Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 4 articles for you...
98
security advisorysecurity issueRed HatRed Hat Enterprise Linux 7.3 RHSA-2020:5351-01 Important Code Injection
An update for ksh is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: ksh security update Advisory ID: RHSA-2020:5351-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:5351 Issue date: 2020-12-07 CVE Names: CVE-2019-14868 ==================================================================== 1. Summary: An update for ksh is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.3) - x86_64 3. Description: KornShell (ksh) is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the Bourne shell (sh) and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard (IEEE Std 1003.2-1992). Security Fix(es): * ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection (CVE-2019-14868) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed(https://bugzilla.redhat.com/): 1757324 - CVE-2019-14868 ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.3): Source: ksh-20120801-27.el7_3.src.rpm x86_64: ksh-20120801-27.el7_3.x86_64.rpm ksh-debuginfo-20120801-27.el7_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2019-14868 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX84N1tzjgjWX9erEAQj4Hg//fDkqW0zbdOAdn07FKGlWNwu0e3jhQq7S 8moM3yoTpKOOGIUIxJwgVLIe9TfZz/9OpaRxF5JzNokASdZz0Cx4iJ1feXhBJvXt lbUf9psbWAwc57GR6XOK+nS64gpnK5CfPa8CGHjf6t/ALWVXp+FrlsVcuP+FiWng 0lRc6IUN5EAzQd3RD8HLMZCeTJ+cKIetdDn0cDXevDcmvrbUKyKp3xkNmj6FqAdk rUCl5JmFk7mYEauMXXlHfE38ujiY91AkL3UyMBpZirwTjx11fX4uJlMx7WgYbdVG iiHZeI87kjQ9pRUMmo6Fla4AwICeMpyNdoI6/6rys49Q+uHW7TWWRnSFuCuEK0q/ Q5SOScF/LiLaIH+UWOGz2mMBBlHoOEuruuGStc/lrt9clIZoJISOmc0dWdxi0cX2 RChnJuGKJX1Mcf6DmxybJUeLL+QxP0cDrqCKPhzWaE7jVc3E8t6+r7qc/xYOreCv VFZb1Qu3kZEjQudEiXchstZnyUFxBAA+U88NpZPOA1EilBeVsvh46AgCLqEhZqA1 eqV4uonimJCavM8gMwLD5I0m6ClvlPt8slKttITSZYHaZ4mMW/xzygWfLeeB0ntC Bfa0tlobuMbpY6L+NTl8rrPqztzYIlyG3IQiIBO1iLGm5tFaBYhAv4VTdVY/qk4J QAXIFuK06vk=UjI1 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Dec 07, 2020
•Important
Red Hat
98
security advisorysecurity updateRed HatRed Hat 7.2 RHSA-2020:5352-01 Important: Ksh Code Injection
An update for ksh is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: ksh security update Advisory ID: RHSA-2020:5352-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:5352 Issue date: 2020-12-07 CVE Names: CVE-2019-14868 ==================================================================== 1. Summary: An update for ksh is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.2) - x86_64 3. Description: KornShell (ksh) is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the Bourne shell (sh) and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard (IEEE Std 1003.2-1992). Security Fix(es): * ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection (CVE-2019-14868) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed(https://bugzilla.redhat.com/): 1757324 - CVE-2019-14868 ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.2): Source: ksh-20120801-26.el7_2.src.rpm x86_64: ksh-20120801-26.el7_2.x86_64.rpm ksh-debuginfo-20120801-26.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2019-14868 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX84MbtzjgjWX9erEAQin7Q//UX0JFQqY5kCubtL7EW7F8sRQp7Rs8ijv YkATHSsDlZs55ltoI6cJZwU9+YXqd0hvIR5DKbTp8E7/mLRcNvjKYGNlrDq4Mxid LDB7/OIDg4yY5UPHvHF733Ucata6/qmDl70F+GXDwPbsjIecm7Y7x46wefVuFAKH r+F8iH+TitsFxebKxJMKBtof8OcbKULfJGiz/IquPspfXv2qrYRtrgGNyo7Es4jm xTV1V19bdpicWsMYWsCbK/oVE1JziOpLmAk8OPggoX2DtHjdM+uu8cujcn7nRXdb EB/LHZ/DaRS0YBseiMiZd9vxQF+3mldXMuSYdxtJPnHrPIuP/j4FJoy3O4EEjgpF XY0fkDvkj5xqYIRSi0SBEBqAtV8iTf3/k2qn6yHdOI681DkNXP6zqamWk7q4Sst0 CXPjZkuSTNQfzR9xzqTr/VDy/dCizYyHEn98lpQZYWp33LHlXg1cmcXGkFrrH6GQ UJmdidH+vubhyLV4P5/rTjeZ8sl6fSHq1C5N9FJ2L0Sr6azYIXhJIwtDB/5ZgX3I C7JNZYVKlsT/s0TlpJoIvBrGu1zF7Wzjqx3/GRGzYBARjZZUlM5aNhV4pjgxiUfN 8qT0eOZ84em56qPLeF4h//BYU4M6CexIn8XCHPmkyyyvxGzutbdhe9UL4fLK8ZVE Dnw5dXp51Ig=cwWc -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Dec 07, 2020
•Important
Red Hat
197
security advisoryDebianremote exploitationDebian LTS: DLA-2284-1 Moderate: ksh Remote Command Execution Threat
A flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2284-1
Jul 21, 2020
Debian LTS
98
security advisoryRed HatimportantRedHat: RHSA-2020-2210-01 Important: Ksh Code Injection Risk
An update for ksh is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: ksh security update Advisory ID: RHSA-2020:2210-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:2210 Issue date: 2020-05-19 CVE Names: CVE-2019-14868 ==================================================================== 1. Summary: An update for ksh is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server TUS (v. 7.4) - x86_64 3. Description: KornShell (ksh) is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the Bourne shell (sh) and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard (IEEE Std 1003.2-1992). Security Fix(es): * ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection (CVE-2019-14868) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in theReferences section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1757324 - CVE-2019-14868 ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.4): Source: ksh-20120801-36.el7_4.src.rpm x86_64: ksh-20120801-36.el7_4.x86_64.rpm ksh-debuginfo-20120801-36.el7_4.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.4): Source: ksh-20120801-36.el7_4.src.rpm ppc64le: ksh-20120801-36.el7_4.ppc64le.rpm ksh-debuginfo-20120801-36.el7_4.ppc64le.rpm x86_64: ksh-20120801-36.el7_4.x86_64.rpm ksh-debuginfo-20120801-36.el7_4.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.4): Source: ksh-20120801-36.el7_4.src.rpm x86_64: ksh-20120801-36.el7_4.x86_64.rpm ksh-debuginfo-20120801-36.el7_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2019-14868 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXsPwSdzjgjWX9erEAQiB7A//QnnbB99cRNfKLNGJHhZPAm/j25TqEr7A ef/cTPqYtMhxQqq/K+WjtL1wgkKGGAbwQz6R9OPXl/Ki1PQ9GZiC9ak9Bo83Mg8y rld6b5UDmtKQEsDrvbuf4EsuIpYM8HSa2vqOkXeUILM3Mi6NbCEmm9XFR4Kwi5A7 TrQ0yLzz7tJDv55b+ZDbHgcQVzSDatenJQV6y26wh71ILo/a//yDiOBc5QaUNqum EkjBfuCeeOFrPIrWRE2SLFTPj4tvI0xJSQmwlRsFztUxZte1be+aSlN5Mv4t7lsS EwgpNj8IbbxY84QHNm85OmdSRL6Tt01iRCHmh25uKxCy56kIENKIzCBZ5LpCerFL GQDMbdD5vsIwcxy15zSM+9LT7b6LBMIHi7lJpLOX8H71djBmlHltk1ejRgmIRe1E bPL5SU4XNTsoiQ4QUECNMMuvU6wWS0+4spWVVDCK148Kc4GZFuQhXdJ0M4VES/Bg 8GP7w4cIrKf+PU0Eb1MHT4t2C42HlU/tnfAGZR/KrgISHkNyd4UVTj6Xs5lGJwpy nT5BWyZeCO2P/d2o97h8WqjLKVxHRWmifv+BjXhndLmmawlHxs5BboZcpyn8ONcK HsfKyKjAaMrTcvRt4/p6zRRbr85TsqGyMFzw1oufF7dKi9apRfRXGv/xsmL1GnCG mnnvTau9gq8=I5Mf -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 19, 2020
•Important
Red Hat
98
security advisoryRed HatupdateRed Hat 7.6: RHSA-2020-1333-01 Important: Ksh Code Injection Risk
An update for ksh is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: ksh security update Advisory ID: RHSA-2020:1333-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1333 Issue date: 2020-04-06 CVE Names: CVE-2019-14868 ==================================================================== 1. Summary: An update for ksh is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x 3. Description: KornShell (ksh) is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the Bourne shell (sh) and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard (IEEE Std 1003.2-1992). Security Fix(es): * ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection (CVE-2019-14868) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details onhow to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1757324 - CVE-2019-14868 ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.6): Source: ksh-20120801-140.el7_6.src.rpm x86_64: ksh-20120801-140.el7_6.x86_64.rpm ksh-debuginfo-20120801-140.el7_6.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.6): Source: ksh-20120801-140.el7_6.src.rpm ppc64: ksh-20120801-140.el7_6.ppc64.rpm ksh-debuginfo-20120801-140.el7_6.ppc64.rpm ppc64le: ksh-20120801-140.el7_6.ppc64le.rpm ksh-debuginfo-20120801-140.el7_6.ppc64le.rpm s390x: ksh-20120801-140.el7_6.s390x.rpm ksh-debuginfo-20120801-140.el7_6.s390x.rpm x86_64: ksh-20120801-140.el7_6.x86_64.rpm ksh-debuginfo-20120801-140.el7_6.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: ksh-20120801-140.el7_6.src.rpm aarch64: ksh-20120801-140.el7_6.aarch64.rpm ksh-debuginfo-20120801-140.el7_6.aarch64.rpm ppc64le: ksh-20120801-140.el7_6.ppc64le.rpm ksh-debuginfo-20120801-140.el7_6.ppc64le.rpm s390x: ksh-20120801-140.el7_6.s390x.rpm ksh-debuginfo-20120801-140.el7_6.s390x.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2019-14868 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXotlt9zjgjWX9erEAQiUMA/9FZolfIAXKMjp9BykiBgvX84zEl6hey3x jjG/PT73AIB6fmu4qgni9Cj61Z7fhYJRA5m79yrLHrwsvyGrqaPbKB5MTkoXFW5H HO38WQ/eOKc+/cKjWZYBkgZbojrz2HMnujBf09GsoUYo7fS1ylPugWkCOdbd0vId jHAwwxSngUqPzVMv8CBGeinus4YOruZkY/2OhUJeFm3/nEwsbNUVcncA2ceBYs2W vu7Lp2fC4qZ9j6vt3yeuUtL2gpV6iDtmUa5SPAXc8wn/8luyg7DeVC8Xz+FxZSRt BxDO663OmLdfAKdsQEyiWMEsI4FMygiDyqpW9z4yjOZmcaDFJ96kXr98JfQooKxl 9mfnXpIoFxCfDc3ved8zHtb1oMw/CB5AC/XOR71lxjd/qLy2w6b+2v4KWeKN0kKE 6AZ0qr0jN/nLhhFjb+efzPxLMP9Wccv99U3M91xkG0I6w/vhwzM/848CYILnFnSt jTScL1Jvax4g/r3TeJMoqsWZWOSZAZZzg5pc/1rfMEz+ySsQDum59jFQDQZvULve Gaw8cjOX5lqfuWyjO2OxE2Lb8CFI+Rx0LWFMW9mjVJso3693XLATtr9PRzDP+J58 s5x40dnM3mqEXKbKK++q0QA4OzQ5qXj17FFaUjOVRhXNT9ULoL8rZ9P9lxioEMlI NPsHxbgS/lg=Hx2Y -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 06, 2020
•Important
Red Hat
98
security advisoryRed Hatsecurity fixRed Hat Enterprise Linux 7.5 RHSA-2020:1332 Security Update for ksh Applied
An update for ksh is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: ksh security update Advisory ID: RHSA-2020:1332-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1332 Issue date: 2020-04-06 CVE Names: CVE-2019-14868 ==================================================================== 1. Summary: An update for ksh is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.5) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64, ppc64le, s390x, x86_64 3. Description: KornShell (ksh) is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the Bourne shell (sh) and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard (IEEE Std 1003.2-1992). Security Fix(es): * ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection (CVE-2019-14868) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1757324 - CVE-2019-14868 ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.5): Source: ksh-20120801-138.el7_5.src.rpm x86_64: ksh-20120801-138.el7_5.x86_64.rpm ksh-debuginfo-20120801-138.el7_5.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.5): Source: ksh-20120801-138.el7_5.src.rpm ppc64: ksh-20120801-138.el7_5.ppc64.rpm ksh-debuginfo-20120801-138.el7_5.ppc64.rpm ppc64le: ksh-20120801-138.el7_5.ppc64le.rpm ksh-debuginfo-20120801-138.el7_5.ppc64le.rpm s390x: ksh-20120801-138.el7_5.s390x.rpm ksh-debuginfo-20120801-138.el7_5.s390x.rpm x86_64: ksh-20120801-138.el7_5.x86_64.rpm ksh-debuginfo-20120801-138.el7_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2019-14868 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXoteNtzjgjWX9erEAQh3gA//bHZmZNPgzB1Jw5IkWAEhS+cd0Qv5lM0j 7pbaHyavj4gjYNEia0Q9STHIcAh1vYzv7tUYvFyw5kMGFJHgISv/BAs6ruuXrYNe gvJ19rEOyd54ZC+ozqRvfgVsyjfO3jhK3l+1Y5iSVS6WjQP+AaeLZKqPwzpyU2ik YJQgjiPPGL4Auq9E0DslHp7lplfX5/GP7F2IDTQKhZ+C25+vHHpUEuQEPY65EkUO 3kK/G4dXWEVCWCbxW4QRo1KokZjhPr2nCJ4zg4xtfzp0hviwBZXxecWsJLvUhbgM yX3+GvslPs7D5kApesrUgMJddH/1EYgX52Q0V2JKpiNg5TQWZd36Ie/o3gJ1ErJa MqqbddyVhTfFBoAOghmwOPpZofrpLJxkdU9yLbzkilHaz+e2RRkI2w/rnwx1QTjn kES7Wsxmm6ZHLLE/t8TUnMaC/ZrENePdRiXD7I0+7M1Ic6ro+KHFgBR53+Uas5ut +7SYzb/ctEEmh0CFvR3LKL1ZUJG/g98vNcQ18H2oiE7GubsR2/xKevMYbizYjgYF B/orU15QN/P2TBq/CBfIMEm4x89unF9t5x/SajwY93QAAdHM2j8YKjYkYXfQShkz Gafj/6CGjiM1/OM+DNqGAUAB+VlfALih5DdDXEDaQf+5OU8RvyxNSojyaXYP9Got 0RRkJO7VGa8=uFTl -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 06, 2020
•Important
Red Hat
199
security advisorycritical threatimportant updateCentOS CESA-2020-0568: Significant Ksh Security Update Announcement
Upstream details at : https://access.redhat.com/errata/RHSA-2020:0568. CentOS Errata and Security Advisory 2020:0568 Important Upstream details at : https://access.redhat.com/errata/RHSA-2020:0568 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 0987cea3cf687c71517c7e29b83521e818a9f811cee57df2375adac9b04e75d7 ksh-20120801-140.el7_7.x86_64.rpm Source: 2ae6d7ccd138425b20e227033b0bf811ac0f1c92c7962368642e38c618c9d8d7 ksh-20120801-140.el7_7.src.rpm -- Johnny Hughes CentOS Project { https://www.centos.org/ } irc: hughesjr, #
Feb 26, 2020
•Important
CentOS
200
security advisorysecurity fixcode injectionScientific Linux SL7: Ksh Code Injection Advisory SLSA-2020-0568-1
ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection (CVE-2019-14868) SL7 x86_64 ksh-20120801-140.el7_7.x86_64.rpm ksh-debuginfo-20120801-140.el7_7.x86_64.rpm - Scientific Linux Development Team. Synopsis: Important: ksh security update Advisory ID: SLSA-2020:0568-1 Issue Date: 2020-02-24 CVE Numbers: None -- Security Fix(es): ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection (CVE-2019-14868) -- SL7 x86_64 ksh-20120801-140.el7_7.x86_64.rpm ksh-debuginfo-20120801-140.el7_7.x86_64.rpm - Scientific Linux Development Team . Ksh security notice SLSA-2020-0568-1 mitigates severe code injection vulnerability on SL7 x86_64 through environment variables.. ksh Security Update, Scientific Linux Advisory, Code Injection Mitigation, SL7 Update, ksh Environment Variable Security. . Severity: Important. LinuxSecurity.com Team
Feb 25, 2020
•Important
Scientific Linux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!