Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

Stay Secure with the Latest Linux Advisories

Opensuse Large Esm H800
openSUSE

openSUSE Chromedriver Moderate Security Issues Fixed 2026-10958-1

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed libmozjs Moderate Update CVE-2025-70103

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed Perl HTML Parser Moderate CVE-2026-8829 Advisory

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H800
openSUSE

openSUSE Tumbleweed kernel-devel Moderate Security Issue 2026-10954-1

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed Gleam Moderate Threat Fixed 2026-10953-1

Calendar White Jun 08, 2026
moderate
Ubuntu Large Esm H900
Ubuntu

Ubuntu 25.10 Systemd Critical Arbitrary Code Exec DNS Issues USN-8402-1

Calendar White Jun 08, 2026
Critical
Opensuse Large Esm H800
openSUSE

openSUSE Epiphany Important Password Handling Issue CVE-2023-26081

Calendar White Jun 08, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS 8399-1 Pillow Denial of Service Risk CVE-2026-42308

Calendar White Jun 08, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS Poppler Critical DoS Code Execution Vuln USN-8400-1

Calendar White Jun 08, 2026
Critical
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -5 articles for you...
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorybuffer overflowsoftware update

Fedora 38 Advisory: Mingw-Freeimage Moderate Buffer Overflow Fixes

Downstream fixes for CVE-2021-40266 CVE-2020-24292 CVE-2020-24293 CVE-2020-24295 CVE-2021-40263. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-604a7d56b0 2023-10-07 01:44:14.660172 -------------------------------------------------------------------------------- Name : mingw-freeimage Product : Fedora 38 Version : 3.19.0 Release : 0.17.svn1909.fc38 URL : https://freeimage.sourceforge.io/ Summary : MinGW Windows freeimage library Description : MinGW Windows freeimage library. -------------------------------------------------------------------------------- Update Information: Downstream fixes for CVE-2021-40266 CVE-2020-24292 CVE-2020-24293 CVE-2020-24295 CVE-2021-40263 -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 28 2023 Sandro Mani - 3.19.0-0.17.svn1909 - Downstream fixes for CVE-2021-40266 CVE-2020-24292 CVE-2020-24293 CVE-2020-24295 CVE-2021-40263 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2235420 - CVE-2020-24292 mingw-freeimage: freeimage: buffer overflow in load() in PluginICO.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2235420 [ 2 ] Bug #2235422 - CVE-2020-24292 freeimage: buffer overflow in load() in PluginICO.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2235422 [ 3 ] Bug #2235425 - CVE-2020-24293 freeimage: buffer overflow in psdThumbnail::Read() in PSDParser.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2235425 [ 4 ] Bug #2235426 - CVE-2020-24293 mingw-freeimage: freeimage: buffer overflow in psdThumbnail::Read() in PSDParser.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2235426 [ 5 ] Bug #2235434 - CVE-2020-24295 freeimage: buffer overflow in ReadImageLine() in PSDParser.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2235434 [ 6 ] Bug #2235435 - CVE-2020-24295 mingw-freeimage: freeimage: buffer overflow in ReadImageLine() in PSDParser.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2235435 [ 7 ] Bug #2235442 - CVE-2021-40263 freeimage: buffer overflow via Load() in PluginTIFF.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2235442 [ 8 ] Bug #2235444 - CVE-2021-40263 mingw-freeimage: freeimage: buffer overflow via Load() in PluginTIFF.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2235444 [ 9 ] Bug #2235456 - CVE-2021-40266 freeimage: NULL pointer dereference in ReadPalette() in PluginTIFF.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2235456 [ 10 ] Bug #2235457 - CVE-2021-40266 mingw-freeimage: freeimage: NULL pointer dereference in ReadPalette() in PluginTIFF.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2235457 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-604a7d56b0' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Patches addressing FreeImage library security flaws in Fedora 38 for MinGW on Windows, focusing on a range of buffer overflow vulnerabilities.. mingw-freeimage,Fedora 38,buffer overflow,software update,security issue. . LinuxSecurity.com Team

Calendar 2 Oct 07, 2023 Fedora
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorycriticalFedora

Fedora 24 Samba Security Update: Critical Man-in-the-Middle Threats

Security fix for CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-383fce04e2 2016-04-15 03:16:06.564657 -------------------------------------------------------------------------------- Name : samba Product : Fedora 24 Version : 4.4.2 Release : 1.fc24 URL : Summary : Server and Client software to interoperate with Windows machines Description : Samba is the standard Windows interoperability suite of programs for Linux and Unix. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1309987 - CVE-2015-5370 samba: crash in dcesrv_auth_bind_ack due to missing error check https://bugzilla.redhat.com/show_bug.cgi?id=1309987 [ 2 ] Bug #1311893 - CVE-2016-2110 samba: Man-in-the-middle attacks possible with NTLMSSP authentication https://bugzilla.redhat.com/show_bug.cgi?id=1311893 [ 3 ] Bug #1311902 - CVE-2016-2111 samba: Spoofing vulnerability when domain controller is configured https://bugzilla.redhat.com/show_bug.cgi?id=1311902 [ 4 ] Bug #1311903 - CVE-2016-2112 samba: Missing downgrade detection https://bugzilla.redhat.com/show_bug.cgi?id=1311903 [ 5 ] Bug #1311910 - CVE-2016-2113 samba: Server certificates not validated at client side https://bugzilla.redhat.com/show_bug.cgi?id=1311910 [ 6 ] Bug #1312082 - CVE-2016-2114 samba: Samba based active directory domain controller does not enforce smb signing https://bugzilla.redhat.com/show_bug.cgi?id=1312082 [ 7 ] Bug #1312084 - CVE-2016-2115 samba: Smb signing not required by default when smb clientconnection is used for ipc usage https://bugzilla.redhat.com/show_bug.cgi?id=1312084 [ 8 ] Bug #1317990 - CVE-2016-2118 samba: SAMR and LSA man in the middle attacks https://bugzilla.redhat.com/show_bug.cgi?id=1317990 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update samba' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/admin/lists/package-announce.lists.fedoraproject.org/ . Fedora 25 samba security patch tackles multiple severe vulnerabilities such as interception and rollback attacks.. Fedora Samba Security Update, Critical Vulnerabilities, Samba Software, Update Notification. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Apr 15, 2016 Critical Fedora
Banner 2 1028x280 1708121730 1 1771599631
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorybuffer overflowcritical

Red Hat: RHSA-2017-0240-01 High: openssl Security Vulnerability

Updated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Critical: glibc security and bug fix update Advisory ID: RHSA-2016:0176-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:0176.html Issue date: 2016-02-16 CVE Names: CVE-2015-5229 CVE-2015-7547 ==================================================================== 1. Summary: Updated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was foundin the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. (CVE-2015-7547) It was discovered that the calloc implementation in glibc could return memory areas which contain non-zero bytes. This could result in unexpected application behavior such as hangs or crashes. (CVE-2015-5229) The CVE-2015-7547 issue was discovered by the Google Security Team and Red Hat. Red Hat would like to thank Jeff Layton for reporting the CVE-2015-5229 issue. This update also fixes the following bugs: * The existing implementation of the "free" function causes all memory pools beyond the first to return freed memory directly to the operating system as quickly as possible. This can result in performance degradation when the rate of free calls is very high. The first memory pool (the main pool) does provide a method to rate limit the returns via M_TRIM_THRESHOLD, but this method is not available to subsequent memory pools. With this update, the M_TRIM_THRESHOLD method is extended to apply to all memory pools, which improves performance for threads with very high amounts of free calls and limits the number of "madvise" system calls. The change also increases the total transient memory usage by processes because the trim threshold must be reached before memory can be freed. To return to the previous behavior, you can either set M_TRIM_THRESHOLD using the "mallopt" function, or set the MALLOC_TRIM_THRESHOLD environment variable to 0. (BZ#1298930) * On the little-endian variant of 64-bit IBM Power Systems (ppc64le), a bug in the dynamic loader could cause applications compiled with profiling enabled to fail to start with the error "monstartup: out of memory". The bug has been corrected and applications compiled for profiling now start correctly.(BZ#1298956) All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1256285 - CVE-2015-5229 glibc: calloc may return non-zero memory 1293532 - CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow 1298956 - "monstartup: out of memory" on PPC64LE [rhel-7.2.z] 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: glibc-2.17-106.el7_2.4.src.rpm x86_64: glibc-2.17-106.el7_2.4.i686.rpm glibc-2.17-106.el7_2.4.x86_64.rpm glibc-common-2.17-106.el7_2.4.x86_64.rpm glibc-debuginfo-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-2.17-106.el7_2.4.x86_64.rpm glibc-debuginfo-common-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-common-2.17-106.el7_2.4.x86_64.rpm glibc-devel-2.17-106.el7_2.4.i686.rpm glibc-devel-2.17-106.el7_2.4.x86_64.rpm glibc-headers-2.17-106.el7_2.4.x86_64.rpm glibc-utils-2.17-106.el7_2.4.x86_64.rpm nscd-2.17-106.el7_2.4.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: glibc-debuginfo-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-2.17-106.el7_2.4.x86_64.rpm glibc-debuginfo-common-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-common-2.17-106.el7_2.4.x86_64.rpm glibc-static-2.17-106.el7_2.4.i686.rpm glibc-static-2.17-106.el7_2.4.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v.7): Source: glibc-2.17-106.el7_2.4.src.rpm x86_64: glibc-2.17-106.el7_2.4.i686.rpm glibc-2.17-106.el7_2.4.x86_64.rpm glibc-common-2.17-106.el7_2.4.x86_64.rpm glibc-debuginfo-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-2.17-106.el7_2.4.x86_64.rpm glibc-debuginfo-common-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-common-2.17-106.el7_2.4.x86_64.rpm glibc-devel-2.17-106.el7_2.4.i686.rpm glibc-devel-2.17-106.el7_2.4.x86_64.rpm glibc-headers-2.17-106.el7_2.4.x86_64.rpm glibc-utils-2.17-106.el7_2.4.x86_64.rpm nscd-2.17-106.el7_2.4.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: glibc-debuginfo-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-2.17-106.el7_2.4.x86_64.rpm glibc-debuginfo-common-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-common-2.17-106.el7_2.4.x86_64.rpm glibc-static-2.17-106.el7_2.4.i686.rpm glibc-static-2.17-106.el7_2.4.x86_64.rpm Red Hat Enterprise Linux Server (v.7): Source: glibc-2.17-106.el7_2.4.src.rpm ppc64: glibc-2.17-106.el7_2.4.ppc.rpm glibc-2.17-106.el7_2.4.ppc64.rpm glibc-common-2.17-106.el7_2.4.ppc64.rpm glibc-debuginfo-2.17-106.el7_2.4.ppc.rpm glibc-debuginfo-2.17-106.el7_2.4.ppc64.rpm glibc-debuginfo-common-2.17-106.el7_2.4.ppc.rpm glibc-debuginfo-common-2.17-106.el7_2.4.ppc64.rpm glibc-devel-2.17-106.el7_2.4.ppc.rpm glibc-devel-2.17-106.el7_2.4.ppc64.rpm glibc-headers-2.17-106.el7_2.4.ppc64.rpm glibc-utils-2.17-106.el7_2.4.ppc64.rpm nscd-2.17-106.el7_2.4.ppc64.rpm ppc64le: glibc-2.17-106.el7_2.4.ppc64le.rpm glibc-common-2.17-106.el7_2.4.ppc64le.rpm glibc-debuginfo-2.17-106.el7_2.4.ppc64le.rpm glibc-debuginfo-common-2.17-106.el7_2.4.ppc64le.rpm glibc-devel-2.17-106.el7_2.4.ppc64le.rpm glibc-headers-2.17-106.el7_2.4.ppc64le.rpm glibc-utils-2.17-106.el7_2.4.ppc64le.rpm nscd-2.17-106.el7_2.4.ppc64le.rpm s390x: glibc-2.17-106.el7_2.4.s390.rpm glibc-2.17-106.el7_2.4.s390x.rpm glibc-common-2.17-106.el7_2.4.s390x.rpm glibc-debuginfo-2.17-106.el7_2.4.s390.rpm glibc-debuginfo-2.17-106.el7_2.4.s390x.rpm glibc-debuginfo-common-2.17-106.el7_2.4.s390.rpm glibc-debuginfo-common-2.17-106.el7_2.4.s390x.rpm glibc-devel-2.17-106.el7_2.4.s390.rpm glibc-devel-2.17-106.el7_2.4.s390x.rpm glibc-headers-2.17-106.el7_2.4.s390x.rpm glibc-utils-2.17-106.el7_2.4.s390x.rpm nscd-2.17-106.el7_2.4.s390x.rpm x86_64: glibc-2.17-106.el7_2.4.i686.rpm glibc-2.17-106.el7_2.4.x86_64.rpm glibc-common-2.17-106.el7_2.4.x86_64.rpm glibc-debuginfo-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-2.17-106.el7_2.4.x86_64.rpm glibc-debuginfo-common-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-common-2.17-106.el7_2.4.x86_64.rpm glibc-devel-2.17-106.el7_2.4.i686.rpm glibc-devel-2.17-106.el7_2.4.x86_64.rpm glibc-headers-2.17-106.el7_2.4.x86_64.rpm glibc-utils-2.17-106.el7_2.4.x86_64.rpm nscd-2.17-106.el7_2.4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v.7): ppc64: glibc-debuginfo-2.17-106.el7_2.4.ppc.rpm glibc-debuginfo-2.17-106.el7_2.4.ppc64.rpm glibc-debuginfo-common-2.17-106.el7_2.4.ppc.rpm glibc-debuginfo-common-2.17-106.el7_2.4.ppc64.rpm glibc-static-2.17-106.el7_2.4.ppc.rpm glibc-static-2.17-106.el7_2.4.ppc64.rpm ppc64le: glibc-debuginfo-2.17-106.el7_2.4.ppc64le.rpm glibc-debuginfo-common-2.17-106.el7_2.4.ppc64le.rpm glibc-static-2.17-106.el7_2.4.ppc64le.rpm s390x: glibc-debuginfo-2.17-106.el7_2.4.s390.rpm glibc-debuginfo-2.17-106.el7_2.4.s390x.rpm glibc-debuginfo-common-2.17-106.el7_2.4.s390.rpm glibc-debuginfo-common-2.17-106.el7_2.4.s390x.rpm glibc-static-2.17-106.el7_2.4.s390.rpm glibc-static-2.17-106.el7_2.4.s390x.rpm x86_64: glibc-debuginfo-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-2.17-106.el7_2.4.x86_64.rpm glibc-debuginfo-common-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-common-2.17-106.el7_2.4.x86_64.rpm glibc-static-2.17-106.el7_2.4.i686.rpm glibc-static-2.17-106.el7_2.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: glibc-2.17-106.el7_2.4.src.rpm x86_64: glibc-2.17-106.el7_2.4.i686.rpm glibc-2.17-106.el7_2.4.x86_64.rpm glibc-common-2.17-106.el7_2.4.x86_64.rpm glibc-debuginfo-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-2.17-106.el7_2.4.x86_64.rpm glibc-debuginfo-common-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-common-2.17-106.el7_2.4.x86_64.rpm glibc-devel-2.17-106.el7_2.4.i686.rpm glibc-devel-2.17-106.el7_2.4.x86_64.rpm glibc-headers-2.17-106.el7_2.4.x86_64.rpm glibc-utils-2.17-106.el7_2.4.x86_64.rpm nscd-2.17-106.el7_2.4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: glibc-debuginfo-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-2.17-106.el7_2.4.x86_64.rpm glibc-debuginfo-common-2.17-106.el7_2.4.i686.rpm glibc-debuginfo-common-2.17-106.el7_2.4.x86_64.rpm glibc-static-2.17-106.el7_2.4.i686.rpm glibc-static-2.17-106.el7_2.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are availablefrom https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2015-5229 https://access.redhat.com/security/cve/CVE-2015-7547 https://access.redhat.com/security/updates/classification#critical https://access.redhat.com/articles/2161461 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWw0iDXlSAg2UNWIIRAh1MAJ4i9uRE0pNTb+BjMHGTLL5PpEbF6gCgrBwA pR+M8a0yt5CoWGJfxcd7yVg=gySF -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Urgent notice regarding glibc package vulnerabilities affecting Red Hat Enterprise Linux 7. Immediate action suggested.. Red Hat Enterprise Linux, glibc update, network threat, software patches. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Feb 16, 2016 Critical Red Hat
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorymoderatered hat

Red Hat: RHSA-2010:0977 Moderate: OpenSSL Ciphersuite Downgrade Issue

Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: openssl security update Advisory ID: RHSA-2010:0977-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2010:0977.html Issue date: 2010-12-13 CVE Names: CVE-2008-7270 CVE-2009-3245 CVE-2010-4180 ==================================================================== 1. Summary: Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code. A remote attacker could possibly use this flaw to change the ciphersuite associated with a cached session stored on the server, if the server enabled the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option, possibly forcing the client to use a weaker ciphersuite after resuming thesession. (CVE-2010-4180, CVE-2008-7270) Note: With this update, setting the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option has no effect and this bug workaround can no longer be enabled. It was discovered that OpenSSL did not always check the return value of the bn_wexpand() function. An attacker able to trigger a memory allocation failure in that function could possibly crash an application using the OpenSSL library and its UBSEC hardware engine support. (CVE-2009-3245) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 570924 - CVE-2009-3245 openssl: missing bn_wexpand return value checks 659462 - CVE-2010-4180 openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG ciphersuite downgrade attack 660650 - CVE-2008-7270 openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG downgrade-to-disabled ciphersuite attack 6. Package List: Red Hat Enterprise Linux AS version4: Source: i386: openssl-0.9.7a-43.17.el4_8.6.i386.rpm openssl-0.9.7a-43.17.el4_8.6.i686.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.i386.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.i686.rpm openssl-devel-0.9.7a-43.17.el4_8.6.i386.rpm openssl-perl-0.9.7a-43.17.el4_8.6.i386.rpm ia64: openssl-0.9.7a-43.17.el4_8.6.i686.rpm openssl-0.9.7a-43.17.el4_8.6.ia64.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.i686.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.ia64.rpm openssl-devel-0.9.7a-43.17.el4_8.6.ia64.rpm openssl-perl-0.9.7a-43.17.el4_8.6.ia64.rpm ppc: openssl-0.9.7a-43.17.el4_8.6.ppc.rpm openssl-0.9.7a-43.17.el4_8.6.ppc64.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.ppc.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.ppc64.rpm openssl-devel-0.9.7a-43.17.el4_8.6.ppc.rpm openssl-devel-0.9.7a-43.17.el4_8.6.ppc64.rpm openssl-perl-0.9.7a-43.17.el4_8.6.ppc.rpm s390: openssl-0.9.7a-43.17.el4_8.6.s390.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.s390.rpm openssl-devel-0.9.7a-43.17.el4_8.6.s390.rpm openssl-perl-0.9.7a-43.17.el4_8.6.s390.rpm s390x: openssl-0.9.7a-43.17.el4_8.6.s390.rpm openssl-0.9.7a-43.17.el4_8.6.s390x.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.s390.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.s390x.rpm openssl-devel-0.9.7a-43.17.el4_8.6.s390.rpm openssl-devel-0.9.7a-43.17.el4_8.6.s390x.rpm openssl-perl-0.9.7a-43.17.el4_8.6.s390x.rpm x86_64: openssl-0.9.7a-43.17.el4_8.6.i686.rpm openssl-0.9.7a-43.17.el4_8.6.x86_64.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.i386.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.i686.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.x86_64.rpm openssl-devel-0.9.7a-43.17.el4_8.6.i386.rpm openssl-devel-0.9.7a-43.17.el4_8.6.x86_64.rpm openssl-perl-0.9.7a-43.17.el4_8.6.x86_64.rpm Red Hat Enterprise Linux Desktop version4: Source: i386: openssl-0.9.7a-43.17.el4_8.6.i386.rpm openssl-0.9.7a-43.17.el4_8.6.i686.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.i386.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.i686.rpm openssl-devel-0.9.7a-43.17.el4_8.6.i386.rpm openssl-perl-0.9.7a-43.17.el4_8.6.i386.rpm x86_64: openssl-0.9.7a-43.17.el4_8.6.i686.rpm openssl-0.9.7a-43.17.el4_8.6.x86_64.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.i386.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.i686.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.x86_64.rpm openssl-devel-0.9.7a-43.17.el4_8.6.i386.rpm openssl-devel-0.9.7a-43.17.el4_8.6.x86_64.rpm openssl-perl-0.9.7a-43.17.el4_8.6.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: i386: openssl-0.9.7a-43.17.el4_8.6.i386.rpm openssl-0.9.7a-43.17.el4_8.6.i686.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.i386.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.i686.rpm openssl-devel-0.9.7a-43.17.el4_8.6.i386.rpm openssl-perl-0.9.7a-43.17.el4_8.6.i386.rpm ia64: openssl-0.9.7a-43.17.el4_8.6.i686.rpm openssl-0.9.7a-43.17.el4_8.6.ia64.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.i686.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.ia64.rpm openssl-devel-0.9.7a-43.17.el4_8.6.ia64.rpm openssl-perl-0.9.7a-43.17.el4_8.6.ia64.rpm x86_64: openssl-0.9.7a-43.17.el4_8.6.i686.rpm openssl-0.9.7a-43.17.el4_8.6.x86_64.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.i386.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.i686.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.x86_64.rpm openssl-devel-0.9.7a-43.17.el4_8.6.i386.rpm openssl-devel-0.9.7a-43.17.el4_8.6.x86_64.rpm openssl-perl-0.9.7a-43.17.el4_8.6.x86_64.rpm Red Hat Enterprise Linux WS version4: Source: i386: openssl-0.9.7a-43.17.el4_8.6.i386.rpm openssl-0.9.7a-43.17.el4_8.6.i686.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.i386.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.i686.rpm openssl-devel-0.9.7a-43.17.el4_8.6.i386.rpm openssl-perl-0.9.7a-43.17.el4_8.6.i386.rpm ia64: openssl-0.9.7a-43.17.el4_8.6.i686.rpm openssl-0.9.7a-43.17.el4_8.6.ia64.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.i686.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.ia64.rpm openssl-devel-0.9.7a-43.17.el4_8.6.ia64.rpm openssl-perl-0.9.7a-43.17.el4_8.6.ia64.rpm x86_64: openssl-0.9.7a-43.17.el4_8.6.i686.rpm openssl-0.9.7a-43.17.el4_8.6.x86_64.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.i386.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.i686.rpm openssl-debuginfo-0.9.7a-43.17.el4_8.6.x86_64.rpm openssl-devel-0.9.7a-43.17.el4_8.6.i386.rpm openssl-devel-0.9.7a-43.17.el4_8.6.x86_64.rpm openssl-perl-0.9.7a-43.17.el4_8.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2008-7270 https://access.redhat.com/security/cve/CVE-2009-3245 https://access.redhat.com/security/cve/CVE-2010-4180 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNBmPdXlSAg2UNWIIRAhJ7AJ4udykIH04u4+SjeOtQtqP6ckm6gQCgxMQJ uHxijZs4kgRR0FnX+gzoPdU=5RLE -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Critical vulnerability patch released for OpenSSL on Red Hat Enterprise Linux. Users should upgrade immediately to mitigate risks.. OpenSSL Update, Red Hat Security Update, Linux Patch Management. . LinuxSecurity.com Team

Calendar 2 Dec 13, 2010 Red Hat
Banner 2 1028x280 1708121730 1 1771599631
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here