Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 8 articles for you...
217
security advisorypython updatesoftware fixesOracle Linux 8 ELSA-2024-8838 Moderate: python3.11 Security Advisory
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-8838 http://linux.oracle.com/errata/ELSA-2024-8838.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: python3.11-3.11.10-1.0.1.el8_10.x86_64.rpm python3.11-3.11.10-1.0.1.el8_10.i686.rpm python3.11-devel-3.11.10-1.0.1.el8_10.i686.rpm python3.11-devel-3.11.10-1.0.1.el8_10.x86_64.rpm python3.11-libs-3.11.10-1.0.1.el8_10.i686.rpm python3.11-libs-3.11.10-1.0.1.el8_10.x86_64.rpm python3.11-rpm-macros-3.11.10-1.0.1.el8_10.noarch.rpm python3.11-tkinter-3.11.10-1.0.1.el8_10.x86_64.rpm python3.11-debug-3.11.10-1.0.1.el8_10.i686.rpm python3.11-debug-3.11.10-1.0.1.el8_10.x86_64.rpm python3.11-idle-3.11.10-1.0.1.el8_10.i686.rpm python3.11-idle-3.11.10-1.0.1.el8_10.x86_64.rpm python3.11-test-3.11.10-1.0.1.el8_10.i686.rpm python3.11-test-3.11.10-1.0.1.el8_10.x86_64.rpm python3.11-tkinter-3.11.10-1.0.1.el8_10.i686.rpm aarch64: python3.11-3.11.10-1.0.1.el8_10.aarch64.rpm python3.11-devel-3.11.10-1.0.1.el8_10.aarch64.rpm python3.11-libs-3.11.10-1.0.1.el8_10.aarch64.rpm python3.11-rpm-macros-3.11.10-1.0.1.el8_10.noarch.rpm python3.11-tkinter-3.11.10-1.0.1.el8_10.aarch64.rpm python3.11-debug-3.11.10-1.0.1.el8_10.aarch64.rpm python3.11-idle-3.11.10-1.0.1.el8_10.aarch64.rpm python3.11-test-3.11.10-1.0.1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//python3.11-3.11.10-1.0.1.el8_10.src.rpm Related CVEs: CVE-2024-6232 Description of changes: [3.11.10-1.0.1] - Update rpm-macros description [Orabug: 36024572] [3.11.10-1] - Update to 3.11.10 Resolves: RHEL-57400 _______________________________________________ El-errata mailing list
Nov 08, 2024
Oracle
217
security advisorysecurity fixmoderate advisoryOracle Linux 9 ELSA-2024-6162 moderate: python-urllib3 security fix
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-6162 http://linux.oracle.com/errata/ELSA-2024-6162.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: python3-urllib3-1.26.5-5.el9_4.1.noarch.rpm aarch64: python3-urllib3-1.26.5-5.el9_4.1.noarch.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//python-urllib3-1.26.5-5.el9_4.1.src.rpm Related CVEs: CVE-2024-37891 Description of changes: [1.26.5-5.1] - Security fix for CVE-2024-37891 - Backport upstream patch to fix TypeError for http connection if the PoolManager - is instantiated with server_hostname Resolves: RHEL-49853 _______________________________________________ El-errata mailing list
Sep 04, 2024
•Important
Oracle
217
security advisorysecurity issuesoftware fixOracle Linux 8 ELSA-2024-3500 Moderate: Ruby 3.0 Security Fixes
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-3500 http://linux.oracle.com/errata/ELSA-2024-3500.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable LinuxNetwork: x86_64: ruby-3.0.7-143.module+el8.10.0+90343+d5e92a1d.i686.rpm ruby-3.0.7-143.module+el8.10.0+90343+d5e92a1d.x86_64.rpm ruby-default-gems-3.0.7-143.module+el8.10.0+90343+d5e92a1d.noarch.rpm ruby-devel-3.0.7-143.module+el8.10.0+90343+d5e92a1d.i686.rpm ruby-devel-3.0.7-143.module+el8.10.0+90343+d5e92a1d.x86_64.rpm ruby-doc-3.0.7-143.module+el8.10.0+90343+d5e92a1d.noarch.rpm rubygem-abrt-0.4.0-1.module+el8.10.0+90343+d5e92a1d.noarch.rpm rubygem-abrt-doc-0.4.0-1.module+el8.10.0+90343+d5e92a1d.noarch.rpm rubygem-bigdecimal-3.0.0-143.module+el8.10.0+90343+d5e92a1d.i686.rpm rubygem-bigdecimal-3.0.0-143.module+el8.10.0+90343+d5e92a1d.x86_64.rpm rubygem-bundler-2.2.33-143.module+el8.10.0+90343+d5e92a1d.noarch.rpm rubygem-io-console-0.5.7-143.module+el8.10.0+90343+d5e92a1d.i686.rpm rubygem-io-console-0.5.7-143.module+el8.10.0+90343+d5e92a1d.x86_64.rpm rubygem-irb-1.3.5-143.module+el8.10.0+90343+d5e92a1d.noarch.rpm rubygem-json-2.5.1-143.module+el8.10.0+90343+d5e92a1d.i686.rpm rubygem-json-2.5.1-143.module+el8.10.0+90343+d5e92a1d.x86_64.rpm rubygem-minitest-5.14.2-143.module+el8.10.0+90343+d5e92a1d.noarch.rpm rubygem-mysql2-0.5.3-2.module+el8.10.0+90343+d5e92a1d.x86_64.rpm rubygem-mysql2-doc-0.5.3-2.module+el8.10.0+90343+d5e92a1d.noarch.rpm rubygem-pg-1.2.3-1.module+el8.10.0+90343+d5e92a1d.x86_64.rpm rubygem-pg-doc-1.2.3-1.module+el8.10.0+90343+d5e92a1d.noarch.rpm rubygem-power_assert-1.2.1-143.module+el8.10.0+90343+d5e92a1d.noarch.rpm rubygem-psych-3.3.2-143.module+el8.10.0+90343+d5e92a1d.i686.rpm rubygem-psych-3.3.2-143.module+el8.10.0+90343+d5e92a1d.x86_64.rpm rubygem-rake-13.0.3-143.module+el8.10.0+90343+d5e92a1d.noarch.rpm rubygem-rbs-1.4.0-143.module+el8.10.0+90343+d5e92a1d.noarch.rpm rubygem-rdoc-6.3.4.1-143.module+el8.10.0+90343+d5e92a1d.noarch.rpm rubygem-rexml-3.2.5-143.module+el8.10.0+90343+d5e92a1d.noarch.rpm rubygem-rss-0.2.9-143.module+el8.10.0+90343+d5e92a1d.noarch.rpm rubygems-3.2.33-143.module+el8.10.0+90343+d5e92a1d.noarch.rpm rubygems-devel-3.2.33-143.module+el8.10.0+90343+d5e92a1d.noarch.rpm rubygem-test-unit-3.3.7-143.module+el8.10.0+90343+d5e92a1d.noarch.rpm rubygem-typeprof-0.15.2-143.module+el8.10.0+90343+d5e92a1d.noarch.rpm ruby-libs-3.0.7-143.module+el8.10.0+90343+d5e92a1d.i686.rpm ruby-libs-3.0.7-143.module+el8.10.0+90343+d5e92a1d.x86_64.rpm aarch64: ruby-3.0.7-143.module+el8.10.0+90343+d5e92a1d.aarch64.rpm ruby-default-gems-3.0.7-143.module+el8.10.0+90343+d5e92a1d.noarch.rpm ruby-devel-3.0.7-143.module+el8.10.0+90343+d5e92a1d.aarch64.rpm ruby-doc-3.0.7-143.module+el8.10.0+90343+d5e92a1d.noarch.rpm rubygem-abrt-0.4.0-1.module+el8.10.0+90343+d5e92a1d.noarch.rpm rubygem-abrt-doc-0.4.0-1.module+el8.10.0+90343+d5e92a1d.noarch.rpm rubygem-bigdecimal-3.0.0-143.module+el8.10.0+90343+d5e92a1d.aarch64.rpm rubygem-bundler-2.2.33-143.module+el8.10.0+90343+d5e92a1d.noarch.rpm rubygem-io-console-0.5.7-143.module+el8.10.0+90343+d5e92a1d.aarch64.rpm rubygem-irb-1.3.5-143.module+el8.10.0+90343+d5e92a1d.noarch.rpm rubygem-json-2.5.1-143.module+el8.10.0+90343+d5e92a1d.aarch64.rpm rubygem-minitest-5.14.2-143.module+el8.10.0+90343+d5e92a1d.noarch.rpm rubygem-mysql2-0.5.3-2.module+el8.10.0+90343+d5e92a1d.aarch64.rpm rubygem-mysql2-doc-0.5.3-2.module+el8.10.0+90343+d5e92a1d.noarch.rpm rubygem-pg-1.2.3-1.module+el8.10.0+90343+d5e92a1d.aarch64.rpm rubygem-pg-doc-1.2.3-1.module+el8.10.0+90343+d5e92a1d.noarch.rpm rubygem-power_assert-1.2.1-143.module+el8.10.0+90343+d5e92a1d.noarch.rpm rubygem-psych-3.3.2-143.module+el8.10.0+90343+d5e92a1d.aarch64.rpm rubygem-rake-13.0.3-143.module+el8.10.0+90343+d5e92a1d.noarch.rpm rubygem-rbs-1.4.0-143.module+el8.10.0+90343+d5e92a1d.noarch.rpm rubygem-rdoc-6.3.4.1-143.module+el8.10.0+90343+d5e92a1d.noarch.rpm rubygem-rexml-3.2.5-143.module+el8.10.0+90343+d5e92a1d.noarch.rpm rubygem-rss-0.2.9-143.module+el8.10.0+90343+d5e92a1d.noarch.rpm rubygems-3.2.33-143.module+el8.10.0+90343+d5e92a1d.noarch.rpm rubygems-devel-3.2.33-143.module+el8.10.0+90343+d5e92a1d.noarch.rpm rubygem-test-unit-3.3.7-143.module+el8.10.0+90343+d5e92a1d.noarch.rpm rubygem-typeprof-0.15.2-143.module+el8.10.0+90343+d5e92a1d.noarch.rpm ruby-libs-3.0.7-143.module+el8.10.0+90343+d5e92a1d.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//ruby-3.0.7-143.module+el8.10.0+90343+d5e92a1d.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//rubygem-abrt-0.4.0-1.module+el8.10.0+90343+d5e92a1d.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//rubygem-mysql2-0.5.3-2.module+el8.10.0+90343+d5e92a1d.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//rubygem-pg-1.2.3-1.module+el8.10.0+90343+d5e92a1d.src.rpm Related CVEs: CVE-2021-33621 CVE-2023-28755 CVE-2023-28756 CVE-2024-27280 CVE-2024-27281 CVE-2024-27282 Description of changes: ruby [3.0.7-143] - Fix Zlib test failures on s390x due to HW acceleration Related: RHEL-36189 [3.0.7-142] - Upgrade to Ruby 3.0.7. Resolves: RHEL-36189 - Fix HTTP response splitting in CGI. Resolves: RHEL-36193 - Fix ReDoS vulnerability in URI. Resolves: RHEL-36196 - Fix ReDoS vulnerability in Time. Resolves: RHEL-36205 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-36198 - Fix RCE vulnerability with .rdoc_options in RDoc. Resolves: RHEL-36200 - Fix arbitrary memory address read vulnerability with Regex search. Resolves: RHEL-36203 rubygem-abrt rubygem-mysql2 rubygem-pg _______________________________________________ El-errata mailing list
Jun 03, 2024
•Important
Oracle
217
security advisorysecurity updateinformation leakOracle Linux 8 ELSA-2024-0125 Critical: Tomcat Security Update
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-0125 https://linux.oracle.com/errata/ELSA-2024-0125.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: tomcat-9.0.62-27.el8_9.2.noarch.rpm tomcat-admin-webapps-9.0.62-27.el8_9.2.noarch.rpm tomcat-docs-webapp-9.0.62-27.el8_9.2.noarch.rpm tomcat-el-3.0-api-9.0.62-27.el8_9.2.noarch.rpm tomcat-jsp-2.3-api-9.0.62-27.el8_9.2.noarch.rpm tomcat-lib-9.0.62-27.el8_9.2.noarch.rpm tomcat-servlet-4.0-api-9.0.62-27.el8_9.2.noarch.rpm tomcat-webapps-9.0.62-27.el8_9.2.noarch.rpm aarch64: tomcat-9.0.62-27.el8_9.2.noarch.rpm tomcat-admin-webapps-9.0.62-27.el8_9.2.noarch.rpm tomcat-docs-webapp-9.0.62-27.el8_9.2.noarch.rpm tomcat-el-3.0-api-9.0.62-27.el8_9.2.noarch.rpm tomcat-jsp-2.3-api-9.0.62-27.el8_9.2.noarch.rpm tomcat-lib-9.0.62-27.el8_9.2.noarch.rpm tomcat-servlet-4.0-api-9.0.62-27.el8_9.2.noarch.rpm tomcat-webapps-9.0.62-27.el8_9.2.noarch.rpm SRPMS: https://oss.oracle.com:443/ol8/SRPMS-updates//tomcat-9.0.62-27.el8_9.2.src.rpm Related CVEs: CVE-2023-41080 CVE-2023-42794 CVE-2023-42795 CVE-2023-45648 Description of changes: [1:9.0.62-27.2] - Open Redirect vulnerability in FORM authentication (CVE-2023-41080) - FileUpload: DoS due to accumulation of temporary files on Windows (CVE-2023-42794) - improper cleaning of recycled objects could lead to information leak (CVE-2023-42795) - incorrectly parsed http trailer headers can cause request smuggling (CVE-2023-45648) _______________________________________________ El-errata mailing list
Jan 13, 2024
•Critical
Oracle
98
security advisorysecurity updatebug fixRedHat: RHSA-2023-2098-01 Moderate: Multicluster Engine Security Update
Multicluster Engine for Kubernetes 2.0.8 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Multicluster Engine for Kubernetes 2.0.8 security updates and bug fixes Advisory ID: RHSA-2023:2098-01 Product: multicluster engine for Kubernetes Advisory URL: https://access.redhat.com/errata/RHSA-2023:2098 Issue date: 2023-05-03 CVE Names: CVE-2022-4304 CVE-2022-4450 CVE-2022-25881 CVE-2023-0215 CVE-2023-0286 CVE-2023-0361 CVE-2023-0767 CVE-2023-23916 ==================================================================== 1. Summary: Multicluster Engine for Kubernetes 2.0.8 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. 2. Description: Multicluster Engine for Kubernetes 2.0.8 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Security fix(es): * CVE-2022-25881 http-cache-semantics: RegularExpression Denial of Service (ReDoS) vulnerability 3. Solution: For multicluster engine for Kubernetes, see the following documentation for details on how to install the images: https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/multicluster_engine/installing-while-connected-online 4. Bugs fixed (https://bugzilla.redhat.com/): 2165824 - CVE-2022-25881 http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability 5. References: https://access.redhat.com/security/cve/CVE-2022-4304 https://access.redhat.com/security/cve/CVE-2022-4450 https://access.redhat.com/security/cve/CVE-2022-25881 https://access.redhat.com/security/cve/CVE-2023-0215 https://access.redhat.com/security/cve/CVE-2023-0286 https://access.redhat.com/security/cve/CVE-2023-0361 https://access.redhat.com/security/cve/CVE-2023-0767 https://access.redhat.com/security/cve/CVE-2023-23916 https://access.redhat.com/security/updates/classification#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZFKfntzjgjWX9erEAQjzTRAAgbw6nyT8DYKVrPuDiHXl8jDs+/ti1oVT MWeeFOnyO89RIrJbGDgN6kcvNl91RZpGJey995jr/IsmVAgsKMPc2w7kkggl1/B8 eo8ZnA16W5Cv/mfyupOb8puL6U75epTQT4oAdS1cxfke+LRs/PZZvoxYcLRnTR21 Si9XVhh8/cGUCOFSQRRSa57CNLWxpm3da4zNyK9fSYjHQQOi759a1aeRiXTIL32c xXuzMwwjCusqh0moVnNH/zdyuBRWPfvIW9EzamsyVB+AZ7b/16bCq+z9KCXfYV9q r2Vf2ZAVaQ0pd4mS4zvXi2Mq4JQtHRMmVSN2b49K6ZjhlAL9PSATGtlQZnMx6tDt K58LrzMi0+J8JkCu5kn4CUmY4OZGUaggpZ7GPAR0+WxyG7Pk/yL87O7EhVSSEfA5 0L9LsgcJfSBIGHz1ij+Vs+ChuK8lMw62bPMRmH5udtHXe+4JUgJCJ5LemDIhxtw/ 0qQY7uChfK92SNfgqzZRGl1uY4nOLp9oonxK7LdU084sdWLBjQ2FZEaKLRLDulX7 ZJYP84XglXd7MNrSwTbxzQ7yObLkvufltR49+f02w3H3YDgMwYIxkVdyj+Om2ytF GLpRp8MxmJt2QsARFvGvl0NOU0vfS+bX1VUKQ/Tr3y09zySCbBHmswKAx2UGa4Xh LmjloF5IKn0=wZvw -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 03, 2023
Red Hat
203
security advisorymemory corruptionSubversionMageia 8: 2022-0140 Moderate: Subversion Memory Corruption Issue
SVN authz protected copyfrom paths regression. (CVE-2021-28544) Subversion's mod_dav_svn is vulnerable to memory corruption. (CVE-2022-24070) References: . MGASA-2022-0140 - Updated subversion packages fix security vulnerability Publication date: 13 Apr 2022 URL: https://advisories.mageia.org/MGASA-2022-0140.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-28544, CVE-2022-24070 SVN authz protected copyfrom paths regression. (CVE-2021-28544) Subversion's mod_dav_svn is vulnerable to memory corruption. (CVE-2022-24070) References: - https://bugs.mageia.org/show_bug.cgi?id=30274 - https://subversion.apache.org/security/CVE-2021-28544-advisory.txt - https://subversion.apache.org/security/CVE-2022-24070-advisory.txt - https://www.openwall.com/lists/oss-security/2022/04/12/2 - https://www.cve.org/CVERecord?id=CVE-2021-28544 - https://www.cve.org/CVERecord?id=CVE-2022-24070 SRPMS: - 8/core/subversion-1.14.2-1.mga8 . Updates for Subversion packages issued to resolve memory corruption vulnerabilities and path-related concerns. Urgent advisory for Mageia 8 users.. Mageia Security Update, Subversion Vulnerability, Memory Corruption Fix. . LinuxSecurity.com Team
Apr 13, 2022
Mageia
199
security advisorymoderatesystem securityCentOS 7 CESA-2021-1297 Moderate: Java-11-OpenJDK Update Details
Upstream details at : https://access.redhat.com/errata/RHSA-2021:1297. CentOS Errata and Security Advisory 2021:1297 Moderate Upstream details at : https://access.redhat.com/errata/RHSA-2021:1297 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: aba0487fc98846f969d23ad65f98b2fddc20c5a9ecbd166216fb523452d2cb47 java-11-openjdk-11.0.11.0.9-1.el7_9.i686.rpm 88ac66f78b2cf64dc6ea2d02f58193bd752cb598be4fa33a9328f2bf4d42de00 java-11-openjdk-11.0.11.0.9-1.el7_9.x86_64.rpm f72a7e95336d9380f37c46d2de0b736c876a15b4c1e7dbb4c351ca2552bbc411 java-11-openjdk-demo-11.0.11.0.9-1.el7_9.i686.rpm 02f897ee795a6592d97ca15c780cbdd6ca2bc2a793d53ef279ad3f01f27d472c java-11-openjdk-demo-11.0.11.0.9-1.el7_9.x86_64.rpm 7f18b428cb0449058380cba27d10eac85a6389b6c3393ef6454032f2dda04023 java-11-openjdk-devel-11.0.11.0.9-1.el7_9.i686.rpm 905c6cb39018d44fe1113513cbf517b142fbc537206ae23c0ce00c299f5e39a4 java-11-openjdk-devel-11.0.11.0.9-1.el7_9.x86_64.rpm 0b25bab3a8a0341d22387d3674f6676645e3d3d497d2de92de115a56fa012b1b java-11-openjdk-headless-11.0.11.0.9-1.el7_9.i686.rpm 19cc17be5a8b2b11edcbc35b6648252c7d5913d500ab82bda2d44c47f0d3f440 java-11-openjdk-headless-11.0.11.0.9-1.el7_9.x86_64.rpm 2b98912d64d86fdfe8af76dc95ea23e41332536c8e0ef98223e9a33f2d227f22 java-11-openjdk-javadoc-11.0.11.0.9-1.el7_9.i686.rpm 4c86c1c3d77ede8a23e4eef1b4c3e4de9e50b799ed8dc0e6a6091ff032631cf6 java-11-openjdk-javadoc-11.0.11.0.9-1.el7_9.x86_64.rpm e1b83152038966e7b6a720ab0871b052fb0dc4df9c843243ac9f34f68ff8a58f java-11-openjdk-javadoc-zip-11.0.11.0.9-1.el7_9.i686.rpm f63528cfd40b5a5fb0d1e92cd4b91403bab6d49b9bd38ad0aef9e293a98a4b2a java-11-openjdk-javadoc-zip-11.0.11.0.9-1.el7_9.x86_64.rpm 935642d829064a30780cd84c8e1ca654486d06cc675f9a06e246d6b366d333c5 java-11-openjdk-jmods-11.0.11.0.9-1.el7_9.i686.rpm a7cb9faf1648281d26c03a5952b9c015a6e302f5018328fa99f1cd9aafbf89c4 java-11-openjdk-jmods-11.0.11.0.9-1.el7_9.x86_64.rpm be2825be40e44e47e533b1d6e13b3145e41e073086a22147b77532548436e30d java-11-openjdk-src-11.0.11.0.9-1.el7_9.i686.rpm 0cb228d7dc8544ea720f5503724f929baf79d69d2a7d1eb9dd47cf361620788e java-11-openjdk-src-11.0.11.0.9-1.el7_9.x86_64.rpm 9592f2b746e7ef4c2e4fd13ac3fad913504fb720911df981e24b63bf2011a6e6 java-11-openjdk-static-libs-11.0.11.0.9-1.el7_9.i686.rpm b22aa8999bea98b78e5fb8b2195a94bb82daa9f6c9469ec768b019d741e439db java-11-openjdk-static-libs-11.0.11.0.9-1.el7_9.x86_64.rpm Source: 807bf8d96e8ae16140193c260c7eabaca2fd7ce8a1a929f344950bb5d6472d7b java-11-openjdk-11.0.11.0.9-1.el7_9.src.rpm -- Johnny Hughes CentOS Project { https://www.centos.org/ } irc: hughesjr, #
Apr 29, 2021
CentOS
98
security advisorymoderatesecurity updateRed Hat Enterprise Linux 7.4 RHSA-2021-0759-01 Moderate: Curl Heap Overflow
An update for curl is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: curl security update Advisory ID: RHSA-2021:0759-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0759 Issue date: 2021-03-09 CVE Names: CVE-2019-5482 ==================================================================== 1. Summary: An update for curl is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server TUS (v. 7.4) - x86_64 3. Description: The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1749652 - CVE-2019-5482 curl: heap buffer overflow in function tftp_receive_packet() 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.4): Source: curl-7.29.0-42.el7_4.3.src.rpm x86_64: curl-7.29.0-42.el7_4.3.x86_64.rpm curl-debuginfo-7.29.0-42.el7_4.3.i686.rpm curl-debuginfo-7.29.0-42.el7_4.3.x86_64.rpm libcurl-7.29.0-42.el7_4.3.i686.rpm libcurl-7.29.0-42.el7_4.3.x86_64.rpm libcurl-devel-7.29.0-42.el7_4.3.i686.rpm libcurl-devel-7.29.0-42.el7_4.3.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.4): Source: curl-7.29.0-42.el7_4.3.src.rpm ppc64le: curl-7.29.0-42.el7_4.3.ppc64le.rpm curl-debuginfo-7.29.0-42.el7_4.3.ppc64le.rpm libcurl-7.29.0-42.el7_4.3.ppc64le.rpm libcurl-devel-7.29.0-42.el7_4.3.ppc64le.rpm x86_64: curl-7.29.0-42.el7_4.3.x86_64.rpm curl-debuginfo-7.29.0-42.el7_4.3.i686.rpm curl-debuginfo-7.29.0-42.el7_4.3.x86_64.rpm libcurl-7.29.0-42.el7_4.3.i686.rpm libcurl-7.29.0-42.el7_4.3.x86_64.rpm libcurl-devel-7.29.0-42.el7_4.3.i686.rpm libcurl-devel-7.29.0-42.el7_4.3.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.4): Source: curl-7.29.0-42.el7_4.3.src.rpm x86_64: curl-7.29.0-42.el7_4.3.x86_64.rpm curl-debuginfo-7.29.0-42.el7_4.3.i686.rpm curl-debuginfo-7.29.0-42.el7_4.3.x86_64.rpm libcurl-7.29.0-42.el7_4.3.i686.rpm libcurl-7.29.0-42.el7_4.3.x86_64.rpm libcurl-devel-7.29.0-42.el7_4.3.i686.rpm libcurl-devel-7.29.0-42.el7_4.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-5482 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYEc+KtzjgjWX9erEAQjaaQ/+Lr8K0AbCYrNSMe+NukwaKzvfTM6cdJfN AzXKVCYIl9mqLPa6rJ7cKo5UsRh50r5SQAVmuWcHfcl5BM2jD+b8aPFqou9KUIFF hEZkk4Bv5lt5v7KHPWUxiVzVlxzXQWhY9aXGWT7ecZOvMK966wBUkIL4UrKQCpnR XQOyFhEMpzYPb2vVHoMNId4HIeyIg6fVB6sZ0bfsdsmL04q33cSKxh8JKqvRpKf9 gVJ+FUqxB29PvfXkkK7mO+zgZUMDsEptPFyY3Dc88qii1K+Us72mqjX+6bTv2L87 C6AXIlggib4n4Wkv9+X2if5DL71oVUHgks/l9i6MmFzokG2EdqDBhXLW7YF/UQYC xafZcjlpnyP27j8UxGQzgRhNXSoLoxtWnTSY9l3e9bdNU5l+697j9K0fsyEfVkSD qBv0hnWbUF4r3FjEMep4P3P61Kg29XsD6wSKrPEwTu2ayg26UEYTmzRdRaiqAreN 2I6tTE6DMLo4rT56c5WNZ5KXUh09y6ZdizVKeN5BRG5WJnzb/6ZqX6REKI3WqnCK YEcpO97vmfFVj7gk4pG56ELGK4leQVgRfouB0HqHooi/aUdJP+Zg7KK1Nva9/K7U 94tQDSgOLLWP6lmc+aLtgfufS3Te6m/M4OzNqS/SAWq7kYvjqr6wifQqoh1DlmE8 2xyplFDSXCY=WUAy -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 09, 2021
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!