Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
202
security advisorymoderateenvironment issueopenSUSE: 2024:4407-1 moderate: netty memory issue crash
An update that solves one vulnerability and has one security fix can now be installed.. # Security update for aalto-xml, flatten-maven-plugin, jctools, moditect, netty, netty-tcnative Announcement ID: SUSE-SU-2024:4407-1 Release Date: 2024-12-23T08:49:51Z Rating: moderate References: * bsc#1047218 * bsc#1233297 Cross-References: * CVE-2024-47535 CVSS scores: * CVE-2024-47535 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-47535 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-47535 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Development Tools Module 15-SP5 * Development Tools Module 15-SP6 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP5 * SUSE Package Hub 15 15-SP6 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for aalto-xml, flatten-maven-plugin, jctools, moditect, netty, netty-tcnative fixes the following issues: * CVE-2024-47535: Fixed unsafe reading of large environment files when Netty is loaded by a java application can lead to a crash due to the JVM memory limit being exceeded in netty (bsc#1233297) Other fixes: \- Upgraded netty to upstream version 4.1.115 \- Upgraded netty- tcnative to version 2.0.69 Final \- Updated jctools to version 4.0.5 \- Updated aalto-xml to version 1.3.3 \- Updated moditect to version 1.2.2 \- Updated flatten-maven-plugin to version 1.6.0 ## PatchInstructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-4407=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-4407=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-4407=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-4407=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-4407=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-4407=1 ## Package List: * openSUSE Leap 15.5 (noarch) * netty-javadoc-4.1.115-150200.4.26.1 * jctools-experimental-4.0.5-150200.3.9.1 * jctools-channels-4.0.5-150200.3.9.1 * jctools-javadoc-4.0.5-150200.3.9.1 * jctools-4.0.5-150200.3.9.1 * netty-tcnative-javadoc-2.0.69-150200.3.22.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * netty-4.1.115-150200.4.26.1 * netty-tcnative-2.0.69-150200.3.22.1 * openSUSE Leap 15.6 (noarch) * netty-javadoc-4.1.115-150200.4.26.1 * jctools-experimental-4.0.5-150200.3.9.1 * jctools-channels-4.0.5-150200.3.9.1 * jctools-javadoc-4.0.5-150200.3.9.1 * jctools-4.0.5-150200.3.9.1 * netty-tcnative-javadoc-2.0.69-150200.3.22.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * netty-4.1.115-150200.4.26.1 * netty-tcnative-2.0.69-150200.3.22.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.69-150200.3.22.1 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.69-150200.3.22.1 * SUSE Package Hub 15 15-SP5 (noarch) * jctools-4.0.5-150200.3.9.1 * netty-javadoc-4.1.115-150200.4.26.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64les390x x86_64) * netty-4.1.115-150200.4.26.1 * SUSE Package Hub 15 15-SP6 (noarch) * jctools-4.0.5-150200.3.9.1 * netty-javadoc-4.1.115-150200.4.26.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64) * netty-4.1.115-150200.4.26.1 ## References: * https://www.suse.com/security/cve/CVE-2024-47535.html * https://bugzilla.suse.com/show_bug.cgi?id=1047218 * https://bugzilla.suse.com/show_bug.cgi?id=1233297 . Enhance security by patching vulnerabilities in netty and assorted utilities within openSUSE. Execute the installation to protect systems from potential memory-related concerns.. SUSE security advisory, netty fix, openSUSE update, development tools patch, environment vulnerability. . LinuxSecurity.com Team
Dec 23, 2024
OpenSUSE
203
security advisorycriticalsoftware patchMageia 8 MGASA-2022-0444 Critical: Golang Environment Issues
Fixed unsanitized NUL in environment variables in syscalls, os/exec (go#56327) (bsc#1204941). (CVE-2022-41716) runtime: lock count" fatal error when cgo is enabled (go#56308) . MGASA-2022-0444 - Updated golang packages fix security vulnerability Publication date: 27 Nov 2022 URL: https://advisories.mageia.org/MGASA-2022-0444.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-41716 Fixed unsanitized NUL in environment variables in syscalls, os/exec (go#56327) (bsc#1204941). (CVE-2022-41716) runtime: lock count" fatal error when cgo is enabled (go#56308) References: - https://bugs.mageia.org/show_bug.cgi?id=31158 - https://lists.suse.com/pipermail/sle-security-updates/2022-November/012970.html - https://lists.suse.com/pipermail/sle-security-updates/2022-November/012965.html - - - https://www.cve.org/CVERecord?id=CVE-2022-41716 SRPMS: - 8/core/golang-1.18.8-1.mga8 . Mageia 2022-0445 tackles severe python security vulnerability by rectifying uncleaned input parameters in system calls.. Mageia Security Update,Golang Critical Fix,Environment Variables,Security Patch,Software Update. . Severity: Critical. LinuxSecurity.com Team
Nov 27, 2022
•Critical
Mageia
100
security advisorysoftware updatesecurity fixSUSE: 2022:4055-1 Low Severity: Go1.18 Environment Variable Issue
An update that solves one vulnerability and has one errata is now available. . SUSE Security Update: Security update for go1.18 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4055-1 Rating: low References: #1193742 #1204941 Cross-References: CVE-2022-41716 CVSS scores: CVE-2022-41716 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-41716 (SUSE): 0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for go1.18 fixes the following issues: Update to go 1.18.8 (released 2022-11-01) (bsc#1193742): Security fixes: - CVE-2022-41716: Fixed unsanitized NUL in environmentvariables in syscalls, os/exec (go#56327) (bsc#1204941). Bugfixes: - runtime: lock count" fatal error when cgo is enabled (go#56308). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4055=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4055=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-4055=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-4055=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): go1.18-1.18.8-150000.1.37.1 go1.18-doc-1.18.8-150000.1.37.1 - openSUSE Leap 15.4 (aarch64 x86_64): go1.18-race-1.18.8-150000.1.37.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): go1.18-1.18.8-150000.1.37.1 go1.18-doc-1.18.8-150000.1.37.1 - openSUSE Leap 15.3 (aarch64 x86_64): go1.18-race-1.18.8-150000.1.37.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): go1.18-1.18.8-150000.1.37.1 go1.18-doc-1.18.8-150000.1.37.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 x86_64): go1.18-race-1.18.8-150000.1.37.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): go1.18-1.18.8-150000.1.37.1 go1.18-doc-1.18.8-150000.1.37.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): go1.18-race-1.18.8-150000.1.37.1 References: https://www.suse.com/security/cve/CVE-2022-41716.html https://bugzilla.suse.com/1193742 https://bugzilla.suse.com/1204941 . SUSE has released a Security Update regardinggo1.18 which resolves a single issue deemed to have a minor severity level. Please ensure that you implement the required updates.. SUSENotices, GoUpdate, EnvironmentFix. . Severity: Low. LinuxSecurity.com Team
Nov 17, 2022
•Low
SuSE
100
security advisorylow severityenvironment issueSUSE: 2022:4054-2 Low Severity: Go1.19 Environment Vulnerability
An update that solves one vulnerability and has one errata is now available. . SUSE Security Update: Security update for go1.19 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4054-1 Rating: low References: #1200441 #1204941 Cross-References: CVE-2022-41716 CVSS scores: CVE-2022-41716 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-41716 (SUSE): 0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for go1.19 fixes the following issues: Update to go 1.19.3 (released 2022-11-01) (bsc#1200441): Security fixes: - CVE-2022-41716: Fixed unsanitized NUL in environmentvariables in syscalls, os/exec (go#56327) (bsc#1204941). Bugfixes: - runtime: lock count" fatal error when cgo is enabled (go#56308). - cmd/compile: libFuzzer instrumentation fakePC overflow on 386 arch (go#56168). - internal/fuzz: array literal initialization causes ICE "unhandled stmt ASOP" while fuzzing (go#56106). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4054=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4054=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-4054=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-4054=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): go1.19-1.19.3-150000.1.15.1 go1.19-doc-1.19.3-150000.1.15.1 - openSUSE Leap 15.4 (aarch64 x86_64): go1.19-race-1.19.3-150000.1.15.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): go1.19-1.19.3-150000.1.15.1 go1.19-doc-1.19.3-150000.1.15.1 - openSUSE Leap 15.3 (aarch64 x86_64): go1.19-race-1.19.3-150000.1.15.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): go1.19-1.19.3-150000.1.15.1 go1.19-doc-1.19.3-150000.1.15.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 x86_64): go1.19-race-1.19.3-150000.1.15.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): go1.19-1.19.3-150000.1.15.1 go1.19-doc-1.19.3-150000.1.15.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): go1.19-race-1.19.3-150000.1.15.1 References: https://www.suse.com/security/cve/CVE-2022-41716.html https://bugzilla.suse.com/1200441 https://bugzilla.suse.com/1204941 . New release out for SUSE: critical patch for go1.19 resolving problems with environment variables.. SUSE Update, go Security Patch, Env Variable Issue. . Severity: Low. LinuxSecurity.com Team
Nov 17, 2022
•Low
SuSE
99
security advisorycritical threatSlackwareSlackware 14.1 SSA:2014-086-06 Critical: OpenSSH Environment Issue
New openssh packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] openssh (SSA:2014-086-06) New openssh packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssh-6.6p1-i486-1_slack14.1.txz: Upgraded. This update fixes a security issue when using environment passing with a sshd_config(5) AcceptEnv pattern with a wildcard. OpenSSH could be tricked into accepting any environment variable that contains the characters before the wildcard character. For more information, see: https://www.cve.org/CVERecord?id=CVE-2014-2532 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 13.0: Updated package for Slackware x86_64 13.0: Updated package for Slackware 13.1: Updated package for Slackware x86_64 13.1: Updated package for Slackware 13.37: Updated package for Slackware x86_64 13.37: Updated package for Slackware 14.0: Updated package for Slackware x86_64 14.0: Updated package for Slackware 14.1: Updated package for Slackware x86_64 14.1: Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 13.0 package: 0729d3be6a1886c2462522110333abc0 openssh-5.9p1-i486-1_slack13.0.txz Slackware x86_64 13.0 package: a474f048de648347207bacb21b5f8f28 openssh-5.9p1-x86_64-1_slack13.0.txz Slackware 13.1 package: 8df387cdf44f359a9de7c3e40ea321c6 openssh-5.9p1-i486-1_slack13.1.txz Slackware x86_64 13.1package: e7eb361401849bbcfb0e20ea17181836 openssh-5.9p1-x86_64-1_slack13.1.txz Slackware 13.37 package: 8404668d896f81b44ddd5e6e2985f590 openssh-5.9p1-i486-3_slack13.37.txz Slackware x86_64 13.37 package: b50bb951453824e53dcddbdf1d571561 openssh-5.9p1-x86_64-3_slack13.37.txz Slackware 14.0 package: 755d1ec29f80ac40636741ddf618715a openssh-6.6p1-i486-1_slack14.0.txz Slackware x86_64 14.0 package: cc74307ab8875a8fa04a87f18b0cd216 openssh-6.6p1-x86_64-1_slack14.0.txz Slackware 14.1 package: 1dcb917e01fa83d1cabd59378c81dd32 openssh-6.6p1-i486-1_slack14.1.txz Slackware x86_64 14.1 package: dfb1f98206ce1e2300fea647a5281486 openssh-6.6p1-x86_64-1_slack14.1.txz Slackware -current package: 7a5f7c123c397d040fff868afbf86e8b n/openssh-6.6p1-i486-1.txz Slackware x86_64 -current package: e6d3cced2c7c9e642d8982b27295a408 n/openssh-6.6p1-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg openssh-6.6p1-i486-1_slack14.1.txz Next, restart the sshd daemon: # sh /etc/rc.d/rc.sshd restart +-----+ . Recent updates for OpenSSH on Slackware address a critical vulnerability pertaining to the AcceptEnv directive processing.. OpenSSH Update, Slackware Security Patch, Environment Variable Fix. . Severity: Critical. LinuxSecurity.com Team
Mar 28, 2014
•Critical
Slackware
172
security advisorysecurity updateremote accessUbuntu 2155-1 Moderate: OpenSSH Wildcard Handling Issue
OpenSSH incorrectly handled environment restrictions with wildcards.. =========================================================================Ubuntu Security Notice USN-2155-1 March 25, 2014 openssh vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.10 - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: OpenSSH incorrectly handled environment restrictions with wildcards. Software Description: - openssh: secure shell (SSH) for secure access to remote machines Details: Jann Horn discovered that OpenSSH incorrectly handled wildcards in AcceptEnv lines. A remote attacker could use this issue to possibly bypass certain intended environment variable restrictions. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.10: openssh-server 1:6.2p2-6ubuntu0.2 Ubuntu 12.10: openssh-server 1:6.0p1-3ubuntu1.1 Ubuntu 12.04 LTS: openssh-server 1:5.9p1-5ubuntu1.2 Ubuntu 10.04 LTS: openssh-server 1:5.3p1-3ubuntu7.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-2155-1 CVE-2014-2532 Package Information: https://launchpad.net/ubuntu/+source/openssh/1:6.2p2-6ubuntu0.2 https://launchpad.net/ubuntu/+source/openssh/1:6.0p1-3ubuntu1.1 https://launchpad.net/ubuntu/+source/openssh/1:5.9p1-5ubuntu1.2 https://launchpad.net/ubuntu/+source/openssh/1:5.3p1-3ubuntu7.1 . In relation to the OpenSSH vulnerability identified in Ubuntu releases, a remote threat actor could circumvent environment limitations through the use of wildcard characters.. OpenSSH Issue, Ubuntu Security, Environmental Security Threats. . LinuxSecurity.com Team
Mar 25, 2014
Ubuntu
98
security advisoryRed Hat Linuxat commandRed Hat Linux 6.2: RHSA-2002:015-15 Critical: At Heap Corruption
This updated at package fixes two minor problems and one majorproblem where the environment can get wiped out prior to the execution of ascheduled command.. ` --------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: Updated at package available Advisory ID: RHSA-2002:015-15 Issue date: 2002-01-15 Updated on: 2002-02-07 Product: Red Hat Linux Keywords: at security heap corruption environment Cross references: Obsoletes: --------------------------------------------------------------------- 1. Topic: This updated at package fixes two minor problems and one major problem where the environment can get wiped out prior to the execution of a scheduled command. For versions of Red Hat Linux prior to 7.2, this package also fixes a potential security vulnerability which can result in heap corruption (Red Hat Linux 7.2 is not vulnerable to this security exploit). Update 2002-02-01: The package for Red Hat Linux 6.2 tried to source a file in /etc/init.d, which doesn't exist on a standard system. 2. Relevant releases/architectures: Red Hat Linux 6.2 - alpha, i386, sparc Red Hat Linux 7.0 - alpha, i386 Red Hat Linux 7.1 - alpha, i386, ia64 Red Hat Linux 7.2 - i386, ia64 3. Problem description: A server running the latest version of at could have commands that depend on the current environment (for example, the PATH) which would then fail or run incorrectly because the environment would not be accessible when the command was executed at a later time. Additionally, in versions of Red Hat Linux prior to 7.2 a malicious local user could specify an execution time is in a carefully drafted format causing a heap corruption bug. Since the at command is installed as setuid root this bug can be exploited. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0004 to this issue. Thanks to zen-parse for reporting this vulnerability. Inaddition to the fixed heap corruption, file handling security on all versions of at has been improved by adding the O_EXCL (exclusive) option to an open system call. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed ( for more info): 49491 - all environment is wiped out prior to executing user command 51253 - Wrong pointer to time syntax in man page 52626 - "at" RPM says that /var/spool/at/.SEQ should be executable 6. RPMs required: Red Hat Linux 6.2: SRPMS: alpha: i386: sparc: Red Hat Linux 7.0: SRPMS: alpha: i386: Red Hat Linux 7.1: SRPMS: alpha: i386: ia64: Red Hat Linux 7.2: SRPMS: i386: ia64: 7. Verification: MD5 sum Package Name -------------------------------------------------------------------------- beab8c80838d3920d758a2e8e5b5e3b2 6.2/en/os/SRPMS/at-3.1.8-22.2.src.rpm 31a1aac9c620778fe24a5d9c73b468c6 6.2/en/os/alpha/at-3.1.8-22.2.alpha.rpm a5ea88124398a0b937dd93e93d62c3bd 6.2/en/os/i386/at-3.1.8-22.2.i386.rpm 3ee8b5c53f23d0eae9bd78c69621ff78 6.2/en/os/sparc/at-3.1.8-22.2.sparc.rpm b1f62f4b41e12a54a1f73d639363a638 7.0/en/os/SRPMS/at-3.1.8-23.src.rpm 97e27a1d2dc0f08d8f118209a891689a7.0/en/os/alpha/at-3.1.8-23.alpha.rpm ea793fd803f10c8fa66abb8191fefb9b 7.0/en/os/i386/at-3.1.8-23.i386.rpm b1f62f4b41e12a54a1f73d639363a638 7.1/en/os/SRPMS/at-3.1.8-23.src.rpm 97e27a1d2dc0f08d8f118209a891689a 7.1/en/os/alpha/at-3.1.8-23.alpha.rpm ea793fd803f10c8fa66abb8191fefb9b 7.1/en/os/i386/at-3.1.8-23.i386.rpm 8fed88d53824e98f509289c42ea01237 7.1/en/os/ia64/at-3.1.8-23.ia64.rpm b1f62f4b41e12a54a1f73d639363a638 7.2/en/os/SRPMS/at-3.1.8-23.src.rpm ea793fd803f10c8fa66abb8191fefb9b 7.2/en/os/i386/at-3.1.8-23.i386.rpm 8fed88d53824e98f509289c42ea01237 7.2/en/os/ia64/at-3.1.8-23.ia64.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: About You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg 8. References: CVE -CVE-2002-0004 Copyright(c) 2000, 2001 Red Hat, Inc. `. SUSE has released an updated 'em' module that addresses a significant memory overflow flaw, safeguarding against possible information leaks or system outages while performing operations.. Heap Corruption Fix, Red Hat Linux Security, At Command Update. . Severity: Critical. LinuxSecurity.com Team
Feb 08, 2002
•Critical
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!