Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 2 articles for you...
172
security advisorydenial of serviceinformation exposureUbuntu 22.04 LTS USN-6667-1 Critical Cpanel-JSON-XS Crash Issue
Cpanel-JSON-XS could be made to crash or expose information if it processed specially crafted data.. ========================================================================== Ubuntu Security Notice USN-6667-1 February 28, 2024 libcpanel-json-xs-perl vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Cpanel-JSON-XS could be made to crash or expose information if it processed specially crafted data. Software Description: - libcpanel-json-xs-perl: module for fast and correct serialising to JSON Details: It was discovered that Cpanel-JSON-XS incorrectly decoded certain data. A remote attacker could use this issue to cause Cpanel-JSON-XS to crash, resulting in a denial of service, or possibly obtain sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: libcpanel-json-xs-perl 4.27-1ubuntu0.1 Ubuntu 20.04 LTS: libcpanel-json-xs-perl 4.19-1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6667-1 CVE-2022-48623 Package Information: https://launchpad.net/ubuntu/+source/libcpanel-json-xs-perl/4.27-1ubuntu0.1 https://launchpad.net/ubuntu/+source/libcpanel-json-xs-perl/4.19-1ubuntu0.1 . Ubuntu Security Alert USN-9999-2 addresses a vulnerability in a software component that may result in potential system instability or unauthorized access to confidential information.. Libcpanel-Json-Xs-Perl, Denial Of Service, Information Exposure. . Severity: Critical. LinuxSecurity.com Team
Feb 28, 2024
•Critical
Ubuntu
89
security advisoryfedoracriticalFedora 34: FEDORA-2022-8109b472a3 Critical: zziplib Infinite Loop Fix
Upstream version 0.13.72 Fixes CVE-2020-18442. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-8109b472a3 2022-02-18 01:13:10.939561 --------------------------------------------------------------------------------Name : zziplib Product : Fedora 34 Version : 0.13.72 Release : 1.fc34 URL : Summary : Lightweight library to easily extract data from zip files Description : The zziplib library is intentionally lightweight, it offers the ability to easily extract data from files archived in a single zip file. Applications can bundle files into a single zip archive and access them. The implementation is based only on the (free) subset of compression with the zlib algorithm which is actually used by the zip/unzip tools. --------------------------------------------------------------------------------Update Information: Upstream version 0.13.72 Fixes CVE-2020-18442 --------------------------------------------------------------------------------ChangeLog: * Wed Feb 9 2022 Alexander Bokovoy - 0.13.72-1 - 0.13.72 - Fixes CVE-2020-18442 - Resolves: rhbz#1973831 - Switch build to CMake, drop 32-bit patches as checks integrated in CMake already --------------------------------------------------------------------------------References: [ 1 ] Bug #1973831 - CVE-2020-18442 zziplib: infinite loop via the return value of zzip_file_read() as used in unzzip_cat_file() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1973831 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-8109b472a3' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project canbe found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Feb 17, 2022
•Critical
Fedora
200
security advisorysecurity fixlibrary issueScientific Linux SL7: SLSA-2021-2784-1 Critical: OpenJDK Security Fix
OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066) (CVE-2021-2388) * OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432) (CVE-2021-2341) * OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967) (CVE-2021-2369) For more details about the security issue(s), including the [More...]. Synopsis: Important: java-11-openjdk security update Advisory ID: SLSA-2021:2784-1 Issue Date: 2021-07-21 CVE Numbers: CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 -- Security Fix(es): * OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066) (CVE-2021-2388) * OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432) (CVE-2021-2341) * OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967) (CVE-2021-2369) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to theCVE --- SL7 x86_64 java-11-openjdk-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-demo-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-demo-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-devel-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-devel-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-headless-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-headless-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-javadoc-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-javadoc-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-jmods-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-jmods-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-src-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-src-11.0.12.0.7-0.el7_9.x86_64.rpm java-11-openjdk-static-libs-11.0.12.0.7-0.el7_9.i686.rpm java-11-openjdk-static-libs-11.0.12.0.7-0.el7_9.x86_64.rpm -- - Scientific Linux Development Team . Important java-11-openjdk security patch from Scientific Linux; comprehensive problems associated with several CVE codes outlined.. Java Update, OpenJDK, Security Fix, Networking Issue, Library Issue. . Severity: Critical. LinuxSecurity.com Team
Jul 26, 2021
•Critical
Scientific Linux
98
security advisoryRed HatimportantRed Hat 8.2: RHSA-2021:2774-01 Important: OpenJDK Security Issue
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: java-1.8.0-openjdk security update Advisory ID: RHSA-2021:2774-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2774 Issue date: 2021-07-21 CVE Names: CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 ==================================================================== 1. Summary: An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066) (CVE-2021-2388) * OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432) (CVE-2021-2341) * OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967) (CVE-2021-2369) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how toapply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1982874 - CVE-2021-2341 OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432) 1982879 - CVE-2021-2369 OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967) 1983075 - CVE-2021-2388 OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066) 6. Package List: Red Hat Enterprise Linux AppStream EUS (v.8.2): Source: java-1.8.0-openjdk-1.8.0.302.b08-0.el8_2.src.rpm aarch64: java-1.8.0-openjdk-1.8.0.302.b08-0.el8_2.aarch64.rpm java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el8_2.aarch64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el8_2.aarch64.rpm java-1.8.0-openjdk-debugsource-1.8.0.302.b08-0.el8_2.aarch64.rpm java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el8_2.aarch64.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.302.b08-0.el8_2.aarch64.rpm java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.302.b08-0.el8_2.aarch64.rpm java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el8_2.aarch64.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.302.b08-0.el8_2.aarch64.rpm java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.302.b08-0.el8_2.aarch64.rpm java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el8_2.aarch64.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.302.b08-0.el8_2.aarch64.rpm java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.302.b08-0.el8_2.aarch64.rpm java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.302.b08-0.el8_2.aarch64.rpm java-1.8.0-openjdk-src-1.8.0.302.b08-0.el8_2.aarch64.rpm noarch: java-1.8.0-openjdk-javadoc-1.8.0.302.b08-0.el8_2.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.302.b08-0.el8_2.noarch.rpm ppc64le: java-1.8.0-openjdk-1.8.0.302.b08-0.el8_2.ppc64le.rpm java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el8_2.ppc64le.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el8_2.ppc64le.rpm java-1.8.0-openjdk-debugsource-1.8.0.302.b08-0.el8_2.ppc64le.rpm java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el8_2.ppc64le.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.302.b08-0.el8_2.ppc64le.rpm java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.302.b08-0.el8_2.ppc64le.rpm java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el8_2.ppc64le.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.302.b08-0.el8_2.ppc64le.rpm java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.302.b08-0.el8_2.ppc64le.rpm java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el8_2.ppc64le.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.302.b08-0.el8_2.ppc64le.rpm java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.302.b08-0.el8_2.ppc64le.rpm java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.302.b08-0.el8_2.ppc64le.rpm java-1.8.0-openjdk-src-1.8.0.302.b08-0.el8_2.ppc64le.rpm s390x: java-1.8.0-openjdk-1.8.0.302.b08-0.el8_2.s390x.rpm java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el8_2.s390x.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el8_2.s390x.rpm java-1.8.0-openjdk-debugsource-1.8.0.302.b08-0.el8_2.s390x.rpm java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el8_2.s390x.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.302.b08-0.el8_2.s390x.rpm java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el8_2.s390x.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.302.b08-0.el8_2.s390x.rpm java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el8_2.s390x.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.302.b08-0.el8_2.s390x.rpm java-1.8.0-openjdk-src-1.8.0.302.b08-0.el8_2.s390x.rpm x86_64: java-1.8.0-openjdk-1.8.0.302.b08-0.el8_2.x86_64.rpm java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el8_2.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el8_2.x86_64.rpm java-1.8.0-openjdk-debugsource-1.8.0.302.b08-0.el8_2.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el8_2.x86_64.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.302.b08-0.el8_2.x86_64.rpm java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.302.b08-0.el8_2.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el8_2.x86_64.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.302.b08-0.el8_2.x86_64.rpm java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.302.b08-0.el8_2.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el8_2.x86_64.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.302.b08-0.el8_2.x86_64.rpm java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.302.b08-0.el8_2.x86_64.rpm java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.302.b08-0.el8_2.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.302.b08-0.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7.References: https://access.redhat.com/security/cve/CVE-2021-2341 https://access.redhat.com/security/cve/CVE-2021-2369 https://access.redhat.com/security/cve/CVE-2021-2388 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYPgM99zjgjWX9erEAQiQZA//SoIGlEqapav3NzhfdGOPcFOUU2z7F96c LYFxYW2dGYG7dJLJhGpZnwFs31v3sCvZzbln0KfVbcA+rMEC/Wxj0DLUxQVPO/KT tK26WjNt4iZ9GlH6zhXi09fTcte6H/IfGRyH2gvpUXswRI1gZChoObEvpQfaTwDs WCFX2ELCU4rL/9MYVl4DeiTssqeRKxxaZbcF12AJbriye2ss7io8NBIrcwffgZeC ljMUoCiMSritgTwlAACWJvyDfO/aChALLdarVsU2jR4U36VMBfMwYnFBlhCvhM9w 7RESkjsKXas1ClavFEmpIESAOBlrQWCpMTEv8Rf+1mJvXSD8joWwJM5N3XOSOSbO ZwcQ6UAWh4gmNcrmGqxyyn15fPgAPEey8ptWoOP/ZmvbVg4HrRMem3IUHz8LHpru W//De7Yb2qNYDH+2GEvv4kPrqhIrloF2Esk1EOrOV4z9vx2MfnhMsacOwbzBpVR/ lqVwPpI9cpbu1jW5eNPImkFfgYoM9Um0l4hk0gMO8b2c2jvNWrqSvGATo4YNUWc5 Bl3PssDA5/tyTaCJGO79NQhEAQFwfX4Zde/LmV01xuvaJNMWHTWcu6XbqCsM/6+l UscbcPpeUsQ3J33LhrkyCDLZqAJJmxIhNF/yFNxzHFiuJXfNP43yY7GcyDxJsd2M ZL5EiySja1I=FIsX -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jul 21, 2021
•Important
Red Hat
98
security advisoryRed HatimportantRed Hat: RHSA-2021:2783-01 Important: Java-11-OpenJDK Security Issue
An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: java-11-openjdk security update Advisory ID: RHSA-2021:2783-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2783 Issue date: 2021-07-21 CVE Names: CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 ==================================================================== 1. Summary: An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64 3. Description: The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066) (CVE-2021-2388) * OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432) (CVE-2021-2341) * OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967) (CVE-2021-2369) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update,which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1982874 - CVE-2021-2341 OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432) 1982879 - CVE-2021-2369 OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967) 1983075 - CVE-2021-2388 OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066) 6. Package List: Red Hat Enterprise Linux AppStream EUS (v.8.1): Source: java-11-openjdk-11.0.12.0.7-0.el8_1.src.rpm aarch64: java-11-openjdk-11.0.12.0.7-0.el8_1.aarch64.rpm java-11-openjdk-debuginfo-11.0.12.0.7-0.el8_1.aarch64.rpm java-11-openjdk-debugsource-11.0.12.0.7-0.el8_1.aarch64.rpm java-11-openjdk-demo-11.0.12.0.7-0.el8_1.aarch64.rpm java-11-openjdk-devel-11.0.12.0.7-0.el8_1.aarch64.rpm java-11-openjdk-devel-debuginfo-11.0.12.0.7-0.el8_1.aarch64.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.12.0.7-0.el8_1.aarch64.rpm java-11-openjdk-headless-11.0.12.0.7-0.el8_1.aarch64.rpm java-11-openjdk-headless-debuginfo-11.0.12.0.7-0.el8_1.aarch64.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.12.0.7-0.el8_1.aarch64.rpm java-11-openjdk-javadoc-11.0.12.0.7-0.el8_1.aarch64.rpm java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el8_1.aarch64.rpm java-11-openjdk-jmods-11.0.12.0.7-0.el8_1.aarch64.rpm java-11-openjdk-slowdebug-debuginfo-11.0.12.0.7-0.el8_1.aarch64.rpm java-11-openjdk-src-11.0.12.0.7-0.el8_1.aarch64.rpm ppc64le: java-11-openjdk-11.0.12.0.7-0.el8_1.ppc64le.rpm java-11-openjdk-debuginfo-11.0.12.0.7-0.el8_1.ppc64le.rpm java-11-openjdk-debugsource-11.0.12.0.7-0.el8_1.ppc64le.rpm java-11-openjdk-demo-11.0.12.0.7-0.el8_1.ppc64le.rpm java-11-openjdk-devel-11.0.12.0.7-0.el8_1.ppc64le.rpm java-11-openjdk-devel-debuginfo-11.0.12.0.7-0.el8_1.ppc64le.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.12.0.7-0.el8_1.ppc64le.rpm java-11-openjdk-headless-11.0.12.0.7-0.el8_1.ppc64le.rpm java-11-openjdk-headless-debuginfo-11.0.12.0.7-0.el8_1.ppc64le.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.12.0.7-0.el8_1.ppc64le.rpm java-11-openjdk-javadoc-11.0.12.0.7-0.el8_1.ppc64le.rpm java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el8_1.ppc64le.rpm java-11-openjdk-jmods-11.0.12.0.7-0.el8_1.ppc64le.rpm java-11-openjdk-slowdebug-debuginfo-11.0.12.0.7-0.el8_1.ppc64le.rpm java-11-openjdk-src-11.0.12.0.7-0.el8_1.ppc64le.rpm s390x: java-11-openjdk-11.0.12.0.7-0.el8_1.s390x.rpm java-11-openjdk-debuginfo-11.0.12.0.7-0.el8_1.s390x.rpm java-11-openjdk-debugsource-11.0.12.0.7-0.el8_1.s390x.rpm java-11-openjdk-demo-11.0.12.0.7-0.el8_1.s390x.rpm java-11-openjdk-devel-11.0.12.0.7-0.el8_1.s390x.rpm java-11-openjdk-devel-debuginfo-11.0.12.0.7-0.el8_1.s390x.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.12.0.7-0.el8_1.s390x.rpm java-11-openjdk-headless-11.0.12.0.7-0.el8_1.s390x.rpm java-11-openjdk-headless-debuginfo-11.0.12.0.7-0.el8_1.s390x.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.12.0.7-0.el8_1.s390x.rpm java-11-openjdk-javadoc-11.0.12.0.7-0.el8_1.s390x.rpm java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el8_1.s390x.rpm java-11-openjdk-jmods-11.0.12.0.7-0.el8_1.s390x.rpm java-11-openjdk-slowdebug-debuginfo-11.0.12.0.7-0.el8_1.s390x.rpm java-11-openjdk-src-11.0.12.0.7-0.el8_1.s390x.rpm x86_64: java-11-openjdk-11.0.12.0.7-0.el8_1.x86_64.rpm java-11-openjdk-debuginfo-11.0.12.0.7-0.el8_1.x86_64.rpm java-11-openjdk-debugsource-11.0.12.0.7-0.el8_1.x86_64.rpm java-11-openjdk-demo-11.0.12.0.7-0.el8_1.x86_64.rpm java-11-openjdk-devel-11.0.12.0.7-0.el8_1.x86_64.rpm java-11-openjdk-devel-debuginfo-11.0.12.0.7-0.el8_1.x86_64.rpm java-11-openjdk-devel-slowdebug-debuginfo-11.0.12.0.7-0.el8_1.x86_64.rpm java-11-openjdk-headless-11.0.12.0.7-0.el8_1.x86_64.rpm java-11-openjdk-headless-debuginfo-11.0.12.0.7-0.el8_1.x86_64.rpm java-11-openjdk-headless-slowdebug-debuginfo-11.0.12.0.7-0.el8_1.x86_64.rpm java-11-openjdk-javadoc-11.0.12.0.7-0.el8_1.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.12.0.7-0.el8_1.x86_64.rpm java-11-openjdk-jmods-11.0.12.0.7-0.el8_1.x86_64.rpm java-11-openjdk-slowdebug-debuginfo-11.0.12.0.7-0.el8_1.x86_64.rpm java-11-openjdk-src-11.0.12.0.7-0.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-2341 https://access.redhat.com/security/cve/CVE-2021-2369 https://access.redhat.com/security/cve/CVE-2021-2388 https://access.redhat.com/security/updates/classification#important 8. Contact: The RedHat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYPfU89zjgjWX9erEAQjdIQ//WbkD1noP47jYEEqqKY59HF3W4bsgk7YA TMIG2oelYnLokgdH+R1WR9Wgn1HBmmIUI4lGiCCBZtxW8G8dhrPll54tqAZ5FjWq mYNA3oXU2GioqVkkrjytNhB9taKGg85cKbe4fTQHKGSfrKKUy6ysT+A8/Xh2c2hr Utguv1NpK9vP0fEP7zT6C9Brkjc5QEg1nmuchgxyezY5eeVUaOBnhT/m0t6HfH3l SrSzSJTz0dxYeOcu0zhAuLPIkAQDOlo9w1l1ZwEWBeND1/v0k86/IWa+1ADMNwtN +NIzVnVeLWQrGxwKS4A1ZOVeiv4crwVh2n3WwKEz5sZtj3n4dP/slj6b8Zn3sewI 2zg8MYLaOQUC95xQf1YAA60P2bvUhJ6yl/tQhzXGc0MIhC/aTLLRPcNt6w8RYu7c TvMdPCrD6Rp7MBIwUipXAw3aADWrlYN5lztAxzwLjyzCela6piAhrIVJU1mYDfsh 0DTJbhkW4YvDEUHh1SY7qzLXxy23N1smkyixMQWMXYsgUBxFKEFJAt75SMNtnuQo SQAq824UunGlqy9ni9BuRVmyc6zKwCpFt1X1vyUxmlO2A8uss6QgL8CJy4BYaayR Dp1C9whHw4J6Vpfrv5r2ENzbm9u062MFsrWo+jepmK/CNfWMwC4i1gsfqx1nWvTZ Gri4DFTfGsw=b+s2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jul 21, 2021
•Important
Red Hat
172
security advisorydenial of serviceremote attackUbuntu 20.04 LTS, USN-4434-1: LibVNCServer Denial of Service Risks
Several security issues were fixed in LibVNCServer.. =========================================================================Ubuntu Security Notice USN-4434-1 July 23, 2020 libvncserver vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in LibVNCServer. Software Description: - libvncserver: vnc server library Details: Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled certain malformed unix socket names. A remote attacker could exploit this with a crafted socket name, leading to a denial of service, or possibly execute arbitrary code. (CVE-2019-20839) It was discovered that LibVNCServer did not properly access byte-aligned data. A remote attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. (CVE-2019-20840) Christian Beier discovered that LibVNCServer incorrectly handled anonymous TLS connections. A remote attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-14396) It was discovered that LibVNCServer incorrectly handled region clipping. A remote attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. (CVE-2020-14397) It was discovered that LibVNCServer did not properly reset incorrectly terminated TCP connections. A remote attacker could possibly use this issue to cause an infinite loop, resulting in a denial of service. (CVE-2020-14398) It was discovered that LibVNCServer did not properly access byte-aligned data. A remote attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service.(CVE-2020-14399, CVE-2020-14400) It was discovered that LibVNCServer incorrectly handled screen scaling on the server side. A remote attacker could use this issue to cause LibVNCServer to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-14401) It was discovered that LibVNCServer incorrectly handled encodings. A remote attacker could use this issue to cause LibVNCServer to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-14402, CVE-2020-14403, CVE-2020-14404) It was discovered that LibVNCServer incorrectly handled TextChat messages. A remote attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. (CVE-2020-14405) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: libvncclient1 0.9.12+dfsg-9ubuntu0.2 libvncserver1 0.9.12+dfsg-9ubuntu0.2 Ubuntu 18.04 LTS: libvncclient1 0.9.11+dfsg-1ubuntu1.3 libvncserver1 0.9.11+dfsg-1ubuntu1.3 Ubuntu 16.04 LTS: libvncclient1 0.9.10+dfsg-3ubuntu0.16.04.5 libvncserver1 0.9.10+dfsg-3ubuntu0.16.04.5 After a standard system update you need to restart LibVNCServer applications to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4434-1 CVE-2019-20839, CVE-2019-20840, CVE-2020-14396, CVE-2020-14397, CVE-2020-14398, CVE-2020-14399, CVE-2020-14400, CVE-2020-14401, CVE-2020-14402, CVE-2020-14403, CVE-2020-14404, CVE-2020-14405 Package Information: https://launchpad.net/ubuntu/+source/libvncserver/0.9.12+dfsg-9ubuntu0.2 https://launchpad.net/ubuntu/+source/libvncserver/0.9.11+dfsg-1ubuntu1.3 https://launchpad.net/ubuntu/+source/libvncserver/0.9.10+dfsg-3ubuntu0.16.04.5 . Several LibVNCServer vulnerabilities addressed in the Ubuntu security notification USN-4435-1affecting various LTS versions.. LibVNCServer Security Patch, Ubuntu 20.04 Update, Remote Code Execution, Denial of Service Risk. . Severity: Critical. LinuxSecurity.com Team
Jul 23, 2020
•Critical
Ubuntu
197
security advisorysecurity updatebuffer overflowDebian LTS DLA-1895-1 Moderate: libmspack Buffer Overflow Issue
JsHuang found an issue in libmspack, a library for Microsoft compression format. Opening a crafted chm file might result in a buffer overflow which might . Package : libmspack Version : 0.5-1+deb8u4 CVE ID : CVE-2019-1010305 JsHuang found an issue in libmspack, a library for Microsoft compression format. Opening a crafted chm file might result in a buffer overflow which might disclose confidential information. For Debian 8 "Jessie", this problem has been fixed in version 0.5-1+deb8u4. We recommend that you upgrade your libmspack packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . The libmspack package has received an important update aimed at addressing a critical buffer overflow vulnerability that could lead to the exposure of sensitive information.. libmspack Security Update, Debian LTS, Buffer Overflow Issue. . LinuxSecurity.com Team
Aug 23, 2019
Debian LTS
172
security advisorydenial of servicecriticalUbuntu 8.04 LTS USN-624-1 Critical: Pcre3 Denial Of Service
Tavis Ormandy discovered that the PCRE library did not correctly handle certain in-pattern options. An attacker could cause applications linked against pcre3 to crash, leading to a denial of service. . =========================================================== Ubuntu Security Notice USN-624-1 July 15, 2008 pcre3 vulnerability CVE-2008-2371 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libpcre3 7.4-0ubuntu0.6.06.3 Ubuntu 7.04: libpcre3 7.4-0ubuntu0.7.04.3 Ubuntu 7.10: libpcre3 7.4-0ubuntu0.7.10.3 Ubuntu 8.04 LTS: libpcre3 7.4-1ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Tavis Ormandy discovered that the PCRE library did not correctly handle certain in-pattern options. An attacker could cause applications linked against pcre3 to crash, leading to a denial of service. Updated packages for Ubuntu 6.06 LTS: Source archives: Size/MD5: 85631 6bcacd2296461d74fd9e661d9fcb2922 Size/MD5: 657 e56861ae51122d44305ecc6ea959db29 Size/MD5: 1106897 de886b22cddc8eaf620a421d3041ee0b Architecture independent packages: Size/MD5: 772 af2474a8f5e8c2dc1a6bb7b820537720 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 254948 788c8a86453466bfeac3bab4ae934bd1 Size/MD5: 198730 ea815bf19bb9888cac145516bb4f8059 Size/MD5: 90324 7c9578adad9e1b2cd22b96b287fdb2e7 Size/MD5: 20358 d2b2599e71665d8088c2b37bac829bcd i386 architecture (x86 compatibleIntel/AMD): Size/MD5: 246562 441516d6a63e05ac6ff2b68f039a66f8 Size/MD5: 194202 a8173b6bb5c356167e1e6d292bc28133 Size/MD5: 88654 9b4a4af5c73fa1a046fec76d8de1e5d4 Size/MD5: 18962 186f0bc810462dc2cea6d9c85ecca01c powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 258744 07f82099de2e8a7882a4632221834c1b Size/MD5: 199912 9a15af619abd26cae9aae1e50c254ebc Size/MD5: 91414 dedcd449686b4c5a5f10f8ffc6f3a57a Size/MD5: 21368 105edcb4a85e366cabb405d7454748bf sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 250224 9e750f32976a7c7ee5e8a38173019d99 Size/MD5: 196638 8233e339d6d2ecedbf0d5e91ecfb5857 Size/MD5: 88096 18c453d1a07da4a594d9b7b1afc53ae7 Size/MD5: 19584 d3b68c5c809c8c9880b4ba369dc29d05 Updated packages for Ubuntu 7.04: Source archives: Size/MD5: 85863 e021d65323dfdd5f9152f1adab8ef35b Size/MD5: 734 530fd8a9be4a12d42ec6ccbd308d2664 Size/MD5: 1106897 de886b22cddc8eaf620a421d3041ee0b amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 255290 aabfa0188644252c0a3920c5518b94dd Size/MD5: 199016 259f7869305c8a5046c8a1ac707de287 Size/MD5: 91624 9ce46f293c9f9f05cbc38ad9d70be993 Size/MD5: 20470 1e41b6410f2f87f635499dbb97203c13 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 251016 5b4756ca47678b63e76e32c01ab56943 Size/MD5: 198084 af2acf872b82403daac13a67bfca0248 Size/MD5: 91280 8355dc6f2ea3e91bd669afb92dfd0551 Size/MD5: 19524 94159666ef8fa0a9be4744d8d1be66f9 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 257716 7ee895147086160c358c4d8ec63b2a3c Size/MD5: 201920 6478d1ef4120d40d3266c36cbe78e052 Size/MD5: 94486 5846a7c667910d3aacf1d7b654d23c93 Size/MD5: 22692e9f57c053e847728dcfa8958f4f3c6f4 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 252324 58e066c59fe05eda544681edd5e25adb Size/MD5: 199572 60df0418dc40d844992631fdcb2742fe Size/MD5: 90136 a115cd726194eaa2279f8e552b1b65da Size/MD5: 20404 06f2bfc9542d06d17893613a51d16e41 Updated packages for Ubuntu 7.10: Source archives: Size/MD5: 15106 03469183b160f6cedf254cda89b58e8b Size/MD5: 734 e5349e7d076b1f012418e9fe6e37c7ed Size/MD5: 1106897 de886b22cddc8eaf620a421d3041ee0b amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 255724 8eac40835ba83154bb7766637fa55544 Size/MD5: 205652 48c7afec015d5e7602ed9e0de1f1e303 Size/MD5: 91454 bc14540316d82cf9121084241e2da710 Size/MD5: 20466 4560795e64d41315615db50632811995 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 251242 e5aadd8a9f4773afefbd8db00935f19b Size/MD5: 204530 94d30a647325d9391abd43760d4cdb51 Size/MD5: 91150 ccb87ae1e3f5c665526ed9224d21dd49 Size/MD5: 19526 de8d449e6e968e7ebd99b1a13ac1a96f lpia architecture (Low Power Intel Architecture): Size/MD5: 252094 d2e0fad28af36746aa97b45f5fb26ed7 Size/MD5: 206198 e43e0569fa546d53e6b57d01772b44b1 Size/MD5: 90648 41dad33c9885d61197ff767cc276da6a Size/MD5: 19494 f19cc9f205f6fca83e4e4773211b4dd7 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 257776 c3d61408fb1e635ecfd192647800512b Size/MD5: 208304 97c7b96cd468d7b7c87f52e92af2c0c8 Size/MD5: 94430 e99d1887393b006084f6acd8ef6d07de Size/MD5: 22690 d788fe4e595af3ada595c05156deeb97 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 252492 72138a6ab427f3577b96fca05b50b7d7 Size/MD5: 205984 774bd853192a636a0d2c2dae978ef3f4 Size/MD5: 90036dcd26900b8d5ee790ae80ea5c5fe4711 Size/MD5: 20404 8e3ac55a926ceaba2a4aa6d238df66f8 Updated packages for Ubuntu 8.04 LTS: Source archives: Size/MD5: 28470 7b4185e229a25a167d0623563f55ee3c Size/MD5: 754 9513a7249290ebef7f0b29d973c6fb7b Size/MD5: 1106897 de886b22cddc8eaf620a421d3041ee0b amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 264496 f530971c2808b0a2fed1a8f3cdd3c9f6 Size/MD5: 254796 e0da3551ff4b490dd0fb92cade5b3666 Size/MD5: 205592 5a2219b17fd80877272904a79fadc580 Size/MD5: 91230 061d3693e966e6f1779b0c64e7c2f4fe Size/MD5: 70966 a862563a1d8b0a9f5368d019f03e6b4f Size/MD5: 20434 1c7b00f8a238bd9c0cd4f7ec692d059d i386 architecture (x86 compatible Intel/AMD): Size/MD5: 243506 f0f989aec1a82d1bf0261f7f4b34a60a Size/MD5: 251576 d83ce6c8854d3a1167340bd08180b7ce Size/MD5: 205802 5556706d347c25bc418f82d5175dc106 Size/MD5: 91174 b6178ac07f1907e0968c4cd909fa6aa7 Size/MD5: 72166 c461c3381f3c574185c921be9c39780d Size/MD5: 19526 93700c88576af62d943d9fc027a3df68 lpia architecture (Low Power Intel Architecture): Size/MD5: 244482 3ad664f23af3e5ef174933958241900d Size/MD5: 252212 2e63fffc5a0491d90eec5f7e16edd485 Size/MD5: 206530 edee75400a2586765fd8f4338a92ad53 Size/MD5: 90760 371d5e56822ab90d5a5d9dada21d494b Size/MD5: 72762 722e259ce4855436ea4495658ba9377e Size/MD5: 19546 181ab09b249e0d304e549bcc41a74e88 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 261410 f31b196b659566cb5cb881dc7f90f451 Size/MD5: 259794 cd18085f270a0c0cffac4353de756e1a Size/MD5: 210952 dce18d87801b8821f87e3a6e443d58ce Size/MD5: 94360 b019cdfd389e0d888b53fa825a0ed48b Size/MD5: 73124 dfd25f42ce8a11feaa36917bf5ccc4aa Size/MD5: 22746 31de7acefbc07e09a2dc81f629097c9e sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 251756 01c99f90917ffa3decd84b7074fd87bd Size/MD5: 252004 8359a7b8aecacd672d115df4f7a84264 Size/MD5: 205372 b704cc10dc4adcb45ad0c8ef1f4e68c3 Size/MD5: 90340 ca0a66c1db4d1e5bf43954083fcc99e5 Size/MD5: 69450 2d2abc6b697adeb7bf1cbacbb953153a Size/MD5: 20878 ae427cb895a1da464c76d01987d01cba . Ubuntu Security Notice USN-624-1 highlights a PCRE3 library vulnerability that might enable denial of service attacks, urging administrators to apply updates swiftly.. Pcre3 Issue, Ubuntu Security Notice, Denial Of Service Issue. . Severity: Critical. LinuxSecurity.com Team
Jul 14, 2008
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!