Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 6 articles for you...
172
security advisorysecurity issueremote code executionUbuntu 24.04 LTS: USN-6990-1 Moderate: znc Remote Code Execution
znc could be made to execute arbitrary code on a user's system if they were persuaded to join a malicious server.. ============================== ============================================ Ubuntu Security Notice USN-6990-1 September 04, 2024 znc vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: znc could be made to execute arbitrary code on a user's system if they were persuaded to join a malicious server. Software Description: - znc: advanced modular IRC bouncer Details: Johannes Kuhn (DasBrain) discovered that znc incorrectly handled user input under certain operations. An attacker could possibly use this issue to execute arbitrary code on a user's system if the user was tricked into joining a malicious server. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS znc 1.9.0-2ubuntu0.1~esm2 Available with Ubuntu Pro znc-dev 1.9.0-2ubuntu0.1~esm2 Available with Ubuntu Pro znc-perl 1.9.0-2ubuntu0.1~esm2 Available with Ubuntu Pro znc-python 1.9.0-2ubuntu0.1~esm2 Available with Ubuntu Pro znc-tcl 1.9.0-2ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 22.04 LTS znc 1.8.2-2ubuntu0.1 znc-dev 1.8.2-2ubuntu0.1 znc-perl 1.8.2-2ubuntu0.1 znc-python 1.8.2-2ubuntu0.1 znc-tcl 1.8.2-2ubuntu0.1 Ubuntu 20.04 LTS znc 1.7.5-4ubuntu0.1~esm2 Available with Ubuntu Pro znc-dev 1.7.5-4ubuntu0.1~esm2 Available with Ubuntu Pro znc-perl 1.7.5-4ubuntu0.1~esm2 Available with Ubuntu Pro znc-python 1.7.5-4ubuntu0.1~esm2 Available with Ubuntu Pro znc-tcl 1.7.5-4ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 18.04 LTS znc 1.6.6-1ubuntu0.2+esm2 Available with Ubuntu Pro znc-dev 1.6.6-1ubuntu0.2+esm2 Available with Ubuntu Pro znc-perl 1.6.6-1ubuntu0.2+esm2 Available with Ubuntu Pro znc-python 1.6.6-1ubuntu0.2+esm2 Available with Ubuntu Pro znc-tcl 1.6.6-1ubuntu0.2+esm2 Available with Ubuntu Pro Ubuntu 16.04 LTS znc 1.6.3-1ubuntu0.2+esm2 Available with Ubuntu Pro znc-dev 1.6.3-1ubuntu0.2+esm2 Available with Ubuntu Pro znc-perl 1.6.3-1ubuntu0.2+esm2 Available with Ubuntu Pro znc-python 1.6.3-1ubuntu0.2+esm2 Available with Ubuntu Pro znc-tcl 1.6.3-1ubuntu0.2+esm2 Available with Ubuntu Pro Ubuntu 14.04 LTS znc 1.2-3ubuntu0.1+esm3 Available with Ubuntu Pro znc-dev 1.2-3ubuntu0.1+esm3 Available with Ubuntu Pro znc-perl 1.2-3ubuntu0.1+esm3 Available with Ubuntu Pro znc-python 1.2-3ubuntu0.1+esm3 Available with Ubuntu Pro znc-tcl 1.2-3ubuntu0.1+esm3 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6990-1 CVE-2024-39844 Package Information: https://launchpad.net/ubuntu/+source/znc/1.8.2-2ubuntu0.1 . A critical ZNC vulnerability affects multiple Ubuntu versions, exposing users to unauthorized data access. Immediate updates are necessary for protection. Ubuntu Security, znc Security, Remote Code Execution, Arbitrary Code Execution, Ubuntu Advisory. . LinuxSecurity.com Team
Sep 04, 2024
Ubuntu
100
security advisorymoderateSUSE LinuxSUSE: 2020:3733-1 Moderate: Multiple Issues Fixed in Curl Software
An update that fixes three vulnerabilities is now available. . SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3733-1 Rating: moderate References: #1179398 #1179399 #1179593 Cross-References: CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3733=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): curl-7.60.0-3.35.1 curl-debuginfo-7.60.0-3.35.1 curl-debugsource-7.60.0-3.35.1 libcurl-devel-7.60.0-3.35.1 libcurl4-7.60.0-3.35.1 libcurl4-debuginfo-7.60.0-3.35.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libcurl4-32bit-7.60.0-3.35.1 libcurl4-32bit-debuginfo-7.60.0-3.35.1 References: https://www.suse.com/security/cve/CVE-2020-8284.html https://www.suse.com/security/cve/CVE-2020-8285.html https://www.suse.com/security/cve/CVE-2020-8286.html https://bugzilla.suse.com/1179398 https://bugzilla.suse.com/1179399 https://bugzilla.suse.com/1179593 . Important notice issued for wget fixing several security flaws in Red Hat Enterprise Linux System.. SUSE Linux,Curl Update,Security Fixes. . Severity: Important. LinuxSecurity.com Team
Dec 09, 2020
•Important
SuSE
203
security advisoryupdatemalicious serverMageia: 2020-0391 Moderate: Claws Mail Stack Consumption Issue
In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree (CVE-2020-16094). References: . MGASA-2020-0391 - Updated claw-mail packages fix a security vulnerability Publication date: 21 Oct 2020 URL: https://advisories.mageia.org/MGASA-2020-0391.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-16094 In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree (CVE-2020-16094). References: - https://bugs.mageia.org/show_bug.cgi?id=27427 - https://lists.fedoraproject.org/archives/list/
Oct 21, 2020
Mageia
197
security advisorysoftware updatedebianDebian 9: DLA-2309-1 Critical: Evolution Data Server Mail Client Crash
In Evolution Data Server a vulnerability was discovered that allowed a malicious server to crash the mail client. For Debian 9 stretch, this problem has been fixed in version . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2309-1
Aug 02, 2020
•Critical
Debian LTS
203
security advisorybuffer overflowsecurity fixMageia 7: MGASA-2020-0005 Severe: Openconnect Buffer Overflow Risk
Updated openconnect packages fix security vulnerability: Buffer overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes (CVE-2019-16239). . MGASA-2020-0005 - Updated openconnect packages fix security vulnerability Publication date: 05 Jan 2020 URL: https://advisories.mageia.org/MGASA-2020-0005.html Type: security Affected Mageia releases: 7 CVE: CVE-2019-16239 Updated openconnect packages fix security vulnerability: Buffer overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes (CVE-2019-16239). References: - https://bugs.mageia.org/show_bug.cgi?id=25803 - - https://www.cve.org/CVERecord?id=CVE-2019-16239 SRPMS: - 7/core/openconnect-8.05-1.mga7 . Enhanced versions of openconnect have been released, bolstering defenses against potential buffer overflow vulnerabilities linked to manipulated data segment sizes.. openconnect security update, Mageia vulnerability fix, buffer overflow issue. . LinuxSecurity.com Team
Jan 05, 2020
Mageia
197
security advisorydebianheap overflowDebian 8 Jessie: DLA-1945-1 Critical: OpenConnect Heap Overflow
A vulnerability was discovered by Lukas Kupczyk of the Advanced Research Team at CrowdStrike Intelligence in OpenConnect, an open client for Cisco AnyConnect, Pulse, GlobalProtect VPN. A malicious HTTP server . Package : openconnect Version : 6.00-2+deb8u1 CVE ID : CVE-2019-16239 Debian Bug : 940871 A vulnerability was discovered by Lukas Kupczyk of the Advanced Research Team at CrowdStrike Intelligence in OpenConnect, an open client for Cisco AnyConnect, Pulse, GlobalProtect VPN. A malicious HTTP server (after its identity certificate has been accepted) can provide bogus chunk lengths for chunked HTTP encoding and cause a heap overflow. For Debian 8 "Jessie", this problem has been fixed in version 6.00-2+deb8u1. We recommend that you upgrade your openconnect packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . OpenConnect on Debian 8 has a critical heap overflow vulnerability. Upgrade your package to ensure system safety.. vulnerability, lukas, kupczyk, advanced, research, crowdstrike, intelli. . Severity: Critical. LinuxSecurity.com Team
Oct 03, 2019
•Critical
Debian LTS
197
security advisorysecurity updatecriticalDebian 8: DLA-1906-1 Critical: Python2.7 Cookie Handling Issue
A vulnerability has been discovered in Python, an interactive high-level object-oriented language, that is relevant for cookie handling. By using a malicious server an attacker might steal cookies that are meant for other . Package : python2.7 Version : 2.7.9-2+deb8u4 CVE ID : CVE-2018-20852 A vulnerability has been discovered in Python, an interactive high-level object-oriented language, that is relevant for cookie handling. By using a malicious server an attacker might steal cookies that are meant for other domains For Debian 8 "Jessie", this problem has been fixed in version 2.7.9-2+deb8u4. We recommend that you upgrade your python2.7 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . An exploit in python2.7 concerning cookie management enables adversaries to capture cookies from different domains.. Python Security, Debian LTS, Cookie Handling Issue, Debian Upgrade, Security Update. . Severity: Critical. LinuxSecurity.com Team
Aug 31, 2019
•Critical
Debian LTS
197
security advisorysecurity updatedebianDebian 8 Jessie DLA-1889-1 Critical: Python 3.4 Cookie Threat
A vulnerability has been discovered in Python, an interactive high-level object-oriented language, that is relevant for cookie handling. By using a malicious server an attacker might steal cookies that are . Package : python3.4 Version : 3.4.2-1+deb8u6 CVE ID : CVE-2018-20852 A vulnerability has been discovered in Python, an interactive high-level object-oriented language, that is relevant for cookie handling. By using a malicious server an attacker might steal cookies that are meant for other domains For Debian 8 "Jessie", this problem has been fixed in version 3.4.2-1+deb8u6. We recommend that you upgrade your python3.4 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . An update for Python 3.4 has been released to fix a cookie security issue on Debian 8 Jessie. Please upgrade to enhance your security.. Python 3.4 Security Update, Debian Cookie Handling Threat, Python Vulnerability Advisory. . Severity: Critical. LinuxSecurity.com Team
Aug 17, 2019
•Critical
Debian LTS
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!