Alerts This Week
Warning Icon 1 609
Alerts This Week
Warning Icon 1 609

Stay Secure with the Latest Linux Advisories

Fedora Large Esm H800
Fedora

Fedora 44 Transmission 4.1.2 Important Clickjacking Fix CVE-2026-38978

Calendar White Jun 05, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 44 libre 4.8.1 Critical Update Details for Real-Time Communication

Calendar White Jun 05, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 44 NextCloud Update Denial of Service JSON Tampering 2026-30881a5be7

Calendar White Jun 05, 2026
Important
Fedora Large Esm H800
Fedora

Fedora 44 python-starlette Security Fix for CVE-2026-48710

Calendar White Jun 05, 2026
Critical
Fedora Large Esm H900
Fedora

Fedora 44 perl-Cpanel-JSON-XS Moderate Denial of Service CVE-2026-9516

Calendar White Jun 05, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 44 rubygem-yard High Path Traversal Fix Vuln 2026-acefc1fe48

Calendar White Jun 05, 2026
high
Fedora Large Esm H800
Fedora

Fedora 44 Rust Sequoia Sop Low-Severity Fix Advisory 2026-5c5f4f40a4

Calendar White Jun 05, 2026
Low
Fedora Large Esm H900
Fedora

Fedora 44 rust-sequoia-sq Low Threat Security Advisory 2026-5c5f4f40a4

Calendar White Jun 05, 2026
Low
Fedora Large Esm H900
Fedora

Fedora 44 rust-sequoia-wot Low Severity Security Fix 2026-5c5f4f40a4

Calendar White Jun 05, 2026
Low
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 3 articles for you...
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydebianpath traversal

Debian usbmuxd DSA-6125-1 Path Traversal Risk CVE-2025-66004

A path traversal vulnerability was discovered in usbmuxd, a multiplexor daemon used to coordinate USB connections from and to Apple devices (iPhone, iPad, iPod). Exploiting this vulnerability enables an unprivileged user to create and delete files named `*.plist` (and, in some cases, arbitrarily named) as the user. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6125-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Yves-Alexis Perez February 09, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : usbmuxd CVE ID : CVE-2025-66004 Debian Bug : 1122507 A path traversal vulnerability was discovered in usbmuxd, a multiplexor daemon used to coordinate USB connections from and to Apple devices (iPhone, iPad, iPod). Exploiting this vulnerability enables an unprivileged user to create and delete files named `*.plist` (and, in some cases, arbitrarily named) as the user running the daemon (`usbmux` by default). For the oldstable distribution (bookworm), this problem has been fixed in version 1.1.1-2+deb12u1. For the stable distribution (trixie), this problem has been fixed in version 1.1.1-6+deb13u1. We recommend that you upgrade your usbmuxd packages. For the detailed security status of usbmuxd please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/usbmuxd Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Path traversal vulnerability in usbmuxd allows file manipulation via unprivileged user. Immediate action recommended for Debian users.. Debian Security, usbmuxd, path traversal, unprivileged access, security advisory. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Feb 09, 2026 Important Debian
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorycriticaldebian

Debian 11: Advisories for Erlang Resource Leak & Critical Path Issues

Multiple vulnerabilities were fixed in Erlang an concurrent, real-time, distributed functional language. CVE-2025-4748 . ------------------------------------------------------------------------- Debian LTS Advisory DLA-4376-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Jochen Sprickerhof November 24, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : erlang Version : 1:23.2.6+dfsg-1+deb11u3 CVE ID : CVE-2025-4748 CVE-2025-48038 CVE-2025-48039 CVE-2025-48041 Debian Bug : Multiple vulnerabilities were fixed in Erlang an concurrent, real-time, distributed functional language. CVE-2025-4748 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2 unless the memory option is passed. CVE-2025-48038, CVE-2025-48039, CVE-2025-48041 Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure, Flooding. These vulnerabilities are associated with program files lib/ssh/src/ssh_sftpd.erl. For Debian 11 bullseye, these problems have been fixed in version 1:23.2.6+dfsg-1+deb11u3. We recommend that you upgrade your erlang packages. For the detailed security status of erlang please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/erlang Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Multiple vulnerabilities in Erlangfixed with critical security updates in Debian. Upgrade now to protect your system!. Erlang Security Patch, Debian Security Update, Path Traversal Fix, Resource Leak. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Nov 24, 2025 Critical Debian LTS
Banner 3 1028x280 1708121785 1771599793
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisorygentoosoftware update

Gentoo: GLSA 202407-19 Normal: MyApp Remote Code Execution

A vulnerability has been discovered in Stellarium, which can lead to arbitrary file writes.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202407-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Stellarium: Arbitrary File Write Date: July 05, 2024 Bugs: #905300 ID: 202407-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability has been discovered in Stellarium, which can lead to arbitrary file writes. Background ========== Stellarium is a free open source planetarium for your computer. It shows a realistic sky in 3D, just like what you see with the naked eye, binoculars or a telescope. Affected packages ================= Package Vulnerable Unaffected ------------------------ ------------ ------------ sci-astronomy/stellarium < 23.1 > = 23.1 Description =========== A vulnerability has been discovered in Stellarium. Please review the CVE identifier referenced below for details. Impact ====== Attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal. Workaround ========== There is no known workaround at this time. Resolution ========== All Stellarium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =sci-astronomy/stellarium-23.1" References ========== [ 1 ] CVE-2023-28371 https://nvd.nist.gov/vuln/detail/CVE-2023-28371 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202407-18 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security ofour users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Stay informed about the Stellarium vulnerability that allows arbitrary file writes, potentially compromising system integrity and enabling malicious actions. Stellarium security, Gentoo advisory, arbitrary write issues. . LinuxSecurity.com Team

Calendar 2 Jul 05, 2024 Gentoo
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryupdatecritical

Fedora 39 2024-b458482d48 Critical: Pandoc File Manipulation Threats

Security fix for CVE-2023-35936 and CVE-2023-38745 pandoc: backport fixes for CVE-2023-35936 and CVE-2023-38745 pandoc-cli: new package for pandoc binary. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-b458482d48 2024-03-30 01:08:11.513507 -------------------------------------------------------------------------------- Name : pandoc Product : Fedora 39 Version : 3.1.3 Release : 29.fc39 URL : https://hackage.haskell.org/package/pandoc Summary : Conversion between markup formats Description : Pandoc is a Haskell library for converting from one markup format to another. The formats it can handle include - light markup formats (many variants of Markdown, reStructuredText, AsciiDoc, Org-mode, Muse, Textile, txt2tags) - HTML formats (HTML 4 and 5) - Ebook formats (EPUB v2 and v3, FB2) - Documentation formats (GNU TexInfo, Haddock) - Roff formats (man, ms) - TeX formats (LaTeX, ConTeXt) - Typst - XML formats (DocBook 4 and 5, JATS, TEI Simple, OpenDocument) - Outline formats (OPML) - Bibliography formats (BibTeX, BibLaTeX, CSL JSON, CSL YAML, RIS) - Word processor formats (Docx, RTF, ODT) - Interactive notebook formats (Jupyter notebook ipynb) - Page layout formats (InDesign ICML) - Wiki markup formats (MediaWiki, DokuWiki, TikiWiki, TWiki, Vimwiki, XWiki, ZimWiki, Jira wiki, Creole) - Slide show formats (LaTeX Beamer, PowerPoint, Slidy, reveal.js, Slideous, S5, DZSlides) - Data formats (CSV and TSV tables) - PDF (via external programs such as pdflatex or wkhtmltopdf) Pandoc can convert mathematical content in documents between TeX, MathML, Word equations, roff eqn, typst, and plain text. It includes a powerful system for automatic citations and bibliographies, and it can be customized extensively using templates, filters, and custom readers and writers written in Lua. For the pandoc command-line program, see the 'pandoc-cli' package. For pdf output please also installpandoc-pdf or weasyprint. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2023-35936 and CVE-2023-38745 pandoc: backport fixes for CVE-2023-35936 and CVE-2023-38745 pandoc-cli: new package for pandoc binary patat: update to 0.11.0.0 and enable tests base64, isocline, toml-parser: now packaged in Fedora -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 5 2024 Jens Petersen - 3.1.3-29 - toml-parser is now packaged in Fedora * Tue Feb 27 2024 Jens Petersen - 3.1.3-28 - pandoc-cli is now packaged in Fedora - move hslua subpackages to pandoc-cli - backport fixes for CVE-2023-35936 and CVE-2023-38745 * Thu Jan 25 2024 Fedora Release Engineering - 3.1.3-27 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sun Jan 21 2024 Fedora Release Engineering - 3.1.3-26 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2220871 - CVE-2023-35936 pandoc: allows attacker to create or overwrite arbitrary files on the system https://bugzilla.redhat.com/show_bug.cgi?id=2220871 [ 2 ] Bug #2225379 - CVE-2023-38745 pandoc: allows attacker to create or overwrite arbitrary files on the system (incomplete fix in upstream for CVE-2023-35936) https://bugzilla.redhat.com/show_bug.cgi?id=2225379 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-b458482d48' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . The recent release of pandoc in Fedora 39 includes essential security enhancements targeting significant vulnerabilities related to file handling.. Pandoc Security, Fedora Update, Threat Mitigation, Linux Security Fixes. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Mar 30, 2024 Critical Fedora
Banner 3 1028x280 1708121785 1771599793
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryFedoracritical update

Fedora 36: FEDORA-2022-37aef44d1e Critical Update for Golang Filetools

Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- enable s390x build (rhbz#1971028). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-37aef44d1e 2022-07-30 01:52:05.591856 --------------------------------------------------------------------------------Name : golang-github-mrunalp-fileutils Product : Fedora 36 Version : 0.5.0 Release : 6.fc36 URL : https://github.com/mrunalp/fileutils Summary : Collection of utilities for file manipulation in Go Description : Collection of utilities for file manipulation in Go. --------------------------------------------------------------------------------Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- enable s390x build (rhbz#1971028) --------------------------------------------------------------------------------ChangeLog: * Tue Jul 19 2022 Maxwell G - 0.5.0-6 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-37aef44d1e' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . This patch addresses several security flaws in golang for Ubuntu users, reinforcing system safety and reliability.. Fedora Update, Golang Security, File Manipulation Tools. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jul 29, 2022 Critical Fedora
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorycritical issuesoftware update

Fedora 28: 2018:ea05fcd378 Critical: vcftools Use After Free Issue

- Update to latest upstream release 0.1.16. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-ea05fcd378 2018-12-30 01:38:50.660979 --------------------------------------------------------------------------------Name : vcftools Product : Fedora 28 Version : 0.1.16 Release : 1.fc28 URL : https://vcftools.github.io/ Summary : VCF file manipulation tools Description : A program package designed for working with VCF files, such as those generated by the 1000 Genomes Project. The aim of VCFtools is to provide methods for working with VCF files: validating, merging, comparing and calculate some basic population genetic statistics. --------------------------------------------------------------------------------Update Information: - Update to latest upstream release 0.1.16 --------------------------------------------------------------------------------ChangeLog: * Sun Aug 5 2018 Adam Huffman - 0.1.16-1 - Update to latest upstream release 0.1.16 * Sat Jul 14 2018 Fedora Release Engineering - 0.1.15-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Mon Apr 9 2018 Filipe Rosset - 0.1.15-6 - added gcc-c++ as BR --------------------------------------------------------------------------------References: [ 1 ] Bug #1580228 - CVE-2018-11130 vcftools: Use after free in headerp.cpp:header::add_FORMAT_descriptor() [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1580228 [ 2 ] Bug #1580225 - CVE-2018-11129 vcftools: Use after free in header.cpp:header::add_INFO_descriptor() [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1580225 [ 3 ] Bug #1580222 - CVE-2018-11099 vcftools: Heap-based buffer over-read in header.cpp:header::add_INFO_descriptor() [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1580222 --------------------------------------------------------------------------------This update can be installed with the"dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-ea05fcd378' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Essential security patch for vcftools in Fedora 28 tackles numerous vulnerabilities and improves file management.. vcftools Update,Fedora Security,File Manipulation Tools. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Dec 30, 2018 Critical Fedora
Banner 3 1028x280 1708121785 1771599793
99
Ls Advisories Slackware Esm H240
Price Tag 1security advisoryupdatecritical

Slackware 14.1: SSA:2016-132-01 Critical: Imagemagick Code Execution Threat

New imagemagick packages are available for Slackware 14.0, 14.1, and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] imagemagick (SSA:2016-132-01) New imagemagick packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/imagemagick-6.8.6_10-i486-2_slack14.1.txz: Rebuilt. This update addresses several security issues in ImageMagick, including: Insufficient shell characters filtering allows code execution (CVE-2016-3714) Server Side Request Forgery (CVE-2016-3718) File deletion (CVE-2016-3715) File moving (CVE-2016-3716) Local file read (CVE-2016-3717) To mitigate these issues, the default policy.xml config file has been modified to disable all of the vulnerable coders. For more information, see: https://imagetragick.com https://www.cve.org/CVERecord?id=CVE-2016-3714 https://www.cve.org/CVERecord?id=CVE-2016-3718 https://www.cve.org/CVERecord?id=CVE-2016-3715 https://www.cve.org/CVERecord?id=CVE-2016-3716 https://www.cve.org/CVERecord?id=CVE-2016-3717 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 14.0: Updated package for Slackware x86_64 14.0: Updated package for Slackware 14.1: Updated package for Slackware x86_64 14.1: Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 14.0 package: e78d8825fc122e9411b9bbde341ce8da imagemagick-6.7.7_10-i486-2_slack14.0.txz Slackware x86_64 14.0 package: 20bbb69e3a774f9493b3c87a90692b8f imagemagick-6.7.7_10-x86_64-2_slack14.0.txz Slackware 14.1 package: 26aa6ce379628b85df0818b17d5b855d imagemagick-6.8.6_10-i486-2_slack14.1.txz Slackware x86_64 14.1 package: 3060644c634984224e448ecd03bd0eb1 imagemagick-6.8.6_10-x86_64-2_slack14.1.txz Slackware -current package: 7add4b4c162a9e59ae309ea38430e44e xap/imagemagick-6.9.4_1-i586-1.txz Slackware x86_64 -current package: 73a376cb32a9fbf529340982dfdb9b88 xap/imagemagick-6.9.4_1-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg imagemagick-6.8.6_10-i486-2_slack14.1.txz +-----+ . Enhanced ImageMagick versions for Slackware rectify vital vulnerabilities related to potential code execution and unauthorized file handling risks.. Imagemagick Packages, Slackware Security, Security Updates. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 May 11, 2016 Critical Slackware
200
Ls Advisories Scientific Esm H240
Price Tag 1security advisorymoderatecode execution

Scientific Linux 5.x moderate: perl CVE-2008-5302 execution flaws

Moderate: perl security update. Date: Tue, 8 Jun 2010 10:36:58 -0500 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: FASTBUGS for SL 5.x i386/x86_64 Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it." The following FASTBUGS have been uploaded to i386: device-mapper-1.02.39-1.el5_5.2.i386.rpm device-mapper-event-1.02.39-1.el5_5.2.i386.rpm glibc-2.5-49.el5_5.2.i386.rpm glibc-2.5-49.el5_5.2.i686.rpm glibc-common-2.5-49.el5_5.2.i386.rpm glibc-devel-2.5-49.el5_5.2.i386.rpm glibc-headers-2.5-49.el5_5.2.i386.rpm glibc-utils-2.5-49.el5_5.2.i386.rpm gnome-vfs2-2.16.2-6.el5_5.1.i386.rpm gnome-vfs2-devel-2.16.2-6.el5_5.1.i386.rpm gnome-vfs2-smb-2.16.2-6.el5_5.1.i386.rpm kexec-tools-1.102pre-96.el5_5.1.i386.rpm kexec-tools-1.102pre-96.el5_5.2.i386.rpm kmod-spice-usb-redirector-4.5-2.el5_5.i386.rpm lvm2-2.02.56-8.el5_5.1.i386.rpm nscd-2.5-49.el5_5.2.i386.rpm nspluginwrapper-1.3.0-9.el5.i386.rpm spice-usb-redirector-4.5-2.el5_5.i386.rpm strace-4.5.18-5.el5_5.5.i386.rpm xen-3.0.3-105.el5_5.3.i386.rpm xen-devel-3.0.3-105.el5_5.3.i386.rpm xen-libs-3.0.3-105.el5_5.3.i386.rpm x86_64: device-mapper-1.02.39-1.el5_5.2.i386.rpm device-mapper-1.02.39-1.el5_5.2.x86_64.rpm device-mapper-event-1.02.39-1.el5_5.2.x86_64.rpm glibc-2.5-49.el5_5.2.i686.rpm glibc-2.5-49.el5_5.2.x86_64.rpm glibc-common-2.5-49.el5_5.2.x86_64.rpm glibc-devel-2.5-49.el5_5.2.i386.rpm glibc-devel-2.5-49.el5_5.2.x86_64.rpm glibc-headers-2.5-49.el5_5.2.x86_64.rpm glibc-utils-2.5-49.el5_5.2.x86_64.rpm gnome-vfs2-2.16.2-6.el5_5.1.x86_64.rpm gnome-vfs2-devel-2.16.2-6.el5_5.1.x86_64.rpm gnome-vfs2-smb-2.16.2-6.el5_5.1.x86_64.rpm kexec-tools-1.102pre-96.el5_5.1.x86_64.rpm kexec-tools-1.102pre-96.el5_5.2.x86_64.rpm kmod-spice-usb-redirector-4.5-2.el5_5.x86_64.rpm lvm2-2.02.56-8.el5_5.1.x86_64.rpm nscd-2.5-49.el5_5.2.x86_64.rpm nspluginwrapper-1.3.0-9.el5.i386.rpm nspluginwrapper-1.3.0-9.el5.x86_64.rpm spice-usb-redirector-4.5-2.el5_5.x86_64.rpm strace-4.5.18-5.el5_5.5.x86_64.rpm xen-3.0.3-105.el5_5.3.x86_64.rpm xen-devel-3.0.3-105.el5_5.3.i386.rpm xen-devel-3.0.3-105.el5_5.3.x86_64.rpm xen-libs-3.0.3-105.el5_5.3.i386.rpm xen-libs-3.0.3-105.el5_5.3.x86_64.rpm -Connie Sieh -Troy Dawson Date: Tue, 8 Jun 2010 11:20:18 -0500 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Moderate: perl on SL5.x i386/x86_64 Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it." Synopsis: Moderate: perl security update Issue date: 2010-06-07 CVE Names: CVE-2008-5302 CVE-2008-5303 CVE-2010-1168 CVE-2010-1447 Perl is a high-level programming language commonly used for system administration utilities and web programming. The Safe extension module allows users to compile and execute Perl code in restricted compartments. The File::Path module allows users to create and remove directory trees. The Safe module did not properly restrict the code of implicitly called methods (such as DESTROY and AUTOLOAD) on implicitly blessed objects returned as a result of unsafe code evaluation. These methods could have been executed unrestricted by Safe when such objects were accessed or destroyed. Aspecially-crafted Perl script executed inside of a Safe compartment could use this flaw to bypass intended Safe module restrictions. (CVE-2010-1168) The Safe module did not properly restrict code compiled in a Safe compartment and executed out of the compartment via a subroutine reference returned as a result of unsafe code evaluation. A specially-crafted Perl script executed inside of a Safe compartment could use this flaw to bypass intended Safe module restrictions, if the returned subroutine reference was called from outside of the compartment. (CVE-2010-1447) Multiple race conditions were found in the way the File::Path module's rmtree function removed directory trees. A malicious, local user with write access to a directory being removed by a victim, running a Perl script using rmtree, could cause the permissions of arbitrary files to be changed to world-writable and setuid, or delete arbitrary files via a symbolic link attack, if the victim had the privileges to change the permissions of the target files or to remove them. (CVE-2008-5302, CVE-2008-5303) These packages upgrade the Safe extension module to version 2.27. Refer to the Safe module's Changes file at the following link for a full list of changes. All applications using the Safe or File::Path modules must be restarted for this update to take effect. NOTE: SL 50-52 x86_64 releases originally had a perl.i386 package. It was taken out of the x86_64 SL5 distribution and is not part of this security update. If you have one of these earlier SL5 x86_64 distributions and your perl update does not work due to conflicts, you should do a "yum remove perl.i386" before doing your update on these earlier SL 5 x86_64 releases. SL 5.x SRPMS: perl-5.8.8-32.el5_5.1.src.rpm i386: perl-5.8.8-32.el5_5.1.i386.rpm perl-suidperl-5.8.8-32.el5_5.1.i386.rpm x86_64: perl-5.8.8-32.el5_5.1.x86_64.rpm perl-suidperl-5.8.8-32.el5_5.1.x86_64.rpm -Connie Sieh -Troy Dawson . Timely patches for Perl vulnerabilities tackle execution issues in CentOS, affecting theSafe and File::Basename components.. perl security, Scientific Linux updates, code execution flaws, package updates, Safe module. . LinuxSecurity.com Team

Calendar 2 Jun 08, 2010 Scientific Linux
Banner 3 1028x280 1708121785 1771599793
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here