Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
100
security advisorySuSEcommand executionSUSE: Go1.24-openssl Important Command Execution Threat 2025:02837-1
* bsc#1236217 * bsc#1246118 * bsc#1247719 * bsc#1247720 * jsc#SLE-18320 . # Security update for go1.24-openssl Announcement ID: SUSE-SU-2025:02837-1 Release Date: 2025-08-18T08:36:09Z Rating: important References: * bsc#1236217 * bsc#1246118 * bsc#1247719 * bsc#1247720 * jsc#SLE-18320 Cross-References: * CVE-2025-4674 * CVE-2025-47906 * CVE-2025-47907 CVSS scores: * CVE-2025-4674 ( SUSE ): 9.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-4674 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2025-4674 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2025-47906 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-47906 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2025-47907 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-47907 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N * CVE-2025-47907 ( NVD ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 *SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves three vulnerabilities, contains one feature and has one security fix can now be installed. ## Description: This update for go1.24-openssl fixes the following issues: Updated to go1.24.6 (released 2025-08-06) (bsc#1236217): \- CVE-2025-4674: Fixed unexpected command execution in untrusted VCS repositories in cmd/go (bsc#1246118) \- CVE-2025-47906: Fixed incorrect expansion of "", "." and ".." in some PATH configurations in LookPath in osc/exec (bsc#1247719) \- CVE-2025-47907: Fixed incorrect results returned from Rows.Scan in database/sql (bsc#1247720) Updated to version 1.24.6 cut from the go1.24-fips-release branch at the revision tagged go1.24.6-1-openssl-fips. (jsc#SLE-18320) \- Fix HKDF-Extract The latest OpenSSL in c9s/c10s requires nil salt to be passed as a hash length buffer of zeros. Other fixes: \- cmd/compile: regression on ppc64le bit operations \- cmd/go: crash on unknown GOEXPERIMENT during toolchain selection \- cmd/link: duplicated definition of symbol github.com/ebitengine/purego.syscall15XABI0 when running with ASAN \- internal/trace: stress tests triggering suspected deadlock in tracer \- os/user:nolibgcc: TestGroupIdsTestUser failures \- runtime/pprof: crash "cannot read stack of running goroutine" in goroutine profile \- runtime: RSS seems to have increased in Go 1.24 while the runtime accounting has not \- runtime: bad frame pointer during panic during duffcopy \- runtime: heap mspan limit is set too late, causing data race between span allocation and conservative scanning \- runtime: memlock not unlocked in all control flow paths in sysReserveAlignedSbrk \- runtime: segfaults in runtime.(*unwinder).next \- runtime: use-after-free of allpSnapshot in findRunnable ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise HighPerformance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-2837=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-2837=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-2837=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2837=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2837=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-2837=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-2837=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2837=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-2837=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-2837=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2837=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-2837=1 ## Package List: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * go1.24-openssl-1.24.6-150000.1.12.1 * go1.24-openssl-race-1.24.6-150000.1.12.1 * go1.24-openssl-doc-1.24.6-150000.1.12.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * go1.24-openssl-1.24.6-150000.1.12.1 * go1.24-openssl-race-1.24.6-150000.1.12.1 * go1.24-openssl-doc-1.24.6-150000.1.12.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) *go1.24-openssl-1.24.6-150000.1.12.1 * go1.24-openssl-race-1.24.6-150000.1.12.1 * go1.24-openssl-doc-1.24.6-150000.1.12.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * go1.24-openssl-1.24.6-150000.1.12.1 * go1.24-openssl-race-1.24.6-150000.1.12.1 * go1.24-openssl-doc-1.24.6-150000.1.12.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * go1.24-openssl-1.24.6-150000.1.12.1 * go1.24-openssl-race-1.24.6-150000.1.12.1 * go1.24-openssl-doc-1.24.6-150000.1.12.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * go1.24-openssl-1.24.6-150000.1.12.1 * go1.24-openssl-race-1.24.6-150000.1.12.1 * go1.24-openssl-doc-1.24.6-150000.1.12.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * go1.24-openssl-1.24.6-150000.1.12.1 * go1.24-openssl-race-1.24.6-150000.1.12.1 * go1.24-openssl-doc-1.24.6-150000.1.12.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * go1.24-openssl-1.24.6-150000.1.12.1 * go1.24-openssl-race-1.24.6-150000.1.12.1 * go1.24-openssl-doc-1.24.6-150000.1.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * go1.24-openssl-1.24.6-150000.1.12.1 * go1.24-openssl-race-1.24.6-150000.1.12.1 * go1.24-openssl-doc-1.24.6-150000.1.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * go1.24-openssl-1.24.6-150000.1.12.1 * go1.24-openssl-race-1.24.6-150000.1.12.1 * go1.24-openssl-doc-1.24.6-150000.1.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * go1.24-openssl-1.24.6-150000.1.12.1 * go1.24-openssl-race-1.24.6-150000.1.12.1 * go1.24-openssl-doc-1.24.6-150000.1.12.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * go1.24-openssl-1.24.6-150000.1.12.1 * go1.24-openssl-race-1.24.6-150000.1.12.1 * go1.24-openssl-doc-1.24.6-150000.1.12.1 ## References: * https://www.suse.com/security/cve/CVE-2025-4674.html * https://www.suse.com/security/cve/CVE-2025-47906.html * https://www.suse.com/security/cve/CVE-2025-47907.html * https://bugzilla.suse.com/show_bug.cgi?id=1236217 * https://bugzilla.suse.com/show_bug.cgi?id=1246118 * https://bugzilla.suse.com/show_bug.cgi?id=1247719 * https://bugzilla.suse.com/show_bug.cgi?id=1247720 * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FSLE-18320&page_caps=&user_role= . This notice outlines a significant security enhancement for go1.24-openssl, focusing on essential concerns and potential weaknesses.. SUSE Linux Enterprise, go1.24-openssl, security update, important issues. . Severity: Important. LinuxSecurity.com Team
Aug 18, 2025
•Important
SuSE
197
security advisoryDebianSQL injectionDebian 11: DLA-4177-1: Critical SQL Injection in ADOdb Fix
SQL injection in the PostgreSQL driver has been fixed in the ADOdb database access library for PHP. For Debian 11 bullseye, this problem has been fixed in version . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4177-1
May 24, 2025
•Critical
Debian LTS
172
security advisoryUbuntuSQL injectionUbuntu 19.10, 18.04 LTS, 16.04 LTS: USN-4296-1 Critical Django Database
Django could allow unintended access to the database.. =========================================================================Ubuntu Security Notice USN-4296-1 March 04, 2020 python-django vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Django could allow unintended access to the database. Software Description: - python-django: High-level Python web development framework Details: Norbert Szetei discovered that Django incorrectly handled the GIS functions and aggregates on Oracle. A remote attacker could possibly use this issue to perform an SQL injection attack. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10: python-django 1:1.11.22-1ubuntu1.3 python3-django 1:1.11.22-1ubuntu1.3 Ubuntu 18.04 LTS: python-django 1:1.11.11-1ubuntu1.8 python3-django 1:1.11.11-1ubuntu1.8 Ubuntu 16.04 LTS: python-django 1.8.7-1ubuntu5.12 python3-django 1.8.7-1ubuntu5.12 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4296-1 CVE-2020-9402 Package Information: https://launchpad.net/ubuntu/+source/python-django/1:1.11.22-1ubuntu1.3 https://launchpad.net/ubuntu/+source/python-django/1:1.11.11-1ubuntu1.8 https://launchpad.net/ubuntu/+source/python-django/1.8.7-1ubuntu5.12 . Ubuntu Security Announcement USN-4296-1 addresses a flaw in Django that allows unauthorized database access. Immediate update recommended.. python-django, SQL injection, Ubuntu security, database vulnerability. . Severity: Critical. LinuxSecurity.com Team
Mar 04, 2020
•Critical
Ubuntu
200
security advisorymoderatesecurity issueScientific Linux 5.x, 6.x: CVE-2012-1151 Moderate: perl-DBD-Pg Security
Moderate: perl-DBD-Pg security update. Date: Wed, 25 Jul 2012 16:15:45 -0500 Reply-To:
Jul 25, 2012
Scientific Linux
98
security advisorymoderateRed HatRed Hat: RHSA-2012:1116-01 Moderate: perl-DBD-Pg Format String Issue
An updated perl-DBD-Pg package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: perl-DBD-Pg security update Advisory ID: RHSA-2012:1116-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2012:1116.html Issue date: 2012-07-25 CVE Names: CVE-2012-1151 ==================================================================== 1. Summary: An updated perl-DBD-Pg package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Perl DBI is a database access Application Programming Interface (API) for the Perl language. perl-DBD-Pg allows Perl applications to access PostgreSQL database servers. Two format string flaws were found in perl-DBD-Pg. A specially-crafted database warning or error message from a server could cause an application using perl-DBD-Pg to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-1151) All users of perl-DBD-Pg are advised to upgrade to this updatedpackage, which contains a backported patch to fix these issues. Applications using perl-DBD-Pg must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 801733 - CVE-2012-1151 perl-DBD-Pg: Format string flaws by turning db notices into Perl warnings and by preparing DBD statement 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: perl-DBD-Pg-1.49-4.el5_8.i386.rpm perl-DBD-Pg-debuginfo-1.49-4.el5_8.i386.rpm x86_64: perl-DBD-Pg-1.49-4.el5_8.x86_64.rpm perl-DBD-Pg-debuginfo-1.49-4.el5_8.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: i386: perl-DBD-Pg-1.49-4.el5_8.i386.rpm perl-DBD-Pg-debuginfo-1.49-4.el5_8.i386.rpm ia64: perl-DBD-Pg-1.49-4.el5_8.ia64.rpm perl-DBD-Pg-debuginfo-1.49-4.el5_8.ia64.rpm ppc: perl-DBD-Pg-1.49-4.el5_8.ppc.rpm perl-DBD-Pg-debuginfo-1.49-4.el5_8.ppc.rpm s390x: perl-DBD-Pg-1.49-4.el5_8.s390x.rpm perl-DBD-Pg-debuginfo-1.49-4.el5_8.s390x.rpm x86_64: perl-DBD-Pg-1.49-4.el5_8.x86_64.rpm perl-DBD-Pg-debuginfo-1.49-4.el5_8.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: x86_64: perl-DBD-Pg-2.15.1-4.el6_3.x86_64.rpm perl-DBD-Pg-debuginfo-2.15.1-4.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: i386: perl-DBD-Pg-2.15.1-4.el6_3.i686.rpm perl-DBD-Pg-debuginfo-2.15.1-4.el6_3.i686.rpm ppc64: perl-DBD-Pg-2.15.1-4.el6_3.ppc64.rpm perl-DBD-Pg-debuginfo-2.15.1-4.el6_3.ppc64.rpm s390x: perl-DBD-Pg-2.15.1-4.el6_3.s390x.rpm perl-DBD-Pg-debuginfo-2.15.1-4.el6_3.s390x.rpm x86_64: perl-DBD-Pg-2.15.1-4.el6_3.x86_64.rpm perl-DBD-Pg-debuginfo-2.15.1-4.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v.6): Source: i386: perl-DBD-Pg-2.15.1-4.el6_3.i686.rpm perl-DBD-Pg-debuginfo-2.15.1-4.el6_3.i686.rpm x86_64: perl-DBD-Pg-2.15.1-4.el6_3.x86_64.rpm perl-DBD-Pg-debuginfo-2.15.1-4.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2012-1151 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQECalXlSAg2UNWIIRAg5oAJ9Axt76xnJodfYOujBTqPjLjeOKeACglhKk xcNjSdCZiKspR58fJAdc7XU=KmOi -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Jul 25, 2012
•Medium
Red Hat
89
security advisorycriticalFedoraFedora 10: 2023-21584 Critical: ocaml-postgresql Escape Function Update
- New upstream version 1.12.3. - This contains a SECURITY fix for: https://bugzilla.redhat.com/show_bug.cgi?id=529325 CVE-2009-2943 ocaml- postgresql: Missing escape function (DSA-1909-1) HOWEVER you are not protected until you change your code to use the new connection#escape_string method.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-10595 2009-10-21 00:08:33 -------------------------------------------------------------------------------- Name : ocaml-postgresql Product : Fedora 10 Version : 1.12.3 Release : 1.fc10.2 URL : Summary : OCaml library for accessing PostreSQL databases Description : This OCaml-library provides an interface to PostgreSQL, an efficient and reliable, open source, relational database. Almost all functionality available through the C-API (libpq) is replicated in a type-safe way. This library uses objects for representing database connections and results of queries. -------------------------------------------------------------------------------- Update Information: - New upstream version 1.12.3. - This contains a SECURITY fix for: https://bugzilla.redhat.com/show_bug.cgi?id=529325 CVE-2009-2943 ocaml- postgresql: Missing escape function (DSA-1909-1) HOWEVER you are not protected until you change your code to use the new connection#escape_string method. -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 16 2009 Richard W.M. Jones - 1.12.3-1.fc10.2 - Fix build process for new upstream tarball layout. * Fri Oct 16 2009 Richard W.M. Jones - 1.12.3-1 - New upstream version 1.12.3. - This contains a SECURITY fix for: https://bugzilla.redhat.com/show_bug.cgi?id=529325 CVE-2009-2943 ocaml-postgresql: Missing escape function (DSA-1909-1) HOWEVER you are not protected until you change your code to use the new connection#escape_stringmethod. -------------------------------------------------------------------------------- References: [ 1 ] Bug #529325 - CVE-2009-2943 ocaml-postgresql: Missing escape function (DSA-1909-1) https://bugzilla.redhat.com/show_bug.cgi?id=529325 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update ocaml-postgresql' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
Nov 10, 2009
•Critical
Fedora
89
security advisorymoderatefedoraFedora 9: 2009-4044 Moderate: Prelude Manager Database Access Issue
The configuration file of prelude-manager contains a database password and is world readable. This update restricts permissions to the root account.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-4044 2009-04-27 20:38:45 -------------------------------------------------------------------------------- Name : prelude-manager Product : Fedora 9 Version : 0.9.14.2 Release : 2.fc9 URL : https://prelude-ids.org/ Summary : Prelude-Manager Description : Prelude Manager is the main program of the Prelude Hybrid IDS suite. It is a multithreaded server which handles connections from the Prelude sensors. It is able to register local or remote sensors, let the operator configure them remotely, receive alerts, and store alerts in a database or any format supported by reporting plugins, thus providing centralized logging and analysis. It also provides relaying capabilities for failover and replication. The IDMEF standard is used for alert representation. Support for filtering plugins allows you to hook in different places in the Manager to define custom criteria for alert relaying and logging. -------------------------------------------------------------------------------- Update Information: The configuration file of prelude-manager contains a database password and is world readable. This update restricts permissions to the root account. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 22 2009 Steve Grubb 0.9.14.2-2 - Adjusted permissions on dirs and conf files * Wed Sep 10 2008 Steve Grubb 0.9.14.2-1 - new upstream version - Prelude-Manager-SMTP plugin is now included * Wed May 14 2008 Steve Grubb 0.9.12.1-1 - new upstream version 0.9.12.1 * Thu Apr 24 2008 Steve Grubb 0.9.12-1 - new upstream version 0.9.12 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su-c 'yum update prelude-manager' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
May 02, 2009
Fedora
91
security advisoryMySQLvulnerabilityGentoo: GLSA 200809-04 Standard: Bypass Privileges in MySQL Security
A vulnerability in MySQL might allow users to bypass privileges and gain access to other databases.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: MySQL: Privilege bypass Date: September 04, 2008 Bugs: #220399 ID: 200809-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability in MySQL might allow users to bypass privileges and gain access to other databases. Background ========= MySQL is a popular multi-threaded, multi-user SQL server. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-db/mysql < 5.0.60-r1 > = 5.0.60-r1 Description ========== Sergei Golubchik reported that MySQL imposes no restrictions on the specification of "DATA DIRECTORY" or "INDEX DIRECTORY" in SQL "CREATE TABLE" statements. Impact ===== An authenticated remote attacker could create MyISAM tables, specifying DATA or INDEX directories that contain future table files by other database users, or existing table files in the MySQL data directory, gaining access to those tables. Workaround ========= There is no known workaround at this time. Resolution ========= All MySQL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-db/mysql-5.0.60-r1" References ========= [ 1 ] CVE-2008-2079 https://www.cve.org/CVERecord?id=CVE-2008-2079 Availability =========== This GLSA and any updates to it are available for viewing at the GentooSecurity Website: https://security.gentoo.org/glsa/200809-04 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Sep 04, 2008
•Important
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!