Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
100
security advisoryupdatecriticalSUSE: 2022:4016-1 Important DoS Fix For Rubygem-Nokogiri
An update that fixes two vulnerabilities is now available. . SUSE Security Update: Security update for rubygem-nokogiri ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4016-1 Rating: important References: #1198408 #1199782 Cross-References: CVE-2022-24836 CVE-2022-29181 CVSS scores: CVE-2022-24836 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-24836 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-29181 (NVD) : 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-29181 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for rubygem-nokogiri fixes the following issues: - CVE-2022-24836: Fixes possibility to DoS because of inefficient RE in HTML encoding. (bsc#1198408) - CVE-2022-29181: Fixes Improper Handling of Unexpected Data Typesi. (bsc#1199782) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4016=1 - SUSE Linux Enterprise Modulefor Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4016=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1 ruby2.5-rubygem-nokogiri-debuginfo-1.8.5-150400.14.3.1 ruby2.5-rubygem-nokogiri-doc-1.8.5-150400.14.3.1 ruby2.5-rubygem-nokogiri-testsuite-1.8.5-150400.14.3.1 rubygem-nokogiri-debugsource-1.8.5-150400.14.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1 ruby2.5-rubygem-nokogiri-debuginfo-1.8.5-150400.14.3.1 rubygem-nokogiri-debugsource-1.8.5-150400.14.3.1 References: https://www.suse.com/security/cve/CVE-2022-24836.html https://www.suse.com/security/cve/CVE-2022-29181.html https://bugzilla.suse.com/1198408 https://bugzilla.suse.com/1199782 . Urgent SUSE Security Patch for rubygem-nokogiri addressing significant concerns related to Denial of Service and data processing flaws.. rubygem-nokogiri update, SUSE security fix, package vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Nov 16, 2022
•Important
SuSE
203
security advisorypackage updatedata issueMageia 6: MGASA-2019-0024 Critical: Nettle Data Conversion Issue
MGASA-2019-0024 - Updated nettle packages fix security vulnerability Publication date: 08 Jan 2019 URL: https://advisories.mageia.org/MGASA-2019-0024.html Type: security Affected Mageia releases: 6 CVE: CVE-2018-16869 A leaky data conversion exposing a manager oracle (CVE-2018-16869). References: - https://bugs.mageia.org/show_bug.cgi?id=24080 - - https://www.cve.org/CVERecord?id=CVE-2018-16869 SRPMS: - 6/core/nettle-3.4.1-1.mga6 . A leaky data conversion exposing a manager oracle (CVE-2018-16869). References: - https://bugs.mageia.org/show_bug.cgi?id=24080 - . A leaky data conversion exposing a manager oracle (CVE-2018-16869). References: - https://bugs.magei. mgasa-2019-0024, updated, nettle, packages, security, vulnerability, publication. . Severity: Critical. LinuxSecurity.com Team
Jan 08, 2019
•Critical
Mageia
197
security advisorycode executionDebianDebian 8: DLA-1480-1 High: Ruby2.1 Code Execution and Data Issues
Several vulnerabilities were discovered in Ruby 2.1. CVE-2016-2337 . Package : ruby2.1 Version : 2.1.5-2+deb8u5 CVE ID : CVE-2016-2337 CVE-2018-1000073 CVE-2018-1000074 Debian Bug : 895778 851161 Several vulnerabilities were discovered in Ruby 2.1. CVE-2016-2337 Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution. CVE-2018-1000073 RubyGems contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. CVE-2018-1000074 RubyGems contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appear to be exploitable via victim must run the `gem owner` command on a gem with a specially crafted YAML file. For Debian 8 "Jessie", these problems have been fixed in version 2.1.5-2+deb8u5. We recommend that you upgrade your ruby2.1 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Enhance ruby2.1 to address various security issues, particularly those related to the potential execution of malicious code stemming from unverified input.. Ruby 2.1 Security, Debian LTS Update, Code Execution Risks. . LinuxSecurity.com Team
Aug 27, 2018
Debian LTS
89
security advisoryfedoracriticalFedora 24: 2017-06-02 Critical: Squirrelmail Data Escaping Issue
fix insufficient escaping of user-supplied data (CVE-2017-7692). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-0b6da97aa5 2017-06-02 17:35:03.195274 --------------------------------------------------------------------------------Name : squirrelmail Product : Fedora 24 Version : 1.4.22 Release : 19.fc24 URL : https://www.squirrelmail.org/ Summary : webmail client written in php Description : SquirrelMail is a basic webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no JavaScript) for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install. --------------------------------------------------------------------------------Update Information: fix insufficient escaping of user-supplied data (CVE-2017-7692) --------------------------------------------------------------------------------References: [ 1 ] Bug #1445165 - CVE-2017-7692 squirrelmail: Insufficient escaping of user-supplied data https://bugzilla.redhat.com/show_bug.cgi?id=1445165 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade squirrelmail' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Jun 03, 2017
•Critical
Fedora
100
security advisorysoftware updateimportantSUSE: 2016:3223-1 Important: MozillaFirefox Security Update Issues
An update that fixes 10 vulnerabilities is now available. An update that fixes 10 vulnerabilities is now available. An update that fixes 10 vulnerabilities is now available.. SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3223-1 Rating: important References: #1000751 #1015422 Cross-References: CVE-2016-9893 CVE-2016-9895 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9901 CVE-2016-9902 CVE-2016-9904 CVE-2016-9905 Affected Products: SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP2 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: MozillaFirefox 45 ESR was updated to 45.6 to fix the following issues: * MFSA 2016-95/CVE-2016-9897: Memory corruption in libGLES * MFSA 2016-95/CVE-2016-9901: Data from Pocket server improperly sanitized before execution * MFSA 2016-95/CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees * MFSA 2016-95/CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements * MFSA 2016-95/CVE-2016-9904: Cross-origin information leak in shared atoms * MFSA 2016-95/CVE-2016-9905: Crash in EnumerateSubDocuments * MFSA 2016-95/CVE-2016-9895: CSP bypass using marquee tag * MFSA 2016-95/CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs * MFSA 2016-95/CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6 * MFSA 2016-95/CVE-2016-9902: Pocket extension does not validate the origin of events Please see https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/ for more information. - Fix fontconfig issue (bsc#1000751) on 32bitsystems as well. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP2-LTSS: zypper in -t patch slessp2-MozillaFirefox-12907=1 - SUSE Linux Enterprise Debuginfo 11-SP2: zypper in -t patch dbgsp2-MozillaFirefox-12907=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP2-LTSS (i586 s390x x86_64): MozillaFirefox-45.6.0esr-66.1 MozillaFirefox-translations-45.6.0esr-66.1 - SUSE Linux Enterprise Debuginfo 11-SP2 (i586 s390x x86_64): MozillaFirefox-debuginfo-45.6.0esr-66.1 MozillaFirefox-debugsource-45.6.0esr-66.1 References: https://www.suse.com/security/cve/CVE-2016-9893.html https://www.suse.com/security/cve/CVE-2016-9895.html https://www.suse.com/security/cve/CVE-2016-9897.html https://www.suse.com/security/cve/CVE-2016-9898.html https://www.suse.com/security/cve/CVE-2016-9899.html https://www.suse.com/security/cve/CVE-2016-9900.html https://www.suse.com/security/cve/CVE-2016-9901.html https://www.suse.com/security/cve/CVE-2016-9902.html https://www.suse.com/security/cve/CVE-2016-9904.html https://www.suse.com/security/cve/CVE-2016-9905.html https://bugzilla.suse.com/1000751 https://bugzilla.suse.com/1015422 . SUSE Security Patch: A recent update for MozillaFirefox addresses severe vulnerabilities, improving overall security and system reliability.. SUSE Security Update, MozillaFirefox Patch, Memory Corruption, Important Update, Data Sanitization. . Severity: Important. LinuxSecurity.com Team
Dec 22, 2016
•Important
SuSE
89
security advisoryFedorainteger overflowFedora 25 Security Advisory for libXi: Critical Integer Overflow Issues
Security fix for CVE-2016-7945, CVE-2016-7946. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-8b122b0997 2016-10-10 17:40:40.898089 -------------------------------------------------------------------------------- Name : libXi Product : Fedora 25 Version : 1.7.7 Release : 1.fc25 URL : https://www.x.org/wiki/ Summary : X.Org X11 libXi runtime library Description : X.Org X11 libXi runtime library -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-7945, CVE-2016-7946 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1381868 - CVE-2016-7945 libXi: Insufficient validation of server responses result in Integer overflows https://bugzilla.redhat.com/show_bug.cgi?id=1381868 [ 2 ] Bug #1381869 - CVE-2016-7946 libXi: Insufficient validation of server responses result in various data mishandlings https://bugzilla.redhat.com/show_bug.cgi?id=1381869 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update libXi' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Oct 10, 2016
•Critical
Fedora
98
security advisoryRed Hat PowertoolscriticalRed Hat Powertools 6.1-7.0 RHSA-2000:135-03 Critical Zope Data Fix
An issue involves incorrect protection of a data updating method on Imageand File objects has been fixed.. ` --------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: Zope Hotfix package available Advisory ID: RHSA-2000:135-03 Issue date: 2000-12-20 Updated on: 2000-12-20 Product: Red Hat Powertools Keywords: Zope Cross references: --------------------------------------------------------------------- 1. Topic: A new Zope Hotfix package is available. 2. Relevant releases/architectures: Red Hat Powertools 6.1 and 6.2 - noarch Red Hat Powertools 7.0 - noarch 3. Problem description: The issue involves incorrect protection of a data updating method on Image and File objects. Because the method was not correctly protected, it was possible for users with DTML editing privileges to update the raw data of aprivileges File or Image object via DTML, though they did not have editing on the objects themselves. 4. Solution: For each RPM for your particular architecture, run: rpm -Fvh [filename] where filename is the name of the RPM. Please make sure that you have updated you Zope packages to version 2.2.4 prior to applying this Hotfix. After you have installed this Hotfix, restart Zope. 5. Bug IDs fixed ( for more info): 6. RPMs required: Red Hat Powertools 6.1 and 6.2: SRPMS: noarch: Red Hat Powertools 7.0: SRPMS: noarch: 7. Verification: MD5 sum Package Name -------------------------------------------------------------------------- 8eef0f0590bce92e4ea7a65ad25b3d67 6.2/noarch/Zope-Hotfix-DTML-2000_12_18-1.noarch.rpm bb611337425fe1097a5bf8d55f4c6ae7 7.0/noarch/Zope-Hotfix-DTML-2000_12_18-1.noarch.rpm 44092ed99f67a7906a4347ae30110ee4 6.2/SRPMS/Zope-Hotfix-DTML-2000_12_18-1.src.rpm f98b08150235d97ac758102d5c203ec2 7.0/SRPMS/Zope-Hotfix-DTML-2000_12_18-1.src.rpm These packages are GPG signed by Red Hat, Inc. for security. Ourkey is available at: You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg 8. References: Copyright(c) 2000 Red Hat, Inc. `. Secure your data in Zope: apply the latest fix from Red Hat to avoid issues while upgrading processes.. Red Hat Zope Hotfix, Data Protection, Critical Security Update. . Severity: Critical. LinuxSecurity.com Team
Dec 20, 2000
•Critical
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!