Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
89
security advisorymoderatefedoraFedora 35 FEDORA-2022-e90299fabf Moderate phpMyAdmin Path Disclosure
**phpMyAdmin 5.1.3** - 2022-02-11 This version primarily addresses a regression that caused the navigation pane to not function correctly when multiple pages of tables were shown. Version 5.1.3 includes a security hardening improvement. The issue, reported by Rafael Pedrero, could allow users to cause an error that would reveal the path on disk where phpMyAdmin is running from. We believe this. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-e90299fabf 2022-02-20 01:08:12.119097 --------------------------------------------------------------------------------Name : phpMyAdmin Product : Fedora 35 Version : 5.1.3 Release : 1.fc35 URL : https://www.phpmyadmin.net/ Summary : A web interface for MySQL and MariaDB Description : phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats and is available in 50 languages --------------------------------------------------------------------------------Update Information: **phpMyAdmin 5.1.3** - 2022-02-11 This version primarily addresses a regression that caused the navigation pane to not function correctly when multiple pages of tables were shown. Version 5.1.3 includes a security hardening improvement. The issue, reported by Rafael Pedrero, could allow users to cause an error that would reveal the path on disk where phpMyAdmin is running from. We believe this requires the server to be running with display_errors on, which is not the recommended setting for a production environment. Version 5.1.3 includes a few other minor bug fixes and is recommended for all users. Changelog: - issue #17308 Fix broken pagination links in the navigation sidebar - issue #17331 Fix MariaDB has no support for system variable"disabled_storage_engines" - issue #17315 Fix unsupported operand types in Results.php when running "SHOW PROCESSLIST" SQL query - issue #17288 Fixed importing browser settings question box after login when having no pmadb - issue #17288 Fix "First day of calendar" user override has no effect - issue #17239 Fixed repeating headers are not working - issue #17298 Fixed import of email-adresses or links from ODS results in empty contents - issue #17344 Fixed a type error on ODS import with non string values - issue #17239 Fixed header row show/hide columns buttons on each line after hover are shown on each row - issue **[security]** Fix for path disclosure under certain server configurations (if display_errors is on, for instance) --------------------------------------------------------------------------------ChangeLog: * Fri Feb 11 2022 Remi Collet - 5.1.3-1 - update to 5.1.3 (2022-02-10, security and bugfix release) --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-e90299fabf' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Feb 19, 2022
Fedora
89
security advisoryfedoracriticalFedora 34: FEDORA-2022-2c0eaa6992 Critical Path Disclosure in phpMyAdmin
**phpMyAdmin 5.1.3** - 2022-02-11 This version primarily addresses a regression that caused the navigation pane to not function correctly when multiple pages of tables were shown. Version 5.1.3 includes a security hardening improvement. The issue, reported by Rafael Pedrero, could allow users to cause an error that would reveal the path on disk where phpMyAdmin is running from. We believe this. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-2c0eaa6992 2022-02-20 00:40:47.283933 --------------------------------------------------------------------------------Name : phpMyAdmin Product : Fedora 34 Version : 5.1.3 Release : 1.fc34 URL : https://www.phpmyadmin.net/ Summary : A web interface for MySQL and MariaDB Description : phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats and is available in 50 languages --------------------------------------------------------------------------------Update Information: **phpMyAdmin 5.1.3** - 2022-02-11 This version primarily addresses a regression that caused the navigation pane to not function correctly when multiple pages of tables were shown. Version 5.1.3 includes a security hardening improvement. The issue, reported by Rafael Pedrero, could allow users to cause an error that would reveal the path on disk where phpMyAdmin is running from. We believe this requires the server to be running with display_errors on, which is not the recommended setting for a production environment. Version 5.1.3 includes a few other minor bug fixes and is recommended for all users. Changelog: - issue #17308 Fix broken pagination links in the navigation sidebar - issue #17331 Fix MariaDB has no support for system variable"disabled_storage_engines" - issue #17315 Fix unsupported operand types in Results.php when running "SHOW PROCESSLIST" SQL query - issue #17288 Fixed importing browser settings question box after login when having no pmadb - issue #17288 Fix "First day of calendar" user override has no effect - issue #17239 Fixed repeating headers are not working - issue #17298 Fixed import of email-adresses or links from ODS results in empty contents - issue #17344 Fixed a type error on ODS import with non string values - issue #17239 Fixed header row show/hide columns buttons on each line after hover are shown on each row - issue **[security]** Fix for path disclosure under certain server configurations (if display_errors is on, for instance) --------------------------------------------------------------------------------ChangeLog: * Fri Feb 11 2022 Remi Collet - 5.1.3-1 - update to 5.1.3 (2022-02-10, security and bugfix release) --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-2c0eaa6992' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Feb 19, 2022
•Critical
Fedora
89
security advisoryfedorasecurity fixFedora 22: 2016-e1fe01e96e Critical: phpMyAdmin XSS and CSRF Fixes
phpMyAdmin 4.5.4 (2016-01-28) big sets is not working - Table list not saved in db QBE bookmarked search - While 'changing a column', query fails with a syntax error after the 'CHARSET=' keyword - Avoid syntax error in javascript messages on invalid PHP setting for max_input_vars - Properly handle errors in upacking zip archive - Set PHP's. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-e1fe01e96e 2016-02-01 02:27:04.519021 -------------------------------------------------------------------------------- Name : phpMyAdmin Product : Fedora 22 Version : 4.5.4 Release : 1.fc22 URL : https://www.phpmyadmin.net/ Summary : Handle the administration of MySQL over the World Wide Web Description : phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface (managing databases, tables, fields, relations, indexes, users, permissions), while you still have the ability to directly execute any SQL statement. Features include an intuitive web interface, support for most MySQL features (browse and drop databases, tables, views, fields and indexes, create, copy, drop, rename and alter databases, tables, fields and indexes, maintenance server, databases and tables, with proposals on server configuration, execute, edit and bookmark any SQL-statement, even batch-queries, manage MySQL usersand privileges, manage stored procedures and triggers), import data from CSV and SQL, export data to various formats: CSV, SQL, XML, PDF, OpenDocument Text and Spreadsheet, Word, Excel, LATEX and others, administering multiple servers, creating PDF graphics of your database layout, creating complex queries using Query-by-example (QBE), searching globally in a database or a subset of it, transforming stored data into any format using a set of predefined functions, like displaying BLOB-data as image or download-link and muchmore... -------------------------------------------------------------------------------- Update Information: phpMyAdmin 4.5.4 (2016-01-28) ============================= - live data edit of big sets is not working - Table list not saved in db QBE bookmarked search - While 'changing a column', query fails with a syntax error after the 'CHARSET=' keyword - Avoid syntax error in javascript messages on invalid PHP setting for max_input_vars - Properly handle errors in upacking zip archive - Set PHP's internal encoding to UTF-8 - Fixed Kanji encoding in some specific cases - Check whether iconv works before using it - Avoid conversion of MySQL error messages - Undefined index: parameters - Undefined index: field_name_orig - Undefined index: host - 'Add to central columns' (per column button) does nothing - SQL duplicate entry error trying to INSERT in designer_settings table - Fix handling of databases with dot in a name - Fix hiding of page content behind menu - FROM clause not generated after loading search bookmark - Fix creating/editing VIEW with DEFINER containing special chars - Do not invoke FLUSH PRIVILEGES when server in --skip-grant-tables - Misleading message for configuration storage - Table pagination does nothing when session expired - Index comments not working properly - Better handle local storage errors - Improve detection of privileges for privilege adjusting - Undefined property: stdClass::$releases at version check when disabled in config - SQL comment and variable stripped from bookmark on save - Gracefully handle errors in regex based javascript search - [Security] Multiple full path disclosure vulnerabilities, see PMASA-2016-1 - [Security] Unsafe generation of CSRF token, see PMASA-2016-2 - [Security] Multiple XSS vulnerabilities, see PMASA-2016-3 - [Security] Insecure password generation in JavaScript, see PMASA-2016-4 - [Security] Unsafe comparison of CSRF token, see PMASA-2016-5 - [Security] Multiple full path disclosure vulnerabilities, see PMASA-2016-6 - [Security] XSS vulnerability innormalization page, see PMASA-2016-7 - [Security] Full path disclosure vulnerability in SQL parser, see PMASA-2016-8 - [Security] XSS vulnerability in SQL editor, see PMASA-2016-9 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1302676 - CVE-2016-2038 phpMyAdmin: Multiple full path disclosure vulnerabilities (PMASA-2016-1) https://bugzilla.redhat.com/show_bug.cgi?id=1302676 [ 2 ] Bug #1302677 - CVE-2016-2039 phpMyAdmin: Unsafe generation of XSRF/CSRF token (PMASA-2016-2) https://bugzilla.redhat.com/show_bug.cgi?id=1302677 [ 3 ] Bug #1302679 - CVE-2016-2040 phpMyAdmin: Multiple XSS vulnerabilities (PMASA-2016-3) https://bugzilla.redhat.com/show_bug.cgi?id=1302679 [ 4 ] Bug #1302680 - CVE-2016-1927 phpMyAdmin: Insecure password generation in JavaScript (PMASA-2016-4) https://bugzilla.redhat.com/show_bug.cgi?id=1302680 [ 5 ] Bug #1302681 - CVE-2016-2041 phpMyAdmin: Unsafe comparison of XSRF/CSRF token (PMASA-2016-5) https://bugzilla.redhat.com/show_bug.cgi?id=1302681 [ 6 ] Bug #1302682 - CVE-2016-2042 phpMyAdmin: Multiple full path disclosure vulnerabilities (PMASA-2016-6) https://bugzilla.redhat.com/show_bug.cgi?id=1302682 [ 7 ] Bug #1302684 - CVE-2016-2043 phpMyAdmin: XSS vulnerability in normalization page (PMASA-2016-7) https://bugzilla.redhat.com/show_bug.cgi?id=1302684 [ 8 ] Bug #1302685 - CVE-2016-2044 phpMyAdmin: Full path disclosure vulnerability in SQL parser (PMASA-2016-8) https://bugzilla.redhat.com/show_bug.cgi?id=1302685 [ 9 ] Bug #1302686 - CVE-2016-2045 phpMyAdmin: XSS vulnerability in SQL editor (PMASA-2016-9) https://bugzilla.redhat.com/show_bug.cgi?id=1302686 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update phpMyAdmin' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signedwith the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Feb 01, 2016
•Critical
Fedora
89
security advisorysecurity updatecriticalFedora 22 phpMyAdmin 2015-345966871c Critical Path Disclosure Fix
phpMyAdmin 4.5.3.1 (2015-12-25) offset 2 - [Security] Path disclosure, see PMASA-2015-6 ---- phpMyAdmin 4.5.3.0 (2015-12-23) UNION ALL - MATCH AGAINST keywords not recognized - syntax verifier is not knowing "STRAIGHT_JOIN" - REPLACE() function confused with REPLACE statement -. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-345966871c 2015-12-30 21:35:46.514156 -------------------------------------------------------------------------------- Name : phpMyAdmin Product : Fedora 22 Version : 4.5.3.1 Release : 1.fc22 URL : https://www.phpmyadmin.net/ Summary : Handle the administration of MySQL over the World Wide Web Description : phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface (managing databases, tables, fields, relations, indexes, users, permissions), while you still have the ability to directly execute any SQL statement. Features include an intuitive web interface, support for most MySQL features (browse and drop databases, tables, views, fields and indexes, create, copy, drop, rename and alter databases, tables, fields and indexes, maintenance server, databases and tables, with proposals on server configuration, execute, edit and bookmark any SQL-statement, even batch-queries, manage MySQL usersand privileges, manage stored procedures and triggers), import data from CSV and SQL, export data to various formats: CSV, SQL, XML, PDF, OpenDocument Text and Spreadsheet, Word, Excel, LATEX and others, administering multiple servers, creating PDF graphics of your database layout, creating complex queries using Query-by-example (QBE), searching globally in a database or a subset of it, transforming stored data into any format using a set of predefined functions, like displaying BLOB-data as image or download-link and muchmore... -------------------------------------------------------------------------------- Update Information: phpMyAdmin 4.5.3.1 (2015-12-25) =============================== - Undefined offset 2 - [Security] Path disclosure, see PMASA-2015-6 ---- phpMyAdmin 4.5.3.0 (2015-12-23) =============================== - Incomplete results of UNION ALL - MATCH AGAINST keywords not recognized - syntax verifier is not knowing "STRAIGHT_JOIN" - REPLACE() function confused with REPLACE statement - FLUSH word not recognized by parser - Online syntax verifier bug - "IF" on SELECT statement - Format breaks query with COUNT() - Undefinex index: SendErrorReports - Incorrect script name in include - Warning: Invalid argument supplied for foreach() - Delimiter missing while exporting multiple db routines - mysql_native_password with MariaDB bug - Flush privileges overusage - related to #11597 - Query was empty on creating User in 4.5.2 - PMA_getDataForDeleteUsers() warning - Cannot create user on Percona Server - Properly report error on connecting - Database export template not saving compression option - Fix single quote export for servers in ANSI_QUOTES mode - Avoid duplicite fetching of table information - Temporary fix for live data edit of big sets is not working - IE 8 compatibility in console - Exporting feature does not work with union table - CSV import skip row count after - Cannot export results of some queries - Message "An account already exists..." incorrectly displayed - Missing quoting of table in ALTER CONVERT query - PMA 4.5.2 breaks MySQL Master-Master Cluster - Export and preview show different SQL for character set - Fix possible undefined variables in table operations -------------------------------------------------------------------------------- References: [ 1 ] Bug #1294254 - PMASA-2015-6 phpMyAdmin: Path disclosure https://bugzilla.redhat.com/show_bug.cgi?id=1294254 -------------------------------------------------------------------------------- This update can be installed with the "yum"update program. Use su -c 'yum update phpMyAdmin' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Dec 31, 2015
•Critical
Fedora
89
security advisorysecurity issueFedoraFedora 23: 2015-deb2bbdde0 Critical: phpMyAdmin Path Exposure
phpMyAdmin 4.5.3.1 (2015-12-25) offset 2 - [Security] Path disclosure, see PMASA-2015-6 ---- phpMyAdmin 4.5.3.0 (2015-12-23) UNION ALL - MATCH AGAINST keywords not recognized - syntax verifier is not knowing "STRAIGHT_JOIN" - REPLACE() function confused with REPLACE statement -. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-deb2bbdde0 2015-12-30 21:36:00.625352 -------------------------------------------------------------------------------- Name : phpMyAdmin Product : Fedora 23 Version : 4.5.3.1 Release : 1.fc23 URL : https://www.phpmyadmin.net/ Summary : Handle the administration of MySQL over the World Wide Web Description : phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface (managing databases, tables, fields, relations, indexes, users, permissions), while you still have the ability to directly execute any SQL statement. Features include an intuitive web interface, support for most MySQL features (browse and drop databases, tables, views, fields and indexes, create, copy, drop, rename and alter databases, tables, fields and indexes, maintenance server, databases and tables, with proposals on server configuration, execute, edit and bookmark any SQL-statement, even batch-queries, manage MySQL usersand privileges, manage stored procedures and triggers), import data from CSV and SQL, export data to various formats: CSV, SQL, XML, PDF, OpenDocument Text and Spreadsheet, Word, Excel, LATEX and others, administering multiple servers, creating PDF graphics of your database layout, creating complex queries using Query-by-example (QBE), searching globally in a database or a subset of it, transforming stored data into any format using a set of predefined functions, like displaying BLOB-data as image or download-link and muchmore... -------------------------------------------------------------------------------- Update Information: phpMyAdmin 4.5.3.1 (2015-12-25) =============================== - Undefined offset 2 - [Security] Path disclosure, see PMASA-2015-6 ---- phpMyAdmin 4.5.3.0 (2015-12-23) =============================== - Incomplete results of UNION ALL - MATCH AGAINST keywords not recognized - syntax verifier is not knowing "STRAIGHT_JOIN" - REPLACE() function confused with REPLACE statement - FLUSH word not recognized by parser - Online syntax verifier bug - "IF" on SELECT statement - Format breaks query with COUNT() - Undefinex index: SendErrorReports - Incorrect script name in include - Warning: Invalid argument supplied for foreach() - Delimiter missing while exporting multiple db routines - mysql_native_password with MariaDB bug - Flush privileges overusage - related to #11597 - Query was empty on creating User in 4.5.2 - PMA_getDataForDeleteUsers() warning - Cannot create user on Percona Server - Properly report error on connecting - Database export template not saving compression option - Fix single quote export for servers in ANSI_QUOTES mode - Avoid duplicite fetching of table information - Temporary fix for live data edit of big sets is not working - IE 8 compatibility in console - Exporting feature does not work with union table - CSV import skip row count after - Cannot export results of some queries - Message "An account already exists..." incorrectly displayed - Missing quoting of table in ALTER CONVERT query - PMA 4.5.2 breaks MySQL Master-Master Cluster - Export and preview show different SQL for character set - Fix possible undefined variables in table operations -------------------------------------------------------------------------------- References: [ 1 ] Bug #1294254 - PMASA-2015-6 phpMyAdmin: Path disclosure https://bugzilla.redhat.com/show_bug.cgi?id=1294254 -------------------------------------------------------------------------------- This update can be installed with the "yum"update program. Use su -c 'yum update phpMyAdmin' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Dec 31, 2015
•Critical
Fedora
91
security advisoryhigh severitycross-site scriptingGentoo: GLSA-200507-02 High Severity: WordPress Multiple Threats
WordPress contains PHP script injection, cross-site scripting and path disclosure vulnerabilities.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200507-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: WordPress: Multiple vulnerabilities Date: July 04, 2005 Bugs: #97374 ID: 200507-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= WordPress contains PHP script injection, cross-site scripting and path disclosure vulnerabilities. Background ========= WordPress is a PHP and MySQL based content management and publishing system. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/wordpress < 1.5.1.3 > = 1.5.1.3 Description ========== James Bercegay of the GulfTech Security Research Team discovered that WordPress insufficiently checks data passed to the XML-RPC server. He also discovered that WordPress has several cross-site scripting and full path disclosure vulnerabilities. Impact ===== An attacker could use the PHP script injection vulnerabilities to execute arbitrary PHP script commands. Furthermore the cross-site scripting vulnerabilities could be exploited to execute arbitrary script code in a user's browser session in context of a vulnerable site. Workaround ========= There are no known workarounds at this time. Resolution ========= All WordPress users should upgrade to the latest available version: # emerge --sync # emerge --ask --oneshot --verbose "> =www-apps/wordpress-1.5.1.3" References ========= [ 1 ]CAN-2005-1921 [ 2 ] GulfTech Advisory Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200507-02 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Jul 04, 2005
Gentoo
91
security advisoryhigh severitygentooGentoo: GLSA-200503-04 High: phpWebSite Arbitrary Execution Risk
Remote attackers can upload and execute arbitrary PHP scripts, another flaw reveals the full path of scripts.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200503-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: phpWebSite: Arbitrary PHP execution and path disclosure Date: March 01, 2005 Bugs: #83297 ID: 200503-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Remote attackers can upload and execute arbitrary PHP scripts, another flaw reveals the full path of scripts. Background ========= phpWebSite provides a complete web site content management system. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/phpwebsite < 0.10.0-r2 > = 0.10.0-r2 Description ========== NST discovered that, when submitting an announcement, uploaded files aren't correctly checked for malicious code. They also found out that phpWebSite is vulnerable to a path disclosure. Impact ===== A remote attacker can exploit this issue to upload files to a directory within the web root. By calling the uploaded script the attacker could then execute arbitrary PHP code with the rights of the web server. By passing specially crafted requests to the search module, remote attackers can also find out the full path of PHP scripts. Workaround ========= There is no known workaround at this time. Resolution ========= All phpWebSite users should upgrade to the latest available version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/phpwebsite-0.10.0-r2" References ========= [ 1 ] Secunia Advisory SA14399 https://www.flexera.com/products/security/software-vulnerability-research/secunia-research [ 2 ] phpWebSite announcement ;ANN_id=922&ANN_user_op=view Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200503-04 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Mar 01, 2005
Gentoo
91
security advisorydenial of servicegentooGentoo: 202305-12 Critical Alert: Curl Path Disclosure Vulnerability
A malicious server could potentially overwrite key files to cause a denial of service or, in some cases, gain privileges by modifying executable files.. - -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200212-7 - -------------------------------------------------------------------- PACKAGE : wget SUMMARY : directory traversal DATE : 2002-12-20 17:12 UTC EXPLOIT : remote - -------------------------------------------------------------------- Quote from advisory "A malicious server could potentially overwrite key files to cause a denial of service or, in some cases, gain privileges by modifying executable files. The risk is mitigated because non-default configurations are primarily affected, and the user must be convinced to access the malicious server. However, web-based clients may be more easily exploited." Read the full advisory at http://marc.theaimsgroup.com/?l=bugtraq&m=103962838628940&w=2 SOLUTION It is recommended that all Gentoo Linux users who are running net-misc/wget-1.8.2-r1 and earlier update their systems as follows: emerge rsync emerge wget emerge clean - --------------------------------------------------------------------
Dec 20, 2002
•Critical
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!