Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
99
security advisoryrisk managementSlackwareSlackware 15.0: SSA:2024-103-01 Critical: PHP Command Injection Risk
New php packages are available for Slackware 15.0 and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] php (SSA:2024-103-01) New php packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ extra/php81/php81-8.1.28-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: Command injection via array-ish $command parameter of proc_open. __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix. Password_verify can erroneously return true, opening ATO risk. For more information, see: https://www.php.net/ChangeLog-8.php#8.1.28 https://www.cve.org/CVERecord?id=CVE-2024-1874 https://www.cve.org/CVERecord?id=CVE-2024-2756 https://www.cve.org/CVERecord?id=CVE-2024-3096 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 15.0: Updated package for Slackware x86_64 15.0: Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 15.0 package: 912a70b605290d9fa79ac11089f232f3 php81-8.1.28-i586-1_slack15.0.txz Slackware x86_64 15.0 package: bbf7d8260161db99e343e17ae6c52bd9 php81-8.1.28-x86_64-1_slack15.0.txz Slackware -current package: 598fd38d4ec67d5dd6c8913b16e5ca6f n/php-8.3.6-i586-1.txz Slackware x86_64 -current package: 03bbdf7c6e708ce44e19740728cf2849 n/php-8.3.6-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg php81-8.1.28-i586-1_slack15.0.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpdstart +-----+ . Recent software updates have been released for Slackware 15.0 and testing versions, targeting significant security vulnerabilities and improvements.. Slackware Security Update, PHP Packages, Command Injection, Cookie Bypass, Risk Management. . Severity: Critical. LinuxSecurity.com Team
Apr 12, 2024
•Critical
Slackware
91
security advisorygentoopassword securityGentoo: GLSA-202307-22 Alert: rclone Lacks Entropy in Random Generation
rclone uses weak random number generation such that generated passwords can be easily cracked.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202107-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: rclone: Weak random number generation Date: July 08, 2021 Bugs: #755638 ID: 202107-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= rclone uses weak random number generation such that generated passwords can be easily cracked. Background ========= rclone is a problem to sync files to and from various cloud storage providers. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/rclone < 1.53.3 > = 1.53.3 Description ========== Passwords generated with rclone were insecurely generated and are vulnerable to brute force attacks. Impact ===== Data kept secret with a password generated by rclone may be disclosed to a local attacker. Workaround ========= There is no known workaround at this time. Resolution ========= All rclone users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-misc/rclone-1.53.3" References ========= [ 1 ] CVE-2020-28924 https://nvd.nist.gov/vuln/detail/CVE-2020-28924 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202107-14 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machinesis of utmost importance to us. Any security concerns should be addressed to
Jul 07, 2021
Gentoo
203
security advisoryprivilege escalationfirefoxMageia: 2019-0268 Moderate: Firefox Security Issues Addressed
The updated packages fix several bugs and some security issues: Sandbox escape through Firefox Sync. (CVE-2019-9812) Stored passwords in 'Saved Logins' can be copied without master password . MGASA-2019-0268 - Updated firefox packages fix security vulnerabilities Publication date: 12 Sep 2019 URL: https://advisories.mageia.org/MGASA-2019-0268.html Type: security Affected Mageia releases: 7 CVE: CVE-2019-9812, CVE-2019-11733, CVE-2019-11735, CVE-2019-11736, CVE-2019-11738, CVE-2019-11740, CVE-2019-11742, CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11747, CVE-2019-11748, CVE-2019-11749, CVE-2019-11750, CVE-2019-11751, CVE-2019-11752, CVE-2019-11753 The updated packages fix several bugs and some security issues: Sandbox escape through Firefox Sync. (CVE-2019-9812) Stored passwords in 'Saved Logins' can be copied without master password entry. (CVE-2019-11733) Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1. (CVE-2019-11735) File manipulation and privilege escalation in Mozilla Maintenance Service. (CVE-2019-11736) Content security policy bypass through hash-based sources in directives. (CVE-2019-11738) Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9. (CVE-2019-11740) Same-origin policy violation with SVG filters and canvas to steal cross-origin images. (CVE-2019-11742) Cross-origin access to unload event attributes. (CVE-2019-11743) XSS by breaking out of title and textarea elements using innerHTML. (CVE-2019-11744) Use-after-free while manipulating video. (CVE-2019-11746) 'Forget about this site' removes sites from pre-loaded HSTS list. (CVE-2019-11747) Persistence of WebRTC permissions in a third party context. (CVE-2019-11748) Camera information available without prompting using getUserMedia. (CVE-2019-11749) Type confusion in Spidermonkey. (CVE-2019-11750) Malicious code execution through command line parameters. (CVE-2019-11751) Use-after-free whileextracting a key value in IndexedDB. (CVE-2019-11752) Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location. (CVE-2019-11753) References: - https://bugs.mageia.org/show_bug.cgi?id=25359 - https://www.firefox.com/en-US/firefox/68.0.1/releasenotes/?redirect_source=mozilla-org - https://www.firefox.com/en-US/firefox/68.0.2/releasenotes/?redirect_source=mozilla-org - https://www.firefox.com/en-US/firefox/68.1.0/releasenotes/?redirect_source=mozilla-org - https://www.mozilla.org/en-US/security/advisories/mfsa2019-24/ - https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/ - https://hg-edge.mozilla.org/projects/nss/log/default/lib/ckfw/builtins/certdata.txt - - https://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/RQtSKOF9rM0 - https://access.redhat.com/errata/RHSA-2019:2663 - https://www.cve.org/CVERecord?id=CVE-2019-9812 - https://www.cve.org/CVERecord?id=CVE-2019-11733 - https://www.cve.org/CVERecord?id=CVE-2019-11735 - https://www.cve.org/CVERecord?id=CVE-2019-11736 - https://www.cve.org/CVERecord?id=CVE-2019-11738 - https://www.cve.org/CVERecord?id=CVE-2019-11740 - https://www.cve.org/CVERecord?id=CVE-2019-11742 - https://www.cve.org/CVERecord?id=CVE-2019-11743 - https://www.cve.org/CVERecord?id=CVE-2019-11744 - https://www.cve.org/CVERecord?id=CVE-2019-11746 - https://www.cve.org/CVERecord?id=CVE-2019-11747 - https://www.cve.org/CVERecord?id=CVE-2019-11748 - https://www.cve.org/CVERecord?id=CVE-2019-11749 - https://www.cve.org/CVERecord?id=CVE-2019-11750 - https://www.cve.org/CVERecord?id=CVE-2019-11751 - https://www.cve.org/CVERecord?id=CVE-2019-11752 - https://www.cve.org/CVERecord?id=CVE-2019-11753 SRPMS: - 7/core/firefox-68.1.0-1.mga7 - 7/core/firefox-l10n-68.1.0-1.mga7 - 7/core/rootcerts-20190820.00-1.mga7 - 7/core/nspr-4.22-1.mga7 - 7/core/nss-3.46.0-1.mga7 . Recent Chrome updates address critical vulnerabilities such as remote code execution, cross-site scripting, and encryption flaws.. firefox security, Mageia updates, memory safety issues,password vulnerabilities, security patch. . Severity: Important. LinuxSecurity.com Team
Sep 12, 2019
•Important
Mageia
98
security advisorymoderatebug fixRed Hat: RHSA-2018:2071-01 Moderate: Virtualization Manager Security Update
An update for org.ovirt.engine-root is now available for Red Hat Virtualization Manager 4.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Virtualization Manager security, bug fix, and enhancement update Advisory ID: RHSA-2018:2071-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2018:2071 Issue date: 2018-06-27 CVE Names: CVE-2018-1072 CVE-2018-1075 ==================================================================== 1. Summary: An update for org.ovirt.engine-root is now available for Red Hat Virtualization Manager 4.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: RHV-M 4.2 - noarch 3. Description: The Red Hat Virtualization Manager is a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. The Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a User Portal, and a Representational State Transfer (REST) Application Programming Interface (API). The following packages have been upgraded to a later version: * org.ovirt.engine-root (4.2.4.5). (BZ#1576752) Security Fix(es): * ovirt-engine: Unfiltered password when choosingmanual db provisioning (CVE-2018-1075) * ovirt-engine-setup: unfiltered db password in engine-backup log (CVE-2018-1072) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. These issues were discovered by Yedidyah Bar David (Red Hat). Bug Fix(es): * This update enables engine-setup to upgrade PostgreSQL 9.2 to 9.5, even when the locale of the 9.2 database is different from the system locale. (BZ#1579268) * This update fixes an inefficient query that is generated when users click on the 'Users' tab in the Administration Portal. The fix ensures that the tab loads quicker. (BZ#1583619) Enhancement(s): * The storage domain's General sub-tab in the Administration Portal now shows the number of images on the storage domain under the rubric "Images", this corresponds to the number of LVs on a block domain. (BZ#1587885) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/2974891 5. Bugs fixed (https://bugzilla.redhat.com/): 1098612 - [donstream clone 4.2.4] [RFE] filter for "Allocation Policy" in Disks search 1251468 - [RFE] Additional warning when removing required networks 1542508 - CVE-2018-1075 ovirt-engine: Unfiltered password when choosing manual db provisioning 1575081 - VMs will fail to start in a cluster which is having display network having name greater than 15 characters1576352 - rhvm-4.2 reports "no updates found" although there is available updates 1576752 - Number of "Prestarted VMs" is ignored and all VMs of Pool starts after editing existing Pool. 1579268 - Upgrade of PostgreSQL during RHV 4.1 to 4.2 upgrade fails with locale mismatch 1582822 - [UI] - Interface name is gone in the Network Interfaces sub tab 1583579 - [downstream clone - 4.2.4] Very slow UI if Host has many (~64) elements (VFs or dummies or networks) 1583619 - [downstream clone - 4.2.4] [SCALE] Listingusers in Users tab overloads the postgresql DB (CPU) 1584885 - VM remains migrating forever with no Host (actually doesn't exist) after StopVmCommand fails to DestroyVDS 1585013 - [downstream clone - 4.2.4] ovirt-engine loses track of a cancelled disk 1585039 - [downstream clone - 4.2.4] Live Storage Migration continued on after snapshot creation hung and timed out 1585157 - [downstream clone - 4.2.4] [UI] - VM's network interface name and icon too large and wrap 1585454 - [downstream clone - 4.2.4] Uploaded image: Virtual Size of qcow2 image is not reflected at guest OS level 1585455 - [downstream clone - 4.2.4] Move disk failed but delete was called on source sd, losing all the data 1585456 - [downstream clone - 4.2.4] ovirt-engine fails to start when having a large number of stateless snapshots 1585950 - [downstream clone - 4.2.4] Live Merge failed on engine with "still in volume chain", but merge on host was successful 1587884 - [downstream clone - 4.2.4] [RFE] Include storage domain UUID in Storage Domain 'General' tab 1587885 - [downstream clone - 4.2.4] [RFE] Need a way to track how many logical volumes consumed in a storage domain and alert when it gets full 6. Package List: RHV-M4.2: Source: ovirt-engine-4.2.4.5-0.1.el7_3.src.rpm noarch: ovirt-engine-4.2.4.5-0.1.el7_3.noarch.rpm ovirt-engine-backend-4.2.4.5-0.1.el7_3.noarch.rpm ovirt-engine-dbscripts-4.2.4.5-0.1.el7_3.noarch.rpm ovirt-engine-extensions-api-impl-4.2.4.5-0.1.el7_3.noarch.rpm ovirt-engine-extensions-api-impl-javadoc-4.2.4.5-0.1.el7_3.noarch.rpm ovirt-engine-health-check-bundler-4.2.4.5-0.1.el7_3.noarch.rpm ovirt-engine-lib-4.2.4.5-0.1.el7_3.noarch.rpm ovirt-engine-restapi-4.2.4.5-0.1.el7_3.noarch.rpm ovirt-engine-setup-4.2.4.5-0.1.el7_3.noarch.rpm ovirt-engine-setup-base-4.2.4.5-0.1.el7_3.noarch.rpm ovirt-engine-setup-plugin-ovirt-engine-4.2.4.5-0.1.el7_3.noarch.rpm ovirt-engine-setup-plugin-ovirt-engine-common-4.2.4.5-0.1.el7_3.noarch.rpm ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.2.4.5-0.1.el7_3.noarch.rpm ovirt-engine-setup-plugin-websocket-proxy-4.2.4.5-0.1.el7_3.noarch.rpm ovirt-engine-tools-4.2.4.5-0.1.el7_3.noarch.rpm ovirt-engine-tools-backup-4.2.4.5-0.1.el7_3.noarch.rpm ovirt-engine-vmconsole-proxy-helper-4.2.4.5-0.1.el7_3.noarch.rpm ovirt-engine-webadmin-portal-4.2.4.5-0.1.el7_3.noarch.rpm ovirt-engine-websocket-proxy-4.2.4.5-0.1.el7_3.noarch.rpm rhvm-4.2.4.5-0.1.el7_3.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-1072 https://access.redhat.com/security/cve/CVE-2018-1075 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBWzNhINzjgjWX9erEAQjyCA//caCqInOsEARLRcnSqBFF7N+YDh4Ui2YR afQ0iGjVJrRYfE3qSUwQUTUB5nY2okmQKVDJ0Z1+q6nzPbMo12ANGIFORCvuyHjF EX0UXXJ+bCOAF2ozULK288YFmKJWa4+5SVBPEkZI+z6BLt5bwWlc8SOp8QRB51ut YjwdVBFABisl0GsRHzAQ7oDucEC5SrixS81PfFUDThBHQM0EBryHh+OhMjMXrGNK ul+8dKc7svuM34w8Fl4PnehFkz/05NRIR6n3WT9E6vLKziz2A/wnIASJFVZEJdto BLy5ZFJYu+kmMMcmBi98SOywzZrwqpI5GGeAYAf5xvXO2o/PyBh+B2AoqRf0lUWu PKYBZKvHmqu4ep+giXdZFrrByRRCUTEeTv/UQF+7s+E6VeKWjuuBrGfPsMLGyWML Q8scUcOZ4BFNDz2qzJmcqklEOtP+vxqkGX7pk0DOgxNpKkzdf4kfPgyfaGJokF/S hdXO0WvdnyBHKyMcaLufVwZcxkAq3PsGYmH90BkXPUWd3+rgY42nVGIdtyRybZah h34zxrcpbc+sL9mgdqujHED4kdapMfslpmA+sYcE5lA4I04v3Qs3SdDoe90hfBgo bk+Hh8rcVjmED/ODsnsfjQisNK3G611fcbRIIAxZxED4LuG+Lb1HGwvP8Mm/3Rtl 7f1SGV7tQoE=Saa5 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 27, 2018
Red Hat
200
security advisorymoderateDoSScientific Linux: CVE-2012-2143 Moderate PostgreSQL Security Advisory
Moderate: postgresql and postgresql84 security update. Date: Thu, 5 Jul 2012 16:08:25 -0500 Reply-To: Pat Riehecky Sender: Security Errata for Scientific Linux From: Pat Riehecky Organization: Fermilab Subject: Security ERRATA Moderate: postgresql and postgresql84 on SL5.x i386/x86_64 MIME-Version: 1.0 Synopsis: Moderate: postgresql and postgresql84 security update Issue Date: 2012-06-25 CVE Numbers: CVE-2012-2143 CVE-2012-2655 PostgreSQL is an advanced object-relational database management system (DBMS). A flaw was found in the way the crypt() password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contained the 0x80 byte value, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength. This made brute-force guessing more efficient as the whole password was not required to gain access to protected resources. (CVE-2012-2143) Note: With this update, the rest of the string is properly included in the DES hash; therefore, any previously stored password values that are affected by this issue will no longer match. In such cases, it will be necessary for those stored password hashes to be updated. A denial of service flaw was found in the way the PostgreSQL server performed a user privileges check when applying SECURITY DEFINER or SET attributes to a procedural language's (such as PL/Perl or PL/Python) call handler function. A non-superuser database owner could use this flaw to cause the PostgreSQL server to crash due to infinite recursion. (CVE-2012-2655) These updated packages upgrade PostgreSQL to version 8.4.12, which fixes these issues as well as several non-security issues. Refer to the PostgreSQL Release Notes for a full list of changes: https://www.postgresql.org/docs/8.4/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct these issues. If the postgresql service isrunning, it will be automatically restarted after installing this update. SL5: i386 postgresql84-8.4.12-1.el5_8.i386.rpm postgresql84-contrib-8.4.12-1.el5_8.i386.rpm postgresql84-debuginfo-8.4.12-1.el5_8.i386.rpm postgresql84-devel-8.4.12-1.el5_8.i386.rpm postgresql84-docs-8.4.12-1.el5_8.i386.rpm postgresql84-libs-8.4.12-1.el5_8.i386.rpm postgresql84-plperl-8.4.12-1.el5_8.i386.rpm postgresql84-plpython-8.4.12-1.el5_8.i386.rpm postgresql84-pltcl-8.4.12-1.el5_8.i386.rpm postgresql84-python-8.4.12-1.el5_8.i386.rpm postgresql84-server-8.4.12-1.el5_8.i386.rpm postgresql84-tcl-8.4.12-1.el5_8.i386.rpm postgresql84-test-8.4.12-1.el5_8.i386.rpm x86_64 postgresql84-8.4.12-1.el5_8.x86_64.rpm postgresql84-contrib-8.4.12-1.el5_8.x86_64.rpm postgresql84-debuginfo-8.4.12-1.el5_8.i386.rpm postgresql84-debuginfo-8.4.12-1.el5_8.x86_64.rpm postgresql84-devel-8.4.12-1.el5_8.i386.rpm postgresql84-devel-8.4.12-1.el5_8.x86_64.rpm postgresql84-docs-8.4.12-1.el5_8.x86_64.rpm postgresql84-libs-8.4.12-1.el5_8.i386.rpm postgresql84-libs-8.4.12-1.el5_8.x86_64.rpm postgresql84-plperl-8.4.12-1.el5_8.x86_64.rpm postgresql84-plpython-8.4.12-1.el5_8.x86_64.rpm postgresql84-pltcl-8.4.12-1.el5_8.x86_64.rpm postgresql84-python-8.4.12-1.el5_8.x86_64.rpm postgresql84-server-8.4.12-1.el5_8.x86_64.rpm postgresql84-tcl-8.4.12-1.el5_8.x86_64.rpm postgresql84-test-8.4.12-1.el5_8.x86_64.rpm . MySQL security patch resolves vulnerabilities in encryption methods and DDOS mitigation on CentOS.. PostgreSQL security update, SL5.x guidance, database security issues, password hashing exploits. . LinuxSecurity.com Team
Jul 05, 2012
Scientific Linux
91
security advisorygentoolocal attackGentoo: GLSA-200510-22 Normal: SELinux PAM Password Attack
A vulnerability in the SELinux version of PAM allows a local attacker to brute-force system passwords.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200510-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: SELinux PAM: Local password guessing attack Date: October 28, 2005 Bugs: #109485 ID: 200510-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability in the SELinux version of PAM allows a local attacker to brute-force system passwords. Background ========= PAM (Pluggable Authentication Modules) is an architecture allowing the separation of the development of privilege granting software from the development of secure and appropriate authentication schemes. SELinux is an operating system based on Linux which includes Mandatory Access Control. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-libs/pam < 0.78-r3 > = 0.78-r3 Description ========== The SELinux patches for PAM introduce a vulnerability allowing a password to be checked with the unix_chkpwd utility without delay or logging. This vulnerability doesn't affect users who do not run SELinux. Impact ===== A local attacker could exploit this vulnerability to brute-force passwords and escalate privileges on an SELinux system. Workaround ========= There is no known workaround at this time. Resolution ========= All SELinux PAM users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-libs/pam-0.78-r3" References ========= [ 1 ] CVE-2005-2977 https://www.cve.org/CVERecord?id=CVE-2005-2977 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200510-22 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Oct 28, 2005
Gentoo
89
security advisoryhigh severityFedora CoreFedora Core 3: UBUNTU-2005-678 High: Words Package Security Update
Updated package.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-355 2005-05-04 ---------------------------------------------------------------------Product : Fedora Core 3 Name : words Version : 3.0 Release : 2.3 Summary : A dictionary of English words for the /usr/share/dict directory. Description : The words file is a dictionary of English words for the /usr/share/dict directory. Some programs use this database of words to check spelling. Password checkers use it to look for bad passwords. ---------------------------------------------------------------------* Mon May 2 2005 Karel Zak 3-2.3 - sort with --dictionary-order - remove words with possessives ('s) ---------------------------------------------------------------------This update can be downloaded from: 6558a61182ecf4be2a5f4599cac52c49 SRPMS/words-3.0-2.3.src.rpm 5f45a8552d453d159309f3f96653bfc8 x86_64/words-3.0-2.3.noarch.rpm 5f45a8552d453d159309f3f96653bfc8 i386/words-3.0-2.3.noarch.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. -----------------------------------------------------------------------fedora-announce-list mailing list
May 04, 2005
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!