Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
203
security advisoryinfinite loopheader validationMageia 9: 2024-0319 critical: Java header validation issues
Potential UTF8 size overflow. (CVE-2024-21131) Excessive symbol length can lead to infinite loop. (CVE-2024-21138) Range Check Elimination (RCE) pre-loop limit overflow. (CVE-2024-21140) Pack200 increase loading time due to improper header validation. (CVE-2024-21144) . MGASA-2024-0319 - Updated java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, & java-latest-openjdk packages fix security vulnerabilities Publication date: 27 Sep 2024 URL: https://advisories.mageia.org/MGASA-2024-0319.html Type: security Affected Mageia releases: 9 CVE: CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE-2024-21145, CVE-2024-21147 Potential UTF8 size overflow. (CVE-2024-21131) Excessive symbol length can lead to infinite loop. (CVE-2024-21138) Range Check Elimination (RCE) pre-loop limit overflow. (CVE-2024-21140) Pack200 increase loading time due to improper header validation. (CVE-2024-21144) Out-of-bounds access in 2D image handling. (CVE-2024-21145) RangeCheckElimination array index overflow. (CVE-2024-21147) References: - https://bugs.mageia.org/show_bug.cgi?id=33413 - https://www.oracle.com/security-alerts/cpujul2024.html#AppendixJAVA - https://access.redhat.com/errata/RHSA-2024:4560 - https://access.redhat.com/errata/RHSA-2024:4567 - https://access.redhat.com/errata/RHSA-2024:4568 - java-latest-openjdk-22.0.2.0.9-1.rolling.1.mga9 - https://www.cve.org/CVERecord?id=CVE-2024-21131 - https://www.cve.org/CVERecord?id=CVE-2024-21138 - https://www.cve.org/CVERecord?id=CVE-2024-21140 - https://www.cve.org/CVERecord?id=CVE-2024-21144 - https://www.cve.org/CVERecord?id=CVE-2024-21145 - https://www.cve.org/CVERecord?id=CVE-2024-21147 SRPMS: - 9/core/java-1.8.0-openjdk-1.8.0.422.b05-1.mga9 - 9/core/java-11-openjdk-11.0.24.0.8-1.mga9 - 9/core/java-17-openjdk-17.0.12.0.7-1.mga9 - 9/core/java-latest-openjdk-22.0.2.0.9-1.rolling.1.mga9 . MGASA-2024-0319 addresses several vulnerabilities in Java for Mageia users, impacting different iterations of Java.. Java Security, Mageia Update,OpenJDK Fixes, Security Patches. . Severity: Critical. LinuxSecurity.com Team
Sep 27, 2024
•Critical
Mageia
197
security advisorycriticaldebianDebian 9: DLA-2850-1 Critical: libpcap Improper Header Validation
Improper PHB header length validation was fixed in libpcap, a library for capturing network traffic. For Debian 9 stretch, this problem has been fixed in version . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2850-1
Dec 26, 2021
•Critical
Debian LTS
202
security advisorymoderatesecurity updateopenSUSE Leap 15.2: openSUSE-SU-2021:0448-1 Moderate Netty Issue Fix
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for netty ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:0448-1 Rating: moderate References: #1183262 Cross-References: CVE-2021-21295 CVSS scores: CVE-2021-21295 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for netty fixes the following issues: - CVE-2021-21295: Fixed an improper Content-Length header field validation (bsc#1183262). : This update was imported from the SUSE:SLE-15-SP2:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-448=1 Package List: - openSUSE Leap 15.2 (x86_64): netty-4.1.13-lp152.3.3.1 netty-javadoc-4.1.13-lp152.3.3.1 netty-poms-4.1.13-lp152.3.3.1 References: https://www.suse.com/security/cve/CVE-2021-21295.html https://bugzilla.suse.com/1183262 . A recent update for openSUSE addresses a moderate vulnerability in netty related to the incorrect validation of the Content-Length header.. OpenSUSE,Netty Update,Security Fix,Software Patch,Content-Length Issue. . LinuxSecurity.com Team
Mar 19, 2021
OpenSUSE
89
security advisoryfedoracriticalFedora 33: 2020-df970da9fc Critical Resteasy Header Issue
Security fix for CVE-2020-1695. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-df970da9fc 2020-12-09 01:15:13.907236 --------------------------------------------------------------------------------Name : resteasy Product : Fedora 33 Version : 3.0.26 Release : 6.fc33 URL : https://resteasy.dev/ Summary : Framework for RESTful Web services and Java applications Description : RESTEasy contains a JBoss project that provides frameworks to help build RESTful Web Services and RESTful Java applications. It is a fully certified and portable implementation of the JAX-RS specification. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2020-1695 --------------------------------------------------------------------------------ChangeLog: * Mon Nov 30 2020 Alexander Scheel - 3.0.26-6 - CVE-2020-1695: Improper validation of response header in MediaTypeHeaderDelegate.java class Resolves: rh-bz#1845547 --------------------------------------------------------------------------------References: [ 1 ] Bug #1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class https://bugzilla.redhat.com/show_bug.cgi?id=1730462 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-df970da9fc' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announcemailing list --
Dec 08, 2020
•Critical
Fedora
197
security advisorydebianmemory allocationDebian 8 Jessie DLA-1967-1 Critical: Libpcap Memory Allocation Fix
libpcap (Packet CAPture), a low-level network monitoring library, does not properly validate the PHB header length before allocating memory. This update added sanity checks for PHB header length. . Package : libpcap Version : 1.6.2-2+deb8u1 CVE ID : CVE-2019-15165 Debian Bug : 941697 libpcap (Packet CAPture), a low-level network monitoring library, does not properly validate the PHB header length before allocating memory. This update added sanity checks for PHB header length. For Debian 8 "Jessie", this problem has been fixed in version 1.6.2-2+deb8u1. We recommend that you upgrade your libpcap packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Follow these steps to upgrade libpcap on Debian 8 Jessie, addressing PHB header length validation vulnerabilities and improving memory safety. libpcap, network monitoring, security update, Debian Jessie, PHB header. . Severity: Critical. LinuxSecurity.com Team
Oct 21, 2019
•Critical
Debian LTS
89
security advisoryFedoracritical updateFedora 22: Critical Update 2015-8704 for php-ZendFramework Header Issues
**Zend Framework 1.12.13** * 567: Cast int and float to string when creating headers **Zend Framework 1.12.12** * 493: PHPUnit not being installed * 511: Add PATCH to the list of allowed methods in Zend_Controller_Request_HttpTestCase. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-8704 2015-05-22 00:29:59 -------------------------------------------------------------------------------- Name : php-ZendFramework Product : Fedora 22 Version : 1.12.13 Release : 1.fc22 URL : https://framework.zend.com/ Summary : Leading open-source PHP framework Description : Extending the art & spirit of PHP, Zend Framework is based on simplicity, object-oriented best practices, corporate friendly licensing, and a rigorously tested agile code base. Zend Framework is focused on building more secure, reliable, and modern Web 2.0 applications & web services, and consuming widely available APIs from leading vendors like Google, Amazon, Yahoo!, Flickr, as well as API providers and catalogers like StrikeIron and ProgrammableWeb. -------------------------------------------------------------------------------- Update Information: **Zend Framework 1.12.13** * 567: Cast int and float to string when creating headers **Zend Framework 1.12.12** * 493: PHPUnit not being installed * 511: Add PATCH to the list of allowed methods in Zend_Controller_Request_HttpTestCase * 513: Save time and space when cloning PHPUnit * 515: !IE conditional comments bug * 516: Zend_Locale does not honor parentLocale configuration * 518: Run travis build also on PHP 7 builds * 534: Failing unit test: Zend_Validate_EmailAddressTest::testIdnHostnameInEmaillAddress * 536: Zend_Measure_Number convert some decimal numbers to roman with space char * 537: Extend view renderer controller fix (#440) * 540: Fix PHP 7 BC breaks in Zend_XmlRpc/Amf_Server * 541: Fixed errors in tests on PHP7 * 542: Correctly reset the sub-path when processing routes * 545:Fixed path delimeters being stripped by chain routes affecting later routes * 546: TravisCI: Skip memcache(d) on PHP 5.2 * 547: Session Validators throw 'general' Session Exception during Session start * 550: Notice "Undefined index: browser_version" * 557: doc: Zend Framework Dependencies table unreadable * 559: Fixes a typo in Zend_Validate messages for SK * 561: Zend_Date not expected year * 564: Zend_Application tries to load ZendX_Application_Resource_FrontController during instantiation **Security** * **ZF2015-04**: Zend_Mail and Zend_Http were both susceptible to CRLF Injection Attack vectors (for HTTP, this is often referred to as HTTP Response Splitting). Both components were updated to perform header value validations to ensure no values contain characters not detailed in their corresponding specifications, and will raise exceptions on detection. Each also provides new facilities for both validating and filtering header values prior to injecting them into header classes. If you use either Zend_Mail or Zend_Http, we recommend upgrading immediately. -------------------------------------------------------------------------------- ChangeLog: * Wed May 20 2015 Remi Collet - 1.12.13-1 - update to 1.12.13 - add composer provides -------------------------------------------------------------------------------- References: [ 1 ] Bug #1215712 - CVE-2015-3154 php-ZendFramework2: ZF2015-04: Potential header and mail injection vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1215712 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update php-ZendFramework' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
May 30, 2015
•Critical
Fedora
89
security advisorysecurity updateFedoraFedora 20: 2015-7887 Critical: php-ZendFramework2 CRLF Injection
* **ZF2015-04**: Zend\Mail and Zend\Http were both susceptible to CRLF Injection Attack vectors (for HTTP, this is often referred to as HTTP Response Splitting). Both components were updated to perform header value validations to ensure no values contain characters not detailed in their corresponding specifications, and will raise exceptions on detection. Each also provides new facilities for both [More...]. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-7887 2015-05-10 04:04:12 -------------------------------------------------------------------------------- Name : php-ZendFramework2 Product : Fedora 20 Version : 2.3.8 Release : 1.fc20 URL : https://framework.zend.com/ Summary : Zend Framework 2 Description : Zend Framework 2 is an open source framework for developing web applications and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code and utilizes most of the new features of PHP 5.3, namely namespaces, late static binding, lambda functions and closures. Zend Framework 2 evolved from Zend Framework 1, a successful PHP framework with over 15 million downloads. Note: This meta package installs all base Zend Framework component packages (Authentication, Barcode, Cache, Captcha, Code, Config, Console, Crypt, Db, Debug, Di, Dom, Escaper, EventManager, Feed, File, Filter, Form, Http, I18n, InputFilter, Json, Ldap, Loader, Log, Mail, Math, Memory, Mime, ModuleManager, Mvc, Navigation, Paginator, Permissions-Acl, Permissions-Rbac, ProgressBar, Serializer, Server, ServiceManager, Session, Soap, Stdlib, Tag, Test, Text, Uri, Validator, Version, View, XmlRpc) except the optional Cache-apc and Cache-memcached packages. -------------------------------------------------------------------------------- Update Information: * **ZF2015-04**: Zend\Mail and Zend\Http were both susceptible to CRLF Injection Attack vectors (for HTTP, this is often referred to as HTTP Response Splitting). Bothcomponents were updated to perform header value validations to ensure no values contain characters not detailed in their corresponding specifications, and will raise exceptions on detection. Each also provides new facilities for both validating and filtering header values prior to injecting them into header classes. If you use either Zend\Mail or Zend\Http (which includes users of Zend\Mvc), we recommend upgrading immediately. -------------------------------------------------------------------------------- ChangeLog: * Fri May 8 2015 Remi Collet - 2.3.8-1 - Update to 2.3.8 * Fri Mar 13 2015 Remi Collet - 2.3.7-1 - Update to 2.3.7 * Tue Feb 24 2015 Remi Collet - 2.3.5-1 - Update to 2.3.5 - add patch for icu 54, FTBFS detected by Koschei * Fri Jan 16 2015 Remi Collet - 2.3.4-1 - Update to 2.3.4 - drop GLPI patch, fixed upstream - add dependency on ircmaxell/random-lib - apply upstream changes to inter-package dependencies * Fri Oct 17 2014 Shawn Iwinski - 2.3.3-2 - Drop php-gmp dependency from Math component (BZ #1152440) - Fix tests' autoloader * Fri Oct 10 2014 Remi Collet - 2.3.3-1 - Update to 2.3.3 - fix SQL injection with SqlSrv ZF2014-05 CVE-2014-8088 #1151276 - fix null byte issue on Ldap connect ZF2014-06 CVE-2014-8089 #1151277 * Wed Aug 20 2014 Remi Collet - 2.3.2-1 - Update to 2.3.2 - tests from github - run test suite during build * Sun Jul 20 2014 Remi Collet - 2.3.1-3 - composer dependencies - add missing license * Sat Jun 7 2014 Fedora Release Engineering - 2.3.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Tue May 20 2014 Shawn Iwinski - 2.3.1-1 - Updated to 2.3.1 * Sun May 18 2014 Shawn Iwinski - 2.2.7-1 - Updated to 2.2.7 (security update for ZF2014-03) * Tue Apr 1 2014 Remi Collet - 2.2.6-1 - Updated to 2.2.6 for CVE-2014-2681 CVE-2014-2682 CVE-2014-2683 CVE-2014-2684 CVE-2014-2685 - new package ZendXml - fix for unversioned doc directory -------------------------------------------------------------------------------- This update can beinstalled with the "yum" update program. Use su -c 'yum update php-ZendFramework2' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
May 19, 2015
•Critical
Fedora
172
security advisorydenial of servicecriticalUbuntu 6.06, 6.10, 7.04: USN-471-1 Critical: libexif Denial of Service
Victor Stinner discovered that libexif did not correctly validate the size of some EXIF header fields. By tricking a user into opening an image with specially crafted EXIF headers, a remote attacker could cause the application using libexif to crash, resulting in a denial of service. . =========================================================== Ubuntu Security Notice USN-471-1 June 11, 2007 libexif vulnerability CVE-2007-2645 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libexif12 0.6.12-2ubuntu0.1 Ubuntu 6.10: libexif12 0.6.13-4ubuntu0.1 Ubuntu 7.04: libexif12 0.6.13-5ubuntu0.1 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: Victor Stinner discovered that libexif did not correctly validate the size of some EXIF header fields. By tricking a user into opening an image with specially crafted EXIF headers, a remote attacker could cause the application using libexif to crash, resulting in a denial of service. Updated packages for Ubuntu 6.06 LTS: Source archives: Size/MD5: 3799 404b94c6dc02fded399d2015829b35ee Size/MD5: 600 ba2fd679c82d39a8fd22845c3244cf38 Size/MD5: 537829 69501aaf0862a79aaeeb73e81e8c1306 amd64 architecture (Athlon64, Opteron, EM64T Xeon) Size/MD5: 77634 abcac032c95e9128eb9562fd3e8c9c3c Size/MD5: 61804 4d4bff0d5f7a0fbd55baea101638440a i386 architecture (x86 compatible Intel/AMD) Size/MD5: 72878 53d6a23f8515d65645711d1b74630fbf Size/MD5: 57686032f3abaf88451cbb08dbf8f6a74b90f powerpc architecture (Apple Macintosh G3/G4/G5) Size/MD5: 78066 0402629c14b6396692a18aceefa17de7 Size/MD5: 60642 800f64893ff9eeb837443c92726c5784 sparc architecture (Sun SPARC/UltraSPARC) Size/MD5: 75652 8a8ff09cd40054c01305bfaaa738e28c Size/MD5: 58672 62e3912837cd84c59d87f8b5cef94927 Updated packages for Ubuntu 6.10: Source archives: Size/MD5: 4090 7bb28740d6996a32944568fd5752279f Size/MD5: 619 5106e84640dc952172c2418b832506d1 Size/MD5: 727418 e5ad93c170bfb4fed6dc3e1c7a7948cb amd64 architecture (Athlon64, Opteron, EM64T Xeon) Size/MD5: 1005486 27c44f76b5356c2e5252cf74109cc948 Size/MD5: 69208 c374d298d31ffcc1e66490c8a625f3a5 i386 architecture (x86 compatible Intel/AMD) Size/MD5: 995998 ff15d1e752e6b6d10e411546376af0e7 Size/MD5: 66008 951d7e9445cf0e2167a85031525be878 powerpc architecture (Apple Macintosh G3/G4/G5) Size/MD5: 1005170 240c110c041580afc02b588340471c80 Size/MD5: 64638 c4aef67ceac06a7296348efdacad3184 sparc architecture (Sun SPARC/UltraSPARC) Size/MD5: 1002480 018082e64ad3d8f90dbea766f6331f4f Size/MD5: 64536 c7beaa479951d01dadae0cb42b2fc20c Updated packages for Ubuntu 7.04: Source archives: Size/MD5: 9109 7e344567afce19f3260b9e01d0a5467b Size/MD5: 703 2a77275783bcf3640094d7211030baf3 Size/MD5: 727418 e5ad93c170bfb4fed6dc3e1c7a7948cb amd64 architecture (Athlon64, Opteron, EM64T Xeon) Size/MD5: 1005748 c4a6dee59ed66a7da794a1e3e5e2a115 Size/MD5: 70130 c42288b602f05f883b77c96a98b17ff3 i386 architecture (x86 compatible Intel/AMD) Size/MD5: 996420 7c04dd612e03148d48e6b789e45eae24 Size/MD5: 67134 2f2a1b6842687460da7b538d25328d4b powerpc architecture (Apple Macintosh G3/G4/G5) Size/MD5: 1005978 f1f145431e46cbf64578f5f5303affad Size/MD5: 67722 1e7ffec961515ad044eac32f5d22c94f sparc architecture (Sun SPARC/UltraSPARC) Size/MD5: 1002944 3264007332abd428dc4c26e3a67c36cc Size/MD5: 65436 44b4d989149fc1f88e1acf4e88e16c33 . Revision to mitigate libexif vulnerability causing denial of service through specially designed EXIF headers in particular versions of Ubuntu.. libexif Security, Ubuntu Patch, Denial of Service, EXIF Header Attack. . Severity: Critical. LinuxSecurity.com Team
Jun 11, 2007
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!