Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
202
security advisorymoderatedirectory creationopenSUSE: 2020:1231-1 moderate: hylafax+ Security Issues Fixed
An update that fixes two vulnerabilities is now available.. openSUSE Security Update: Security update for hylafax+ ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:1231-1 Rating: moderate References: #1173519 #1173521 Cross-References: CVE-2020-15396 CVE-2020-15397 Affected Products: openSUSE Backports SLE-15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for hylafax+ fixes the following issues: Hylafax was updated to upstream version 7.0.3. Security issues fixed: - CVE-2020-15396: Secure temporary directory creation for faxsetup, faxaddmodem, and probemodem (boo#1173521). - CVE-2020-15397: Sourcing of files into binaries from user writeable directories (boo#1173519). Non-security issues fixed: * add UseSSLFax feature in sendfax, sendfax.conf, hyla.conf, and JobControl (31 Jul 2020) * be more resilient in listening for the Phase C carrier (30 Jul 2020) * make sure to return to command mode if HDLC receive times out (29 Jul 2020) * make faxmail ignore boundaries on parts other than multiparts (29 Jul 2020) * don't attempt to write zero bytes of data to a TIFF (29 Jul 2020) * don't ever respond to CRP with CRP (28 Jul 2020) * reset frame counter when a sender retransmits PPS for a previously confirmed ECM block (26 Jul 2020) * scrutinize PPM before concluding that the sender missed our MCF (23 Jul 2020) * fix modem recovery after SSL Fax failure (22, 26 Jul 2020) * ignore echo of PPR, RTN, CRP (10, 13, 21 Jul 2020) * attempt to handle NSF/CSI/DIS in Class 1 sending Phase D (6 Jul 2020) * run scripts directly rather than invoking them via a shell for security hardening (3-5 Jul 2020) * add senderFumblesECM feature (3 Jul 2020) * add support for PIN/PIP/PRI-Q/PPS-PRI-Qsignals, add senderConfusesPIN feature, and utilize PIN for rare conditions where it may be helpful (2, 6, 13-14 Jul 2020) * add senderConfusesRTN feature (25-26 Jun 2020) * add MissedPageHandling feature (24 Jun 2020) * use and handle CFR in Phase D to retransmit Phase C (16, 23 Jun 2020) * cope with hearing echo of RR, CTC during Class 1 sending (15-17 Jun 2020) * fix listening for retransmission of MPS/EOP/EOM if it was received corrupt on the first attempt (15 Jun 2020) * don't use CRP when receiving PPS/PPM as some senders think we are sending MCF (12 Jun 2020) * add BR_SSLFAX to show SSL Fax in notify and faxinfo output (1 Jun 2020) * have faxinfo put units on non-standard page dimensions (28 May 2020) * improve error messages for JobHost connection errors (22 May 2020) * fix perpetual blocking of jobs when a job preparation fails, attempt to fix similar blocking problems for bad jobs in batches, and add "unblock" faxconfig feature (21 May 2020) * ignore TCF if we're receiving an SSL Fax (31 Jan 2020) * fixes for build on FreeBSD 12.1 (31 Jan - 3 Feb 2020) This update was imported from the openSUSE:Leap:15.1:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP1: zypper in -t patch openSUSE-2020-1231=1 Package List: - openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64): hylafax+-7.0.3-bp151.6.4.1 hylafax+-client-7.0.3-bp151.6.4.1 libfaxutil7_0_3-7.0.3-bp151.6.4.1 References: https://www.suse.com/security/cve/CVE-2020-15396.html https://www.suse.com/security/cve/CVE-2020-15397.html https://bugzilla.suse.com/1173519 https://bugzilla.suse.com/1173521 -- . A recent openSUSE patch mitigating two hylafax+ security flaws: safe directory establishment and fileretrieval from modifiable locations.. openSUSE Patch, hylafax+ Security, moderate Threat, file sourcing. . LinuxSecurity.com Team
Aug 18, 2020
OpenSUSE
202
security advisorymoderatesecurity issuesopenSUSE Leap 15.1: 2020:1210-1 Moderate: Hylafax+ Threats Resolved
An update that fixes two vulnerabilities is now available.. openSUSE Security Update: Security update for hylafax+ ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:1210-1 Rating: moderate References: #1173519 #1173521 Cross-References: CVE-2020-15396 CVE-2020-15397 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for hylafax+ fixes the following issues: Hylafax was updated to upstream version 7.0.3. Security issues fixed: - CVE-2020-15396: Secure temporary directory creation for faxsetup, faxaddmodem, and probemodem (boo#1173521). - CVE-2020-15397: Sourcing of files into binaries from user writeable directories (boo#1173519). Non-security issues fixed: * add UseSSLFax feature in sendfax, sendfax.conf, hyla.conf, and JobControl (31 Jul 2020) * be more resilient in listening for the Phase C carrier (30 Jul 2020) * make sure to return to command mode if HDLC receive times out (29 Jul 2020) * make faxmail ignore boundaries on parts other than multiparts (29 Jul 2020) * don't attempt to write zero bytes of data to a TIFF (29 Jul 2020) * don't ever respond to CRP with CRP (28 Jul 2020) * reset frame counter when a sender retransmits PPS for a previously confirmed ECM block (26 Jul 2020) * scrutinize PPM before concluding that the sender missed our MCF (23 Jul 2020) * fix modem recovery after SSL Fax failure (22, 26 Jul 2020) * ignore echo of PPR, RTN, CRP (10, 13, 21 Jul 2020) * attempt to handle NSF/CSI/DIS in Class 1 sending Phase D (6 Jul 2020) * run scripts directly rather than invoking them via a shell for security hardening (3-5 Jul 2020) * add senderFumblesECM feature (3 Jul 2020) * add support for PIN/PIP/PRI-Q/PPS-PRI-Q signals, addsenderConfusesPIN feature, and utilize PIN for rare conditions where it may be helpful (2, 6, 13-14 Jul 2020) * add senderConfusesRTN feature (25-26 Jun 2020) * add MissedPageHandling feature (24 Jun 2020) * use and handle CFR in Phase D to retransmit Phase C (16, 23 Jun 2020) * cope with hearing echo of RR, CTC during Class 1 sending (15-17 Jun 2020) * fix listening for retransmission of MPS/EOP/EOM if it was received corrupt on the first attempt (15 Jun 2020) * don't use CRP when receiving PPS/PPM as some senders think we are sending MCF (12 Jun 2020) * add BR_SSLFAX to show SSL Fax in notify and faxinfo output (1 Jun 2020) * have faxinfo put units on non-standard page dimensions (28 May 2020) * improve error messages for JobHost connection errors (22 May 2020) * fix perpetual blocking of jobs when a job preparation fails, attempt to fix similar blocking problems for bad jobs in batches, and add "unblock" faxconfig feature (21 May 2020) * ignore TCF if we're receiving an SSL Fax (31 Jan 2020) * fixes for build on FreeBSD 12.1 (31 Jan - 3 Feb 2020) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-1210=1 Package List: - openSUSE Leap 15.1 (x86_64): hylafax+-7.0.3-lp151.4.6.1 hylafax+-client-7.0.3-lp151.4.6.1 hylafax+-client-debuginfo-7.0.3-lp151.4.6.1 hylafax+-debuginfo-7.0.3-lp151.4.6.1 hylafax+-debugsource-7.0.3-lp151.4.6.1 libfaxutil7_0_3-7.0.3-lp151.4.6.1 libfaxutil7_0_3-debuginfo-7.0.3-lp151.4.6.1 References: https://www.suse.com/security/cve/CVE-2020-15396.html https://www.suse.com/security/cve/CVE-2020-15397.html https://bugzilla.suse.com/1173519 https://bugzilla.suse.com/1173521 -- . openSUSE Security Update for hylafax+ resolvescritical security issues and enhances performance for users.. openSUSE Update,hylafax+ Security Fixes,security vulnerability updates. . LinuxSecurity.com Team
Aug 14, 2020
OpenSUSE
172
security advisorymoderatesecurity issueUbuntu 14.04 ESM USN-4194-2 Moderate: PostgreSQL-Common Path Elevation
postgresql-common could be made to create arbitrary directories.. =========================================================================Ubuntu Security Notice USN-4194-2 December 03, 2019 postgresql-common vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM Summary: postgresql-common could be made to create arbitrary directories. Software Description: - postgresql-common: PostgreSQL database-cluster manager Details: USN-4194-1 fixed a vulnerability in postgresql-common. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Rich Mirch discovered that the postgresql-common pg_ctlcluster script incorrectly handled directory creation. A local attacker could possibly use this issue to escalate privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: postgresql-common 154ubuntu1.1+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4194-2 https://ubuntu.com/security/notices/USN-4194-1 CVE-2019-3466 . A vulnerability resolution for Ubuntu 14.04 ESM has been released relating to postgresql-common, which permits unrestricted creation of directories.. Postgresql Common Vulnerability, Ubuntu Security Notice, Linux Security Update. . Severity: Important. LinuxSecurity.com Team
Dec 03, 2019
•Important
Ubuntu
98
security advisoryRed Hattype threatRed Hat: RHSA-2001:070-02 Critical: mktemp Directory Creation
The version of mktemp shipped with Red Hat Linux prior to version 7 does not support creating temporary directories.. ` --------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: Updated mktemp packages available Advisory ID: RHSA-2001:070-02 Issue date: 2001-05-15 Updated on: 2001-05-21 Product: Red Hat Linux Keywords: mktemp directory creation -d Cross references: Obsoletes: --------------------------------------------------------------------- 1. Topic: The version of mktemp shipped with Red Hat Linux prior to version 7 does not support creating temporary directories. 2. Relevant releases/architectures: Red Hat Linux 5.2 - alpha, i386, sparc Red Hat Linux 6.2 - alpha, i386, sparc 3. Problem description: Older versions of mktemp don't support the "-d" parameter to create temporary directories safely. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed ( for more info): 6. RPMs required: Red Hat Linux 5.2: SRPMS: alpha: i386: sparc: Red Hat Linux 6.2: SRPMS: alpha: i386: sparc: 7. Verification: MD5 sum Package Name -------------------------------------------------------------------------- 94ea90c56aa2c048913c1671f44a6cf5 5.2/en/os/SRPMS/mktemp-1.5-2.1.5x.src.rpm 07cc49b2258e6ce4f00bded444ee3d00 5.2/en/os/alpha/mktemp-1.5-2.1.5x.alpha.rpm 862bf906743dba738210d8e7644e2cd3 5.2/en/os/i386/mktemp-1.5-2.1.5x.i386.rpm b37d318692785b7d5120fd194c1f07b2 5.2/en/os/sparc/mktemp-1.5-2.1.5x.sparc.rpm 834ae7978e494618ae0efd9bf762dea9 6.2/en/os/SRPMS/mktemp-1.5-2.1.6x.src.rpm 85775d4f8a7a5443010018dfdfc5d69e 6.2/en/os/alpha/mktemp-1.5-2.1.6x.alpha.rpm e3e46dea469df08b98934713b7dfc129 6.2/en/os/i386/mktemp-1.5-2.1.6x.i386.rpm 8dcb3ffc8b48f9d50a4e4976f7f00f5b 6.2/en/os/sparc/mktemp-1.5-2.1.6x.sparc.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg 8. References: Copyright(c) 2000, 2001 Red Hat, Inc. `. Recent mktemp enhancements introduced for Red Hat Linux focus on bolstering the protection of temporary directories.. mktemp Update, Red Hat Linux Advisory, Directory Creation Fix. . Severity: Critical. LinuxSecurity.com Team
May 22, 2001
•Critical
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!