Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -7 articles for you...
98
security advisorymoderatesecurity updateRed Hat OpenShift GitOps 1.7 Moderate: RHSA-2023:1454-01 Security Issue
An update is now available for Red Hat OpenShift GitOps 1.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat OpenShift GitOps security update Advisory ID: RHSA-2023:1454-01 Product: Red Hat OpenShift GitOps Advisory URL: https://access.redhat.com/errata/RHSA-2023:1454 Issue date: 2023-03-23 CVE Names: CVE-2020-10735 CVE-2021-28861 CVE-2022-1471 CVE-2022-4415 CVE-2022-34174 CVE-2022-40897 CVE-2022-41354 CVE-2022-45061 CVE-2022-48303 CVE-2023-23916 ==================================================================== 1. Summary: An update is now available for Red Hat OpenShift GitOps 1.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Security Fix(es): * ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API (CVE-2022-41354) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2167820 - CVE-2022-41354 ArgoCD: Authenticated but unauthorized users may enumerate Application names via the API 5.References: https://access.redhat.com/security/cve/CVE-2020-10735 https://access.redhat.com/security/cve/CVE-2021-28861 https://access.redhat.com/security/cve/CVE-2022-1471 https://access.redhat.com/security/cve/CVE-2022-4415 https://access.redhat.com/security/cve/CVE-2022-34174 https://access.redhat.com/security/cve/CVE-2022-40897 https://access.redhat.com/security/cve/CVE-2022-41354 https://access.redhat.com/security/cve/CVE-2022-45061 https://access.redhat.com/security/cve/CVE-2022-48303 https://access.redhat.com/security/cve/CVE-2023-23916 https://access.redhat.com/security/updates/classification#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZBzBVtzjgjWX9erEAQhzXA/9Eq6aEKRFZQk/k1rj2PJ2yNohxZKK0zkl 5BLVG9bNjsHgOAq2yoOQkdGH9ZqfCh31V5VtBkPRtbVHwM03l2ixG+Nb2EDonn4W YMUwBx0+juQPjECzWPwIed8UDN1SbmEcZarsTFZQFkgxuV/OLx7lQcfdunSRMlNv hwhvGVjd0b/UWqbtFZV8zg85k4FGdH3Mdl2sEKAAP16QTYx1yWseOBrJalrFYYDg 9K/9qVol2KXb34MRtre+l4ohxf/rfGzlaw0bvlxQFPUs6mkdKZT7u6nZgayk0wbn LVwdLmpA4zbbFGzncRZQ1rWKN0lg+rFODKydKhiy0CkG+sMVcvwgdwg9vShuTdUE 86KWPcnZzcn3Gh8wJ+ae4GmtjenETv9p7wON8Z85A6cKhfYvKkZfJCquPuN8cIJG 1f6b8Vdap0rA4nP/GV9KtbzwWDe16qIZTb7mOTtqT7iXgG27zr1ErjnceokntE2g Yjbcx/9IWA47TKAfpIDzA91QrhbRX2lEqnQdrfpYfeTx8VnozC48K0j5+fMgDFEp OEOnjG74VTLiYgVwPMr63roEToTgUwGkjav/Zl4/yNkUFn25RWSQk3r+z816aBvJ 6x8CKCc9sjKdUU+1n/1kxC6btQpk2xM3YPoU54yos412kcikfmapGGePASpY5sdK 8B7lgIl/xhM=Hcu1 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 23, 2023
•Important
Red Hat
100
security advisorysoftware updatethreatSUSE: 2011:010 moderate: Multiple Package Updates and Fixes
To avoid flooding mailing lists with SUSE Security Announcements for minor To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list or download URLs like the SUSE Secu [More...]. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Summary Report Announcement ID: SUSE-SR:2011:010 Date: Tue, 31 May 2011 08:00:00 +0000 Cross-References: CVE-2009-5024, CVE-2011-0411, CVE-2011-1098 CVE-2011-1154, CVE-2011-1155, CVE-2011-1168 CVE-2011-1407, CVE-2011-1521, CVE-2011-1575 CVE-2011-1588, CVE-2011-1595, CVE-2011-1720 CVE-2011-1750, CVE-2011-1751, CVE-2011-1929 Content of this advisory: 1) Solved Security Vulnerabilities: - postfix - libthunarx-2-0 - rdesktop - python - viewvc - kvm - exim - logrotate - dovecot12/dovecot20 - pure-ftpd - kdelibs4 2) Pending Vulnerabilities, Solutions, and Work-Arounds: none 3) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Solved Security Vulnerabilities To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list or download URLs like the SUSE Security Announcements that are released for more severe vulnerabilities. Fixed packages for thefollowing incidents are already available on our FTP server and via the YaST Online Update. - postfix Remote attackers could potentially exploit a memory corruption issue in postfix' SASL implementation to execute arbitrary code CVE-2011-0411: CVSS v2 Base Score: 4.0 (AV:N/AC:H/Au:N/C:P/I:P/A:N) postfix did not clear the receive buffer after the STARTTLS command. A man-in-the middle could therefore inject comma nds in the unencrypted stream that get interpreted in the encrypted phase after STARTTLS. CVE-2011-1720: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) Affected Products: SLES9, SLE10-SP2, SLE10-SP3, SLE10-SP4, SLE11-SP1, openSUSE 11.2, 11.3, 11.4 - libthunarx-2-0 Due to a format string error thunar could crash when copy&pasting a file name with format characters. CVE-2011-1588: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) Affected Products: openSUSE 11.4 - rdesktop A malicious server could access any file on clients connecting to it if the client shared some ressource (CVE-2011-1595). CVE-2011-1595: CVSS v2 Base Score: 4.3 (AV:A/AC:H/Au:N/C:P/I:P/A:P) Affected Products: SLE10-SP4, SLE11-SP1, openSUSE 11.3, 11.4 - python This update of python fixes a possible denial of service bug or information leakage vulnerability while using user-crafted ftp:// or file:// URLs with urllib(2). CVE-2011-1521: CVSS v2 Base Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P) Affected Products: SLE10-SP3, SLE10-SP4, SLE11-SP1 - viewvc cvsdb.py in viewvc did not honor an admin defined row limit which could cause high load on the database server. Viewvc was updated to version 1.1.11 which fixes the issue. CVE-2009-5024: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) Affected Products: openSUSE 11.3, 11.4 - kvm By causing a hot-unplug of the pci-isa bridge from within guests the qemu process could access already freedmemory. A privileged user inside the guest could exploit that to crash the guest instance or potentially execute arbitrary code on the host. CVE-2011-1751: CVSS v2 Base Score: 7.4 (AV:A/AC:M/Au:S/C:C/I:C/A:C) The virtio-blk driver did not properly validate read and write request. A privileged user inside the guest could exploit that to cause a heap corruption and crash the guest instance or potentially execute arbitrary code on the host. CVE-2011-1750: CVSS v2 Base Score: 7.4 (AV:A/AC:M/Au:S/C:C/I:C/A:C) Affected Products: SLE11-SP1, openSUSE 11.3, 11.4 - exim This update fixes a security issues: + exim remote code exection CVE-2011-1407: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) + also some safety improvements regarding STARTTLS. Affected Products: openSUSE 11.3, 11.4 - dovecot12/dovecot20 Dovecot crash when parsing mail headers that contain NUL characters. CVE-2011-1929: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) Affected Products: openSUSE 11.3, 11.4 - logrotate This update for logrotate provides the following fixes: + Race condition in the createOutputFile function in logrotate allows local users to read log data by opening a file before the intended permissions are in place. CVE-2011-1098: CVSS v2 Base Score: 1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N) + The writeState function in logrotate might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name. CVE-2011-1155: CVSS v2 Base Score: 1.9 (AV:L/AC:M/Au:N/C:N/I:N/A:P) + In addition, the missingok option has been improved Affected Products: SLE10-SP3, SLE10-SP4, SLE11-SP1, openSUSE 11.3, 11.4 - pure-ftpd Pure-ftpd is vulnerable to the STARTTLS commandinjection issue similar to CVE-2011-0411 of postfix. CVE-2011-1575: CVSS v2 Base Score: 4.0 (AV:N/AC:H/Au:N/C:P/I:P/A:N) Affected Products: SLE10-SP3, SLE10-SP4, SLE11-SP1, openSUSE 11.2, 11.3, 11.4 - kdelibs4 A XSS vulnerability in the way KHTML handles error pages has been fixed. CVE-2011-1168: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) Affected Products: SLE11-SP1, openSUSE 11.2, 11.3, 11.4 ______________________________________________________________________________ 2) Pending Vulnerabilities, Solutions, and Work-Arounds none ______________________________________________________________________________ 3) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify replacing with the name of the file containing the announcement. The output for a valid signature looks like: gpg: Signature made using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team " where is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and integrity of a package needs to be verified to ensure that ithas not been tampered with. The internal RPM package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig to verify the signature of the package, replacing with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from
May 31, 2011
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!