Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 6 articles for you...
100
security advisoryimportantpassword issueSUSE Linux Enterprise 15 SP6: 2025:0116-1 important: git credential issues
* bsc#1235600 * bsc#1235601 Cross-References: * CVE-2024-50349 . # Security update for git Announcement ID: SUSE-SU-2025:0116-1 Release Date: 2025-01-15T08:32:46Z Rating: important References: * bsc#1235600 * bsc#1235601 Cross-References: * CVE-2024-50349 * CVE-2024-52006 CVSS scores: * CVE-2024-50349 ( NVD ): 2.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-52006 ( NVD ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * Basesystem Module 15-SP6 * Development Tools Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for git fixes the following issues: * CVE-2024-50349: Passwords for trusted sites could be sent to untrusted sites (bsc#1235600). * CVE-2024-52006: Carriage Returns via the credential protocol to credential helpers (bsc#1235601). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-116=1 openSUSE-SLE-15.6-2025-116=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-116=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-116=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * perl-Git-2.43.0-150600.3.9.1 * gitk-2.43.0-150600.3.9.1 *git-daemon-2.43.0-150600.3.9.1 * git-credential-libsecret-2.43.0-150600.3.9.1 * git-credential-libsecret-debuginfo-2.43.0-150600.3.9.1 * git-core-debuginfo-2.43.0-150600.3.9.1 * git-email-2.43.0-150600.3.9.1 * git-debuginfo-2.43.0-150600.3.9.1 * git-web-2.43.0-150600.3.9.1 * git-gui-2.43.0-150600.3.9.1 * git-2.43.0-150600.3.9.1 * git-arch-2.43.0-150600.3.9.1 * git-p4-2.43.0-150600.3.9.1 * git-cvs-2.43.0-150600.3.9.1 * git-core-2.43.0-150600.3.9.1 * git-daemon-debuginfo-2.43.0-150600.3.9.1 * git-svn-2.43.0-150600.3.9.1 * git-debugsource-2.43.0-150600.3.9.1 * openSUSE Leap 15.6 (noarch) * git-doc-2.43.0-150600.3.9.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * git-core-debuginfo-2.43.0-150600.3.9.1 * git-core-2.43.0-150600.3.9.1 * git-debuginfo-2.43.0-150600.3.9.1 * git-debugsource-2.43.0-150600.3.9.1 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * perl-Git-2.43.0-150600.3.9.1 * gitk-2.43.0-150600.3.9.1 * git-daemon-2.43.0-150600.3.9.1 * git-email-2.43.0-150600.3.9.1 * git-debuginfo-2.43.0-150600.3.9.1 * git-web-2.43.0-150600.3.9.1 * git-gui-2.43.0-150600.3.9.1 * git-2.43.0-150600.3.9.1 * git-arch-2.43.0-150600.3.9.1 * git-cvs-2.43.0-150600.3.9.1 * git-daemon-debuginfo-2.43.0-150600.3.9.1 * git-svn-2.43.0-150600.3.9.1 * git-debugsource-2.43.0-150600.3.9.1 * Development Tools Module 15-SP6 (noarch) * git-doc-2.43.0-150600.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2024-50349.html * https://www.suse.com/security/cve/CVE-2024-52006.html * https://bugzilla.suse.com/show_bug.cgi?id=1235600 * https://bugzilla.suse.com/show_bug.cgi?id=1235601 . Essential security patch for git resolves problems with transmitting credentials to unverified domains, enhancing system reliability.. git security updates, SUSE patch, credential protocol fix, software security advisory. . Severity: Important. LinuxSecurity.com Team
Jan 15, 2025
•Important
SuSE
99
security advisorymoderatesambaSlackware 15.0: 2022-208-01 Moderate: Samba Password and Server Issues
New samba packages are available for Slackware 15.0 and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] samba (SSA:2022-208-01) New samba packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/samba-4.15.9-i586-1_slack15.0.txz: Upgraded. This update fixes the following security issues: Samba AD users can bypass certain restrictions associated with changing passwords. Samba AD users can forge password change requests for any user. Samba AD users can crash the server process with an LDAP add or modify request. Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request. Server memory information leak via SMB1. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-2031 https://www.cve.org/CVERecord?id=CVE-2022-32744 https://www.cve.org/CVERecord?id=CVE-2022-32745 https://www.cve.org/CVERecord?id=CVE-2022-32746 https://www.cve.org/CVERecord?id=CVE-2022-32742 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 15.0: Updated package for Slackware x86_64 15.0: Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 15.0 package: 44b632d926e5d5700394326f660bf727 samba-4.15.9-i586-1_slack15.0.txz Slackware x86_64 15.0 package: 751f6e652986cb6f1f7f118dc99de6b2 samba-4.15.9-x86_64-1_slack15.0.txz Slackware -current package: 3a03309499ec39abd2b3d241bf08d755 n/samba-4.16.4-i586-1.txz Slackware x86_64-current package: 654ab1af9e82329d94c62d69a57cc4d0 n/samba-4.16.4-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg samba-4.15.9-i586-1_slack15.0.txz Then, if Samba is running restart it: # /etc/rc.d/rc.samba restart +-----+ . Recent samba updates for Slackware 15.0 have been issued to remediate significant security flaws concerning authentication and server integrity.. Slackware Security Update,Samba Security Fixes,Server Process Security,Upgrade Samba Packages. . Severity: Important. LinuxSecurity.com Team
Jul 27, 2022
•Important
Slackware
100
security advisorydenial of servicepatchSUSE: 2022:1100-1 Important: 389-ds Denial Of Service And Password Issues
An update that solves two vulnerabilities and has two fixes is now available. . SUSE Security Update: Security update for 389-ds ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1100-1 Rating: important References: #1194068 #1194084 #1197275 #1197345 Cross-References: CVE-2022-0918 CVE-2022-0996 CVSS scores: CVE-2022-0918 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0918 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0996 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-0996 (SUSE): 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for 389-ds fixes the following issues: - CVE-2022-0918: Fixed a potential denial of service via crafted packet (bsc#1197275). - CVE-2022-0996: Fixed a mishandling of password expiry (bsc#1197345). - Resolved LDAP-Support not working with DHCP by adding required schema (bsc#1194068) - Resolved multiple index migration bug (bsc#1194084) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patchSUSE-SLE-Module-Server-Applications-15-SP3-2022-1100=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): 389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1 389-ds-debuginfo-1.4.4.19~git28.b12c72226-150300.3.12.1 389-ds-debugsource-1.4.4.19~git28.b12c72226-150300.3.12.1 389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1 lib389-1.4.4.19~git28.b12c72226-150300.3.12.1 libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1 libsvrcore0-debuginfo-1.4.4.19~git28.b12c72226-150300.3.12.1 References: https://www.suse.com/security/cve/CVE-2022-0918.html https://www.suse.com/security/cve/CVE-2022-0996.html https://bugzilla.suse.com/1194068 https://bugzilla.suse.com/1194084 https://bugzilla.suse.com/1197275 https://bugzilla.suse.com/1197345 . Ubuntu Security Patch addresses critical vulnerabilities in MySQL, focusing on remote code execution and data integrity challenges.. SUSE Security Update, 389-ds Update, Denial Of Service Fix, Password Issue Resolution. . Severity: Important. LinuxSecurity.com Team
Apr 04, 2022
•Important
SuSE
98
security advisorysecurity updatered hatRed Hat Enterprise Linux 8.1: RHSA-2021-3177-01 Moderate Password Issue
An update for cloud-init is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: cloud-init security update Advisory ID: RHSA-2021:3177-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3177 Issue date: 2021-08-17 CVE Names: CVE-2021-3429 ==================================================================== 1. Summary: An update for cloud-init is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.1) - noarch 3. Description: The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Security Fix(es): * cloud-init: randomly generated passwords logged in clear-text to world-readable file (CVE-2021-3429) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1940967 - CVE-2021-3429 cloud-init: randomly generatedpasswords logged in clear-text to world-readable file 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.1): Source: cloud-init-18.5-7.el8_1.6.src.rpm noarch: cloud-init-18.5-7.el8_1.6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-3429 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYRt0PtzjgjWX9erEAQhmGQ/+IRTT0JOiQF6FLAEDUhhgGBPjNlPj4Bzj mYF+gry5gYsAsIklpfHhPhXOinKrlOtBn9UrMZDlMXBwOV3sBiPNJrhRu+b/X7cc DEEn1oCXFVBqh3ARWbVQmE/VqUidxKhdoVJO3Uci3w/z9aZylbA63TDEnxISoEMP Z42cgFs7WMRYqaCyf1mCl4LaysKD3HPYzXBITkal0uyzGRpl3fa+A2NpB1Azvz+D y16pJbIDkHeJ66L0MZdNhUHWYnB0KXDJYZhI5QtLZdGRhbWErgSz5ld4xbzWeWUf rbXwRJoRtTcCKK5pw8L80KjJyPmhI+7I9X72vAy81AAWqfOWAJB32DgO3cCGPCj+ IvJE7MLF4EFCf9q8l93RFvF1ICoOFKLK7F1BqXhzD5gW6PqQqsEJXz9dD1FH/bZF 57O8PQL6eUZZXGIVyA1y7rNV0GYMjYCTyAtBUdnTnE9NIQP+k2J51OUqmDaLv5+x W82/2LWrtnljMgobgAnp5vneW5ElchVGWybrlcXJYwWeJamVPdw1jMcrYUZI4RJS W80WsDM1Zb+6tjN6YPouw8JQ2EphNdTkhtVHU/tuqEPhnAqVLPQYFRpcR2oQVWIx t6XUECSby6HRlEUScWUzFR+UUkOOvEH3eyKgwpF4PHs7aCR98iIkHPElJa1mHHdK Jz8wWxQUP1g=1Kna -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 17, 2021
•Important
Red Hat
197
security advisorycriticalDebianDebian 9: DLA-2577-1 Critical: Python-pysaml2 Password Authentication Flaw
Several issues have been found in python-pysaml2, a pure python implementation of SAML Version 2 Standard. CVE-2017-1000433 . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2577-1
Feb 26, 2021
•Critical
Debian LTS
98
security advisoryRed Hatbug fixRed Hat Ansible Engine 2.6 RHSA-2018:3771 Moderate: Password Logging Flaw
An update for ansible is now available for Ansible Engine 2.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: ansible security and bug fix update Advisory ID: RHSA-2018:3771-01 Product: Red Hat Ansible Engine Advisory URL: https://access.redhat.com/errata/RHSA-2018:3771 Issue date: 2018-12-04 CVE Names: CVE-2018-16859 ==================================================================== 1. Summary: An update for ansible is now available for Ansible Engine 2.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Ansible Engine 2.6 for RHEL 7 Server - noarch 3. Description: Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The following packages have been upgraded to a newer upstream version: ansible (2.6.10) Security fix(es): * ansible: become password logged in plaintext when used with PowerShell on Windows (CVE-2018-16859) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Igor Turovsky for reporting this issue. BugFix(es): See https://github.com/ansible/ansible/blob/v2.6.10/changelogs/CHANGELOG-v2.6.rst for details on bug fixes in this release. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1649607 - CVE-2018-16859 ansible: become password logged in plaintext when used with PowerShell on Windows 6. Package List: Red Hat Ansible Engine 2.6 for RHEL 7 Server: Source: ansible-2.6.10-1.el7ae.src.rpm noarch: ansible-2.6.10-1.el7ae.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2018-16859 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXAbHQ9zjgjWX9erEAQjeOw//UwQj/0PJtnJjj8Bmeb7rFbreUgdNlKeo UNrLKgjCKppNYGBQiWW7dTXUYWt7S0pQyvPZzEbtYmUsp1drraYb47RkMcYDJg3+ nhqqhto2PtFuDdp5+eS0JsSLdW7g+paTYwAtc7OLk1zK0846jDvDQZH6ca1rsdAz fPffs8UTZR6MOgX4Fnl2RmQewQO22IOwvY1NR9RLQ1ENHniYEZ9rc0QwpRMgQkH9 5UnUl+GmMz86d7DTD9tv1em5K9EaA1FIuJZIaXMbyOxCIk25/uVi+tRleshtg+3L ikd6PYduMlAoEAUyk/aaEaL8p4RL7D5M/WGJz8NOFewjHYInYvYRpW9sULYMS2dN PwYcYa8X71iZt7ndCbyi1WuAOdB3NDZFwbLjv/ildw8gw7vpFw7LQLLx5JN/ZyTp gTYyEY8hfVkQCg+onmNOZrbLvYOF47RlQq+MSqt0gn8wHHSdD2hV1OKerhkNjdO6 CRuZr191OePvzujaMy9rt581bsLzUWW1Sq4LZ8/5ErUEXY6YQBfZECq8Ty3kHc7R EERVmwaxpzOo0I3sfmKNGhLmfEyFPkjncFGT9Sq5KT6T4jsMoBs0YcQA82IRdZaq 5s1LOgBy+0oOYk/rDwd3QJpyMxoDJ2zZVASEaCnM+nunUw5mIp/n8dFtebg1NVZW 2sBrTBSV5+s=jlha -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Dec 04, 2018
Red Hat
98
security advisoryRed HatupdateRed Hat 2.5: RHSA-2018-3770-01 Moderate: Ansible Password Log Issue
An update for ansible is now available for Ansible Engine 2.5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: ansible security and bug fix update Advisory ID: RHSA-2018:3770-01 Product: Red Hat Ansible Engine Advisory URL: https://access.redhat.com/errata/RHSA-2018:3770 Issue date: 2018-12-04 CVE Names: CVE-2018-16859 ==================================================================== 1. Summary: An update for ansible is now available for Ansible Engine 2.5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Ansible Engine 2.5 for RHEL 7 Server - noarch 3. Description: Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The following packages have been upgraded to a newer upstream version: ansible (2.5.13) Security fix(es): * ansible: become password logged in plaintext when used with PowerShell on Windows (CVE-2018-16859) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Igor Turovsky for reporting this issue. BugFix(es): See st for details on bug fixes in this release. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1649607 - CVE-2018-16859 ansible: become password logged in plaintext when used with PowerShell on Windows 6. Package List: Red Hat Ansible Engine 2.5 for RHEL 7 Server: Source: ansible-2.5.13-1.el7ae.src.rpm noarch: ansible-2.5.13-1.el7ae.noarch.rpm ansible-doc-2.5.13-1.el7ae.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2018-16859 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXAbHStzjgjWX9erEAQiY0Q//XaqDdNp0dBYOxen8I/iBw7Q3byrSLZQU 0iNzEv3ZV/ATWnBnTh+sy3rsDPiCRxx2ngRO4fy8krbaXm5jZGntsRvbJnU9Meiw dqN5U9ln4bscJRq9tlmUD7OSGlejAxGA81qV5m1ePgZlyxv/NnP4Yl6oz6BDevby z0/xXqp7V2zO7Shu1KL/hcLEoK8u87tKjQl9kA0o2lhDFd/HH/GrcuekAIFWYKvf MBE3aoTwShROcQ7JaG+pp2FIMj1w4VCFAyRouQd8XGk9EiViFno6Gc073nj59Lpw Znbx3EJ5rSYWkDMqGsD4CIX+XN+HbWNM4nuk2zh8Tyg1xlbWrmyN6E7jPMwkACMR gv3O1rNweirzh93EliZZjypfDkYSyKR128dy3ac/t4iNrYr3AvFZMiYythT4AaO2 d/MZxw0TS9LoKsV26WR2w+iRjmxbYfgnGwdG5wPyW4LlLE9H7f2dviksm7ciGe2I zgK9s518Tt9piEgmnJf74+8sq9rKZLnRNbKW/v+It4MzDzGyFtQUmnoBwCWQqNUn jVvbMp1HhGUuARC+D4ZyefkN9H4UIDrlpa7uIbh67yy3UhMKN+96R10xh0HK6cRa UuLY2gcgi72C/pmqf7MY43sHtuQOZfCUEmHUN3cfl0WqXepliq9SGmWuXQAaG7xS xxPdvzP6WHI=Dch0 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Dec 04, 2018
Red Hat
89
security advisoryFedorasoftware fixFedora 24: 2017-05e32fe278 Critical: xrdp Password Issue
WARNING: Please note that this update comes with a slightly different syntax of sesman.ini file, so if you edited this file by hand, you may need to look at the .rpmnew file and merge any required changes by hand. This release also creates three files in /etc/xrdp directory if they don't already exist or are empty: - rsakeys.ini - cert.pem - key.pem Also note that in Fedora, the only backend. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2017-05e32fe278 2017-03-02 22:38:20.794912 -------------------------------------------------------------------------------- Name : xrdp Product : Fedora 24 Version : 0.9.1 Release : 5.fc24 URL : http://www.xrdp.org/ Summary : Open source remote desktop protocol (RDP) server Description : xrdp provides a fully functional RDP server compatible with a wide range of RDP clients, including FreeRDP and Microsoft RDP client. -------------------------------------------------------------------------------- Update Information: WARNING: Please note that this update comes with a slightly different syntax of sesman.ini file, so if you edited this file by hand, you may need to look at the .rpmnew file and merge any required changes by hand. This release also creates three files in /etc/xrdp directory if they don't already exist or are empty: - rsakeys.ini - cert.pem - key.pem Also note that in Fedora, the only backend that will really work is still Xvnc for now. New features - New xorgxrdp backend using existing Xorg with additional modules - Improvements to X11rdp backend - Support for IPv6 (disabled by default) - Initial support for RemoteFX Codec (disabled by default) - Support for TLS security layer (preferred over RDP layer if supported by the client) - Support for disabling deprecated SSLv3 protocol and for selecting custom cipher suites in xrdp.ini - Support for bidirectional fastpath (enabled in both directions by default) - Support clients that don't support drawing orders,such as MS RDP client for Android, ChromeRDP (disabled by default) - More configurable login screen - Support for new virtual channels: - - rdpdr: device redirection - - rdpsnd: audio output - - cliprdr: clipboard - - xrdpvr: xrdp video redirection channel (can be used along with NeutrinoRDP client) - Support for disabling virtual channels globally or by session type - Allow to specify the path for backends (Xorg, X11rdp, Xvnc) - Added files for systemd support - Multi-monitor support - xrdp-chansrv stroes logs in ${XDG_DATA_HOME}/xrdp now Security fixes - User's password could be recovered from the Xvnc password file - X11 authentication was not used -------------------------------------------------------------------------------- References: [ 1 ] Bug #1404972 - CVE-2013-1430 xrdp: Cleartext password shown in file after logging into xrdp session [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1404972 [ 2 ] Bug #1404971 - CVE-2013-1430 xrdp: Cleartext password shown in file after logging into xrdp session [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1404971 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade xrdp' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Mar 03, 2017
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!