Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 0 articles for you...
202
security advisorysambaDenial of ServiceopenSUSE 15.5 SUSE-SU-2023:4046-1 Important: Samba Security Issues
This update for samba fixes the following issues: CVE-2023-4091: Fixed a bug where a client can truncate file with read-only permissions. (bsc#1215904). # Security update for samba Announcement ID: SUSE-SU-2023:4046-1 Rating: important References: * #1215904 * #1215905 * #1215906 * #1215907 * #1215908 Cross-References: * CVE-2023-3961 * CVE-2023-4091 * CVE-2023-4154 * CVE-2023-42669 * CVE-2023-42670 CVSS scores: * CVE-2023-3961 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N * CVE-2023-4091 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2023-4154 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-42669 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-42670 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for samba fixes the following issues: * CVE-2023-4091: Fixed a bug where a client can truncate file with read-only permissions. (bsc#1215904) * CVE-2023-42669: Fixed a bug in "rpcecho" development server which allows Denial of Service via sleep() call on AD DC. (bsc#1215905) * CVE-2023-42670: Fixed the procedure number which was out of range when starting Active Directory Users and Computers. (bsc#1215906) * CVE-2023-3961: Fixed an unsanitized client pipe name passed to local_np_connect(). (bsc#1215907) * CVE-2023-4154: Fixed a bug in dirsync which allows SYSTEM access with only "GUID_DRS_GET_CHANGES" right. (bsc#1215908) ## PatchInstructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4046=1 openSUSE-SLE-15.5-2023-4046=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4046=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4046=1 * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2023-4046=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * samba-gpupdate-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-winbind-libs-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-devel-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * libsamba-policy0-python3-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * libsamba-policy-devel-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-ldb-ldap-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-libs-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-libs-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-client-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * ctdb-pcp-pmda-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * ctdb-pcp-pmda-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-python3-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * libsamba-policy-python3-devel-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-libs-python3-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-winbind-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-ldb-ldap-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * ctdb-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-libs-python3-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 *samba-test-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-tool-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * ctdb-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-client-libs-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-client-libs-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-debugsource-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-winbind-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-client-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * libsamba-policy0-python3-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-winbind-libs-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-python3-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-test-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * openSUSE Leap 15.5 (x86_64) * samba-devel-32bit-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-client-libs-32bit-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-client-32bit-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-client-libs-32bit-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-libs-32bit-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-libs-python3-32bit-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * libsamba-policy0-python3-32bit-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-client-32bit-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-winbind-libs-32bit-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-libs-python3-32bit-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-libs-32bit-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-winbind-libs-32bit-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * libsamba-policy0-python3-32bit-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * openSUSE Leap 15.5 (noarch) * samba-doc-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * openSUSE Leap 15.5 (aarch64 x86_64) * samba-ceph-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 *samba-ceph-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * openSUSE Leap 15.5 (aarch64_ilp32) * samba-winbind-libs-64bit-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-winbind-libs-64bit-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-libs-64bit-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * libsamba-policy0-python3-64bit-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-client-libs-64bit-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * libsamba-policy0-python3-64bit-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-devel-64bit-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-client-libs-64bit-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-libs-64bit-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-client-64bit-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-client-64bit-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-libs-python3-64bit-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-libs-python3-64bit-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * samba-debugsource-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-client-libs-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-client-libs-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * samba-gpupdate-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-winbind-libs-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-devel-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * libsamba-policy0-python3-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * libsamba-policy-devel-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-ldb-ldap-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-libs-4.17.9+git.421.abde31ca5c2-150500.3.11.1 *samba-libs-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-client-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-python3-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-libs-python3-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * libsamba-policy-python3-devel-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-winbind-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-ldb-ldap-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-libs-python3-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-tool-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-client-libs-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-client-libs-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-debugsource-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-winbind-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-client-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * libsamba-policy0-python3-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-winbind-libs-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-python3-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * Basesystem Module 15-SP5 (aarch64 x86_64) * samba-ceph-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-ceph-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * Basesystem Module 15-SP5 (x86_64) * samba-client-libs-32bit-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-client-libs-32bit-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-libs-32bit-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-winbind-libs-32bit-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-libs-32bit-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-winbind-libs-32bit-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * samba-debugsource-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * ctdb-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * samba-debuginfo-4.17.9+git.421.abde31ca5c2-150500.3.11.1 * ctdb-4.17.9+git.421.abde31ca5c2-150500.3.11.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3961.html * https://www.suse.com/security/cve/CVE-2023-4091.html * https://www.suse.com/security/cve/CVE-2023-4154.html * https://www.suse.com/security/cve/CVE-2023-42669.html * https://www.suse.com/security/cve/CVE-2023-42670.html * https://bugzilla.suse.com/show_bug.cgi?id=1215904 * https://bugzilla.suse.com/show_bug.cgi?id=1215905 * https://bugzilla.suse.com/show_bug.cgi?id=1215906 * https://bugzilla.suse.com/show_bug.cgi?id=1215907 * https://bugzilla.suse.com/show_bug.cgi?id=1215908 . Immediate samba patch tackles severe threats like file permission corruption and service termination exploits.. samba Security Update, openSUSE Samba Advisory, Important Samba Fix. . Severity: Important. LinuxSecurity.com Team
Oct 11, 2023
•Important
OpenSUSE
203
security advisorysecurity updatecriticalMageia: MGASA-2022-0057 Critical: Firefox Security Update Issues
If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions (CVE-2022-22754). If a user was convinced to drag and drop an image to their desktop or other . MGASA-2022-0057 - Updated firefox packages fix security vulnerability Publication date: 12 Feb 2022 URL: https://advisories.mageia.org/MGASA-2022-0057.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-22754, CVE-2022-22756, CVE-2022-22759, CVE-2022-22760, CVE-2022-22761, CVE-2022-22763, CVE-2022-22764 If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions (CVE-2022-22754). If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it (CVE-2022-22756). If a document created a sandboxed iframe without allow-scripts, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox (CVE-2022-22759). When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn information cross-origin (CVE-2022-22760). Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it was used in the Web Extension's Content Security Policy (CVE-2022-22761). When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible (CVE-2022-22763). Mozilla developers and community members Paul Adenot and the Mozilla Fuzzing Team reportedmemory safety bugs present in Firefox ESR 91.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code (CVE-2022-22764). References: - https://bugs.mageia.org/show_bug.cgi?id=30009 - https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_75.html - https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/ - https://www.cve.org/CVERecord?id=CVE-2022-22754 - https://www.cve.org/CVERecord?id=CVE-2022-22756 - https://www.cve.org/CVERecord?id=CVE-2022-22759 - https://www.cve.org/CVERecord?id=CVE-2022-22760 - https://www.cve.org/CVERecord?id=CVE-2022-22761 - https://www.cve.org/CVERecord?id=CVE-2022-22763 - https://www.cve.org/CVERecord?id=CVE-2022-22764 SRPMS: - 8/core/firefox-91.6.0-1.mga8 - 8/core/firefox-l10n-91.6.0-1.mga8 - 8/core/nss-3.75.0-1.mga8 . On February 12, 2022, Firefox released updates aimed at bolstering security measures by rectifying numerous vulnerabilities.. Mageia 8 Firefox Security Update, Firefox Permission Issues, Memory Safety Fix. . Severity: Critical. LinuxSecurity.com Team
Feb 12, 2022
•Critical
Mageia
203
security advisoryaccess controlsecurity fixMageia 8: 2021-0500 Moderate: Docker Access Control Problems
Updated docker packages fix security vulnerabilities: A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the hosts filesystem, . MGASA-2021-0500 - Updated docker packages fix security vulnerabilities Publication date: 31 Oct 2021 URL: https://advisories.mageia.org/MGASA-2021-0500.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-41089, CVE-2021-41091, CVE-2021-41092 Updated docker packages fix security vulnerabilities: A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the hosts filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process (CVE-2021-41089). A bug was found in Moby (Docker Engine) where the data directory (typically '/var/lib/docker') contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as 'setuid'), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files (CVE-2021-41091). A bug was found in the Docker CLI where running 'docker login my-private-registry.' with a misconfigured configuration file (typically '~/.docker/config.json') listing a 'credsStore' or 'credHelpers' that could not be executed would result in any provided credentials being sent to 'registry-1.docker.io' rather than the intended private registry (CVE-2021-41092). References: - https://bugs.mageia.org/show_bug.cgi?id=29527 -https://www.cve.org/CVERecord?id=CVE-2021-41089 - https://www.cve.org/CVERecord?id=CVE-2021-41091 - https://www.cve.org/CVERecord?id=CVE-2021-41092 SRPMS: - 8/core/docker-20.10.9-3.mga8 . Recent updates to Docker libraries rectify vulnerabilities concerning access rights and settings that affect Mageia operating systems.. docker security, Mageia updates, permission issues, software protection, access vulnerabilities. . LinuxSecurity.com Team
Oct 31, 2021
Mageia
100
security advisorymoderatetomcatSUSE: 2020:2996-1 Moderate: Tomcat HTTP/2 Request Mix-Up
An update that solves one vulnerability and has one errata is now available. . SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2996-1 Rating: moderate References: #1172562 #1177582 Cross-References: CVE-2020-13943 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for tomcat fixes the following issues: - CVE-2020-13943: Fixed HTTP/2 Request mix-up (bsc#1177582) - Don't give write permissions for the tomcat group on files and directories where it's not needed (bsc#1172562) - Use %tmpfiles_create macro in %post instead of calling systemd-tmpfiles directly Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2996=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): tomcat-9.0.36-3.50.1 tomcat-admin-webapps-9.0.36-3.50.1 tomcat-docs-webapp-9.0.36-3.50.1 tomcat-el-3_0-api-9.0.36-3.50.1 tomcat-javadoc-9.0.36-3.50.1 tomcat-jsp-2_3-api-9.0.36-3.50.1 tomcat-lib-9.0.36-3.50.1 tomcat-servlet-4_0-api-9.0.36-3.50.1 tomcat-webapps-9.0.36-3.50.1 References: https://www.suse.com/security/cve/CVE-2020-13943.html https://bugzilla.suse.com/1172562 https://bugzilla.suse.com/1177582 . Update for tomcat resolves a moderate issue, addressing HTTP/2 mix-up and permission configurations.. SUSE Security Update, Tomcat Patch, HTTP/2 Fix, Permission Configuration. . LinuxSecurity.com Team
Oct 22, 2020
SuSE
100
security advisorymoderatedenial of serviceSUSE: 2020:0957-1 Moderate: mgetty Denial Of Service Issue
An update that solves one vulnerability and has one errata is now available. . SUSE Security Update: Security update for mgetty ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0957-1 Rating: moderate References: #1142770 #1168170 Cross-References: CVE-2019-1010190 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for mgetty fixes the following issues: - CVE-2019-1010190: Fixed a denial of service which could be caused by a local attacker in putwhitespan() (bsc#1142770). - Fixed a permission issue which have resulted in build failures (bsc#1168170). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-957=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-957=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): mgetty-debuginfo-1.1.37-3.8.1 mgetty-debugsource-1.1.37-3.8.1 sendfax-1.1.37-3.8.1 sendfax-debuginfo-1.1.37-3.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): g3utils-1.1.37-3.8.1 g3utils-debuginfo-1.1.37-3.8.1 mgetty-1.1.37-3.8.1 mgetty-debuginfo-1.1.37-3.8.1 mgetty-debugsource-1.1.37-3.8.1 References: https://www.suse.com/security/cve/CVE-2019-1010190.html https://bugzilla.suse.com/1142770 https://bugzilla.suse.com/1168170 _______________________________________________ sle-security-updates mailing list
Apr 08, 2020
SuSE
203
security advisorysecurity updatesambaMageia: 2019-0286 Moderate: Samba Path Escape and Remote Crash
Updated samba packages fix security vulnerabilities: A combination of parameters and permissions in smb.conf can allow user to escape from the share path definition (CVE-2019-10197). . MGASA-2019-0286 - Updated samba packages fix security vulnerabilities Publication date: 21 Sep 2019 URL: https://advisories.mageia.org/MGASA-2019-0286.html Type: security Affected Mageia releases: 7 CVE: CVE-2019-10197, CVE-2019-12435, CVE-2019-12436 Updated samba packages fix security vulnerabilities: A combination of parameters and permissions in smb.conf can allow user to escape from the share path definition (CVE-2019-10197). An authenticated user can crash the Samba AD DC''s RPC server process via a NULL pointer dereference (CVE-2019-12435) An user with read access to the directory can cause a NULL pointer dereference using the paged search control (CVE-2019-12436). For other fixes in this update, see the referenced changelogs. References: - https://bugs.mageia.org/show_bug.cgi?id=24980 - - - - - - - - https://www.cve.org/CVERecord?id=CVE-2019-10197 - https://www.cve.org/CVERecord?id=CVE-2019-12435 - https://www.cve.org/CVERecord?id=CVE-2019-12436 SRPMS: - 7/core/samba-4.10.8-3.mga7 . Mageia 2020-0458 enhances apache to resolve severe security flaws involving session and configuration problems.. samba security update, Mageia samba, vulnerability management, samba vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Sep 21, 2019
•Important
Mageia
202
security advisorybuffer overflowcriticalopenSUSE: 2019:1920-1 Important: dosbox DoS Threat Mitigated
An update that fixes two vulnerabilities is now available.. openSUSE Security Update: Security update for dosbox ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:1920-1 Rating: important References: #1140254 Cross-References: CVE-2019-12594 CVE-2019-7165 Affected Products: openSUSE Backports SLE-15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for dosbox fixes the following issues: Security issues fixed: - CVE-2019-7165: Fixed that a very long line inside a bat file would overflow the parsing buffer (bnc#1140254). - CVE-2019-12594: Added a basic permission system so that a program running inside DOSBox can't access the contents of /proc (e.g. /proc/self/mem) when / or /proc were (to be) mounted (bnc#1140254). - Several other fixes for out of bounds access and buffer overflows. This update was imported from the openSUSE:Leap:15.0:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP1: zypper in -t patch openSUSE-2019-1920=1 Package List: - openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64): dosbox-0.74.3-bp151.4.3.1 References: https://www.suse.com/security/cve/CVE-2019-12594.html https://www.suse.com/security/cve/CVE-2019-7165.html https://bugzilla.suse.com/1140254 -- . Important openSUSE Security Patch addresses dosbox concerns regarding access rights and buffer overflow flaws.. openSUSE dosbox updates security patch. . Severity: Important. LinuxSecurity.com Team
Aug 15, 2019
•Important
OpenSUSE
172
security advisorydenial of servicecriticalUbuntu 11.04 USN-1196-1 Critical: eCryptfs Denial Of Service
An attacker could use eCryptfs to unmount arbitrary locations and cause a denial of service.. =========================================================================Ubuntu Security Notice USN-1196-1 August 23, 2011 ecryptfs-utils vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: An attacker could use eCryptfs to unmount arbitrary locations and cause a denial of service. Software Description: - ecryptfs-utils: ecryptfs cryptographic filesystem (utilities) Details: It was discovered that eCryptfs incorrectly handled permissions when modifying the mtab file. A local attacker could use this flaw to manipulate the mtab file, and possibly unmount arbitrary locations, leading to a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.04: ecryptfs-utils 87-0ubuntu1.2 Ubuntu 10.10: ecryptfs-utils 83-0ubuntu3.2.10.10.2 Ubuntu 10.04 LTS: ecryptfs-utils 83-0ubuntu3.2.10.04.2 In general, a standard system update will make all the necessary changes. References: CVE-2011-3145 Package Information: https://launchpad.net/ubuntu/+source/ecryptfs-utils/87-0ubuntu1.2 https://launchpad.net/ubuntu/+source/ecryptfs-utils/83-0ubuntu3.2.10.10.2 https://launchpad.net/ubuntu/+source/ecryptfs-utils/83-0ubuntu3.2.10.04.2 . A security flaw in the implementation of eCryptfs may allow an assailant to leverage configuration errors, resulting in potential downtime on Ubuntu platforms. Immediate patching recommended.. eCryptfs Vulnerability, Denial of Service, Ubuntu 11.04, ecryptfs-utils Patch. . Severity: Critical. LinuxSecurity.com Team
Aug 23, 2011
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!