Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
98
security advisoryRed Hatsecurity fixRed Hat Enterprise Linux 8.4 RHSA-2022:0002 Important Grafana Update
An update for grafana is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: grafana security update Advisory ID: RHSA-2022:0002-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0002 Issue date: 2022-01-03 CVE Names: CVE-2021-44716 ==================================================================== 1. Summary: An update for grafana is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64 3. Description: Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): * golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 6. Package List: Red Hat Enterprise Linux AppStream EUS(v.8.4): Source: grafana-7.3.6-4.el8_4.src.rpm aarch64: grafana-7.3.6-4.el8_4.aarch64.rpm grafana-debuginfo-7.3.6-4.el8_4.aarch64.rpm ppc64le: grafana-7.3.6-4.el8_4.ppc64le.rpm grafana-debuginfo-7.3.6-4.el8_4.ppc64le.rpm s390x: grafana-7.3.6-4.el8_4.s390x.rpm grafana-debuginfo-7.3.6-4.el8_4.s390x.rpm x86_64: grafana-7.3.6-4.el8_4.x86_64.rpm grafana-debuginfo-7.3.6-4.el8_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-44716 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYdK4JtzjgjWX9erEAQg51RAAgdCgqJZnVhZoaByptCvCMkf4/Nx9Mj/e am+g9A0/esj6t3HOdn26fTn3G4MaZeQR4NCHOKzy7qELWJblGL5v1nh41UqEG+wa PXQ3ShOhaCDjqtyhQmRCGOUu3DXyRivhtF01xKQR5o1obyr8gfQNuvhiUv0K/TJ3 KbOQsX2D97Y2i1Mwvt3lhlnM+q+Hj63N7pVsGnCFq128CPZsf/QwWT0/Jpt1Qve2 0QoNy6vckTaSADWy68YDdo347EsF/KyJTFxPeqF51MVKR0Ii2SMxXwIy13zQa9q/ RaZdoWJn4W4lGcGPQ9y1Ka6BRFMrKNl7z/3yGK+wgBu8bUDimovff8YU/czDHQQX lTpRIQZ3aw3Ei6eFVHN8Y6aQGZexTU3RNAfWIINoD9Hc49YBJUcGcByPDb8XomC8 R+tO/z2WffKbUWdElD8LSsdrapqJad+BhecK5Rh9iwKgZnN9NCa3XOsnYF9KiV4z W4dVX3gnWjQynwtNHQ24vVFWU4AXoOhDmaW/46ZMP0rA2ES9OVS1NriZ47wnsaLj KidKSz64rbW6GCg0Z6r007btqZ+h5x9p7u45rxgk/APzWpSZIApwGhw5rHDJ3l9B 1NhmfZypEKBU4AtHIQK2TXCfoDwcONt0HrpoVE/5uNf8IYmHXoWhoZ7ZxcNcE8Yk 2JwJ2+VH520=Az85 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jan 03, 2022
•Important
Red Hat
98
security advisoryRed Hatlow severityRed Hat: 6.4 EUS Retirement Notice RHSA-2015:0103-01 Low Severity
This is the One-Month notification for the retirement of Red Hat Enterprise Linux 6.4 Extended Update Support (EUS). This notification applies only to those customers subscribed to the Extended Update Support (EUS) channel for Red Hat Enterprise Linux 6.4.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat Enterprise Linux 6.4 Extended Update Support One-Month Notice Advisory ID: RHSA-2015:0103-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2015:0103.html Issue date: 2015-01-28 ==================================================================== 1. Summary: This is the One-Month notification for the retirement of Red Hat Enterprise Linux 6.4 Extended Update Support (EUS). This notification applies only to those customers subscribed to the Extended Update Support (EUS) channel for Red Hat Enterprise Linux 6.4. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server EUS (v. 6.4) - i386, ppc64, s390x, x86_64 3. Description: In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.4 will be retired as of February 28, 2015, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.4 EUS after February 28, 2015. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. We encourage customers to plan their migration from Red Hat Enterprise Linux 6.4 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release. Details of the Red Hat Enterprise Linux lifecycle can be found here: https://access.redhat.com/support/policy/updates/errata 4. Solution: This erratum contains an updated redhat-release-server package that provides a copy of this retirement notice in the "/usr/share/doc/" directory. 5. Package List: Red Hat Enterprise Linux Server EUS (v. 6.4): Source: redhat-release-server-6Server-6.4.0.7.el6_4.src.rpm i386: redhat-release-server-6Server-6.4.0.7.el6_4.i686.rpm ppc64: redhat-release-server-6Server-6.4.0.7.el6_4.ppc64.rpm s390x: redhat-release-server-6Server-6.4.0.7.el6_4.s390x.rpm x86_64: redhat-release-server-6Server-6.4.0.7.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 6. References: https://access.redhat.com/security/updates/classification#low https://access.redhat.com/support/policy/updates/errata 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUyTW/XlSAg2UNWIIRAjtwAJ92lLry6zZIhf30mVSQIVldfrWl4wCfQvGy /fqXKv6eNacfEBEEBK+oClE=nu9+ -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Jan 28, 2015
•Low
Red Hat
98
security advisorybuffer overflowred hatRed Hat 6.5 RHSA-2015:0104-01 Critical NTP Buffer Overflow
Updated ntp packages that fix several security issues are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Important security [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Important: ntp security update Advisory ID: RHSA-2015:0104-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2015:0104.html Issue date: 2015-01-28 CVE Names: CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 ==================================================================== 1. Summary: Updated ntp packages that fix several security issues are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.5) - noarch, x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.5) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.5) - i386, noarch, ppc64, s390x, x86_64 3. Description: The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user. Note: the crypto_recv() flaw requires non-default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited vialocal attackers, and the configure() flaw requires additional authentication to exploit. (CVE-2014-9295) It was found that ntpd automatically generated weak keys for its internal use if no ntpdc request authentication key was specified in the ntp.conf configuration file. A remote attacker able to match the configured IP restrictions could guess the generated key, and possibly use it to send ntpdc query or configuration requests. (CVE-2014-9293) It was found that ntp-keygen used a weak method for generating MD5 keys. This could possibly allow an attacker to guess generated MD5 keys that could then be used to spoof an NTP client or server. Note: it is recommended to regenerate any MD5 keys that had explicitly been generated with ntp-keygen; the default installation does not contain such keys. (CVE-2014-9294) A missing return statement in the receive() function could potentially allow a remote attacker to bypass NTP's authentication mechanism. (CVE-2014-9296) All ntp users are advised to upgrade to this updated package, which contains backported patches to resolve these issues. After installing the update, the ntpd daemon will restart automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1176032 - CVE-2014-9293 ntp: automatic generation of weak default key in config_auth() 1176035 - CVE-2014-9294 ntp: ntp-keygen uses weak random number generator and seed when generating MD5 keys 1176037 - CVE-2014-9295 ntp: Multiple buffer overflows via specially-crafted packets 1176040 - CVE-2014-9296 ntp: receive() missing return on error 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v.6.5): Source: ntp-4.2.6p5-2.el6_5.src.rpm x86_64: ntp-4.2.6p5-2.el6_5.x86_64.rpm ntp-debuginfo-4.2.6p5-2.el6_5.x86_64.rpm ntpdate-4.2.6p5-2.el6_5.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.5): Source: ntp-4.2.6p5-2.el6_5.src.rpm noarch: ntp-doc-4.2.6p5-2.el6_5.noarch.rpm x86_64: ntp-debuginfo-4.2.6p5-2.el6_5.x86_64.rpm ntp-perl-4.2.6p5-2.el6_5.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.5): Source: ntp-4.2.6p5-2.el6_5.src.rpm i386: ntp-4.2.6p5-2.el6_5.i686.rpm ntp-debuginfo-4.2.6p5-2.el6_5.i686.rpm ntpdate-4.2.6p5-2.el6_5.i686.rpm ppc64: ntp-4.2.6p5-2.el6_5.ppc64.rpm ntp-debuginfo-4.2.6p5-2.el6_5.ppc64.rpm ntpdate-4.2.6p5-2.el6_5.ppc64.rpm s390x: ntp-4.2.6p5-2.el6_5.s390x.rpm ntp-debuginfo-4.2.6p5-2.el6_5.s390x.rpm ntpdate-4.2.6p5-2.el6_5.s390x.rpm x86_64: ntp-4.2.6p5-2.el6_5.x86_64.rpm ntp-debuginfo-4.2.6p5-2.el6_5.x86_64.rpm ntpdate-4.2.6p5-2.el6_5.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.5): Source: ntp-4.2.6p5-2.el6_5.src.rpm i386: ntp-debuginfo-4.2.6p5-2.el6_5.i686.rpm ntp-perl-4.2.6p5-2.el6_5.i686.rpm noarch: ntp-doc-4.2.6p5-2.el6_5.noarch.rpm ppc64: ntp-debuginfo-4.2.6p5-2.el6_5.ppc64.rpm ntp-perl-4.2.6p5-2.el6_5.ppc64.rpm s390x: ntp-debuginfo-4.2.6p5-2.el6_5.s390x.rpm ntp-perl-4.2.6p5-2.el6_5.s390x.rpm x86_64: ntp-debuginfo-4.2.6p5-2.el6_5.x86_64.rpm ntp-perl-4.2.6p5-2.el6_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-9293 https://access.redhat.com/security/cve/CVE-2014-9294 https://access.redhat.com/security/cve/CVE-2014-9295 https://access.redhat.com/security/cve/CVE-2014-9296 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. . Revised ntp binaries addresscritical vulnerabilities for Red Hat Enterprise Linux 6.5, improving overall system defense.. NTP Update, Red Hat Advisory, Important Fix, Linux EUS Update. . Severity: Important. LinuxSecurity.com Team
Jan 28, 2015
•Important
Red Hat
98
security advisoryRed Hatkernel updateRed Hat 5.3 RHSA-2010:0711-01 Critical Privilege Escalation Fix
Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 5.3 Extended Update Support. The Red Hat Security Response Team has rated this update as having [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2010:0711-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2010:0711.html Issue date: 2010-09-22 CVE Names: CVE-2010-3081 ==================================================================== 1. Summary: Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 5.3 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5.3.z server) - i386, ia64, noarch, ppc, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * The compat_alloc_user_space() function in the Linux kernel 32/64-bit compatibility layer implementation was missing sanity checks. This function could be abused in other areas of the Linux kernel if its length argument can be controlled from user-space. On 64-bit systems, a local, unprivileged user could use this flaw to escalate their privileges. (CVE-2010-3081, Important) Red Hat would like to thank Ben Hawkes for reporting this issue. Red Hat is aware that a public exploit for this issue is available. Refer to Knowledgebase article DOC-40265 for further details: https://access.redhat.com/kb/docs/DOC-40265 Users should upgrade to these updated packages, which contain a backported patch to correct thisissue. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 634457 - CVE-2010-3081 kernel: 64-bit Compatibility Mode Stack Pointer Underflow 6. Package List: Red Hat Enterprise Linux (v. 5.3.zserver): Source: kernel-2.6.18-128.23.2.el5.src.rpm i386: kernel-2.6.18-128.23.2.el5.i686.rpm kernel-PAE-2.6.18-128.23.2.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-128.23.2.el5.i686.rpm kernel-PAE-devel-2.6.18-128.23.2.el5.i686.rpm kernel-debug-2.6.18-128.23.2.el5.i686.rpm kernel-debug-debuginfo-2.6.18-128.23.2.el5.i686.rpm kernel-debug-devel-2.6.18-128.23.2.el5.i686.rpm kernel-debuginfo-2.6.18-128.23.2.el5.i686.rpm kernel-debuginfo-common-2.6.18-128.23.2.el5.i686.rpm kernel-devel-2.6.18-128.23.2.el5.i686.rpm kernel-headers-2.6.18-128.23.2.el5.i386.rpm kernel-xen-2.6.18-128.23.2.el5.i686.rpm kernel-xen-debuginfo-2.6.18-128.23.2.el5.i686.rpm kernel-xen-devel-2.6.18-128.23.2.el5.i686.rpm ia64: kernel-2.6.18-128.23.2.el5.ia64.rpm kernel-debug-2.6.18-128.23.2.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-128.23.2.el5.ia64.rpm kernel-debug-devel-2.6.18-128.23.2.el5.ia64.rpm kernel-debuginfo-2.6.18-128.23.2.el5.ia64.rpm kernel-debuginfo-common-2.6.18-128.23.2.el5.ia64.rpm kernel-devel-2.6.18-128.23.2.el5.ia64.rpm kernel-headers-2.6.18-128.23.2.el5.ia64.rpm kernel-xen-2.6.18-128.23.2.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-128.23.2.el5.ia64.rpm kernel-xen-devel-2.6.18-128.23.2.el5.ia64.rpm noarch: kernel-doc-2.6.18-128.23.2.el5.noarch.rpm ppc: kernel-2.6.18-128.23.2.el5.ppc64.rpm kernel-debug-2.6.18-128.23.2.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-128.23.2.el5.ppc64.rpm kernel-debug-devel-2.6.18-128.23.2.el5.ppc64.rpm kernel-debuginfo-2.6.18-128.23.2.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-128.23.2.el5.ppc64.rpm kernel-devel-2.6.18-128.23.2.el5.ppc64.rpm kernel-headers-2.6.18-128.23.2.el5.ppc.rpm kernel-headers-2.6.18-128.23.2.el5.ppc64.rpm kernel-kdump-2.6.18-128.23.2.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-128.23.2.el5.ppc64.rpm kernel-kdump-devel-2.6.18-128.23.2.el5.ppc64.rpm s390x: kernel-2.6.18-128.23.2.el5.s390x.rpm kernel-debug-2.6.18-128.23.2.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-128.23.2.el5.s390x.rpm kernel-debug-devel-2.6.18-128.23.2.el5.s390x.rpm kernel-debuginfo-2.6.18-128.23.2.el5.s390x.rpm kernel-debuginfo-common-2.6.18-128.23.2.el5.s390x.rpm kernel-devel-2.6.18-128.23.2.el5.s390x.rpm kernel-headers-2.6.18-128.23.2.el5.s390x.rpm kernel-kdump-2.6.18-128.23.2.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-128.23.2.el5.s390x.rpm kernel-kdump-devel-2.6.18-128.23.2.el5.s390x.rpm x86_64: kernel-2.6.18-128.23.2.el5.x86_64.rpm kernel-debug-2.6.18-128.23.2.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-128.23.2.el5.x86_64.rpm kernel-debug-devel-2.6.18-128.23.2.el5.x86_64.rpm kernel-debuginfo-2.6.18-128.23.2.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-128.23.2.el5.x86_64.rpm kernel-devel-2.6.18-128.23.2.el5.x86_64.rpm kernel-headers-2.6.18-128.23.2.el5.x86_64.rpm kernel-xen-2.6.18-128.23.2.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-128.23.2.el5.x86_64.rpm kernel-xen-devel-2.6.18-128.23.2.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2010-3081 https://access.redhat.com/security/updates/classification#important https://access.redhat.com/kb/docs/DOC-40265 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2010 Red Hat, Inc. . Significant Red Hat kernel enhancement targeting a vital privilege escalation vulnerability with essential upgrade recommendations.. Red Hat Kernel Update, Privilege Escalation Fix, Security Update Guidance. . Severity: Important. LinuxSecurity.com Team
Sep 22, 2010
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!