Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 6 articles for you...
89
security advisoryfedoraupdate informationFedora 41: FEDORA-2024-aa246ab1a3 critical: rust-rbspy memory issues
Sampling CPU profiler for Ruby.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-aa246ab1a3 2024-12-10 01:22:52.138429+00:00 -------------------------------------------------------------------------------- Name : rust-rbspy Product : Fedora 41 Version : 0.24.0 Release : 3.fc41 URL : https://crates.io/crates/rbspy Summary : Sampling CPU profiler for Ruby Description : Sampling CPU profiler for Ruby. -------------------------------------------------------------------------------- Update Information: Rebuild affected applications with ruzstd v0.7.3 to address RUSTSEC-2024-0400. -------------------------------------------------------------------------------- ChangeLog: * Sun Dec 1 2024 Fabio Valentini - 0.24.0-3 - Rebuild for ruzstd 0.7.3 (RUSTSEC-2024-0400) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2329482 - rust-ruzstd: `ruzstd` uninit and out-of-bounds memory reads [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2329482 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-aa246ab1a3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Dec 10, 2024
•Critical
Fedora
203
security advisorysecurity updatevulnerabilityMageia 9: 2024-0253 Moderate: krb5 Security Update for Token Issues
Before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application. (CVE-2024-37370) Before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length . MGASA-2024-0253 - Updated krb5 packages fix security vulnerabilities Publication date: 03 Jul 2024 URL: https://advisories.mageia.org/MGASA-2024-0253.html Type: security Affected Mageia releases: 9 CVE: CVE-2024-37370, CVE-2024-37371 Before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application. (CVE-2024-37370) Before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields. (CVE-2024-37371) References: - https://bugs.mageia.org/show_bug.cgi?id=33344 - https://www.cve.org/CVERecord?id=CVE-2024-37370 - https://www.cve.org/CVERecord?id=CVE-2024-37371 SRPMS: - 9/core/krb5-1.20.1-1.2.mga9 . The recent updates to krb5 for Mageia address security vulnerabilities, particularly those involving data truncation and unauthorized memory reads stemming from corrupt tokens.. Mageia security advisory, krb5 update, memory read issue, GSS token truncation. . LinuxSecurity.com Team
Jul 03, 2024
Mageia
89
security advisorycriticalFedoraFedora 34: 2022-edbd74424e Critical Advisory: Kernel Privilege Escalation
The 5.16.11 stable kernel update contains a number of important fixes across the tree.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-edbd74424e 2022-02-27 03:21:19.355623 --------------------------------------------------------------------------------Name : kernel Product : Fedora 34 Version : 5.16.11 Release : 100.fc34 URL : https://www.kernel.org/ Summary : The Linux kernel Description : The kernel meta package --------------------------------------------------------------------------------Update Information: The 5.16.11 stable kernel update contains a number of important fixes across the tree. --------------------------------------------------------------------------------ChangeLog: * Wed Feb 23 2022 Justin M. Forbes [5.16.11-0] - spec: don't overwrite auto.conf with .config (Ondrej Mosnacek) - New configs for 5.16.10 (Justin M. Forbes) --------------------------------------------------------------------------------References: [ 1 ] Bug #2043520 - CVE-2022-23222 kernel: local privileges escalation in kernel/bpf/verifier.c https://bugzilla.redhat.com/show_bug.cgi?id=2043520 [ 2 ] Bug #2044578 - CVE-2022-0500 kernel: Linux ebpf logic vulnerability leads to critical memory read and write gaining root privileges https://bugzilla.redhat.com/show_bug.cgi?id=2044578 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-edbd74424e' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Feb 26, 2022
•Critical
Fedora
202
security advisorybuffer overflowimportantopenSUSE Leap 15.2: openSUSE-SU-2020:1407-1 Important: Go1.14 Patch
An update that solves three vulnerabilities and has four fixes is now available.. openSUSE Security Update: Security update for go1.14 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:1407-1 Rating: important References: #1164903 #1169832 #1170826 #1172868 #1174153 #1174191 #1174977 Cross-References: CVE-2020-14039 CVE-2020-15586 CVE-2020-16845 Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that solves three vulnerabilities and has four fixes is now available. Description: This update for go1.14 fixes the following issues: - go1.14 was updated to version 1.14.7 - CVE-2020-16845: dUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (bsc#1174977). - go1.14.6 (released 2020-07-16) includes fixes to the go command, the compiler, the linker, vet, and the database/sql, encoding/json, net/http, reflect, and testing packages. Refs bsc#1164903 go1.14 release tracking Refs bsc#1174153 bsc#1174191 * go#39991 runtime: missing deferreturn on linux/ppc64le * go#39920 net/http: panic on misformed If-None-Match Header with http.ServeContent * go#39849 cmd/compile: internal compile error when using sync.Pool: mismatched zero/store sizes * go#39824 cmd/go: TestBuildIDContainsArchModeEnv/386 fails on linux/386 in Go 1.14 and 1.13, not 1.15 * go#39698 reflect: panic from malloc after MakeFunc function returns value that is also stored globally * go#39636 reflect: DeepEqual can return true for values that are not equal * go#39585 encoding/json: incorrect object key unmarshaling when using custom TextUnmarshaler as Key with string va lues * go#39562 cmd/compile/internal/ssa: TestNexting/dlv-dbg-hist failing on linux-386-longtest builderbecause it trie s to use an older version of dlv which only supports linux/amd64 * go#39308 testing: streaming output loses parallel subtest associations * go#39288 cmd/vet: update for new number formats * go#39101 database/sql: context cancellation allows statements to execute after rollback * go#38030 doc: BuildNameToCertificate deprecated in go 1.14 not mentioned in the release notes * go#40212 net/http: Expect 100-continue panics in httputil.ReverseProxy bsc#1174153 CVE-2020-15586 * go#40210 crypto/x509: Certificate.Verify method seemingly ignoring EKU requirements on Windows bsc#1174191 CVE-2020-14039 (Windows only) - Add patch to ensure /etc/hosts is used if /etc/nsswitch.conf is not present bsc#1172868 gh#golang/go#35305 This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2020-1407=1 Package List: - openSUSE Leap 15.2 (x86_64): go1.14-1.14.7-lp152.2.3.1 go1.14-doc-1.14.7-lp152.2.3.1 go1.14-race-1.14.7-lp152.2.3.1 References: https://www.suse.com/security/cve/CVE-2020-14039.html https://www.suse.com/security/cve/CVE-2020-15586.html https://www.suse.com/security/cve/CVE-2020-16845.html https://bugzilla.suse.com/1164903 https://bugzilla.suse.com/1169832 https://bugzilla.suse.com/1170826 https://bugzilla.suse.com/1172868 https://bugzilla.suse.com/1174153 https://bugzilla.suse.com/1174191 https://bugzilla.suse.com/1174977 -- . Significant notice regarding openSUSE Leap 15.2 resolves multiple concerns in go1.14. Implement the update promptly for safeguarding.. openSUSE Security Update, Go Package Update, Vulnerabilities Fix. . Severity: Important. LinuxSecurity.com Team
Sep 11, 2020
•Important
OpenSUSE
197
security advisorysoftware updateDebianDebian 8 LTS: DLA-2123-1 Moderate: pure-ftpd Out-Of-Bounds Memory Issue
An uninitialized pointer vulnerability was discovered in pure-ftpd, a secure and efficient FTP server, which could result in an out-of-bounds memory read and potential information disclosure. . Package : pure-ftpd Version : 1.0.36-3.2+deb8u1 CVE ID : CVE-2020-9274 Debian Bug : 925666 An uninitialized pointer vulnerability was discovered in pure-ftpd, a secure and efficient FTP server, which could result in an out-of-bounds memory read and potential information disclosure. For Debian 8 "Jessie", this problem has been fixed in version 1.0.36-3.2+deb8u1. We recommend that you upgrade your pure-ftpd packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . A dangling pointer in httpd might result in unauthorized memory access. Ensure you update for enhanced security!. pure-ftpd security, Debian LTS update, FTP server vulnerabilities, software update, information disclosure. . Severity: Important. LinuxSecurity.com Team
Feb 27, 2020
•Important
Debian LTS
100
security advisorybuffer overflowlow severitySUSE: 2019:1123-1 Low: Yubico-Piv-Tool Buffer Overflow Fix
An update that fixes two vulnerabilities is now available. . SUSE Security Update: Security update for yubico-piv-tool ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1123-1 Rating: low References: #1104809 #1104811 Cross-References: CVE-2018-14779 CVE-2018-14780 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for yubico-piv-tool fixes the following issues: Security issues fixed: - Fixed an buffer overflow and an out of bounds memory read in ykpiv_transfer_data(), which could be triggered by a malicious token. (CVE-2018-14779, bsc#1104809, YSA-2018-03) - Fixed an buffer overflow and an out of bounds memory read in _ykpiv_fetch_object(), which could be triggered by a malicious token. (CVE-2018-14780, bsc#1104811, YSA-2018-03) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1123=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libykcs11-1-1.5.0-3.3.33 libykcs11-1-debuginfo-1.5.0-3.3.33 libykcs11-devel-1.5.0-3.3.33 libykpiv-devel-1.5.0-3.3.33 libykpiv1-1.5.0-3.3.33 libykpiv1-debuginfo-1.5.0-3.3.33 yubico-piv-tool-1.5.0-3.3.33 yubico-piv-tool-debuginfo-1.5.0-3.3.33 yubico-piv-tool-debugsource-1.5.0-3.3.33 References: https://www.suse.com/security/cve/CVE-2018-14779.html https://www.suse.com/security/cve/CVE-2018-14780.html https://bugzilla.suse.com/1104809 https://bugzilla.suse.com/1104811 _______________________________________________ sle-security-updates mailing list
Apr 30, 2019
•Low
SuSE
202
security advisorybuffer overflowlow severityopenSUSE Leap 42.3: 2018:2623-1 Low: Yubico Piv Tool Buffer Overflow
An update that fixes two vulnerabilities is now available.. openSUSE Security Update: Security update for yubico-piv-tool ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:2623-1 Rating: low References: #1104809 #1104811 Cross-References: CVE-2018-14779 CVE-2018-14780 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for yubico-piv-tool fixes the following issues: Security issues fixed: - CVE-2018-14779: Fixed an buffer overflow and an out of bounds memory read in ykpiv_transfer_data(), which could be triggered by a malicious token. (boo#1104809, YSA-2018-03) - CVE-2018-14780: Fixed an buffer overflow and an out of bounds memory read in _ykpiv_fetch_object(), which could be triggered by a malicious token. (boo#1104811, YSA-2018-03) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-969=1 Package List: - openSUSE Leap 42.3 (i586 x86_64): libykpiv-devel-0.1.6-7.3.1 libykpiv1-0.1.6-7.3.1 libykpiv1-debuginfo-0.1.6-7.3.1 yubico-piv-tool-0.1.6-7.3.1 yubico-piv-tool-debuginfo-0.1.6-7.3.1 yubico-piv-tool-debugsource-0.1.6-7.3.1 References: https://www.suse.com/security/cve/CVE-2018-14779.html https://www.suse.com/security/cve/CVE-2018-14780.html https://bugzilla.suse.com/1104809 https://bugzilla.suse.com/1104811 -- . openSUSE Security Enhancement for yubico-piv-tool addresses two minor vulnerabilities linked to memory access and buffer overflow risks.. openSUSE Leap,yubico-piv-tool,security update. . Severity: Low.LinuxSecurity.com Team
Sep 05, 2018
•Low
OpenSUSE
197
security advisorycriticalDebianDebian 8 Jessie DLA-1416-1 Critical: Libsoup2.4 Out-Of-Bounds Memory Read
It was discovered that the Soup HTTP library performed insuffient validation of cookie requests which could result in an out-of-bounds memory read. . Package : libsoup2.4 Version : 2.48.0-1+deb8u2 CVE ID : CVE-2018-12910 It was discovered that the Soup HTTP library performed insuffient validation of cookie requests which could result in an out-of-bounds memory read. For Debian 8 "Jessie", these problems have been fixed in version 2.48.0-1+deb8u2. We recommend that you upgrade your libsoup2.4 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Update libsoup2.4 to address out-of-bounds memory access vulnerabilities in Debian 8 Jessie. Securely correct cookie verification problems.. libsoup2.4, Debian Jessie, security update, out-of-bounds, memory read. . Severity: Critical. LinuxSecurity.com Team
Jul 06, 2018
•Critical
Debian LTS
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!