Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 523
Alerts This Week
Warning Icon 1 523

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -5 articles for you...
98

Red Hat OpenShift 4.10.41 RHSA-2022:7865-01 Important: MitM Fix

Red Hat OpenShift Container Platform release 4.10.41 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: OpenShift Container Platform 4.10.41 security update Advisory ID: RHSA-2022:7865-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2022:7865 Issue date: 2022-11-17 CVE Names: CVE-2022-36881 ==================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.10.41 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Container Platform 4.10 - noarch 3. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.41. See the following advisory for the container images for this release: Security Fix(es): * jenkins-plugin: Man-in-the-Middle (MitM) in org.jenkins-ci.plugins:git-client (CVE-2022-36881) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. All OpenShift Container Platform 4.10 usersare advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.10/html/updating_clusters/updating-cluster-cli 4. Solution: See the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.10/html/release_notes/ocp-4-10-release-notes Details on how to access this content are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.10/html/updating_clusters/updating-cluster-cli 5. Bugs fixed (https://bugzilla.redhat.com/): 2114755 - CVE-2022-36881 jenkins-plugin: Man-in-the-Middle (MitM) in org.jenkins-ci.plugins:git-client 6. Package List: Red Hat OpenShift Container Platform 4.10: Source: jenkins-2-plugins-4.10.1667388055-1.el8.src.rpm noarch: jenkins-2-plugins-4.10.1667388055-1.el8.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-36881 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBY3bYA9zjgjWX9erEAQhmSw/+JfKszgV90QE9T0Mqn9YECBJKkJ4WoJYP AZIBCgfV52b7qf1HNXoKikMjOVKqk199uhz98XIy/hibm1teDmGhDyfQyQsgKrJG I+xD2KGSC6WFmPnpmT178GqJhTou+66PHJKT4dRE2+Zz5wLRWkIgoRC67bxUyhXo zDP/dhK7k9aNpPkYS4cLOLl7CcImHpc8Qp3ISvnxuWZzzLjWPaofA/dlaCNRptlB eqg2PjZ9Euah5/uWPWa9mjRyt07M1jZtt9ZQPM0WbmPQhEOOrm8aFRYnFn8gUgmO 0hbvirT8UOF4ilndHjUqyVFGXaKLIOZxwKKTsmWype6cvySL1AKtEp0IL/0ry4jP yzQe74ul4EVwGDli5/QVgpqtECnMZVUM0+WtDkCTNqHFcVgY61TaAnXqpx7V/zc6 qzof815h0VXkbzJGbGBrdgiV85/ynvfN5UcuyqymEV+yLmD4Oj3837K//IJEYpzv L+vohfSBXrd2A4NXEQXor92emojGqJjvOc4f6xBcDlYfL0GKfjmUi77oEpOwQEiZ FdHHPs1x3W9A54o0BQbRZMPkEKLB/yy1AOiHiHU97sRxPy6J4Zcz8HLKQotq2xS7 22jTTf/64IIYhwdhnQzcNrsTWcbpc3bvemo1Ag1NEIZKmo8FlsSYu94VIWrc/Pqc 2P8Q8htyAuk=ikz/ -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Canonical unveils major security patch for Kubernetes Engine 1.23.10, addressing multiple vulnerabilities and enhancements. OpenShift Security Update, Red Hat Container Platform, MitM Fix, Important Security Advisory. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Nov 17, 2022 Important Red Hat
100

SUSE: 2017:3234-1 Important: OpenSAML MitM Attack Resolved

An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.. SUSE Security Update: Security update for opensaml ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:3234-1 Rating: important References: #1068685 Cross-References: CVE-2017-16853 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for opensaml fixes the following issues: Security issue fixed: - CVE-2017-16853: Fix the DynamicMetadataProvider class to properly configure itself with the MetadataFilter plugins, to avoid possible MITM attacks (bsc#1068685). Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-2011=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-2011=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-2011=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-2011=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-2011=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise SoftwareDevelopment Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libsaml-devel-2.5.5-3.3.1 opensaml-debugsource-2.5.5-3.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libsaml-devel-2.5.5-3.3.1 opensaml-debugsource-2.5.5-3.3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libsaml8-2.5.5-3.3.1 libsaml8-debuginfo-2.5.5-3.3.1 opensaml-bin-2.5.5-3.3.1 opensaml-bin-debuginfo-2.5.5-3.3.1 opensaml-debugsource-2.5.5-3.3.1 opensaml-schemas-2.5.5-3.3.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libsaml8-2.5.5-3.3.1 libsaml8-debuginfo-2.5.5-3.3.1 opensaml-bin-2.5.5-3.3.1 opensaml-bin-debuginfo-2.5.5-3.3.1 opensaml-debugsource-2.5.5-3.3.1 opensaml-schemas-2.5.5-3.3.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le s390x x86_64): libsaml8-2.5.5-3.3.1 libsaml8-debuginfo-2.5.5-3.3.1 opensaml-bin-2.5.5-3.3.1 opensaml-bin-debuginfo-2.5.5-3.3.1 opensaml-debugsource-2.5.5-3.3.1 opensaml-schemas-2.5.5-3.3.1 References: https://www.suse.com/security/cve/CVE-2017-16853.html https://bugzilla.suse.com/1068685 . Important patch for OpenSAML mitigates MITM vulnerabilities in SUSE platforms. Prompt application is essential for maintaining security standards.. opensaml update,suse security,linux enterprise,software development. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Dec 07, 2017 Important SuSE
99

Urgent Mcabber MITM Fix for Slackware 14.x Released on 2016-347-02

New mcabber packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mcabber (SSA:2016-347-02) New mcabber packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/loudmouth-1.5.3-i586-1_slack14.2.txz: Upgraded. This update is needed for the mcabber security update. patches/packages/mcabber-1.0.4-i586-1_slack14.2.txz: Upgraded. This update fixes a security issue which can lead to a malicious actor MITMing a conversation, or adding themselves as an entity on a third parties roster (thereby granting themselves the associated priviledges such as observing when the user is online). For more information, see: https://gultsch.de/posts/gajim-roster-push_and-message-interception/ https://www.cve.org/CVERecord?id=CVE-2016-9928 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 14.0: Updated package for Slackware x86_64 14.0: Updated package for Slackware 14.1: Updated package for Slackware x86_64 14.1: Updated package for Slackware 14.2: Updated package for Slackware x86_64 14.2: Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 14.0 package: fd38253e79e4b766ad194d4fceaa5d8d mcabber-1.0.4-i486-1_slack14.0.txz Slackware x86_64 14.0 package: c859617864745e03fd527fca1030d518 mcabber-1.0.4-x86_64-1_slack14.0.txz Slackware 14.1 package: d5adbde2cba42fcfa915c07814fb33b5 mcabber-1.0.4-i486-1_slack14.1.txz Slackware x86_64 14.1package: 2af12adcb6691b94edd3f668eb424805 mcabber-1.0.4-x86_64-1_slack14.1.txz Slackware 14.2 package: d2a06d1fd910aecaaa384f115bb58bc3 mcabber-1.0.4-i586-1_slack14.2.txz Slackware x86_64 14.2 package: cda2b990fe27fb3a33039ffd53aad42e mcabber-1.0.4-x86_64-1_slack14.2.txz Slackware -current package: a2b3fc780a5013e96aee9924bac333c9 n/mcabber-1.0.4-i586-1.txz Slackware x86_64 -current package: e212a2abac6dd59728869361651ecdc7 n/mcabber-1.0.4-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg mcabber-1.0.4-i586-1_slack14.2.txz A new loudmouth package is also provided. Be sure to update this as well. +-----+ . Stay informed about mcabber updates on Slackware to address critical communication concerns stemming from security vulnerabilities. Upgrade immediately!. mcabber update, Slackware security, communication fix, MITM vulnerability. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Dec 12, 2016 Critical Slackware
200

Scientific Linux 5.x Moderate Advisory for OpenSSL097a: CVE-2009-3555 MitM

Moderate: openssl097a security update. Date: Thu, 25 Mar 2010 10:59:50 -0500 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Moderate: openssl097a on SL5.x i386/x86_64 Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it." Synopsis: Moderate: openssl097a security update Issue date: 2010-03-25 CVE Names: CVE-2009-3555 CVE-2009-3555 TLS: MITM attacks via session renegotiation A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session (for example, an HTTPS connection to a website). This could force the server to process an attacker's request as if authenticated using the victim's credentials. This update addresses this flaw by implementing the TLS Renegotiation Indication Extension, as defined in RFC 5746. (CVE-2009-3555) Refer to the following Knowledgebase article for additional details about this flaw: For the update to take effect, all services linked to the openssl097a library must be restarted, or the system rebooted. SL 5.x SRPMS: openssl097a-0.9.7a-9.el5_4.2.src.rpm i386: openssl097a-0.9.7a-9.el5_4.2.i386.rpm x86_64: openssl097a-0.9.7a-9.el5_4.2.i386.rpm openssl097a-0.9.7a-9.el5_4.2.x86_64.rpm -Connie Sieh -Troy Dawson . openssl097a on CentOS has undergone a significant security upgrade, mitigating risks associated with possible impersonation attacks.. openssl097a, session Renegotiation, moderate security, Scientific Linux. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Mar 25, 2010 Important Scientific Linux
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200