Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -7 articles for you...
89
security advisoryFedorapassword managerFedora 24: Security Update Report for KeepassX Version 0.4.4
Revert to 0.4.4 for f24+, update to 0.4.4.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-139a37787e 2016-04-18 17:24:04.550946 -------------------------------------------------------------------------------- Name : keepassx Product : Fedora 24 Version : 0.4.4 Release : 1.fc24 URL : https://www.keepassx.org/ Summary : Cross-platform password manager Description : KeePassX is an application for people with extremly high demands on secure personal data management. KeePassX saves many different information e.g. user names, passwords, urls, attachemts and comments in one single database. For a better management user-defined titles and icons can be specified for each single entry. Furthermore the entries are sorted in groups, which are customizable as well. The integrated search function allows to search in a single group or the complete database. KeePassX offers a little utility for secure password generation. The password generator is very customizable, fast and easy to use. Especially someone who generates passwords frequently will appreciate this feature. The complete database is always encrypted either with AES (alias Rijndael) or Twofish encryption algorithm using a 256 bit key. Therefore the saved information can be considered as quite safe. KeePassX uses a database format that is compatible with KeePass Password Safe for MS Windows. -------------------------------------------------------------------------------- Update Information: Revert to 0.4.4 for f24+, update to 0.4.4. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1297639 - unwanted update of keepassx requires one-way database conversion https://bugzilla.redhat.com/show_bug.cgi?id=1297639 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update keepassx' at the commandline. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Apr 18, 2016
•Important
Fedora
198
security advisoryinformation disclosuremediumArch Linux 201512-8 Medium: Keepassx Information Disclosure
The package keepassx before version 0.4.4-1 is vulnerable to information disclosure via unintended export of plaintext credentials. . Arch Linux Security Advisory ASA-201512-8 ======================================== Severity: Medium Date : 2015-12-10 CVE-ID : CVE-2015-8378 Package : keepassx Type : information disclosure Remote : No Link : https://wiki.archlinux.org/title/CVE Summary ====== The package keepassx before version 0.4.4-1 is vulnerable to information disclosure via unintended export of plaintext credentials. Resolution ========= Upgrade to 0.4.4-1. # pacman -Syu "keepassx> =0.4.4-1" The problem has been fixed upstream in version 0.4.4. Workaround ========= None. Description ========== It was found that XML export function creates hidden XML file containing user passwords in plaintext without warning, when the export is canceled, which may go unnoticed by the user. In this case the password database was exported as the file “.xml†in the current working directory (often $HOME or the directory of the database) and is world readable. Impact ===== A local attacker can get access to secret plaintext credentials via an unintentionally exported world readable password database. References ========= https://access.redhat.com/security/cve/CVE-2015-8378 . Debian security report concerning gedit highlights a moderate severity vulnerability allowing potential data leakage through unencrypted file saves.. Keepassx Security, Arch Linux Advisory, Information Leak. . LinuxSecurity.com Team
Dec 10, 2015
ArchLinux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!