Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
172
security advisoryremote accessubuntuUbuntu 24.04 LTS Security Notice USN-7051-1: Medium Risk AsyncSSH Issue
A protocol flaw was fixed in AsyncSSH.. ========================================================================== Ubuntu Security Notice USN-7051-1 October 02, 2024 python-asyncssh vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: A protocol flaw was fixed in AsyncSSH. Software Description: - python-asyncssh: asyncio-based client and server implementation of SSHv2 protocol Details: Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being downgraded. This issue is known as the Terrapin attack. This update adds protocol extensions to mitigate this issue. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS python3-asyncssh 2.10.1-2ubuntu0.1 Ubuntu 22.04 LTS python3-asyncssh 2.5.0-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS python3-asyncssh 1.12.2-1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7051-1 CVE-2023-48795 Package Information: . An issue related to a protocol vulnerability in python-asyncssh has been rectified in Ubuntu versions 24.04, 22.04, and 20.04 LTS. Discover details regarding the recent security modification.. protocol flaw, asyncssh, ubuntu, security update, SSH communications. . Severity: Medium. LinuxSecurity.com Team
Oct 02, 2024
•Medium
Ubuntu
99
security advisorycriticalsoftware updateSlackware 14.x: SSA:2016-189-01 Critical Samba Downgrade Threat
New samba packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] samba (SSA:2016-189-01) New samba packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/samba-4.4.5-i586-1_slack14.2.txz: Upgraded. This release fixes a security issue: Client side SMB2/3 required signing can be downgraded. It's possible for an attacker to downgrade the required signing for an SMB2/3 client connection, by injecting the SMB2_SESSION_FLAG_IS_GUEST or SMB2_SESSION_FLAG_IS_NULL flags. This means that the attacker can impersonate a server being connected to by Samba, and return malicious results. For more information, see: https://www.cve.org/CVERecord?id=CVE-2016-2119 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 14.0: Updated package for Slackware x86_64 14.0: Updated package for Slackware 14.1: Updated package for Slackware x86_64 14.1: Updated package for Slackware 14.2: Updated package for Slackware x86_64 14.2: Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 14.0 package: 6138a02471f3320cefec87d05bd2a2f4 samba-4.2.14-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 4b49e85f14da9a3ed170012660796beb samba-4.2.14-x86_64-1_slack14.0.txz Slackware 14.1 package: 086984352ac698fdc207f09e6ab58977 samba-4.2.14-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 38624fc438183525e0a81a5975162f88 samba-4.2.14-x86_64-1_slack14.1.txz Slackware 14.2 package: bce33ebd9db8bd4f3de06e28195045de samba-4.4.5-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 63478673374cddf5963fb870253c43b4 samba-4.4.5-x86_64-1_slack14.2.txz Slackware -current package: bce33ebd9db8bd4f3de06e28195045de n/samba-4.4.5-i586-1.txz Slackware x86_64 -current package: 63478673374cddf5963fb870253c43b4 n/samba-4.4.5-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg samba-4.4.5-i586-1_slack14.2.txz Then, if Samba is running restart it: # /etc/rc.d/rc.samba restart +-----+ . Recent samba updates tackle significant vulnerabilities in Slackware 14.x, along with step-by-step upgrade guidance for affected users.. Samba Update, Slackware Security, Samba Downgrade Fix, Critical Security, Package Update. . Severity: Critical. LinuxSecurity.com Team
Jul 07, 2016
•Critical
Slackware
172
security advisoryUbuntuOpenSSLUbuntu 15.04 USN-2624-1 Critical: OpenSSL Export Cipher Disable
The export cipher suites have been disabled in OpenSSL.. =========================================================================Ubuntu Security Notice USN-2624-1 June 01, 2015 openssl update ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.04 - Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: The export cipher suites have been disabled in OpenSSL. Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools Details: As a security improvement, this update removes the export cipher suites from the default cipher list to prevent their use in possible downgrade attacks. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.04: libssl1.0.0 1.0.1f-1ubuntu11.1 Ubuntu 14.10: libssl1.0.0 1.0.1f-1ubuntu9.5 Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.12 Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.28 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-2624-1 https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1460735 Package Information: https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu11.1 https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu9.5 https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.12 https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.28 . Red Hat has removed legacy encryption protocols from OpenSSL to strengthen defenses against man-in-the-middle threats. Upgrade today!. OpenSSL Security, Ubuntu Update, Export Cipher Suite, System Security. . Severity: Critical. LinuxSecurity.com Team
Jun 01, 2015
•Critical
Ubuntu
198
security advisoryman-in-the-middlereplay attackArch Linux: ASA-201410-4 Medium: Zeromq Downgrade and Replay Threat
The package zeromq before version 4.0.5-1 is vulnerable to man-in-the-middle downgrade and replay attacks. . Arch Linux Security Advisory ASA-201410-4 ======================================== Severity: Medium Date : 2014-10-15 CVE-ID : CVE-2014-7202 CVE-2014-7203 Package : zeromq Type : Man-in-the-middle downgrade and replay attack Remote : yes Link : https://wiki.archlinux.org/title/CVE-2014 Summary ====== The package zeromq before version 4.0.5-1 is vulnerable to man-in-the-middle downgrade and replay attacks. Resolution ========= Upgrade to 4.0.5-1. # pacman -Syu "zeromq> =4.0.5-1" The problem has been fixed upstream in version 4.0.5. Workaround ========= None. Description ========== - CVE-2014-7202 (downgrade attack) A bug in stream_engine.cpp allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request. - CVE-2014-7203 (replay attack) libzmq did not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors. Impact ===== A remote attacker is able to perform unauthorized modifications by using a downgrade attack to target vulnerable protocol versions or by performing a replay attack of a recorded communication. References ========= http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7202 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7203 https://github.com/zeromq/libzmq/issues/1190 https://github.com/zeromq/libzmq/issues/1191 https://bugs.archlinux.org/task/42381 https://seclists.org/oss-sec/2014/q3/776 . Arch Linux Security Advisory ASA-201410-4 ======================================== Severity: Medium . package, zeromq, version, vulnerable, man-in-the-middle, downgrade, replay. . Severity: Medium. LinuxSecurity.com Team
Oct 15, 2014
•Medium
ArchLinux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!