Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 443
Alerts This Week
Warning Icon 1 443

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -7 articles for you...
200

Scientific Linux: SLSA-2015:2369-1 Low: OpenHPI x86_64 Update

Low: openhpi security, bug fix, and enhancement update. Date: Mon, 21 Dec 2015 23:12:03 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Low: openhpi on SL7.x x86_64 MIME-Version: 1.0 Message-ID: Synopsis: Low: openhpi security, bug fix, and enhancement update Advisory ID: SLSA-2015:2369-1 Issue Date: 2015-11-19 CVE Numbers: CVE-2015-3248 -- It was found that the "/var/lib/openhpi" directory provided by OpenHPI used world-writeable and world-readable permissions. A local user could use this flaw to view, modify, and delete OpenHPI-related data, or even fill up the storage device hosting the /var/lib directory. (CVE-2015-3248) The openhpi packages have been upgraded to upstream version 3.4.0, which provides a number of bug fixes and enhancements over the previous version. This update also fixes the following bug: * Network timeouts were handled incorrectly in the openhpid daemon. As a consequence, network connections could fail when external plug-ins were used. With this update, handling of network socket timeouts has been improved in openhpid, and the described problem no longer occurs. -- SL7 x86_64 openhpi-3.4.0-2.el7.i686.rpm openhpi-3.4.0-2.el7.x86_64.rpm openhpi-debuginfo-3.4.0-2.el7.i686.rpm openhpi-debuginfo-3.4.0-2.el7.x86_64.rpm openhpi-libs-3.4.0-2.el7.i686.rpm openhpi-libs-3.4.0-2.el7.x86_64.rpm openhpi-devel-3.4.0-2.el7.i686.rpm openhpi-devel-3.4.0-2.el7.x86_64.rpm - Scientific Linux Development Team . Get the latest OpenHPI update for Scientific Linux. This low-severity fix enhances stability, performance, and hardware compatibility for users.. openhpi update, security advisory, enhancement fix. . LinuxSecurity.com Team

Calendar%202 Dec 21, 2015 Scientific Linux
89

Fedora 22: FEDORA-2015-10944 Critical: openhpi Permissions Issue

fix /var/lib/openhpi permissions (#1233521).. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-10944 2015-10-07 03:46:09.915691 -------------------------------------------------------------------------------- Name : openhpi Product : Fedora 22 Version : 3.4.0 Release : 2.fc22 URL : Summary : Hardware Platform Interface library and tools Description : OpenHPI is an open source project created with the intent of providing an implementation of the SA Forum's Hardware Platform Interface (HPI). HPI provides an abstracted interface to managing computer hardware, typically for chassis and rack based servers. HPI includes resource modeling; access to and control over sensor, control, watchdog, and inventory data associated with resources; abstracted System Event Log interfaces; hardware events and alerts; and a managed hot swap interface. OpenHPI provides a modular mechanism for adding new hardware and device support easily. Many plug-ins exist in the OpenHPI source tree to provide access to various types of hardware. This includes, but is not limited to, IPMI based servers, Blade Center, and machines which export data via sysfs. -------------------------------------------------------------------------------- Update Information: fix /var/lib/openhpi permissions (#1233521). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1233521 - CVE-2015-3248 openhpi: world writable /var/lib/openhpi directory [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1233521 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update openhpi' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/admin/lists/package-announce.lists.fedoraproject.org/ . Ubuntu 20.04 delivers essential kernel upgrade enhancing stability and performance for a more secure environment.. OpenHPI Security,Fedora Update,Permissions Fix. . LinuxSecurity.com Team

Calendar%202 Oct 07, 2015 Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200