Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
98
security advisorymoderatesecurity updateRed Hat: RHSA-2012:1116-01 Moderate: perl-DBD-Pg Format String Flaw
An updated perl-DBD-Pg package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Moderate: perl-DBD-Pg security update Advisory ID: RHSA-2012:1116-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2012:1116.html Issue date: 2012-07-25 CVE Names: CVE-2012-1151 ==================================================================== 1. Summary: An updated perl-DBD-Pg package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Perl DBI is a database access Application Programming Interface (API) for the Perl language. perl-DBD-Pg allows Perl applications to access PostgreSQL database servers. Two format string flaws were found in perl-DBD-Pg. A specially-crafted database warning or error message from a server could cause an application using perl-DBD-Pg to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-1151) All users of perl-DBD-Pg are advised to upgrade to this updated package, which contains a backported patch to fix these issues. Applications using perl-DBD-Pg must be restarted forthe update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 801733 - CVE-2012-1151 perl-DBD-Pg: Format string flaws by turning db notices into Perl warnings and by preparing DBD statement 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: perl-DBD-Pg-1.49-4.el5_8.i386.rpm perl-DBD-Pg-debuginfo-1.49-4.el5_8.i386.rpm x86_64: perl-DBD-Pg-1.49-4.el5_8.x86_64.rpm perl-DBD-Pg-debuginfo-1.49-4.el5_8.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: i386: perl-DBD-Pg-1.49-4.el5_8.i386.rpm perl-DBD-Pg-debuginfo-1.49-4.el5_8.i386.rpm ia64: perl-DBD-Pg-1.49-4.el5_8.ia64.rpm perl-DBD-Pg-debuginfo-1.49-4.el5_8.ia64.rpm ppc: perl-DBD-Pg-1.49-4.el5_8.ppc.rpm perl-DBD-Pg-debuginfo-1.49-4.el5_8.ppc.rpm s390x: perl-DBD-Pg-1.49-4.el5_8.s390x.rpm perl-DBD-Pg-debuginfo-1.49-4.el5_8.s390x.rpm x86_64: perl-DBD-Pg-1.49-4.el5_8.x86_64.rpm perl-DBD-Pg-debuginfo-1.49-4.el5_8.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: x86_64: perl-DBD-Pg-2.15.1-4.el6_3.x86_64.rpm perl-DBD-Pg-debuginfo-2.15.1-4.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: i386: perl-DBD-Pg-2.15.1-4.el6_3.i686.rpm perl-DBD-Pg-debuginfo-2.15.1-4.el6_3.i686.rpm ppc64: perl-DBD-Pg-2.15.1-4.el6_3.ppc64.rpm perl-DBD-Pg-debuginfo-2.15.1-4.el6_3.ppc64.rpm s390x: perl-DBD-Pg-2.15.1-4.el6_3.s390x.rpm perl-DBD-Pg-debuginfo-2.15.1-4.el6_3.s390x.rpm x86_64: perl-DBD-Pg-2.15.1-4.el6_3.x86_64.rpm perl-DBD-Pg-debuginfo-2.15.1-4.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v.6): Source: i386: perl-DBD-Pg-2.15.1-4.el6_3.i686.rpm perl-DBD-Pg-debuginfo-2.15.1-4.el6_3.i686.rpm x86_64: perl-DBD-Pg-2.15.1-4.el6_3.x86_64.rpm perl-DBD-Pg-debuginfo-2.15.1-4.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2012-1151 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. . Red Hat recommends updating perl-DBD-Pg due to moderate security vulnerabilities identified in the latest patches for Enterprise Linux.. perl-DBD-Pg Update, Red Hat Advisory, Moderate Severity, Security Patch, Database Access. . LinuxSecurity.com Team
Jul 25, 2012
Red Hat
200
security advisorybug fixsecurity fixScientific Linux: CVE-2012-3406 Moderate: glibc Format String Flaw
Moderate: glibc security and bug fix update. Date: Thu, 19 Jul 2012 10:33:54 -0500 Reply-To:
Jul 19, 2012
Scientific Linux
98
security advisorysecurity issuesoftware patchRed Hat 5 RHSA-2012:0397-01 Moderate: glibc Format String Flaw
Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: glibc security update Advisory ID: RHSA-2012:0397-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2012:0397.html Issue date: 2012-03-19 CVE Names: CVE-2012-0864 ==================================================================== 1. Summary: Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. (CVE-2012-0864) All users of glibc are advised to upgrade to these updated packages, which contain a patch to resolve this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant toyour system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 794766 - CVE-2012-0864 glibc: FORTIFY_SOURCE format string protection bypass via "nargs" integer overflow 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: glibc-2.5-81.el5_8.1.i386.rpm glibc-2.5-81.el5_8.1.i686.rpm glibc-common-2.5-81.el5_8.1.i386.rpm glibc-debuginfo-2.5-81.el5_8.1.i386.rpm glibc-debuginfo-2.5-81.el5_8.1.i686.rpm glibc-debuginfo-common-2.5-81.el5_8.1.i386.rpm glibc-devel-2.5-81.el5_8.1.i386.rpm glibc-headers-2.5-81.el5_8.1.i386.rpm glibc-utils-2.5-81.el5_8.1.i386.rpm nscd-2.5-81.el5_8.1.i386.rpm x86_64: glibc-2.5-81.el5_8.1.i686.rpm glibc-2.5-81.el5_8.1.x86_64.rpm glibc-common-2.5-81.el5_8.1.x86_64.rpm glibc-debuginfo-2.5-81.el5_8.1.i386.rpm glibc-debuginfo-2.5-81.el5_8.1.i686.rpm glibc-debuginfo-2.5-81.el5_8.1.x86_64.rpm glibc-debuginfo-common-2.5-81.el5_8.1.i386.rpm glibc-devel-2.5-81.el5_8.1.i386.rpm glibc-devel-2.5-81.el5_8.1.x86_64.rpm glibc-headers-2.5-81.el5_8.1.x86_64.rpm glibc-utils-2.5-81.el5_8.1.x86_64.rpm nscd-2.5-81.el5_8.1.x86_64.rpm Red Hat Enterprise Linux (v. 5server): Source: i386: glibc-2.5-81.el5_8.1.i386.rpm glibc-2.5-81.el5_8.1.i686.rpm glibc-common-2.5-81.el5_8.1.i386.rpm glibc-debuginfo-2.5-81.el5_8.1.i386.rpm glibc-debuginfo-2.5-81.el5_8.1.i686.rpm glibc-debuginfo-common-2.5-81.el5_8.1.i386.rpm glibc-devel-2.5-81.el5_8.1.i386.rpm glibc-headers-2.5-81.el5_8.1.i386.rpm glibc-utils-2.5-81.el5_8.1.i386.rpm nscd-2.5-81.el5_8.1.i386.rpm ia64: glibc-2.5-81.el5_8.1.i686.rpm glibc-2.5-81.el5_8.1.ia64.rpm glibc-common-2.5-81.el5_8.1.ia64.rpm glibc-debuginfo-2.5-81.el5_8.1.i686.rpm glibc-debuginfo-2.5-81.el5_8.1.ia64.rpm glibc-devel-2.5-81.el5_8.1.ia64.rpm glibc-headers-2.5-81.el5_8.1.ia64.rpm glibc-utils-2.5-81.el5_8.1.ia64.rpm nscd-2.5-81.el5_8.1.ia64.rpm ppc: glibc-2.5-81.el5_8.1.ppc.rpm glibc-2.5-81.el5_8.1.ppc64.rpm glibc-common-2.5-81.el5_8.1.ppc.rpm glibc-debuginfo-2.5-81.el5_8.1.ppc.rpm glibc-debuginfo-2.5-81.el5_8.1.ppc64.rpm glibc-devel-2.5-81.el5_8.1.ppc.rpm glibc-devel-2.5-81.el5_8.1.ppc64.rpm glibc-headers-2.5-81.el5_8.1.ppc.rpm glibc-utils-2.5-81.el5_8.1.ppc.rpm nscd-2.5-81.el5_8.1.ppc.rpm s390x: glibc-2.5-81.el5_8.1.s390.rpm glibc-2.5-81.el5_8.1.s390x.rpm glibc-common-2.5-81.el5_8.1.s390x.rpm glibc-debuginfo-2.5-81.el5_8.1.s390.rpm glibc-debuginfo-2.5-81.el5_8.1.s390x.rpm glibc-devel-2.5-81.el5_8.1.s390.rpm glibc-devel-2.5-81.el5_8.1.s390x.rpm glibc-headers-2.5-81.el5_8.1.s390x.rpm glibc-utils-2.5-81.el5_8.1.s390x.rpm nscd-2.5-81.el5_8.1.s390x.rpm x86_64: glibc-2.5-81.el5_8.1.i686.rpm glibc-2.5-81.el5_8.1.x86_64.rpm glibc-common-2.5-81.el5_8.1.x86_64.rpm glibc-debuginfo-2.5-81.el5_8.1.i386.rpm glibc-debuginfo-2.5-81.el5_8.1.i686.rpm glibc-debuginfo-2.5-81.el5_8.1.x86_64.rpm glibc-debuginfo-common-2.5-81.el5_8.1.i386.rpm glibc-devel-2.5-81.el5_8.1.i386.rpm glibc-devel-2.5-81.el5_8.1.x86_64.rpm glibc-headers-2.5-81.el5_8.1.x86_64.rpm glibc-utils-2.5-81.el5_8.1.x86_64.rpm nscd-2.5-81.el5_8.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are availablefrom https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2012-0864 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPZ63QXlSAg2UNWIIRAgIoAKDCfqaaA+1eP/vua+72RT4U4KvSFgCffiPk rPa1rro4gGcJH8prF+aUUCw=eMZq -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Mar 19, 2012
Red Hat
172
security advisorycritical issueupdateUbuntu 6.06/6.10 USN-442-1 Critical: Evolution Format String Flaw
Ulf Harnhammar of Secunia Research discovered that Evolution did not correctly handle format strings when displaying shared memos. If a remote attacker tricked a user into viewing a specially crafted shared memo, they could execute arbitrary code with user privileges. . =========================================================== Ubuntu Security Notice USN-442-1 March 26, 2007 evolution vulnerability CVE-2007-1002 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: evolution 2.6.1-0ubuntu7.1 Ubuntu 6.10: evolution 2.8.1-0ubuntu4.1 After a standard system upgrade you need to restart Evolution or reboot your computer to effect the necessary changes. Details follow: Ulf Harnhammar of Secunia Research discovered that Evolution did not correctly handle format strings when displaying shared memos. If a remote attacker tricked a user into viewing a specially crafted shared memo, they could execute arbitrary code with user privileges. Updated packages for Ubuntu 6.06 LTS: Source archives: Size/MD5: 203008 2ae07aca07876171488a3742fcf6cd7d Size/MD5: 1402 70ff6cd8aba5ce24c06b89322023992f Size/MD5: 17037346 e2ba35f5eaa324d0eb552c1c87405042 amd64 architecture (Athlon64, Opteron, EM64T Xeon) Size/MD5: 6577972 498a48802494560e62697f9d1fc7f9ce Size/MD5: 216282 e62eb68d84fc250692bbb2f306543f5e Size/MD5: 332896 dae270dbfc6e066649d6582b47026a03 Size/MD5: 4955414 23d03c1b299f17cc35deeff387072b2c i386 architecture (x86 compatible Intel/AMD) Size/MD5: 5741630 0f8ff4369f8532fda8ddf0e51cd520d0 Size/MD5: 216300 1dea6eedc89ab62b30d305bae64cf280 Size/MD5: 304794 537374fa643646397e4f190cf04c9a4f Size/MD5: 4696350 9a02afe119a2780003a153244fbfa6d8 powerpc architecture (Apple Macintosh G3/G4/G5) Size/MD5: 6512980 e13fc8bbc5d316072bdfc29dec731356 Size/MD5: 216290 7a5b51f4d6242034010f228307f20cb1 Size/MD5: 348122 bfa4413a04e17d2253f151707650848f Size/MD5: 4838568 24d0aa33e501a30354785c1fdc60a91b sparc architecture (Sun SPARC/UltraSPARC) Size/MD5: 5824986 77f688641c4d4391196aae225c101ddf Size/MD5: 216314 7b7aa826df864586fd3081afe8e34dd3 Size/MD5: 304758 1ea9ddcd94a5d2e096105832801e382a Size/MD5: 4781704 8b845a4b4cdc0c9bb98e6036698d4d18 Updated packages for Ubuntu 6.10: Source archives: Size/MD5: 362367 369d47c1902a4eded5b638c786ab222c Size/MD5: 1373 da428269e616e6f21d63266a0447424f Size/MD5: 17782443 0ce38f1ae7992e00eec3414e62cb3a59 amd64 architecture (Athlon64, Opteron, EM64T Xeon) Size/MD5: 6569246 4cd8e2a6ee3c2b00253804d65ce2417e Size/MD5: 212314 43d020bb87ec8f9d00952d9f17f76cd3 Size/MD5: 124000 95d482c09e7140b76afa9c8ae788fe39 Size/MD5: 5341080 53a444b95c4275bf8e338251033aea4c i386 architecture (x86 compatible Intel/AMD) Size/MD5: 6183514 debcc0562af15abf0049619b231a3851 Size/MD5: 212326 833c45b1ac595d8b9c1fe0133f775f6f Size/MD5: 119026 f53322b9df228674cc5b5d5ec3b581a8 Size/MD5: 5143056 3ad68c9a9a546379e4d37da97ea737e1 powerpc architecture (Apple Macintosh G3/G4/G5) Size/MD5: 6567094 0de2ecf5ac22debc34e62d4318bc1860 Size/MD5: 212318 f2dcdcfcc4b2f157d258213a1ca6328e Size/MD5: 132218 cba1dff0546242060d83b58d03311d3e Size/MD5: 5242672 00e64b862a130607586770ee2329619f sparc architecture (Sun SPARC/UltraSPARC) Size/MD5: 608411051e9855eb0669f30bf0d8c197901659f Size/MD5: 212320 68b6ce59b82753e10b4f481552970b77 Size/MD5: 117242 cc20e0c7057bd6ef2ec2d84ef31b6c7e Size/MD5: 5151890 494d1c41a154f4ceb2830dd6fcfbc721 . Significant vulnerability in Evolution permits unrestricted code execution. Update your Ubuntu installation immediately to bolster safety.. Evolution Flaw, Ubuntu Security, Code Execution, Format Strings, Ulf Harnhammar. . Severity: Critical. LinuxSecurity.com Team
Mar 26, 2007
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!