Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
89
security advisorycritical issueFedoraFedora 34: FEDORA-2021-2b3a2de94f Critical: Xen Memory Management Issues
guests may exceed their designated memory limit [XSA-385, CVE-2021-28706] PoD operations on misaligned GFNs [XSA-388, CVE-2021-28704, CVE-2021-28707 CVE-2021-28708] issues with partially successful P2M updates on x86 [XSA-389, CVE-2021-28705, CVE-2021-28709]. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-2b3a2de94f 2021-12-09 01:34:54.383905 --------------------------------------------------------------------------------Name : xen Product : Fedora 34 Version : 4.14.3 Release : 3.fc34 URL : https://xenproject.org/ Summary : Xen is a virtual machine monitor Description : This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor --------------------------------------------------------------------------------Update Information: guests may exceed their designated memory limit [XSA-385, CVE-2021-28706] PoD operations on misaligned GFNs [XSA-388, CVE-2021-28704, CVE-2021-28707 CVE-2021-28708] issues with partially successful P2M updates on x86 [XSA-389, CVE-2021-28705, CVE-2021-28709] --------------------------------------------------------------------------------ChangeLog: * Tue Nov 23 2021 Michael Young - 4.14.3-3 - guests may exceed their designated memory limit [XSA-385, CVE-2021-28706] - PoD operations on misaligned GFNs [XSA-388, CVE-2021-28704, CVE-2021-28707 CVE-2021-28708] - issues with partially successful P2M updates on x86 [XSA-389, CVE-2021-28705, CVE-2021-28709] --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-2b3a2de94f' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used bythe Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Dec 08, 2021
•Critical
Fedora
100
security advisorymoderateupdateSUSE: 2021:3851-1 Moderate Update: Resolution for Xen Memory Problems
An update that fixes 6 vulnerabilities is now available. . SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3851-1 Rating: moderate References: #1192554 #1192557 #1192559 Cross-References: CVE-2021-28704 CVE-2021-28705 CVE-2021-28706 CVE-2021-28707 CVE-2021-28708 CVE-2021-28709 CVSS scores: CVE-2021-28704 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28705 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28706 (NVD) : 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2021-28706 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28707 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28708 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28709 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD operations on misaligned GFNs (XSA-388) (bsc#1192557). - CVE-2021-28705, CVE-2021-28709: Fixed issues with partially successful P2M updates on x86 (XSA-389) (bsc#1192559). - CVE-2021-28706: Fixed guests may exceed their designated memory limit (XSA-385) (bsc#1192554). Special Instructions andNotes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3851=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-3851=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-3851=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-3851=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-3851=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-3851=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): xen-4.9.4_24-3.97.1 xen-debugsource-4.9.4_24-3.97.1 xen-doc-html-4.9.4_24-3.97.1 xen-libs-32bit-4.9.4_24-3.97.1 xen-libs-4.9.4_24-3.97.1 xen-libs-debuginfo-32bit-4.9.4_24-3.97.1 xen-libs-debuginfo-4.9.4_24-3.97.1 xen-tools-4.9.4_24-3.97.1 xen-tools-debuginfo-4.9.4_24-3.97.1 xen-tools-domU-4.9.4_24-3.97.1 xen-tools-domU-debuginfo-4.9.4_24-3.97.1 - SUSE OpenStack Cloud 8 (x86_64): xen-4.9.4_24-3.97.1 xen-debugsource-4.9.4_24-3.97.1 xen-doc-html-4.9.4_24-3.97.1 xen-libs-32bit-4.9.4_24-3.97.1 xen-libs-4.9.4_24-3.97.1 xen-libs-debuginfo-32bit-4.9.4_24-3.97.1 xen-libs-debuginfo-4.9.4_24-3.97.1 xen-tools-4.9.4_24-3.97.1 xen-tools-debuginfo-4.9.4_24-3.97.1 xen-tools-domU-4.9.4_24-3.97.1 xen-tools-domU-debuginfo-4.9.4_24-3.97.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): xen-4.9.4_24-3.97.1 xen-debugsource-4.9.4_24-3.97.1 xen-doc-html-4.9.4_24-3.97.1 xen-libs-32bit-4.9.4_24-3.97.1 xen-libs-4.9.4_24-3.97.1 xen-libs-debuginfo-32bit-4.9.4_24-3.97.1 xen-libs-debuginfo-4.9.4_24-3.97.1 xen-tools-4.9.4_24-3.97.1 xen-tools-debuginfo-4.9.4_24-3.97.1 xen-tools-domU-4.9.4_24-3.97.1 xen-tools-domU-debuginfo-4.9.4_24-3.97.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): xen-4.9.4_24-3.97.1 xen-debugsource-4.9.4_24-3.97.1 xen-doc-html-4.9.4_24-3.97.1 xen-libs-32bit-4.9.4_24-3.97.1 xen-libs-4.9.4_24-3.97.1 xen-libs-debuginfo-32bit-4.9.4_24-3.97.1 xen-libs-debuginfo-4.9.4_24-3.97.1 xen-tools-4.9.4_24-3.97.1 xen-tools-debuginfo-4.9.4_24-3.97.1 xen-tools-domU-4.9.4_24-3.97.1 xen-tools-domU-debuginfo-4.9.4_24-3.97.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): xen-4.9.4_24-3.97.1 xen-debugsource-4.9.4_24-3.97.1 xen-doc-html-4.9.4_24-3.97.1 xen-libs-32bit-4.9.4_24-3.97.1 xen-libs-4.9.4_24-3.97.1 xen-libs-debuginfo-32bit-4.9.4_24-3.97.1 xen-libs-debuginfo-4.9.4_24-3.97.1 xen-tools-4.9.4_24-3.97.1 xen-tools-debuginfo-4.9.4_24-3.97.1 xen-tools-domU-4.9.4_24-3.97.1 xen-tools-domU-debuginfo-4.9.4_24-3.97.1 - HPE Helion Openstack 8 (x86_64): xen-4.9.4_24-3.97.1 xen-debugsource-4.9.4_24-3.97.1 xen-doc-html-4.9.4_24-3.97.1 xen-libs-32bit-4.9.4_24-3.97.1 xen-libs-4.9.4_24-3.97.1 xen-libs-debuginfo-32bit-4.9.4_24-3.97.1 xen-libs-debuginfo-4.9.4_24-3.97.1 xen-tools-4.9.4_24-3.97.1 xen-tools-debuginfo-4.9.4_24-3.97.1 xen-tools-domU-4.9.4_24-3.97.1 xen-tools-domU-debuginfo-4.9.4_24-3.97.1 References: https://www.suse.com/security/cve/CVE-2021-28704.html https://www.suse.com/security/cve/CVE-2021-28705.html https://www.suse.com/security/cve/CVE-2021-28706.html https://www.suse.com/security/cve/CVE-2021-28707.html https://www.suse.com/security/cve/CVE-2021-28708.html https://www.suse.com/security/cve/CVE-2021-28709.html https://bugzilla.suse.com/1192554 https://bugzilla.suse.com/1192557 https://bugzilla.suse.com/1192559 . SUSE publishes a fresh patch for xen tackling 6 vulnerabilities, categorized as moderate. Critical to apply without delay.. SUSE Security Update,xen issues,patch instructions. . Severity: Important. LinuxSecurity.com Team
Dec 01, 2021
•Important
SuSE
89
security advisoryFedoraDoSFedora 35: 2021-03645e9807 Moderate: Memory Limit Exceeding in Xen
guests may exceed their designated memory limit [XSA-385, CVE-2021-28706] PoD operations on misaligned GFNs [XSA-388, CVE-2021-28704, CVE-2021-28707 CVE-2021-28708] issues with partially successful P2M updates on x86 [XSA-389, CVE-2021-28705, CVE-2021-28709] certain VT-d IOMMUs may not work in shared page table mode [XSA-390, CVE-2021-28710]. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-03645e9807 2021-12-01 01:19:37.797895 --------------------------------------------------------------------------------Name : xen Product : Fedora 35 Version : 4.15.1 Release : 4.fc35 URL : https://xenproject.org/ Summary : Xen is a virtual machine monitor Description : This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor --------------------------------------------------------------------------------Update Information: guests may exceed their designated memory limit [XSA-385, CVE-2021-28706] PoD operations on misaligned GFNs [XSA-388, CVE-2021-28704, CVE-2021-28707 CVE-2021-28708] issues with partially successful P2M updates on x86 [XSA-389, CVE-2021-28705, CVE-2021-28709] certain VT-d IOMMUs may not work in shared page table mode [XSA-390, CVE-2021-28710] --------------------------------------------------------------------------------ChangeLog: * Tue Nov 23 2021 Michael Young - 4.15.1-4 - guests may exceed their designated memory limit [XSA-385, CVE-2021-28706] - PoD operations on misaligned GFNs [XSA-388, CVE-2021-28704, CVE-2021-28707 CVE-2021-28708] - issues with partially successful P2M updates on x86 [XSA-389, CVE-2021-28705, CVE-2021-28709] - certain VT-d IOMMUs may not work in shared page table mode [XSA-390, CVE-2021-28710] * Wed Oct 6 2021 Michael Young - 4.15.1-3 - rebuild (f36 only) for OCaml 4.13.1 * Tue Oct 5 2021 Michael Young - 4.15.1-2 - PCI devices with RMRRs not deassignedcorrectly [XSA-386, CVE-2021-28702] (#2011248) --------------------------------------------------------------------------------References: [ 1 ] Bug #2025046 - CVE-2021-28710 xen: Certain VT-d IOMMUs may not work in shared page table mode https://bugzilla.redhat.com/show_bug.cgi?id=2025046 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-03645e9807' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Nov 30, 2021
•Important
Fedora
100
security advisorymoderateDoSSUSE: 2021:3813-1 Moderate: Xen Memory Limit and DoS Issues
An update that fixes 6 vulnerabilities is now available. . SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3813-1 Rating: moderate References: #1192554 #1192557 #1192559 Cross-References: CVE-2021-28704 CVE-2021-28705 CVE-2021-28706 CVE-2021-28707 CVE-2021-28708 CVE-2021-28709 CVSS scores: CVE-2021-28704 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28705 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28706 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28707 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28708 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28709 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD operations on misaligned GFNs (XSA-388) (bsc#1192557). - CVE-2021-28705, CVE-2021-28709: Fixed issues with partially successful P2M updates on x86 (XSA-389) (bsc#1192559). - CVE-2021-28706: Fixed guests may exceed their designated memory limit (XSA-385) (bsc#1192554). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -tpatch SUSE-SLE-SERVER-12-SP2-BCL-2021-3813=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): xen-4.7.6_18-43.82.1 xen-debugsource-4.7.6_18-43.82.1 xen-doc-html-4.7.6_18-43.82.1 xen-libs-32bit-4.7.6_18-43.82.1 xen-libs-4.7.6_18-43.82.1 xen-libs-debuginfo-32bit-4.7.6_18-43.82.1 xen-libs-debuginfo-4.7.6_18-43.82.1 xen-tools-4.7.6_18-43.82.1 xen-tools-debuginfo-4.7.6_18-43.82.1 xen-tools-domU-4.7.6_18-43.82.1 xen-tools-domU-debuginfo-4.7.6_18-43.82.1 References: https://www.suse.com/security/cve/CVE-2021-28704.html https://www.suse.com/security/cve/CVE-2021-28705.html https://www.suse.com/security/cve/CVE-2021-28706.html https://www.suse.com/security/cve/CVE-2021-28707.html https://www.suse.com/security/cve/CVE-2021-28708.html https://www.suse.com/security/cve/CVE-2021-28709.html https://bugzilla.suse.com/1192554 https://bugzilla.suse.com/1192557 https://bugzilla.suse.com/1192559 . SUSE Security Bulletin: 5 updates for kernel released with moderate risk and instructions for deployment.. SUSE Linux, Security Update, Xen Fixes, Memory Limit, DoS Threats. . LinuxSecurity.com Team
Nov 29, 2021
SuSE
197
security advisorybuffer overflowDebianDebian 8: DLA-2261-1 Critical: php5 Disk Space Exploit Mitigation
It has been discovered, that a vulnerability in php5, a server-side, HTML-embedded scripting language, could lead to exhausted disk space on the server. When using overly long filenames or field names, a memory . Package : php5 Version : 5.6.40+dfsg-0+deb8u12 CVE ID : CVE-2019-11048 It has been discovered, that a vulnerability in php5, a server-side, HTML-embedded scripting language, could lead to exhausted disk space on the server. When using overly long filenames or field names, a memory limit could be hit which results in stopping the upload but not cleaning up behind. Further the embedded version of "file" is vulnerable to CVE-2019-18218. As it can not be exploited the same in php5 as in file, this issue is not handled as an own CVE but just as a bug, that has been fixed here (restrict the number of CDF_VECTOR elements to prevent a heap-based buffer overflow (4-byte out-of-bounds write)). For Debian 8 "Jessie", this problem has been fixed in version 5.6.40+dfsg-0+deb8u12. We recommend that you upgrade your php5 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Enhance PHP5 to address CVE-2019-11048 and mitigate disk usage issues on Debian 8 for improved efficiency.. php5 Security Update,Debian LTS,CVE-2019-11048,Buffer Overflow. . Severity: Critical. LinuxSecurity.com Team
Jun 29, 2020
•Critical
Debian LTS
202
security advisorymoderateopenSUSEopenSUSE Leap 15.1: 2020:0756-1 Moderate: qemu Use-After-Free Issue
An update that solves one vulnerability and has two fixes is now available.. openSUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:0756-1 Rating: moderate References: #1158880 #1167816 #1170940 Cross-References: CVE-2020-1983 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for qemu fixes the following issues: Security issue fixed: - CVE-2020-1983: Fixed a use-after-free in the ip_reass function of slirp (bsc#1170940). Non-security issues fixed: - Fixed an issue where limiting the memory bandwidth was not possible (bsc#1167816). - Fixed the issue that s390x could not read IPL channel program when using dasd as boot device (bsc#1158880). - Miscellaneous fixes to the in-package support documentation. This update was imported from the SUSE:SLE-15-SP1:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-756=1 Package List: - openSUSE Leap 15.1 (noarch): qemu-ipxe-1.0.0+-lp151.7.15.2 qemu-seabios-1.12.0-lp151.7.15.2 qemu-sgabios-8-lp151.7.15.2 qemu-vgabios-1.12.0-lp151.7.15.2 - openSUSE Leap 15.1 (x86_64): qemu-3.1.1.1-lp151.7.15.2 qemu-arm-3.1.1.1-lp151.7.15.2 qemu-arm-debuginfo-3.1.1.1-lp151.7.15.2 qemu-audio-alsa-3.1.1.1-lp151.7.15.2 qemu-audio-alsa-debuginfo-3.1.1.1-lp151.7.15.2 qemu-audio-oss-3.1.1.1-lp151.7.15.2 qemu-audio-oss-debuginfo-3.1.1.1-lp151.7.15.2 qemu-audio-pa-3.1.1.1-lp151.7.15.2 qemu-audio-pa-debuginfo-3.1.1.1-lp151.7.15.2 qemu-audio-sdl-3.1.1.1-lp151.7.15.2 qemu-audio-sdl-debuginfo-3.1.1.1-lp151.7.15.2 qemu-block-curl-3.1.1.1-lp151.7.15.2 qemu-block-curl-debuginfo-3.1.1.1-lp151.7.15.2 qemu-block-dmg-3.1.1.1-lp151.7.15.2 qemu-block-dmg-debuginfo-3.1.1.1-lp151.7.15.2 qemu-block-gluster-3.1.1.1-lp151.7.15.2 qemu-block-gluster-debuginfo-3.1.1.1-lp151.7.15.2 qemu-block-iscsi-3.1.1.1-lp151.7.15.2 qemu-block-iscsi-debuginfo-3.1.1.1-lp151.7.15.2 qemu-block-nfs-3.1.1.1-lp151.7.15.2 qemu-block-nfs-debuginfo-3.1.1.1-lp151.7.15.2 qemu-block-rbd-3.1.1.1-lp151.7.15.2 qemu-block-rbd-debuginfo-3.1.1.1-lp151.7.15.2 qemu-block-ssh-3.1.1.1-lp151.7.15.2 qemu-block-ssh-debuginfo-3.1.1.1-lp151.7.15.2 qemu-debuginfo-3.1.1.1-lp151.7.15.2 qemu-debugsource-3.1.1.1-lp151.7.15.2 qemu-extra-3.1.1.1-lp151.7.15.2 qemu-extra-debuginfo-3.1.1.1-lp151.7.15.2 qemu-guest-agent-3.1.1.1-lp151.7.15.2 qemu-guest-agent-debuginfo-3.1.1.1-lp151.7.15.2 qemu-ksm-3.1.1.1-lp151.7.15.2 qemu-kvm-3.1.1.1-lp151.7.15.2 qemu-lang-3.1.1.1-lp151.7.15.2 qemu-linux-user-3.1.1.1-lp151.7.15.2 qemu-linux-user-debuginfo-3.1.1.1-lp151.7.15.2 qemu-linux-user-debugsource-3.1.1.1-lp151.7.15.2 qemu-ppc-3.1.1.1-lp151.7.15.2 qemu-ppc-debuginfo-3.1.1.1-lp151.7.15.2 qemu-s390-3.1.1.1-lp151.7.15.2 qemu-s390-debuginfo-3.1.1.1-lp151.7.15.2 qemu-tools-3.1.1.1-lp151.7.15.2 qemu-tools-debuginfo-3.1.1.1-lp151.7.15.2 qemu-ui-curses-3.1.1.1-lp151.7.15.2 qemu-ui-curses-debuginfo-3.1.1.1-lp151.7.15.2 qemu-ui-gtk-3.1.1.1-lp151.7.15.2 qemu-ui-gtk-debuginfo-3.1.1.1-lp151.7.15.2 qemu-ui-sdl-3.1.1.1-lp151.7.15.2 qemu-ui-sdl-debuginfo-3.1.1.1-lp151.7.15.2 qemu-x86-3.1.1.1-lp151.7.15.2 qemu-x86-debuginfo-3.1.1.1-lp151.7.15.2 References: https://www.suse.com/security/cve/CVE-2020-1983.html https://bugzilla.suse.com/1158880 https://bugzilla.suse.com/1167816 https://bugzilla.suse.com/1170940 -- . openSUSE has released a security patch for qemu to address a moderate risk vulnerability. Please adhere to the provided installation guidelines to perform the update.. qemu security update, openSUSE vulnerability fix, Linux patch instructions. . LinuxSecurity.com Team
Jun 02, 2020
OpenSUSE
197
security advisorydenial of servicedebianDebian 8 Jessie DLA-1524-1 Fix: Libxml2 Denial Of Service Vulnerability
CVE-2018-14404 Fix of a NULL pointer dereference which might result in a crash and thus in a denial of service. . Package : libxml2 Version : 2.9.1+dfsg1-5+deb8u7 CVE ID : CVE-2017-18258 CVE-2018-9251 CVE-2018-14404 CVE-2018-14567 CVE-2018-14404 Fix of a NULL pointer dereference which might result in a crash and thus in a denial of service. CVE-2018-14567 and CVE-2018-9251 Approvement in LZMA error handling which prevents an infinite loop. CVE-2017-18258 Limit available memory to 100MB to avoid exhaustive memory consumption by malicious files. For Debian 8 "Jessie", these problems have been fixed in version 2.9.1+dfsg1-5+deb8u7. We recommend that you upgrade your libxml2 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . A security patch for libxml2 addresses severe vulnerabilities such as denial of service and excessive memory usage on Debian 8.. Debian 8, Libxml2 Update, Denial Of Service, Memory Limit. . Severity: Critical. LinuxSecurity.com Team
Sep 27, 2018
•Critical
Debian LTS
99
security advisorycriticalsecurity fixSlackware PHP Security Advisory: Memory Limit Issues and Fixes
New PHP packages are available for Slackware 8.1, 9.0, 9.1, 10.0, and -current to fix security issues (memory_limit handling and a problem in the strip_tags function). Sites using PHP should upgrade. More details about this issue may be found in the Common . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] PHP (SSA:2004-202-01) New PHP packages are available for Slackware 8.1, 9.0, 9.1, 10.0, and -current to fix security issues (memory_limit handling and a problem in the strip_tags function). Sites using PHP should upgrade. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: https://www.cve.org/CVERecord?id=CVE-CAN-2004-0594 https://www.cve.org/CVERecord?id=CVE-CAN-2004-0595 Here are the details from the Slackware 10.0 ChangeLog: +--------------------------+ Tue Jul 20 19:35:16 PDT 2004 patches/packages/php-4.3.8-i486-1.tgz: Upgraded to php-4.3.8. This release fixes two security problems in PHP (memory_limit handling and a problem in the strip_tags function). Sites using PHP should upgrade. For more details, see: https://www.cve.org/CVERecord?id=CVE-CAN-2004-0594 https://www.cve.org/CVERecord?id=CVE-CAN-2004-0595 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Updated package for Slackware 8.1: Updated package for Slackware 9.0: Updated package for Slackware 9.1: Updated package for Slackware 10.0: Updated package for Slackware -current: MD5 signatures: +-------------+ Slackware 8.1 package: c6734463934818904828833b9e5dce59 php-4.3.8-i386-1.tgz Slackware 9.0 package: 73055c5395f4c60b7cf4bbdcfab17e72 php-4.3.8-i386-1.tgz Slackware 9.1 package: e2d3374f55e85a14a15ac267193ac55e php-4.3.8-i486-1.tgz Slackware 10.0 package: 7dfa5a85e080d833ea21fcd81b166977 php-4.3.8-i486-1.tgz Slackware -current package: 7dfa5a85e080d833ea21fcd81b166977 php-4.3.8-i486-1.tgz Installation instructions: +------------------------+ First, stop apache: #apachectl stop Next, upgrade to the new PHP package: # upgradepkg php-4.3.8-i486-1.tgz Finally, restart apache: # apachectl start +-----+ . Fresh PHP updates enhance security vulnerabilities management for Slackware versions 8.1 through 10.0. Immediate action needed for impacted installations.. PHP Security Packages, Slackware Update, Memory Limit Fix. . Severity: Critical. LinuxSecurity.com Team
Jul 21, 2004
•Critical
Slackware
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!