Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
100
security advisorykernel updatememory leakSUSE: 2024:4195-1 Important: Kernel Memory Leak and btrfs Issues
* bsc#1229273 * bsc#1229553 Cross-References: * CVE-2024-35949 . # Security update for the Linux Kernel (Live Patch 53 for SLE 12 SP5) Announcement ID: SUSE-SU-2024:4195-1 Release Date: 2024-12-05T12:33:42Z Rating: important References: * bsc#1229273 * bsc#1229553 Cross-References: * CVE-2024-35949 * CVE-2024-43861 CVSS scores: * CVE-2024-35949 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-43861 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43861 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_194 fixes several issues. The following security issues were fixed: * CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229553). * CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1229273). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2024-4195=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_194-default-11-2.1 ## References: * https://www.suse.com/security/cve/CVE-2024-35949.html * https://www.suse.com/security/cve/CVE-2024-43861.html * https://bugzilla.suse.com/show_bug.cgi?id=1229273 * https://bugzilla.suse.com/show_bug.cgi?id=1229553 . Crucial security enhancement for SUSE Linux Kernel Live Patch 53 targets significant vulnerabilities in SLE 12 SP5.. Linux Kernel Updates,SUSE Security Patch, Live Patching Instructions. . Severity: Important. LinuxSecurity.com Team
Dec 05, 2024
•Important
SuSE
100
security patchgcc updatecontainer securitySUSE 2023:3658-1 Important: GCC Update for suse/sles12sp5 Security
The container suse/sles12sp5 was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3658-1 Container Tags : suse/sles12sp5:6.5.529 , suse/sles12sp5:latest Container Release : 6.5.529 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 CVE-2023-4039 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4287-1 Released: Tue Oct 31 09:03:38 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibccross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. The following package changes have been done: - libgcc_s1-13.2.1+git7813-1.6.1 updated -libstdc++6-13.2.1+git7813-1.6.1 updated . SUSE Container Update Notification for suse/sles12sp5 featuring urgent patches and updates addressing gcc and potential security threats.. gcc Update, SUSE Advisory, Container Security, Patches. . Severity: Important. LinuxSecurity.com Team
Nov 02, 2023
•Important
SuSE
100
security advisorysecurity updatebuffer overflowSUSE SLES 15 SP4: 2022:1147-1 Important Security Update Overview
The container suse-sles-15-sp4-chost-byos-v20221215-hvm-ssd-x86_64 was updated. The following patches have been included in this update:. SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20221215-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:1147-1 Image Tags : suse-sles-15-sp4-chost-byos-v20221215-hvm-ssd-x86_64:20221215 Image Release : Severity : important Type : security References : 1179465 1184124 1184689 1186787 1187655 1188086 1188607 1189560 1190651 1191833 1192252 1192478 1192508 1192648 1196076 1197284 1197428 1197998 1198165 1198625 1198894 1199074 1200330 1200505 1200657 1200803 1200901 1200994 1201053 1202014 1202269 1202337 1202417 1202750 1202962 1203110 1203125 1203152 1203155 1203194 1203216 1203267 1203272 1203341 1203368 1203482 1203508 1203509 1203600 1203749 1203796 1203797 1203799 1203818 1203820 1203894 1203924 1203957 1204440 1204577 1204706 1204720 1204779 1204821 1204844 1205126 1205178 1205182 1205275 1206065 1206235 876845 877776 885007 896188 988954 CVE-2019-18348 CVE-2020-10735 CVE-2020-8492 CVE-2021-3928 CVE-2022-23471 CVE-2022-2601 CVE-2022-27191 CVE-2022-2980 CVE-2022-2982 CVE-2022-3037 CVE-2022-3099 CVE-2022-3134 CVE-2022-3153 CVE-2022-3234 CVE-2022-3235 CVE-2022-3278 CVE-2022-3296 CVE-2022-3297 CVE-2022-3324 CVE-2022-3352 CVE-2022-3705 CVE-2022-37454 CVE-2022-3775 CVE-2022-42898 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20221215-hvm-ssd-x86_64 was updated. The following patches have been included in thisupdate: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4141-1 Released: Mon Nov 21 09:28:07 2022 Summary: Security update for grub2 Type: security Severity: important References: 1205178,1205182,CVE-2022-2601,CVE-2022-3775 This update for grub2 fixes the following issues: - CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178). - CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182). Other: - Bump upstream SBAT generation to 3 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4160-1 Released: Tue Nov 22 10:10:37 2022 Summary: Recommended update for nfsidmap Type: recommended Severity: moderate References: 1200901 This update for nfsidmap fixes the following issues: - Various bugfixes and improvemes from upstream In particular, fixed a crashthat can happen when a 'static' mapping is configured. (bsc#1200901) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4162-1 Released: Tue Nov 22 10:56:10 2022 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1202014,1203267,1203368,1203749,1203894 This update for dracut fixes the following issues: - A series of fixes for NVMeoF boot to resolve wrong information that is added by dracut (bsc#1203368) - network-manager: always install the library plugins directory (bsc#1202014) - dmsquash-live: correct regression introduced with shellcheck changes (bsc#1203894) - systemd: add missing modprobe@.service (bsc#1203749) - i18n: do not fail if FONT in /etc/vconsole.conf has the file extension (bsc#1203267) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4217-1 Released: Fri Nov 25 07:23:35 2022 Summary: Recommended update for wget Type: recommended Severity: moderate References: 1204720 This update for wgetfixes the following issues: - Truncate long file names to prevent wget failures (bsc#1204720) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4226-1 Released: Fri Nov 25 18:16:59 2022 Summary: Recommended update for suseconnect-ng Type: recommended Severity: moderate References: 1196076,1198625,1200803,1200994,1203341,1204821 This update for suseconnect-ng fixes the following issues: - Fix System-Token support in ruby binding (bsc#1203341) - Use system-wide proxy settings (bsc#1200994) - Add timer for SUSEConnect --keepalive (bsc#1196076) - Added support for the System-Token header - Add Keepalive command line option - Print nested zypper errors (bsc#1200803) - Fix migration json error with SMT (bsc#1198625) - Packaging adjustments (bsc#1204821) - Add option to run local scc tests ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4227-1 Released: Fri Nov 25 18:17:31 2022 Summary: Recommended update for release-notes-sle-micro Type: recommended Severity: low References: 1204440 This update for samba fixes the following issue: - Make samba-tool available in the basesystem (bsc#1204440) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4262-1 Released: Tue Nov 29 05:45:23 2022 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1199074,1203216,1203482 This update for lvm2 fixes the following issues: - Fix terminated lvmlockd not clearing/adopting locks, leading to inability to start volume group (bsc#1203216) - Fix device-mapper rpm package versioning to prevent migration issues (bsc#1199074) - Fix lvmlockd to support sanlock (bsc#1203482) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4278-1 Released: Tue Nov 29 15:43:49 2022 Summary: Security update for supportutils Type: security Severity: moderate References: 1184689,1188086,1192252,1192648,1197428,1200330,1202269,1202337,1202417,1203818 This update for supportutils fixes the following issues: Security issues fixed: - Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818) Bug fixes: - Added lifecycle information - Fixed KVM virtualization detection on bare metal (bsc#1184689) - Added logging using journalctl (bsc#1200330) - Get current sar data before collecting files (bsc#1192648) - Collects everything in /etc/multipath/ (bsc#1192252) - Collects power management information in hardware.txt (bsc#1197428) - Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337) - Fixed conf_files and conf_text_files so y2log is gathered (bsc#1202269) - Update to nvme_info and block_info (bsc#1202417) - Added includedir directories from /etc/sudoers (bsc#1188086) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4281-1 Released: Tue Nov 29 15:46:10 2022 Summary: Securityupdate for python3 Type: security Severity: important References: 1188607,1203125,1204577,CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454 This update for python3 fixes the following issues: - CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577) - CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125) The following non-security bug was fixed: - Fixed a crash in the garbage collection (bsc#1188607). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4282-1 Released: Tue Nov 29 15:50:15 2022 Summary: Security update for vim Type: security Severity: important References: 1192478,1202962,1203110,1203152,1203155,1203194,1203272,1203508,1203509,1203796,1203797,1203799,1203820,1203924,1204779,CVE-2021-3928,CVE-2022-2980,CVE-2022-2982,CVE-2022-3037,CVE-2022-3099,CVE-2022-3134,CVE-2022-3153,CVE-2022-3234,CVE-2022-3235,CVE-2022-3278,CVE-2022-3296,CVE-2022-3297,CVE-2022-3324,CVE-2022-3352,CVE-2022-3705 This update for vim fixes the following issues: Updated to version 9.0 with patch level 0814: - CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478). - CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508). - CVE-2022-3235: Fixed use-after-free (bsc#1203509). - CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820). - CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779). - CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152). - CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796). - CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797). - CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110). - CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194). - CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272). - CVE-2022-3278: Fixed NULL pointer dereference ineval_next_non_blank() in eval.c (bsc#1203799). - CVE-2022-3352: Fixed use-after-free (bsc#1203924). - CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155). - CVE-2022-3037: Fixed use-after-free (bsc#1202962). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4312-1 Released: Fri Dec 2 11:16:47 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657,1203600 This update for tar fixes the following issues: - Fix unexpected inconsistency when making directory (bsc#1203600) - Update race condition fix (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4328-1 Released: Tue Dec 6 12:25:12 2022 Summary: Recommended update for audit-secondary Type: recommended Severity: moderate References: 1204844 This update for audit-secondary fixes the following issues: - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:4340-1 Released: Wed Dec 7 12:54:47 2022 Summary: Feature update for wicked Type: feature Severity: moderate References: 1184124,1186787,1187655,1189560,1192508,1198894,1200505,1201053,876845,877776,885007,896188,988954 This update for wicked fixes the following issues: - build: Ensure binaries are Position Independent Executable (PIE) (bsc#1184124) - client: Add release options to ifdown/ifreload (jsc#SLE-25048, jsc#SLE-10249) - client: Fix memory access violation (SEGV) on empty xpath results - dbus: Clear string array before append - dhcp4: Fix issues in reuse of last lease (bsc#1187655) - dhcp6: Add option to refresh lease (jsc#SLE-24310, jsc#SLE-9492, jsc#SLE-24307) - dhcp6: Consider ppp interfaces supported - dhcp6: Ignore lease release status - dhcp6: Remove address before release - firewall-ext: No config change on ifdown (bsc#1201053, bsc#1189560) - socket: Fix memory accessviolation (SEGV) on heavy socket restart errors (bsc#1192508) - systemd: Remove systemd-udev-settle dependency (bsc#1186787) - team: Fix to configure port priority in teamd (bsc#1200505) - wireless: Add support for WPA3 and PMF (bsc#1198894) - wireless: Fix memory access violation (SEGV) on supplicant restart - wireless: Remove libiw dependencies ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4370-1 Released: Thu Dec 8 17:19:14 2022 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1191833,1205275 This update for rsyslog fixes the following issues: - Parsing of legacy config syntax (bsc#1205275) - Remove $klogConsoleLogLevel setting from rsyslog.conf as this legacy setting from pre-systemd times is obsolete and can block important systemd messages (bsc#1191833) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4383-1 Released: Fri Dec 9 04:01:50 2022 Summary: Recommended update for iputils Type: recommended Severity: important References: 1203957 This update for iputils fixes the following issues: - Fix occasional memory access violation when using `ping` (bsc#1203957) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4412-1 Released: Tue Dec 13 04:47:03 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1204706 This update for suse-build-key fixes the following issues: - added /usr/share/pki/containers directory for container pem keys (cosign/sigstore style), put the SUSE Container signing PEM key there too (bsc#1204706) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4463-1 Released: Tue Dec 13 17:04:31 2022 Summary: Security update for containerd Type: security Severity: important References: 1197284,1206065,1206235,CVE-2022-23471,CVE-2022-27191 This update forcontainerd fixes the following issues: Update to containerd v1.6.12 including Docker v20.10.21-ce (bsc#1206065). Also includes the following fix: - CVE-2022-23471: host memory exhaustion through Terminal resize goroutine leak (bsc#1206235). - CVE-2022-27191: crash in a golang.org/x/crypto/ssh server (bsc#1197284). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4469-1 Released: Wed Dec 14 06:05:13 2022 Summary: Recommended update for sudo Type: recommended Severity: important References: 1197998 This update for sudo fixes the following issues: - Change sudo-ldap schema from ASCII to UTF8 to fix a regression introduced in a previous maintenance update (bsc#1197998) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4499-1 Released: Thu Dec 15 10:48:49 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1179465 This update for openssh fixes the following issues: - Make ssh connections update their dbus environment (bsc#1179465): * Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish The following package changes have been done: - audit-3.0.6-150400.4.6.1 updated - containerd-ctr-1.6.12-150000.79.1 updated - containerd-1.6.12-150000.79.1 updated - dracut-mkinitrd-deprecated-055+suse.323.gca0e74f0-150400.3.13.1 updated - dracut-055+suse.323.gca0e74f0-150400.3.13.1 updated - grub2-i386-pc-2.06-150400.11.17.1 updated - grub2-x86_64-efi-2.06-150400.11.17.1 updated - grub2-x86_64-xen-2.06-150400.11.17.1 updated - grub2-2.06-150400.11.17.1 updated - iputils-20211215-150400.3.3.2 updated - krb5-1.19.2-150400.3.3.1 updated - libdevmapper1_03-2.03.05_1.02.163-150400.185.1 updated - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libopenssl1_1-1.1.1l-150400.7.16.1 updated - libpython3_6m1_0-3.6.15-150300.10.37.2 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated -nfsidmap-0.26-150000.3.7.1 updated - openssh-clients-8.4p1-150300.3.15.4 updated - openssh-common-8.4p1-150300.3.15.4 updated - openssh-server-8.4p1-150300.3.15.4 updated - openssh-8.4p1-150300.3.15.4 updated - openssl-1_1-1.1.1l-150400.7.16.1 updated - python3-base-3.6.15-150300.10.37.2 updated - python3-3.6.15-150300.10.37.2 updated - rpm-ndb-4.14.3-150300.52.1 updated - rsyslog-8.2106.0-150400.5.11.1 updated - samba-client-libs-4.15.8+git.527.8d0c05d313e-150400.3.16.11 updated - sudo-1.9.9-150400.4.9.1 updated - supportutils-3.1.21-150300.7.35.15.1 updated - suse-build-key-12.0-150000.8.28.1 updated - suseconnect-ng-1.0.0~git0.faee7c196dc1-150400.3.7.3 updated - system-group-audit-3.0.6-150400.4.6.1 updated - tar-1.34-150000.3.22.3 updated - vim-data-common-9.0.0814-150000.5.28.1 updated - vim-9.0.0814-150000.5.28.1 updated - wget-1.20.3-150000.3.15.1 updated - wicked-service-0.6.70-150400.3.3.1 updated - wicked-0.6.70-150400.3.3.1 updated . The SUSE SLES 15 SP4 image upgrade introduces essential updates that tackle various critical vulnerabilities.. SUSE Update, Security Patch, Container Risk, Image Update, Threat Mitigation. . Severity: Important. LinuxSecurity.com Team
Dec 20, 2022
•Important
SuSE
98
security advisoryRed Hat Enterprise Linuxsecurity impactRed Hat Enterprise Linux 8.2 RHSA-2022:5474-01 Important: Firefox Update
An update for firefox is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2022:5474-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:5474 Issue date: 2022-06-30 CVE Names: CVE-2022-2200 CVE-2022-31744 CVE-2022-34468 CVE-2022-34470 CVE-2022-34472 CVE-2022-34479 CVE-2022-34481 CVE-2022-34484 ==================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.11 ESR. Security Fix(es): * Mozilla: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI (CVE-2022-34468) * Mozilla: Use-after-free in nsSHistory (CVE-2022-34470) * Mozilla: A popup window could be resized in a way to overlay the address bar with web content (CVE-2022-34479) * Mozilla: Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11 (CVE-2022-34484) * Mozilla: Undesired attributes could be set as part of prototypepollution (CVE-2022-2200) * Mozilla: CSP bypass enabling stylesheet injection (CVE-2022-31744) * Mozilla: Unavailable PAC file resulted in OCSP requests being blocked (CVE-2022-34472) * Mozilla: Potential integer overflow in ReplaceElementsAt (CVE-2022-34481) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2102161 - CVE-2022-34479 Mozilla: A popup window could be resized in a way to overlay the address bar with web content 2102162 - CVE-2022-34470 Mozilla: Use-after-free in nsSHistory 2102163 - CVE-2022-34468 Mozilla: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI 2102164 - CVE-2022-34481 Mozilla: Potential integer overflow in ReplaceElementsAt 2102165 - CVE-2022-31744 Mozilla: CSP bypass enabling stylesheet injection 2102166 - CVE-2022-34472 Mozilla: Unavailable PAC file resulted in OCSP requests being blocked 2102168 - CVE-2022-2200 Mozilla: Undesired attributes could be set as part of prototype pollution 2102169 - CVE-2022-34484 Mozilla: Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11 6. Package List: Red Hat Enterprise Linux AppStream EUS (v.8.2): Source: firefox-91.11.0-2.el8_2.src.rpm aarch64: firefox-91.11.0-2.el8_2.aarch64.rpm firefox-debuginfo-91.11.0-2.el8_2.aarch64.rpm firefox-debugsource-91.11.0-2.el8_2.aarch64.rpm ppc64le: firefox-91.11.0-2.el8_2.ppc64le.rpm firefox-debuginfo-91.11.0-2.el8_2.ppc64le.rpm firefox-debugsource-91.11.0-2.el8_2.ppc64le.rpm s390x: firefox-91.11.0-2.el8_2.s390x.rpm firefox-debuginfo-91.11.0-2.el8_2.s390x.rpm firefox-debugsource-91.11.0-2.el8_2.s390x.rpm x86_64: firefox-91.11.0-2.el8_2.x86_64.rpm firefox-debuginfo-91.11.0-2.el8_2.x86_64.rpm firefox-debugsource-91.11.0-2.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-2200 https://access.redhat.com/security/cve/CVE-2022-31744 https://access.redhat.com/security/cve/CVE-2022-34468 https://access.redhat.com/security/cve/CVE-2022-34470 https://access.redhat.com/security/cve/CVE-2022-34472 https://access.redhat.com/security/cve/CVE-2022-34479 https://access.redhat.com/security/cve/CVE-2022-34481 https://access.redhat.com/security/cve/CVE-2022-34484 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYr6VqtzjgjWX9erEAQhWDw/+POKN8ad16XGpk19KKP8vQVGK4YTQDutu bmCOAzorh1awB23T/Ad9xmIwFFacSoHaBJsRF6AOpzLshyfnSS0DNrZer6f1EJuO 07ev9KfY03l6Np0F9TYh2lAmPGSK5doS8IduHQGoUiOkbo7UvX4KcqUxbJsZ3YRf fUQKRBxxO7+rHWq2XR1lUQVblzGgUuIR/lFsHME1r3vgIqeSj2RyKDymoGQ7f9tF bYrluT+ilYfiJI3jc12Yxr/iufHlM34ZTVFyvHb1ASLV2gKz9lNk7etqNHf8ti+a cuR+YgQ+nOMWlkj1lhbyMDRlinPZKZC/dUmlLmYaNI/gTq1GIo6tuO0EoZt2+rYG HXD669stQE1CWXsdAZXxNIe3DaaEyRhOyicoKV3HxSRmmcQs1SECw4CsL8UqgI1G +KU26HCyYDFjPRB0u/8wyx1txMZ8tj367DsCb7KCBvq9GdmfcoHtQX2uJGmiBq0j LQRsiIzsg0XWqd7pkIIQ6ZZ66R2LMsI9sRzN2EoW7kl+L2/BvmlHHnl29SQC5DRo IvK2zfEuGcAuTvINo1v/dI7iuwdb475F5hoe50FcYifNB8Ui3gixEnnX7tl/a3x8 Gw7i4xZAlNCTy+2+I7E+3R6oueWVRZ2FcvObWffOIQkhIZn+5vHYklvvsoKdOuwS oTybzYuqR7k=4jD+ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jul 01, 2022
•Important
Red Hat
98
security advisorysecurity updatered hatRed Hat Enterprise Linux: RHSA-2018:2511-01 Important: PostgreSQL Threats
An update for rh-postgresql95-postgresql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: rh-postgresql95-postgresql security update Advisory ID: RHSA-2018:2511-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2018:2511 Issue date: 2018-08-20 CVE Names: CVE-2017-15098 CVE-2017-15099 CVE-2018-1053 CVE-2018-1058 CVE-2018-10915 CVE-2018-10925 ==================================================================== 1. Summary: An update for rh-postgresql95-postgresql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: PostgreSQL is an advanced object-relational database managementsystem (DBMS). The following packages have been upgraded to a later upstream version: rh-postgresql95-postgresql (9.5.14). (BZ#1612671) Security Fix(es): * postgresql: Certain host connection parameters defeat client-side security defenses (CVE-2018-10915) * postgresql: Missing authorization and memory disclosure in INSERT ... ON CONFLICT DO UPDATE statements (CVE-2018-10925) * postgresql: Memory disclosure in JSON functions (CVE-2017-15098) * postgresql: pg_upgrade creates file of sensitive metadata under prevailing umask (CVE-2018-1053) * postgresql: Uncontrolled search path element in pg_dump and other client applications (CVE-2018-1058) * postgresql: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges (CVE-2017-15099) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the PostgreSQL project for reporting CVE-2018-10915, CVE-2018-10925, CVE-2017-15098, CVE-2018-1053, and CVE-2017-15099. Upstream acknowledges Andrew Krasichkov as the original reporter of CVE-2018-10915; David Rowley as the original reporter of CVE-2017-15098; Tom Lane as the original reporter of CVE-2018-1053; and Dean Rasheed as the original reporter of CVE-2017-15099. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 If the postgresql service is running, it will be automatically restarted after installing this update. 5. Bugs fixed (https://bugzilla.redhat.com/): 1508820 - CVE-2017-15098 postgresql: Memory disclosure in JSON functions 1508823 - CVE-2017-15099 postgresql: INSERT ... ON CONFLICT DO UPDATE fails to enforce SELECT privileges 1539619 - CVE-2018-1053 postgresql: pg_upgrade creates file of sensitive metadata under prevailing umask 1547044 - CVE-2018-1058 postgresql: Uncontrolled search path element in pg_dump and other client applications 1609891- CVE-2018-10915 postgresql: Certain host connection parameters defeat client-side security defenses 1612619 - CVE-2018-10925 postgresql: Missing authorization and memory disclosure in INSERT ... ON CONFLICT DO UPDATE statements 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-postgresql95-postgresql-9.5.14-1.el6.src.rpm x86_64: rh-postgresql95-postgresql-9.5.14-1.el6.x86_64.rpm rh-postgresql95-postgresql-contrib-9.5.14-1.el6.x86_64.rpm rh-postgresql95-postgresql-debuginfo-9.5.14-1.el6.x86_64.rpm rh-postgresql95-postgresql-devel-9.5.14-1.el6.x86_64.rpm rh-postgresql95-postgresql-docs-9.5.14-1.el6.x86_64.rpm rh-postgresql95-postgresql-libs-9.5.14-1.el6.x86_64.rpm rh-postgresql95-postgresql-plperl-9.5.14-1.el6.x86_64.rpm rh-postgresql95-postgresql-plpython-9.5.14-1.el6.x86_64.rpm rh-postgresql95-postgresql-pltcl-9.5.14-1.el6.x86_64.rpm rh-postgresql95-postgresql-server-9.5.14-1.el6.x86_64.rpm rh-postgresql95-postgresql-static-9.5.14-1.el6.x86_64.rpm rh-postgresql95-postgresql-test-9.5.14-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: rh-postgresql95-postgresql-9.5.14-1.el6.src.rpm x86_64: rh-postgresql95-postgresql-9.5.14-1.el6.x86_64.rpm rh-postgresql95-postgresql-contrib-9.5.14-1.el6.x86_64.rpm rh-postgresql95-postgresql-debuginfo-9.5.14-1.el6.x86_64.rpm rh-postgresql95-postgresql-devel-9.5.14-1.el6.x86_64.rpm rh-postgresql95-postgresql-docs-9.5.14-1.el6.x86_64.rpm rh-postgresql95-postgresql-libs-9.5.14-1.el6.x86_64.rpm rh-postgresql95-postgresql-plperl-9.5.14-1.el6.x86_64.rpm rh-postgresql95-postgresql-plpython-9.5.14-1.el6.x86_64.rpm rh-postgresql95-postgresql-pltcl-9.5.14-1.el6.x86_64.rpm rh-postgresql95-postgresql-server-9.5.14-1.el6.x86_64.rpm rh-postgresql95-postgresql-static-9.5.14-1.el6.x86_64.rpm rh-postgresql95-postgresql-test-9.5.14-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v.6): Source: rh-postgresql95-postgresql-9.5.14-1.el6.src.rpm x86_64: rh-postgresql95-postgresql-9.5.14-1.el6.x86_64.rpm rh-postgresql95-postgresql-contrib-9.5.14-1.el6.x86_64.rpm rh-postgresql95-postgresql-debuginfo-9.5.14-1.el6.x86_64.rpm rh-postgresql95-postgresql-devel-9.5.14-1.el6.x86_64.rpm rh-postgresql95-postgresql-docs-9.5.14-1.el6.x86_64.rpm rh-postgresql95-postgresql-libs-9.5.14-1.el6.x86_64.rpm rh-postgresql95-postgresql-plperl-9.5.14-1.el6.x86_64.rpm rh-postgresql95-postgresql-plpython-9.5.14-1.el6.x86_64.rpm rh-postgresql95-postgresql-pltcl-9.5.14-1.el6.x86_64.rpm rh-postgresql95-postgresql-server-9.5.14-1.el6.x86_64.rpm rh-postgresql95-postgresql-static-9.5.14-1.el6.x86_64.rpm rh-postgresql95-postgresql-test-9.5.14-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-postgresql95-postgresql-9.5.14-1.el7.src.rpm x86_64: rh-postgresql95-postgresql-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-contrib-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-debuginfo-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-devel-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-docs-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-libs-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-plperl-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-plpython-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-pltcl-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-server-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-static-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-test-9.5.14-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v.7.3): Source: rh-postgresql95-postgresql-9.5.14-1.el7.src.rpm x86_64: rh-postgresql95-postgresql-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-contrib-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-debuginfo-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-devel-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-docs-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-libs-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-plperl-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-plpython-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-pltcl-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-server-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-static-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-test-9.5.14-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4): Source: rh-postgresql95-postgresql-9.5.14-1.el7.src.rpm x86_64: rh-postgresql95-postgresql-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-contrib-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-debuginfo-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-devel-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-docs-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-libs-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-plperl-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-plpython-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-pltcl-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-server-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-static-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-test-9.5.14-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v.7.5): Source: rh-postgresql95-postgresql-9.5.14-1.el7.src.rpm x86_64: rh-postgresql95-postgresql-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-contrib-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-debuginfo-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-devel-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-docs-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-libs-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-plperl-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-plpython-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-pltcl-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-server-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-static-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-test-9.5.14-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-postgresql95-postgresql-9.5.14-1.el7.src.rpm x86_64: rh-postgresql95-postgresql-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-contrib-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-debuginfo-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-devel-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-docs-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-libs-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-plperl-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-plpython-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-pltcl-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-server-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-static-9.5.14-1.el7.x86_64.rpm rh-postgresql95-postgresql-test-9.5.14-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2017-15098 https://access.redhat.com/security/cve/CVE-2017-15099 https://access.redhat.com/security/cve/CVE-2018-1053 https://access.redhat.com/security/cve/CVE-2018-1058 https://access.redhat.com/security/cve/CVE-2018-10915 https://access.redhat.com/security/cve/CVE-2018-10925 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW3qdHtzjgjWX9erEAQjysQ//UsBhEI9KYfAKKnfVIhEIIRm58aboLJZD a8ez2sP872TXzpnILlyFIPLOAs+egVm7+tFNuJi1KHX9ss6Jf/2Yd4LW1/hv3NHv YUyyZZZkwRa03wIy6mcq+lQ/dq/lXNWq7rcC/8qvQ7nyB3q/VknreLsWknDYBsYf XbhqBz1A3lMBrL1knJQPH34eAkk8vUlWqZXWQrrXecOivk+3/w0HkKtvzF9ksePt Khdl7oA6EvU7zeGIXb5lipCNLrCag0/zcR9wnARlmOFlWhN0fhQBZx+eWxxXpQC3 sNg+lccyaL67ZtqCn1czYOktNQAa+YkTm5Pld5gTo5c41I6qH5Nc685iQX9GXTCM RhfFQHsH2lbRwmMMTl99eGjFBmcJMXBn86B2sY4NgDnELKzpK6HCkFbo5dgE6cLv fHdId0b5DdiPek269+YZJuLZ6RKvlxxZdaRyy7SegXA2uCrWZO8K1omkOrxk8Fy3 KBwURte8WeURnkMlMuF+rrVyksTDux5JI2dXAYimiqA2ivncVLa8XAafZwBOo2/E nkfnqqZs8JwS38o70iB3luJ5H19ab3u9juyauH4CX+hAATQGsgv5T226eonJYhAn 2rLs6Idd0Y9eDUIt2bJwOd/+ZcPF1nRHoaVuiOqUfSdFDqaAvIPCRl6lYRfGvk1G zTnNBYZkwp8=XDfq -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 20, 2018
•Important
Red Hat
98
security advisoryRed HatDoSRed Hat: RHSA-2016:2093-01 Important: DoS Threat Fix for BIND
An update for bind is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2016:2093-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:2093.html Issue date: 2016-10-20 CVE Names: CVE-2016-2848 ==================================================================== 1. Summary: An update for bind is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); aresolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * A denial of service flaw was found in the way BIND handled packets with malformed options. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS packet. (CVE-2016-2848) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, the BIND daemon (named) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1385450 - CVE-2016-2848 bind: assertion failure triggered by a packet with malformed options 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: bind-9.3.6-25.P1.el5_11.10.src.rpm i386: bind-9.3.6-25.P1.el5_11.10.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.10.i386.rpm bind-libs-9.3.6-25.P1.el5_11.10.i386.rpm bind-sdb-9.3.6-25.P1.el5_11.10.i386.rpm bind-utils-9.3.6-25.P1.el5_11.10.i386.rpm x86_64: bind-9.3.6-25.P1.el5_11.10.x86_64.rpm bind-debuginfo-9.3.6-25.P1.el5_11.10.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.10.x86_64.rpm bind-libs-9.3.6-25.P1.el5_11.10.i386.rpm bind-libs-9.3.6-25.P1.el5_11.10.x86_64.rpm bind-sdb-9.3.6-25.P1.el5_11.10.x86_64.rpm bind-utils-9.3.6-25.P1.el5_11.10.x86_64.rpm Red Hat Enterprise Linux Desktop Workstation (v. 5client): Source: bind-9.3.6-25.P1.el5_11.10.src.rpm i386: bind-chroot-9.3.6-25.P1.el5_11.10.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.10.i386.rpm bind-devel-9.3.6-25.P1.el5_11.10.i386.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.10.i386.rpm caching-nameserver-9.3.6-25.P1.el5_11.10.i386.rpm x86_64: bind-chroot-9.3.6-25.P1.el5_11.10.x86_64.rpm bind-debuginfo-9.3.6-25.P1.el5_11.10.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.10.x86_64.rpm bind-devel-9.3.6-25.P1.el5_11.10.i386.rpm bind-devel-9.3.6-25.P1.el5_11.10.x86_64.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.10.i386.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.10.x86_64.rpm caching-nameserver-9.3.6-25.P1.el5_11.10.x86_64.rpm Red Hat Enterprise Linux (v. 5server): Source: bind-9.3.6-25.P1.el5_11.10.src.rpm i386: bind-9.3.6-25.P1.el5_11.10.i386.rpm bind-chroot-9.3.6-25.P1.el5_11.10.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.10.i386.rpm bind-devel-9.3.6-25.P1.el5_11.10.i386.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.10.i386.rpm bind-libs-9.3.6-25.P1.el5_11.10.i386.rpm bind-sdb-9.3.6-25.P1.el5_11.10.i386.rpm bind-utils-9.3.6-25.P1.el5_11.10.i386.rpm caching-nameserver-9.3.6-25.P1.el5_11.10.i386.rpm ia64: bind-9.3.6-25.P1.el5_11.10.ia64.rpm bind-chroot-9.3.6-25.P1.el5_11.10.ia64.rpm bind-debuginfo-9.3.6-25.P1.el5_11.10.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.10.ia64.rpm bind-devel-9.3.6-25.P1.el5_11.10.ia64.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.10.ia64.rpm bind-libs-9.3.6-25.P1.el5_11.10.i386.rpm bind-libs-9.3.6-25.P1.el5_11.10.ia64.rpm bind-sdb-9.3.6-25.P1.el5_11.10.ia64.rpm bind-utils-9.3.6-25.P1.el5_11.10.ia64.rpm caching-nameserver-9.3.6-25.P1.el5_11.10.ia64.rpm ppc: bind-9.3.6-25.P1.el5_11.10.ppc.rpm bind-chroot-9.3.6-25.P1.el5_11.10.ppc.rpm bind-debuginfo-9.3.6-25.P1.el5_11.10.ppc.rpm bind-debuginfo-9.3.6-25.P1.el5_11.10.ppc64.rpm bind-devel-9.3.6-25.P1.el5_11.10.ppc.rpm bind-devel-9.3.6-25.P1.el5_11.10.ppc64.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.10.ppc.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.10.ppc64.rpm bind-libs-9.3.6-25.P1.el5_11.10.ppc.rpm bind-libs-9.3.6-25.P1.el5_11.10.ppc64.rpm bind-sdb-9.3.6-25.P1.el5_11.10.ppc.rpm bind-utils-9.3.6-25.P1.el5_11.10.ppc.rpm caching-nameserver-9.3.6-25.P1.el5_11.10.ppc.rpm s390x: bind-9.3.6-25.P1.el5_11.10.s390x.rpm bind-chroot-9.3.6-25.P1.el5_11.10.s390x.rpm bind-debuginfo-9.3.6-25.P1.el5_11.10.s390.rpm bind-debuginfo-9.3.6-25.P1.el5_11.10.s390x.rpm bind-devel-9.3.6-25.P1.el5_11.10.s390.rpm bind-devel-9.3.6-25.P1.el5_11.10.s390x.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.10.s390.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.10.s390x.rpm bind-libs-9.3.6-25.P1.el5_11.10.s390.rpm bind-libs-9.3.6-25.P1.el5_11.10.s390x.rpm bind-sdb-9.3.6-25.P1.el5_11.10.s390x.rpm bind-utils-9.3.6-25.P1.el5_11.10.s390x.rpm caching-nameserver-9.3.6-25.P1.el5_11.10.s390x.rpm x86_64: bind-9.3.6-25.P1.el5_11.10.x86_64.rpm bind-chroot-9.3.6-25.P1.el5_11.10.x86_64.rpm bind-debuginfo-9.3.6-25.P1.el5_11.10.i386.rpm bind-debuginfo-9.3.6-25.P1.el5_11.10.x86_64.rpm bind-devel-9.3.6-25.P1.el5_11.10.i386.rpm bind-devel-9.3.6-25.P1.el5_11.10.x86_64.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.10.i386.rpm bind-libbind-devel-9.3.6-25.P1.el5_11.10.x86_64.rpm bind-libs-9.3.6-25.P1.el5_11.10.i386.rpm bind-libs-9.3.6-25.P1.el5_11.10.x86_64.rpm bind-sdb-9.3.6-25.P1.el5_11.10.x86_64.rpm bind-utils-9.3.6-25.P1.el5_11.10.x86_64.rpm caching-nameserver-9.3.6-25.P1.el5_11.10.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: bind-9.8.2-0.47.rc1.el6_8.2.src.rpm i386: bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-libs-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-utils-9.8.2-0.47.rc1.el6_8.2.i686.rpm x86_64: bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-libs-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-libs-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-utils-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: bind-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-chroot-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-devel-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-sdb-9.8.2-0.47.rc1.el6_8.2.i686.rpm x86_64: bind-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-chroot-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-devel-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-devel-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-sdb-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: bind-9.8.2-0.47.rc1.el6_8.2.src.rpm x86_64: bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-libs-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-libs-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-utils-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm Red Hat Enterprise Linux HPCNode Optional (v. 6): x86_64: bind-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-chroot-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-devel-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-devel-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-sdb-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: bind-9.8.2-0.47.rc1.el6_8.2.src.rpm i386: bind-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-chroot-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-libs-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-utils-9.8.2-0.47.rc1.el6_8.2.i686.rpm ppc64: bind-9.8.2-0.47.rc1.el6_8.2.ppc64.rpm bind-chroot-9.8.2-0.47.rc1.el6_8.2.ppc64.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.ppc.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.ppc64.rpm bind-libs-9.8.2-0.47.rc1.el6_8.2.ppc.rpm bind-libs-9.8.2-0.47.rc1.el6_8.2.ppc64.rpm bind-utils-9.8.2-0.47.rc1.el6_8.2.ppc64.rpm s390x: bind-9.8.2-0.47.rc1.el6_8.2.s390x.rpm bind-chroot-9.8.2-0.47.rc1.el6_8.2.s390x.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.s390.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.s390x.rpm bind-libs-9.8.2-0.47.rc1.el6_8.2.s390.rpm bind-libs-9.8.2-0.47.rc1.el6_8.2.s390x.rpm bind-utils-9.8.2-0.47.rc1.el6_8.2.s390x.rpm x86_64: bind-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-chroot-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-libs-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-libs-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-utils-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v.6): i386: bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-devel-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-sdb-9.8.2-0.47.rc1.el6_8.2.i686.rpm ppc64: bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.ppc.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.ppc64.rpm bind-devel-9.8.2-0.47.rc1.el6_8.2.ppc.rpm bind-devel-9.8.2-0.47.rc1.el6_8.2.ppc64.rpm bind-sdb-9.8.2-0.47.rc1.el6_8.2.ppc64.rpm s390x: bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.s390.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.s390x.rpm bind-devel-9.8.2-0.47.rc1.el6_8.2.s390.rpm bind-devel-9.8.2-0.47.rc1.el6_8.2.s390x.rpm bind-sdb-9.8.2-0.47.rc1.el6_8.2.s390x.rpm x86_64: bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-devel-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-devel-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-sdb-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: bind-9.8.2-0.47.rc1.el6_8.2.src.rpm i386: bind-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-chroot-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-libs-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-utils-9.8.2-0.47.rc1.el6_8.2.i686.rpm x86_64: bind-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-chroot-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-libs-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-libs-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-utils-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-devel-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-sdb-9.8.2-0.47.rc1.el6_8.2.i686.rpm x86_64: bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-debuginfo-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-devel-9.8.2-0.47.rc1.el6_8.2.i686.rpm bind-devel-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm bind-sdb-9.8.2-0.47.rc1.el6_8.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are availablefrom https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2016-2848 https://access.redhat.com/security/updates/classification#important https://kb.isc.org/docs/aa-01433 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYCS0AXlSAg2UNWIIRAu+iAJ9Rncx/t39h0y9nhC4W/nILLbyH4wCggnM4 /GZChCDYTqrpEmcqGkeiE3o=s4zR -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Oct 20, 2016
•Important
Red Hat
98
security advisoryred hatsoftware updateRed Hat Enterprise Linux 7 RHSA-2016:1422-01 Critical Httpd Security Update
An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: httpd security and bug fix update Advisory ID: RHSA-2016:1422-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:1422 Issue date: 2016-07-18 CVE Names: CVE-2016-5387 ==================================================================== 1. Summary: An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attackercould possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5387) Note: After this update, httpd will no longer pass the value of the Proxy request header to scripts via the HTTP_PROXY environment variable. Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue. Bug Fix(es): * In a caching proxy configuration, the mod_cache module would treat content as stale if the Expires header changed when refreshing a cached response. As a consequence, an origin server returning content without a fixed Expires header would not be treated as cacheable. The mod_cache module has been fixed to ignore changes in the Expires header when refreshing content. As a result, such content is now cacheable, improving performance and reducing load at the origin server. (BZ#1347648) * The HTTP status code 451 "Unavailable For Legal Reasons" was not usable in the httpd configuration. As a consequence, modules such as mod_rewrite could not be configured to return a 451 error if required for legal purposes. The 451 status code has been added to the list of available error codes, and modules can now be configured to return a 451 error if required. (BZ#1353269) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1347648 - Apache can not cache content if Expires header is modified 1353269 - Support sending http 451 status code from RewriteRule 1353755 - CVE-2016-5387 Apache HTTPD: sets environmental variable based on user supplied Proxy request header 6. Package List: Red Hat Enterprise Linux Client Optional (v.7): Source: httpd-2.4.6-40.el7_2.4.src.rpm noarch: httpd-manual-2.4.6-40.el7_2.4.noarch.rpm x86_64: httpd-2.4.6-40.el7_2.4.x86_64.rpm httpd-debuginfo-2.4.6-40.el7_2.4.x86_64.rpm httpd-devel-2.4.6-40.el7_2.4.x86_64.rpm httpd-tools-2.4.6-40.el7_2.4.x86_64.rpm mod_ldap-2.4.6-40.el7_2.4.x86_64.rpm mod_proxy_html-2.4.6-40.el7_2.4.x86_64.rpm mod_session-2.4.6-40.el7_2.4.x86_64.rpm mod_ssl-2.4.6-40.el7_2.4.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: httpd-2.4.6-40.el7_2.4.src.rpm noarch: httpd-manual-2.4.6-40.el7_2.4.noarch.rpm x86_64: httpd-2.4.6-40.el7_2.4.x86_64.rpm httpd-debuginfo-2.4.6-40.el7_2.4.x86_64.rpm httpd-devel-2.4.6-40.el7_2.4.x86_64.rpm httpd-tools-2.4.6-40.el7_2.4.x86_64.rpm mod_ldap-2.4.6-40.el7_2.4.x86_64.rpm mod_proxy_html-2.4.6-40.el7_2.4.x86_64.rpm mod_session-2.4.6-40.el7_2.4.x86_64.rpm mod_ssl-2.4.6-40.el7_2.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: httpd-2.4.6-40.el7_2.4.src.rpm noarch: httpd-manual-2.4.6-40.el7_2.4.noarch.rpm ppc64: httpd-2.4.6-40.el7_2.4.ppc64.rpm httpd-debuginfo-2.4.6-40.el7_2.4.ppc64.rpm httpd-devel-2.4.6-40.el7_2.4.ppc64.rpm httpd-tools-2.4.6-40.el7_2.4.ppc64.rpm mod_ssl-2.4.6-40.el7_2.4.ppc64.rpm ppc64le: httpd-2.4.6-40.el7_2.4.ppc64le.rpm httpd-debuginfo-2.4.6-40.el7_2.4.ppc64le.rpm httpd-devel-2.4.6-40.el7_2.4.ppc64le.rpm httpd-tools-2.4.6-40.el7_2.4.ppc64le.rpm mod_ssl-2.4.6-40.el7_2.4.ppc64le.rpm s390x: httpd-2.4.6-40.el7_2.4.s390x.rpm httpd-debuginfo-2.4.6-40.el7_2.4.s390x.rpm httpd-devel-2.4.6-40.el7_2.4.s390x.rpm httpd-tools-2.4.6-40.el7_2.4.s390x.rpm mod_ssl-2.4.6-40.el7_2.4.s390x.rpm x86_64: httpd-2.4.6-40.el7_2.4.x86_64.rpm httpd-debuginfo-2.4.6-40.el7_2.4.x86_64.rpm httpd-devel-2.4.6-40.el7_2.4.x86_64.rpm httpd-tools-2.4.6-40.el7_2.4.x86_64.rpm mod_ssl-2.4.6-40.el7_2.4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v.7): ppc64: httpd-debuginfo-2.4.6-40.el7_2.4.ppc64.rpm mod_ldap-2.4.6-40.el7_2.4.ppc64.rpm mod_proxy_html-2.4.6-40.el7_2.4.ppc64.rpm mod_session-2.4.6-40.el7_2.4.ppc64.rpm ppc64le: httpd-debuginfo-2.4.6-40.el7_2.4.ppc64le.rpm mod_ldap-2.4.6-40.el7_2.4.ppc64le.rpm mod_proxy_html-2.4.6-40.el7_2.4.ppc64le.rpm mod_session-2.4.6-40.el7_2.4.ppc64le.rpm s390x: httpd-debuginfo-2.4.6-40.el7_2.4.s390x.rpm mod_ldap-2.4.6-40.el7_2.4.s390x.rpm mod_proxy_html-2.4.6-40.el7_2.4.s390x.rpm mod_session-2.4.6-40.el7_2.4.s390x.rpm x86_64: httpd-debuginfo-2.4.6-40.el7_2.4.x86_64.rpm mod_ldap-2.4.6-40.el7_2.4.x86_64.rpm mod_proxy_html-2.4.6-40.el7_2.4.x86_64.rpm mod_session-2.4.6-40.el7_2.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: httpd-2.4.6-40.el7_2.4.src.rpm noarch: httpd-manual-2.4.6-40.el7_2.4.noarch.rpm x86_64: httpd-2.4.6-40.el7_2.4.x86_64.rpm httpd-debuginfo-2.4.6-40.el7_2.4.x86_64.rpm httpd-devel-2.4.6-40.el7_2.4.x86_64.rpm httpd-tools-2.4.6-40.el7_2.4.x86_64.rpm mod_ssl-2.4.6-40.el7_2.4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: httpd-debuginfo-2.4.6-40.el7_2.4.x86_64.rpm mod_ldap-2.4.6-40.el7_2.4.x86_64.rpm mod_proxy_html-2.4.6-40.el7_2.4.x86_64.rpm mod_session-2.4.6-40.el7_2.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2016-5387 https://access.redhat.com/security/updates/classification#important https://access.redhat.com/security/vulnerabilities/httpoxy https://access.redhat.com/solutions/2435501 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXjQl5XlSAg2UNWIIRAog3AJ4kSRr4UhlDqzVRUErGk5a6gH0fSgCgsWe5 aKj6hUMU0+4M7qT61Qr95pE=UZcq -----END PGP SIGNATURE----- -- Enterprise-watch-list mailinglist
Jul 18, 2016
•Important
Red Hat
98
security advisorybuffer overflowkernel updateRed Hat Enterprise Linux: RHSA-2010:0893-01 Important Buffer Overflow
Updated kernel packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 5.3 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2010:0893-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2010:0893.html Issue date: 2010-11-16 CVE Names: CVE-2010-2521 ==================================================================== 1. Summary: Updated kernel packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 5.3 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5.3.z server) - i386, ia64, noarch, ppc, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * Buffer overflow flaws were found in the Linux kernel's implementation of the server-side External Data Representation (XDR) for the Network File System (NFS) version 4. An attacker on the local network could send a specially-crafted large compound request to the NFSv4 server, which could possibly result in a kernel panic (denial of service) or, potentially, code execution. (CVE-2010-2521, Important) This update also fixes the following bugs: * A race condition existed when generating new process IDs with the result that the wrong process could have beensignaled or killed accidentally, leading to various application faults. This update detects and disallows the reuse of PID numbers. (BZ#638864) * When multiple JBD-based (Journaling Block Device) file systems were mounted concurrently, and no other JBD-based file systems were already mounted, a race could occur between JBD slab cache creation and deletion. (BZ#645653) * A missing memory barrier caused a race condition in the AIO subsystem between the read_events() and aio_complete() functions. This may have caused a thread in read_events() to sleep indefinitely, possibly causing an application hang. (BZ#638868) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 612028 - CVE-2010-2521 kernel: nfsd4: bug in read_buf 638864 - [5.5] a race in pid generation that causes pids to be reused immediately. [rhel-5.3.z] 638868 - race in aio_complete() leads to process hang [rhel-5.3.z] 645653 - [Patch] jbd slab cache creation/deletion is racey [rhel-5.3.z] 6. Package List: Red Hat Enterprise Linux (v. 5.3.zserver): Source: kernel-2.6.18-128.26.1.el5.src.rpm i386: kernel-2.6.18-128.26.1.el5.i686.rpm kernel-PAE-2.6.18-128.26.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-128.26.1.el5.i686.rpm kernel-PAE-devel-2.6.18-128.26.1.el5.i686.rpm kernel-debug-2.6.18-128.26.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-128.26.1.el5.i686.rpm kernel-debug-devel-2.6.18-128.26.1.el5.i686.rpm kernel-debuginfo-2.6.18-128.26.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-128.26.1.el5.i686.rpm kernel-devel-2.6.18-128.26.1.el5.i686.rpm kernel-headers-2.6.18-128.26.1.el5.i386.rpm kernel-xen-2.6.18-128.26.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-128.26.1.el5.i686.rpm kernel-xen-devel-2.6.18-128.26.1.el5.i686.rpm ia64: kernel-2.6.18-128.26.1.el5.ia64.rpm kernel-debug-2.6.18-128.26.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-128.26.1.el5.ia64.rpm kernel-debug-devel-2.6.18-128.26.1.el5.ia64.rpm kernel-debuginfo-2.6.18-128.26.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-128.26.1.el5.ia64.rpm kernel-devel-2.6.18-128.26.1.el5.ia64.rpm kernel-headers-2.6.18-128.26.1.el5.ia64.rpm kernel-xen-2.6.18-128.26.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-128.26.1.el5.ia64.rpm kernel-xen-devel-2.6.18-128.26.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-128.26.1.el5.noarch.rpm ppc: kernel-2.6.18-128.26.1.el5.ppc64.rpm kernel-debug-2.6.18-128.26.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-128.26.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-128.26.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-128.26.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-128.26.1.el5.ppc64.rpm kernel-devel-2.6.18-128.26.1.el5.ppc64.rpm kernel-headers-2.6.18-128.26.1.el5.ppc.rpm kernel-headers-2.6.18-128.26.1.el5.ppc64.rpm kernel-kdump-2.6.18-128.26.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-128.26.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-128.26.1.el5.ppc64.rpm s390x: kernel-2.6.18-128.26.1.el5.s390x.rpm kernel-debug-2.6.18-128.26.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-128.26.1.el5.s390x.rpm kernel-debug-devel-2.6.18-128.26.1.el5.s390x.rpm kernel-debuginfo-2.6.18-128.26.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-128.26.1.el5.s390x.rpm kernel-devel-2.6.18-128.26.1.el5.s390x.rpm kernel-headers-2.6.18-128.26.1.el5.s390x.rpm kernel-kdump-2.6.18-128.26.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-128.26.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-128.26.1.el5.s390x.rpm x86_64: kernel-2.6.18-128.26.1.el5.x86_64.rpm kernel-debug-2.6.18-128.26.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-128.26.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-128.26.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-128.26.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-128.26.1.el5.x86_64.rpm kernel-devel-2.6.18-128.26.1.el5.x86_64.rpm kernel-headers-2.6.18-128.26.1.el5.x86_64.rpm kernel-xen-2.6.18-128.26.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-128.26.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-128.26.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2010-2521 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFM4tlIXlSAg2UNWIIRAuiKAKCMBlnSsY9IGitEtZI3CVrZMt2ssgCgoAP/ n7rq27KIcLFomWzJpvmxsK0=VJNZ -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Nov 16, 2010
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!