Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 7 articles for you...
217
security advisorysecurity updatesoftware patchOracle Linux 8 ELSA-2024-4264 Low Severity: OpenLDAP Security Fix
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-4264 http://linux.oracle.com/errata/ELSA-2024-4264.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: openldap-2.4.46-19.el8_10.i686.rpm openldap-2.4.46-19.el8_10.x86_64.rpm openldap-clients-2.4.46-19.el8_10.x86_64.rpm openldap-devel-2.4.46-19.el8_10.i686.rpm openldap-devel-2.4.46-19.el8_10.x86_64.rpm openldap-servers-2.4.46-19.el8_10.x86_64.rpm aarch64: openldap-2.4.46-19.el8_10.aarch64.rpm openldap-clients-2.4.46-19.el8_10.aarch64.rpm openldap-devel-2.4.46-19.el8_10.aarch64.rpm openldap-servers-2.4.46-19.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//openldap-2.4.46-19.el8_10.src.rpm Related CVEs: CVE-2023-2953 Description of changes: [2.4.46-19] - Bump version to 2.4.46-19 - Resolves: RHEL-34283 - openldap: null pointer dereference in ber_memalloc_x function _______________________________________________ El-errata mailing list
Jul 05, 2024
•Low
Oracle
98
security advisorysecurity updatelow threatRed Hat OpenStack Platform 16.2.4 Minor Vulnerability: RHSA-2022:8856-01
An update for python-django-horizon is now available for Red Hat OpenStack Platform 16.2.4 (Train) on Red Hat Enterprise Linux (RHEL) 8.4. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat OpenStack Platform 16.2.4 (python-django-horizon) security update Advisory ID: RHSA-2022:8856-01 Product: Red Hat OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2022:8856 Issue date: 2022-12-07 CVE Names: CVE-2022-1655 ==================================================================== 1. Summary: An update for python-django-horizon is now available for Red Hat OpenStack Platform 16.2.4 (Train) on Red Hat Enterprise Linux (RHEL) 8.4. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 16.2 - noarch 3. Description: Horizon is a Django application for providing Openstack UI components. It allows performing site administrator (viewing account resource usage, configuring users, accounts, quotas, flavors, etc.) and end user operations (start/stop/delete instances, create/restore snapshots, view instance VNC console, etc.) Security Fix(es): * Horizon session cookies are not flagged HttpOnly (CVE-2022-1655) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1931593 - [RHOSP13] Not able to attach floating IP from horizon 2075681 - CVE-2022-1655 OpenStack: Horizon session cookies are not flagged HttpOnly 2076482 - [RHOSP16.2.2] Resize from horizon fails 2129483 - Unable to update port as member user from Horizon 6. Package List: Red Hat OpenStack Platform 16.2: Source: python-django-horizon-16.2.3-2.20220926144724.d3d3d18.el8ost.src.rpm noarch: openstack-dashboard-16.2.3-2.20220926144724.d3d3d18.el8ost.noarch.rpm python3-django-horizon-16.2.3-2.20220926144724.d3d3d18.el8ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-1655 https://access.redhat.com/security/updates/classification#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY5FpkNzjgjWX9erEAQjvGg/+Nw2oEteeFdLlCPQfeej4MMuugk2GsS7g 5KzxLM38U1/bV0NniI12A3uYESDVIgmtLDK/7GPiPqgnLHbxlmEZ4WBW5QCCqJFd hnS0smQ3jGR4QVsaug6FWo2iIWA9vINKMi0htyu14bs6er5kWsYw4DLq1WMW22cl 5Z6UC5OXRU0bv10UwTtASOoBrp3Q05rqxLLTOeJFocqIo1o+kv0mKkaOIzyuGSSo QdyQogCINszofdeaQOSO48jnx0+QlBDqwfpW4qdWtaWSAunx7q/Pubp/EZOxKP3+ ylR2K5Q2TjuJvfelX9mXGys62cvCLuPhKKvLBWysS//RhFGBcjQN+Qnf3NYMnVxw PqZ/3ZQwnPChvzeGBol/V2AcVcl3eLH0JZ3XXne+rcmGqMAULeE75h8mkAf98hEi TEov2AMGKJNTwUCsF+PwuDgA18PZpl/5nn6nfMANqozIlzo8J1UAzb705MTiNarc TB7DD1gjty5zBQbIQUo+yc9vFCJhjEqO5UAOl21BvjOCQ9k7wWsc0TafhoB7+poj g/EtzuY2iLthHud8G/0RfmVlxBfDA1aRESpkQ5s7jGr3/URFx0v4EaYbcqUJ/xA2 SsujK2YLPCkTycQDAzGTUvGxrwYRrCtyBRMgo1bF7z9VPvXZsVoCBAI1/2VUNVCb YQAJy6x+pKc=ARGz -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Dec 08, 2022
•Low
Red Hat
91
security advisorydenial of servicegentooGentoo: GLSA-202107-40 Low: MediaWiki Denial Of Service Issues
Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in a Denial of Service condition.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202107-40 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: MediaWiki: Multiple vulnerabilities Date: July 17, 2021 Bugs: #780654, #797661 ID: 202107-40 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in a Denial of Service condition. Background ========= MediaWiki is a collaborative editing software used by large projects such as Wikipedia. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/mediawiki < 1.36.1 > = 1.36.1 Description ========== Multiple vulnerabilities have been discovered in MediaWiki. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All MediaWiki users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =www-apps/mediawiki-1.36.1" References ========= [ 1 ] CVE-2021-30152 https://nvd.nist.gov/vuln/detail/CVE-2021-30152 [ 2 ] CVE-2021-30154 https://nvd.nist.gov/vuln/detail/CVE-2021-30154 [ 3 ] CVE-2021-30155 https://nvd.nist.gov/vuln/detail/CVE-2021-30155 [ 4 ] CVE-2021-30157 https://nvd.nist.gov/vuln/detail/CVE-2021-30157 [ 5 ]CVE-2021-30158 https://nvd.nist.gov/vuln/detail/CVE-2021-30158 [ 6 ] CVE-2021-30159 https://nvd.nist.gov/vuln/detail/CVE-2021-30159 [ 7 ] CVE-2021-30458 https://nvd.nist.gov/vuln/detail/CVE-2021-30458 [ 8 ] CVE-2021-35197 https://nvd.nist.gov/vuln/detail/CVE-2021-35197 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202107-40 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jul 17, 2021
•Low
Gentoo
100
security advisorysecurity issuebuffer overflowSUSE: 2021:0431-1 Low Threat: MozillaFirefox Buffer Overflow
An update that contains security fixes can now be installed. . SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0431-1 Rating: low References: #1181848 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 78.7.1 ESR (bsc#1181848) - Fixed: Prevent access to NTFS special paths that could lead to filesystem corruption. - Buffer overflow in depth pitch calculations for compressed textures Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-431=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-431=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-78.7.1-112.48.1 MozillaFirefox-debugsource-78.7.1-112.48.1 MozillaFirefox-devel-78.7.1-112.48.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.7.1-112.48.1 MozillaFirefox-debuginfo-78.7.1-112.48.1 MozillaFirefox-debugsource-78.7.1-112.48.1 MozillaFirefox-devel-78.7.1-112.48.1 MozillaFirefox-translations-common-78.7.1-112.48.1 References: https://bugzilla.suse.com/1181848 . SUSE Security Advisory for MozillaFirefox Released featuring essential patches to avertpotential vulnerabilities. Immediate update advised.. SUSE Update, Mozilla Browser Security, Firefox Patch Details. . Severity: Low. LinuxSecurity.com Team
Feb 10, 2021
•Low
SuSE
100
security advisoryvulnerabilitylow threatSUSE: 2020:1619-1 Low: Security Update for Audiofile Vulnerability
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for audiofile ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1619-1 Rating: low References: #1100523 Cross-References: CVE-2018-13440 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for audiofile fixes the following issues: Security issue fixed: - CVE-2018-13440: Return AF_FAIL instead of causing NULL pointer dereferences later (bsc#1100523). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-1619=1 - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-1619=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1619=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-1619=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): audiofile-debuginfo-0.3.6-11.7.8 audiofile-debugsource-0.3.6-11.7.8 audiofile-devel-0.3.6-11.7.8 - SUSE Linux Enterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): audiofile-debuginfo-0.3.6-11.7.8 audiofile-debugsource-0.3.6-11.7.8 audiofile-devel-0.3.6-11.7.8 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): audiofile-0.3.6-11.7.8 audiofile-debuginfo-0.3.6-11.7.8 audiofile-debugsource-0.3.6-11.7.8 libaudiofile1-0.3.6-11.7.8 libaudiofile1-debuginfo-0.3.6-11.7.8 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libaudiofile1-32bit-0.3.6-11.7.8 libaudiofile1-debuginfo-32bit-0.3.6-11.7.8 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): audiofile-0.3.6-11.7.8 audiofile-debuginfo-0.3.6-11.7.8 audiofile-debugsource-0.3.6-11.7.8 libaudiofile1-0.3.6-11.7.8 libaudiofile1-debuginfo-0.3.6-11.7.8 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libaudiofile1-32bit-0.3.6-11.7.8 libaudiofile1-debuginfo-32bit-0.3.6-11.7.8 References: https://www.suse.com/security/cve/CVE-2018-13440.html https://bugzilla.suse.com/1100523 _______________________________________________ sle-security-updates mailing list
Jun 12, 2020
•Low
SuSE
98
security advisoryred hatsoftware updateRed Hat: RHSA-2020-1101-01 Low Severity Bluetooth Security Update
An update for bluez is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: bluez security update Advisory ID: RHSA-2020:1101-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1101 Issue date: 2020-03-31 CVE Names: CVE-2018-10910 ==================================================================== 1. Summary: An update for bluez is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start scripts (Red Hat), and pcmcia configuration files. Security Fix(es): * bluez: failure in disabling Bluetooth discoverability in certain cases may lead to the unauthorized pairing of Bluetooth devices (CVE-2018-10910) For moredetails about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1606203 - CVE-2018-10910 bluez: failure in disabling Bluetooth discoverability in certain cases may lead to the unauthorized pairing of Bluetooth devices 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: bluez-5.44-6.el7.src.rpm x86_64: bluez-5.44-6.el7.x86_64.rpm bluez-debuginfo-5.44-6.el7.i686.rpm bluez-debuginfo-5.44-6.el7.x86_64.rpm bluez-libs-5.44-6.el7.i686.rpm bluez-libs-5.44-6.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: bluez-cups-5.44-6.el7.x86_64.rpm bluez-debuginfo-5.44-6.el7.i686.rpm bluez-debuginfo-5.44-6.el7.x86_64.rpm bluez-hid2hci-5.44-6.el7.x86_64.rpm bluez-libs-devel-5.44-6.el7.i686.rpm bluez-libs-devel-5.44-6.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: bluez-5.44-6.el7.src.rpm x86_64: bluez-debuginfo-5.44-6.el7.i686.rpm bluez-debuginfo-5.44-6.el7.x86_64.rpm bluez-libs-5.44-6.el7.i686.rpm bluez-libs-5.44-6.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: bluez-5.44-6.el7.x86_64.rpm bluez-cups-5.44-6.el7.x86_64.rpm bluez-debuginfo-5.44-6.el7.i686.rpm bluez-debuginfo-5.44-6.el7.x86_64.rpm bluez-hid2hci-5.44-6.el7.x86_64.rpm bluez-libs-devel-5.44-6.el7.i686.rpm bluez-libs-devel-5.44-6.el7.x86_64.rpm Red Hat Enterprise Linux Server (v.7): Source: bluez-5.44-6.el7.src.rpm ppc64: bluez-5.44-6.el7.ppc64.rpm bluez-debuginfo-5.44-6.el7.ppc.rpm bluez-debuginfo-5.44-6.el7.ppc64.rpm bluez-libs-5.44-6.el7.ppc.rpm bluez-libs-5.44-6.el7.ppc64.rpm ppc64le: bluez-5.44-6.el7.ppc64le.rpm bluez-debuginfo-5.44-6.el7.ppc64le.rpm bluez-libs-5.44-6.el7.ppc64le.rpm s390x: bluez-debuginfo-5.44-6.el7.s390.rpm bluez-debuginfo-5.44-6.el7.s390x.rpm bluez-libs-5.44-6.el7.s390.rpm bluez-libs-5.44-6.el7.s390x.rpm x86_64: bluez-5.44-6.el7.x86_64.rpm bluez-debuginfo-5.44-6.el7.i686.rpm bluez-debuginfo-5.44-6.el7.x86_64.rpm bluez-libs-5.44-6.el7.i686.rpm bluez-libs-5.44-6.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: bluez-cups-5.44-6.el7.ppc64.rpm bluez-debuginfo-5.44-6.el7.ppc.rpm bluez-debuginfo-5.44-6.el7.ppc64.rpm bluez-hid2hci-5.44-6.el7.ppc64.rpm bluez-libs-devel-5.44-6.el7.ppc.rpm bluez-libs-devel-5.44-6.el7.ppc64.rpm ppc64le: bluez-cups-5.44-6.el7.ppc64le.rpm bluez-debuginfo-5.44-6.el7.ppc64le.rpm bluez-hid2hci-5.44-6.el7.ppc64le.rpm bluez-libs-devel-5.44-6.el7.ppc64le.rpm s390x: bluez-5.44-6.el7.s390x.rpm bluez-cups-5.44-6.el7.s390x.rpm bluez-debuginfo-5.44-6.el7.s390.rpm bluez-debuginfo-5.44-6.el7.s390x.rpm bluez-hid2hci-5.44-6.el7.s390x.rpm bluez-libs-devel-5.44-6.el7.s390.rpm bluez-libs-devel-5.44-6.el7.s390x.rpm x86_64: bluez-cups-5.44-6.el7.x86_64.rpm bluez-debuginfo-5.44-6.el7.i686.rpm bluez-debuginfo-5.44-6.el7.x86_64.rpm bluez-hid2hci-5.44-6.el7.x86_64.rpm bluez-libs-devel-5.44-6.el7.i686.rpm bluez-libs-devel-5.44-6.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: bluez-5.44-6.el7.src.rpm x86_64: bluez-5.44-6.el7.x86_64.rpm bluez-debuginfo-5.44-6.el7.i686.rpm bluez-debuginfo-5.44-6.el7.x86_64.rpm bluez-libs-5.44-6.el7.i686.rpm bluez-libs-5.44-6.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v.7): x86_64: bluez-cups-5.44-6.el7.x86_64.rpm bluez-debuginfo-5.44-6.el7.i686.rpm bluez-debuginfo-5.44-6.el7.x86_64.rpm bluez-hid2hci-5.44-6.el7.x86_64.rpm bluez-libs-devel-5.44-6.el7.i686.rpm bluez-libs-devel-5.44-6.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2018-10910 https://access.redhat.com/security/updates/classification#low https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7/html/7.8_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXoOc/tzjgjWX9erEAQjDew//QsFny0/SSw9z0jILURqGsZLYtpm1D/ut gAGpb0F+nWAhiFbYOm+qwPHYi1RR/rgenysEeZ7h9LqeIStgCJy/G16LcJvNJ4/J cE5W7yYugUwcLhHcrbKiqGsbi9AyKTr06UHOXY7Fi45HxAcp6Qiro/QbVtizOKQn 2dhheyhh0wdv7GuxEP+Bya9U9aqUalOkh6/l/jR4o9Qrgw/NOeVGMh2j2KaujGSC Ir9YGMlH3xDE3uohHaaGOiwkCymu5hh6jhkpjJ6kNZIBjZDWMlcfiqNicJ4EH7aH BIuUwlwAKA01+Wd1/HBV31DQjQohTiHmeFd+hm3Eg2VAOqIx4g+xOIIO7OwgnAdD dcX4EUlBnCcqXaiOsX4lhDfeOUsXZk9jsfGx4+zh5p472m6HKio95JGn16e/YLyn +1Tiit7bwgtNMEll6kaZaeuxafCfmQqaSnUzpDnLVU4GsOJiPRgEcuzr2QHSSUGI 7vLsv0HSm3cV2iFChZ2oyLFaRw9fgFBxhfVoFB04cwCZqCfQm+dTe6xGF5Fr68zm ivHSHn4qJag1GGnaIAstESamwbAJgfMhHh2utX5y0h/lC3e24uihCY5/yKL7IrwP gyyQX4eXNr3wM1mx9P9d9S3U+NMmQG3GaucXOLvK4c7ppPVdvqWiSd3v3IXpVr2H Tx9yujSKDcM=M8Ol -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 31, 2020
•Low
Red Hat
98
security advisorysecurity issuelow threatRed Hat JBoss Fuse 6.3 RHSA-2018-2840 Low Threat: HTTPOnly Cookies Issue
An update is now available for Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: Red Hat JBoss Fuse/A-MQ 6.3 R9 security and bug fix update Advisory ID: RHSA-2018:2840-01 Product: Red Hat JBoss Fuse Advisory URL: https://access.redhat.com/errata/RHSA-2018:2840 Issue date: 2018-10-01 CVE Names: CVE-2015-5183 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. This patch is an update to Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. See the download link given in the References section below. Security fix(es): * A-MQ Console: HTTPOnly and Secure attributes not set on cookies (CVE-2015-5183) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Naftali Rosenbaum (Comsec Consulting) for reporting CVE-2015-5183. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and soon. Installation instructions are located in the download section of the customer portal. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1249182 - CVE-2015-5183 A-MQ Console: HTTPOnly and Secure attributes not set on cookies 5. References: https://access.redhat.com/security/cve/CVE-2015-5183 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=securityPatches&version=6.3 https://access.redhat.com/documentation/en-us/red_hat_fuse/6.3/ 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW7J4y9zjgjWX9erEAQgdiA/+PsFBWVmrAVMzakr/AIjM67jwArOzVj4O Yn+56NQa/mzoeJzBJZZhvZX11kiY/MEKC/cJ5JKwB5C4MORMXR340c/BHHoHcEa+ kyJDAmp1W4K77reimmFaX8IPZl3eAoej+LDDS4PQmCaPfoZKZIEmmQM7cEPvq1BL K9lyHFNeLU4q3u9Ef//70QENEIS83oB7p0er2Rhg2rJPepmWvxyRZL21YxjYQ+Fj cEdo5MxyVEQPiOVane9/f/u7GDRMhmjFqkP6LEHcwD9cVJR2a7U+eBk3Tweu4rGg zPAcXGgaoHUq4zlbHh7grksURi71J/aM8Zp421rgp/z9/zzGp4oX7RRJLpp4ihzg QECTlyNblKxmuWkaulNv+ROZ1LYUtd+kqT8iwkpWa7K+7M0oyyf3L3tuANO9WbMw y0j5o8bSQDQj1prbPdaN6C3bU4ToD/uANDZVrbF1Pj7qqb0kwquThd7BN3InCd3q mJo6u+/5vyW8iUMLdvu0lwto504rz37X8fAFZJ3uLcXJnLuqiGobADey/tw/tzHY EzrkYtkX6C1EYaskTR5Ao/B6erWCcQEEDYrE9VOTje1Q/bEhR2te4oRAnCgVprv7 XgBS2UvSrXT0tijsUMwpv8WOGageBDemutCrG3Y71RvbVHArX+m+oBwfQvGOCkhs 64TKW2Szyk8=xfZM -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Oct 01, 2018
•Low
Red Hat
89
security advisoryFedorasecurity issuesFedora 23: OwnCloud 8.0.10 Moderate Threat Fixes for Security Issues
This update provides the new upstream patch release of ownCloud (7.0.12 for EPEL 6, 8.0.10 for all other distributions). It also adds a 'well-known' redirect for WebDAV (alongside the existing ones for CalDAV and CardDAV) - if you don't know what this is, don't worry. These are bugfix updates which include fixes for some security vulnerabilities rated 'low' and 'medium' by upstream. For full detai [More...]. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-a576196426 2016-01-23 22:27:57.585196 -------------------------------------------------------------------------------- Name : owncloud Product : Fedora 23 Version : 8.0.10 Release : 1.fc23 URL : https://owncloud.com/ Summary : Private file sync and share server Description : ownCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing right on the web. ownCloud is extendable via a simple but powerful API for applications and plugins. -------------------------------------------------------------------------------- Update Information: This update provides the new upstream patch release of ownCloud (7.0.12 for EPEL 6, 8.0.10 for all other distributions). It also adds a 'well-known' redirect for WebDAV (alongside the existing ones for CalDAV and CardDAV) - if you don't know what this is, don't worry. These are bugfix updates which include fixes for some security vulnerabilities rated 'low' and 'medium' by upstream. For full details on the changes, see the [upstream changelog](https://owncloud.com/changelog) and the security advisories: [OC- SA-2016-001](), [OC- SA-2016-002](), [OC- SA-2016-003](), [OC- SA-2016-004](). -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update owncloud' at thecommand line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Jan 24, 2016
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!