Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
172
security advisorydenial of serviceubuntuUbuntu: 6830-1 Critical: libndp Denial of Service Threat
libndp could be made to crash or run programs if it received specially crafted network traffic.. ========================================================================== Ubuntu Security Notice USN-6830-1 June 12, 2024 libndp vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: libndp could be made to crash or run programs if it received specially crafted network traffic. Software Description: - libndp: Library for Neighbor Discovery Protocol Details: It was discovered that libndp incorrectly handled certain malformed IPv6 router advertisement packets. A local attacker could use this issue to cause NetworkManager to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS libndp0 1.8-1fakesync1ubuntu0.24.04.1 Ubuntu 23.10 libndp0 1.8-1fakesync1ubuntu0.23.10.1 Ubuntu 22.04 LTS libndp0 1.8-0ubuntu3.1 Ubuntu 20.04 LTS libndp0 1.7-0ubuntu1.1 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6830-1 CVE-2024-5564 Package Information: https://launchpad.net/ubuntu/+source/libndp/1.8-1fakesync1ubuntu0.24.04.1 https://launchpad.net/ubuntu/+source/libndp/1.8-1fakesync1ubuntu0.23.10.1 https://launchpad.net/ubuntu/+source/libndp/1.8-0ubuntu3.1 https://launchpad.net/ubuntu/+source/libndp/1.7-0ubuntu1.1 . Ubuntu Security Notice USN-6830-2 tackles the libcurl vulnerability which may lead to data leaks or unauthorized access if manipulated.. libndp, ubuntu 24.04 LTS, network security, denial ofservice, malformed packets. . Severity: Critical. LinuxSecurity.com Team
Jun 12, 2024
•Critical
Ubuntu
172
security advisorydenial of serviceUbuntuUbuntu 18.04: USN-4540-1 Moderate: atftpd Denial Of Service
Several security issues were fixed in atftpd.. =========================================================================Ubuntu Security Notice USN-4540-1 September 24, 2020 atftp vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: Several security issues were fixed in atftpd. Software Description: - atftp: Advanced TFTP Server and Client Details: Denis Andzakovic discovered that atftpd incorrectly handled certain malformed packets. A remote attacker could send a specially crafted packet to cause atftpd to crash, resulting in a denial of service. (CVE-2019-11365) Denis Andzakovic discovered that atftpd did not properly lock the thread list mutex. An attacker could send a large number of tftpd packets simultaneously when running atftpd in daemon mode to cause atftpd to crash, resulting in a denial of service. (CVE-2019-11366) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: atftpd 0.7.git20120829-3.1~0.18.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4540-1 CVE-2019-11365, CVE-2019-11366 Package Information: https://launchpad.net/ubuntu/+source/atftp/0.7.git20120829-3.1~0.18.04.1 . Multiple vulnerabilities addressed in atftpd for Ubuntu 18.04. It is advisable to perform an update to ensure system safety and reliability.. atftp vulnerabilities, Ubuntu update, security issues, denial of service, remote exploitation. . LinuxSecurity.com Team
Sep 24, 2020
Ubuntu
203
security advisorycriticalbindMageia 7: 2019-0299 Critical Bind Security Advisory for TCP Issues
Updated bind packages fix security vulnerabilities Limiting simultaneous TCP clients is ineffective (CVE-2018-5743) Race condition when discarding malformed packets can cause bind to . MGASA-2019-0299 - Updated bind packages fix security vulnerabilities Publication date: 23 Oct 2019 URL: https://advisories.mageia.org/MGASA-2019-0299.html Type: security Affected Mageia releases: 7 CVE: CVE-2018-5743, CVE-2019-6471 Updated bind packages fix security vulnerabilities Limiting simultaneous TCP clients is ineffective (CVE-2018-5743) Race condition when discarding malformed packets can cause bind to exit with assertion failure (CVE-2019-6471) In addition to those two security issues, this package releases also fixes two additional issues: - a missing conflict tag between old bind and bnew ind-utils subpackages, preventing upgrade due to a file conflict - missing root.key file, despite this one being refered in default configuration References: - https://bugs.mageia.org/show_bug.cgi?id=24422 - https://access.redhat.com/errata/RHSA-2019:1294 - https://access.redhat.com/errata/RHSA-2019:1714 - https://www.cve.org/CVERecord?id=CVE-2018-5743 - https://www.cve.org/CVERecord?id=CVE-2019-6471 SRPMS: - 7/core/bind-9.11.6-1.1.mga7 . Improved Bind Modules for Address Vulnerabilities in Mageia 7 and Bolstered Network Consistency with Essential Updates.. bind security update, Mageia network security, TCP client vulnerability, security patch management. . Severity: Critical. LinuxSecurity.com Team
Oct 23, 2019
•Critical
Mageia
200
security advisorylow severityopensshSciLinux SL7: SLSA-2019-2143-1 Low: openssh User Enumeration Threat
openssh: User enumeration via malformed packets in authentication requests (CVE-2018-15473) SL7 x86_64 openssh-keycat-7.4p1-21.el7.x86_64.rpm openssh-clients-7.4p1-21.el7.x86_64.rpm openssh-7.4p1-21.el7.x86_64.rpm openssh-server-7.4p1-21.el7.x86_64.rpm openssh-askpass-7.4p1-21.el7.x86_64.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.i686.rpm openssh-ldap-7.4p1-21.el7.x8 [More...]. Synopsis: Low: openssh security, bug fix, and enhancement update Advisory ID: SLSA-2019:2143-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-15473 -- Security Fix(es): * openssh: User enumeration via malformed packets in authentication requests (CVE-2018-15473) -- SL7 x86_64 openssh-keycat-7.4p1-21.el7.x86_64.rpm openssh-clients-7.4p1-21.el7.x86_64.rpm openssh-7.4p1-21.el7.x86_64.rpm openssh-server-7.4p1-21.el7.x86_64.rpm openssh-askpass-7.4p1-21.el7.x86_64.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.i686.rpm openssh-ldap-7.4p1-21.el7.x86_64.rpm pam_ssh_agent_auth-0.10.3-2.21.el7.x86_64.rpm openssh-server-sysvinit-7.4p1-21.el7.x86_64.rpm openssh-cavs-7.4p1-21.el7.x86_64.rpm openssh-debuginfo-7.4p1-21.el7.x86_64.rpm openssh-debuginfo-7.4p1-21.el7.i686.rpm - Scientific Linux Development Team . Minor security alert SLSA-2021:3071-2: Unauthorized user detection in OpenSSH through corrupt packet handling, accompanied by thorough software patch notes.. openssh,user enumeration,malformed packets,security update,authentication requests. . Severity: Low. LinuxSecurity.com Team
Aug 26, 2019
•Low
Scientific Linux
98
security advisoryDoSRed Hat Enterprise LinuxRed Hat Enterprise Linux 8: RHSA-2019:1714-01 Important BIND DoS
An update for bind is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2019:1714-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:1714 Issue date: 2019-07-09 CVE Names: CVE-2019-6471 ==================================================================== 1. Summary: An update for bind is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: Race condition when discarding malformed packets can cause bind to exit with assertion failure (CVE-2019-6471) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes thechanges described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, the BIND daemon (named) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1721780 - CVE-2019-6471 bind: Race condition when discarding malformed packets can cause bind to exit with assertion failure 6. Package List: Red Hat Enterprise Linux AppStream (v.8): aarch64: bind-9.11.4-17.P2.el8_0.1.aarch64.rpm bind-chroot-9.11.4-17.P2.el8_0.1.aarch64.rpm bind-debuginfo-9.11.4-17.P2.el8_0.1.aarch64.rpm bind-debugsource-9.11.4-17.P2.el8_0.1.aarch64.rpm bind-devel-9.11.4-17.P2.el8_0.1.aarch64.rpm bind-export-libs-debuginfo-9.11.4-17.P2.el8_0.1.aarch64.rpm bind-libs-9.11.4-17.P2.el8_0.1.aarch64.rpm bind-libs-debuginfo-9.11.4-17.P2.el8_0.1.aarch64.rpm bind-libs-lite-9.11.4-17.P2.el8_0.1.aarch64.rpm bind-libs-lite-debuginfo-9.11.4-17.P2.el8_0.1.aarch64.rpm bind-lite-devel-9.11.4-17.P2.el8_0.1.aarch64.rpm bind-pkcs11-9.11.4-17.P2.el8_0.1.aarch64.rpm bind-pkcs11-debuginfo-9.11.4-17.P2.el8_0.1.aarch64.rpm bind-pkcs11-devel-9.11.4-17.P2.el8_0.1.aarch64.rpm bind-pkcs11-libs-9.11.4-17.P2.el8_0.1.aarch64.rpm bind-pkcs11-libs-debuginfo-9.11.4-17.P2.el8_0.1.aarch64.rpm bind-pkcs11-utils-9.11.4-17.P2.el8_0.1.aarch64.rpm bind-pkcs11-utils-debuginfo-9.11.4-17.P2.el8_0.1.aarch64.rpm bind-sdb-9.11.4-17.P2.el8_0.1.aarch64.rpm bind-sdb-chroot-9.11.4-17.P2.el8_0.1.aarch64.rpm bind-sdb-debuginfo-9.11.4-17.P2.el8_0.1.aarch64.rpm bind-utils-9.11.4-17.P2.el8_0.1.aarch64.rpm bind-utils-debuginfo-9.11.4-17.P2.el8_0.1.aarch64.rpm noarch: bind-license-9.11.4-17.P2.el8_0.1.noarch.rpm python3-bind-9.11.4-17.P2.el8_0.1.noarch.rpm ppc64le: bind-9.11.4-17.P2.el8_0.1.ppc64le.rpm bind-chroot-9.11.4-17.P2.el8_0.1.ppc64le.rpm bind-debuginfo-9.11.4-17.P2.el8_0.1.ppc64le.rpm bind-debugsource-9.11.4-17.P2.el8_0.1.ppc64le.rpm bind-devel-9.11.4-17.P2.el8_0.1.ppc64le.rpm bind-export-libs-debuginfo-9.11.4-17.P2.el8_0.1.ppc64le.rpm bind-libs-9.11.4-17.P2.el8_0.1.ppc64le.rpm bind-libs-debuginfo-9.11.4-17.P2.el8_0.1.ppc64le.rpm bind-libs-lite-9.11.4-17.P2.el8_0.1.ppc64le.rpm bind-libs-lite-debuginfo-9.11.4-17.P2.el8_0.1.ppc64le.rpm bind-lite-devel-9.11.4-17.P2.el8_0.1.ppc64le.rpm bind-pkcs11-9.11.4-17.P2.el8_0.1.ppc64le.rpm bind-pkcs11-debuginfo-9.11.4-17.P2.el8_0.1.ppc64le.rpm bind-pkcs11-devel-9.11.4-17.P2.el8_0.1.ppc64le.rpm bind-pkcs11-libs-9.11.4-17.P2.el8_0.1.ppc64le.rpm bind-pkcs11-libs-debuginfo-9.11.4-17.P2.el8_0.1.ppc64le.rpm bind-pkcs11-utils-9.11.4-17.P2.el8_0.1.ppc64le.rpm bind-pkcs11-utils-debuginfo-9.11.4-17.P2.el8_0.1.ppc64le.rpm bind-sdb-9.11.4-17.P2.el8_0.1.ppc64le.rpm bind-sdb-chroot-9.11.4-17.P2.el8_0.1.ppc64le.rpm bind-sdb-debuginfo-9.11.4-17.P2.el8_0.1.ppc64le.rpm bind-utils-9.11.4-17.P2.el8_0.1.ppc64le.rpm bind-utils-debuginfo-9.11.4-17.P2.el8_0.1.ppc64le.rpm s390x: bind-9.11.4-17.P2.el8_0.1.s390x.rpm bind-chroot-9.11.4-17.P2.el8_0.1.s390x.rpm bind-debuginfo-9.11.4-17.P2.el8_0.1.s390x.rpm bind-debugsource-9.11.4-17.P2.el8_0.1.s390x.rpm bind-devel-9.11.4-17.P2.el8_0.1.s390x.rpm bind-export-libs-debuginfo-9.11.4-17.P2.el8_0.1.s390x.rpm bind-libs-9.11.4-17.P2.el8_0.1.s390x.rpm bind-libs-debuginfo-9.11.4-17.P2.el8_0.1.s390x.rpm bind-libs-lite-9.11.4-17.P2.el8_0.1.s390x.rpm bind-libs-lite-debuginfo-9.11.4-17.P2.el8_0.1.s390x.rpm bind-lite-devel-9.11.4-17.P2.el8_0.1.s390x.rpm bind-pkcs11-9.11.4-17.P2.el8_0.1.s390x.rpm bind-pkcs11-debuginfo-9.11.4-17.P2.el8_0.1.s390x.rpm bind-pkcs11-devel-9.11.4-17.P2.el8_0.1.s390x.rpm bind-pkcs11-libs-9.11.4-17.P2.el8_0.1.s390x.rpm bind-pkcs11-libs-debuginfo-9.11.4-17.P2.el8_0.1.s390x.rpm bind-pkcs11-utils-9.11.4-17.P2.el8_0.1.s390x.rpm bind-pkcs11-utils-debuginfo-9.11.4-17.P2.el8_0.1.s390x.rpm bind-sdb-9.11.4-17.P2.el8_0.1.s390x.rpm bind-sdb-chroot-9.11.4-17.P2.el8_0.1.s390x.rpm bind-sdb-debuginfo-9.11.4-17.P2.el8_0.1.s390x.rpm bind-utils-9.11.4-17.P2.el8_0.1.s390x.rpm bind-utils-debuginfo-9.11.4-17.P2.el8_0.1.s390x.rpm x86_64: bind-9.11.4-17.P2.el8_0.1.x86_64.rpm bind-chroot-9.11.4-17.P2.el8_0.1.x86_64.rpm bind-debuginfo-9.11.4-17.P2.el8_0.1.i686.rpm bind-debuginfo-9.11.4-17.P2.el8_0.1.x86_64.rpm bind-debugsource-9.11.4-17.P2.el8_0.1.i686.rpm bind-debugsource-9.11.4-17.P2.el8_0.1.x86_64.rpm bind-devel-9.11.4-17.P2.el8_0.1.i686.rpm bind-devel-9.11.4-17.P2.el8_0.1.x86_64.rpm bind-export-libs-debuginfo-9.11.4-17.P2.el8_0.1.i686.rpm bind-export-libs-debuginfo-9.11.4-17.P2.el8_0.1.x86_64.rpm bind-libs-9.11.4-17.P2.el8_0.1.i686.rpm bind-libs-9.11.4-17.P2.el8_0.1.x86_64.rpm bind-libs-debuginfo-9.11.4-17.P2.el8_0.1.i686.rpm bind-libs-debuginfo-9.11.4-17.P2.el8_0.1.x86_64.rpm bind-libs-lite-9.11.4-17.P2.el8_0.1.i686.rpm bind-libs-lite-9.11.4-17.P2.el8_0.1.x86_64.rpm bind-libs-lite-debuginfo-9.11.4-17.P2.el8_0.1.i686.rpm bind-libs-lite-debuginfo-9.11.4-17.P2.el8_0.1.x86_64.rpm bind-lite-devel-9.11.4-17.P2.el8_0.1.i686.rpm bind-lite-devel-9.11.4-17.P2.el8_0.1.x86_64.rpm bind-pkcs11-9.11.4-17.P2.el8_0.1.x86_64.rpm bind-pkcs11-debuginfo-9.11.4-17.P2.el8_0.1.i686.rpm bind-pkcs11-debuginfo-9.11.4-17.P2.el8_0.1.x86_64.rpm bind-pkcs11-devel-9.11.4-17.P2.el8_0.1.i686.rpm bind-pkcs11-devel-9.11.4-17.P2.el8_0.1.x86_64.rpm bind-pkcs11-libs-9.11.4-17.P2.el8_0.1.i686.rpm bind-pkcs11-libs-9.11.4-17.P2.el8_0.1.x86_64.rpm bind-pkcs11-libs-debuginfo-9.11.4-17.P2.el8_0.1.i686.rpm bind-pkcs11-libs-debuginfo-9.11.4-17.P2.el8_0.1.x86_64.rpm bind-pkcs11-utils-9.11.4-17.P2.el8_0.1.x86_64.rpm bind-pkcs11-utils-debuginfo-9.11.4-17.P2.el8_0.1.i686.rpm bind-pkcs11-utils-debuginfo-9.11.4-17.P2.el8_0.1.x86_64.rpm bind-sdb-9.11.4-17.P2.el8_0.1.x86_64.rpm bind-sdb-chroot-9.11.4-17.P2.el8_0.1.x86_64.rpm bind-sdb-debuginfo-9.11.4-17.P2.el8_0.1.i686.rpm bind-sdb-debuginfo-9.11.4-17.P2.el8_0.1.x86_64.rpm bind-utils-9.11.4-17.P2.el8_0.1.x86_64.rpm bind-utils-debuginfo-9.11.4-17.P2.el8_0.1.i686.rpm bind-utils-debuginfo-9.11.4-17.P2.el8_0.1.x86_64.rpm Red Hat Enterprise Linux BaseOS (v.8): Source: bind-9.11.4-17.P2.el8_0.1.src.rpm aarch64: bind-debuginfo-9.11.4-17.P2.el8_0.1.aarch64.rpm bind-debugsource-9.11.4-17.P2.el8_0.1.aarch64.rpm bind-export-devel-9.11.4-17.P2.el8_0.1.aarch64.rpm bind-export-libs-9.11.4-17.P2.el8_0.1.aarch64.rpm bind-export-libs-debuginfo-9.11.4-17.P2.el8_0.1.aarch64.rpm bind-libs-debuginfo-9.11.4-17.P2.el8_0.1.aarch64.rpm bind-libs-lite-debuginfo-9.11.4-17.P2.el8_0.1.aarch64.rpm bind-pkcs11-debuginfo-9.11.4-17.P2.el8_0.1.aarch64.rpm bind-pkcs11-libs-debuginfo-9.11.4-17.P2.el8_0.1.aarch64.rpm bind-pkcs11-utils-debuginfo-9.11.4-17.P2.el8_0.1.aarch64.rpm bind-sdb-debuginfo-9.11.4-17.P2.el8_0.1.aarch64.rpm bind-utils-debuginfo-9.11.4-17.P2.el8_0.1.aarch64.rpm ppc64le: bind-debuginfo-9.11.4-17.P2.el8_0.1.ppc64le.rpm bind-debugsource-9.11.4-17.P2.el8_0.1.ppc64le.rpm bind-export-devel-9.11.4-17.P2.el8_0.1.ppc64le.rpm bind-export-libs-9.11.4-17.P2.el8_0.1.ppc64le.rpm bind-export-libs-debuginfo-9.11.4-17.P2.el8_0.1.ppc64le.rpm bind-libs-debuginfo-9.11.4-17.P2.el8_0.1.ppc64le.rpm bind-libs-lite-debuginfo-9.11.4-17.P2.el8_0.1.ppc64le.rpm bind-pkcs11-debuginfo-9.11.4-17.P2.el8_0.1.ppc64le.rpm bind-pkcs11-libs-debuginfo-9.11.4-17.P2.el8_0.1.ppc64le.rpm bind-pkcs11-utils-debuginfo-9.11.4-17.P2.el8_0.1.ppc64le.rpm bind-sdb-debuginfo-9.11.4-17.P2.el8_0.1.ppc64le.rpm bind-utils-debuginfo-9.11.4-17.P2.el8_0.1.ppc64le.rpm s390x: bind-debuginfo-9.11.4-17.P2.el8_0.1.s390x.rpm bind-debugsource-9.11.4-17.P2.el8_0.1.s390x.rpm bind-export-devel-9.11.4-17.P2.el8_0.1.s390x.rpm bind-export-libs-9.11.4-17.P2.el8_0.1.s390x.rpm bind-export-libs-debuginfo-9.11.4-17.P2.el8_0.1.s390x.rpm bind-libs-debuginfo-9.11.4-17.P2.el8_0.1.s390x.rpm bind-libs-lite-debuginfo-9.11.4-17.P2.el8_0.1.s390x.rpm bind-pkcs11-debuginfo-9.11.4-17.P2.el8_0.1.s390x.rpm bind-pkcs11-libs-debuginfo-9.11.4-17.P2.el8_0.1.s390x.rpm bind-pkcs11-utils-debuginfo-9.11.4-17.P2.el8_0.1.s390x.rpm bind-sdb-debuginfo-9.11.4-17.P2.el8_0.1.s390x.rpm bind-utils-debuginfo-9.11.4-17.P2.el8_0.1.s390x.rpm x86_64: bind-debuginfo-9.11.4-17.P2.el8_0.1.i686.rpm bind-debuginfo-9.11.4-17.P2.el8_0.1.x86_64.rpm bind-debugsource-9.11.4-17.P2.el8_0.1.i686.rpm bind-debugsource-9.11.4-17.P2.el8_0.1.x86_64.rpm bind-export-devel-9.11.4-17.P2.el8_0.1.i686.rpm bind-export-devel-9.11.4-17.P2.el8_0.1.x86_64.rpm bind-export-libs-9.11.4-17.P2.el8_0.1.i686.rpm bind-export-libs-9.11.4-17.P2.el8_0.1.x86_64.rpm bind-export-libs-debuginfo-9.11.4-17.P2.el8_0.1.i686.rpm bind-export-libs-debuginfo-9.11.4-17.P2.el8_0.1.x86_64.rpm bind-libs-debuginfo-9.11.4-17.P2.el8_0.1.i686.rpm bind-libs-debuginfo-9.11.4-17.P2.el8_0.1.x86_64.rpm bind-libs-lite-debuginfo-9.11.4-17.P2.el8_0.1.i686.rpm bind-libs-lite-debuginfo-9.11.4-17.P2.el8_0.1.x86_64.rpm bind-pkcs11-debuginfo-9.11.4-17.P2.el8_0.1.i686.rpm bind-pkcs11-debuginfo-9.11.4-17.P2.el8_0.1.x86_64.rpm bind-pkcs11-libs-debuginfo-9.11.4-17.P2.el8_0.1.i686.rpm bind-pkcs11-libs-debuginfo-9.11.4-17.P2.el8_0.1.x86_64.rpm bind-pkcs11-utils-debuginfo-9.11.4-17.P2.el8_0.1.i686.rpm bind-pkcs11-utils-debuginfo-9.11.4-17.P2.el8_0.1.x86_64.rpm bind-sdb-debuginfo-9.11.4-17.P2.el8_0.1.i686.rpm bind-sdb-debuginfo-9.11.4-17.P2.el8_0.1.x86_64.rpm bind-utils-debuginfo-9.11.4-17.P2.el8_0.1.i686.rpm bind-utils-debuginfo-9.11.4-17.P2.el8_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2019-6471 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXSWrNNzjgjWX9erEAQgcXw/+JkNFHEq4xNmkDKtigYB2PMVIUw1kcPTN IZofCC4mlVMedkrvGz7mnnSon1fdeCJxQ9S7f/dISx9Gg/lP1qFGlu+sMIEzV2/x y+xxFB7SvIbpMFFb+p1pEnaK1GpRB8tH0H4lNIs1sxqmv+ufapXg2j0aEus3Sh65 IvH7MdPlJ0IiLsecOdDo4074c4ZGs3smU4F3XfFccKlJYAzCTSqqYp2eKjo6RQr6 xFN7M/9rcVecr8KIn2Mto024hipRmdIwn6ETYiiKwLoS9ne1tjZNSzOLuyNZAWET dQFSMBa3/bhMsBTQi3snUpAWWgrtwpSgut2k/S5AKhaHHkhpDSJR7/8zHPxYWY7T LzYd4M0gGJQqqFsTLm6fMu3ZKKuksJx7vJ9Taw/ymzkRwWiOg9hlUiA7o+0PPUgR qJP46n3j+2qBYEdwxwNBWSXfnDWjorNLMDle4SQQ0wAKR8fRObvK71hLmjnqKNbc lAXfZyJxzezNRfQ00k7wr9eWPL3MLG7nDshRX1SVEYUvDw94nsZu5WmTKu18IJYL tRjqgzi+F/UUlYro/jFj7E5rsLEtOrOqEbR0RrzSawKXcfD7ms5Qhq3s9AIatOnC anW4d4l5+4PajOW0MT8dAmx/EzewPJAHFw8SV0mmujvr5bKAwDDIFnCmbTUzzTrk GmVk66NLEmk=QNCJ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jul 10, 2019
•Important
Red Hat
197
security advisorydebiannetwork analyzerDebian 8: DLA-1645-1 Moderate: Wireshark Security Update
Several issues in wireshark, a network traffic analyzer, have been found. Dissectors of - ISAKMP, a Internet Security Association and Key Management Protocol . Package : wireshark Version : 1.12.1+g01b65bf-4+deb8u17 CVE ID : CVE-2019-5716 CVE-2019-5717 CVE-2019-5719 Several issues in wireshark, a network traffic analyzer, have been found. Dissectors of - ISAKMP, a Internet Security Association and Key Management Protocol - P_MUL, a reliable multicast transfer protocol - 6LoWPAN, IPv6 over Low power Wireless Personal Area Network are affected. CVE-2019-5719 Mateusz Jurczyk found that a missing encryption block in a packet could crash the ISAKMP dissector. CVE-2019-5717 It was found that the P_MUL dissector could crash when a malformed packet contains an illegal Data PDU sequence number of 0. Such a packet may not be analysed. CVE-2019-5716 It was found that the 6LoWPAN dissector could crash when a malformed packet does not contain IPHC information though the header says it should. For Debian 8 "Jessie", these problems have been fixed in version 1.12.1+g01b65bf-4+deb8u17. We recommend that you upgrade your wireshark packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . The latest patch for Wireshark resolves vulnerabilities in both ISAKMP and additional dissectors. Updating now will improve the security of your network analysis tools.. Wireshark Security, Debian Update, Network Analyzer Fix, ISAKMP Issues. . LinuxSecurity.com Team
Jan 28, 2019
Debian LTS
89
security advisoryFedoracritical fixFedora 22: Security Advisory For Kea Malformed Packet Handling
Security fix for CVE-2015-8373. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-930b020175 2016-01-07 23:40:26.815938 -------------------------------------------------------------------------------- Name : kea Product : Fedora 22 Version : 0.9.2 Release : 2.fc22 URL : http://kea.isc.org Summary : DHCPv4, DHCPv6 and DDNS server from ISC Description : DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP servers fully support server discovery, address assignment, renewal, rebinding and release. The DHCPv6 server supports prefix delegation. Both servers support DNS Update mechanism, using stand-alone DDNS daemon. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2015-8373 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1293857 - CVE-2015-8373 kea: unexpected termination while handling a malformed packet https://bugzilla.redhat.com/show_bug.cgi?id=1293857 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update kea' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Jan 08, 2016
•Critical
Fedora
89
security advisoryRed Hat LinuxmoderateFedora: FLSA:1193 Moderate: Ethereal DoS Denial Of Service
Multiple security vulnerabilities may allow attackers to make Ethereal crash using intentionally malformed packets.. - ----------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated ethereal resolves security vulnerabilities Advisory ID: FLSA:1193 Issue date: 2004-01-31 Product: Red Hat Linux Keywords: Security Cross references: CVE Names: CAN-2003-1012, CAN-2004-1013 - ----------------------------------------------------------------------- 1. Topic: Updated ethereal packages are now available that fix multiple security vulnerabilities which may allow attackers to make Ethereal crash by injecting an intentionally malformed packet onto the wire or by convincing someone to read a malformed packet trace file. It is not known if these issues could allow arbitrary code execution. 2. Relevant releases/architectures: Red Hat Linux 7.2 - i386 Red Hat Linux 7.3 - i386 Red Hat Linux 8.0 - i386 3. Problem description: Ethereal is a network traffic analyzer for Unix-ish operating systems. The SMB dissector in Ethereal before 0.10.0 allows remote attackers to cause a denial of service via a malformed SMB packet that triggers a segmentation fault during processing of Selected packets. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-1012 to this issue. The Q.931 dissector in Ethereal before 0.10.0 allows remote attackers to cause a denial of service (crash) via a malformed Q.931, which triggers a null dereference. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-1013 to this issue. Users of tcpdump should update to these update packages, which contain a backported security patch that corrects this issue. Users of ethereal should update to these update packages, which contain a backported security patch that corrects this issue. Fedora Legacy would like to thank Christian Pearce for providinga backported fix for Red Hat Linux 7.2, 7.3, and 8.0. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit for directions on how to configure yum and apt-get. 5. Bug IDs fixed: - 1193 - ethereal security patch in rh7x, rh8 6. RPMs required: Red Hat Linux 7.2: SRPMS: i386: Red Hat Linux 7.3: SRPMS: i386: Red Hat Linux 8.0: SRPMS: i386: 7. Verification: SHA1 sum Package Name - --------------------------------------------------------------------------- 9f1a7186859a95604431f52e137943f4a256b89f 7.2/updates/SRPMS/ethereal-0.9.16-0.72.2.legacy.src.rpm 01e991b44ca40f432b639a9cdd25f46ab60a85e7 7.2/updates/i386/ethereal-0.9.16-0.72.2.legacy.i386.rpm c263966f199db31ec551d9dff07363830f575bff 7.2/updates/i386/ethereal-gnome-0.9.16-0.72.2.legacy.i386.rpm 1aebaffacc86561fea139b3dae351722eda761b9 7.3/updates/SRPMS/ethereal-0.9.16-0.73.2.legacy.src.rpm db5326236fe91e7c84be611bbfdafd689187b32b 7.3/updates/i386/ethereal-0.9.16-0.73.2.legacy.i386.rpm d78ca86ff9ca7adb7c0d006c43fe84d138bc87e0 7.3/updates/i386/ethereal-gnome-0.9.16-0.73.2.legacy.i386.rpm 14350e74f4e261002bab186c942bc6caa788fce3 8.0/updates/SRPMS/ethereal-0.9.16-0.80.2.legacy.src.rpm dc94ba568db4239f67cb191d4cf43a1d2f5a4fb7 8.0/updates/i386/ethereal-0.9.16-0.80.2.legacy.i386.rpm a17d1098baf6b4ba2a8588e933a17d96629401cc 8.0/updates/i386/ethereal-gnome-0.9.16-0.80.2.legacy.i386.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum 8. References: CVE -CVE-2003-1012 CVE -CVE-2003-1013 9. Contact: The Fedora Legacy security contact is . More project details at http://www.fedoralegacy.org - -- Jesse Keating RHCE ( ) Fedora Legacy Team (http://www.fedoralegacy.org) . Updated space systems tackle multiple weaknesses that might result in software crashes while processing incorrectly formatted data streams.. Ethereal Update, Red Hat Security Fix, Denial of Service, Ethereal Vulnerability. . LinuxSecurity.com Team
Feb 03, 2004
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!