macros, fix python3 shebang fix Fix fontawesome path. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-11767 2015-07-17 23:29:35 -------------------------------------------------------------------------------- Name : ipython Product : Fedora 21 Version : 2.4.1 Release : 7.fc21 URL : https://ipython.org/ Summary : An enhanced interactive Python shell Description : IPython provides a replacement for the interactive Python interpreter with extra functionality. Main features: * Comprehensive object introspection. * Input history, persistent across sessions. * Caching of output results during a session with automatically generated references. * Readline based name completion. * Extensible system of 'magic' commands for controlling the environment and performing many tasks related either to IPython or the operating system. * Configuration system with easy switching between different setups (simpler than changing $PYTHONSTARTUP environment variables every time). * Session logging and reloading. * Extensible syntax processing for special purpose situations. * Access to the system shell with user-extensible alias system. * Easily embeddable in other Python programs. * Integrated access to the pdb debugger and the Python profiler. -------------------------------------------------------------------------------- Update Information: Fix CSRF issue. - Fix font-awesome paths (bug #1219956) - Add upstream patch to fix PyQt4 import (bug #1219997) - Use python2 macros, fix python3 shebang fix Fix fontawesome path -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 16 2015 Orion Poplawski - 2.4.1-7 - Update to 2.x to fix CSRF issue (bug #1243842) * Mon Jul 13 2015 Orion Poplawski - 2.4.1-6 - Fix fontawesome path * Sat May 92015 Orion Poplawski - 2.4.1-5 - Sync more font-awesome changes from 3.1.0 * Sat May 9 2015 Orion Poplawski - 2.4.1-4 - More font-awesome fixes (bug #1170270) * Fri May 8 2015 Orion Poplawski - 2.4.1-3 - Add upstream patch to fix PyQt4 import (bug #1219997) - Use python2 macros, fix python3 shebang fix * Fri May 8 2015 Orion Poplawski - 2.4.1-2 - Fix font-awesome paths (bug #1219956) * Thu Feb 26 2015 Orion Poplawski - 2.4.1-1 - update to 2.4.1 * Wed Feb 25 2015 Orion Poplawski - 2.4.0-1 - update to 2.4.0 * Fri Nov 14 2014 Orion Poplawski - 2.3.0-1 - update to 2.3.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1243842 - CVE-2015-5607 iptyhon: cross-site request forgery in get_origin() https://bugzilla.redhat.com/show_bug.cgi?id=1243842 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update ipython' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Jul 30, 2015
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!