Alerts This Week
Warning Icon 1 905
Alerts This Week
Warning Icon 1 905

Stay Secure with the Latest Linux Advisories

Opensuse Large Esm H800
openSUSE

openSUSE libyang Important Buffer Overflow Advisory 2026-2381-1

Calendar White Jun 12, 2026
Important
Opensuse Large Esm H900
openSUSE

openSUSE HPLIP Severe Code Execution Denial of Service 2026-2380-1

Calendar White Jun 12, 2026
Critical
Suse Large Esm H900
SuSE

openSUSE HPLIP Critical Escalation DoS Advisory SUSE-2026-2380-1

Calendar White Jun 12, 2026
Critical
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.2 python-Pygments Low Denial of Service CVE-2026-4539

Calendar White Jun 12, 2026
Low
Ubuntu Large Esm H900
Ubuntu

Ubuntu 16.04 LTS GStreamer Base Plugins Critical DoS CVE-2026-2921

Calendar White Jun 12, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 12 Linux Base Update Brings Important Security Fix DLA-4628-1

Calendar White Jun 12, 2026
Informational
Debianlts Large Esm H800
Debian LTS

Debian 12 Kernel-Wedge Update for Linux 6.12 DLA-4627-1

Calendar White Jun 12, 2026
Informational
Opensuse Large Esm H900
openSUSE

openSUSE NetworkManager-libreswan Important Security Update CVE-2024-9050

Calendar White Jun 12, 2026
Important
Opensuse Large Esm H900
openSUSE

openSUSE Rclone Critical Security Update CVE-2026-25680 CVE-2026-25681

Calendar White Jun 12, 2026
Critical
Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":555,"type":"x","order":1,"pct":78.72,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.26,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.82,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.2,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -3 articles for you...
202
Ls Advisories Opensuse Esm H240
Price Tag%201security advisorycriticalOpenSUSE

Important openSUSE MariaDB update 2026-2282-1 released with fixes

An update that solves nine vulnerabilities can now be installed.. # Security update for mariadb Announcement ID: SUSE-SU-2026:2282-1 Release Date: 2026-06-05T12:14:38Z Rating: critical References: * bsc#1259176 * bsc#1266437 * bsc#1266438 * bsc#1266439 * bsc#1266440 * bsc#1266442 * bsc#1266814 * bsc#1266815 * bsc#1267542 Cross-References: * CVE-2026-3494 * CVE-2026-44168 * CVE-2026-44170 * CVE-2026-44171 * CVE-2026-44172 * CVE-2026-44173 * CVE-2026-48163 * CVE-2026-48165 * CVE-2026-49261 CVSS scores: * CVE-2026-3494 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3494 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-3494 ( NVD ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3494 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-44168 ( SUSE ): 8.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-44168 ( SUSE ): 8.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2026-44170 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-44171 ( SUSE ): 5.4 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-44171 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H * CVE-2026-44172 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-44173 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L * CVE-2026-44173 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L * CVE-2026-48163 ( SUSE ): 8.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-48163 ( SUSE ): 8.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2026-48165 ( SUSE ): 8.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-48165 ( SUSE ): 8.0CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2026-49261 ( SUSE ): 9.4 CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-49261 ( SUSE ): 9.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: * Galera for Ericsson 15 SP4 * Galera for Ericsson 15 SP5 * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves nine vulnerabilities can now be installed. ## Description: This update for mariadb fixes the following issues: Security fixes: * CVE-2026-3494: audit plugin comment handling bypass (bsc#1259176). * CVE-2026-44168: wsrep SST unsafe parameter handling on the donor side (bsc#1266442). * CVE-2026-44170: argument injection in CONNECT REST Xcurl on Windows via unsanitized URL (bsc#1266440). * CVE-2026-44171: path traversal in mbstream (bsc#1266439). * CVE-2026-44172: mysql_real_escape_string() incorrectly handled big5 (bsc#1266438). * CVE-2026-44173: FILE privilege was not checked for subqueries in the FROM clause (bsc#1266437). * CVE-2026-48163: wsrep SST unsafe parameter handling on the donor side (bsc#1266815). * CVE-2026-48165: unsafe usage of `wsrep_sst_receive_address` values on the joiner side (bsc#1266814). * CVE-2026-49261: unsafe parameter handling in `wsrep_notify_cmd` (bsc#1267542). Other fixes: * Update to 10.6.27:https://mariadb.com/docs/release-notes/community- server/10.6/10.6.27 https://mariadb.com/docs/release-notes/community- server/changelogs/10.6/10.6.27 * Update to 10.6.26: https://mariadb.com/docs/release-notes/community- server/10.6/10.6.26 https://mariadb.com/docs/release-notes/community- server/changelogs/10.6/10.6.26 https://mariadb.com/docs/release- notes/community-server/10.6/10.6.25 https://mariadb.com/docs/release- notes/community-server/changelogs/10.6/10.6.25 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2282=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2282=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2282=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2282=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2282=1 * Galera for Ericsson 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-ERICSSON-2026-2282=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2282=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2282=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2282=1 * Galera for Ericsson 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-ERICSSON-2026-2282=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2282=1 ## PackageList: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libmariadbd19-debuginfo-10.6.27-150400.3.46.1 * mariadb-bench-debuginfo-10.6.27-150400.3.46.1 * libmariadbd19-10.6.27-150400.3.46.1 * mariadb-test-debuginfo-10.6.27-150400.3.46.1 * mariadb-bench-10.6.27-150400.3.46.1 * mariadb-client-10.6.27-150400.3.46.1 * mariadb-tools-debuginfo-10.6.27-150400.3.46.1 * mariadb-client-debuginfo-10.6.27-150400.3.46.1 * mariadb-10.6.27-150400.3.46.1 * mariadb-debugsource-10.6.27-150400.3.46.1 * mariadb-galera-10.6.27-150400.3.46.1 * mariadb-tools-10.6.27-150400.3.46.1 * mariadb-debuginfo-10.6.27-150400.3.46.1 * libmariadbd-devel-10.6.27-150400.3.46.1 * mariadb-rpm-macros-10.6.27-150400.3.46.1 * mariadb-test-10.6.27-150400.3.46.1 * openSUSE Leap 15.4 (noarch) * mariadb-errormessages-10.6.27-150400.3.46.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libmariadbd19-debuginfo-10.6.27-150400.3.46.1 * libmariadbd19-10.6.27-150400.3.46.1 * mariadb-tools-debuginfo-10.6.27-150400.3.46.1 * mariadb-client-10.6.27-150400.3.46.1 * mariadb-client-debuginfo-10.6.27-150400.3.46.1 * mariadb-10.6.27-150400.3.46.1 * mariadb-debugsource-10.6.27-150400.3.46.1 * mariadb-tools-10.6.27-150400.3.46.1 * mariadb-debuginfo-10.6.27-150400.3.46.1 * libmariadbd-devel-10.6.27-150400.3.46.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * mariadb-errormessages-10.6.27-150400.3.46.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libmariadbd19-debuginfo-10.6.27-150400.3.46.1 * libmariadbd19-10.6.27-150400.3.46.1 * mariadb-tools-debuginfo-10.6.27-150400.3.46.1 * mariadb-client-10.6.27-150400.3.46.1 * mariadb-client-debuginfo-10.6.27-150400.3.46.1 * mariadb-10.6.27-150400.3.46.1 * mariadb-debugsource-10.6.27-150400.3.46.1 * mariadb-tools-10.6.27-150400.3.46.1 *mariadb-debuginfo-10.6.27-150400.3.46.1 * libmariadbd-devel-10.6.27-150400.3.46.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * mariadb-errormessages-10.6.27-150400.3.46.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libmariadbd19-debuginfo-10.6.27-150400.3.46.1 * libmariadbd19-10.6.27-150400.3.46.1 * mariadb-tools-debuginfo-10.6.27-150400.3.46.1 * mariadb-client-10.6.27-150400.3.46.1 * mariadb-client-debuginfo-10.6.27-150400.3.46.1 * mariadb-10.6.27-150400.3.46.1 * mariadb-debugsource-10.6.27-150400.3.46.1 * mariadb-tools-10.6.27-150400.3.46.1 * mariadb-debuginfo-10.6.27-150400.3.46.1 * libmariadbd-devel-10.6.27-150400.3.46.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * mariadb-errormessages-10.6.27-150400.3.46.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libmariadbd19-debuginfo-10.6.27-150400.3.46.1 * libmariadbd19-10.6.27-150400.3.46.1 * mariadb-tools-debuginfo-10.6.27-150400.3.46.1 * mariadb-client-10.6.27-150400.3.46.1 * mariadb-client-debuginfo-10.6.27-150400.3.46.1 * mariadb-10.6.27-150400.3.46.1 * mariadb-debugsource-10.6.27-150400.3.46.1 * mariadb-tools-10.6.27-150400.3.46.1 * mariadb-debuginfo-10.6.27-150400.3.46.1 * libmariadbd-devel-10.6.27-150400.3.46.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * mariadb-errormessages-10.6.27-150400.3.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libmariadbd19-debuginfo-10.6.27-150400.3.46.1 * mariadb-tools-debuginfo-10.6.27-150400.3.46.1 * libmariadbd19-10.6.27-150400.3.46.1 * mariadb-client-10.6.27-150400.3.46.1 * mariadb-client-debuginfo-10.6.27-150400.3.46.1 * mariadb-10.6.27-150400.3.46.1 * mariadb-debugsource-10.6.27-150400.3.46.1 * mariadb-tools-10.6.27-150400.3.46.1 * mariadb-debuginfo-10.6.27-150400.3.46.1 * libmariadbd-devel-10.6.27-150400.3.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * mariadb-errormessages-10.6.27-150400.3.46.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libmariadbd19-debuginfo-10.6.27-150400.3.46.1 * mariadb-tools-debuginfo-10.6.27-150400.3.46.1 * libmariadbd19-10.6.27-150400.3.46.1 * mariadb-client-10.6.27-150400.3.46.1 * mariadb-client-debuginfo-10.6.27-150400.3.46.1 * mariadb-10.6.27-150400.3.46.1 * mariadb-debugsource-10.6.27-150400.3.46.1 * mariadb-tools-10.6.27-150400.3.46.1 * mariadb-debuginfo-10.6.27-150400.3.46.1 * libmariadbd-devel-10.6.27-150400.3.46.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * mariadb-errormessages-10.6.27-150400.3.46.1 * Galera for Ericsson 15 SP4 (x86_64) * mariadb-galera-10.6.27-150400.3.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libmariadbd19-debuginfo-10.6.27-150400.3.46.1 * libmariadbd19-10.6.27-150400.3.46.1 * mariadb-tools-debuginfo-10.6.27-150400.3.46.1 * mariadb-client-10.6.27-150400.3.46.1 * mariadb-client-debuginfo-10.6.27-150400.3.46.1 * mariadb-10.6.27-150400.3.46.1 * mariadb-debugsource-10.6.27-150400.3.46.1 * mariadb-tools-10.6.27-150400.3.46.1 * mariadb-debuginfo-10.6.27-150400.3.46.1 * libmariadbd-devel-10.6.27-150400.3.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * mariadb-errormessages-10.6.27-150400.3.46.1 * Galera for Ericsson 15 SP5 (x86_64) * mariadb-debugsource-10.6.27-150400.3.46.1 * mariadb-galera-10.6.27-150400.3.46.1 * mariadb-debuginfo-10.6.27-150400.3.46.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libmariadbd19-debuginfo-10.6.27-150400.3.46.1 * libmariadbd19-10.6.27-150400.3.46.1 * mariadb-tools-debuginfo-10.6.27-150400.3.46.1 * mariadb-client-10.6.27-150400.3.46.1 * mariadb-client-debuginfo-10.6.27-150400.3.46.1 *mariadb-10.6.27-150400.3.46.1 * mariadb-debugsource-10.6.27-150400.3.46.1 * mariadb-tools-10.6.27-150400.3.46.1 * mariadb-debuginfo-10.6.27-150400.3.46.1 * libmariadbd-devel-10.6.27-150400.3.46.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * mariadb-errormessages-10.6.27-150400.3.46.1 ## References: * https://www.suse.com/security/cve/CVE-2026-3494.html * https://www.suse.com/security/cve/CVE-2026-44168.html * https://www.suse.com/security/cve/CVE-2026-44170.html * https://www.suse.com/security/cve/CVE-2026-44171.html * https://www.suse.com/security/cve/CVE-2026-44172.html * https://www.suse.com/security/cve/CVE-2026-44173.html * https://www.suse.com/security/cve/CVE-2026-48163.html * https://www.suse.com/security/cve/CVE-2026-48165.html * https://www.suse.com/security/cve/CVE-2026-49261.html * https://bugzilla.suse.com/show_bug.cgi?id=1259176 * https://bugzilla.suse.com/show_bug.cgi?id=1266437 * https://bugzilla.suse.com/show_bug.cgi?id=1266438 * https://bugzilla.suse.com/show_bug.cgi?id=1266439 * https://bugzilla.suse.com/show_bug.cgi?id=1266440 * https://bugzilla.suse.com/show_bug.cgi?id=1266442 * https://bugzilla.suse.com/show_bug.cgi?id=1266814 * https://bugzilla.suse.com/show_bug.cgi?id=1266815 * https://bugzilla.suse.com/show_bug.cgi?id=1267542 . Install the critical update for openSUSE to fix multiple vulnerabilities in MariaDB, enhancing system security.. mariadb security update, openSUSE vulnerabilities, critical patch mariadb. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 05, 2026 Critical OpenSUSE
197
Ls Advisories Deblts Esm H240
Price Tag%201security advisorypython-djangoinjection attack

Debian 11: DLA-4010-1 python-django moderate: email injection fix

The fix for CVE-2024-6923 in the python3.9 source package which was released as part of a suite of updates in DLA 3980-1 [0] introduced safer processing of input in the email module to order to increase the security around email header injection attacks. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4010-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Chris Lamb January 10, 2025 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : python-django Version : 2:2.2.28-1~deb11u4 CVE ID : CVE-2024-6923 The fix for CVE-2024-6923 in the python3.9 source package which was released as part of a suite of updates in DLA 3980-1 [0] introduced safer processing of input in the email module to order to increase the security around email header injection attacks. This change inadvertedly broke sending emails when using lazy translation strings in the python-django package, however, resulting in the package no longer building from source. As the previous behaviour of Python's "email" module can be enabled by passing the strict=False flag, the python-django package now does so — Django detects and/or encodes newlines in its handling of outbound emails elsewhere. For Debian 11 bullseye, this change has been made in version 2:2.2.28-1~deb11u4. We recommend that you upgrade your python-django packages. For the detailed security status of python-django please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/python-django Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS [0] https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html . Enhance your django installation tobolster email security following the resolution of CVE-2024-6923, alongside modifications to add new features.. python-django update, Debian 11 security, email injection fix. . LinuxSecurity.com Team

Calendar%202 Jan 11, 2025 Debian LTS
Banner 4 1028x280 1708121825 1771600306
172
Ls Advisories Ubuntu Esm H240
Price Tag%201security advisorydenial of servicecritical

Ubuntu 16.10 USN-3279-1 Critical: Apache HTTP Server Denial of Service

Several security issues were fixed in Apache HTTP Server.. =========================================================================Ubuntu Security Notice USN-3279-1 May 09, 2017 apache2 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Apache HTTP Server. Software Description: - apache2: Apache HTTP server Details: It was discovered that the Apache mod_session_crypto module was encrypting data and cookies using either CBC or ECB modes. A remote attacker could possibly use this issue to perform padding oracle attacks. (CVE-2016-0736) Maksim Malyutin discovered that the Apache mod_auth_digest module incorrectly handled malicious input. A remote attacker could possibly use this issue to cause Apache to crash, resulting in a denial of service. (CVE-2016-2161) David Dennerline and Régis Leroy discovered that the Apache HTTP Server incorrectly handled unusual whitespace when parsing requests, contrary to specifications. When being used in combination with a proxy or backend server, a remote attacker could possibly use this issue to perform an injection attack and pollute cache. This update may introduce compatibility issues with clients that do not strictly follow HTTP protocol specifications. A new configuration option "HttpProtocolOptions Unsafe" can be used to revert to the previous unsafe behaviour in problematic environments. (CVE-2016-8743) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.10: apache2-bin 2.4.18-2ubuntu4.1 Ubuntu 16.04 LTS: apache2-bin 2.4.18-2ubuntu3.2 Ubuntu 14.04 LTS: apache2-bin 2.4.7-1ubuntu4.14 In general, a standard system update will make all the necessarychanges. References: https://ubuntu.com/security/notices/USN-3279-1 CVE-2016-0736, CVE-2016-2161, CVE-2016-8743 Package Information: https://launchpad.net/ubuntu/+source/apache2/2.4.18-2ubuntu4.1 https://launchpad.net/ubuntu/+source/apache2/2.4.18-2ubuntu3.2 https://launchpad.net/ubuntu/+source/apache2/2.4.7-1ubuntu4.14 . The Ubuntu Security Notice USN-3279-1 highlights significant vulnerabilities in Apache and provides necessary updates to bolster security.. apache security issues, ubuntu apache updates, denial of service vulnerabilities. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 09, 2017 Critical Ubuntu
89
Ls Advisories Fedora Esm H240
Price Tag%201security advisorybuffer overflowcritical

Fedora 24: 2016-95c104a4c6 Critical: Xen Security Issues

xen : various security flaws (#1397383) x86 null segments not always treated as unusable [XSA-191, CVE-2016-9386] x86 task switch to VM86 mode mis-handled [XSA-192, CVE-2016-9382] x86 segment base write emulation lacking canonical address checks [XSA-193, CVE-2016-9385] x86 64-bit bit test instruction emulation broken [XSA-195, CVE-2016-9383] x86 software interrupt injection mis-. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-95c104a4c6 2016-12-04 00:24:42.253219 -------------------------------------------------------------------------------- Name : xen Product : Fedora 24 Version : 4.6.4 Release : 2.fc24 URL : https://xenproject.org/ Summary : Xen is a virtual machine monitor Description : This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor -------------------------------------------------------------------------------- Update Information: xen : various security flaws (#1397383) x86 null segments not always treated as unusable [XSA-191, CVE-2016-9386] x86 task switch to VM86 mode mis-handled [XSA-192, CVE-2016-9382] x86 segment base write emulation lacking canonical address checks [XSA-193, CVE-2016-9385] x86 64-bit bit test instruction emulation broken [XSA-195, CVE-2016-9383] x86 software interrupt injection mis- handled [XSA-196, CVE-2016-9377, CVE-2016-9378] qemu incautious about shared ring processing [XSA-197, CVE-2016-9381] delimiter injection vulnerabilities in pygrub [XSA-198, CVE-2016-9379, CVE-2016-9380] -------------------------------------------------------------------------------- References: [ 1 ] Bug #1392933 - CVE-2016-9382 xsa192 xen: x86 task switch to VM86 mode mis-handled (XSA-192) https://bugzilla.redhat.com/show_bug.cgi?id=1392933 [ 2 ] Bug #1392939 - CVE-2016-9379 CVE-2016-9380 xsa198 xen: delimiter injection vulnerabilities in pygrub (XSA-198) https://bugzilla.redhat.com/show_bug.cgi?id=1392939 [ 3 ] Bug #1392929 - CVE-2016-9385 xsa193 xen: x86 segment base write emulation lacking canonical address checks (XSA-193) https://bugzilla.redhat.com/show_bug.cgi?id=1392929 [ 4 ] Bug #1392938 - CVE-2016-9381 xsa197 xen: qemu incautious about shared ring processing (XSA-197) https://bugzilla.redhat.com/show_bug.cgi?id=1392938 [ 5 ] Bug #1392937 - CVE-2016-9377 CVE-2016-9378 xsa196 xen: x86 software interrupt injection mis-handled (XSA-196) https://bugzilla.redhat.com/show_bug.cgi?id=1392937 [ 6 ] Bug #1392935 - CVE-2016-9383 xsa195 xen: x86 64-bit bit test instruction emulation broken (XSA-195) https://bugzilla.redhat.com/show_bug.cgi?id=1392935 [ 7 ] Bug #1392932 - CVE-2016-9386 xsa191 xen: x86 null segments not always treated as unusable (XSA-191) https://bugzilla.redhat.com/show_bug.cgi?id=1392932 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade xen' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. . Critical vulnerabilities addressed in Fedora 24 related to Xen security. Key details on updates for threats such as buffer overflow exploits and code injections.. Fedora Security Update, Xen Flaws, Buffer Overflow Patch. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Dec 04, 2016 Critical Fedora
Banner 4 1028x280 1708121825 1771600306
87
Ls Advisories Debian Esm H240
Price Tag%201security advisorycriticaldebian

Debian: DSA-3265-2 Critical: Zendframework Injection Attack Mitigation

The update for zendframework issued as DSA-3265-1 introduced a regression preventing the use of non-string or non-stringable objects as header values. A fix for this problem is now applied, along with the final patch for CVE-2015-3154. For reference the original advisory text follows. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-3265-2 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Alessandro Ghedini May 24, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : zendframework The update for zendframework issued as DSA-3265-1 introduced a regression preventing the use of non-string or non-stringable objects as header values. A fix for this problem is now applied, along with the final patch for CVE-2015-3154. For reference the original advisory text follows. Multiple vulnerabilities were discovered in Zend Framework, a PHP framework. Except for CVE-2015-3154, all these issues were already fixed in the version initially shipped with Jessie. CVE-2014-2681 Lukas Reschke reported a lack of protection against XML External Entity injection attacks in some functions. This fix extends the incomplete one from CVE-2012-5657. CVE-2014-2682 Lukas Reschke reported a failure to consider that the libxml_disable_entity_loader setting is shared among threads in the PHP-FPM case. This fix extends the incomplete one from CVE-2012-5657. CVE-2014-2683 Lukas Reschke reported a lack of protection against XML Entity Expansion attacks in some functions. This fix extends the incomplete one from CVE-2012-6532. CVE-2014-2684 Christian Mainka and Vladislav Mladenov from the Ruhr-University Bochum reported an error in the consumer's verify method that lead to acceptance of wrongly sourced tokens. CVE-2014-2685 Christian Mainka and Vladislav Mladenov from theRuhr-University Bochum reported a specification violation in which signing of a single parameter is incorrectly considered sufficient. CVE-2014-4914 Cassiano Dal Pizzol discovered that the implementation of the ORDER BY SQL statement in Zend_Db_Select contains a potential SQL injection when the query string passed contains parentheses. CVE-2014-8088 Yury Dyachenko at Positive Research Center identified potential XML eXternal Entity injection vectors due to insecure usage of PHP's DOM extension. CVE-2014-8089 Jonas Sandström discovered an SQL injection vector when manually quoting value for sqlsrv extension, using null byte. CVE-2015-3154 Filippo Tessarotto and Maks3w reported potential CRLF injection attacks in mail and HTTP headers. For the oldstable distribution (wheezy), this problem has been fixed in version 1.11.13-1.1+deb7u2. For the stable distribution (jessie), this problem has been fixed in version 1.12.9+dfsg-2+deb8u2. For the testing distribution (stretch), this problem has been fixed in version 1.12.13+dfsg-1. For the unstable distribution (sid), this problem has been fixed in version 1.12.13+dfsg-1. We recommend that you upgrade your zendframework packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian Security Advisory DSA-4321-1 tackles a flaw in openssl, crucially fixing vulnerabilities that could be exploited.. Debian Security Advisory,zendframework patch,injection risks. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 24, 2015 Critical Debian
98
Ls Advisories Redhat Esm H240
Price Tag%201security advisoryRed Hatpackage update

Red Hat: RHSA-2011-0859-01 Moderate: cyrus-imapd TLS Injection Attack

Updated cyrus-imapd packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: cyrus-imapd security update Advisory ID: RHSA-2011:0859-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2011:0859.html Issue date: 2011-06-08 CVE Names: CVE-2011-1926 ==================================================================== 1. Summary: Updated cyrus-imapd packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. It was discovered that cyrus-imapd did not flush the received commands bufferafter switching to TLS encryption for IMAP, LMTP, NNTP, and POP3 sessions. A man-in-the-middle attacker could use this flaw to inject protocol commands into a victim's TLS session initialization messages. This could lead to those commands being processed by cyrus-imapd, potentially allowing the attacker to steal the victim's mail or authentication credentials. (CVE-2011-1926) Users of cyrus-imapd are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, cyrus-imapd will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 705288 - CVE-2011-1926 cyrus-imapd: STARTTLS plaintext command injection 6. Package List: Red Hat Enterprise Linux AS version4: Source: i386: cyrus-imapd-2.2.12-15.el4.i386.rpm cyrus-imapd-debuginfo-2.2.12-15.el4.i386.rpm cyrus-imapd-devel-2.2.12-15.el4.i386.rpm cyrus-imapd-murder-2.2.12-15.el4.i386.rpm cyrus-imapd-nntp-2.2.12-15.el4.i386.rpm cyrus-imapd-utils-2.2.12-15.el4.i386.rpm perl-Cyrus-2.2.12-15.el4.i386.rpm ia64: cyrus-imapd-2.2.12-15.el4.ia64.rpm cyrus-imapd-debuginfo-2.2.12-15.el4.ia64.rpm cyrus-imapd-devel-2.2.12-15.el4.ia64.rpm cyrus-imapd-murder-2.2.12-15.el4.ia64.rpm cyrus-imapd-nntp-2.2.12-15.el4.ia64.rpm cyrus-imapd-utils-2.2.12-15.el4.ia64.rpm perl-Cyrus-2.2.12-15.el4.ia64.rpm ppc: cyrus-imapd-2.2.12-15.el4.ppc.rpm cyrus-imapd-debuginfo-2.2.12-15.el4.ppc.rpm cyrus-imapd-devel-2.2.12-15.el4.ppc.rpm cyrus-imapd-murder-2.2.12-15.el4.ppc.rpm cyrus-imapd-nntp-2.2.12-15.el4.ppc.rpm cyrus-imapd-utils-2.2.12-15.el4.ppc.rpm perl-Cyrus-2.2.12-15.el4.ppc.rpm s390: cyrus-imapd-2.2.12-15.el4.s390.rpm cyrus-imapd-debuginfo-2.2.12-15.el4.s390.rpm cyrus-imapd-devel-2.2.12-15.el4.s390.rpm cyrus-imapd-murder-2.2.12-15.el4.s390.rpm cyrus-imapd-nntp-2.2.12-15.el4.s390.rpm cyrus-imapd-utils-2.2.12-15.el4.s390.rpm perl-Cyrus-2.2.12-15.el4.s390.rpm s390x: cyrus-imapd-2.2.12-15.el4.s390x.rpm cyrus-imapd-debuginfo-2.2.12-15.el4.s390x.rpm cyrus-imapd-devel-2.2.12-15.el4.s390x.rpm cyrus-imapd-murder-2.2.12-15.el4.s390x.rpm cyrus-imapd-nntp-2.2.12-15.el4.s390x.rpm cyrus-imapd-utils-2.2.12-15.el4.s390x.rpm perl-Cyrus-2.2.12-15.el4.s390x.rpm x86_64: cyrus-imapd-2.2.12-15.el4.x86_64.rpm cyrus-imapd-debuginfo-2.2.12-15.el4.x86_64.rpm cyrus-imapd-devel-2.2.12-15.el4.x86_64.rpm cyrus-imapd-murder-2.2.12-15.el4.x86_64.rpm cyrus-imapd-nntp-2.2.12-15.el4.x86_64.rpm cyrus-imapd-utils-2.2.12-15.el4.x86_64.rpm perl-Cyrus-2.2.12-15.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version4: Source: i386: cyrus-imapd-2.2.12-15.el4.i386.rpm cyrus-imapd-debuginfo-2.2.12-15.el4.i386.rpm cyrus-imapd-devel-2.2.12-15.el4.i386.rpm cyrus-imapd-murder-2.2.12-15.el4.i386.rpm cyrus-imapd-nntp-2.2.12-15.el4.i386.rpm cyrus-imapd-utils-2.2.12-15.el4.i386.rpm perl-Cyrus-2.2.12-15.el4.i386.rpm x86_64: cyrus-imapd-2.2.12-15.el4.x86_64.rpm cyrus-imapd-debuginfo-2.2.12-15.el4.x86_64.rpm cyrus-imapd-devel-2.2.12-15.el4.x86_64.rpm cyrus-imapd-murder-2.2.12-15.el4.x86_64.rpm cyrus-imapd-nntp-2.2.12-15.el4.x86_64.rpm cyrus-imapd-utils-2.2.12-15.el4.x86_64.rpm perl-Cyrus-2.2.12-15.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: i386: cyrus-imapd-2.2.12-15.el4.i386.rpm cyrus-imapd-debuginfo-2.2.12-15.el4.i386.rpm cyrus-imapd-devel-2.2.12-15.el4.i386.rpm cyrus-imapd-murder-2.2.12-15.el4.i386.rpm cyrus-imapd-nntp-2.2.12-15.el4.i386.rpm cyrus-imapd-utils-2.2.12-15.el4.i386.rpm perl-Cyrus-2.2.12-15.el4.i386.rpm ia64: cyrus-imapd-2.2.12-15.el4.ia64.rpm cyrus-imapd-debuginfo-2.2.12-15.el4.ia64.rpm cyrus-imapd-devel-2.2.12-15.el4.ia64.rpm cyrus-imapd-murder-2.2.12-15.el4.ia64.rpm cyrus-imapd-nntp-2.2.12-15.el4.ia64.rpm cyrus-imapd-utils-2.2.12-15.el4.ia64.rpm perl-Cyrus-2.2.12-15.el4.ia64.rpm x86_64: cyrus-imapd-2.2.12-15.el4.x86_64.rpm cyrus-imapd-debuginfo-2.2.12-15.el4.x86_64.rpm cyrus-imapd-devel-2.2.12-15.el4.x86_64.rpm cyrus-imapd-murder-2.2.12-15.el4.x86_64.rpm cyrus-imapd-nntp-2.2.12-15.el4.x86_64.rpm cyrus-imapd-utils-2.2.12-15.el4.x86_64.rpm perl-Cyrus-2.2.12-15.el4.x86_64.rpm Red Hat Enterprise Linux WS version4: Source: i386: cyrus-imapd-2.2.12-15.el4.i386.rpm cyrus-imapd-debuginfo-2.2.12-15.el4.i386.rpm cyrus-imapd-devel-2.2.12-15.el4.i386.rpm cyrus-imapd-murder-2.2.12-15.el4.i386.rpm cyrus-imapd-nntp-2.2.12-15.el4.i386.rpm cyrus-imapd-utils-2.2.12-15.el4.i386.rpm perl-Cyrus-2.2.12-15.el4.i386.rpm ia64: cyrus-imapd-2.2.12-15.el4.ia64.rpm cyrus-imapd-debuginfo-2.2.12-15.el4.ia64.rpm cyrus-imapd-devel-2.2.12-15.el4.ia64.rpm cyrus-imapd-murder-2.2.12-15.el4.ia64.rpm cyrus-imapd-nntp-2.2.12-15.el4.ia64.rpm cyrus-imapd-utils-2.2.12-15.el4.ia64.rpm perl-Cyrus-2.2.12-15.el4.ia64.rpm x86_64: cyrus-imapd-2.2.12-15.el4.x86_64.rpm cyrus-imapd-debuginfo-2.2.12-15.el4.x86_64.rpm cyrus-imapd-devel-2.2.12-15.el4.x86_64.rpm cyrus-imapd-murder-2.2.12-15.el4.x86_64.rpm cyrus-imapd-nntp-2.2.12-15.el4.x86_64.rpm cyrus-imapd-utils-2.2.12-15.el4.x86_64.rpm perl-Cyrus-2.2.12-15.el4.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: i386: cyrus-imapd-2.3.7-7.el5_6.4.i386.rpm cyrus-imapd-debuginfo-2.3.7-7.el5_6.4.i386.rpm cyrus-imapd-devel-2.3.7-7.el5_6.4.i386.rpm cyrus-imapd-perl-2.3.7-7.el5_6.4.i386.rpm cyrus-imapd-utils-2.3.7-7.el5_6.4.i386.rpm x86_64: cyrus-imapd-2.3.7-7.el5_6.4.x86_64.rpm cyrus-imapd-debuginfo-2.3.7-7.el5_6.4.i386.rpm cyrus-imapd-debuginfo-2.3.7-7.el5_6.4.x86_64.rpm cyrus-imapd-devel-2.3.7-7.el5_6.4.i386.rpm cyrus-imapd-devel-2.3.7-7.el5_6.4.x86_64.rpm cyrus-imapd-perl-2.3.7-7.el5_6.4.x86_64.rpm cyrus-imapd-utils-2.3.7-7.el5_6.4.x86_64.rpm Red Hat Enterprise Linux (v. 5server): Source: i386: cyrus-imapd-2.3.7-7.el5_6.4.i386.rpm cyrus-imapd-debuginfo-2.3.7-7.el5_6.4.i386.rpm cyrus-imapd-devel-2.3.7-7.el5_6.4.i386.rpm cyrus-imapd-perl-2.3.7-7.el5_6.4.i386.rpm cyrus-imapd-utils-2.3.7-7.el5_6.4.i386.rpm ia64: cyrus-imapd-2.3.7-7.el5_6.4.ia64.rpm cyrus-imapd-debuginfo-2.3.7-7.el5_6.4.ia64.rpm cyrus-imapd-devel-2.3.7-7.el5_6.4.ia64.rpm cyrus-imapd-perl-2.3.7-7.el5_6.4.ia64.rpm cyrus-imapd-utils-2.3.7-7.el5_6.4.ia64.rpm ppc: cyrus-imapd-2.3.7-7.el5_6.4.ppc.rpm cyrus-imapd-debuginfo-2.3.7-7.el5_6.4.ppc.rpm cyrus-imapd-debuginfo-2.3.7-7.el5_6.4.ppc64.rpm cyrus-imapd-devel-2.3.7-7.el5_6.4.ppc.rpm cyrus-imapd-devel-2.3.7-7.el5_6.4.ppc64.rpm cyrus-imapd-perl-2.3.7-7.el5_6.4.ppc.rpm cyrus-imapd-utils-2.3.7-7.el5_6.4.ppc.rpm s390x: cyrus-imapd-2.3.7-7.el5_6.4.s390x.rpm cyrus-imapd-debuginfo-2.3.7-7.el5_6.4.s390.rpm cyrus-imapd-debuginfo-2.3.7-7.el5_6.4.s390x.rpm cyrus-imapd-devel-2.3.7-7.el5_6.4.s390.rpm cyrus-imapd-devel-2.3.7-7.el5_6.4.s390x.rpm cyrus-imapd-perl-2.3.7-7.el5_6.4.s390x.rpm cyrus-imapd-utils-2.3.7-7.el5_6.4.s390x.rpm x86_64: cyrus-imapd-2.3.7-7.el5_6.4.x86_64.rpm cyrus-imapd-debuginfo-2.3.7-7.el5_6.4.i386.rpm cyrus-imapd-debuginfo-2.3.7-7.el5_6.4.x86_64.rpm cyrus-imapd-devel-2.3.7-7.el5_6.4.i386.rpm cyrus-imapd-devel-2.3.7-7.el5_6.4.x86_64.rpm cyrus-imapd-perl-2.3.7-7.el5_6.4.x86_64.rpm cyrus-imapd-utils-2.3.7-7.el5_6.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: i386: cyrus-imapd-2.3.16-6.el6_1.2.i686.rpm cyrus-imapd-debuginfo-2.3.16-6.el6_1.2.i686.rpm cyrus-imapd-utils-2.3.16-6.el6_1.2.i686.rpm ppc64: cyrus-imapd-2.3.16-6.el6_1.2.ppc64.rpm cyrus-imapd-debuginfo-2.3.16-6.el6_1.2.ppc64.rpm cyrus-imapd-utils-2.3.16-6.el6_1.2.ppc64.rpm s390x: cyrus-imapd-2.3.16-6.el6_1.2.s390x.rpm cyrus-imapd-debuginfo-2.3.16-6.el6_1.2.s390x.rpm cyrus-imapd-utils-2.3.16-6.el6_1.2.s390x.rpm x86_64: cyrus-imapd-2.3.16-6.el6_1.2.x86_64.rpm cyrus-imapd-debuginfo-2.3.16-6.el6_1.2.x86_64.rpm cyrus-imapd-utils-2.3.16-6.el6_1.2.x86_64.rpm Red Hat Enterprise Linux ServerOptional (v. 6): Source: i386: cyrus-imapd-debuginfo-2.3.16-6.el6_1.2.i686.rpm cyrus-imapd-devel-2.3.16-6.el6_1.2.i686.rpm ppc64: cyrus-imapd-debuginfo-2.3.16-6.el6_1.2.ppc.rpm cyrus-imapd-debuginfo-2.3.16-6.el6_1.2.ppc64.rpm cyrus-imapd-devel-2.3.16-6.el6_1.2.ppc.rpm cyrus-imapd-devel-2.3.16-6.el6_1.2.ppc64.rpm s390x: cyrus-imapd-debuginfo-2.3.16-6.el6_1.2.s390.rpm cyrus-imapd-debuginfo-2.3.16-6.el6_1.2.s390x.rpm cyrus-imapd-devel-2.3.16-6.el6_1.2.s390.rpm cyrus-imapd-devel-2.3.16-6.el6_1.2.s390x.rpm x86_64: cyrus-imapd-debuginfo-2.3.16-6.el6_1.2.i686.rpm cyrus-imapd-debuginfo-2.3.16-6.el6_1.2.x86_64.rpm cyrus-imapd-devel-2.3.16-6.el6_1.2.i686.rpm cyrus-imapd-devel-2.3.16-6.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: i386: cyrus-imapd-2.3.16-6.el6_1.2.i686.rpm cyrus-imapd-debuginfo-2.3.16-6.el6_1.2.i686.rpm cyrus-imapd-utils-2.3.16-6.el6_1.2.i686.rpm x86_64: cyrus-imapd-2.3.16-6.el6_1.2.x86_64.rpm cyrus-imapd-debuginfo-2.3.16-6.el6_1.2.x86_64.rpm cyrus-imapd-utils-2.3.16-6.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: i386: cyrus-imapd-debuginfo-2.3.16-6.el6_1.2.i686.rpm cyrus-imapd-devel-2.3.16-6.el6_1.2.i686.rpm x86_64: cyrus-imapd-debuginfo-2.3.16-6.el6_1.2.i686.rpm cyrus-imapd-debuginfo-2.3.16-6.el6_1.2.x86_64.rpm cyrus-imapd-devel-2.3.16-6.el6_1.2.i686.rpm cyrus-imapd-devel-2.3.16-6.el6_1.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2011-1926 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFN75fMXlSAg2UNWIIRAk+FAJ48pq7+C/HeNSMSolvopR+g+0k+FwCglKdl IZK0F3IXRdWOzsZ3ERJ2n7M=qFBe -----END PGPSIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Red Hat issues a significant security patch for cyrus-imapd to rectify a TLS vulnerability. It is crucial to implement this update without delay.. Cyrus-IMAPD Update, TLS Security Flaw, Red Hat Security Update. . LinuxSecurity.com Team

Calendar%202 Jun 08, 2011 Red Hat
Banner 4 1028x280 1708121825 1771600306
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":555,"type":"x","order":1,"pct":78.72,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.26,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.82,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.2,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here