Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 0 articles for you...
87
Ls Advisories Debian Esm H240
Price Tag 1security advisoryupdateprivilege escalation

Debian Bookworm DSA-5805-1: Guix Privilege Escalation Risk

It was discovered that the daemon of the GNU Guix functional package manager was susceptible to privilege escalation. For additional information please refer to https://guix.gnu.org/en/blog/2024/build-user-takeover-vulnerability/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5805-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff November 08, 2024 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : guix CVE ID : not yet available It was discovered that the daemon of the GNU Guix functional package manager was susceptible to privilege escalation. For additional information please refer to https://guix.gnu.org/en/blog/2024/build-user-takeover-vulnerability/ For the stable distribution (bookworm), this problem has been fixed in version 1.4.0-3+deb12u2. We recommend that you upgrade your guix packages. For the detailed security status of guix please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/guix Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian security announcement DSA-5806-1 includes critical information on a Guix escalation flaw and outlines necessary remediation steps.. Guix Security Updates, Debian Package Configurations, Privilege Escalation Fix. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Nov 08, 2024 Important Debian
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorymoderate severitydaemon issue

SUSE: 2020:2712-1 Moderate: Openldap2 Daemon Path Issue

An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2712-1 Rating: moderate References: #1175568 Cross-References: CVE-2020-8027 Affected Products: SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Linux Enterprise Module for Legacy Software 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openldap2 fixes the following issues: - CVE-2020-8027: openldap_update_modules_path.sh starts daemons unconditionally and uses fixed paths in /tmp (bsc#1175568). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-2712=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-2712=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2712=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2712=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2712=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2712=1 Package List: - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): openldap2-back-meta-2.4.46-9.37.1 openldap2-back-meta-debuginfo-2.4.46-9.37.1 openldap2-back-perl-2.4.46-9.37.1 openldap2-back-perl-debuginfo-2.4.46-9.37.1 openldap2-debuginfo-2.4.46-9.37.1 openldap2-debugsource-2.4.46-9.37.1 openldap2-ppolicy-check-password-1.2-9.37.1 openldap2-ppolicy-check-password-debuginfo-1.2-9.37.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): openldap2-2.4.46-9.37.1 openldap2-back-meta-2.4.46-9.37.1 openldap2-back-meta-debuginfo-2.4.46-9.37.1 openldap2-back-perl-2.4.46-9.37.1 openldap2-back-perl-debuginfo-2.4.46-9.37.1 openldap2-debuginfo-2.4.46-9.37.1 openldap2-debugsource-2.4.46-9.37.1 openldap2-ppolicy-check-password-1.2-9.37.1 openldap2-ppolicy-check-password-debuginfo-1.2-9.37.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64): openldap2-debugsource-2.4.46-9.37.1 openldap2-devel-32bit-2.4.46-9.37.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (x86_64): openldap2-debugsource-2.4.46-9.37.1 openldap2-devel-32bit-2.4.46-9.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.46-9.37.1 libldap-2_4-2-debuginfo-2.4.46-9.37.1 openldap2-client-2.4.46-9.37.1 openldap2-client-debuginfo-2.4.46-9.37.1 openldap2-debugsource-2.4.46-9.37.1 openldap2-devel-2.4.46-9.37.1 openldap2-devel-static-2.4.46-9.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libldap-2_4-2-32bit-2.4.46-9.37.1 libldap-2_4-2-32bit-debuginfo-2.4.46-9.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): libldap-data-2.4.46-9.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.46-9.37.1 libldap-2_4-2-debuginfo-2.4.46-9.37.1 openldap2-client-2.4.46-9.37.1 openldap2-client-debuginfo-2.4.46-9.37.1 openldap2-debuginfo-2.4.46-9.37.1 openldap2-debugsource-2.4.46-9.37.1 openldap2-devel-2.4.46-9.37.1 openldap2-devel-static-2.4.46-9.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): libldap-data-2.4.46-9.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libldap-2_4-2-32bit-2.4.46-9.37.1 libldap-2_4-2-32bit-debuginfo-2.4.46-9.37.1 References: https://www.suse.com/security/cve/CVE-2020-8027.html https://bugzilla.suse.com/1175568 _______________________________________________ sle-security-updates mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. http://lists.suse.com/mailman/listinfo/sle-security-updates . SUSE Security Update pertaining to openldap2: rectify a moderate risk vulnerability along with installation guidelines available here.. SUSE Security Update, openldap2 patch, moderate severity fix, Legacy Software Update. . LinuxSecurity.com Team

Calendar 2 Sep 22, 2020 SuSE
Banner 4 1028x280 1708121825 1771600306
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisoryDebianlocal access

Debian 8: DLA-1827-1 Critical: gvfs Local Access Threat

Simon McVittie discovered a flaw in gvfs, the Gnome Virtual File System. The gvfsd daemon opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. . Package : gvfs Version : 1.22.2-1+deb8u1 CVE ID : CVE-2019-12795 Debian Bug : 930376 Simon McVittie discovered a flaw in gvfs, the Gnome Virtual File System. The gvfsd daemon opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.) For Debian 8 "Jessie", this problem has been fixed in version 1.22.2-1+deb8u1. We recommend that you upgrade your gvfs packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Enhance your gvfs installations to address the local accessibility concern identified by Simon McVittie.. Gnome Virtual File System, D-Bus Socket Security, Debian LTS Update. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jun 19, 2019 Critical Debian LTS
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorymoderatesecurity issue

SUSE: 2018:2468-1 Moderate: libcgroup Log Permission Issue

An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for libcgroup ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2468-1 Rating: moderate References: #1100365 Cross-References: CVE-2018-14348 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libcgroup fixes the following issues: Security issue fixed: - CVE-2018-14348: Fix daemon that creates /var/log/cgred with mode 0666 (bsc#1100365). This updates also sets the permissions of already existing log files to proper values. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1732=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1732=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1732=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libcgroup-debugsource-0.41.rc1-10.9.1 libcgroup-devel-0.41.rc1-10.9.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libcgroup-debugsource-0.41.rc1-10.9.1 libcgroup-tools-0.41.rc1-10.9.1 libcgroup-tools-debuginfo-0.41.rc1-10.9.1 libcgroup1-0.41.rc1-10.9.1 libcgroup1-debuginfo-0.41.rc1-10.9.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libcgroup-debugsource-0.41.rc1-10.9.1 libcgroup1-0.41.rc1-10.9.1 libcgroup1-debuginfo-0.41.rc1-10.9.1 References: https://www.suse.com/security/cve/CVE-2018-14348.html https://bugzilla.suse.com/1100365 . Ubuntu Security Notice regarding libcgroup mitigates risk related to log access permissions. Remediate CVE-2021-34527 promptly.. SUSE Linux libcgroup update, moderate risk, log permissions, security patch. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Aug 21, 2018 Important SuSE
Banner 4 1028x280 1708121825 1771600306
200
Ls Advisories Scientific Esm H240
Price Tag 1security advisorymoderateservice update

Scientific Linux 5: SLSA-2014:1671-1 Moderate: Rsyslog Daemon Crash Risk

Moderate: rsyslog5 and rsyslog security update. Date: Wed, 22 Oct 2014 17:05:07 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Moderate: rsyslog5 and rsyslog on SL5.x, SL6.x i386/x86_64 MIME-Version: 1.0 Synopsis: Moderate: rsyslog5 and rsyslog security update Advisory ID: SLSA-2014:1671-1 Issue Date: 2014-10-20 CVE Numbers: CVE-2014-3634 -- A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon. (CVE-2014-3634) After installing the update, the rsyslog service will be restarted automatically. -- SL5 x86_64 rsyslog5-5.8.12-5.el5_11.x86_64.rpm rsyslog5-debuginfo-5.8.12-5.el5_11.x86_64.rpm rsyslog5-gnutls-5.8.12-5.el5_11.x86_64.rpm rsyslog5-gssapi-5.8.12-5.el5_11.x86_64.rpm rsyslog5-mysql-5.8.12-5.el5_11.x86_64.rpm rsyslog5-pgsql-5.8.12-5.el5_11.x86_64.rpm rsyslog5-snmp-5.8.12-5.el5_11.x86_64.rpm i386 rsyslog5-5.8.12-5.el5_11.i386.rpm rsyslog5-debuginfo-5.8.12-5.el5_11.i386.rpm rsyslog5-gnutls-5.8.12-5.el5_11.i386.rpm rsyslog5-gssapi-5.8.12-5.el5_11.i386.rpm rsyslog5-mysql-5.8.12-5.el5_11.i386.rpm rsyslog5-pgsql-5.8.12-5.el5_11.i386.rpm rsyslog5-snmp-5.8.12-5.el5_11.i386.rpm SL6 x86_64 rsyslog-5.8.10-9.el6_6.x86_64.rpm rsyslog-debuginfo-5.8.10-9.el6_6.x86_64.rpm rsyslog-gnutls-5.8.10-9.el6_6.x86_64.rpm rsyslog-gssapi-5.8.10-9.el6_6.x86_64.rpm rsyslog-relp-5.8.10-9.el6_6.x86_64.rpm rsyslog-mysql-5.8.10-9.el6_6.x86_64.rpm rsyslog-pgsql-5.8.10-9.el6_6.x86_64.rpm rsyslog-snmp-5.8.10-9.el6_6.x86_64.rpm i386 rsyslog-5.8.10-9.el6_6.i686.rpm rsyslog-debuginfo-5.8.10-9.el6_6.i686.rpm rsyslog-gnutls-5.8.10-9.el6_6.i686.rpm rsyslog-gssapi-5.8.10-9.el6_6.i686.rpm rsyslog-relp-5.8.10-9.el6_6.i686.rpm rsyslog-mysql-5.8.10-9.el6_6.i686.rpm rsyslog-pgsql-5.8.10-9.el6_6.i686.rpm rsyslog-snmp-5.8.10-9.el6_6.i686.rpm - ScientificLinux Development Team . The recent security patch for Rsyslog5 rectifies vulnerabilities that could lead to system crashes in Scientific Linux due to priority issues. Learn more about it.. rsyslog security, scientific linux update, rsyslog daemon issue, moderate security advisory. . LinuxSecurity.com Team

Calendar 2 Oct 22, 2014 Scientific Linux
200
Ls Advisories Scientific Esm H240
Price Tag 1security advisorylocal attackarbitrary commands

Scientific Linux 5: CVE-2007-5208 Critical Hplip Security Update

Important: hplip security update. Date: Wed, 10 Oct 2007 16:00:15 -0500 Reply-To: Connie Sieh Sender: Security Errata for Scientific Linux From: Connie Sieh Subject: FASTBUGS for SL50 x86_64 now available Comments: To: scientific These are available from -ConnieSieh ----------------------------------------------------------------------- cluster-cim-0.9.2-6.el5.x86_64.rpm cluster-snmp-0.9.2-6.el5.x86_64.rpm cman-2.0.64-1.0.1.el5.x86_64.rpm cman-debuginfo-2.0.64-1.el5.x86_64.rpm cman-devel-2.0.64-1.0.1.el5.i386.rpm cman-devel-2.0.64-1.0.1.el5.x86_64.rpm conman-0.1.9.2-8.el5.x86_64.rpm cracklib-2.8.9-3.3.i386.rpm cracklib-2.8.9-3.3.x86_64.rpm cracklib-dicts-2.8.9-3.3.x86_64.rpm enscript-1.6.4-4.1.el5.x86_64.rpm fetchmail-6.3.6-1.1.el5.x86_64.rpm finch-2.0.2-3.el5.x86_64.rpm finch-devel-2.0.2-3.el5.x86_64.rpm fonts-chinese-3.02-9.9.el5.noarch.rpm gfs-utils-0.1.11-3.el5.x86_64.rpm hardlink-1.0-1.27.x86_64.rpm libpurple-2.0.2-3.el5.x86_64.rpm libpurple-devel-2.0.2-3.el5.x86_64.rpm libpurple-perl-2.0.2-3.el5.x86_64.rpm libpurple-tcl-2.0.2-3.el5.x86_64.rpm luci-0.9.2-6.el5.x86_64.rpm man-pages-2.39-10.el5.noarch.rpm man-pages-ja-20060815-5.noarch.rpm mc-4.6.1a-35.el5.x86_64.rpm meanwhile-1.0.2-5.el5.x86_64.rpm meanwhile-devel-1.0.2-5.el5.x86_64.rpm meanwhile-doc-1.0.2-5.el5.x86_64.rpm mod_auth_kerb-5.1-3.el5.x86_64.rpm mod_authz_ldap-0.26-8.el5.x86_64.rpm modcluster-0.9.2-6.el5.x86_64.rpm nspr-4.6.5-1.0.1.el5.i386.rpm nspr-4.6.5-1.0.1.el5.x86_64.rpm nspr-devel-4.6.5-1.0.1.el5.i386.rpm nspr-devel-4.6.5-1.0.1.el5.x86_64.rpm perl-TimeDate-1.16-5.el5.noarch.rpm pidgin-2.0.2-3.el5.x86_64.rpm pidgin-devel-2.0.2-3.el5.x86_64.rpm pidgin-perl-2.0.2-3.el5.x86_64.rpm prelink-0.3.9-2.1.x86_64.rpm redhat-rpm-config-8.0.45-17.0.1.el5.noarch.rpm rgmanager-2.0.24-1.el5.x86_64.rpm rhpxl-0.41.1-1.el5.x86_64.rpm ricci-0.9.2-6.el5.x86_64.rpm sos-1.5-1.el5.noarch.rpm sysreport-1.4.3-12.el5.noarch.rpm system-config-cluster-1.0.39-1.0.1.noarch.rpm system-config-kdump-1.0.10-1.el5.noarch.rpm tzdata-2007h-1.el5.noarch.rpm xterm-215-5.el5.x86_64.rpm yum-rhn-plugin-0.4.3-2.el5.noarch.rpm Date: Thu, 18 Oct 2007 16:40:48 -0500 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA for on SL5.x i386/x86_64 Comments: To:This email address is being protected from spambots. You need JavaScript enabled to view it. Synopsis: Important: hplip security update Issue date: 2007-10-11 CVE Names: CVE-2007-5208 Kees Cook discovered a flaw in the way the hplip hpssd daemon handled user input. A local attacker could send a specially crafted request to the hpssd daemon, possibly allowing them to run arbitrary commands as the root user. (CVE-2007-5208). On Scientific Linux 5, the SELinux targeted policy for hpssd which is enabled by default, blocks the ability to exploit this issue to run arbitrary code. SL 5.x SRPMS: hpijs-1.6.7-4.1.el5.3.src.rpm i386: hpijs-1.6.7-4.1.el5.3.i386.rpm hplip-1.6.7-4.1.el5.3.i386.rpm libsane-hpaio-1.6.7-4.1.el5.3.i386.rpm x86_64: hpijs-1.6.7-4.1.el5.3.x86_64.rpm hplip-1.6.7-4.1.el5.3.x86_64.rpm libsane-hpaio-1.6.7-4.1.el5.3.x86_64.rpm -Connie Sieh -Troy Dawson . Crucial hplip security patch released for Scientific Linux 5 aimed at mitigating potential command execution risks from local users.. Hplip Security, Scientific Linux Update, Local Attack Prevention, Daemon Vulnerability. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Oct 18, 2007 Critical Scientific Linux
Banner 4 1028x280 1708121825 1771600306
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorycommand executionsecurity fix

Red Hat: RHSA-2007:0960-01 Important: hplip Command Execution Issue

An updated hplip package to correct a security flaw is now available for Red Hat Enterprise Linux 5. Kees Cook discovered a flaw in the way the hplip hpssd daemon handled user input. A local attacker could send a specially crafted request to the hpssd daemon, possibly allowing them to run arbitrary commands as the root user. This update has been rated as having important security impact by the Red Hat Security Response Team.. - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: hplip security update Advisory ID: RHSA-2007:0960-01 Advisory URL: https://access.redhat.com/errata/RHSA-2007:0960.html Issue date: 2007-10-11 Updated on: 2007-10-11 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-5208 - ---------------------------------------------------------------------1. Summary: An updated hplip package to correct a security flaw is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, x86_64 3. Problem description: The hplip (Hewlett-Packard Linux Imaging and Printing Project) package provides drivers for HP printers and multi-function peripherals. Kees Cook discovered a flaw in the way the hplip hpssd daemon handled user input. A local attacker could send a specially crafted request to the hpssd daemon, possibly allowing them to run arbitrary commands as the root user. (CVE-2007-5208). On Red Hat Enterprise Linux 5, the SELinux targeted policy for hpssd which is enabled by default, blocks the ability to exploit this issue to run arbitrary code. Users of hplip are advised to upgrade to this updated package, which contains backported patches to resolve this issue. 4.Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bug IDs fixed (http://bugzilla.redhat.com/): 319921 - CVE-2007-5208 hplip arbitrary command execution 6. RPMs required: Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: c5f2b2ce887ac95075ba475d45baac01 hplip-1.6.7-4.1.el5_0.3.src.rpm i386: 4be2c867b1246aeed68d0844596d787c hpijs-1.6.7-4.1.el5_0.3.i386.rpm 7afd906783f52fe1fa197fc1f3856715 hplip-1.6.7-4.1.el5_0.3.i386.rpm 5742b8afde9f3b3cb0d55c2921ba2e9a hplip-debuginfo-1.6.7-4.1.el5_0.3.i386.rpm da6f95abff9164ef5bae0047158c15b0 libsane-hpaio-1.6.7-4.1.el5_0.3.i386.rpm x86_64: 747e4df638df0a43104e0836d229d079 hpijs-1.6.7-4.1.el5_0.3.x86_64.rpm a9eef76431a904c7bc8f306e133e496f hplip-1.6.7-4.1.el5_0.3.x86_64.rpm 1bbd3357075d96b2ed3d6126a7714032 hplip-debuginfo-1.6.7-4.1.el5_0.3.x86_64.rpm 2b58cb4d8adf686133f691888887cbbf libsane-hpaio-1.6.7-4.1.el5_0.3.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: c5f2b2ce887ac95075ba475d45baac01 hplip-1.6.7-4.1.el5_0.3.src.rpm i386: 4be2c867b1246aeed68d0844596d787c hpijs-1.6.7-4.1.el5_0.3.i386.rpm 7afd906783f52fe1fa197fc1f3856715 hplip-1.6.7-4.1.el5_0.3.i386.rpm 5742b8afde9f3b3cb0d55c2921ba2e9a hplip-debuginfo-1.6.7-4.1.el5_0.3.i386.rpm da6f95abff9164ef5bae0047158c15b0 libsane-hpaio-1.6.7-4.1.el5_0.3.i386.rpm ia64: 7cf2ec0558c04de7ee684bb67315a752 hpijs-1.6.7-4.1.el5_0.3.ia64.rpm f43e3af12f7377c05bf629b6a893ba1d hplip-1.6.7-4.1.el5_0.3.ia64.rpm 93f88c75d678539ee3a1efdffee5b8eb hplip-debuginfo-1.6.7-4.1.el5_0.3.ia64.rpm d40d9655bbb0774cae895de6fd93c63e libsane-hpaio-1.6.7-4.1.el5_0.3.ia64.rpm ppc: 4ca6e4a9d3f6abf3d990af0eff16e602 hpijs-1.6.7-4.1.el5_0.3.ppc.rpm a9793da0ce6476abccdb932bc28807c4 hplip-1.6.7-4.1.el5_0.3.ppc.rpm b9d06b0bffd5a93252120da08a2691fc hplip-debuginfo-1.6.7-4.1.el5_0.3.ppc.rpm d4713ab787b5f3fa636a6a6dc2a27caf libsane-hpaio-1.6.7-4.1.el5_0.3.ppc.rpm x86_64: 747e4df638df0a43104e0836d229d079 hpijs-1.6.7-4.1.el5_0.3.x86_64.rpm a9eef76431a904c7bc8f306e133e496f hplip-1.6.7-4.1.el5_0.3.x86_64.rpm 1bbd3357075d96b2ed3d6126a7714032 hplip-debuginfo-1.6.7-4.1.el5_0.3.x86_64.rpm 2b58cb4d8adf686133f691888887cbbf libsane-hpaio-1.6.7-4.1.el5_0.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CVE-2007-5208 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. . To address a critical command execution vulnerability, updating the HPLIP package on Red Hat Enterprise Linux 5 is crucial for system security and integrity. hplip update, command execution flaw, red hat advisory. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Oct 11, 2007 Important Red Hat
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorysoftware updateipsec-tools

SUSE 9.x Advisory: 2005-020 Moderate: Racoon Remote DoS Issue

Racoon is a ISAKMP key management daemon used in IPsec setups. Racoon is a ISAKMP key management daemon used in IPsec setups. Sebastian Krahmer of the SUSE Security Team audited the daemon and found that it handles certain ISAKMP messages in a slightly wrong way, so that remote attackers can crash it via malformed ISAKMP packages.This update fixes this problem.. -----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SUSE Security Announcement Package: ipsec-tools Announcement-ID: SUSE-SA:2005:020 Date: Thu, 31 Mar 2005 13:00:00 +0000 Affected products: 9.1, 9.2 SUSE Linux Enterprise Server 9 Novell Linux Desktop 9 Vulnerability Type: remote denial of service Severity (1-10): 6 SUSE default package: no Cross References: CAN-2005-0398 Content of this advisory: 1) security vulnerability resolved: security problems in racoon problem description 2) solution/workaround 3) special instructions and notes 4) package location and checksums 5) pending vulnerabilities, solutions, workarounds: none 6) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion Racoon is a ISAKMP key management daemon used in IPsec setups. Sebastian Krahmer of the SUSE Security Team audited the daemon and found that it handles certain ISAKMP messages in a slightly wrong way, so that remote attackers can crash it via malformed ISAKMP packages. This update fixes this problem. This is tracked by the Mitre CVE ID CAN-2005-0398. 2) solution/workaround None. Please install the updated packages. 3) special instructions and notes Pleaserestart the ipsec daemon, by running as root: /usr/sbin/rcracoon try-restart 4) package location and checksums Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command "rpm -Fhv file.rpm" to apply the update. Our maintenance customers are being notified individually. The packages are being offered to install from the maintenance web. x86 Platform: SUSE Linux 9.2: 396fbabba87d4da66d0a5a8bf004061a SUSE Linux 9.1: a2b518867110fcb0a386472d0cfc76d7 source rpm(s): 177a7c30baeba235ae6feeb89c962153 x86-64 Platform: SUSE Linux 9.2: a4182f836f5c4af6b2fb57da4c57c134 source rpm(s): 7f396a2b8bfb0f99f9dede830e9ba168 SUSE Linux 9.1: fd1eb56dcad51c50944bb3a10ee3f23b source rpm(s): a2a311f0e24759afa7ba3412631cf83a ______________________________________________________________________________ 5) Pending vulnerabilities in SUSE Distributions and Workarounds: none ______________________________________________________________________________ 6) standard appendix: authenticity verification, additional information - Package authenticity verification: SUSE update packages are available on many mirror ftp servers all over the world. While this service is being considered valuable and important to the free and open source software community, many users wish to be sure about the origin of the package and its content before installing the package. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or rpm package: 1) md5sums as provided in the (cryptographically signed) announcement. 2) using the internal gpg signatures of the rpm package. 1) execute the command md5sum after you downloadedthe file from a SUSE ftp server or its mirrors. Then, compare the resulting md5sum with the one that is listed in the announcement. Since the announcement containing the checksums is cryptographically signed (usually using the key This email address is being protected from spambots. You need JavaScript enabled to view it.), the checksums show proof of the authenticity of the package. We disrecommend to subscribe to security lists which cause the email message containing the announcement to be modified so that the signature does not match after transport through the mailing list software. Downsides: You must be able to verify the authenticity of the announcement in the first place. If RPM packages are being rebuilt and a new version of a package is published on the ftp server, all md5 sums for the files are useless. 2) rpm package signatures provide an easy way to verify the authenticity of an rpm package. Use the command rpm -v --checksig to verify the signature of the package, where is the filename of the rpm package that you have downloaded. Of course, package authenticity verification can only target an un-installed rpm package file. Prerequisites: a) gpg is installed b) The package is signed using a certain key. The public part of this key must be installed by the gpg program in the directory ~/.gnupg/ under the user's home directory who performs the signature verification (usually root). You can import the key that is used by SUSE in rpm packages for SUSE Linux by saving this announcement to a file ("announcement.txt") and running the command (do "su -" to be root): gpg --batch; gpg < announcement.txt | gpg --import SUSE Linux distributions version 7.1 and thereafter install the key "build@suse.de" upon installation or upgrade, provided that the package gpg is installed. The file containing the public key is placed at the top-level directory of the first CD (pubring.gpg) and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de . - SUSE runs two security mailing lists to which any interested party may subscribe: suse-security@suse.com - general/linux/SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an email to . suse-security-announce@suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an email to . For general information or the frequently asked questions (faq) send mail to: or respectively. ==================================================================== SUSE's security contact is or . @suse.de> . The public key is listed below. ==================================================================== . Urgent notice for SUSE ipsec-tools regarding a significant remote denial of service vulnerability in the Racoon daemon. Immediate action is required to protect your systems.. Racoon Update, SUSE Security, ipsec-tools Patch, Remote DoS Fix. . LinuxSecurity.com Team

Calendar 2 Mar 31, 2005 SuSE
Banner 4 1028x280 1708121825 1771600306
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here