Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
202
security advisorymoderatesecurity updateopenSUSE: 2021:0461-1 Moderate: PackageKit Security Fix
An update that fixes 5 vulnerabilities is now available. . openSUSE Security Update: Security update for privoxy ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:0460-1 Rating: moderate References: #1183129 Cross-References: CVE-2021-20272 CVE-2021-20273 CVE-2021-20274 CVE-2021-20275 CVE-2021-20276 CVSS scores: CVE-2021-20272 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-20273 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-20274 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-20275 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-20276 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP2 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for privoxy fixes the following issues: Update to version 3.0.32: - Security/Reliability (boo#1183129) - ssplit(): Remove an assertion that could be triggered with a crafted CGI request. Commit 2256d7b4d67. OVE-20210203-0001. CVE-2021-20272 Reported by: Joshua Rogers (Opera) - cgi_send_banner(): Overrule invalid image types. Prevents a crash with a crafted CGI request if Privoxy is toggled off. Commit e711c505c48. OVE-20210206-0001. CVE-2021-20273 Reported by: Joshua Rogers (Opera) - socks5_connect(): Don't try to send credentials when none are configured. Fixes a crash due to a NULL-pointer dereference when the socks server misbehaves. Commit 85817cc55b9. OVE-20210207-0001. CVE-2021-20274 Reported by: Joshua Rogers (Opera) - chunked_body_is_complete(): Prevent an invalid read of size two. Commit a912ba7bc9c. OVE-20210205-0001. CVE-2021-20275 Reported by: Joshua Rogers (Opera) - Obsolete pcre: Prevent invalid memory accesses with an invalid pattern passed to pcre_compile(). Note that the obsolete pcre code is scheduled to be removed before the 3.0.33 release. There has been a warning since 2008 already. Commit 28512e5b624. OVE-20210222-0001. CVE-2021-20276 Reported by: Joshua Rogers (Opera) - Bug fixes: - Properly parse the client-tag-lifetime directive. Previously it was not accepted as an obsolete hash value was being used. Reported by: Joshua Rogers (Opera) - decompress_iob(): Prevent reading of uninitialized data. Reported by: Joshua Rogers (Opera). - decompress_iob(): Don't advance cur past eod when looking for the end of the file name and comment. - decompress_iob(): Cast value to unsigned char before shifting. Prevents a left-shift of a negative value which is undefined behaviour. Reported by: Joshua Rogers (Opera) - gif_deanimate(): Confirm that that we have enough data before doing any work. Fixes a crash when fuzzing with an empty document. Reported by: Joshua Rogers (Opera). - buf_copy(): Fail if there's no data to write or nothing to do. Prevents undefined behaviour "applying zero offset to null pointer". Reported by: Joshua Rogers (Opera) - log_error(): Treat LOG_LEVEL_FATAL as fatal even when --stfu is being used while fuzzing. Reported by: Joshua Rogers (Opera). - Respect DESTDIR when considering whether or not to install config files with ".new" extension. - OpenSSL ssl_store_cert(): Fix two error messages. - Fix a couple of format specifiers. - Silence compiler warnings when compiling with NDEBUG. - fuzz_server_header(): Fix compiler warning. - fuzz_client_header(): Fix compiler warning. - cgi_send_user_manual(): Alsoreject requests if the user-manual directive specifies a https:// URL. Previously Privoxy would try and fail to open a local file. - General improvements: - Log the TLS version and the the cipher when debug 2 is enabled. - ssl_send_certificate_error(): Respect HEAD requests by not sending a body. - ssl_send_certificate_error(): End the body with a single new line. - serve(): Increase the chances that the host is logged when closing a server socket. - handle_established_connection(): Add parentheses to clarify an expression Suggested by: David Binderman - continue_https_chat(): Explicitly unset CSP_FLAG_CLIENT_CONNECTION_KEEP_ALIVE if process_encrypted_request() fails. This makes it more obvious that the connection will not be reused. Previously serve() relied on CSP_FLAG_SERVER_CONTENT_LENGTH_SET and CSP_FLAG_CHUNKED being unset. Inspired by a patch from Joshua Rogers (Opera). - decompress_iob(): Add periods to a couple of log messages - Terminate the body of the HTTP snipplets with a single new line instead of "\r\n". - configure: Add --with-assertions option and only enable assertions when it is used - windows build: Use --with-brotli and --with-mbedtls by default and enable dynamic error checking. - gif_deanimate(): Confirm we've got an image before trying to write it Saves a pointless buf_copy() call. - OpenSSL ssl_store_cert(): Remove a superfluous space before the serial number. - Action file improvements: - Disable fast-redirects for .golem.de/ - Unblock requests to adri*. - Block requests for trc*.taboola.com/ - Disable fast-redirects for .linkedin.com/ - Filter file improvements: - Make the second pcrs job of the img-reorder filter greedy again. The ungreedy version broke the img tags on: . -Privoxy-Log-Parser: - Highlight a few more messages. - Clarify the --statistics output. The shown "Reused connections" are server connections so name them appropriately. - Bump version to 0.9.3. - Privoxy-Regression-Test: - Add the --check-bad-ssl option to the --help output. - Bump version to 0.7.3. - Documentation: - Add pushing the created tag to the release steps in the developer manual. - Clarify that 'debug 32768' should be used in addition to the other debug directives when reporting problems. - Add a 'Third-party licenses and copyrights' section to the user manual. This update was imported from the openSUSE:Leap:15.2:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP2: zypper in -t patch openSUSE-2021-460=1 Package List: - openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64): privoxy-3.0.32-bp152.4.9.1 - openSUSE Backports SLE-15-SP2 (noarch): privoxy-doc-3.0.32-bp152.4.9.1 References: https://www.suse.com/security/cve/CVE-2021-20272.html https://www.suse.com/security/cve/CVE-2021-20273.html https://www.suse.com/security/cve/CVE-2021-20274.html https://www.suse.com/security/cve/CVE-2021-20275.html https://www.suse.com/security/cve/CVE-2021-20276.html https://bugzilla.suse.com/1183129 . This Debian Security Update addresses various vulnerabilities in the Samba software, boosting system defenses significantly.. Privoxy Update, OpenSUSE Security Fix, Network Privacy. . LinuxSecurity.com Team
Mar 21, 2021
OpenSUSE
89
security advisoryFedorasecurity fixFedora 31: FEDORA-2020-3eef0246a7 Critical Security Fix for Links
--------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-3eef0246a7 2020-01-31 01:59:12.858416 --------------------------------------------------------------------------------Name : links Product : Fedora 31 Version : 2.20.2 Release : 1.fc31 URL : http://links.twibright.com/ Summary : Web browser running in both graphics and text mode Description : Links is a web browser capable of running in either graphics or text mode. It provides a pull-down menu system, renders complex pages, has partial HTML 4.0 support (including tables, frames and support for multiple character sets and UTF-8), supports color and monochrome terminals and allows horizontal scrolling. --------------------------------------------------------------------------------Update Information: Update to a new version. Security bug fixed: when links was connected to tor, it would send real dns requests outside the tor network when the displayed page contains . --------------------------------------------------------------------------------ChangeLog: * Sun Jan 19 2020 Lubomir Rintel - 1:2.20.2-1 - New release --------------------------------------------------------------------------------References: [ 1 ] Bug #1696464 - links-2.20.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1696464 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-3eef0246a7' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jan 30, 2020
•Critical
Fedora
89
security advisoryFedorasecurity fixFedora 27: 2018-8b33bd7abf Moderate: Tor Privacy Update
Update to latest version. Security-Fixes TROVE-2018-001, TROVE-2018-002,. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-8b33bd7abf 2018-03-12 19:02:51.236775 --------------------------------------------------------------------------------Name : tor Product : Fedora 27 Version : 0.3.1.10 Release : 1.fc27 URL : https://www.torproject.org Summary : Anonymizing overlay network for TCP Description : The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than making a direct connection, thus allowing both organizations and individuals to share information over public networks without compromising their privacy. Along the same line, Tor is an effective censorship circumvention tool, allowing its users to reach otherwise blocked destinations or content. Tor can also be used as a building block for software developers to create new communication tools with built-in privacy features. This package contains the Tor software that can act as either a server on the Tor network, or as a client to connect to the Tor network. --------------------------------------------------------------------------------Update Information: Update to latest version. Security-Fixes TROVE-2018-001, TROVE-2018-002, --------------------------------------------------------------------------------References: [ 1 ] Bug #1532909 - tor-0.3.2.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1532909 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade tor' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed withthe Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Mar 12, 2018
•Important
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!