Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -2 articles for you...
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisorygentooremote execution

Gentoo: GLSA-201804-06 Normal: mailx Remote Command Execution

Multiple vulnerabilities were discovered in mailx, the worst of which may allow a remote attacker to execute arbitrary commands.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201804-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: mailx: Multiple vulnerabilities Date: April 08, 2018 Bugs: #533208 ID: 201804-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities were discovered in mailx, the worst of which may allow a remote attacker to execute arbitrary commands. Background ========= A utility program for sending and receiving mail, also known as a Mail User Agent program. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mail-client/mailx < 8.1.2.20160123 > = 8.1.2.20160123 Description ========== Multiple vulnerabilities have been discovered in mailx. Please review the CVE identifiers referenced below for details. Impact ===== A remote attacker could execute arbitrary commands. Workaround ========= There is no known workaround at this time. Resolution ========= All mailx users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v "> =mail-client/mailx-8.1.2.20160123" References ========= [ 1 ] CVE-2004-2771 https://nvd.nist.gov/vuln/detail/CVE-2004-2771 [ 2 ] CVE-2014-7844 https://nvd.nist.gov/vuln/detail/CVE-2014-7844 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201804-06 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . Identify potential security flaws in mailx that might enable remote code execution on Gentoo Linux platforms. Update immediately!. mailx vulnerabilities, command execution, gentoo advisory. . LinuxSecurity.com Team

Calendar 2 Apr 08, 2018 Gentoo
99
Ls Advisories Slackware Esm H240
Price Tag 1security advisorycriticalsecurity fix

Slackware 14.1: 2016-062-01 Critical Mailx Shell Command Execution

New mailx packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mailx (SSA:2016-062-01) New mailx packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/mailx-12.5-i486-2_slack14.1.txz: Rebuilt. Drop SSLv2 support (no longer supported by OpenSSL), and fix security issues that could allow a local attacker to cause mailx to execute arbitrary shell commands through the use of a specially-crafted email address. For more information, see: https://www.cve.org/CVERecord?id=CVE-2004-2771 https://www.cve.org/CVERecord?id=CVE-2014-7844 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/mailx-12.5-i486-1_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/mailx-12.5-x86_64-1_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/mailx-12.5-i486-1_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/mailx-12.5-x86_64-1_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/mailx-12.5-i486-1_slack13.37.txz Updated package for Slackware x86_6413.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/mailx-12.5-x86_64-1_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/mailx-12.5-i486-2_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/mailx-12.5-x86_64-2_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mailx-12.5-i486-2_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mailx-12.5-x86_64-2_slack14.1.txz Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 13.0 package: 38ee95ec8ed3dfdaf2f736e3e0e3fc39 mailx-12.5-i486-1_slack13.0.txz Slackware x86_64 13.0 package: 1df63fd2f328a10beca73a155b79ff3c mailx-12.5-x86_64-1_slack13.0.txz Slackware 13.1 package: 7ed6abe0adf99fe6cc2a820ca7b4086d mailx-12.5-i486-1_slack13.1.txz Slackware x86_64 13.1 package: 991ac2b0121330bdb3ecd1f32f62d53c mailx-12.5-x86_64-1_slack13.1.txz Slackware 13.37 package: 5f8ddb457a40ebbb5ea83b086c2ca964 mailx-12.5-i486-1_slack13.37.txz Slackware x86_64 13.37 package: 9898bb8aa35e1c7ea21898aafe2de0e6 mailx-12.5-x86_64-1_slack13.37.txz Slackware 14.0 package: 8a52d8cf54387eb6de3a00a90334694b mailx-12.5-i486-2_slack14.0.txz Slackware x86_64 14.0 package: abe166a6d5e80195f6a07213ad0f89c9 mailx-12.5-x86_64-2_slack14.0.txz Slackware 14.1 package: 39496e377649bc8c5ed75c15dc9d2505 mailx-12.5-i486-2_slack14.1.txz Slackware x86_64 14.1 package: cded8a78db70f0e5208475c988b4facb mailx-12.5-x86_64-2_slack14.1.txz Slackware -current package: 2c416a0e6e988dac27b99bb5eda67224 n/mailx-12.5-i586-2.txz Slackware x86_64 -current package: 237538b03e07025f97eb21708fda82bc n/mailx-12.5-x86_64-2.txz Installation instructions: +------------------------+ Upgrade the package as root: #upgradepkg mailx-12.5-i486-2_slack14.1.txz +-----+ . Recent mailx updates made available for Slackware to resolve severe security vulnerabilities. Immediate upgrade is suggested for every system version.. Slackware Packages, Mailx Shell Command Execution, Security Update. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Mar 03, 2016 Critical Slackware
Banner 1 1028x280 1708121660 1771599717
200
Ls Advisories Scientific Esm H240
Price Tag 1security advisorymoderatesecurity update

Scientific Linux: 2014:1999-1 Moderate: mailx Command Issue

Moderate: mailx security update. Date: Mon, 15 Dec 2014 18:15:18 -0600 Reply-To: "SCIENTIFIC-LINUX-USERS@" Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: SCL 1.2 on SL6.x, SL7.x x86_64 now available Scientific Linux Software Collection Library 1.2 on SL6.x, SL7.x x86_64 == Introduction =The publication of the Software Collection Library 1.2 on SL6.x, SL7.x x86_64 is now complete. Software Collections give you power to build, install, and use multiple versions of software on the same system, without affecting system-wide installed packages. == Publication Information = This release includes: - devassist09 - devtoolset-3 - binutils - dwz - dyninst - eclipse - elfutils - gcc - gdb - memstomp - valgrind - git19 - httpd24 - mariadb55 - maven30 - mongodb24 - mysql55 - nginx14 - nginx16 - nodejs010 - perl516 - php54 - php55 - postgresql92 - python27 - python33 - ror40 - ruby193 - ruby200 - thermostat1 - v8314 Date: Tue, 16 Dec 2014 09:17:21 -0600 Reply-To: Pat Riehecky Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: FASTBUGS for SL 6x i386, x86_64 now available MIME-Version: 1.0 The following FASTBUGS have been uploaded to i386: resource-agents-3.9.5-12.el6_6.1.i686.rpm x86_64: resource-agents-3.9.5-12.el6_6.1.x86_64.rpm resource-agents-sap-3.9.5-12.el6_6.1.x86_64.rpm Date: Tue, 16 Dec 2014 09:36:33 -0600 Reply-To: Pat Riehecky Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: FASTBUGS for SL 5x i386, x86_64 now available MIME-Version: 1.0 The following FASTBUGS have been uploaded to i386: gcc44-4.4.7-11.el5_11.i386.rpm gcc44-c++-4.4.7-11.el5_11.i386.rpm gcc44-gfortran-4.4.7-11.el5_11.i386.rpm libgfortran44-4.4.7-11.el5_11.i386.rpm libgomp-4.4.7-11.el5_11.i386.rpm libstdc++44-devel-4.4.7-11.el5_11.i386.rpm x86_64: gcc44-4.4.7-11.el5_11.x86_64.rpm gcc44-c++-4.4.7-11.el5_11.x86_64.rpm gcc44-gfortran-4.4.7-11.el5_11.x86_64.rpm libgfortran44-4.4.7-11.el5_11.i386.rpm libgfortran44-4.4.7-11.el5_11.x86_64.rpm libgomp-4.4.7-11.el5_11.i386.rpm libgomp-4.4.7-11.el5_11.x86_64.rpm libstdc++44-devel-4.4.7-11.el5_11.i386.rpm libstdc++44-devel-4.4.7-11.el5_11.x86_64.rpm Date: Tue, 16 Dec 2014 09:41:10 -0600 Reply-To: Pat Riehecky Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: FASTBUGS for SL 7x x86_64 now available MIME-Version: 1.0 The following FASTBUGS have been uploaded to x86_64: ibus-kkc-1.5.18-5.el7.x86_64.rpm libcacard-1.5.3-60.el7_0.11.i686.rpm libcacard-1.5.3-60.el7_0.11.x86_64.rpm libcacard-devel-1.5.3-60.el7_0.11.i686.rpm libcacard-devel-1.5.3-60.el7_0.11.x86_64.rpm libcacard-tools-1.5.3-60.el7_0.11.x86_64.rpm libgudev1-208-11.el7_0.5.i686.rpm libgudev1-208-11.el7_0.5.x86_64.rpm libgudev1-devel-208-11.el7_0.5.i686.rpm libgudev1-devel-208-11.el7_0.5.x86_64.rpm libkkc-0.3.1-5.el7.i686.rpm libkkc-0.3.1-5.el7.x86_64.rpm libkkc-common-0.3.1-5.el7.noarch.rpm libkkc-data-0.3.1-5.el7.x86_64.rpm libkkc-devel-0.3.1-5.el7.i686.rpm libkkc-devel-0.3.1-5.el7.x86_64.rpm libkkc-tools-0.3.1-5.el7.x86_64.rpm libpcap-1.5.3-3.el7_0.1.i686.rpm libpcap-1.5.3-3.el7_0.1.x86_64.rpm libpcap-devel-1.5.3-3.el7_0.1.i686.rpm libpcap-devel-1.5.3-3.el7_0.1.x86_64.rpm NetworkManager-0.9.9.1-29.git20140326.4dba720.el7_0.i686.rpm NetworkManager-0.9.9.1-29.git20140326.4dba720.el7_0.x86_64.rpm NetworkManager-config-server-0.9.9.1-29.git20140326.4dba720.el7_0.x86_64.rpm NetworkManager-devel-0.9.9.1-29.git20140326.4dba720.el7_0.i686.rpm NetworkManager-devel-0.9.9.1-29.git20140326.4dba720.el7_0.x86_64.rpm NetworkManager-glib-0.9.9.1-29.git20140326.4dba720.el7_0.i686.rpm NetworkManager-glib-0.9.9.1-29.git20140326.4dba720.el7_0.x86_64.rpm NetworkManager-glib-devel-0.9.9.1-29.git20140326.4dba720.el7_0.i686.rpm NetworkManager-glib-devel-0.9.9.1-29.git20140326.4dba720.el7_0.x86_64.rpm NetworkManager-tui-0.9.9.1-29.git20140326.4dba720.el7_0.x86_64.rpm opencryptoki-3.0-11.el7_0.1.i686.rpm opencryptoki-3.0-11.el7_0.1.x86_64.rpm opencryptoki-devel-3.0-11.el7_0.1.i686.rpm opencryptoki-devel-3.0-11.el7_0.1.x86_64.rpm opencryptoki-icsftok-3.0-11.el7_0.1.i686.rpm opencryptoki-icsftok-3.0-11.el7_0.1.x86_64.rpm opencryptoki-libs-3.0-11.el7_0.1.i686.rpm opencryptoki-libs-3.0-11.el7_0.1.x86_64.rpm opencryptoki-swtok-3.0-11.el7_0.1.i686.rpm opencryptoki-swtok-3.0-11.el7_0.1.x86_64.rpm opencryptoki-tpmtok-3.0-11.el7_0.1.i686.rpm opencryptoki-tpmtok-3.0-11.el7_0.1.x86_64.rpm publican-3.2.0-4.el7.noarch.rpm publican-common-db5-web-3.2.0-4.el7.noarch.rpm publican-common-web-3.2.0-4.el7.noarch.rpm publican-doc-3.2.0-4.el7.noarch.rpm qemu-guest-agent-1.5.3-60.el7_0.11.x86_64.rpm qemu-img-1.5.3-60.el7_0.11.x86_64.rpm qemu-kvm-1.5.3-60.el7_0.11.x86_64.rpm qemu-kvm-common-1.5.3-60.el7_0.11.x86_64.rpm qemu-kvm-tools-1.5.3-60.el7_0.11.x86_64.rpm sl-release-7.0-2.2.sl7.x86_64.rpm spice-server-0.12.4-5.el7_0.1.x86_64.rpm spice-server-devel-0.12.4-5.el7_0.1.x86_64.rpm systemd-208-11.el7_0.5.x86_64.rpm systemd-devel-208-11.el7_0.5.i686.rpm systemd-devel-208-11.el7_0.5.x86_64.rpm systemd-journal-gateway-208-11.el7_0.5.x86_64.rpm systemd-libs-208-11.el7_0.5.i686.rpm systemd-libs-208-11.el7_0.5.x86_64.rpm systemd-python-208-11.el7_0.5.x86_64.rpm systemd-sysv-208-11.el7_0.5.x86_64.rpm yum-conf-sl7x-7.0-2.2.sl7.noarch.rpm Date: Tue, 16 Dec 2014 21:27:26 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Moderate: mailx on SL6.x, SL7.x i386/x86_64 MIME-Version: 1.0 Synopsis: Moderate: mailx security update Advisory ID: SLSA-2014:1999-1 Issue Date: 2014-12-16 CVE Numbers: CVE-2004-2771 CVE-2014-7844 -- A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-charactersand the direct command execution functionality. (CVE-2004-2771, CVE-2014-7844) Note: Applications using mailx to send email to addressesobtained from untrusted sources will still remain vulnerable to other attacks if they accept email addresses which start with "-" (so that they can be confused with mailx options). To counteract this issue, this update also introduces the "--" option, which will treat the remaining command line arguments as email addresses. -- SL6 x86_64 mailx-12.4-8.el6_6.x86_64.rpm mailx-debuginfo-12.4-8.el6_6.x86_64.rpm i386 mailx-12.4-8.el6_6.i686.rpm mailx-debuginfo-12.4-8.el6_6.i686.rpm SL7 x86_64 mailx-12.5-12.el7_0.x86_64.rpm mailx-debuginfo-12.5-12.el7_0.x86_64.rpm - Scientific Linux Development Team . Important mailx security patch for Scientific Linux versions SL6.x and SL7.x; resolves command execution vulnerability.. mailx Security Advisory, Scientific Linux Update, Local Attack mitigation. . LinuxSecurity.com Team

Calendar 2 Dec 16, 2014 Scientific Linux
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorysecurity issueRed Hat

Red Hat Enterprise Linux 6 & 7: Security Update RHSA-2014:1999-01 for mailx

Updated mailx packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Moderate: mailx security update Advisory ID: RHSA-2014:1999-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2014:1999.html Issue date: 2014-12-16 CVE Names: CVE-2004-2771 CVE-2014-7844 ==================================================================== 1. Summary: Updated mailx packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: The mailx packages contain a mail user agent that is used to manage mail using scripts. A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters and the direct command execution functionality. (CVE-2004-2771, CVE-2014-7844) Note: Applications using mailx to send email to addresses obtained from untrusted sources will still remainvulnerable to other attacks if they accept email addresses which start with "-" (so that they can be confused with mailx options). To counteract this issue, this update also introduces the "--" option, which will treat the remaining command line arguments as email addresses. All mailx users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1162783 - CVE-2004-2771 CVE-2014-7844 mailx: command execution flaw 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: mailx-12.4-8.el6_6.src.rpm i386: mailx-12.4-8.el6_6.i686.rpm mailx-debuginfo-12.4-8.el6_6.i686.rpm x86_64: mailx-12.4-8.el6_6.x86_64.rpm mailx-debuginfo-12.4-8.el6_6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: mailx-12.4-8.el6_6.src.rpm x86_64: mailx-12.4-8.el6_6.x86_64.rpm mailx-debuginfo-12.4-8.el6_6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: mailx-12.4-8.el6_6.src.rpm i386: mailx-12.4-8.el6_6.i686.rpm mailx-debuginfo-12.4-8.el6_6.i686.rpm ppc64: mailx-12.4-8.el6_6.ppc64.rpm mailx-debuginfo-12.4-8.el6_6.ppc64.rpm s390x: mailx-12.4-8.el6_6.s390x.rpm mailx-debuginfo-12.4-8.el6_6.s390x.rpm x86_64: mailx-12.4-8.el6_6.x86_64.rpm mailx-debuginfo-12.4-8.el6_6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: mailx-12.4-8.el6_6.src.rpm i386: mailx-12.4-8.el6_6.i686.rpm mailx-debuginfo-12.4-8.el6_6.i686.rpm x86_64: mailx-12.4-8.el6_6.x86_64.rpm mailx-debuginfo-12.4-8.el6_6.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: mailx-12.5-12.el7_0.src.rpm x86_64: mailx-12.5-12.el7_0.x86_64.rpm mailx-debuginfo-12.5-12.el7_0.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v.7): Source: mailx-12.5-12.el7_0.src.rpm x86_64: mailx-12.5-12.el7_0.x86_64.rpm mailx-debuginfo-12.5-12.el7_0.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: mailx-12.5-12.el7_0.src.rpm ppc64: mailx-12.5-12.el7_0.ppc64.rpm mailx-debuginfo-12.5-12.el7_0.ppc64.rpm s390x: mailx-12.5-12.el7_0.s390x.rpm mailx-debuginfo-12.5-12.el7_0.s390x.rpm x86_64: mailx-12.5-12.el7_0.x86_64.rpm mailx-debuginfo-12.5-12.el7_0.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: mailx-12.5-12.el7_0.src.rpm x86_64: mailx-12.5-12.el7_0.x86_64.rpm mailx-debuginfo-12.5-12.el7_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2004-2771 https://access.redhat.com/security/cve/CVE-2014-7844 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2014 Red Hat, Inc. . Cautionary advisory for mailx security patch on Red Hat Enterprise Linux versions 6 and 7, focusing on the resolution of two distinct security vulnerabilities.. mailx update, Red Hat advisory, command execution fix, enterprise linux, security patch. . LinuxSecurity.com Team

Calendar 2 Dec 16, 2014 Red Hat
Banner 1 1028x280 1708121660 1771599717
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorybuffer overflowDebian

Debian 2.2: DSA-044-1 Moderate Risk: Mailx Buffer Overflow

The mail program (a simple tool to read and send email) as distributed with Debian GNU/Linux 2.2 has a buffer overflow in the input parsing code.. ------------------------------------------------------------------------ Debian Security Advisory DSA-044-1 This email address is being protected from spambots. You need JavaScript enabled to view it. Debian -- Security Information Wichert Akkerman March 13, 2001 ------------------------------------------------------------------------ Package : mailx Problem type : buffer overflow Debian-specific: no The mail program (a simple tool to read and send email) as distributed with Debian GNU/Linux 2.2 has a buffer overflow in the input parsing code. Since mail is installed setgid mail by default this allowed local users to use it to gain access to mail group. Since the mail code was never written to be secure fixing it properly would mean a large rewrite. Instead of doing this we decided to no longer install it setgid. This means that it can no longer lock your mailbox properly on systems for which you need group mail to write to the mailspool, but it will still work for sending email. This has been fixed in mailx version 8.1.1-10.1.5. If you have suidmanager installed you can also make this manually with the following command: suidregister /usr/bin/mail root root 0755 wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.2 alias potato --------------------------------- Potato was released for alpha, arm, i386, m68k, powerpc and sparc. Source archives: MD5 checksum: bfc7cf2139819cb25750cddc4c939931 MD5 checksum: 564992494f775638eeae0bc3427c513a MD5 checksum: c779002cb043b57fd5198ec2032cacb0 Alpha architecture: MD5 checksum: 37edc09cfe3c96994dfeff42c42fe9b2 ARM architecture: MD5 checksum: 8c50598bb486d62ad312730083e674f1 Intel ia32 architecture: MD5 checksum: 18d30b35676fa9887a626c46909c9d9d Motorola 680x0architecture: MD5 checksum: 86ef8e4cf85e1634096ba52ed1f10987 PowerPC architecture: MD5 checksum: 97ec939047cdb7025095701df840838e Sun Sparc architecture: MD5 checksum: 7b22c952196f2e604558d4b12ef23932 These files will be moved into soon. For not yet released architectures please refer to the appropriate directory . -- ---------------------------------------------------------------------------- apt-get: deb Debian -- Security Information stable/updates main dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian GNU/Linux 2.2: mailx buffer overflow allows local users unauthorized access posing moderate risk.. Debian Security Advisory, mailx buffer overflow, email security. . LinuxSecurity.com Team

Calendar 2 Mar 13, 2001 Debian
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisoryRed Hat Linuxperl

Red Hat Linux 5/6 RHSA-2000:048-06 Critical: Mailx Local Access Exploit

Updated perl and mailx package are now available which fix a potentialexploit made possible by incorrect assumptions made in suidperl.. ` --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Updated mailx and perl packages are now available. Advisory ID: RHSA-2000:048-06 Issue date: 2000-08-07 Updated on: 2000-08-09 Product: Red Hat Linux Keywords: perl suidperl mailx rpm Cross references: RHSA-2000:051 --------------------------------------------------------------------- 1. Topic: Updated perl and mailx package are now available which fix a potential exploit made possible by incorrect assumptions made in suidperl. This advisory contains additional instructions for installing the necessary updates. 2. Relevant releases/architectures: Red Hat Linux 5.0 - i386, alpha, sparc Red Hat Linux 5.1 - i386, alpha, sparc Red Hat Linux 5.2 - i386, alpha, sparc Red Hat Linux 6.0 - i386, alpha, sparc Red Hat Linux 6.1 - i386, alpha, sparc Red Hat Linux 6.2 - i386, alpha, sparc Red Hat Linux 6.2E - i386, alpha, sparc 3. Problem description: Under certain conditions, suidperl will attempt to send mail to the local superuser account using /bin/mail. A properly formatted exploit script can use this facility, along with mailx's tendency to inherit settings from the environment, to gain local root access. This update changes suidperl's behavior to use syslog instead of mail, and restricts the list of variables /bin/mail will read from the environment. 4. Solution: For each RPM for your particular architecture, run: rpm -Fvh [filename] where filename is the name of the RPM. In order to install some of these packages, you may need to have a newer version of RPM installed. Information about obtaining the new version of RPM is included in RHSA-2000:051. 5. Bug IDs fixed ( for more info): 15625 - Root exploit alread posted on bugtraq 15630 - Root exploit in sperl 15641 - suidperl has amajor problem 6. RPMs required: Red Hat Linux 5.0: Red Hat Linux 5.2: sparc: alpha: i386: sources: Red Hat Linux 6.2: sparc: i386: alpha: sources: 7. Verification: MD5 sum Package Name -------------------------------------------------------------------------- c514911db4ce13fc32af5b59233d5dc9 5.2/SRPMS/mailx-8.1.1-16.src.rpm 7440313c13c65142c75e35d32b5807c3 5.2/SRPMS/perl-5.004m7-2.src.rpm 430fca595dd42648239b8ad475032c9c 5.2/alpha/mailx-8.1.1-16.alpha.rpm 876b94f7d4fd4d92142f44de51045591 5.2/alpha/perl-5.004m7-2.alpha.rpm fd9d44b8aeadc36bd871dd8e2d6211c4 5.2/i386/mailx-8.1.1-16.i386.rpm 0a1f47cacb891c03b351211d4fe825ed 5.2/i386/perl-5.004m7-2.i386.rpm 376f28398c607b4af12d06babbd7e098 5.2/sparc/mailx-8.1.1-16.sparc.rpm 24e61c42e5a22dbbc929264a1ddc3869 5.2/sparc/perl-5.004m7-2.sparc.rpm 30d2f82abfba4ac2c770b66c591d528f 6.2/SRPMS/mailx-8.1.1-16.src.rpm 5cfe855e78b1ed7672e4daa738093f2c 6.2/SRPMS/perl-5.00503-11.src.rpm 25497e13b1d30f3dcff365602f78208a 6.2/alpha/mailx-8.1.1-16.alpha.rpm 452714b1ddfd479cb683b21ca54d27a3 6.2/alpha/perl-5.00503-11.alpha.rpm c121c2076bae78f42afcf9f0357549b9 6.2/i386/mailx-8.1.1-16.i386.rpm ff573609cbe0de0fe72838b0139992da 6.2/i386/perl-5.00503-11.i386.rpm 6464e30268ba05a2ca938b38805a9256 6.2/sparc/mailx-8.1.1-16.sparc.rpm fa63980aed3bdd2c9c14dcca6745c56c 6.2/sparc/perl-5.00503-11.sparc.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg 8. References: Login Copyright(c) 2000 Red Hat, Inc. `. Latest enhancements to mailx and perl software tackle local privilege elevation issues originating from suidperl defects. Get the necessary updates today!. mailx package update, perl securityfix, local access vulnerability. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Aug 21, 2000 Critical Red Hat
Banner 1 1028x280 1708121660 1771599717
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorybuffer overflowdebian

Debian 2.1 Critical Advisory: Local Buffer Overflow in Mailx

The version of mailx distributed in Debian GNU/Linux 2.1, the frozen (potato) and unstable (woody) distributions is vulnerable to a local buffer overflow.. -----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------------- Debian Security Advisory This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Daniel Jacobowitz June 5, 2000 - ---------------------------------------------------------------------------- Package: mailx Vulnerability: local exploit Debian-specific: no The version of mailx distributed in Debian GNU/Linux 2.1 (a.k.a. slink), as well as in the frozen (potato) and unstable (woody) distributions is vulnerable to a local buffer overflow while sending messages. This could be exploited to give a shell running with group "mail". This has been fixed in version 8.1.1-10.1, and we recommend that you update your mailx package immediately. Debian GNU/Linux 2.1 alias slink - -------------------------------- This version of Debian was released only for Intel ia32, the Motorola 680x0, the Alpha, and the Sun Sparc architecture. Source archives: MD5 checksum: 13866649fb581d9ca53e2e8c6bb70733 MD5 checksum: 87d8fd019a35aba4041ba12cbde64ee6 MD5 checksum: c779002cb043b57fd5198ec2032cacb0 Alpha architecture: MD5 checksum: 6da920f8c1d5a4924e88982923cfe5bb Intel ia32 architecture: MD5 checksum: f2b17ff796cc5209700f5d58803d9c77 Motorola 680x0 architecture: MD5 checksum: 908eece4836b1f021d6f29abdd8360a5 Sun Sparc architecture: MD5 checksum: e38842ada3f9eac9dd5b1ec836f0ea63 Debian 2.2 alias potato - - ----------------------- This version of Debian is not yet released. Fixes are currently available for Intel ia32, the Motorola 680x0, the Alpha, and the Sun Sparc architecture. Fixes for other architectures will be available soon. Source archives: MD5 checksum: 13866649fb581d9ca53e2e8c6bb70733 MD5 checksum: 87d8fd019a35aba4041ba12cbde64ee6 MD5 checksum: c779002cb043b57fd5198ec2032cacb0 Alpha architecture: MD5 checksum: 6da920f8c1d5a4924e88982923cfe5bb Intel ia32 architecture: MD5 checksum: f2b17ff796cc5209700f5d58803d9c77 Motorola 680x0 architecture: MD5 checksum: 908eece4836b1f021d6f29abdd8360a5 Sun Sparc architecture: MD5 checksum: e38842ada3f9eac9dd5b1ec836f0ea63 Debian Unstable alias woody - --------------------------- A fix will be available in the unstable archive soon. - ---------------------------------------------------------------------------- For apt-get: deb https://www.debian.org/security/ stable updates For dpkg-ftp: dists/stable/updates Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQB1AwUBOTvvoqjZR/ntlUftAQHtlgL6A2QY9ZB1v1bmy2lhv/r6ltak8mH9jpkD 0Mhr9K1rVsdCIU0CPlU9plafl9OiUcqzl98QOfO/ggdGqt4QcWsJd3MQTXcNACJz DTExRhZHlAa5v0u+3Hfn/yoCqxde23ma =JDwA -----END PGP SIGNATURE----- . Debian Security has issued an updated advisory regarding a security flaw in the mailx utility. Users should apply the recommended patches to address potential buffer overflow vulnerabilities. Debian Mailx Exploit, Local Attack, Buffer Overflow Fix. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jun 05, 2000 Critical Debian
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here