Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 1 articles for you...
202
security advisoryupdatepatchopenSUSE 12.3 and 13.1 - 2014:0492-1 Important: OpenSSL Heartbeat Issue
An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.. openSUSE Security Update: update for openssl ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0492-1 Rating: important References: #872299 Cross-References: CVE-2014-0160 Affected Products: openSUSE 13.1 openSUSE 12.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This openssl update fixes one security issue: - bnc#872299: Fixed missing bounds checks for heartbeat messages (CVE-2014-0160). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-277 - openSUSE 12.3: zypper in -t patch openSUSE-2014-277 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): libopenssl-devel-1.0.1e-11.32.1 libopenssl1_0_0-1.0.1e-11.32.1 libopenssl1_0_0-debuginfo-1.0.1e-11.32.1 openssl-1.0.1e-11.32.1 openssl-debuginfo-1.0.1e-11.32.1 openssl-debugsource-1.0.1e-11.32.1 - openSUSE 13.1 (x86_64): libopenssl-devel-32bit-1.0.1e-11.32.1 libopenssl1_0_0-32bit-1.0.1e-11.32.1 libopenssl1_0_0-debuginfo-32bit-1.0.1e-11.32.1 - openSUSE 13.1 (noarch): openssl-doc-1.0.1e-11.32.1 - openSUSE 12.3 (i586 x86_64): libopenssl-devel-1.0.1e-1.44.1 libopenssl1_0_0-1.0.1e-1.44.1 libopenssl1_0_0-debuginfo-1.0.1e-1.44.1 openssl-1.0.1e-1.44.1 openssl-debuginfo-1.0.1e-1.44.1 openssl-debugsource-1.0.1e-1.44.1 - openSUSE 12.3 (x86_64): libopenssl-devel-32bit-1.0.1e-1.44.1 libopenssl1_0_0-32bit-1.0.1e-1.44.1 libopenssl1_0_0-debuginfo-32bit-1.0.1e-1.44.1 - openSUSE 12.3 (noarch): openssl-doc-1.0.1e-1.44.1 References: https://www.suse.com/security/cve/CVE-2014-0160.html . Patch addressing OpenSSL security flaws in openSUSE versions 12.3 and 13.1 released, marked with high severity. Essential update now accessible.. OpenSSL Security Update, Heartbeat Check Fix, openSUSE Patching. . Severity: Important. LinuxSecurity.com Team
Apr 08, 2014
•Important
OpenSUSE
87
security advisorycriticaldebianDebian Wheezy DSA-2896-2 Urgent: OpenSSL Heap Corruption Issue
A vulnerability has been discovered in OpenSSL's support for the TLS/DTLS Hearbeat extension. Up to 64KB of memory from either client or server can be recovered by an attacker This vulnerability might allow an attacker to compromise the private key and other sensitive data in . - ------------------------------------------------------------------------- Debian Security Advisory DSA-2896-1
Apr 07, 2014
•Critical
Debian
91
security advisorydenial of servicegentooGentoo: GLSA-200608-23 Normal: Heartbeat Denial Of Service
Heartbeat is vulnerable to a Denial of Service which can be triggered by a remote attacker without authentication.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200608-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Heartbeat: Denial of Service Date: August 24, 2006 Bugs: #141894 ID: 200608-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Heartbeat is vulnerable to a Denial of Service which can be triggered by a remote attacker without authentication. Background ========= Heartbeat is a component of the High-Availability Linux project. It is used to perform death-of-node detection, communications and cluster management. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-cluster/heartbeat < 2.0.7 > = 2.0.7 Description ========== Yan Rong Ge discovered that the peel_netstring() function in cl_netstring.c does not validate the "length" parameter of user input, which can lead to an out-of-bounds memory access when processing certain Heartbeat messages (CVE-2006-3121). Furthermore an unspecified local DoS issue was fixed (CVE-2006-3815). Impact ===== By sending a malicious UDP Heartbeat message, even before authentication, a remote attacker can crash the master control process of the cluster. Workaround ========= There is no known workaround at this time. Resolution ========= All Heartbeat users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-cluster/heartbeat-2.0.7" References ========= [ 1 ] CVE-2006-3121 https://www.cve.org/CVERecord?id=CVE-2006-3121 [ 2 ] CVE-2006-3815 https://www.cve.org/CVERecord?id=CVE-2006-3815 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200608-23 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Aug 24, 2006
Gentoo
87
security advisorydenial of servicecriticalDebian 3.1: DSA 1151-1 Important: Heartbeat Remote Denial of Service
Updated package.. - --------------------------------------------------------------------------Debian Security Advisory DSA 1151-1
Aug 15, 2006
•Important
Debian
87
security advisorydenial of servicedebianUbuntu: DSA 1234-1 Critical Update for Apache RCE Vulnerability
Updated package.. - --------------------------------------------------------------------------Debian Security Advisory DSA 1128-1
Jul 28, 2006
•Critical
Debian
87
security advisorycriticaldebianDebian 3.1 DSA 761-2 Critical: Heartbeat Insecure Files Fix
Updated package.. - --------------------------------------------------------------------------Debian Security Advisory DSA 761-2
Aug 15, 2005
•Critical
Debian
91
security advisoryGentoofile overwriteGentoo: GLSA 200508-05 Normal: Heartbeat Symlink Targeting Users
Heartbeat is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200508-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Heartbeat: Insecure temporary file creation Date: August 07, 2005 Bugs: #97175 ID: 200508-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Heartbeat is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files. Background ========= Heartbeat is a component of the High-Availability Linux project. It it used to perform death-of-node detection, communications and cluster management. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-cluster/heartbeat < 1.2.3-r1 > = 1.2.3-r1 Description ========== Eric Romang has discovered that Heartbeat insecurely creates temporary files with predictable filenames. Impact ===== A local attacker could create symbolic links in the temporary file directory, pointing to a valid file somewhere on the filesystem. When a vulnerable script is executed, this could lead to the file being overwritten with the rights of the user running the affected application. Workaround ========= There is no known workaround at this time. Resolution ========= All Heartbeat users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =sys-cluster/heartbeat-1.2.3-r1" References ========= [ 1 ] CAN-2005-2231 https://www.cve.org/CVERecord?id=CAN-2005-2231 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200508-05 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Aug 07, 2005
Gentoo
87
security advisorysoftware updatedebianDebian DSA-761-1 Moderate: Heartbeat Insecure File Creation Advisory
Eric Romang discovered several insecure temporary file creations in heartbeat, the subsystem for High-Availability Linux.. - --------------------------------------------------------------------------Debian Security Advisory DSA 761-1
Jul 19, 2005
•Important
Debian
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!