Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
172
security advisorymoderatephpUbuntu 16.04 ESM: USN-6054-1 Serious: Python Remote Code Execution Risk
PHP could be made to bypass password checking if a specially crafted input was provided.. =========================================================================Ubuntu Security Notice USN-6053-1 May 02, 2023 php7.0 vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: PHP could be made to bypass password checking if a specially crafted input was provided. Software Description: - php7.0: HTML-embedded scripting language interpreter Details: It was discovered that PHP incorrectly handled certain invalid Blowfish password hashes. An invalid password hash could possibly allow applications to accept any password as valid, contrary to expectations. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: libapache2-mod-php7.0 7.0.33-0ubuntu0.16.04.16+esm6 php7.0 7.0.33-0ubuntu0.16.04.16+esm6 php7.0-cgi 7.0.33-0ubuntu0.16.04.16+esm6 php7.0-cli 7.0.33-0ubuntu0.16.04.16+esm6 php7.0-fpm 7.0.33-0ubuntu0.16.04.16+esm6 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6053-1 CVE-2023-0567 . A PHP flaw enables circumvention of password verifications, impacting Ubuntu 16.04 ESM. Ensure applications are updated for security.. Password Bypass, PHP Issue, Ubuntu 16.04, Security Update, Software Fix. . Severity: Important. LinuxSecurity.com Team
May 02, 2023
•Important
Ubuntu
98
security advisorysoftware updatemoderate severityRed Hat Fuse 7.8.1 RHSA-2021-1401-01 Moderate: Password Bypass Issue
A micro version update (from 7.8.0 to 7.8.1) is now available for Red Hat Fuse on Karaf and Red Hat Fuse on Spring Boot 2. The purpose of this text-only errata is to inform you about the security issues fixed in this release.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Fuse 7.8.1 patch release and security update Advisory ID: RHSA-2021:1401-01 Product: Red Hat JBoss Fuse Advisory URL: https://access.redhat.com/errata/RHSA-2021:1401 Issue date: 2021-04-27 CVE Names: CVE-2020-28052 ==================================================================== 1. Summary: A micro version update (from 7.8.0 to 7.8.1) is now available for Red Hat Fuse on Karaf and Red Hat Fuse on Spring Boot 2. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: This release of Red Hat Fuse 7.8.1 serves as a patch to Red Hat Fuse on Karaf and Red Hat Fuse on Spring Boot 2 (7.8.0), and includes security fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es): * bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible - Karaf (CVE-2020-28052) * bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible - Spring Boot 2 (CVE-2020-28052) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications,configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.8.0 product documentation page: ing_on_apache_karaf/apply-hotfix-patch ng_into_spring_boot/patch-red-hat-fuse-applications 4. Bugs fixed (https://bugzilla.redhat.com/): 1912881 - CVE-2020-28052 bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible 5. References: https://access.redhat.com/security/cve/CVE-2020-28052 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/installing_on_apache_karaf/apply-hotfix-patch https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/deploying_into_spring_boot/patch-red-hat-fuse-applications https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=distributions&version=7.8.0 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYIfQDtzjgjWX9erEAQgs8g/8D1JzNDrU9s8NIDGecM17U83tb62pdeHi 2WzKUFsG5cebZV1UpvIF0oeoIwAzwSROw9/TRzi5tzeibPEPVdW94DO9qApRNSsS TdNxAAuPxkQkx6DoUOPxqw/vDC9oI0jGILL/wGKRX39kKEhtknghSq/5nZrjkP9v 3Y+6c+eKwgEJWQRn93NPaKa3kc18laFSmGp+gKppzafAh6h3LYZwFtCJs9sn0Lbx pEEujMp1hibg9uAE7EWzw0dbyjNgg3befA56V5DtusvkE+MrbyDtbm4rGxyEUTUg CrXxcl93ErngWgscIVcjDOPU2KKuvaamjisk0UvcYLDNXlL7aMjqobyPBgi4BO8F iPLuWcJLjkfEbLatNuz48tWjhUkk3httU3521AIt4SUgW2daR0lyEqx6aHY5K2hX apW0wsfnpaTSDOn+PFCnBI6lvhxR9YUgiAphcmhNUJWDrOu1t8wesP4iBsfwj3mf rZFZlWAF02PV09I448NhDQwxnoSopj5S9MH+KQeipGeH1mpxP+HJSqTAABHm+sxO bowQGVUdq/b1q8Dl2AU6/f9uyKygWNzWnYRJsQNb5POjauZVdVylF4mv0wcZiD1y slOPltC+Qg7aJTInhJfwvQURDZON3A3qVk57dM+wOFNxnqEEVbCbvKT2Pi5S4ZW7 kMEDdFVBaGc=1BzY -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 27, 2021
Red Hat
98
security advisorymoderateRed HatRed Hat: RHSA-2021-0974 moderate: Single Sign-On 7.4.6 Security Update
A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Single Sign-On 7.4.6 security update Advisory ID: RHSA-2021:0974-01 Product: Red Hat Single Sign-On Advisory URL: https://access.redhat.com/errata/RHSA-2021:0974 Issue date: 2021-03-23 CVE Names: CVE-2020-7676 CVE-2020-8908 CVE-2020-14302 CVE-2020-28052 CVE-2020-35510 CVE-2021-20220 CVE-2021-20250 ==================================================================== 1. Summary: A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.6 serves as a replacement for Red Hat Single Sign-On 7.4.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible (CVE-2020-28052) * nodejs-angular: XSS due to regex-based HTML replacement (CVE-2020-7676) * jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client (CVE-2020-35510) * undertow: Possible regressionin fix for CVE-2020-10687 (CVE-2021-20220) * wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client (CVE-2021-20250) * guava: local information disclosure via temporary directory created with unsafe permissions (CVE-2020-8908) * keycloak: reusable "state" parameter at redirect_uri endpoint enables possibility of replay attacks (CVE-2020-14302) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1849206 - CVE-2020-7676 nodejs-angular: XSS due to regex-based HTML replacement 1849584 - CVE-2020-14302 keycloak: reusable "state" parameter at redirect_uri endpoint enables possibility of replay attacks 1905796 - CVE-2020-35510 jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client 1906919 - CVE-2020-8908 guava: local information disclosure via temporary directory created with unsafe permissions 1912881 - CVE-2020-28052 bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible 1923133 - CVE-2021-20220 undertow: Possible regression in fix for CVE-2020-10687 1929479 - CVE-2021-20250 wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client 5.References: https://access.redhat.com/security/cve/CVE-2020-7676 https://access.redhat.com/security/cve/CVE-2020-8908 https://access.redhat.com/security/cve/CVE-2020-14302 https://access.redhat.com/security/cve/CVE-2020-28052 https://access.redhat.com/security/cve/CVE-2020-35510 https://access.redhat.com/security/cve/CVE-2021-20220 https://access.redhat.com/security/cve/CVE-2021-20250 https://access.redhat.com/security/updates/classification#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso&downloadType=securityPatches&version=7.4 https://docs.redhat.com/en/documentation/red_hat_single_sign-on/7.4 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYFn45tzjgjWX9erEAQg+fxAAn32fXM3qcJfEbR4Cw2r0YJHxaDsJnW2s AnhFbAqKJ8456CVDp5U2TeMir0ol0fa341TkZR1yY7ZewXJ4TBjoKII5t5xg9d3a QK1tbPdhjH1cQXtO2mKd9uJkiWhCiGCiHP8u66+B8Su9yfsKufzN8L6IymU1KWRH sfVXwDiD4p1j7b4jHzKH/eRgawRUjwzKNbYQyDsWZQaG5AB8gcSbBb9xB2Ao5LGF 5wwwBh7Dwp+mv8avZPReQAcOKsOhsPJUzGgKw7GuoHVcC0ebGmiFmeKdGH6fp3oL 2mizHxSz2CYaZpa92gqXOfF2+589jvtmZITLpxCKsHrLFzdJFWO/BfVGE5ope4/v FVg7zLKRceMpsbKGV/+9EjteDWuJIN5Pmx7dgjBWvevMrGXQxxmFaY3ceQk00gzc 7I/QseunDrBKkhbqwBgzRYB9722ed2GKv3cMatjD7igRenGmi9HQpx7F+GvGifE3 L+2WVn2VIpjI+s6ET3eAgju1vagkezJOifAVp1MJJ1MWZuKntxj4H0TB+88BtzNJ 54bL+R5OZhc0vmCE5VtjMZwamc7umRzjef43GUYZNG7dMLMAHRE5aRpMLSni9R2l 1TCfjFXRcno2v/xRNIObAW4BJpY8GqnxOBapw5RwBGeIA+lH2nrVrblpuFVG37HR AyZ4UFtY23c=l/2h -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 23, 2021
Red Hat
172
security advisorysudolocal accessUbuntu 12.10 Advisory USN-1754-1 Moderate: Sudo Local Access Risk
Sudo could be made to run programs as the administrator without a password prompt.. =========================================================================Ubuntu Security Notice USN-1754-1 February 28, 2013 sudo vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: Sudo could be made to run programs as the administrator without a password prompt. Software Description: - sudo: Provide limited super user privileges to specific users Details: Marco Schoepl discovered that Sudo incorrectly handled time stamp files when the system clock is set to epoch. A local attacker could use this issue to run Sudo commands without a password prompt. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: sudo 1.8.5p2-1ubuntu1.1 sudo-ldap 1.8.5p2-1ubuntu1.1 Ubuntu 12.04 LTS: sudo 1.8.3p1-1ubuntu3.4 sudo-ldap 1.8.3p1-1ubuntu3.4 Ubuntu 11.10: sudo 1.7.4p6-1ubuntu2.2 sudo-ldap 1.7.4p6-1ubuntu2.2 Ubuntu 10.04 LTS: sudo 1.7.2p1-1ubuntu5.6 sudo-ldap 1.7.2p1-1ubuntu5.6 Ubuntu 8.04 LTS: sudo 1.6.9p10-1ubuntu3.10 sudo-ldap 1.6.9p10-1ubuntu3.10 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-1754-1 CVE-2013-1775 Package Information: https://launchpad.net/ubuntu/+source/sudo/1.8.5p2-1ubuntu1.1 https://launchpad.net/ubuntu/+source/sudo/1.8.3p1-1ubuntu3.4 https://launchpad.net/ubuntu/+source/sudo/1.7.4p6-1ubuntu2.2 https://launchpad.net/ubuntu/+source/sudo/1.7.2p1-1ubuntu5.6 https://launchpad.net/ubuntu/+source/sudo/1.6.9p10-1ubuntu3.10 . A security flaw in Ubuntu's Sudo could enable local users to bypass password requests, potentially leading to unauthorized access; prompt for updates recommended.. Sudo Security, Ubuntu Access Control, Admin Privileges, Password Bypass Issue. . Severity: Important. LinuxSecurity.com Team
Feb 28, 2013
•Important
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!