Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
98
security advisorymoderatedenial of serviceRed Hat OpenShift 4.7 RHSA-2021-0100-01 Moderate: DoS via File Integrity
The file-integrity-operator image update is now available for OpenShift Container Platform 4.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Container Platform 4.7 file-integrity-operator image security update Advisory ID: RHSA-2021:0100-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:0100 Issue date: 2021-02-24 CVE Names: CVE-2020-27813 ==================================================================== 1. Summary: The file-integrity-operator image update is now available for OpenShift Container Platform 4.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: The file-integrity-operator image update is now available for OpenShift Container Platform 4.7. Security Fix(es): * golang-github-gorilla-websocket: integer overflow leads to denial of service (CVE-2020-27813) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 1826301 - Wrong NodeStatus reports in file-integrity scan when configuration error in aide.conf file 1869293 - The configmap name looks confusing in aide-ds podlogs 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 1905011 - The file-integrity-Operator brew Bundle image does not available for OCP4.7 1910050 - [OCP v47] The file integrity aide-ds pod goes in CrashLoopBackOff state during the scan 1921692 - Please report fileintegritynodestatus (active/ failed / etc) in column when running `oc get fileintegritynodestatus` 1923096 - The daemonSet does not get updated when the nodeSelector and Tolerations get changed in fileIntegrity object 5. References: https://access.redhat.com/security/cve/CVE-2020-27813 https://access.redhat.com/security/updates/classification#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYDbDEtzjgjWX9erEAQgu3hAAn2qYIjaObv0rj7Rytc1PrpsMJr3LnHyA 65HuBVGGJ+1WLZfRWcr0PGjF858OAGdHhwR7buFHdj1rOQ8lKPBI10TESI+ny8aC KAdXVV+hSuB5/o8CRcP7p4vpu2680mOkRhwN1h7vJvrRxArF2jKjxgkS3OG31XYs a322zlyQH6VHAHxrZizjXvKLY7L98A7R/BypquzqueN2jYWKxGpZZaGppZZ4rn4Q 2gYiTpht5g+UBImw6rBoBfZJh9xlRwXp5nv53oCPgXOJOWBGdhJK06ngWtuygzTf nK5afvuycDi67VnMwhKXFZHHA/DIZrZgL0yMwzMWOdxFKeL6lnF8X26D9289cfVq OzAQ9O5n5+80V1fw1OuyUxLKnk/C9rKs74Xd7ppT/FhnUl+OYgy+QYhdKYqnsWWq X51E1ykROOmaNH3Y0d1Ib8R8m362sSZDdmk97FL18YZ5Tz/0EzzmOWFdMzhCdSUn 1+sOOamooIu4OTuuqnxpOSFndjcRcIZbLM1Z+aac0aqUVIoVQ1JgqQLFuGhpO8Gu T5tDDRFGiHUKVaqpRLbDSMaoQJY5h8JL0SSlJ5ylFGXxmiU3m93r1iW97nB54/rG Guf0zUHQ2o12Wj8MDwLOysNZK1yEP1IKxNMryvfKmr81wNOdA6BguhzoR+Oj7beq aVOtG/isImc=BWbO -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Feb 24, 2021
•Important
Red Hat
100
security advisorymoderatefile integritySUSE: 2019:0643-1 Moderate Vulnerability in lftp File Integrity
An update that solves one vulnerability and has one errata is now available. . SUSE Security Update: Security update for lftp ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0643-1 Rating: moderate References: #1103367 #1120946 Cross-References: CVE-2018-10916 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for lftp fixes the following issues: Security issue fixed: - CVE-2018-10916: Fixed an improper file name sanitization which could lead to loss of integrity of the local system (bsc#1103367). Other issue addressed: - The SSH login handling code detects password prompts more reliably (bsc#1120946). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-643=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): lftp-4.8.3-4.3.1 lftp-debuginfo-4.8.3-4.3.1 lftp-debugsource-4.8.3-4.3.1 References: https://www.suse.com/security/cve/CVE-2018-10916.html https://bugzilla.suse.com/1103367 https://bugzilla.suse.com/1120946 _______________________________________________ sle-security-updates mailing list
Mar 19, 2019
SuSE
100
security advisorymoderatefile integritySUSE: 2019:0642-1 Moderate: lftp Improper File Sanitization
An update that solves one vulnerability and has one errata is now available. . SUSE Security Update: Security update for lftp ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0642-1 Rating: moderate References: #1103367 #1120946 Cross-References: CVE-2018-10916 Affected Products: SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP4 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for lftp fixes the following issues: Security issue fixed: - CVE-2018-10916: Fixed an improper file name sanitization which could lead to loss of integrity of the local system (bsc#1103367). Other issue addressed: - The SSH login handling code detects password prompts more reliably (bsc#1120946). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-642=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-642=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-642=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2019-642=1 Package List: - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): lftp-4.7.4-3.6.1 lftp-debuginfo-4.7.4-3.6.1 lftp-debugsource-4.7.4-3.6.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): lftp-4.7.4-3.6.1 lftp-debuginfo-4.7.4-3.6.1 lftp-debugsource-4.7.4-3.6.1 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): lftp-4.7.4-3.6.1 lftp-debuginfo-4.7.4-3.6.1 lftp-debugsource-4.7.4-3.6.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): lftp-4.7.4-3.6.1 lftp-debuginfo-4.7.4-3.6.1 lftp-debugsource-4.7.4-3.6.1 References: https://www.suse.com/security/cve/CVE-2018-10916.html https://bugzilla.suse.com/1103367 https://bugzilla.suse.com/1120946 _______________________________________________ sle-security-updates mailing list
Mar 19, 2019
•Important
SuSE
99
security advisorycriticalfile integritySlackware 14.2: 2018-214-01 Critical: Lftp Remote File Integrity Issue
New lftp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] lftp (SSA:2018-214-01) New lftp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/lftp-4.8.4-i586-1_slack14.2.txz: Upgraded. It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server, resulting in the removal of all files in the current working directory of the victim's system. For more information, see: https://www.cve.org/CVERecord?id=CVE-2018-10916 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/lftp-4.8.4-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/lftp-4.8.4-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/lftp-4.8.4-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/lftp-4.8.4-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/lftp-4.8.4-i586-1_slack14.2.txz Updated package for Slackwarex86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/lftp-4.8.4-x86_64-1_slack14.2.txz Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 14.0 package: b303a9afed31b7e1e63fd89f97b930b9 lftp-4.8.4-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 5f9f3d0523f105f2b9208605a0f8ce8f lftp-4.8.4-x86_64-1_slack14.0.txz Slackware 14.1 package: a8bc385e644200237999bdf998ebd6cd lftp-4.8.4-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 7d12b70c48cba62ca3b4e76a6a14c5d2 lftp-4.8.4-x86_64-1_slack14.1.txz Slackware 14.2 package: 52f999b2dd00680235b93dd8de488d49 lftp-4.8.4-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 0a90effcd6dea9f0957d8d72475d0d51 lftp-4.8.4-x86_64-1_slack14.2.txz Slackware -current package: c8bdc8b30de7eb688b832a20b23d8578 n/lftp-4.8.4-i586-1.txz Slackware x86_64 -current package: a1340ec3d270601cfb9c05379ddcf7df n/lftp-4.8.4-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg lftp-4.8.4-i586-1_slack14.2.txz +-----+ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] lftp (SSA:2018-214-01) New lftp p. packages, slackware, -current, security. . Severity: Critical. LinuxSecurity.com Team
Aug 02, 2018
•Critical
Slackware
91
security advisorygentoofile integrityGentoo GLSA-200710-22 Normal: TRAMP Insecure Temp File Creation
The TRAMP package for GNU Emacs insecurely creates temporary files.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200710-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: TRAMP: Insecure temporary file creation Date: October 20, 2007 Bugs: #194713 ID: 200710-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= The TRAMP package for GNU Emacs insecurely creates temporary files. Background ========= TRAMP is a remote file editing package for GNU Emacs, a highly extensible and customizable text editor. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-emacs/tramp < 2.1.10-r2 > = 2.1.10-r2 *< 2.1 Description ========== Stefan Monnier discovered that the tramp-make-tramp-temp-file() function creates temporary files in an insecure manner. Impact ===== A local attacker could create symbolic links in the directory where the temporary files are written, pointing to a valid file somewhere on the filesystem that is writable by the user running TRAMP. When TRAMP writes the temporary file, the target valid file would then be overwritten with the contents of the TRAMP temporary file. Workaround ========= There is no known workaround at this time. Resolution ========= All TRAMP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-emacs/tramp-2.1.10-r2" References ========= [ 1 ] CVE-2007-5377 https://www.cve.org/CVERecord?id=CVE-2007-5377 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200710-22 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Oct 20, 2007
Gentoo
98
security advisorymoderateRed HatRed Hat: RHSA-2007:0539-01 Moderate: Aide File Checksum Issue
A flaw was discovered in the way file checksums were stored in the AIDE database. A packaging flaw in the Red Hat AIDE rpm resulted in the file database not containing any file checksum information. This could prevent AIDE from detecting certain file modifications. This update has been rated as having moderate security impact by the Red Hat Security Response Team.. - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: aide security update Advisory ID: RHSA-2007:0539-01 Advisory URL: https://access.redhat.com/errata/RHSA-2007:0539.html Issue date: 2007-09-04 Updated on: 2007-09-04 Product: Red Hat Enterprise Linux Keywords: aide CVE Names: CVE-2007-3849 - ---------------------------------------------------------------------1. Summary: An updated aide package that fixes various bugs is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Problem description: Advanced Intrusion Detection Environment (AIDE) is a file integrity checker and intrusion detection program. A flaw was discovered in the way file checksums were stored in the AIDE database. A packaging flaw in the Red Hat AIDE rpm resulted in the file database not containing any file checksum information. This could prevent AIDE from detecting certain file modifications. (CVE-2007-3849) This update also fixes the following bugs: * certain configurations could result in a segmentation fault upon initialization. * AIDE was unable to open its log file in the LSPP evaluated configuration. * if AIDE found SELinux context differences, the changed files report it generated only included the first 32characters of the context. All users of AIDE are advised to upgrade to this updated package containing AIDE version 0.13.1 which is not vulnerable to these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bug IDs fixed (http://bugzilla.redhat.com/): 225089 - aide Segmentation fault on initialization 236855 - LSPP: aide can't write its log file 236923 - CVE-2007-3849 Rebase aide to 0.13.1 240144 - [LSPP] aide report output limits context to 32char -- not evaluation blocking 6. RPMs required: Red Hat Enterprise Linux Desktop (v. 5 client): SRPMS: 5ae051f7cebfbef7ebf4829c41134b07 aide-0.13.1-2.0.4.el5.src.rpm i386: 63b364d7e2d356b0441ada657dd40312 aide-0.13.1-2.0.4.el5.i386.rpm 7eb96b96b84e9482583ae4afe2b614b0 aide-debuginfo-0.13.1-2.0.4.el5.i386.rpm x86_64: b5bb0f3be1d18d4dbd4784e9238b66b9 aide-0.13.1-2.0.4.el5.x86_64.rpm 5844acb1a87c4ffa36d97382b87f49f6 aide-debuginfo-0.13.1-2.0.4.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: 5ae051f7cebfbef7ebf4829c41134b07 aide-0.13.1-2.0.4.el5.src.rpm i386: 63b364d7e2d356b0441ada657dd40312 aide-0.13.1-2.0.4.el5.i386.rpm 7eb96b96b84e9482583ae4afe2b614b0 aide-debuginfo-0.13.1-2.0.4.el5.i386.rpm ia64: b6981b6f0287f3a1d958f7627782f695 aide-0.13.1-2.0.4.el5.ia64.rpm c1244a0baa9901db07e39e4d2e697abf aide-debuginfo-0.13.1-2.0.4.el5.ia64.rpm ppc: 15d4fcbf6efdd60052f3258c0c95d5a1 aide-0.13.1-2.0.4.el5.ppc.rpm 4f106c80aa147f95e92b13dd18b7ed54 aide-debuginfo-0.13.1-2.0.4.el5.ppc.rpm s390x: e9df37b291bf6b7d0367d3d4fc966e52 aide-0.13.1-2.0.4.el5.s390x.rpm d0ea63d7118f3ffcedfdd6996b72d4cc aide-debuginfo-0.13.1-2.0.4.el5.s390x.rpm x86_64: b5bb0f3be1d18d4dbd4784e9238b66b9 aide-0.13.1-2.0.4.el5.x86_64.rpm 5844acb1a87c4ffa36d97382b87f49f6 aide-debuginfo-0.13.1-2.0.4.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CVE-2007-3849 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2007 Red Hat, Inc. . Red Hat has published a significant security advisory (RHSA-2007:0540-01) tackling vulnerabilities related to package integrity verification.. Red Hat Security,AIDE Package,Checksum Fix,Moderate Advisory. . LinuxSecurity.com Team
Sep 04, 2007
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!