Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 0 articles for you...
89
security advisoryFedoraconnection issueFedora: 28-38faa9a2a8 Critical: iwd Connection Issues Fix
iwd 2.15: Fix issue with notice events for connection timeouts. Fix issue with reason code and deauthenticate event. Fix issue with handling basename() functionality. libell 0.63:. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-38faa9a2a8 2024-03-08 01:53:53.708420 -------------------------------------------------------------------------------- Name : iwd Product : Fedora 38 Version : 2.15 Release : 1.fc38 URL : https://archive.kernel.org/oldwiki/iwd.wiki.kernel.org/ Summary : Wireless daemon for Linux Description : The daemon and utilities for controlling and configuring the Wi-Fi network hardware. -------------------------------------------------------------------------------- Update Information: iwd 2.15: Fix issue with notice events for connection timeouts. Fix issue with reason code and deauthenticate event. Fix issue with handling basename() functionality. libell 0.63: Fix issue with handling ending boundary of the PEM. -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 28 2024 Peter Robinson - 2.15-1 - Update to 2.15 * Sat Feb 10 2024 Peter Robinson - 2.14-1 - Update to 2.14 * Wed Jan 24 2024 Fedora Release Engineering - 2.13-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sat Jan 20 2024 Fedora Release Engineering - 2.13-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sun Jan 14 2024 Peter Robinson - 2.13-1 - Update to 2.13 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2264597 - TRIAGE CVE-2023-52161 iwd: potential authorization bypass [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2264597 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisoryFEDORA-2024-38faa9a2a8' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Mar 08, 2024
•Critical
Fedora
89
security advisoryFedoraupdate notificationKey Fedora 38 Update: FRRouting 8.5 Network Daemon Security Patch
New version 8.5. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-77d00facd0 2023-04-21 02:08:33.033801 --------------------------------------------------------------------------------Name : frr Product : Fedora 38 Version : 8.5 Release : 1.fc38 URL : https://www.frrouting.org/ Summary : Routing daemon Description : FRRouting is free software that manages TCP/IP based routing protocols. It takes a multi-server and multi-threaded approach to resolve the current complexity of the Internet. FRRouting supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD. FRRouting is a fork of Quagga. --------------------------------------------------------------------------------Update Information: New version 8.5 --------------------------------------------------------------------------------ChangeLog: * Wed Apr 12 2023 Michal Ruprich - 8.5-1 - New version 8.5 --------------------------------------------------------------------------------References: [ 1 ] Bug #2177783 - New versions of frr available https://bugzilla.redhat.com/show_bug.cgi?id=2177783 [ 2 ] Bug #2184469 - CVE-2022-36440 frr: Reachable assertion in peek_for_as4_capability function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2184469 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-77d00facd0' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list
Apr 21, 2023
•Important
Fedora
89
security advisorybuffer overflowFedoraFedora 31 FEDORA-2019-ff0f9ce167 Critical BIRD Buffer Overflow
BIRD 2.0.6 (2019-09-10) * BGP: Optional Adj-RIB-Out * BGP: Extended optional parameters length * Filter: Sets and set expressions in path masks * Several important bugfixes. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-ff0f9ce167 2019-09-16 00:00:38.936268 --------------------------------------------------------------------------------Name : bird Product : Fedora 31 Version : 2.0.6 Release : 1.fc31 URL : https://bird.network.cz/ Summary : BIRD Internet Routing Daemon Description : BIRD is a dynamic IP routing daemon supporting both, IPv4 and IPv6, Border Gateway Protocol (BGPv4), Routing Information Protocol (RIPv2, RIPng), Open Shortest Path First protocol (OSPFv2, OSPFv3), Babel Routing Protocol (Babel), Bidirectional Forwarding Detection (BFD), IPv6 router advertisements, static routes, inter-table protocol, command-line interface allowing on-line control and inspection of the status of the daemon, soft reconfiguration as well as a powerful language for route filtering. --------------------------------------------------------------------------------Update Information: BIRD 2.0.6 (2019-09-10) ======================= * RAdv: Solicited unicast RAs * BGP: Optional Adj-RIB-Out * BGP: Extended optional parameters length * Filter: Sets and set expressions in path masks * Several important bugfixes --------------------------------------------------------------------------------References: [ 1 ] Bug #1751031 - CVE-2019-16159 bird: incorrect logical expressionwhen checking the validity of an input message leads to stack-based buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=1751031 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-ff0f9ce167' at the command line. For more information, refer to the dnf documentationavailable at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Sep 15, 2019
•Critical
Fedora
197
security advisorydebianremote crashDebian: DLA-1805-1 Critical: Minissdpd Use After Free Issue
It was discovered that there was a use after free vulnerability in minissdpd, a network device discovery daemon. A remote attacker could abuse this to crash the process. . Package : minissdpd Version : 1.2.20130907-3+deb8u2 CVE ID : CVE-2019-12106 Debian Bug : #929297 It was discovered that there was a use after free vulnerability in minissdpd, a network device discovery daemon. A remote attacker could abuse this to crash the process. For Debian 8 "Jessie", this issue has been fixed in minissdpd version 1.2.20130907-3+deb8u2. We recommend that you upgrade your minissdpd packages. Regards, - -- ,'`. : :' : Chris Lamb `. `'`
May 26, 2019
•Critical
Debian LTS
89
security advisoryfedoracriticalFedora 28: FEDORA-2018-31c2a0b2ea Critical: Tinc Security Fix
Security fix for CVE-2018-16737, CVE-2018-16738, CVE-2018-16758. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-31c2a0b2ea 2018-12-27 01:50:28.953618 --------------------------------------------------------------------------------Name : tinc Product : Fedora 28 Version : 1.0.35 Release : 1.fc28 URL : http://www.tinc-vpn.org/ Summary : A virtual private network daemon Description : tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private network between hosts on the Internet. Because the tunnel appears to the IP level network code as a normal network device, there is no need to adapt any existing software. This tunnelling allows VPN sites to share information with each other over the Internet without exposing any information to others. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2018-16737, CVE-2018-16738, CVE-2018-16758 --------------------------------------------------------------------------------ChangeLog: * Tue Dec 18 2018 Fabian Affolter - 1.0.35-1 - Fix for CVE-2018-16737, CVE-2018-16738 and CVE-2018-16758 - Update to new upstream version 1.0.35 * Fri Oct 26 2018 Fabian Affolter - 1.0.34-1 - Update to new upstream version 1.0.34 * Sat Jul 14 2018 Fedora Release Engineering - 1.0.33-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Thu Mar 8 2018 Fabian Affolter - 1.0.33-3 - Fix BR --------------------------------------------------------------------------------References: [ 1 ] Bug #1637483 - CVE-2018-16737 CVE-2018-16738 CVE-2018-16758 tinc: Multiple issues fixed in the 1.0.35 release [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1637483 [ 2 ] Bug #1637482 - CVE-2018-16737 CVE-2018-16738 CVE-2018-16758 tinc: Multiple issues fixed in the 1.0.35 release [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1637482 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-31c2a0b2ea' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Dec 27, 2018
•Critical
Fedora
197
security advisoryupdatedebianDebian: DLA-1539-1 Moderate Security Flaw in Tinc and Encryption Issue
Several vulnerabilities were discovered in tinc, a Virtual Private Network (VPN) daemon. The Common Vulnerabilities and Exposures project identifies the following problems: . Package : tinc Version : 1.0.24-2+deb8u1 CVE ID : CVE-2018-16737 CVE-2018-16758 Several vulnerabilities were discovered in tinc, a Virtual Private Network (VPN) daemon. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-16737 Michael Yonli discovered a flaw in the implementation of the authentication protocol that could allow a remote attacker to establish an authenticated, one-way connection with another node. CVE-2018-16758 Michael Yonli discovered that a man-in-the-middle that has intercepted a TCP connection might be able to disable encryption of UDP packets sent by a node. For Debian 8 "Jessie", these problems have been fixed in version 1.0.24-2+deb8u1. We recommend that you upgrade your tinc packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- Met vriendelijke groet / with kind regards, Guus Sliepen . Package : tinc Version : 1.0.24-2+deb8u1 CVE ID : CVE-2018-16737 CVE-2018-16758 Several vulnerabilit. vulnerabilities, virtual, private, network, (vpn), daemon, common. . Severity: Important. LinuxSecurity.com Team
Oct 08, 2018
•Important
Debian LTS
91
security advisoryGentooprivilege escalationGentoo: GLSA-201111-08 High: radvd Privilege Escalation and DoS Threat
Multiple vulnerabilities have been found in radvd which could potentially lead to privilege escalation, data loss, or a Denial of Service. [More...]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: radvd: Multiple vulnerabilities Date: November 20, 2011 Bugs: #385967 ID: 201111-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in radvd which could potentially lead to privilege escalation, data loss, or a Denial of Service. Background ========= radvd is an IPv6 router advertisement daemon for Linux and BSD. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/radvd < 1.8.2 > = 1.8.2 Description ========== Multiple vulnerabilities have been discovered in radvd. Please review the CVE identifiers referenced below for details. Impact ===== A remote unauthenticated attacker may be able to gain escalated privileges, escalate the privileges of the radvd process, overwrite files with specific names, or cause a Denial of Service. Local attackers may be able to overwrite the contents of arbitrary files using symlinks. Workaround ========= There is no known workaround at this time. Resolution ========= All radvd users should upgrade to the latest stable version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-misc/radvd-1.8.2" References ========= [ 1 ] CVE-2011-3601 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3601 [2 ] CVE-2011-3602 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3602 [ 3 ] CVE-2011-3603 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3603 [ 4 ] CVE-2011-3604 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3604 [ 5 ] CVE-2011-3605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3605 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201111-08 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Nov 20, 2011
Gentoo
99
security advisorymoderateslackwareSlackware 12.0: 2007-255-01 Moderate: Openssh Security Fix
New openssh packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, and 12.0 to fix a possible security issue. This version should also provide increased performance with certain ciphers. More details about this issue may be found in the Common . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] openssh (SSA:2007-255-01) New openssh packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, and 12.0 to fix a possible security issue. This version should also provide increased performance with certain ciphers. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: https://www.cve.org/CVERecord?id=CVE-2007-4752 Here are the details from the Slackware 12.0 ChangeLog: +--------------------------+ patches/packages/openssh-4.7p1-i486-1_slack12.0.tgz: Upgraded to openssh-4.7p1. From the OpenSSH release notes: "Security bugs resolved in this release: Prevent ssh(1) from using a trusted X11 cookie if creation of an untrusted cookie fails; found and fixed by Jan Pechanec." While it's fair to say that we here at Slackware don't see how this could be leveraged to compromise a system, a) the OpenSSH people (who presumably understand the code better) characterize this as a security bug, b) it has been assigned a CVE entry, and c) OpenSSH is one of the most commonly used network daemons. Better safe than sorry. More information should appear here eventually: https://www.cve.org/CVERecord?id=CVE-2007-4752 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com. Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating additional FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 8.1: Updated package for Slackware 9.0: Updated package for Slackware 9.1: Updated package for Slackware 10.0: Updated package for Slackware 10.1: Updated package for Slackware 10.2: Updated package for Slackware 11.0: Updated package for Slackware 12.0: MD5 signatures: +-------------+ Slackware 8.1 package: 25e0189c2bc95eea8bb16765754ecea1 openssh-4.7p1-i386-1_slack8.1.tgz Slackware 9.0 package: 7505d255c41ef230253c717cc26ccbdb openssh-4.7p1-i386-1_slack9.0.tgz Slackware 9.1 package: df85c1d9b38e013299a3836bb9c27132 openssh-4.7p1-i486-1_slack9.1.tgz Slackware 10.0 package: da0ca9a9fe19b6a957841c713f1741c3 openssh-4.7p1-i486-1_slack10.0.tgz Slackware 10.1 package: bde00df8778cd0493c3c0b725723a0c8 openssh-4.7p1-i486-1_slack10.1.tgz Slackware 10.2 package: 882aefa12a491338232d062e1ae3a728 openssh-4.7p1-i486-1_slack10.2.tgz Slackware 11.0 package: 3a39b28ceffc200fee92ebe78e259e92 openssh-4.7p1-i486-1_slack11.0.tgz Slackware 12.0 package: 405be96f426dde59c0fd0cb55eaa555f openssh-4.7p1-i486-1_slack12.0.tgz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg openssh-4.7p1-i486-1_slack12.0.tgz +-----+ . Enhanced OpenSSH packages for Slackware resolve security vulnerabilities and boost efficiency with specific encryption algorithms.. Openssh Updates, Slackware Security Advisory, Network Daemon Fix, Performance Enhancement. . Severity: Important. LinuxSecurity.com Team
Sep 12, 2007
•Important
Slackware
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!