Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
89
security advisoryfedoracriticalDebian 10: 2020-75d04c7h64 Severe: Security Flaw in PostgreSQL Admin Area
# Multi-Master Replication Manager for MySQL mmm_agentd Remote Command Injection Vulnerabilities This update adds data sanitization to inputs for the mmm agent. Multiple exploitable remote command injection vulnerabilities exist in the MySQL Master-Master Replication Manager (MMM) mmm_agentd daemon 2.2.1. mmm_agentd commonly runs with root privileges and does not require authentication by. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-92f04c6b61 2018-05-15 19:59:59.036932 --------------------------------------------------------------------------------Name : mysql-mmm Product : Fedora 26 Version : 2.2.1 Release : 20.fc26 URL : https://mysql-mmm.org/ Summary : Multi-Master Replication Manager for MySQL Description : MMM (MySQL Master-Master Replication Manager) is a set of flexible scripts to perform monitoring/failover and management of MySQL Master-Master replication configurations (with only one node writable at any time). The toolset also has the ability to read balance standard master/slave configurations with any number of slaves, so you can use it to move virtual IP addresses around a group of servers depending on whether they are behind in replication. In addition to that, it also has scripts for data backups, resynchronization between nodes etc. --------------------------------------------------------------------------------Update Information: # Multi-Master Replication Manager for MySQL mmm_agentd Remote Command Injection Vulnerabilities This update adds data sanitization to inputs for the mmm agent. Multiple exploitable remote command injection vulnerabilities exist in the MySQL Master-Master Replication Manager (MMM) mmm_agentd daemon 2.2.1. mmm_agentd commonly runs with root privileges and does not require authentication by default. A specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privilegesof the mmm_agentd process. An attacker that can initiate a TCP session with mmm_agentd can trigger these vulnerabilities. The impact of these vulnerabilities can be lessened by configuring mmm_agentd to require TLS mutual authentication and by using network ACLs to prevent hosts other than legitimate mmm_mond hosts from accessing mmm_agentd. For example on Linux iptables rules can be used to block access to the port mmm_agent is listening on from all hosts except the mmm_monitor. The configuration of ssl can be used where firewall rules are not practical. See Socket Documentation https://mysql-mmm.org/mysql-mmm.html Add to mmm_common.conf type ssl cert_file /etc/ssl/certs/www..bundle.crt key_file /etc/ssl/certs/www..key ca_file /etc/ssl/certs/ca-bundle.crt # or ca-certificates.crt Now only those with access to the private key can send commands. Whilst your web server certificate will do the job, you may consider registering a dedicated certificate just for this task. NOTE: By now there are a some good alternatives to MySQL-MMM. Maybe you want to check out Galera Cluster which is part of MariaDB Galera Cluster and Percona XtraDB Cluster. - https://mysql-mmm.org/ - https://galeracluster.com/ - https://mariadb.com/kb/en/what-is-mariadb-galera-cluster/ ---------------------------------------------------------------------------------ChangeLog: * Wed May 2 2018 David Beveridge 2.2.1-20 - Patch for mmm_agentd Remote Command Injection Vulnerabilities - TALOS-2017-0501, CVE-2017-14474 - CVE-2017-14481 * Thu Feb 8 2018 Fedora Release Engineering - 2.2.1-19 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Wed Dec 20 2017 Ruben Kerkhof - 2.2.1-18 - Correct permissions for systemd units (#1527992) * Wed Jul 26 2017 Fedora Release Engineering - 2.2.1-17 - Rebuilt forhttps://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1575161 https://bugzilla.redhat.com/show_bug.cgi?id=1575161 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-92f04c6b61' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
May 15, 2018
•Important
Fedora
89
security advisoryfedoraremote exploitFedora 26: 2018-92f04c6b61 Critical: mysql-mmm Command Injection
# Multi-Master Replication Manager for MySQL mmm_agentd Remote Command Injection Vulnerabilities This update adds data sanitization to inputs for the mmm agent. Multiple exploitable remote command injection vulnerabilities exist in the MySQL Master-Master Replication Manager (MMM) mmm_agentd daemon 2.2.1. mmm_agentd commonly runs with root privileges and does not require authentication by. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-92f04c6b61 2018-05-15 19:59:59.036932 --------------------------------------------------------------------------------Name : mysql-mmm Product : Fedora 26 Version : 2.2.1 Release : 20.fc26 URL : https://mysql-mmm.org/ Summary : Multi-Master Replication Manager for MySQL Description : MMM (MySQL Master-Master Replication Manager) is a set of flexible scripts to perform monitoring/failover and management of MySQL Master-Master replication configurations (with only one node writable at any time). The toolset also has the ability to read balance standard master/slave configurations with any number of slaves, so you can use it to move virtual IP addresses around a group of servers depending on whether they are behind in replication. In addition to that, it also has scripts for data backups, resynchronization between nodes etc. --------------------------------------------------------------------------------Update Information: # Multi-Master Replication Manager for MySQL mmm_agentd Remote Command Injection Vulnerabilities This update adds data sanitization to inputs for the mmm agent. Multiple exploitable remote command injection vulnerabilities exist in the MySQL Master-Master Replication Manager (MMM) mmm_agentd daemon 2.2.1. mmm_agentd commonly runs with root privileges and does not require authentication by default. A specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privilegesof the mmm_agentd process. An attacker that can initiate a TCP session with mmm_agentd can trigger these vulnerabilities. The impact of these vulnerabilities can be lessened by configuring mmm_agentd to require TLS mutual authentication and by using network ACLs to prevent hosts other than legitimate mmm_mond hosts from accessing mmm_agentd. For example on Linux iptables rules can be used to block access to the port mmm_agent is listening on from all hosts except the mmm_monitor. The configuration of ssl can be used where firewall rules are not practical. See Socket Documentation https://mysql-mmm.org/mysql-mmm.html Add to mmm_common.conf type ssl cert_file /etc/ssl/certs/www..bundle.crt key_file /etc/ssl/certs/www..key ca_file /etc/ssl/certs/ca-bundle.crt # or ca-certificates.crt Now only those with access to the private key can send commands. Whilst your web server certificate will do the job, you may consider registering a dedicated certificate just for this task. NOTE: By now there are a some good alternatives to MySQL-MMM. Maybe you want to check out Galera Cluster which is part of MariaDB Galera Cluster and Percona XtraDB Cluster. - https://mysql-mmm.org/ - https://galeracluster.com/ - https://mariadb.com/kb/en/what-is-mariadb-galera-cluster/ ---------------------------------------------------------------------------------ChangeLog: * Wed May 2 2018 David Beveridge 2.2.1-20 - Patch for mmm_agentd Remote Command Injection Vulnerabilities - TALOS-2017-0501, CVE-2017-14474 - CVE-2017-14481 * Thu Feb 8 2018 Fedora Release Engineering - 2.2.1-19 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Wed Dec 20 2017 Ruben Kerkhof - 2.2.1-18 - Correct permissions for systemd units (#1527992) * Wed Jul 26 2017 Fedora Release Engineering - 2.2.1-17 - Rebuilt forhttps://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1575161 https://bugzilla.redhat.com/show_bug.cgi?id=1575161 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-92f04c6b61' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
May 15, 2018
•Critical
Fedora
89
security advisoryfedoraupdate informationFedora 27: FEDORA-2018-e31f52c5ee Moderate: MySQL-MMM Command Injection
# Multi-Master Replication Manager for MySQL mmm_agentd Remote Command Injection Vulnerabilities This update adds data sanitization to inputs for the mmm agent. Multiple exploitable remote command injection vulnerabilities exist in the MySQL Master-Master Replication Manager (MMM) mmm_agentd daemon 2.2.1. mmm_agentd commonly runs with root privileges and does not require authentication by. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-e31f52c5ee 2018-05-15 19:52:12.739386 --------------------------------------------------------------------------------Name : mysql-mmm Product : Fedora 27 Version : 2.2.1 Release : 20.fc27 URL : https://mysql-mmm.org/ Summary : Multi-Master Replication Manager for MySQL Description : MMM (MySQL Master-Master Replication Manager) is a set of flexible scripts to perform monitoring/failover and management of MySQL Master-Master replication configurations (with only one node writable at any time). The toolset also has the ability to read balance standard master/slave configurations with any number of slaves, so you can use it to move virtual IP addresses around a group of servers depending on whether they are behind in replication. In addition to that, it also has scripts for data backups, resynchronization between nodes etc. --------------------------------------------------------------------------------Update Information: # Multi-Master Replication Manager for MySQL mmm_agentd Remote Command Injection Vulnerabilities This update adds data sanitization to inputs for the mmm agent. Multiple exploitable remote command injection vulnerabilities exist in the MySQL Master-Master Replication Manager (MMM) mmm_agentd daemon 2.2.1. mmm_agentd commonly runs with root privileges and does not require authentication by default. A specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privilegesof the mmm_agentd process. An attacker that can initiate a TCP session with mmm_agentd can trigger these vulnerabilities. The impact of these vulnerabilities can be lessened by configuring mmm_agentd to require TLS mutual authentication and by using network ACLs to prevent hosts other than legitimate mmm_mond hosts from accessing mmm_agentd. For example on Linux iptables rules can be used to block access to the port mmm_agent is listening on from all hosts except the mmm_monitor. The configuration of ssl can be used where firewall rules are not practical. See Socket Documentation https://mysql-mmm.org/mysql-mmm.html Add to mmm_common.conf type ssl cert_file /etc/ssl/certs/www..bundle.crt key_file /etc/ssl/certs/www..key ca_file /etc/ssl/certs/ca-bundle.crt # or ca-certificates.crt Now only those with access to the private key can send commands. Whilst your web server certificate will do the job, you may consider registering a dedicated certificate just for this task. NOTE: By now there are a some good alternatives to MySQL-MMM. Maybe you want to check out Galera Cluster which is part of MariaDB Galera Cluster and Percona XtraDB Cluster. - https://mysql-mmm.org/ - https://galeracluster.com/ - https://mariadb.com/kb/en/what-is-mariadb-galera-cluster/ ---------------------------------------------------------------------------------ChangeLog: * Wed May 2 2018 David Beveridge 2.2.1-20 - Patch for mmm_agentd Remote Command Injection Vulnerabilities - TALOS-2017-0501, CVE-2017-14474 - CVE-2017-14481 * Thu Feb 8 2018 Fedora Release Engineering - 2.2.1-19 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Wed Dec 20 2017 Ruben Kerkhof - 2.2.1-18 - Correct permissions for systemd units (#1527992) --------------------------------------------------------------------------------References: [ 1 ] Bug #1575161 https://bugzilla.redhat.com/show_bug.cgi?id=1575161 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-e31f52c5ee' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
May 15, 2018
•Important
Fedora
100
security advisorycritical issueDoSSUSE 2016:3210-1 Critical: MozillaFirefox Memory Issues Resolved
An update that fixes 10 vulnerabilities is now available. An update that fixes 10 vulnerabilities is now available. An update that fixes 10 vulnerabilities is now available.. SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3210-1 Rating: important References: #1000751 #1015422 Cross-References: CVE-2016-9893 CVE-2016-9895 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9901 CVE-2016-9902 CVE-2016-9904 CVE-2016-9905 Affected Products: SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: MozillaFirefox 45 ESR was updated to 45.6 to fix the following issues: * MFSA 2016-95/CVE-2016-9897: Memory corruption in libGLES * MFSA 2016-95/CVE-2016-9901: Data from Pocket server improperly sanitized before execution * MFSA 2016-95/CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees * MFSA 2016-95/CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements * MFSA 2016-95/CVE-2016-9904: Cross-origin information leak in shared atoms * MFSA 2016-95/CVE-2016-9905: Crash in EnumerateSubDocuments * MFSA 2016-95/CVE-2016-9895: CSP bypass using marquee tag * MFSA 2016-95/CVE-2016-9900: Restricted external resources can be loaded by SVGimages through data URLs * MFSA 2016-95/CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6 * MFSA 2016-95/CVE-2016-9902: Pocket extension does not validate the origin of events Please see https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/ for more information. Also the following bug was fixed: - Fix fontconfig issue (bsc#1000751) on 32bit systems as well. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 5: zypper in -t patch sleclo50sp3-MozillaFirefox-12903=1 - SUSE Manager Proxy 2.1: zypper in -t patch slemap21-MozillaFirefox-12903=1 - SUSE Manager 2.1: zypper in -t patch sleman21-MozillaFirefox-12903=1 - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-MozillaFirefox-12903=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-MozillaFirefox-12903=1 - SUSE Linux Enterprise Server 11-SP3-LTSS: zypper in -t patch slessp3-MozillaFirefox-12903=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-MozillaFirefox-12903=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-MozillaFirefox-12903=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-MozillaFirefox-12903=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE OpenStack Cloud 5 (x86_64): MozillaFirefox-45.6.0esr-62.1 MozillaFirefox-translations-45.6.0esr-62.1 - SUSE Manager Proxy 2.1 (x86_64): MozillaFirefox-45.6.0esr-62.1 MozillaFirefox-translations-45.6.0esr-62.1 - SUSE Manager 2.1 (s390x x86_64): MozillaFirefox-45.6.0esr-62.1 MozillaFirefox-translations-45.6.0esr-62.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-devel-45.6.0esr-62.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-45.6.0esr-62.1 MozillaFirefox-translations-45.6.0esr-62.1 - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64): MozillaFirefox-45.6.0esr-62.1 MozillaFirefox-translations-45.6.0esr-62.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): MozillaFirefox-45.6.0esr-62.1 MozillaFirefox-translations-45.6.0esr-62.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): MozillaFirefox-debuginfo-45.6.0esr-62.1 MozillaFirefox-debugsource-45.6.0esr-62.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): MozillaFirefox-debuginfo-45.6.0esr-62.1 MozillaFirefox-debugsource-45.6.0esr-62.1 References: https://www.suse.com/security/cve/CVE-2016-9893.html https://www.suse.com/security/cve/CVE-2016-9895.html https://www.suse.com/security/cve/CVE-2016-9897.html https://www.suse.com/security/cve/CVE-2016-9898.html https://www.suse.com/security/cve/CVE-2016-9899.html https://www.suse.com/security/cve/CVE-2016-9900.html https://www.suse.com/security/cve/CVE-2016-9901.html https://www.suse.com/security/cve/CVE-2016-9902.html https://www.suse.com/security/cve/CVE-2016-9904.html https://www.suse.com/security/cve/CVE-2016-9905.html https://bugzilla.suse.com/1000751 https://bugzilla.suse.com/1015422 . A new release for MozillaFirefox from SUSE addresses 10 severe vulnerabilities, boosting user security and optimizing performance.. SUSE Security Update, MozillaFirefox Fix, Memory Safety, DoS Protection. . Severity: Important. LinuxSecurity.com Team
Dec 21, 2016
•Important
SuSE
100
security advisoryDoSimportantSUSE: 2013:0315-1 Important: Java 1.6.0 Security Update - DoS
An update that contains security fixes can now be installed. An update that contains security fixes can now be installed. An update that contains security fixes can now be installed.. SUSE Security Update: Security update for Java 1.6.0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:0315-1 Rating: important References: #494536 #792951 #801972 Affected Products: SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: java-1_6_0-openjdk based on Icedtea6-1.12.2 was released, fixing various security issues: New in release 1.12.2 (2012-02-03): * Security fixes o S6563318, CVE-2013-0424: RMI data sanitization o S6664509, CVE-2013-0425: Add logging context o S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time o S6776941: CVE-2013-0427: Improve thread pool shutdown o S7141694, CVE-2013-0429: Improving CORBA internals o S7173145: Improve in-memory representation of splashscreens o S7186945: Unpack200 improvement o S7186946: Refine unpacker resource usage o S7186948: Improve Swing data validation o S7186952, CVE-2013-0432: Improve clipboard access o S7186954: Improve connection performance o S7186957: Improve Pack200 data validation o S7192392, CVE-2013-0443: Better validation of client keys o S7192393, CVE-2013-0440: Better Checking of order of TLS Messages o S7192977, CVE-2013-0442: Issue in toolkit thread o S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies o S7200491: Tighten up JTable layout code o S7200500: Launcher better input validation o S7201064: Better dialogue checking o S7201066, CVE-2013-0441: Change modifiers on unused fields o S7201068, CVE-2013-0435: Better handling of UI elements o S7201070: Serialization toconform to protocol o S7201071, CVE-2013-0433: InetSocketAddress serialization issue o S8000210: Improve JarFile code quality o S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class o S8000540, CVE-2013-1475: Improve IIOP type reuse management o S8000631, CVE-2013-1476: Restrict access to class constructor o S8001235, CVE-2013-0434: Improve JAXP HTTP handling o S8001242: Improve RMI HTTP conformance o S8001307: Modify ACC_SUPER behavior o S8001972, CVE-2013-1478: Improve image processing o S8002325, CVE-2013-1480: Improve management of images * Backports o S7010849: 5/5 Extraneous javac source/target options when building sa-jdi o S8004341: Two JCK tests fails with 7u11 b06 o S8005615: Java Logger fails to load tomcat logger implementation (JULI) * Bug fixes o PR1297: cacao and jamvm parallel unpack failures o PR1301: PR1171 causes builds of Zero to fail Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-java-1_6_0-openjdk-7332 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): java-1_6_0-openjdk-1.6.0.0_b27.1.12.2-0.2.1 java-1_6_0-openjdk-demo-1.6.0.0_b27.1.12.2-0.2.1 java-1_6_0-openjdk-devel-1.6.0.0_b27.1.12.2-0.2.1 References: . Urgent security patch available for Java 1.6.0 on SUSE. Ensure system protection and safety by installing this update promptly.. Java Update,SUSE Linux 11,Security Fixes,OpenJDK Patches. . Severity: Important. LinuxSecurity.com Team
Feb 20, 2013
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!