Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
203
security advisorycritical riskweb securityMageia 8 MGASA-2023-0099 Critical: Epiphany Exfiltration Threat
In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts. (CVE-2023-26081) References: . MGASA-2023-0099 - Updated epiphany packages fix security vulnerability Publication date: 18 Mar 2023 URL: https://advisories.mageia.org/MGASA-2023-0099.html Type: security Affected Mageia releases: 8 CVE: CVE-2023-26081 In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts. (CVE-2023-26081) References: - https://bugs.mageia.org/show_bug.cgi?id=31609 - https://lists.fedoraproject.org/archives/list/
Mar 18, 2023
•Critical
Mageia
100
security advisorymoderate severitySUSE LinuxSUSE Linux: 2021:0990-1 Moderate: Zabbix Agent CSRF Protection Fix
An update that fixes two vulnerabilities is now available. . SUSE Security Update: Security update for zabbix ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0990-1 Rating: moderate References: #1158321 #1183014 Cross-References: CVE-2013-7484 CVE-2021-27927 CVSS scores: CVE-2013-7484 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for zabbix fixes the following issues: - CVE-2021-27927: Fixed an improper CSRF protection mechanism (bsc#1183014). - CVE-2013-7484: Fixed an issue where passwords in the users table were unsalted (bsc#1158321). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-990=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): zabbix-agent-4.0.12-4.12.1 zabbix-agent-debuginfo-4.0.12-4.12.1 zabbix-debugsource-4.0.12-4.12.1 References: https://www.suse.com/security/cve/CVE-2013-7484.html https://www.suse.com/security/cve/CVE-2021-27927.html https://bugzilla.suse.com/1158321 https://bugzilla.suse.com/1183014 . SUSE Security Patch for zabbix addresses vulnerabilities in CSRF safeguards and authentication protocols. Moderate risk level. More information enclosed.. SUSE Security Update,Zabbix Agent,CSRF Fix,Password Security. . LinuxSecurity.com Team
Mar 30, 2021
SuSE
98
security advisoryaccess controlbug fixRed Hat Enterprise Linux 7 RHSA-2015:2623 Moderate: Grub2 Access Flaw
Updated grub2 packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: grub2 security and bug fix update Advisory ID: RHSA-2015:2623-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2015:2623.html Issue date: 2015-12-15 CVE Names: CVE-2015-8370 ==================================================================== 1. Summary: Updated grub2 packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The grub2 packages provide version 2 of the Grand Unified Bootloader (GRUB), a highly configurable and customizable bootloader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. A flaw was found in the way the grub2 handled backspace characters entered in username and password prompts. Anattacker with access to the system console could use this flaw to bypass grub2 password protection and gain administrative access to the system. (CVE-2015-8370) This update also fixes the following bug: * When upgrading from Red Hat Enterprise Linux 7.1 and earlier, a configured boot password was not correctly migrated to the newly introduced user.cfg configuration files. This could possibly prevent system administrators from changing grub2 configuration during system boot even if they provided the correct password. This update corrects the password migration script and the incorrectly generated user.cfg file. (BZ#1290089) All grub2 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1286966 - CVE-2015-8370 grub2: buffer overflow when checking password entered during bootup 1290089 - Grub password broken by update from RHEL7.1 to RHEL7.2 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: grub2-2.02-0.33.el7_2.src.rpm x86_64: grub2-2.02-0.33.el7_2.x86_64.rpm grub2-debuginfo-2.02-0.33.el7_2.x86_64.rpm grub2-efi-2.02-0.33.el7_2.x86_64.rpm grub2-tools-2.02-0.33.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: grub2-debuginfo-2.02-0.33.el7_2.x86_64.rpm grub2-efi-modules-2.02-0.33.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: grub2-2.02-0.33.el7_2.src.rpm x86_64: grub2-2.02-0.33.el7_2.x86_64.rpm grub2-debuginfo-2.02-0.33.el7_2.x86_64.rpm grub2-efi-2.02-0.33.el7_2.x86_64.rpm grub2-tools-2.02-0.33.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: grub2-debuginfo-2.02-0.33.el7_2.x86_64.rpm grub2-efi-modules-2.02-0.33.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v.7): Source: grub2-2.02-0.33.el7_2.src.rpm aarch64: grub2-debuginfo-2.02-0.33.el7_2.aarch64.rpm grub2-efi-2.02-0.33.el7_2.aarch64.rpm grub2-tools-2.02-0.33.el7_2.aarch64.rpm ppc64: grub2-2.02-0.33.el7_2.ppc64.rpm grub2-debuginfo-2.02-0.33.el7_2.ppc64.rpm grub2-tools-2.02-0.33.el7_2.ppc64.rpm ppc64le: grub2-2.02-0.33.el7_2.ppc64le.rpm grub2-debuginfo-2.02-0.33.el7_2.ppc64le.rpm grub2-tools-2.02-0.33.el7_2.ppc64le.rpm x86_64: grub2-2.02-0.33.el7_2.x86_64.rpm grub2-debuginfo-2.02-0.33.el7_2.x86_64.rpm grub2-efi-2.02-0.33.el7_2.x86_64.rpm grub2-tools-2.02-0.33.el7_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): aarch64: grub2-debuginfo-2.02-0.33.el7_2.aarch64.rpm grub2-efi-modules-2.02-0.33.el7_2.aarch64.rpm x86_64: grub2-debuginfo-2.02-0.33.el7_2.x86_64.rpm grub2-efi-modules-2.02-0.33.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: grub2-2.02-0.33.el7_2.src.rpm x86_64: grub2-2.02-0.33.el7_2.x86_64.rpm grub2-debuginfo-2.02-0.33.el7_2.x86_64.rpm grub2-efi-2.02-0.33.el7_2.x86_64.rpm grub2-tools-2.02-0.33.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: grub2-debuginfo-2.02-0.33.el7_2.x86_64.rpm grub2-efi-modules-2.02-0.33.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-8370 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWb+3QXlSAg2UNWIIRArT8AJ0YmmVTVBR2q943FqGhNfwXM7PE7ACgvVS2 4g7c1tWUj/z0d5BWzr9aW3k=iI+4 -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Dec 15, 2015
Red Hat
100
security advisorysecurity issuesoftware updateSUSE: 2014:0497-1 Significant Update: Samba Brute Force Mitigation
An update that solves one vulnerability and has 6 fixes is An update that solves one vulnerability and has 6 fixes is An update that solves one vulnerability and has 6 fixes is now available. now available.. SUSE Security Update: Security update for Samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0497-1 Rating: important References: #726937 #786677 #844307 #847009 #849224 #863748 #865561 Cross-References: CVE-2013-4496 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves one vulnerability and has 6 fixes is now available. Description: The Samba fileserver suite was updated to fix bugs and security issues. The following security issue have been fixed: * No Password lockout or ratelimiting was enforced for SAMR password changes, making brute force guessing attacks possible. CVE-2013-4496. Also the following feature has been added: * Allow smbcacls to take a '--propagate-inheritance' flag to indicate that the add, delete, modify and set operations now support automatic propagation of inheritable ACE(s); (FATE#316474). And the following bugs have been fixed: * Fixed problem with server taking too long to respond to a MSG_PRINTER_DRVUPGRADE message; (bso#9942); (bnc#863748). * Fixed memory leak in printer_list_get_printer(); (bso#9993); (bnc#865561). * Fixed Winbind 100% CPU utilization caused by domain list corruption; (bso#10358); (bnc#786677). * Make winbindd print the interface version when it gets an INTERFACE_VERSION request; (bnc#726937). Security Issue reference: *CVE-2013-4496 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-cifs-mount-9010 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-cifs-mount-9010 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-cifs-mount-9010 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-cifs-mount-9010 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libldb-devel-3.6.3-0.50.1 libnetapi-devel-3.6.3-0.50.1 libnetapi0-3.6.3-0.50.1 libsmbclient-devel-3.6.3-0.50.1 libsmbsharemodes-devel-3.6.3-0.50.1 libsmbsharemodes0-3.6.3-0.50.1 libtalloc-devel-3.6.3-0.50.1 libtdb-devel-3.6.3-0.50.1 libtevent-devel-3.6.3-0.50.1 libwbclient-devel-3.6.3-0.50.1 samba-devel-3.6.3-0.50.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): ldapsmb-1.34b-12.50.1 libldb1-3.6.3-0.50.1 libsmbclient0-3.6.3-0.50.1 libtalloc2-3.6.3-0.50.1 libtdb1-3.6.3-0.50.1 libtevent0-3.6.3-0.50.1 libwbclient0-3.6.3-0.50.1 samba-3.6.3-0.50.1 samba-client-3.6.3-0.50.1 samba-krb-printing-3.6.3-0.50.1 samba-winbind-3.6.3-0.50.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libsmbclient0-32bit-3.6.3-0.50.1 libtalloc2-32bit-3.6.3-0.50.1 libtdb1-32bit-3.6.3-0.50.1 libtevent0-32bit-3.6.3-0.50.1 libwbclient0-32bit-3.6.3-0.50.1 samba-32bit-3.6.3-0.50.1 samba-client-32bit-3.6.3-0.50.1 samba-winbind-32bit-3.6.3-0.50.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch): samba-doc-3.6.3-0.50.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390xx86_64): ldapsmb-1.34b-12.50.1 libldb1-3.6.3-0.50.1 libsmbclient0-3.6.3-0.50.1 libtalloc2-3.6.3-0.50.1 libtdb1-3.6.3-0.50.1 libtevent0-3.6.3-0.50.1 libwbclient0-3.6.3-0.50.1 samba-3.6.3-0.50.1 samba-client-3.6.3-0.50.1 samba-krb-printing-3.6.3-0.50.1 samba-winbind-3.6.3-0.50.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libsmbclient0-32bit-3.6.3-0.50.1 libtalloc2-32bit-3.6.3-0.50.1 libtdb1-32bit-3.6.3-0.50.1 libtevent0-32bit-3.6.3-0.50.1 libwbclient0-32bit-3.6.3-0.50.1 samba-32bit-3.6.3-0.50.1 samba-client-32bit-3.6.3-0.50.1 samba-winbind-32bit-3.6.3-0.50.1 - SUSE Linux Enterprise Server 11 SP3 (noarch): samba-doc-3.6.3-0.50.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libsmbclient0-x86-3.6.3-0.50.1 libtalloc2-x86-3.6.3-0.50.1 libtdb1-x86-3.6.3-0.50.1 libwbclient0-x86-3.6.3-0.50.1 samba-client-x86-3.6.3-0.50.1 samba-winbind-x86-3.6.3-0.50.1 samba-x86-3.6.3-0.50.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): libldb1-3.6.3-0.50.1 libsmbclient0-3.6.3-0.50.1 libtalloc2-3.6.3-0.50.1 libtdb1-3.6.3-0.50.1 libtevent0-3.6.3-0.50.1 libwbclient0-3.6.3-0.50.1 samba-3.6.3-0.50.1 samba-client-3.6.3-0.50.1 samba-krb-printing-3.6.3-0.50.1 samba-winbind-3.6.3-0.50.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libldb1-32bit-3.6.3-0.50.1 libsmbclient0-32bit-3.6.3-0.50.1 libtalloc2-32bit-3.6.3-0.50.1 libtdb1-32bit-3.6.3-0.50.1 libtevent0-32bit-3.6.3-0.50.1 libwbclient0-32bit-3.6.3-0.50.1 samba-32bit-3.6.3-0.50.1 samba-client-32bit-3.6.3-0.50.1 samba-winbind-32bit-3.6.3-0.50.1 - SUSE Linux Enterprise Desktop 11 SP3 (noarch): samba-doc-3.6.3-0.50.1 References: https://www.suse.com/security/cve/CVE-2013-4496.html https://scc.suse.com:443/patches/ . UbuntuSecurity Announcement: Critical OpenSSL update addresses vulnerabilities and strengthens cryptographic features.. Samba Security Update,SUSE Linux Update,Brute Force Protection,Samba Issues. . Severity: Important. LinuxSecurity.com Team
Apr 08, 2014
•Important
SuSE
172
security advisorysecurity issuecriticalUbuntu: 2156-1 Critical: Samba Password Protection Risk
Samba did not properly enforce the password guessing protection mechanism.. =========================================================================Ubuntu Security Notice USN-2156-1 March 26, 2014 samba vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.10 - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: Samba did not properly enforce the password guessing protection mechanism. Software Description: - samba: SMB/CIFS file, print, and login server for Unix Details: Andrew Bartlett discovered that Samba did not properly enforce the password guessing protection mechanism for all interfaces. A remote attacker could use this issue to possibly attempt to brute force user passwords. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.10: samba 2:3.6.18-1ubuntu3.2 Ubuntu 12.10: samba 2:3.6.6-3ubuntu5.4 Ubuntu 12.04 LTS: samba 2:3.6.3-2ubuntu2.10 Ubuntu 10.04 LTS: samba 2:3.4.7~dfsg-1ubuntu3.14 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-2156-1 CVE-2013-4496 Package Information: https://launchpad.net/ubuntu/+source/samba/2:3.6.18-1ubuntu3.2 https://launchpad.net/ubuntu/+source/samba/2:3.6.6-3ubuntu5.4 https://launchpad.net/ubuntu/+source/samba/2:3.6.3-2ubuntu2.10 https://launchpad.net/ubuntu/+source/samba/2:3.4.7~dfsg-1ubuntu3.14 . Ubuntu Security Notice USN-2156-2 addresses a newly identified flaw in Samba, which could permit repeated attempts to guess user passwords.. samba Vulnerability, Ubuntu Security, Password Protection. . Severity: Critical. LinuxSecurity.com Team
Mar 26, 2014
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!