Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
100
security advisorysecurity updateupdateSUSE: 2020:3739-1 Moderate: Curl FTP and OSCP Security Fixes
An update that fixes three vulnerabilities is now available. . SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3739-1 Rating: moderate References: #1179398 #1179399 #1179593 Cross-References: CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3739=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-3739=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): curl-debuginfo-7.60.0-11.9.1 curl-debugsource-7.60.0-11.9.1 libcurl-devel-7.60.0-11.9.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): curl-7.60.0-11.9.1 curl-debuginfo-7.60.0-11.9.1 curl-debugsource-7.60.0-11.9.1 libcurl4-7.60.0-11.9.1 libcurl4-debuginfo-7.60.0-11.9.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libcurl4-32bit-7.60.0-11.9.1 libcurl4-debuginfo-32bit-7.60.0-11.9.1 References: https://www.suse.com/security/cve/CVE-2020-8284.html https://www.suse.com/security/cve/CVE-2020-8285.html https://www.suse.com/security/cve/CVE-2020-8286.html https://bugzilla.suse.com/1179398 https://bugzilla.suse.com/1179399 https://bugzilla.suse.com/1179593 . The latest SUSE Curl security update boosts FTP capabilities and addresses OSCP vulnerabilities, urging prompt application for system and file transfer security. SUSE Security Update,Curl Security Fix,FTP Wildcard Patch,SUSE 12-SP5 Fixes. . LinuxSecurity.com Team
Dec 10, 2020
SuSE
200
security advisorymoderatesecurity fixSciLinux: SLSA-2016:2587-2 Moderate wget Security Fix on SL7.x x86_64
Moderate: wget security and bug fix update. Date: Wed, 14 Dec 2016 18:06:26 -0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Scott Reid Subject: Security ERRATA Moderate: wget on SL7.x x86_64 MIME-Version: 1.0 Message-ID: Synopsis: Moderate: wget security and bug fix update Advisory ID: SLSA-2016:2587-2 Issue Date: 2016-11-03 CVE Numbers: CVE-2016-4971 -- Security Fix(es): * It was found that wget used a file name provided by the server for the downloaded file when following an HTTP redirect to a FTP server resource. This could cause wget to create a file with a different name than expected, possibly allowing the server to execute arbitrary code on the client. (CVE-2016-4971) -- SL7 x86_64 wget-1.14-13.el7.x86_64.rpm wget-debuginfo-1.14-13.el7.x86_64.rpm - Scientific Linux Development Team . Uncover the latest wget security patch for Scientific Linux, mitigating possible execution vulnerabilities triggered by HTTP redirections.. wget Security Update, Scientific Linux Fix, wget Exploit Mitigation. . LinuxSecurity.com Team
Dec 14, 2016
Scientific Linux
87
security advisorymoderatedebianDebian DSA 631-1: Moderate kdelibs FTP Command Execution Risk
Thiago Macieira discovered a vulnerability in the kioslave library, which is part of kdelibs, which allows a remote attacker to execute arbitrary FTP commands via an ftp:// URL that contains an URL-encoded newline before the FTP command.. --------------------------------------------------------------------------Debian Security Advisory DSA 631-1
Jan 10, 2005
•Important
Debian
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!