Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
89
security advisorycriticalFedoraFedora 27: Critical Yadifa Update for Malicious Message Issue
20170912: YADIFA 2.2.6 --- Fixes an issue where a maliciously crafted message may block the server.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-4f2fbc84d9 2017-10-05 21:00:54.263906 --------------------------------------------------------------------------------Name : yadifa Product : Fedora 27 Version : 2.2.6 Release : 1.fc27 URL : Summary : Lightweight authoritative Name Server with DNSSEC capabilities Description : YADIFA is a name server implementation developed from scratch by .eu. It is portable across multiple operating systems and supports DNSSEC, TSIG, DNS notify, DNS update, IPv6. --------------------------------------------------------------------------------Update Information: 20170912: YADIFA 2.2.6 --- Fixes an issue where a maliciously crafted message may block the server. --------------------------------------------------------------------------------References: [ 1 ] Bug #1494005 - CVE-2017-14339 yadifa: Infinite loop due to insufficient checks in the DNS packet parser https://bugzilla.redhat.com/show_bug.cgi?id=1494005 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade yadifa' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Oct 05, 2017
•Critical
Fedora
172
security advisorydenial of serviceinformation exposureUbuntu 14.10, 14.04 LTS, 12.04 LTS Moderate: Thunderbird Flaws
Several security issues were fixed in Thunderbird.. =========================================================================Ubuntu Security Notice USN-2506-1 March 03, 2015 thunderbird vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in Thunderbird. Software Description: - thunderbird: Mozilla Open Source mail and newsgroup client Details: Armin Razmdjou discovered that contents of locally readable files could be made available via manipulation of form autocomplete in some circumstances. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-0822) Abhishek Arya discovered an out-of-bounds read and write when rendering SVG content in some circumstances. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-0827) Paul Bandha discovered a use-after-free in IndexedDB. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-0831) Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Liz Henry, Byron Campen, Tom Schuster, and Ryan VanderMeulen discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-0836) Update instructions: Theproblem can be corrected by updating your system to the following package versions: Ubuntu 14.10: thunderbird 1:31.5.0+build1-0ubuntu0.14.10.1 Ubuntu 14.04 LTS: thunderbird 1:31.5.0+build1-0ubuntu0.14.04.1 Ubuntu 12.04 LTS: thunderbird 1:31.5.0+build1-0ubuntu0.12.04.1 After a standard system update you need to restart Thunderbird to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-2506-1 CVE-2015-0822, CVE-2015-0827, CVE-2015-0831, CVE-2015-0836 Package Information: https://launchpad.net/ubuntu/+source/thunderbird/1:31.5.0+build1-0ubuntu0.14.10.1 https://launchpad.net/ubuntu/+source/thunderbird/1:31.5.0+build1-0ubuntu0.14.04.1 https://launchpad.net/ubuntu/+source/thunderbird/1:31.5.0+build1-0ubuntu0.12.04.1 . Multiple vulnerabilities in Thunderbird resolved. Ensure your Ubuntu systems are updated now for enhanced security.. thunderbird security updates, ubuntu mail client issues, open source vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Mar 03, 2015
•Important
Ubuntu
91
security advisoryhigh severitygentooGentoo: GLSA-201406-05 High Severity Mutt Arbitrary Code Execution
A vulnerability in Mutt could allow remote attackers to execute arbitrary code or cause a Denial of Service condition. . Gentoo Linux Security Advisory GLSA 201406-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Mutt: Arbitrary code execution Date: June 05, 2014 Bugs: #504462 ID: 201406-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Synopsis ======= A vulnerability in Mutt could allow remote attackers to execute arbitrary code or cause a Denial of Service condition. Background ========= Mutt is a small but powerful text-based mail client. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mail-client/mutt < 1.5.22-r3 > = 1.5.22-r3 Description ========== A heap-based buffer overflow has been discovered in the mutt_copy_hdr function. Impact ===== A remote attacker could send a specially crafted message, possibly resulting in execution of arbitrary code with the privileges of the user running Mutt or a Denial of Service condition. Workaround ========= There is no known workaround at this time. Resolution ========= All Mutt users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =mail-client/mutt-1.5.22-r3" References ========= [ 1 ] CVE-2014-0467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0467 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201406-05 Concerns? ======== Security is a primary focus of GentooLinux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jun 05, 2014
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!