Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
172
security advisorydenial of serviceUbuntuUbuntu 23.10 USN-6578-1 moderate: dotnet X.509 issues and DoS
Several security issues were fixed in dotnet6, dotnet7, and dotnet8.. ========================================================================== Ubuntu Security Notice USN-6578-1 January 11, 2024 dotnet6, dotnet7, dotnet8 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 23.04 - Ubuntu 22.04 LTS Summary: Several security issues were fixed in dotnet6, dotnet7, and dotnet8. Software Description: - dotnet6: dotNET CLI tools and runtime - dotnet7: dotNET CLI tools and runtime - dotnet8: dotNET CLI tools and runtime Details: Vishal Mishra and Anita Gaud discovered that .NET did not properly validate X.509 certificates with malformed signatures. An attacker could possibly use this issue to bypass an application's typical authentication logic. (CVE-2024-0057) Morgan Brown discovered that .NET did not properly handle requests from unauthenticated clients. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-21319) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: aspnetcore-runtime-6.0 6.0.126-0ubuntu1~23.10.1 aspnetcore-runtime-7.0 7.0.115-0ubuntu1~23.10.1 aspnetcore-runtime-8.0 8.0.1-0ubuntu1~23.10.1 dotnet-host 6.0.126-0ubuntu1~23.10.1 dotnet-host-7.0 7.0.115-0ubuntu1~23.10.1 dotnet-host-8.0 8.0.1-0ubuntu1~23.10.1 dotnet-hostfxr-6.0 6.0.126-0ubuntu1~23.10.1 dotnet-hostfxr-7.0 7.0.115-0ubuntu1~23.10.1 dotnet-hostfxr-8.0 8.0.1-0ubuntu1~23.10.1 dotnet-runtime-6.0 6.0.126-0ubuntu1~23.10.1 dotnet-runtime-7.0 7.0.115-0ubuntu1~23.10.1 dotnet-runtime-8.0 8.0.1-0ubuntu1~23.10.1 dotnet-sdk-6.0 6.0.126-0ubuntu1~23.10.1 dotnet-sdk-7.0 7.0.115-0ubuntu1~23.10.1 dotnet-sdk-8.0 8.0.101-0ubuntu1~23.10.1 dotnet6 6.0.126-0ubuntu1~23.10.1 dotnet7 7.0.115-0ubuntu1~23.10.1 dotnet8 8.0.101-8.0.1-0ubuntu1~23.10.1 Ubuntu 23.04: aspnetcore-runtime-6.0 6.0.126-0ubuntu1~23.04.1 aspnetcore-runtime-7.0 7.0.115-0ubuntu1~23.04.1 dotnet-host 6.0.126-0ubuntu1~23.04.1 dotnet-host-7.0 7.0.115-0ubuntu1~23.04.1 dotnet-hostfxr-6.0 6.0.126-0ubuntu1~23.04.1 dotnet-hostfxr-7.0 7.0.115-0ubuntu1~23.04.1 dotnet-runtime-6.0 6.0.126-0ubuntu1~23.04.1 dotnet-runtime-7.0 7.0.115-0ubuntu1~23.04.1 dotnet-sdk-6.0 6.0.126-0ubuntu1~23.04.1 dotnet-sdk-7.0 7.0.115-0ubuntu1~23.04.1 dotnet6 6.0.126-0ubuntu1~23.04.1 dotnet7 7.0.115-0ubuntu1~23.04.1 Ubuntu 22.04 LTS: aspnetcore-runtime-6.0 6.0.126-0ubuntu1~22.04.1 aspnetcore-runtime-7.0 7.0.115-0ubuntu1~22.04.1 dotnet-host 6.0.126-0ubuntu1~22.04.1 dotnet-host-7.0 7.0.115-0ubuntu1~22.04.1 dotnet-hostfxr-6.0 6.0.126-0ubuntu1~22.04.1 dotnet-hostfxr-7.0 7.0.115-0ubuntu1~22.04.1 dotnet-runtime-6.0 6.0.126-0ubuntu1~22.04.1 dotnet-runtime-7.0 7.0.115-0ubuntu1~22.04.1 dotnet-sdk-6.0 6.0.126-0ubuntu1~22.04.1 dotnet-sdk-7.0 7.0.115-0ubuntu1~22.04.1 dotnet6 6.0.126-0ubuntu1~22.04.1 dotnet7 7.0.115-0ubuntu1~22.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6578-1 CVE-2024-0057, CVE-2024-21319 Package Information: https://launchpad.net/ubuntu/+source/dotnet6/6.0.126-0ubuntu1~23.10.1 https://launchpad.net/ubuntu/+source/dotnet7/7.0.115-0ubuntu1~23.10.1 https://launchpad.net/ubuntu/+source/dotnet8/8.0.101-8.0.1-0ubuntu1~23.10.1 https://launchpad.net/ubuntu/+source/dotnet7/7.0.115-0ubuntu1~23.04.1 https://launchpad.net/ubuntu/+source/dotnet7/7.0.115-0ubuntu1~22.04.1 . Multiple security issues addressed for dotnet CLI apps across different Ubuntu releases. Update promptly for improved security.. dotnet vulnerabilities, Ubuntu security updates, authentication issues. . LinuxSecurity.com Team
Jan 11, 2024
Ubuntu
89
security advisorysecurity issuefedoraFedora 10: 2009-0577 Critical: OpenSSL Malformed Signature Issue
libnasl: OpenSSL incorrect checks for malformed signatures https://bugzilla.redhat.com/show_bug.cgi?id=479655. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2009-0577 2009-01-16 22:38:38 --------------------------------------------------------------------------------Name : nessus-libraries Product : Fedora 10 Version : 2.2.11 Release : 1.fc10 URL : https://www.tenable.com/ Summary : Support libraries for nessus Description : Support libraries for nessus --------------------------------------------------------------------------------ChangeLog: --------------------------------------------------------------------------------References: [ 1 ] Bug #479655 - libnasl: OpenSSL incorrect checks for malformed signatures https://bugzilla.redhat.com/show_bug.cgi?id=479655 --------------------------------------------------------------------------------This update can be installed with the "yum" update program. Use su -c 'yum update nessus-libraries' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailing list
Jan 26, 2009
•Critical
Fedora
89
security advisoryfedoraupdateFedora 9: 2009-0636 Moderate Update For Nessus Libraries OpenSSL Issue
libnasl: OpenSSL incorrect checks for malformed signatures https://bugzilla.redhat.com/show_bug.cgi?id=479655. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2009-0636 2009-01-16 22:39:41 --------------------------------------------------------------------------------Name : nessus-libraries Product : Fedora 9 Version : 2.2.11 Release : 1.fc9 URL : https://www.tenable.com/ Summary : Support libraries for nessus Description : Support libraries for nessus --------------------------------------------------------------------------------ChangeLog: * Sun Nov 23 2008 Andreas Bierfert - 2.2.11-1 - version upgrade --------------------------------------------------------------------------------References: [ 1 ] Bug #479655 - libnasl: OpenSSL incorrect checks for malformed signatures https://bugzilla.redhat.com/show_bug.cgi?id=479655 --------------------------------------------------------------------------------This update can be installed with the "yum" update program. Use su -c 'yum update nessus-libraries' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailing list
Jan 26, 2009
•Important
Fedora
89
security advisoryfedoramediumFedora 9: 2009-0543 Medium: TrustedQSL Malformed Signature Risk
The TrustedQSL library incorrectly checked the result after calling the EVP_VerifyFinal function, allowing a malformed signature to be treated as a good signature rather than as an error. Package includes a patch to fix EVP_VerifyFinal result check.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2009-0543 2009-01-14 23:38:30 --------------------------------------------------------------------------------Name : tqsllib Product : Fedora 9 Version : 2.0 Release : 5.fc9 URL : https://sourceforge.net/projects/trustedqsl/ Summary : The TrustedQSL library Description : The TrustedQSL library is used for generating digitally signed QSO records (records of Amateur Radio contacts). This package contains the library and configuration files needed to run TrustedQSL applications. --------------------------------------------------------------------------------Update Information: The TrustedQSL library incorrectly checked the result after calling the EVP_VerifyFinal function, allowing a malformed signature to be treated as a good signature rather than as an error. Package includes a patch to fix EVP_VerifyFinal result check. --------------------------------------------------------------------------------ChangeLog: * Mon Jan 12 2009 Lucian Langa - 2.0-5 - modify patch0 to include fix for #479650 (CVE-2008-5077 related) --------------------------------------------------------------------------------References: [ 1 ] Bug #479650 - tqsllib: OpenSSL incorrect checks for malformed signatures https://bugzilla.redhat.com/show_bug.cgi?id=479650 --------------------------------------------------------------------------------This update can be installed with the "yum" update program. Use su -c 'yum update tqsllib' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details onthe GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailing list
Jan 14, 2009
•Medium
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!