Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
89
security advisorycriticalFedoraFedora 35: 0dbfb7e270 Critical Gnupg1 Signature Spoofing Fix
Security fix for CVE-2022-34903. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-0dbfb7e270 2022-07-28 01:29:59.622249 --------------------------------------------------------------------------------Name : gnupg1 Product : Fedora 35 Version : 1.4.23 Release : 18.fc35 URL : https://www.gnupg.org/ Summary : A GNU utility for secure communication and data storage Description : GnuPG (GNU Privacy Guard) is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is compliant with the proposed OpenPGP Internet standard described in RFC2440. Since GnuPG doesn't use any patented algorithm, it is not compatible with any version of PGP2 (PGP2.x uses only IDEA for symmetric-key encryption, which is patented worldwide). --------------------------------------------------------------------------------Update Information: Security fix for CVE-2022-34903 --------------------------------------------------------------------------------ChangeLog: * Tue Jul 19 2022 Brian C. Lane - 1.4.23-18 - g10/status.c: Backport fix for status buffer overrun Resolves: rhbz#2108445 - Note that this includes the fix for [CVE-2022-34903] * Thu Jan 20 2022 Fedora Release Engineering - 1.4.23-17 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #2102868 - CVE-2022-34903 gpg: Signature spoofing via status line injection https://bugzilla.redhat.com/show_bug.cgi?id=2102868 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-0dbfb7e270' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html Allpackages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jul 27, 2022
•Critical
Fedora
89
security advisoryFedoramoderate severityFedora 35 GnuPG Update: FEDORA-2022-1124e5882d Moderate Threat Fix
Fix for CVE-2022-34903 (#2103242). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-1124e5882d 2022-07-22 05:09:39.978475 --------------------------------------------------------------------------------Name : gnupg2 Product : Fedora 35 Version : 2.3.4 Release : 2.fc35 URL : https://www.gnupg.org/ Summary : Utility for secure communication and data storage Description : GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 and the S/MIME standard as described by several RFCs. GnuPG 2.0 is a newer version of GnuPG with additional support for S/MIME. It has a different design philosophy that splits functionality up into several modules. The S/MIME and smartcard functionality is provided by the gnupg2-smime package. --------------------------------------------------------------------------------Update Information: Fix for CVE-2022-34903 (#2103242) --------------------------------------------------------------------------------ChangeLog: * Mon Jul 4 2022 Jakub Jelen - 2.3.4-2 - Fix for CVE-2022-34903 (#2103242) --------------------------------------------------------------------------------References: [ 1 ] Bug #2103242 - Status line injection via long notation name https://bugzilla.redhat.com/show_bug.cgi?id=2103242 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-1124e5882d' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the FedoraProject can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jul 22, 2022
Fedora
89
security advisoryupdateFedoraFedora 36 gnupg2 Security Fix for CVE-2022-34903 Critical Issue
Fix for CVE-2022-34903 (#2103242). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-aa14d396dd 2022-07-07 01:14:02.271644 --------------------------------------------------------------------------------Name : gnupg2 Product : Fedora 36 Version : 2.3.6 Release : 2.fc36 URL : https://www.gnupg.org/ Summary : Utility for secure communication and data storage Description : GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 and the S/MIME standard as described by several RFCs. GnuPG 2.0 is a newer version of GnuPG with additional support for S/MIME. It has a different design philosophy that splits functionality up into several modules. The S/MIME and smartcard functionality is provided by the gnupg2-smime package. --------------------------------------------------------------------------------Update Information: Fix for CVE-2022-34903 (#2103242) --------------------------------------------------------------------------------ChangeLog: * Mon Jul 4 2022 Jakub Jelen - 2.3.6-2 - Fix for CVE-2022-34903 (#2103242) - Fix focing AEAD through configuration files (#2093760) --------------------------------------------------------------------------------References: [ 1 ] Bug #2103242 - Status line injection via long notation name https://bugzilla.redhat.com/show_bug.cgi?id=2103242 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-aa14d396dd' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora ProjectGPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jul 06, 2022
•Critical
Fedora
98
security advisorymoderateRed HatRed Hat Gluster Storage: RHSA-2022-1756-01 Moderate: Samba Security Issues
Updated samba packages that fix several bugs with added enhancement are now available for Red Hat Gluster Storage 3.5 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: samba security, bug fix and enhancement update Advisory ID: RHSA-2022:1756-01 Product: Red Hat Gluster Storage Advisory URL: https://access.redhat.com/errata/RHSA-2022:1756 Issue date: 2022-05-10 CVE Names: CVE-2021-20316 CVE-2021-44141 ==================================================================== 1. Summary: Updated samba packages that fix several bugs with added enhancement are now available for Red Hat Gluster Storage 3.5 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Gluster 3.5 Samba on RHEL-8 - noarch, x86_64 3. Description: Red Hat Gluster Storage is a software only scale-out storage solution that provides flexible and affordable unstructured data storage. It unifies data storage and infrastructure, increases performance, and improves availability and manageability to meet enterprise-level storage challenges. Security Fix(es): * samba: Symlink race error can allow metadata read and modify outside of the exported share (CVE-2021-20316) * samba: Information leak via symlinks of existance of files or directories outside of the exported share (CVE-2021-44141) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other relatedinformation, refer to the CVE page(s) listed in the References section. Users of samba with Red Hat Gluster Storage are advised to upgrade to these updated packages. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2009673 - CVE-2021-20316 samba: Symlink race error can allow metadata read and modify outside of the exported share 2044187 - [Samba] Higher version of rhgs samba is required to avoid conflict with rhel-8.6 based samba version 2046120 - CVE-2021-44141 samba: Information leak via symlinks of existance of files or directories outside of the exported share 6. Package List: Red Hat Gluster 3.5 Samba onRHEL-8: Source: libtalloc-2.3.3-2.el8rhgs.src.rpm libtdb-1.4.4-2.el8rhgs.src.rpm libtevent-0.11.0-1.el8rhgs.src.rpm samba-4.15.5-100.el8rhgs.src.rpm noarch: samba-common-4.15.5-100.el8rhgs.noarch.rpm samba-pidl-4.15.5-100.el8rhgs.noarch.rpm x86_64: ctdb-4.15.5-100.el8rhgs.x86_64.rpm ctdb-debuginfo-4.15.5-100.el8rhgs.x86_64.rpm libsmbclient-4.15.5-100.el8rhgs.x86_64.rpm libsmbclient-debuginfo-4.15.5-100.el8rhgs.x86_64.rpm libsmbclient-devel-4.15.5-100.el8rhgs.x86_64.rpm libtalloc-2.3.3-2.el8rhgs.x86_64.rpm libtalloc-debuginfo-2.3.3-2.el8rhgs.x86_64.rpm libtalloc-debugsource-2.3.3-2.el8rhgs.x86_64.rpm libtalloc-devel-2.3.3-2.el8rhgs.x86_64.rpm libtdb-1.4.4-2.el8rhgs.x86_64.rpm libtdb-debuginfo-1.4.4-2.el8rhgs.x86_64.rpm libtdb-debugsource-1.4.4-2.el8rhgs.x86_64.rpm libtdb-devel-1.4.4-2.el8rhgs.x86_64.rpm libtevent-0.11.0-1.el8rhgs.x86_64.rpm libtevent-debuginfo-0.11.0-1.el8rhgs.x86_64.rpm libtevent-debugsource-0.11.0-1.el8rhgs.x86_64.rpm libtevent-devel-0.11.0-1.el8rhgs.x86_64.rpm libwbclient-4.15.5-100.el8rhgs.x86_64.rpm libwbclient-debuginfo-4.15.5-100.el8rhgs.x86_64.rpm libwbclient-devel-4.15.5-100.el8rhgs.x86_64.rpm python3-samba-4.15.5-100.el8rhgs.x86_64.rpm python3-samba-debuginfo-4.15.5-100.el8rhgs.x86_64.rpm python3-talloc-2.3.3-2.el8rhgs.x86_64.rpm python3-talloc-debuginfo-2.3.3-2.el8rhgs.x86_64.rpm python3-talloc-devel-2.3.3-2.el8rhgs.x86_64.rpm python3-tdb-1.4.4-2.el8rhgs.x86_64.rpm python3-tdb-debuginfo-1.4.4-2.el8rhgs.x86_64.rpm python3-tevent-0.11.0-1.el8rhgs.x86_64.rpm python3-tevent-debuginfo-0.11.0-1.el8rhgs.x86_64.rpm samba-4.15.5-100.el8rhgs.x86_64.rpm samba-client-4.15.5-100.el8rhgs.x86_64.rpm samba-client-debuginfo-4.15.5-100.el8rhgs.x86_64.rpm samba-client-libs-4.15.5-100.el8rhgs.x86_64.rpm samba-client-libs-debuginfo-4.15.5-100.el8rhgs.x86_64.rpm samba-common-libs-4.15.5-100.el8rhgs.x86_64.rpm samba-common-libs-debuginfo-4.15.5-100.el8rhgs.x86_64.rpm samba-common-tools-4.15.5-100.el8rhgs.x86_64.rpm samba-common-tools-debuginfo-4.15.5-100.el8rhgs.x86_64.rpm samba-debuginfo-4.15.5-100.el8rhgs.x86_64.rpm samba-debugsource-4.15.5-100.el8rhgs.x86_64.rpm samba-devel-4.15.5-100.el8rhgs.x86_64.rpm samba-krb5-printing-4.15.5-100.el8rhgs.x86_64.rpm samba-krb5-printing-debuginfo-4.15.5-100.el8rhgs.x86_64.rpm samba-libs-4.15.5-100.el8rhgs.x86_64.rpm samba-libs-debuginfo-4.15.5-100.el8rhgs.x86_64.rpm samba-test-debuginfo-4.15.5-100.el8rhgs.x86_64.rpm samba-test-libs-debuginfo-4.15.5-100.el8rhgs.x86_64.rpm samba-vfs-glusterfs-4.15.5-100.el8rhgs.x86_64.rpm samba-vfs-glusterfs-debuginfo-4.15.5-100.el8rhgs.x86_64.rpm samba-vfs-iouring-debuginfo-4.15.5-100.el8rhgs.x86_64.rpm samba-winbind-4.15.5-100.el8rhgs.x86_64.rpm samba-winbind-clients-4.15.5-100.el8rhgs.x86_64.rpm samba-winbind-clients-debuginfo-4.15.5-100.el8rhgs.x86_64.rpm samba-winbind-debuginfo-4.15.5-100.el8rhgs.x86_64.rpm samba-winbind-krb5-locator-4.15.5-100.el8rhgs.x86_64.rpm samba-winbind-krb5-locator-debuginfo-4.15.5-100.el8rhgs.x86_64.rpm samba-winbind-modules-4.15.5-100.el8rhgs.x86_64.rpm samba-winbind-modules-debuginfo-4.15.5-100.el8rhgs.x86_64.rpm samba-winexe-debuginfo-4.15.5-100.el8rhgs.x86_64.rpm tdb-tools-1.4.4-2.el8rhgs.x86_64.rpm tdb-tools-debuginfo-1.4.4-2.el8rhgs.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-20316 https://access.redhat.com/security/cve/CVE-2021-44141 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYno7o9zjgjWX9erEAQgsbBAAohnHBeVvxjgwTMcigmdYraU/Y+gKlCnd C5pmRrZLsYuB2gkU5jgRjTpDkKKO60SoIXx5+wuYVYhlED+HP4lAd6X4zZYUAZ2u JAme2D5Uz9D7MEExEqY5C465MS23hwhzMMJbL5mx9OeEiIuoqJufsv1NTR6Oq/aD PtcpTAPQG+a2wbE213RLNUkUOmR94auQyBpMuznpMaZ7+Sp/PQq9QaNbdxt8d0jm 6KaPIVVH8DT9sOVLC5Hjv9YEaN7UMmn6CV1YN6O3cxQyvbuyUtwvHDQ7A0nzU1pU ahbbjMPtDUtjOSXQoGqQmk7kD4fZGPQrmNmrs8gSdgAGWamTEIV8etadTNsotvWT 97uFPMJZOaABr1f8GL80f6N88YPBHUEivqiOsq3w96QFIvP2hAB+mJp8AYG7ObtA iZsmhTIJWJauI8IJ9UgCYH037/6FtIWxxeSn3dmizVYxoVTPP63Rx+8r4AOzsLUp CXmSvrnmus1EYCBADcs3G7UzgcLgysL6gWM5LAvfI8LF3/anRTtvjaYENd+hZZbp ysE9hXKPgCYBxOYKVe65uJO40eXkvVs6ATsR9adu9LmE1pBCvHOAbyj4TXQDJA8X dQ14erbjqJWvplJEBZo2l5XBNK1vRzCRoGjOj/djs0PoRB69HeEOMqj3xDeFLhLS 39d4PjzyZZ8=lllC -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 10, 2022
Red Hat
98
security advisorysecurity updateimportantRedHat: RHSA-2020-3779-01 Important: Red Hat Data Grid 7.3.7 Security Fix
An update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Data Grid 7.3.7 security update Advisory ID: RHSA-2020:3779-01 Product: Red Hat JBoss Data Grid Advisory URL: https://access.redhat.com/errata/RHSA-2020:3779 Issue date: 2020-09-17 CVE Names: CVE-2017-7658 CVE-2019-10172 CVE-2020-1695 CVE-2020-1710 CVE-2020-1719 CVE-2020-1745 CVE-2020-1748 CVE-2020-1757 CVE-2020-8840 CVE-2020-9488 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10672 CVE-2020-10673 CVE-2020-10714 CVE-2020-10968 CVE-2020-10969 CVE-2020-11111 CVE-2020-11112 CVE-2020-11113 CVE-2020-11612 CVE-2020-11619 CVE-2020-11620 ==================================================================== 1. Summary: An update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project. This release of Red Hat Data Grid 7.3.7 serves as a replacement for Red Hat Data Grid 7.3.6 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum. Security Fix(es): * jetty: Incorrect header handling (CVE-2017-7658) * EAP: field-name is not parsed inaccordance to RFC7230 (CVE-2020-1710) * undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745) * undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass (CVE-2020-1757) * jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840) * jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546) * jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547) * jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548) * jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672) * jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673) * jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968) * jackson-databind: Serialization gadgets in javax.swing.JEditorPane (CVE-2020-10969) * jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111) * jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112) * jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113) * jackson-databind: Serialization gadgets in org.springframework:spring-aop (CVE-2020-11619) * jackson-databind: Serialization gadgets in commons-jelly:commons-jelly (CVE-2020-11620) * jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172) * resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695) * Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain (CVE-2020-1719) * Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748) *wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714) * netty: compression/decompression codecs don't enforce limits on buffer allocation sizes (CVE-2020-11612) * log4j: improper validation of certificate with host mismatch in SMTP appender (CVE-2020-9488) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: To install this update, do the following: 1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section. 2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on. 3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions. 4. Restart Data Grid to ensure the changes take effect. 4. Bugs fixed (https://bugzilla.redhat.com/): 1595621 - CVE-2017-7658 jetty: Incorrect header handling 1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720 1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class 1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass 1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230 1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain 1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability 1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serializationgadgets and typing which could result in remote command execution 1816216 - CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory 1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider 1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly 1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop 1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender 5.References: https://access.redhat.com/security/cve/CVE-2017-7658 https://access.redhat.com/security/cve/CVE-2019-10172 https://access.redhat.com/security/cve/CVE-2020-1695 https://access.redhat.com/security/cve/CVE-2020-1710 https://access.redhat.com/security/cve/CVE-2020-1719 https://access.redhat.com/security/cve/CVE-2020-1745 https://access.redhat.com/security/cve/CVE-2020-1748 https://access.redhat.com/security/cve/CVE-2020-1757 https://access.redhat.com/security/cve/CVE-2020-8840 https://access.redhat.com/security/cve/CVE-2020-9488 https://access.redhat.com/security/cve/CVE-2020-9546 https://access.redhat.com/security/cve/CVE-2020-9547 https://access.redhat.com/security/cve/CVE-2020-9548 https://access.redhat.com/security/cve/CVE-2020-10672 https://access.redhat.com/security/cve/CVE-2020-10673 https://access.redhat.com/security/cve/CVE-2020-10714 https://access.redhat.com/security/cve/CVE-2020-10968 https://access.redhat.com/security/cve/CVE-2020-10969 https://access.redhat.com/security/cve/CVE-2020-11111 https://access.redhat.com/security/cve/CVE-2020-11112 https://access.redhat.com/security/cve/CVE-2020-11113 https://access.redhat.com/security/cve/CVE-2020-11612 https://access.redhat.com/security/cve/CVE-2020-11619 https://access.redhat.com/security/cve/CVE-2020-11620 https://access.redhat.com/security/updates/classification#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid&downloadType=securityPatches&version=7.3 https://docs.redhat.com/en/documentation/red_hat_data_grid/7.3/html/red_hat_data_grid_7.3_release_notes/index 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBX2Nf/dzjgjWX9erEAQifjA/7BlSA2KK7e4RlxfRAP3Sj7xT+CRlFcOJn NVVI6DNpfZNtD/TJ4M5JFMP/yzKb+/FoaGVUexqiUxQBcrYsViZdfwfQ6PSwQgd8 5GAtC0NINGYmr0y7m6sKbAwAofnmCoEjNPjpdfLG632Err4vXDT9pGx1RNIrfS0A qaOSuf2BjZkD9A6Azroupq/ePmRnDBW4ovWF4ES415Pa5T7N4rmoyZ3UnGrbubmm GisjzhBbFyjL2wM1gMtqKlf5Qdre0XQIio4YLEnK1DaS7qLS36L04UJP9rwtB/nn aCOKZE/4Ch0gYcNlwniH4MK4Aiy/z/OGQopuhJoKFADJ3Y5lnJwCWDMjMKwWSj1G DvKG4uSIa8l2oxGQURThwxY1Jr7sbQTy2QXCVoyZj9oOKoGel+qJaGVFVnwsOpB7 MB8nPAuINZ91RR7xSBLv/AyoLnXV3dI97kOyTwEhld6THIwAUWqk+V2y7M6Onlx9 Pf+whfe0ORHzeCj/UBZh2NqcuShUpjdE9aLyYyefa2VV4t+0L4XlIfnlNuL8Ja7j wzLJlo/u8XMktoXRrBpMWZaCzcqN1+BTuQUXNZeqfNtgFmCgJVxp6tHyHni7flQq P2M8FaCyQHyQ1ggSljgZ66AEdiwatYpqOxR4yUyrKmsXt9iPsX45TdA9zSKmF2Sb PyKX8lLP6w8=n+2X -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Sep 17, 2020
•Important
Red Hat
89
security advisorymoderateFedoraFedora 27 GnuPG2 Update: Moderate Fix for CVE-2018-9234 Configuration Issue
Minor update from upstream with fix for CVE-2018-9234 and other bug fixes.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-3fc05e009d 2018-04-15 14:43:03.387917 --------------------------------------------------------------------------------Name : gnupg2 Product : Fedora 27 Version : 2.2.6 Release : 1.fc27 URL : http://www.gnupg.org/ Summary : Utility for secure communication and data storage Description : GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 and the S/MIME standard as described by several RFCs. GnuPG 2.0 is a newer version of GnuPG with additional support for S/MIME. It has a different design philosophy that splits functionality up into several modules. The S/MIME and smartcard functionality is provided by the gnupg2-smime package. --------------------------------------------------------------------------------Update Information: Minor update from upstream with fix for CVE-2018-9234 and other bug fixes. --------------------------------------------------------------------------------References: [ 1 ] Bug #1563931 - CVE-2018-9234 gnupg2: GnuPG: Unenforced configuration allows for apparently valid certifications actually signed by signing subkeys [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1563931 [ 2 ] Bug #1565387 - gnupg2-2.2.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1565387 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade gnupg2' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages aresigned with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Apr 15, 2018
Fedora
89
security advisorycriticalsoftware updateFedora 21 FEDORA-2015-5987 Critical GnuPG2 Update for Minor Issues
Updated package from upstream fixing minor security issues.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-5987 2015-04-11 04:34:02 -------------------------------------------------------------------------------- Name : gnupg2 Product : Fedora 21 Version : 2.0.27 Release : 1.fc21 URL : http://www.gnupg.org/ Summary : Utility for secure communication and data storage Description : GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 and the S/MIME standard as described by several RFCs. GnuPG 2.0 is a newer version of GnuPG with additional support for S/MIME. It has a different design philosophy that splits functionality up into several modules. The S/MIME and smartcard functionality is provided by the gnupg2-smime package. -------------------------------------------------------------------------------- Update Information: Updated package from upstream fixing minor security issues. -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 10 2015 Tomáš Mráz - 2.0.27-1 - new upstream release fixing minor security issues -------------------------------------------------------------------------------- References: [ 1 ] Bug #1178759 - gnupg2: double free in cmd_readkey() https://bugzilla.redhat.com/show_bug.cgi?id=1178759 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update gnupg2' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Apr 18, 2015
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!