Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
172
security advisorylocal privilege escalationUbuntuUbuntu 14.04 LTS: USN-2431-1 Moderate: mod_wsgi Local Privilege Escalation
mod_wsgi could be made to run programs with incorrect privileges.. =========================================================================Ubuntu Security Notice USN-2431-1 December 03, 2014 mod-wsgi vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: mod_wsgi could be made to run programs with incorrect privileges. Software Description: - mod-wsgi: Python WSGI adapter module for Apache Details: It was discovered that mod_wsgi incorrectly handled errors when setting up the working directory and group access rights. A malicious application could possibly use this issue to cause a local privilege escalation when using daemon mode. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: libapache2-mod-wsgi 3.5-1ubuntu0.1 libapache2-mod-wsgi-py3 3.5-1ubuntu0.1 Ubuntu 14.04 LTS: libapache2-mod-wsgi 3.4-4ubuntu2.1.14.04.2 libapache2-mod-wsgi-py3 3.4-4ubuntu2.1.14.04.2 Ubuntu 12.04 LTS: libapache2-mod-wsgi 3.3-4ubuntu0.2 libapache2-mod-wsgi-py3 3.3-4ubuntu0.2 After a standard system update you need to restart your web service to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-2431-1 CVE-2014-8583 Package Information: https://launchpad.net/ubuntu/+source/mod-wsgi/3.5-1ubuntu0.1 https://launchpad.net/ubuntu/+source/mod-wsgi/3.4-4ubuntu2.1.14.04.2 https://launchpad.net/ubuntu/+source/mod-wsgi/3.3-4ubuntu0.2 . Learn how to resolve the mod_wsgi security issue impacting various Ubuntu versions with comprehensive upgrade steps.. mod_wsgi Vulnerability, Ubuntu Security, Privilege Escalation. . Severity: Important. LinuxSecurity.com Team
Dec 03, 2014
•Important
Ubuntu
89
security advisorymoderatesecurity fixFedora Core: FEDORA-2004-269 Moderate: Rsync Path Sanitization Issue
This update backports a security fix to a path-sanitizing flaw that affects rsync when it is used in daemon mode without also using chroot.. CORE 2: Fedora Update Notification FEDORA-2004-269 2004-08-19 --------------------------------------------------------------------- Product : Fedora Core 2 Name : rsync Version : 2.6.2 Release : 1.fc2.0 Summary : A program for synchronizing files over a network. Description : Rsync uses a reliable algorithm to bring remote and host files into sync very quickly. Rsync is fast because it just sends the differences in the files over the network instead of sending the complete files. Rsync is often used as a very powerful mirroring process or just as a more capable replacement for the rcp command. A technical report which describes the rsync algorithm is included in this package. --------------------------------------------------------------------- Update Information: This update backports a security fix to a path-sanitizing flaw that affects rsync when it is used in daemon mode without also using chroot. For more information see rsync --------------------------------------------------------------------- * Thu Aug 19 2004 Jay Fenlason 2.6.2-1.fc2.0 - Backport fix for CAN-2004-0792 --------------------------------------------------------------------- This update can be downloaded from: d6ae9d1c6e5d18903911e1fdedd55a03 SRPMS/rsync-2.6.2-1.fc2.0.src.rpm f03bc05659c874cb39d4bab606dfaabf x86_64/rsync-2.6.2-1.fc2.0.x86_64.rpm 97f2ed68e7b3f7e0c5888b0aa8cd2088 x86_64/debug/rsync-debuginfo-2.6.2-1.fc2.0.x86_64.rpm 1dd097feb524de781f6ae9ecf74bcc3d i386/rsync-2.6.2-1.fc2.0.i386.rpm 38590683c5bca0a599fbc70a971c6b7e i386/debug/rsync-debuginfo-2.6.2-1.fc2.0.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- CORE 1: Fedora Update Notification FEDORA-2004-268 2004-08-19 --------------------------------------------------------------------- Product : Fedora Core 1 Name : rsync Version : 2.5.7 Release : 5.fc1.1 Summary : A program for synchronizing files over a network. Description : Rsync uses a reliable algorithm to bring remote and host files into sync very quickly. Rsync is fast because it just sends the differences in the files over the network instead of sending the complete files. Rsync is often used as a very powerful mirroring process or just as a more capable replacement for the rcp command. A technical report which describes the rsync algorithm is included in this package. --------------------------------------------------------------------- Update Information: This update backports a security fix to a path-sanitizing flaw that affects rsync when it is used in daemon mode without also using chroot. For more information see rsync --------------------------------------------------------------------- * Thu Aug 19 2004 Jay Fenlason 2.5.7-5.fc1.1 - Backport fix for CAN-2004-0792 --------------------------------------------------------------------- This update can be downloaded from: 01fb9ef513ef0d484efb1bd66e91ad69 SRPMS/rsync-2.5.7-5.fc1.1.src.rpm dd13aba3dc99efc30ecaa0eeb49f242e x86_64/rsync-2.5.7-5.fc1.1.x86_64.rpm d8963193e902465e632e0ed993e92f82 x86_64/debug/rsync-debuginfo-2.5.7-5.fc1.1.x86_64.rpm bab0cb276f77596a6b9520401298764f i386/rsync-2.5.7-5.fc1.1.i386.rpm 094fa40ae453fddd43edce9fd10a054b i386/debug/rsync-debuginfo-2.5.7-5.fc1.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. . An updated security fix for rsync addresses a critical path handling flaw in Fedora Core, particularlyaffecting its daemon execution mode.. Rsync, Path Security, Fedora Update, File Synchronization. . LinuxSecurity.com Team
Aug 20, 2004
Fedora
99
security advisorycriticalslackwareSlackware: 2003-337-01 Critical: Rsync Code Threat Fix in Daemon Mode
Rsync is a file transfer client and server. A security problem which may lead to unauthorized machine access or code execution has been fixed by upgrading to rsync-2.5.7. This problem only affects machines running rsync in daemon mode, . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] rsync security update (SSA:2003-337-01) Rsync is a file transfer client and server. A security problem which may lead to unauthorized machine access or code execution has been fixed by upgrading to rsync-2.5.7. This problem only affects machines running rsync in daemon mode, and is easier to exploit if the non-default option "use chroot = no" is used in the /etc/rsyncd.conf config file. Any sites running an rsync server should upgrade immediately. For complete information, see the rsync home page: / Here are the details from the Slackware 9.1 ChangeLog: +--------------------------+ Wed Dec 3 22:18:35 PST 2003 patches/packages/rsync-2.5.7-i486-1.tgz: Upgraded to rsync-2.5.7. From the rsync-2.5.7-NEWS file: SECURITY: * Fix buffer handling bugs. (Andrew Tridgell, Martin Pool, Paul Russell, Andrea Barisani) The vulnerability affects sites running rsync in daemon mode (rsync servers). These sites should be upgraded immediately. (* Security fix *) +--------------------------+ WHERE TO FIND THE NEW PACKAGE: +-----------------------------+ Updated package for Slackware 8.1: Updated package for Slackware 9.0: Updated package for Slackware 9.1: Updated package for Slackware -current: MD5 SIGNATURES: +-------------+ Slackware 8.1 package: 9adcdfaeca3022204bc1bef1d97802cf rsync-2.5.7-i386-1.tgz Slackware 9.0 package: 12788c9af15174c683ada4c5e5746372 rsync-2.5.7-i386-1.tgz Slackware 9.1 package: 38d40a65d526f92c41ff72afae74e546 rsync-2.5.7-i486-1.tgz Slackware -current package: 3f68fa78c6d095da4269e27806596d48 rsync-2.5.7-i486-1.tgz INSTALLATION INSTRUCTIONS: +------------------------+ If you're running rsync as a daemon, kill it: # killall rsync Then, upgrade thepackage: # upgradepkg rsync-2.5.7-i486-1.tgz Finally, restart the rsync daemon: # rsync --daemon +-----+ . Rsync enhances protection against unauthorized entry in daemon mode. Transition to version 2.5.7 to fortify your systems reliably.. Rsync Update, Code Threat, Daemon Mode Risks. . Severity: Critical. LinuxSecurity.com Team
Dec 04, 2003
•Critical
Slackware
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!