Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
100
security advisorysecurity fixmoderate severitySUSE: 2022:3706-1 Moderate: Google-Gson Security Risk Mitigation
An update that fixes one vulnerability, contains one feature is now available. . SUSE Security Update: Security update for google-gson ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3706-1 Rating: moderate References: #1199064 SLE-24261 Cross-References: CVE-2022-25647 CVSS scores: CVE-2022-25647 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-25647 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that fixes one vulnerability, contains one feature is now available. Description: This update for google-gson fixes the following issues: Fixed security issue: - CVE-2022-25647: Deserialization of Untrusted Data (bsc#1199064) Other non security fixes: - Build with Java > = 9 in order to produce a modular jar by compiling the module-info.java sources with all other classes built with release 8 and still compatible with Java 8 - Upgrade to version 2.8.9 (jsc#SLE-24261) * Make OSGi bundle's dependency on sun.misc optional. * Deprecate Gson.excluder() exposing internal Excluder class. * Prevent Java deserialization of internal classes. * Improve number strategy implementation. * Fix LongSerializationPolicy null handling being inconsistent with Gson. * Support arbitrary Number implementation for Object and Number deserialization. * Bump proguard-maven-plugin from 2.4.0 to 2.5.1. * Don't exclude static local classes. * Fix RuntimeTypeAdapterFactory depending on internal Streams class. * Improve Maven build. * Make dependency on java.sql optional. * Fixed issue with recursive types. * Better behavior with Java 9+ and Unsafe ifthere is a security manager. * EnumTypeAdapter now works better when ProGuard has obfuscated enum fields. * make import of sun.misc optional since not all versions of jdk export it Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-3706=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): google-gson-2.8.9-150200.3.7.1 References: https://www.suse.com/security/cve/CVE-2022-25647.html https://bugzilla.suse.com/1199064 . SUSE Security Patch for google-gson tackling CVE-2022-25647 at moderate risk level. Explore further to maintain system protection.. google-gson security update, SUSE Manager CVE-2022-25647, data deserialization risk, moderate security advisory. . LinuxSecurity.com Team
Oct 24, 2022
SuSE
200
security advisorysecurity fiximportantSciLinux: SLSA-2018:1278-1 Important Java-1.7.0-OpenJDK Security Fix
OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025) (CVE-2018-2814) * OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794) * OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795) * OpenJDK: unbounded memory allocation during deserializati [More...]. Synopsis: Important: java-1.7.0-openjdk security update Advisory ID: SLSA-2018:1278-1 Issue Date: 2018-05-02 CVE Numbers: CVE-2018-2814 CVE-2018-2794 CVE-2018-2795 CVE-2018-2815 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2800 CVE-2018-2790 -- Security Fix(es): * OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025) (CVE-2018-2814) * OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794) * OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795) * OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796) * OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797) * OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798) * OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799) * OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800) * OpenJDK: unbounded memory allocation during deserialization in StubIORImpl (Serialization, 8192757) (CVE-2018-2815) * OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790) -- SL7 x86_64 java-1.7.0-openjdk-1.7.0.181-2.6.14.5.el7.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.181-2.6.14.5.el7.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.181-2.6.14.5.el7.x86_64.rpm java-1.7.0-openjdk-accessibility-1.7.0.181-2.6.14.5.el7.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.181-2.6.14.5.el7.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.181-2.6.14.5.el7.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.181-2.6.14.5.el7.x86_64.rpm noarch java-1.7.0-openjdk-javadoc-1.7.0.181-2.6.14.5.el7.noarch.rpm - Scientific Linux Development Team . Crucial Java-1.7.0-openjdk patch resolving various vulnerabilities associated with resource handling and circumvention of security restrictions.. security advisory, java-1.7.0-openjdk, sandbox bypass, memory allocation. . Severity: Important. LinuxSecurity.com Team
May 03, 2018
•Important
Scientific Linux
98
security advisoryRed HatupdateImportant Security Update RHSA-2018-0576-01 for JBoss BRMS 6.4.9 Data Risk
An update is now available for Red Hat JBoss BRMS. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss BRMS 6.4.9 security update Advisory ID: RHSA-2018:0576-01 Product: Red Hat Decision Manager Advisory URL: https://access.redhat.com/errata/RHSA-2018:0576 Issue date: 2018-03-22 CVE Names: CVE-2017-15095 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss BRMS. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.4.9 serves as a replacement for Red Hat JBoss BRMS 6.4.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525) (CVE-2017-15095) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting this issue. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and databasesettings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1506612 - CVE-2017-15095 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525) 5. References: https://access.redhat.com/security/cve/CVE-2017-15095 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=brms&downloadType=securityPatches&version=6.4 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFas2ThXlSAg2UNWIIRAmVVAJ9DJJMvOtGSZP0bhi+E5Urd/6joIACgjzfC bvJN0x7h14jdXsi2x2fo/s0=v9cj -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 22, 2018
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!