Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
100
security advisorysoftware updateimportantSUSE: 2021:0154-1 Critical: Open-Iscsi Buffer Overflow Patches
An update that contains security fixes can now be installed. . SUSE Security Update: Security update for open-iscsi ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0127-1 Rating: important References: #1179440 #1179908 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for open-iscsi fixes the following issues: - Updated to upstream version 2.1.3 as 2.1.3-suse, for bsc#1179908, including: * uip: check for TCP urgent pointer past end of frame * uip: check for u8 overflow when processing TCP options * uip: check for header length underflow during checksum calculation * fwparam_ppc: Fix memory leak in fwparam_ppc.c * iscsiuio: Remove unused macro IFNAMSIZ defined in iscsid_ipc.c * fwparam_ppc: Fix illegal memory access in fwparam_ppc.c * sysfs: Verify parameter of sysfs_device_get() * fwparam_ppc: Fix NULL pointer dereference in find_devtree() * open-iscsi: Clean user_param list when process exit * iscsi_net_util: Fix NULL pointer dereference in find_vlan_dev() * open-iscsi: Fix NULL pointer dereference in mgmt_ipc_read_req() * open-iscsi: Fix invalid pointer deference in find_initiator() * iscsiuio: Fix invalid parameter when call fstat() * iscsi-iname: Verify open() return value before calling read() * iscsi_sysfs: Fix NULL pointer deference in iscsi_sysfs_read_iface - Updatged to latest upstream, including: * iscsiadm: Optimize the the verification of mode paramters * iscsid: Poll timeout value to 1 minute for iscsid * iscsiadm: fix host stats mode coredump * iscsid: fix logging level when starting and shutting down daemon * Updated iscsiadm man page. * Fix memory leak in sysfs_get_str *libopeniscsiusr: Compare with max int instead of max long - Systemd unit files should not depend on network.target (bsc#1179440). - Updated to latest upstream, including async login ability: * Implement login "no_wait" for iscsiadm NODE mode * iscsiadm buffer overflow regression when discovering many targets at once * iscsid: Check Invalid Session id for stop connection * Add ability to attempt target logins asynchronously - %service_del_postun_without_restart is now available on SLE More accurately it's been introduced in SLE12-SP2+ and SLE15+ Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-127=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): iscsiuio-0.7.8.6-22.6.1 iscsiuio-debuginfo-0.7.8.6-22.6.1 libopeniscsiusr0_2_0-2.1.3-22.6.1 libopeniscsiusr0_2_0-debuginfo-2.1.3-22.6.1 open-iscsi-2.1.3-22.6.1 open-iscsi-debuginfo-2.1.3-22.6.1 open-iscsi-debugsource-2.1.3-22.6.1 open-iscsi-devel-2.1.3-22.6.1 References: https://bugzilla.suse.com/1179440 https://bugzilla.suse.com/1179908 . SUSE Security Patch for open-iscsi: Critical updates addressing memory leaks and security flaws. Update your system promptly!. open-iscsi Security Fix,SUSE Linux Update,Memory Leak Fix,Network Security Enhancements. . Severity: Important. LinuxSecurity.com Team
Jan 14, 2021
•Important
SuSE
89
security advisoryupdatecriticalFedora: 2015-5729 Critical Update: Enhancements for Tor Network
Update to upstream release 0.2.5.12.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-5729 2015-04-08 03:25:59 -------------------------------------------------------------------------------- Name : tor Product : Fedora 21 Version : 0.2.5.12 Release : 1.fc21 URL : https://www.torproject.org Summary : Anonymizing overlay network for TCP (The onion router) Description : Tor is a connection-based low-latency anonymous communication system. Applications connect to the local Tor proxy using the SOCKS protocol. The local proxy chooses a path through a set of relays, in which each relay knows its predecessor and successor, but no others. Traffic flowing down the circuit is unwrapped by a symmetric key at each relay, which reveals the downstream relay. Warnings: Tor does no protocol cleaning. That means there is a danger that application protocols and associated programs can be induced to reveal information about the initiator. Tor depends on Privoxy and similar protocol cleaners to solve this problem. This is alpha code, and is even more likely than released code to have anonymity-spoiling bugs. The present network is very small -- this further reduces the strength of the anonymity provided. Tor is not presently suitable for high-stakes anonymity. -------------------------------------------------------------------------------- Update Information: Update to upstream release 0.2.5.12. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 7 2015 Jamie Nguyen - 0.2.5.12-1 - update to upstream release 0.2.5.12 * Mon Mar 23 2015 Jamie Nguyen - 0.2.5.11-1 - update to upstream release 0.2.5.11 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1209804 - CVE-2015-2928 CVE-2015-2929 tor: multiple issues fixed in the new upstream releases https://bugzilla.redhat.com/show_bug.cgi?id=1209804 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update tor' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Apr 18, 2015
•Critical
Fedora
89
security advisoryFedora Coreupdate informationFedora Core 4: Essential DNF Upgrade - FEDORA-2006-037 Information
Please see RPM Changelog for fixes and new features since the last version.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-024 2005-01-17 ---------------------------------------------------------------------Product : Fedora Core 3 Name : NetworkManager Version : 0.3.3 Release : 1.cvs20050112.1.fc3 Summary : Network link manager and user applications Description : NetworkManager attempts to keep an active network connection available at all times. It is intended only for the desktop use-case, and is not intended for usage on servers. The point of NetworkManager is to make networking configuration and setup as painless and automatic as possible. If using DHCP, NetworkManager is _intended_ to replace default routes, obtain IP addresses from a DHCP server, and change nameservers whenever it sees fit. ---------------------------------------------------------------------Update Information: Please see RPM Changelog for fixes and new features since the last version. ---------------------------------------------------------------------* Wed Jan 12 2005 - 0.3.3-1.cvs20050112 - Update to latest CVS - Fixes to DHCP code - Link-Local (ZeroConf/Rendezvous) support - Use bind in "caching-nameserver" mode to work around stupidity in glibc's resolver library not recognizing resolv.conf changes - #rh144818# Clean up the specfile (Patch from Matthias Saou) - Ad-Hoc mode support with Link-Local addressing only (for now) - Fixes for device activation race conditions - Wireless scanning in separate thread * Wed Dec 08 2004 - 0.3.2-4.3.cvs20041208 - Update to CVS - Updates to link detection, DHCP code - Remove NMLaunchHelper so we start up faster and don't block for a connection. This means services that depend on the network may fail if they start right after NM - Make sure DHCP renew/rebinding works * Wed Nov 17 2004 - 0.3.2-3.cvs20041117 - Update toCVS - Fixes to link detection - Better detection of non-ESSID-broadcasting access points - Don't dialog-spam the user if a connection fails * Thu Nov 11 2004 - 0.3.2-2.cvs20041115 - Update to CVS - Much better link detection, works with Open System authentication - Blacklist wireless cards rather than whitelisting them ---------------------------------------------------------------------This update can be downloaded from: 120d5dfca93e09f3d5e48b2323789dcd SRPMS/NetworkManager-0.3.3-1.cvs20050112.1.fc3.src.rpm a34c22b08435cd9925b4642ae985afcc x86_64/NetworkManager-0.3.3-1.cvs20050112.1.fc3.x86_64.rpm b39d06af8181800df39ff1ee6dd625df x86_64/NetworkManager-gnome-0.3.3-1.cvs20050112.1.fc3.x86_64.rpm af4d5f7ac140e9bf8bca1db9a07ba7a1 x86_64/NetworkManager-devel-0.3.3-1.cvs20050112.1.fc3.x86_64.rpm de3957abf7fb05d921abe45fc1214eba x86_64/debug/NetworkManager-debuginfo-0.3.3-1.cvs20050112.1.fc3.x86_64.rpm 0ba98fa744b63d938a7d656fe3f1f990 i386/NetworkManager-0.3.3-1.cvs20050112.1.fc3.i386.rpm 77771988a21cedc5c6e598551617924b i386/NetworkManager-gnome-0.3.3-1.cvs20050112.1.fc3.i386.rpm a8920c8f4028cf218e0d7cf5da6868c0 i386/NetworkManager-devel-0.3.3-1.cvs20050112.1.fc3.i386.rpm 6fdbcb5df907ce7bd5162beb282c3055 i386/debug/NetworkManager-debuginfo-0.3.3-1.cvs20050112.1.fc3.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- --fedora-announce-list mailing list
Jan 17, 2005
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!