Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
89
security advisoryFedoraCVE fixFedora 42: FEDORA-2025-dd7e746aac moderate: iputils signed overflow
Fix for CVE-2025-47268. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-dd7e746aac 2025-05-20 01:12:55.947764+00:00 -------------------------------------------------------------------------------- Name : iputils Product : Fedora 42 Version : 20240905 Release : 4.fc42 URL : https://github.com/iputils/iputils Summary : Network monitoring tools including ping Description : The iputils package contains basic utilities for monitoring a network, including ping. The ping command sends a series of ICMP protocol ECHO_REQUEST packets to a specified network host to discover whether the target machine is alive and receiving network traffic. -------------------------------------------------------------------------------- Update Information: Fix for CVE-2025-47268 -------------------------------------------------------------------------------- ChangeLog: * Sat May 17 2025 Kevin Fenzi - 20240905-4 - Add upstream patch for CVE-2025-47268. -------------------------------------------------------------------------------- References: [ 1 ] Bug #2364304 - CVE-2025-47268 iputils: Signed Integer Overflow in Timestamp Multiplication in iputils ping [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2364304 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-dd7e746aac' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
May 20, 2025
Fedora
98
security advisorymoderatesecurity fixRed Hat Enterprise Linux 9 RHSA-2023:2444 Moderate: net-snmp Update
An update for net-snmp is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: net-snmp security and bug fix update Advisory ID: RHSA-2023:2444-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2444 Issue date: 2023-05-09 CVE Names: CVE-2022-44792 CVE-2022-44793 ==================================================================== 1. Summary: An update for net-snmp is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 3. Description: The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser. Security Fix(es): * net-snmp: NULL Pointer Exception when handling ipDefaultTTL (CVE-2022-44792) * net-snmp: NULL Pointer Exception when handling pv6IpForwarding (CVE-2022-44793) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in theReferences section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2141897 - CVE-2022-44792 net-snmp: NULL Pointer Exception when handling ipDefaultTTL 2141898 - CVE-2022-44793 net-snmp: NULL Pointer Exception when handling pv6IpForwarding 2151540 - Memory leak when IPv6 is disabled through ipv6.disable=1 [RHEL-9] 6. Package List: Red Hat Enterprise Linux AppStream (v.9): Source: net-snmp-5.9.1-9.el9.src.rpm aarch64: net-snmp-5.9.1-9.el9.aarch64.rpm net-snmp-agent-libs-5.9.1-9.el9.aarch64.rpm net-snmp-agent-libs-debuginfo-5.9.1-9.el9.aarch64.rpm net-snmp-debuginfo-5.9.1-9.el9.aarch64.rpm net-snmp-debugsource-5.9.1-9.el9.aarch64.rpm net-snmp-devel-5.9.1-9.el9.aarch64.rpm net-snmp-libs-5.9.1-9.el9.aarch64.rpm net-snmp-libs-debuginfo-5.9.1-9.el9.aarch64.rpm net-snmp-perl-5.9.1-9.el9.aarch64.rpm net-snmp-perl-debuginfo-5.9.1-9.el9.aarch64.rpm net-snmp-utils-5.9.1-9.el9.aarch64.rpm net-snmp-utils-debuginfo-5.9.1-9.el9.aarch64.rpm python3-net-snmp-5.9.1-9.el9.aarch64.rpm python3-net-snmp-debuginfo-5.9.1-9.el9.aarch64.rpm ppc64le: net-snmp-5.9.1-9.el9.ppc64le.rpm net-snmp-agent-libs-5.9.1-9.el9.ppc64le.rpm net-snmp-agent-libs-debuginfo-5.9.1-9.el9.ppc64le.rpm net-snmp-debuginfo-5.9.1-9.el9.ppc64le.rpm net-snmp-debugsource-5.9.1-9.el9.ppc64le.rpm net-snmp-devel-5.9.1-9.el9.ppc64le.rpm net-snmp-libs-5.9.1-9.el9.ppc64le.rpm net-snmp-libs-debuginfo-5.9.1-9.el9.ppc64le.rpm net-snmp-perl-5.9.1-9.el9.ppc64le.rpm net-snmp-perl-debuginfo-5.9.1-9.el9.ppc64le.rpm net-snmp-utils-5.9.1-9.el9.ppc64le.rpm net-snmp-utils-debuginfo-5.9.1-9.el9.ppc64le.rpm python3-net-snmp-5.9.1-9.el9.ppc64le.rpm python3-net-snmp-debuginfo-5.9.1-9.el9.ppc64le.rpm s390x: net-snmp-5.9.1-9.el9.s390x.rpm net-snmp-agent-libs-5.9.1-9.el9.s390x.rpm net-snmp-agent-libs-debuginfo-5.9.1-9.el9.s390x.rpm net-snmp-debuginfo-5.9.1-9.el9.s390x.rpm net-snmp-debugsource-5.9.1-9.el9.s390x.rpm net-snmp-devel-5.9.1-9.el9.s390x.rpm net-snmp-libs-5.9.1-9.el9.s390x.rpm net-snmp-libs-debuginfo-5.9.1-9.el9.s390x.rpm net-snmp-perl-5.9.1-9.el9.s390x.rpm net-snmp-perl-debuginfo-5.9.1-9.el9.s390x.rpm net-snmp-utils-5.9.1-9.el9.s390x.rpm net-snmp-utils-debuginfo-5.9.1-9.el9.s390x.rpm python3-net-snmp-5.9.1-9.el9.s390x.rpm python3-net-snmp-debuginfo-5.9.1-9.el9.s390x.rpm x86_64: net-snmp-5.9.1-9.el9.x86_64.rpm net-snmp-agent-libs-5.9.1-9.el9.i686.rpm net-snmp-agent-libs-5.9.1-9.el9.x86_64.rpm net-snmp-agent-libs-debuginfo-5.9.1-9.el9.i686.rpm net-snmp-agent-libs-debuginfo-5.9.1-9.el9.x86_64.rpm net-snmp-debuginfo-5.9.1-9.el9.i686.rpm net-snmp-debuginfo-5.9.1-9.el9.x86_64.rpm net-snmp-debugsource-5.9.1-9.el9.i686.rpm net-snmp-debugsource-5.9.1-9.el9.x86_64.rpm net-snmp-devel-5.9.1-9.el9.i686.rpm net-snmp-devel-5.9.1-9.el9.x86_64.rpm net-snmp-libs-5.9.1-9.el9.i686.rpm net-snmp-libs-5.9.1-9.el9.x86_64.rpm net-snmp-libs-debuginfo-5.9.1-9.el9.i686.rpm net-snmp-libs-debuginfo-5.9.1-9.el9.x86_64.rpm net-snmp-perl-5.9.1-9.el9.x86_64.rpm net-snmp-perl-debuginfo-5.9.1-9.el9.i686.rpm net-snmp-perl-debuginfo-5.9.1-9.el9.x86_64.rpm net-snmp-utils-5.9.1-9.el9.x86_64.rpm net-snmp-utils-debuginfo-5.9.1-9.el9.i686.rpm net-snmp-utils-debuginfo-5.9.1-9.el9.x86_64.rpm python3-net-snmp-5.9.1-9.el9.x86_64.rpm python3-net-snmp-debuginfo-5.9.1-9.el9.i686.rpm python3-net-snmp-debuginfo-5.9.1-9.el9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-44792 https://access.redhat.com/security/cve/CVE-2022-44793 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.2_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBZFo1AdzjgjWX9erEAQiWoQ/9GH6NfbdIwr7uyrETjiuDbpN52WroCAhd ZK+aQ+z2rqAz3NdeC8DDTeAjkBbzFI9CAJhsX8zmlrP+XYoDts+aYdxNLOGdNYrp d1/BG1r/tVNn1Qy8bczccwZwuTHi1db5A/dJ5h7U7OkfpV0+ZZjxYuPGEryjFXG6 eSugl2ZSzPmKyNelJuDIiAQ2GT0eiAdssGTnKpdCNPb8nGLh9so1wsAKIXJmHiNv D1i5auRn+T1QDiulxIwPjt4qFddjlqVBI41ey5UWyHwJoFRKTvbZxvH00tP4IAZP pMZLfamQBMktLyZi7/Le4N1l6MaxGz7lfMf0Luf1r1ctip9C7eLyw4bjQjvfS+2c yJJpgq9c1Z3aGLC2ShJ7Q67GVZ4gTDWcRBnSubDLypcgmP4f6F3CO5ogHtfs+Yye l0ZYTNU9NGLgaY28vMyA2TC+135JriMc3ql2IXjW6c0Hou78THXelLyYr01jl84S Kggm8C3u6HDnPZq5Dy9HpCBFC2/FmpdM14mnYUEl9DslcC5RTDue2tgySCjFFuQd whlY/rzMCD+dQkZtuyeScqcCcQZDvrYZqTx8Rx2eRQZygeq566KYushPYitwqmSt d6WHzY9B3iKDc0hKYbwn7B2z20KksJIr0ODyK6/5fkKH/61f5zbMY70u5sYrDQYS hf9/dDcwToU=prUV -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 09, 2023
•Important
Red Hat
89
security advisoryfedoranetwork toolsFedora 36 Update: CVE-2022-5038c3236c Moderate: Golang-X-Mod Security Fix
Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- Update to latest commit as of 20220719 ---- Added Experimental: nebula clients can be configured. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-5038c3236c 2022-07-31 01:30:22.784813 --------------------------------------------------------------------------------Name : golang-x-mod Product : Fedora 36 Version : 0.6.0~dev Release : 4.20220330git9b9b3d8.fc36 URL : https://github.com/golang/mod Summary : Go module mechanics libraries Description : This packages holds packages for writing tools that work directly with Go module mechanics. That is, it is for direct manipulation of Go modules themselves. --------------------------------------------------------------------------------Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- Update to latest commit as of 20220719 ---- Added Experimental: nebula clients can be configured to act as relays for other nebula clients. Primarily useful when stubborn NATs make a direct tunnel impossible. (#678) Configuration option to report manually specified ip:ports to lighthouses. (#650) Windows arm64 build. (#638) punchy and most lighthouse config options now support hot reloading. (#649) Changed Build against go 1.18. (#656) Promoted routines config from experimental to supported feature. (#702) Dependencies updated. (#664) Fixed Packets destined for the same host that sent it will be returned on MacOS. This matches the default behavior of other operating systems.(#501) unsafe_route configuration will no longer crash on Windows. (#648) A few panics that were introduced in 1.5.x. (#657, #658, #675) Security You can set listen.send_recv_error to control the conditions in which recv_error messages are sent. Sending these messages can expose the fact that Nebula is running on a host, but it speeds up re-handshaking. (#670) Removed x509 config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ----fix package dir listing ---- resolve build issues and list new shell completion files ---- Release of stargz snapshotter v0.12.0. Please see the release note for details: https://github.com/containerd/stargz-snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric --------------------------------------------------------------------------------ChangeLog: * Tue Jul 19 2022 Maxwell G 0.6.0~dev-4 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jul 30, 2022
Fedora
217
security advisorycriticalsecurity fixOracle Linux 7 ELSA-2022-9012 Critical Kernel Security Fix Overview
The following updated rpms for Oracle Linux 7 have been uploaded to the Unb= reakable Linux Network: . Oracle Linux Security Advisory ELSA-2022-9012 https://linux.oracle.com/errata/ELSA-2022-9012.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-5.4.17-2136.302.7.2.el7uek.x86_64.rpm kernel-uek-debug-5.4.17-2136.302.7.2.el7uek.x86_64.rpm kernel-uek-debug-devel-5.4.17-2136.302.7.2.el7uek.x86_64.rpm kernel-uek-devel-5.4.17-2136.302.7.2.el7uek.x86_64.rpm kernel-uek-doc-5.4.17-2136.302.7.2.el7uek.noarch.rpm kernel-uek-tools-5.4.17-2136.302.7.2.el7uek.x86_64.rpm aarch64: kernel-uek-5.4.17-2136.302.7.2.el7uek.aarch64.rpm kernel-uek-debug-5.4.17-2136.302.7.2.el7uek.aarch64.rpm kernel-uek-debug-devel-5.4.17-2136.302.7.2.el7uek.aarch64.rpm kernel-uek-devel-5.4.17-2136.302.7.2.el7uek.aarch64.rpm kernel-uek-doc-5.4.17-2136.302.7.2.el7uek.noarch.rpm kernel-uek-tools-5.4.17-2136.302.7.2.el7uek.aarch64.rpm kernel-uek-tools-libs-5.4.17-2136.302.7.2.el7uek.aarch64.rpm perf-5.4.17-2136.302.7.2.el7uek.aarch64.rpm python-perf-5.4.17-2136.302.7.2.el7uek.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol7/SRPMS-updates/kernel-uek-5.4.17-2136.302.7.2.el7uek.src.rpm Related CVEs: CVE-2021-0920 CVE-2021-4155 Description of changes: [5.4.17-2136.302.7.2.el7uek] - xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (Darrick J. Wong) [Orabug: 33699625] {CVE-2021-4155} [5.4.17-2136.302.7.1.el7uek] - fget: check that the fd still exists after getting a ref to it (Linus Torvalds) [Orabug: 33691332] {CVE-2021-0920} [5.4.17-2136.302.7.el7uek] - rds: ib: Reduce the contention caused by the asynchronous workers to flush the mr pool (Praveen Kumar Kannoju) [Orabug: 33671425] - rds: ib: Ack seq not always received in monotonic increasing order (H=E5kon Bugge) [Orabug: 33671414] - net/rds: Don't pummel the subnet-manager (Gerd Rausch) [Orabug: 33671407] - EDAC/i10nm: Add detection of memory levels for ICX/SPR servers (Qiuxu Zhuo) [Orabug: 33601775] - EDAC/skx_common: Add new ADXL components for 2-level memory (Qiuxu Zhuo) [Orabug: 33601775] - EDAC, skx_common: Refactor so that we initialize "dev" in result of adxl decode. (Tony Luck) [Orabug: 33601775] - uek-rpm: Add ktime_get_coarse_ts64 to KABI (John Donnelly) [Orabug: 33671383] - cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (Giovanni Gherdovich) [Orabug: 33671378] - net: ipv6: Discard next-hop MTU less than minimum link MTU (Georg Kohmann) [Orabug: 33671371] - ocfs2: fix race between searching chunks and release journal_head from buffer_head (Gautham Ananthakrishna) [Orabug: 33671363] - rds/ib: Use both iova and key in free_mr socket call (aru kolappan) [Orabug: 33671236] _______________________________________________ El-errata mailing list
Jan 10, 2022
•Critical
Oracle
89
security advisorycriticalFedoraFedora 33 FEDORA-2021-be62be8c7c Critical: perl-Net-Netmask Parsing Issue
Security fix for CVE-2021-29424. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-be62be8c7c 2021-04-08 20:56:45.051817 --------------------------------------------------------------------------------Name : perl-Net-Netmask Product : Fedora 33 Version : 2.0001 Release : 1.fc33 URL : https://metacpan.org/dist/Net-Netmask Summary : Perl module for manipulating and looking up IP network blocks Description : Net::Netmask parses and understands IPv4 and IPv6 CIDR blocks (see for more information on CIDR blocks). There are also functions to insert a network block into a table and then later look up network blocks by an IP address using that table. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2021-29424 --------------------------------------------------------------------------------ChangeLog: * Tue Mar 30 2021 Jitka Plesnikova - 2.0001-1 - 2.0001 bump --------------------------------------------------------------------------------References: [ 1 ] Bug #1944352 - perl-Net-Netmask-2.0001 is available https://bugzilla.redhat.com/show_bug.cgi?id=1944352 [ 2 ] Bug #1944875 - CVE-2021-29424 perl-Net-Netmask: incorrectly parses an IP address with leading zeros in IP octets [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1944875 [ 3 ] Bug #1944876 - CVE-2021-29424 perl-Net-Netmask: incorrectly parses an IP address with leading zeros in IP octets [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1944876 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-be62be8c7c' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed withthe Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Apr 08, 2021
•Critical
Fedora
197
security advisorysecurity issuedebianDebian 9 Stretch: DLA-2299-1 Moderate: Net-SNMP Escalation Issue
A privilege escalation vulnerability vulnerability was discovered in Net-SNMP, a set of tools for collecting and organising information about devices on computer networks. . Package : net-snmp Version : 5.7.3+dfsg-1.7+deb9u2 Debian Bug : #965166 A privilege escalation vulnerability vulnerability was discovered in Net-SNMP, a set of tools for collecting and organising information about devices on computer networks. Upstream notes that: * It is still possible to enable this MIB via the --with-mib-modules configure option. * Another MIB that provides similar functionality, namely ucd-snmp/extensible, is disabled by default. * The security risk of ucd-snmp/pass and ucd-snmp/pass_persist is lower since these modules only introduce a security risk if the invoked scripts are exploitable. For Debian 9 "Stretch", this issue has been fixed in net-snmp version 5.7.3+dfsg-1.7+deb9u2. We recommend that you upgrade your net-snmp packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . An exploit allowing privilege escalation within Net-SNMP has been patched in the latest Debian 9 Stretch update, bolstering its security framework.. Net-SNMP, Debian LTS, Security Update, Privilege Escalation. . LinuxSecurity.com Team
Jul 30, 2020
Debian LTS
89
security advisoryupdateFedoraFedora 22: FEDORA-2015-6464 moderate: Ax25-Tools ROSE Packet Crash
This is an update Fixing crash when processing ROSE packets.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-6464 2015-04-21 13:41:50 -------------------------------------------------------------------------------- Name : ax25-tools Product : Fedora 22 Version : 0.0.10 Release : 0.12.rc2.fc22 URL : Summary : Tools used to configure an ax.25 enabled computer Description : ax25-tools is a collection of tools that are used to configure an ax.25 enabled computer. They will configure interfaces and assign callsigns to ports as well as Net/ROM and ROSE configuration. This package only contains the command line programs; the GUI programs are contained in ax25-tools-x package. * m6pack - handle multiple 6pack TNCs on a single interface * ax25d - general purpose AX.25, NET/ROM and Rose daemon * axctl - configure/Kill running AX.25 connections * axparms - configure AX.25 interfaces * axspawn - allow automatic login to a Linux system * beacon - transmit periodic messages on an AX.25 port * bpqparms - configure BPQ ethernet devices * mheardd - display AX.25 calls recently heard * rxecho - transparently route AX.25 packets between ports * mheard - collect information about packet activity * dmascc_cfg - configure dmascc devices * sethdlc - get/set Linux HDLC packet radio modem driver port information * smmixer - get/set Linux soundcard packet radio modem driver mixer * kissattach - Attach a KISS or 6PACK interface * kissnetd - create a virtual network * kissparms - configure KISS TNCs * mkiss - attach multiple KISS interfaces * net2kiss - convert a network AX.25 driver to a KISS stream on a pty * netromd - send and receive NET/ROM routing messages * nodesave - saves NET/ROM routing information * nrattach - start a NET/ROM interface * nrparms - configure a NET/ROM interface * nrsdrv - KISS to NET/ROM serial converter * rsattach - start a ROSE interface * rsdwnlnk - user exit from the ROSEnetwork * rsmemsiz - monitor the ROSE subsystem * rsusers.sh - monitor AX.25, NET/ROM and ROSE users * rsparms - configure a ROSE interface * rsuplnk - User entry into the ROSE network * rip98d - RIP98 routing daemon * ttylinkd - TTYlink daemon for AX.25, NET/ROM, ROSE and IP * ax25_call - Make an AX.25 connection * netrom_call - Make a NET/ROM connection * rose_call - Make a ROSE connection * tcp_call - Make a TCP connection * yamcfg - configure a YAM interface -------------------------------------------------------------------------------- Update Information: This is an update Fixing crash when processing ROSE packets. -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update ax25-tools' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Apr 28, 2015
•Important
Fedora
89
security advisorycritical issueFedora CoreFedora Core 2: 2004-154 Critical: Net-Tools Excessive Privilege
netlink_listen & netlink_receive_dump should both check the source of the packets by looking at nl_pid and ensuring that it is 0 before performing any reconfiguration of network interfaces.. Fedora Update Notification FEDORA-2004-154 2004-06-03 --------------------------------------------------------------------- Product : Fedora Core 2 Name : net-tools Version : 1.60 Release : 25.1 Summary : Basic networking tools. Description : The net-tools package contains basic networking tools, including ifconfig, netstat, route, and others. --------------------------------------------------------------------- The code in netlink.c is based in part on the code of iproute. It was not updated when CAN-2003-0856 was announced. The code in question is within the netlink_listen & netlink_receive_dump functions. They should both check the source of the packets by looking at nl_pid and ensuring that it is 0 before performing any reconfiguration of network interfaces. These updated packages now contain the latest netplug daemon which fixes that problem. All users of netplug are strongly encouraged to upgrade to these new packages. --------------------------------------------------------------------- * Thu Jun 03 2004 Phil Knirsch 1.60-25.1 - Built FC2 security errata version based on rawhide. * Fri May 14 2004 Phil Knirsch 1.60-27 - Fixed compiler warning/error in netplug. - Updated to netplug-1.2.6 for security update and fixes. * Thu May 06 2004 Phil Knirsch 1.60-26 - Updated netplugd to latest upstream version. - Fixed execshield problem in main.c of netplugd. --------------------------------------------------------------------- This update can be downloaded from: 4d37c3c4484a9d0efe3a3f726072454a SRPMS/net-tools-1.60-25.1.src.rpm caa17b1b3a8a9639afdf2483068e0f12 i386/net-tools-1.60-25.1.i386.rpm 6b9bc4fd68b8c4d9f11403f4f10b9e6e i386/debug/net-tools-debuginfo-1.60-25.1.i386.rpm 1a9523abb0871c1c173d3c1c8ec297a1 x86_64/net-tools-1.60-25.1.x86_64.rpm a1fce7c6d5a0eed37d825f70f89ec53c x86_64/debug/net-tools-debuginfo-1.60-25.1.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. . A critical vulnerability in net-tools for Fedora Core 2 could allow unauthorized privilege escalation. Users must apply security updates immediately. excessive privilege, net-tools update, Fedora security, network tools patch, vulnerability notification. . Severity: Critical. LinuxSecurity.com Team
Jun 08, 2004
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!