Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 0 articles for you...
89
security advisoryupdateFedoraFedora 40: Security Advisory FEDORA-2024-25f8e34407 for darkhttpd
Update to 1.16 fixes rhbz#2259096. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-25f8e34407 2024-07-27 01:45:37.014460 -------------------------------------------------------------------------------- Name : darkhttpd Product : Fedora 40 Version : 1.16 Release : 1.fc40 URL : https://github.com/emikulic/darkhttpd Summary : Secure, lightweight, fast, single-threaded HTTP/1.1 server Description : darkhttpd is a secure, lightweight, fast and single-threaded HTTP/1.1 server. Features: * Simple to set up: * Single binary, no other files. * Standalone, doesn't need inetd or ucspi-tcp. * No messing around with config files. * Written in C - efficient and portable. * Small memory footprint. * Event loop, single threaded - no fork() or pthreads. * Generates directory listings. * Supports HTTP GET and HEAD requests. * Supports Range / partial content. * Supports If-Modified-Since. * Supports Keep-Alive connections. * Can serve 301 redirects based on Host header. * Uses sendfile(). Security: * Can log accesses, including Referer and User-Agent. * Can chroot. * Can drop privileges. * Impervious to /../ sniffing. * Times out idle connections. * Drops overly long requests. Limitations: * This server only serves static content - *NO* CGI supported! -------------------------------------------------------------------------------- Update Information: Update to 1.16 fixes rhbz#2259096 -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 18 2024 Filipe Rosset - 1.16-1 - Update to 1.16 fixes rhbz#2259096 * Wed Jul 17 2024 Fedora Release Engineering - 1.14-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2259096 - darkhttpd-1.16 is available https://bugzilla.redhat.com/show_bug.cgi?id=2259096 [ 2 ] Bug #2259490 - CVE-2024-23770 darkhttpd: allows local users to discover credentials [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2259490 [ 3 ] Bug #2259491 - CVE-2024-23770 darkhttpd: allows local users to discover credentials [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2259491 [ 4 ] Bug #2259493 - CVE-2024-23771 darkhttpd: uses strcmp to verify authentication to bypass authentication via a timing side channel [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2259493 [ 5 ] Bug #2259494 - CVE-2024-23771 darkhttpd: uses strcmp to verify authentication to bypass authentication via a timing side channel [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2259494 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-25f8e34407' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jul 27, 2024
•Important
Fedora
203
security advisorycritical severityuser authenticationMageia 8 MGASA-2021-0494 Critical: Cloud-Init Local Access Issue
cloud-init has the ability to generate and set a randomized password for system users. This functionality is enabled at runtime by passing cloud-config data such as: 'chpasswd: list: | user1:RANDOM' When instructing cloud-init to set a random password for a new user . MGASA-2021-0494 - Updated cloud-init packages fix security vulnerability Publication date: 29 Oct 2021 URL: https://advisories.mageia.org/MGASA-2021-0494.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-3429 cloud-init has the ability to generate and set a randomized password for system users. This functionality is enabled at runtime by passing cloud-config data such as: 'chpasswd: list: | user1:RANDOM' When instructing cloud-init to set a random password for a new user account, versions before 21.1.19 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user (CVE-2021-3429). References: - https://bugs.mageia.org/show_bug.cgi?id=28991 - https://lists.debian.org/debian-lts-announce/2021/03/msg00025.html - https://github.com/canonical/cloud-init/releases/tag/21.2 - https://www.cve.org/CVERecord?id=CVE-2021-3429 SRPMS: - 8/core/cloud-init-20.2-2.1.mga8 . Stay informed about MGASA-2021-0494: an essential security patch for Mageia's cloud-init that impacts access for local users.. cloud-init Vulnerability, Mageia Security Advisory, Critical Updates, User Access Issues. . Severity: Critical. LinuxSecurity.com Team
Oct 29, 2021
•Critical
Mageia
100
security advisorykernel patchlocal access issueSUSE: 2018:2108-1 Important Local Access Issue in Linux Kernel
An update that solves one vulnerability and has one errata is now available. . SUSE Security Update: Security update for the Linux Kernel (Live Patch 28 for SLE 12) ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2108-1 Rating: important References: #1090338 #1096740 Cross-References: CVE-2018-3665 Affected Products: SUSE Linux Enterprise Server 12-LTSS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for the Linux Kernel 3.12.61-52_101 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from another process via a speculative execution side channel (bsc#1090338, bsc#1096740). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2018-1432=1 Package List: - SUSE Linux Enterprise Server 12-LTSS (x86_64): kgraft-patch-3_12_61-52_101-default-7-2.1 kgraft-patch-3_12_61-52_101-xen-7-2.1 References: https://www.suse.com/security/cve/CVE-2018-3665.html https://bugzilla.suse.com/1090338 https://bugzilla.suse.com/1096740 . SUSE Security Update tackles critical vulnerabilities in the Linux Kernel and provides detailed patching guidelines for optimal remediation.. SUSE Linux Kernel Patch, System Software Update, Intel Processors Security. . Severity: Important. LinuxSecurity.com Team
Jul 27, 2018
•Important
SuSE
98
security advisoryimportant impactlocal access issueRed Hat: RHSA-2014:2000-01 Important: Thermostat Local Access Flaw
Updated thermostat1-thermostat packages that fix one security issue are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: thermostat1-thermostat security update Advisory ID: RHSA-2014:2000-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2014:2000.html Issue date: 2014-12-16 CVE Names: CVE-2014-8120 ==================================================================== 1. Summary: Updated thermostat1-thermostat packages that fix one security issue are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4) - noarch, x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.5) - noarch, x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.6) - noarch, x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: Thermostat is a monitoring and instrumentation tool for the OpenJDK HotSpot Java Virtual Machine (JVM) with support for monitoring multiple JVM instances. Itwas discovered that, in certain configurations, the Thermostat agent disclosed JMX management URLs of all local Java virtual machines to any local user. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-8120) This issue was discovered by Elliott Baron of Red Hat. All thermostat1-thermostat users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1168977 - CVE-2014-8120 thermostat: local JMX URL disclosure 6. Package List: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6): Source: thermostat1-thermostat-1.0.4-60.6.el6.src.rpm noarch: thermostat1-thermostat-javadoc-1.0.4-60.6.el6.noarch.rpm thermostat1-thermostat-webapp-1.0.4-60.6.el6.noarch.rpm x86_64: thermostat1-thermostat-1.0.4-60.6.el6.x86_64.rpm thermostat1-thermostat-debuginfo-1.0.4-60.6.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4): Source: thermostat1-thermostat-1.0.4-60.6.el6.src.rpm noarch: thermostat1-thermostat-javadoc-1.0.4-60.6.el6.noarch.rpm thermostat1-thermostat-webapp-1.0.4-60.6.el6.noarch.rpm x86_64: thermostat1-thermostat-1.0.4-60.6.el6.x86_64.rpm thermostat1-thermostat-debuginfo-1.0.4-60.6.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.5): Source: thermostat1-thermostat-1.0.4-60.6.el6.src.rpm noarch: thermostat1-thermostat-javadoc-1.0.4-60.6.el6.noarch.rpm thermostat1-thermostat-webapp-1.0.4-60.6.el6.noarch.rpm x86_64: thermostat1-thermostat-1.0.4-60.6.el6.x86_64.rpm thermostat1-thermostat-debuginfo-1.0.4-60.6.el6.x86_64.rpm Red Hat Software Collections 1 for RedHat Enterprise Linux Server EUS (v. 6.6): Source: thermostat1-thermostat-1.0.4-60.6.el6.src.rpm noarch: thermostat1-thermostat-javadoc-1.0.4-60.6.el6.noarch.rpm thermostat1-thermostat-webapp-1.0.4-60.6.el6.noarch.rpm x86_64: thermostat1-thermostat-1.0.4-60.6.el6.x86_64.rpm thermostat1-thermostat-debuginfo-1.0.4-60.6.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6): Source: thermostat1-thermostat-1.0.4-60.6.el6.src.rpm noarch: thermostat1-thermostat-javadoc-1.0.4-60.6.el6.noarch.rpm thermostat1-thermostat-webapp-1.0.4-60.6.el6.noarch.rpm x86_64: thermostat1-thermostat-1.0.4-60.6.el6.x86_64.rpm thermostat1-thermostat-debuginfo-1.0.4-60.6.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7): Source: thermostat1-thermostat-1.0.4-70.6.el7.src.rpm noarch: thermostat1-thermostat-javadoc-1.0.4-70.6.el7.noarch.rpm thermostat1-thermostat-webapp-1.0.4-70.6.el7.noarch.rpm x86_64: thermostat1-thermostat-1.0.4-70.6.el7.x86_64.rpm thermostat1-thermostat-debuginfo-1.0.4-70.6.el7.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7): Source: thermostat1-thermostat-1.0.4-70.6.el7.src.rpm noarch: thermostat1-thermostat-javadoc-1.0.4-70.6.el7.noarch.rpm thermostat1-thermostat-webapp-1.0.4-70.6.el7.noarch.rpm x86_64: thermostat1-thermostat-1.0.4-70.6.el7.x86_64.rpm thermostat1-thermostat-debuginfo-1.0.4-70.6.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2014-8120 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iD8DBQFUkLOwXlSAg2UNWIIRAi+sAKCLIiWGrBxQMR3Z9oaEYnxrvCXSLgCfao3E PhRWHjJDSeO6B7wWKIUogME=ZKMp -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Dec 16, 2014
•Important
Red Hat
98
security advisoryRed Hat Enterprise Linuxlow severityRed Hat Enterprise Linux 6 Update RHSA-2012:0939-04 Low Local Access Bug
Updated xorg-x11-server packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Low: xorg-x11-server security and bug fix update Advisory ID: RHSA-2012:0939-04 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2012:0939.html Issue date: 2012-06-20 CVE Names: CVE-2011-4028 CVE-2011-4029 ==================================================================== 1. Summary: Updated xorg-x11-server packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 3. Description: X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could usethis flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. (CVE-2011-4028) A race condition was found in the way the X.Org server managed temporary lock files. A local attacker could use this flaw to perform a symbolic link attack, allowing them to make an arbitrary file world readable, leading to the disclosure of sensitive information. (CVE-2011-4029) Red Hat would like to thank the researcher with the nickname vladz for reporting these issues. This update also fixes the following bugs: * Prior to this update, the KDE Display Manager (KDM) could pass invalid 24bpp pixmap formats to the X server. As a consequence, the X server could unexpectedly abort. This update modifies the underlying code to pass the correct formats. (BZ#651934, BZ#722860) * Prior to this update, absolute input devices, like the stylus of a graphic tablet, could become unresponsive in the right-most or bottom-most screen if the X server was configured as a multi-screen setup through multiple "Device" sections in the xorg.conf file. This update changes the screen crossing behavior so that absolute devices are always mapped across all screens. (BZ#732467) * Prior to this update, the misleading message "Session active, not inhibited, screen idle. If you see this test, your display server is broken and you should notify your distributor." could be displayed after resuming the system or re-enabling the display, and included a URL to an external web page. This update removes this message. (BZ#748704) * Prior to this update, the erroneous input handling code of the Xephyr server disabled screens on a screen crossing event. The focus was only on the screen where the mouse was located and only this screen was updated when the Xephyr nested X server was configured in a multi-screen setup. This update removes this code and Xephyr now correctly updates screens in multi-screen setups. (BZ#757792) * Prior to this update, raw events did not contain relative axis values. As a consequence,clients which relied on relative values for functioning did not behave as expected. This update sets the values to the original driver values instead of the already transformed values. Now, raw events contain relative axis values as expected. (BZ#805377) All users of xorg-x11-server are advised to upgrade to these updated packages, which correct these issues. All running X.Org server instances must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 732467 - Pointer gets stuck on right-most screen 745024 - CVE-2011-4029 xorg-x11-server: lock file chmod change race condition 745755 - CVE-2011-4028 xorg-x11-server: File existence disclosure vulnerability 748704 - "Session active, not inhibited, screen idle. If you see this test, your display server is broken and you should notify your distributor. 805377 - Regression: raw events do not contain relative values 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: i386: xorg-x11-server-Xephyr-1.10.6-1.el6.i686.rpm xorg-x11-server-Xorg-1.10.6-1.el6.i686.rpm xorg-x11-server-common-1.10.6-1.el6.i686.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.i686.rpm x86_64: xorg-x11-server-Xephyr-1.10.6-1.el6.x86_64.rpm xorg-x11-server-Xorg-1.10.6-1.el6.x86_64.rpm xorg-x11-server-common-1.10.6-1.el6.x86_64.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v.6): Source: i386: xorg-x11-server-Xdmx-1.10.6-1.el6.i686.rpm xorg-x11-server-Xnest-1.10.6-1.el6.i686.rpm xorg-x11-server-Xvfb-1.10.6-1.el6.i686.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.i686.rpm xorg-x11-server-devel-1.10.6-1.el6.i686.rpm noarch: xorg-x11-server-source-1.10.6-1.el6.noarch.rpm x86_64: xorg-x11-server-Xdmx-1.10.6-1.el6.x86_64.rpm xorg-x11-server-Xnest-1.10.6-1.el6.x86_64.rpm xorg-x11-server-Xvfb-1.10.6-1.el6.x86_64.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.i686.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.x86_64.rpm xorg-x11-server-devel-1.10.6-1.el6.i686.rpm xorg-x11-server-devel-1.10.6-1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: noarch: xorg-x11-server-source-1.10.6-1.el6.noarch.rpm x86_64: xorg-x11-server-Xdmx-1.10.6-1.el6.x86_64.rpm xorg-x11-server-Xephyr-1.10.6-1.el6.x86_64.rpm xorg-x11-server-Xnest-1.10.6-1.el6.x86_64.rpm xorg-x11-server-Xorg-1.10.6-1.el6.x86_64.rpm xorg-x11-server-Xvfb-1.10.6-1.el6.x86_64.rpm xorg-x11-server-common-1.10.6-1.el6.x86_64.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.i686.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.x86_64.rpm xorg-x11-server-devel-1.10.6-1.el6.i686.rpm xorg-x11-server-devel-1.10.6-1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: i386: xorg-x11-server-Xephyr-1.10.6-1.el6.i686.rpm xorg-x11-server-Xorg-1.10.6-1.el6.i686.rpm xorg-x11-server-common-1.10.6-1.el6.i686.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.i686.rpm ppc64: xorg-x11-server-Xephyr-1.10.6-1.el6.ppc64.rpm xorg-x11-server-Xorg-1.10.6-1.el6.ppc64.rpm xorg-x11-server-common-1.10.6-1.el6.ppc64.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.ppc64.rpm s390x: xorg-x11-server-Xephyr-1.10.6-1.el6.s390x.rpm xorg-x11-server-common-1.10.6-1.el6.s390x.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.s390x.rpm x86_64: xorg-x11-server-Xephyr-1.10.6-1.el6.x86_64.rpm xorg-x11-server-Xorg-1.10.6-1.el6.x86_64.rpm xorg-x11-server-common-1.10.6-1.el6.x86_64.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v.6): Source: i386: xorg-x11-server-Xdmx-1.10.6-1.el6.i686.rpm xorg-x11-server-Xnest-1.10.6-1.el6.i686.rpm xorg-x11-server-Xvfb-1.10.6-1.el6.i686.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.i686.rpm xorg-x11-server-devel-1.10.6-1.el6.i686.rpm noarch: xorg-x11-server-source-1.10.6-1.el6.noarch.rpm ppc64: xorg-x11-server-Xdmx-1.10.6-1.el6.ppc64.rpm xorg-x11-server-Xnest-1.10.6-1.el6.ppc64.rpm xorg-x11-server-Xvfb-1.10.6-1.el6.ppc64.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.ppc.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.ppc64.rpm xorg-x11-server-devel-1.10.6-1.el6.ppc.rpm xorg-x11-server-devel-1.10.6-1.el6.ppc64.rpm s390x: xorg-x11-server-Xdmx-1.10.6-1.el6.s390x.rpm xorg-x11-server-Xnest-1.10.6-1.el6.s390x.rpm xorg-x11-server-Xvfb-1.10.6-1.el6.s390x.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.s390x.rpm x86_64: xorg-x11-server-Xdmx-1.10.6-1.el6.x86_64.rpm xorg-x11-server-Xnest-1.10.6-1.el6.x86_64.rpm xorg-x11-server-Xvfb-1.10.6-1.el6.x86_64.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.i686.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.x86_64.rpm xorg-x11-server-devel-1.10.6-1.el6.i686.rpm xorg-x11-server-devel-1.10.6-1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: i386: xorg-x11-server-Xephyr-1.10.6-1.el6.i686.rpm xorg-x11-server-Xorg-1.10.6-1.el6.i686.rpm xorg-x11-server-common-1.10.6-1.el6.i686.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.i686.rpm x86_64: xorg-x11-server-Xephyr-1.10.6-1.el6.x86_64.rpm xorg-x11-server-Xorg-1.10.6-1.el6.x86_64.rpm xorg-x11-server-common-1.10.6-1.el6.x86_64.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v.6): Source: i386: xorg-x11-server-Xdmx-1.10.6-1.el6.i686.rpm xorg-x11-server-Xnest-1.10.6-1.el6.i686.rpm xorg-x11-server-Xvfb-1.10.6-1.el6.i686.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.i686.rpm xorg-x11-server-devel-1.10.6-1.el6.i686.rpm noarch: xorg-x11-server-source-1.10.6-1.el6.noarch.rpm x86_64: xorg-x11-server-Xdmx-1.10.6-1.el6.x86_64.rpm xorg-x11-server-Xnest-1.10.6-1.el6.x86_64.rpm xorg-x11-server-Xvfb-1.10.6-1.el6.x86_64.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.i686.rpm xorg-x11-server-debuginfo-1.10.6-1.el6.x86_64.rpm xorg-x11-server-devel-1.10.6-1.el6.i686.rpm xorg-x11-server-devel-1.10.6-1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2011-4028 https://access.redhat.com/security/cve/CVE-2011-4029 https://access.redhat.com/security/updates/classification#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP4ZhjXlSAg2UNWIIRAir0AJ9sHey+kq1VKcjWOVTayWXlMxoMTwCdEnl0 aGxVQ3Zeu4DOVNqsul/Nulo=US1w -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Jun 20, 2012
•Low
Red Hat
202
security advisorycriticalsoftware updateopenSUSE 11.3: Addressing Critical X Server Vulnerabilities in 2012
An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.. openSUSE Security Update: xorg-x11-server ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:0227-1 Rating: important References: #722944 Cross-References: CVE-2011-4028 CVE-2011-4029 Affected Products: openSUSE 11.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: The X server had two security issues and one bug that is fixed by this update. CVE-2011-4028: It is possible for a local attacker to deduce if a file exists or not by exploiting the way that Xorg creates its lock files. CVE-2011-4029: It is possible for a non-root local user to set the read permission for all users on any file or directory. Special Instructions and Notes: Please reboot the system after installing this update.This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. This update triggers a restart of the software management stack. More updates will be available for installation after applying this update and restarting the application. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.3: zypper in -t patch xorg-x11-Xvnc-5490 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.3 (i586 x86_64): xorg-x11-Xvnc-7.5_1.8.0-10.15.2 xorg-x11-server-7.5_1.8.0-10.15.2 xorg-x11-server-extra-7.5_1.8.0-10.15.2 xorg-x11-server-sdk-7.5_1.8.0-10.15.2 References: https://www.suse.com/security/cve/CVE-2011-4028.html https://www.suse.com/security/cve/CVE-2011-4029.html . Remedies for serious vulnerabilities in openSUSE xorg-x11-server have been released, bolstering system security.. openSUSE, X server update, security issues, important patch. . Severity: Important. LinuxSecurity.com Team
Feb 09, 2012
•Important
OpenSUSE
98
security advisoryRed HatupdateRed Hat: RHSA-2010:0321-04 Low Severity: Automake Local Access Risk
Updated automake, automake14, automake15, automake16, and automake17 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Low: automake security update Advisory ID: RHSA-2010:0321-04 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2010:0321.html Issue date: 2010-03-30 CVE Names: CVE-2009-4029 ==================================================================== 1. Summary: Updated automake, automake14, automake15, automake16, and automake17 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - noarch Red Hat Enterprise Linux (v. 5 server) - noarch 3. Description: Automake is a tool for automatically generating Makefile.in files compliant with the GNU Coding Standards. Automake-generated Makefiles made certain directories world-writable when preparing source archives, as was recommended by the GNU Coding Standards. If a malicious, local user could access the directory where a victim was creating distribution archives, they could use this flaw to modify the files being added to those archives. Makefiles generated by these updated automake packages no longer make distribution directories world-writable, as recommended by the updated GNU Coding Standards. (CVE-2009-4029) Note: This issue affected Makefile targets used by developers to prepare distribution source archives. Those targets are not used whencompiling programs from the source code. All users of automake, automake14, automake15, automake16, and automake17 should upgrade to these updated packages, which resolve this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 542609 - CVE-2009-4029 Automake: Race condition by creation of "distdir" based directory hierarchy 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: noarch: automake-1.9.6-2.3.el5.noarch.rpm automake14-1.4p6-13.el5.1.noarch.rpm automake15-1.5-16.el5.2.noarch.rpm automake16-1.6.3-8.el5.1.noarch.rpm automake17-1.7.9-7.el5.2.noarch.rpm Red Hat Enterprise Linux (v. 5 server): Source: noarch: automake-1.9.6-2.3.el5.noarch.rpm automake14-1.4p6-13.el5.1.noarch.rpm automake15-1.5-16.el5.2.noarch.rpm automake16-1.6.3-8.el5.1.noarch.rpm automake17-1.7.9-7.el5.2.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2009-4029 https://access.redhat.com/security/updates/classification#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLsjDqXlSAg2UNWIIRAs+eAJ9gAR+Pwec8LLHDdG+PB6zUvbw3rwCdFJ29 sDQzcNq842NPZuddQIY78Uw=kqw7 -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Mar 30, 2010
•Low
Red Hat
99
security advisorySlackwarelocal access issueSlackware: 2005-251-01 Critical: Kcheckpass Local Access Flaw
New kdebase packages are available for Slackware 10.0, 10.1, and -current to fix a security issue with the kcheckpass program. Earlier versions of Slackware are not affected. A flaw in the way the program creates lockfiles could allow a local attacker to gain root privileges. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] kcheckpass in kdebase (SSA:2005-251-01) New kdebase packages are available for Slackware 10.0, 10.1, and -current to fix a security issue with the kcheckpass program. Earlier versions of Slackware are not affected. A flaw in the way the program creates lockfiles could allow a local attacker to gain root privileges. For more details about the issue, see: https://kde.org/info/security/advisory-20050905-1.txt https://www.cve.org/CVERecord?id=CAN-2005-2494 Here are the details from the Slackware 10.1 ChangeLog: +--------------------------+ patches/packages/kdebase-3.3.2-i486-2.tgz: Patched a security bug in kcheckpass that could allow a local user to gain root privileges. For more information, see: https://kde.org/info/security/advisory-20050905-1.txt https://www.cve.org/CVERecord?id=CAN-2005-2494 (* Security fix *) +--------------------------+ Where to find the new package: +----------------------------+ Updated package for Slackware 10.0: Updated package for Slackware 10.1: Updated package for Slackware -current: MD5 signatures: +-------------+ Slackware 10.0 package: 89cbad3536bbfba273b2ae77a097ce89 kdebase-3.2.3-i486-3.tgz Slackware 10.1 package: 6d2d8c96dc1f5b209b5eb35425ae7952 kdebase-3.3.2-i486-2.tgz Slackware -current package: 8b7066a01eb25a8b846d2ac9a5de85e2 kdebase-3.4.2-i486-2.tgz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg kdebase-3.3.2-i486-2.tgz +-----+ . Notice for Slackware kdebase resolves kcheckpass lockfile vulnerability enabling local root escalation. Implement the fix immediately!. kdebase, Slackware security, kcheckpass update, local privilege escalation.. Severity: Critical. LinuxSecurity.com Team
Sep 08, 2005
•Critical
Slackware
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!