Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
203
security advisorydenial of servicesecurity updateMageia 9: Advisory 2024-0123 Moderate: Ruby-Rack Denial Of Service Issues
Carefully crafted content type headers can cause Rackâs media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree polynomial). (CVE-2024-25126) Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could . MGASA-2024-0123 - Updated ruby-rack packages fix security vulnerabilities Publication date: 12 Apr 2024 URL: https://advisories.mageia.org/MGASA-2024-0123.html Type: security Affected Mageia releases: 9 CVE: CVE-2024-25126, CVE-2024-26141, CVE-2024-26146 Carefully crafted content type headers can cause Rackâs media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree polynomial). (CVE-2024-25126) Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this includes Rails applications). (CVE-2024-26141) Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. (CVE-2024-26146) References: - https://bugs.mageia.org/show_bug.cgi?id=33075 - https://www.cve.org/CVERecord?id=CVE-2024-25126 - https://www.cve.org/CVERecord?id=CVE-2024-26141 - https://www.cve.org/CVERecord?id=CVE-2024-26146 SRPMS: - 9/core/ruby-rack-2.2.8.1-1.mga9 . Revised ruby-rack distributions resolve security flaws, notably Denial of Service threats highlighted in the latest reports.. ruby Rack, Mageia, Denial of Service, security updates, header parsing. . LinuxSecurity.com Team
Apr 12, 2024
Mageia
203
security advisorycriticalXSSMageia 8 MGASA-2023-0241 Critical: MediaWiki Header Issues and XSS
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline (\n) into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n . MGASA-2023-0241 - Updated mediawiki packages fix security vulnerability Publication date: 26 Jul 2023 URL: https://advisories.mageia.org/MGASA-2023-0241.html Type: security Affected Mageia releases: 8 CVE: CVE-2023-29197, CVE-2023-36674, CVE-2023-36675 guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline (\n) into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n (CVE-2023-29197). Manualthumb bypasses badFile lookup (CVE-2023-36674). XSS in BlockLogFormatter due to unsafe message use (CVE-2023-36675). References: - https://bugs.mageia.org/show_bug.cgi?id=32083 - https://lists.wikimedia.org/hyperkitty/list/
Jul 26, 2023
•Critical
Mageia
203
security advisorydenial of serviceattack vectorMageia: 2023-0106 Moderate: Ruby-Rack Denial of Service Vulnerabilities
A denial of service vulnerability in the Range header parsing component of Rack > = 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) . MGASA-2023-0106 - Updated ruby-rack packages fix security vulnerability Publication date: 24 Mar 2023 URL: https://advisories.mageia.org/MGASA-2023-0106.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-44570, CVE-2022-44571, CVE-2022-44572, CVE-2023-27530 A denial of service vulnerability in the Range header parsing component of Rack > = 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted. (CVE-2022-44570) There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an attacker to craft an input that can cause Content-Disposition header parsing in Rackto take an unexpected amount of time, possibly resulting in a denial ofservice attack vector. This header is used typically used in multipartparsing. Any applications that parse multipart posts using Rack (virtuallyall Rails applications) are impacted. (CVE-2022-44571) A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker to craft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted. (CVE-2022-44572) A DoSvulnerability exists in Rack
Mar 24, 2023
•Important
Mageia
100
security advisorymoderatesoftware updateopenSUSE: 2022:3840-1 High: Nodejs12 Remote Code Execution Vulnerability
An update that fixes two vulnerabilities is now available. . SUSE Security Update: Security update for nodejs10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3835-1 Rating: moderate References: #1201325 #1203832 Cross-References: CVE-2022-32213 CVE-2022-35256 CVSS scores: CVE-2022-32213 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-32213 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2022-35256 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for nodejs10 fixes the following issues: - CVE-2022-35256: Fixed incorrect parsing of header fields (bsc#1203832). - CVE-2022-32213: Fixed bypass via obs-fold mechanic (bsc#1201325). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3835=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3835=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): nodejs10-10.24.1-150000.1.50.1 nodejs10-debuginfo-10.24.1-150000.1.50.1 nodejs10-debugsource-10.24.1-150000.1.50.1 nodejs10-devel-10.24.1-150000.1.50.1 npm10-10.24.1-150000.1.50.1 - openSUSE Leap 15.4 (noarch): nodejs10-docs-10.24.1-150000.1.50.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nodejs10-10.24.1-150000.1.50.1 nodejs10-debuginfo-10.24.1-150000.1.50.1 nodejs10-debugsource-10.24.1-150000.1.50.1 nodejs10-devel-10.24.1-150000.1.50.1 npm10-10.24.1-150000.1.50.1 - openSUSE Leap 15.3 (noarch): nodejs10-docs-10.24.1-150000.1.50.1 References: https://www.suse.com/security/cve/CVE-2022-32213.html https://www.suse.com/security/cve/CVE-2022-35256.html https://bugzilla.suse.com/1201325 https://bugzilla.suse.com/1203832 . Important SUSE patch addresses multiple problems in nodejs10: rectifies header interpretation and circumvention vulnerabilities.. Nodejs10 Security Update, openSUSE Threats, SUSE Security Advisory. . LinuxSecurity.com Team
Nov 01, 2022
SuSE
100
security advisorymoderateSUSESUSE: 2022:3616-1 Moderate: Nodejs12 Header Parsing And Bypass Fix
An update that fixes two vulnerabilities is now available. . SUSE Security Update: Security update for nodejs12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3616-1 Rating: moderate References: #1201325 #1203832 Cross-References: CVE-2022-32213 CVE-2022-35256 CVSS scores: CVE-2022-32213 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-32213 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2022-35256 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for nodejs12 fixes the following issues: - CVE-2022-35256: Fixed incorrect parsing of header fields (bsc#1203832). - CVE-2022-32213: Fixed bypass via obs-fold mechanic (bsc#1201325). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3616=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3616=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-3616=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.12-150200.4.38.1 nodejs12-debuginfo-12.22.12-150200.4.38.1 nodejs12-debugsource-12.22.12-150200.4.38.1 nodejs12-devel-12.22.12-150200.4.38.1 npm12-12.22.12-150200.4.38.1 - openSUSE Leap 15.4 (noarch): nodejs12-docs-12.22.12-150200.4.38.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.12-150200.4.38.1 nodejs12-debuginfo-12.22.12-150200.4.38.1 nodejs12-debugsource-12.22.12-150200.4.38.1 nodejs12-devel-12.22.12-150200.4.38.1 npm12-12.22.12-150200.4.38.1 - openSUSE Leap 15.3 (noarch): nodejs12-docs-12.22.12-150200.4.38.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.12-150200.4.38.1 nodejs12-debuginfo-12.22.12-150200.4.38.1 nodejs12-debugsource-12.22.12-150200.4.38.1 nodejs12-devel-12.22.12-150200.4.38.1 npm12-12.22.12-150200.4.38.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch): nodejs12-docs-12.22.12-150200.4.38.1 References: https://www.suse.com/security/cve/CVE-2022-32213.html https://www.suse.com/security/cve/CVE-2022-35256.html https://bugzilla.suse.com/1201325 https://bugzilla.suse.com/1203832 . SUSE has issued a security update for nodejs12 to address two moderate severity vulnerabilities impacting various SUSE operating systems.. SUSE Linux, Nodejs Update, Security Fixes. . LinuxSecurity.com Team
Oct 18, 2022
SuSE
100
security advisorysecurity issuemoderate severitySUSE: 2022:3614-1 Moderate: Nodejs14 Fixes For Parsing Issues
An update that fixes two vulnerabilities is now available. . SUSE Security Update: Security update for nodejs14 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3614-1 Rating: moderate References: #1201325 #1203832 Cross-References: CVE-2022-32213 CVE-2022-35256 CVSS scores: CVE-2022-32213 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-32213 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2022-35256 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for nodejs14 fixes the following issues: Updated to version 14.20.1: - CVE-2022-32213: Fixed bypass via obs-fold mechanic (bsc#1201325). - CVE-2022-35256: Fixed incorrect Parsing of Header Fields (bsc#1203832). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3614=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3614=1 - SUSE Linux Enterprise Modulefor Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-3614=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): corepack14-14.20.1-150200.15.37.1 nodejs14-14.20.1-150200.15.37.1 nodejs14-debuginfo-14.20.1-150200.15.37.1 nodejs14-debugsource-14.20.1-150200.15.37.1 nodejs14-devel-14.20.1-150200.15.37.1 npm14-14.20.1-150200.15.37.1 - openSUSE Leap 15.4 (noarch): nodejs14-docs-14.20.1-150200.15.37.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nodejs14-14.20.1-150200.15.37.1 nodejs14-debuginfo-14.20.1-150200.15.37.1 nodejs14-debugsource-14.20.1-150200.15.37.1 nodejs14-devel-14.20.1-150200.15.37.1 npm14-14.20.1-150200.15.37.1 - openSUSE Leap 15.3 (noarch): nodejs14-docs-14.20.1-150200.15.37.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64): nodejs14-14.20.1-150200.15.37.1 nodejs14-debuginfo-14.20.1-150200.15.37.1 nodejs14-debugsource-14.20.1-150200.15.37.1 nodejs14-devel-14.20.1-150200.15.37.1 npm14-14.20.1-150200.15.37.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch): nodejs14-docs-14.20.1-150200.15.37.1 References: https://www.suse.com/security/cve/CVE-2022-32213.html https://www.suse.com/security/cve/CVE-2022-35256.html https://bugzilla.suse.com/1201325 https://bugzilla.suse.com/1203832 . SUSE Security Update for nodejs14: Fixes moderate issues in latest patch. Update your systems for enhanced security.. SUSE Linux, NodeJS, Security Update, Patch Management, Software Vulnerabilities. . LinuxSecurity.com Team
Oct 18, 2022
SuSE
100
security advisorymoderateSUSE LinuxSUSE Linux 12: 2022:3503-1 Moderate: Nodejs12 Header Parsing Issues
An update that fixes two vulnerabilities is now available. . SUSE Security Update: Security update for nodejs12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3503-1 Rating: moderate References: #1201325 #1203832 Cross-References: CVE-2022-32213 CVE-2022-35256 CVSS scores: CVE-2022-32213 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-32213 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2022-35256 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for nodejs12 fixes the following issues: - CVE-2022-35256: Fixed incorrect parsing of header fields (bsc#1203832). - CVE-2022-32213: Fixed bypass via obs-fold mechanic (bsc#1201325). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patchSUSE-SLE-Module-Web-Scripting-12-2022-3503=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.12-1.54.1 nodejs12-debuginfo-12.22.12-1.54.1 nodejs12-debugsource-12.22.12-1.54.1 nodejs12-devel-12.22.12-1.54.1 npm12-12.22.12-1.54.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs12-docs-12.22.12-1.54.1 References: https://www.suse.com/security/cve/CVE-2022-32213.html https://www.suse.com/security/cve/CVE-2022-35256.html https://bugzilla.suse.com/1201325 https://bugzilla.suse.com/1203832 . Patch released for SUSE addressing two vulnerabilities in nodejs12. Complete details and guidance provided in the announcement.. SUSE Security, Nodejs Update, Web Scripting, Moderate Issues. . LinuxSecurity.com Team
Oct 04, 2022
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!