Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 6 articles for you...
203
security advisorybuffer overflowsecurity fixMageia 9 MGASA-2023-0339 moderate: Libqb buffer overflow issue
This update fixes a security issue. log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered (CVE-2023-39976) . MGASA-2023-0339 - Updated libqb packages fix a security vulnerability Publication date: 04 Dec 2023 URL: https://advisories.mageia.org/MGASA-2023-0339.html Type: security Affected Mageia releases: 9 CVE: CVE-2023-39976 This update fixes a security issue. log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered (CVE-2023-39976) References: - https://bugs.mageia.org/show_bug.cgi?id=32558 - - https://www.cve.org/CVERecord?id=CVE-2023-39976 SRPMS: - 9/core/libqb-2.0.8-1.mga9 . Mageia 9 MGASA-2023-0339 update resolves a buffer overflow issue in libqb for enhanced system stability.. Mageia Security Update, Libqb Bug Fix, Log Message Vulnerability. . LinuxSecurity.com Team
Dec 04, 2023
Mageia
202
security advisorybuffer overflowsoftware updateopenSUSE 15.4: 2023:3944-1 Moderate: libqb Buffer Overflow
This update for libqb fixes the following issues: CVE-2023-39976: Fixed potential bufferoverflow with long log messages (bsc#1214066).. # Security update for libqb Announcement ID: SUSE-SU-2023:3944-1 Rating: moderate References: * #1214066 Cross-References: * CVE-2023-39976 CVSS scores: * CVE-2023-39976 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39976 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for libqb fixes the following issues: * CVE-2023-39976: Fixed potential bufferoverflow with long log messages (bsc#1214066). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3944=1 openSUSE-SLE-15.4-2023-3944=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3944=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-3944=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libqb-devel-2.0.4+20211112.a2691b9-150400.4.3.1 * doxygen2man-2.0.4+20211112.a2691b9-150400.4.3.1 * libqb-tools-debuginfo-2.0.4+20211112.a2691b9-150400.4.3.1 * libqb100-2.0.4+20211112.a2691b9-150400.4.3.1 *doxygen2man-debuginfo-2.0.4+20211112.a2691b9-150400.4.3.1 * libqb-debugsource-2.0.4+20211112.a2691b9-150400.4.3.1 * libqb100-debuginfo-2.0.4+20211112.a2691b9-150400.4.3.1 * libqb-tests-debuginfo-2.0.4+20211112.a2691b9-150400.4.3.1 * libqb-tests-2.0.4+20211112.a2691b9-150400.4.3.1 * libqb-tools-2.0.4+20211112.a2691b9-150400.4.3.1 * openSUSE Leap 15.4 (x86_64) * libqb100-32bit-debuginfo-2.0.4+20211112.a2691b9-150400.4.3.1 * libqb100-32bit-2.0.4+20211112.a2691b9-150400.4.3.1 * libqb-devel-32bit-2.0.4+20211112.a2691b9-150400.4.3.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libqb100-64bit-2.0.4+20211112.a2691b9-150400.4.3.1 * libqb100-64bit-debuginfo-2.0.4+20211112.a2691b9-150400.4.3.1 * libqb-devel-64bit-2.0.4+20211112.a2691b9-150400.4.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libqb-debugsource-2.0.4+20211112.a2691b9-150400.4.3.1 * libqb100-debuginfo-2.0.4+20211112.a2691b9-150400.4.3.1 * libqb-devel-2.0.4+20211112.a2691b9-150400.4.3.1 * libqb100-2.0.4+20211112.a2691b9-150400.4.3.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * doxygen2man-2.0.4+20211112.a2691b9-150400.4.3.1 * libqb-tools-debuginfo-2.0.4+20211112.a2691b9-150400.4.3.1 * doxygen2man-debuginfo-2.0.4+20211112.a2691b9-150400.4.3.1 * libqb-debugsource-2.0.4+20211112.a2691b9-150400.4.3.1 * libqb-tests-debuginfo-2.0.4+20211112.a2691b9-150400.4.3.1 * libqb-tests-2.0.4+20211112.a2691b9-150400.4.3.1 * libqb-tools-2.0.4+20211112.a2691b9-150400.4.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39976.html * https://bugzilla.suse.com/show_bug.cgi?id=1214066 . libqb security patch addresses a notable buffer overflow vulnerability, reinforcing system reliability and performance.. libqb Update, Security Advisory, Buffer Overflow Fix, SUSE Vulnerability, OpenSUSE Patch. . LinuxSecurity.com Team
Oct 03, 2023
OpenSUSE
202
security advisorybuffer overflowsoftware patchopenSUSE 15.5: 2023:3897-1 Moderate: Libqb Buffer Overflow
This update for libqb fixes the following issues: CVE-2023-39976: Fixed potential buffer overflow with long log messages (bsc#1214066).. # Security update for libqb Announcement ID: SUSE-SU-2023:3897-1 Rating: moderate References: * #1214066 Cross-References: * CVE-2023-39976 CVSS scores: * CVE-2023-39976 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39976 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for libqb fixes the following issues: * CVE-2023-39976: Fixed potential buffer overflow with long log messages (bsc#1214066). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3897=1 openSUSE-SLE-15.5-2023-3897=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3897=1 * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2023-3897=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libqb-tools-debuginfo-2.0.6+20220323.758044b-150500.3.3.1 * doxygen2man-2.0.6+20220323.758044b-150500.3.3.1 * libqb-devel-2.0.6+20220323.758044b-150500.3.3.1 * libqb100-2.0.6+20220323.758044b-150500.3.3.1 * libqb-tests-debuginfo-2.0.6+20220323.758044b-150500.3.3.1 * libqb-debugsource-2.0.6+20220323.758044b-150500.3.3.1 *doxygen2man-debuginfo-2.0.6+20220323.758044b-150500.3.3.1 * libqb-tools-2.0.6+20220323.758044b-150500.3.3.1 * libqb-tests-2.0.6+20220323.758044b-150500.3.3.1 * libqb100-debuginfo-2.0.6+20220323.758044b-150500.3.3.1 * openSUSE Leap 15.5 (x86_64) * libqb100-32bit-debuginfo-2.0.6+20220323.758044b-150500.3.3.1 * libqb100-32bit-2.0.6+20220323.758044b-150500.3.3.1 * libqb-devel-32bit-2.0.6+20220323.758044b-150500.3.3.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libqb-devel-64bit-2.0.6+20220323.758044b-150500.3.3.1 * libqb100-64bit-debuginfo-2.0.6+20220323.758044b-150500.3.3.1 * libqb100-64bit-2.0.6+20220323.758044b-150500.3.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libqb100-2.0.6+20220323.758044b-150500.3.3.1 * libqb100-debuginfo-2.0.6+20220323.758044b-150500.3.3.1 * libqb-debugsource-2.0.6+20220323.758044b-150500.3.3.1 * libqb-devel-2.0.6+20220323.758044b-150500.3.3.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * libqb-tools-debuginfo-2.0.6+20220323.758044b-150500.3.3.1 * doxygen2man-2.0.6+20220323.758044b-150500.3.3.1 * libqb-tests-debuginfo-2.0.6+20220323.758044b-150500.3.3.1 * libqb-debugsource-2.0.6+20220323.758044b-150500.3.3.1 * doxygen2man-debuginfo-2.0.6+20220323.758044b-150500.3.3.1 * libqb-tools-2.0.6+20220323.758044b-150500.3.3.1 * libqb-tests-2.0.6+20220323.758044b-150500.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39976.html * https://bugzilla.suse.com/show_bug.cgi?id=1214066 . This advisory highlights a medium-level vulnerability in libqb relating to a potential buffer overflow, along with essential guidance for updates.. libqb Update, Software Patch, Moderate Severity, Buffer Overflow. . LinuxSecurity.com Team
Sep 29, 2023
OpenSUSE
89
security advisoryupdatecriticalFedora 38: 2023-5a717dd33d Critical: libqb Update for CVE-2023-39976
Update libqb for CVE-2023-39976. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-5a717dd33d 2023-08-24 01:30:56.653424 -------------------------------------------------------------------------------- Name : libqb Product : Fedora 38 Version : 2.0.8 Release : 1.fc38 URL : https://github.com/ClusterLabs/libqb Summary : Library providing high performance logging, tracing, ipc, and poll Description : A "Quite Boring" library that provides high-performance, reusable features for client-server architecture, such as logging, tracing, inter-process communication (IPC), and polling. -------------------------------------------------------------------------------- Update Information: Update libqb for CVE-2023-39976 -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 21 2023 Christine Caulfield 2.0.8-1 Rebase to 2.0.8 for some important fixes -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-5a717dd33d' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Aug 24, 2023
•Critical
Fedora
91
security advisoryhigh severitygentooGentoo: GLSA-202107-03 High: Libqb Local Code Execution Threat
An insecure temporary file usage has been reported in libqb possibly allowing local code execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202107-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: libqb: Insecure temporary file Date: July 03, 2021 Bugs: #699860 ID: 202107-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= An insecure temporary file usage has been reported in libqb possibly allowing local code execution. Background ========= libqb is a library with the primary purpose of providing high-performance, reusable features for client-server architecture, such as logging, tracing, inter-process communication (IPC), and polling. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-cluster/libqb < 1.0.5 > = 1.0.5 Description ========== It was discovered that libqb used predictable filenames (under /dev/shm and /tmp) without O_EXCL. Impact ===== A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application linked against libqb. Workaround ========= There is no known workaround at this time. Resolution ========= All libqb users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =sys-cluster/libqb-1.0.5" References ========= [ 1 ] CVE-2019-12779 https://nvd.nist.gov/vuln/detail/CVE-2019-12779 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo SecurityWebsite: https://security.gentoo.org/glsa/202107-03 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jul 03, 2021
Gentoo
200
security advisorymoderatesoftware updateSciLinux: SLSA-2020:1189-1 Moderate: libqb IPC Security Update
libqb: Insecure treatment of IPC (temporary) files SL7 x86_64 libqb-devel-1.0.1-9.el7.i686.rpm libqb-devel-1.0.1-9.el7.x86_64.rpm libqb-1.0.1-9.el7.x86_64.rpm libqb-1.0.1-9.el7.i686.rpm libqb-debuginfo-1.0.1-9.el7.i686.rpm libqb-debuginfo-1.0.1-9.el7.x86_64.rpm - Scientific Linux Development Team. Synopsis: Moderate: libqb security update Advisory ID: SLSA-2020:1189-1 Issue Date: 2020-04-07 CVE Numbers: CVE-2019-12779 -- * libqb: Insecure treatment of IPC (temporary) files -- SL7 x86_64 libqb-devel-1.0.1-9.el7.i686.rpm libqb-devel-1.0.1-9.el7.x86_64.rpm libqb-1.0.1-9.el7.x86_64.rpm libqb-1.0.1-9.el7.i686.rpm libqb-debuginfo-1.0.1-9.el7.i686.rpm libqb-debuginfo-1.0.1-9.el7.x86_64.rpm - Scientific Linux Development Team . Balanced libqb security revision for Scientific Linux SL7 targeting IPC vulnerabilities and requisite enhancements for x86_64 platform.. libqb security, SL7 update, IPC treatment, moderate advisory, Scientific Linux. . LinuxSecurity.com Team
Apr 20, 2020
Scientific Linux
98
security advisorymoderatesecurity updateRed Hat Linux 7: RHSA-2020-1189-01 Moderate: IPC Security Issue
An update for libqb is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: libqb security update Advisory ID: RHSA-2020:1189-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1189 Issue date: 2020-03-31 CVE Names: CVE-2019-12779 ==================================================================== 1. Summary: An update for libqb is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The libqb packages provide a library with the primary purpose of providing high performance client/server reusable features, such as high performance logging, tracing, inter-process communication, and polling. Security Fix(es): * libqb: Insecure treatment of IPC (temporary) files (CVE-2019-12779) For more details about the security issue(s), including the impact, a CVSS score,acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1695948 - CVE-2019-12779 libqb: Insecure treatment of IPC (temporary) files 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libqb-1.0.1-9.el7.src.rpm x86_64: libqb-1.0.1-9.el7.i686.rpm libqb-1.0.1-9.el7.x86_64.rpm libqb-debuginfo-1.0.1-9.el7.i686.rpm libqb-debuginfo-1.0.1-9.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libqb-debuginfo-1.0.1-9.el7.i686.rpm libqb-debuginfo-1.0.1-9.el7.x86_64.rpm libqb-devel-1.0.1-9.el7.i686.rpm libqb-devel-1.0.1-9.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libqb-1.0.1-9.el7.src.rpm x86_64: libqb-1.0.1-9.el7.i686.rpm libqb-1.0.1-9.el7.x86_64.rpm libqb-debuginfo-1.0.1-9.el7.i686.rpm libqb-debuginfo-1.0.1-9.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libqb-debuginfo-1.0.1-9.el7.i686.rpm libqb-debuginfo-1.0.1-9.el7.x86_64.rpm libqb-devel-1.0.1-9.el7.i686.rpm libqb-devel-1.0.1-9.el7.x86_64.rpm Red Hat Enterprise Linux Server (v.7): Source: libqb-1.0.1-9.el7.src.rpm ppc64: libqb-1.0.1-9.el7.ppc.rpm libqb-1.0.1-9.el7.ppc64.rpm libqb-debuginfo-1.0.1-9.el7.ppc.rpm libqb-debuginfo-1.0.1-9.el7.ppc64.rpm ppc64le: libqb-1.0.1-9.el7.ppc64le.rpm libqb-debuginfo-1.0.1-9.el7.ppc64le.rpm libqb-devel-1.0.1-9.el7.ppc64le.rpm s390x: libqb-1.0.1-9.el7.s390.rpm libqb-1.0.1-9.el7.s390x.rpm libqb-debuginfo-1.0.1-9.el7.s390.rpm libqb-debuginfo-1.0.1-9.el7.s390x.rpm libqb-devel-1.0.1-9.el7.s390.rpm libqb-devel-1.0.1-9.el7.s390x.rpm x86_64: libqb-1.0.1-9.el7.i686.rpm libqb-1.0.1-9.el7.x86_64.rpm libqb-debuginfo-1.0.1-9.el7.i686.rpm libqb-debuginfo-1.0.1-9.el7.x86_64.rpm libqb-devel-1.0.1-9.el7.i686.rpm libqb-devel-1.0.1-9.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libqb-debuginfo-1.0.1-9.el7.ppc.rpm libqb-debuginfo-1.0.1-9.el7.ppc64.rpm libqb-devel-1.0.1-9.el7.ppc.rpm libqb-devel-1.0.1-9.el7.ppc64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libqb-1.0.1-9.el7.src.rpm x86_64: libqb-1.0.1-9.el7.i686.rpm libqb-1.0.1-9.el7.x86_64.rpm libqb-debuginfo-1.0.1-9.el7.i686.rpm libqb-debuginfo-1.0.1-9.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libqb-debuginfo-1.0.1-9.el7.i686.rpm libqb-debuginfo-1.0.1-9.el7.x86_64.rpm libqb-devel-1.0.1-9.el7.i686.rpm libqb-devel-1.0.1-9.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2019-12779 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7/html/7.8_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXoOcXNzjgjWX9erEAQj8xw/9GW4vOrBek7ZxoP6f+gHDmGst9HBzTf4g qlIwS7WbPDqDGA0uCM8p6We/xEyDHt8XZlmS2aRnIJtHpPk7pelSnU6z1glAJIdK ycyHM2Xpo2X1zQtEUXQK+LS17DQlDSSulTEzek8YUGfjFVmR6WGa8oeTMsV3xVFn z+ynk3NeBak7BEC++PqP3B9eZG2+GjdnLQMz2LQtyGEeM/MDhUobDV7zlkImDReZ r4xvSW+vU9lXZpZSNoPj7HISz/LwFEvzYCsdJeFFF3wm5n7149goVY2GGQn3XzcQ qAasyc/Webcw9H43ez50o/1V7kD0rPzE1YT3vddat1uBt8id7D/a9SO4rx/wDZtb Re8aUH7UrOucx2bc807JpYqjxuy1g4oj0CslwnScnCai35RAZq2OeiiBhESP+tsT QdniWTWJCxvd6IT5F5tqLdC6hLxGah4Wjml09q0iOHGY3mde81igU22Pkanmn83l 5ONaK54Cd9cxiFTiiFh3MAID6X7J3Ei6yW84gJGnxX9p2eG0J7McEqBK7EaotVUK QMt9zQ80ImbGAyfFIitFPI6VlHpSHUH40eTNeWGgKTZLM845b/5fMylJxT03aHxG XpvYeMovXBBXDVCjEzeycdEhcOW1Sw0/tXysg2N+6etd/FnQM8RGbsoMCcrtX33R JTgDbfods58=TmUt -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 31, 2020
Red Hat
197
security advisoryupdatedebianDebian LTS: DLA-2103-1 End Of Life Announcement For Libqb And MySQL 5.5
debian-security-support, the Debian security support coverage checker, has been updated in jessie-security. This marks the end of life of the libqb package in jessie. A recently . Package : debian-security-support Version : 2019.12.12~deb8u2 debian-security-support, the Debian security support coverage checker, has been updated in jessie-security. This marks the end of life of the libqb package in jessie. A recently reported vulnerability against libqb which allows users to overwrite arbitrary files via a symlink attack cannot be adequately addressed in libqb in jessie. Upstream no longer supports this version and no packages in jessie depend upon libqb. We recommend that if your systems or applications depend upon the libqb package provided from the Debian archive that you upgrade your systems to a more recent Debian release or find an alternate and up to date source of libqb packages. Additionally, MySQL 5.5 is no longer supported. Upstream has ended its support and we are unable to backport fixes from newer versions due to the lack of patch details. Options are to switch to MariaDB 10.0 in jessie or to a newer version of MySQL in more recent Debian releases. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . The latest Debian security notice has declared the cessation of support for libqb and MySQL 5.5, urging users to transition to more secure alternatives.. Debian Security Support, libqb update, MySQL support end, Debian security advisory. . Severity: Important. LinuxSecurity.com Team
Feb 13, 2020
•Important
Debian LTS
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!