Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
197
security advisoryupdatedebianDebian 10 Buster DLA-3496-1 Moderate: Lemonldap-ng Impersonation Risk Fixed
Issues were discovered in Lemonldap::NG, an OpenID-Connect, CAS and SAML compatible Web-SSO system, which could lead to impersonation of users with a second factor authentication. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3496-1
Jul 14, 2023
Debian LTS
89
security advisorycriticalFedoraFedora 22: FEDORA-2016-6f783d1768 Critical Chrony Impersonation Risk
Security fix for CVE-2016-1567. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-6f783d1768 2016-02-01 20:30:53.300385 -------------------------------------------------------------------------------- Name : chrony Product : Fedora 22 Version : 2.1.1 Release : 2.fc22 URL : Summary : An NTP client/server Description : A client/server for the Network Time Protocol, this program keeps your computer's clock accurate. It was specially designed to support systems with intermittent internet connections, but it also works well in permanently connected environments. It can use also hardware reference clocks, system real-time clock or manual input as time references. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-1567 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1297472 - CVE-2016-1567 chrony: missing key check allows impersonation between authenticated peers (VU#357792) https://bugzilla.redhat.com/show_bug.cgi?id=1297472 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update chrony' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Feb 02, 2016
•Critical
Fedora
172
security advisorymoderateubuntuUbuntu 11.10 USN-1238-1 Moderate: Puppet Master Impersonation Risk
The Puppet master server could be impersonated in certain configurations.. =========================================================================Ubuntu Security Notice USN-1238-1 October 24, 2011 puppet vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: The Puppet master server could be impersonated in certain configurations. Software Description: - puppet: Centralized configuration management Details: It was discovered that Puppet incorrectly handled the non-default "certdnsnames" option when generating certificates. If this setting was added to puppet.conf, the puppet master’s DNS alt names were added to the X.509 Subject Alternative Name field of all certificates, not just the puppet master’s certificate. An attacker that has an incorrect agent certificate in his possession can use it to impersonate the puppet master in a man-in-the-middle attack. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: puppet-common 2.7.1-1ubuntu3.2 Ubuntu 11.04: puppet-common 2.6.4-2ubuntu2.5 Ubuntu 10.10: puppet-common 2.6.1-0ubuntu2.4 Ubuntu 10.04 LTS: puppet-common 0.25.4-2ubuntu6.5 In general, a standard system update will make all the necessary changes. If your puppet master's puppet.conf file has ever contained the "certdnsnames" setting, you must reissue your site certificates, or apply another mitigation technique. Please see the upstream advisory for more information: https://portal.perforce.com/s/cve-dashboard?CVE__c-filterId=00BPA0000009fOv2AI References: https://ubuntu.com/security/notices/USN-1238-1 CVE-2011-3872 Package Information: https://launchpad.net/ubuntu/+source/puppet/2.7.1-1ubuntu3.2 https://launchpad.net/ubuntu/+source/puppet/2.6.4-2ubuntu2.5 https://launchpad.net/ubuntu/+source/puppet/2.6.1-0ubuntu2.4 https://launchpad.net/ubuntu/+source/puppet/0.25.4-2ubuntu6.5 . Ubuntu Security Alert USN-4567-2 tackles the Ansible controller spoofing vulnerability, emphasizing potential threats and remediation measures.. Puppet Security Issue, Ubuntu 11.10 Update, Configuration Management Risks. . Severity: Important. LinuxSecurity.com Team
Oct 24, 2011
•Important
Ubuntu
87
security advisorydebianremote attackDebian DSA 273-1 Critical: Kerberos Cryptographic Weakness Attack
A cryptographic weakness in version 4 of the Kerberos protocol allows an attacker to use a chosen-plaintext attack to impersonate any principal in a realm.. - -------------------------------------------------------------------------- Debian Security Advisory DSA 273-1
Mar 28, 2003
•Critical
Debian
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!