Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
98
security advisorymemory corruptionRed Hat Enterprise LinuxRed Hat 7: RHSA-2023-1791-01 Important: Firefox Memory Corruption
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2023:1791-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:1791 Issue date: 2023-04-14 CVE Names: CVE-2023-1945 CVE-2023-29533 CVE-2023-29535 CVE-2023-29536 CVE-2023-29539 CVE-2023-29541 CVE-2023-29548 CVE-2023-29550 ==================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.10.0 ESR. Security Fix(es): * MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp (BZ#2186102) * Mozilla: Fullscreen notification obscured (CVE-2023-29533) * Mozilla: Potential MemoryCorruption following Garbage Collector compaction (CVE-2023-29535) * Mozilla: Invalid free from JavaScript code (CVE-2023-29536) * Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10 (CVE-2023-29550) * Mozilla: Memory Corruption in Safe Browsing Code (CVE-2023-1945) * Mozilla: Content-Disposition filename truncation leads to Reflected File Download (CVE-2023-29539) * Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux (CVE-2023-29541) * Mozilla: Incorrect optimization result on ARM64 (CVE-2023-29548) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2186101 - CVE-2023-29533 Mozilla: Fullscreen notification obscured 2186102 - MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp 2186103 - CVE-2023-29535 Mozilla: Potential Memory Corruption following Garbage Collector compaction 2186104 - CVE-2023-29536 Mozilla: Invalid free from JavaScript code 2186105 - CVE-2023-29539 Mozilla: Content-Disposition filename truncation leads to Reflected File Download 2186106 - CVE-2023-29541 Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux 2186109 - CVE-2023-1945 Mozilla: Memory Corruption in Safe Browsing Code 2186110 - CVE-2023-29548 Mozilla: Incorrect optimization result on ARM64 2186111 - CVE-2023-29550 Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: firefox-102.10.0-1.el7_9.src.rpm x86_64: firefox-102.10.0-1.el7_9.x86_64.rpm firefox-debuginfo-102.10.0-1.el7_9.x86_64.rpm Red Hat Enterprise Linux Client Optional(v. 7): x86_64: firefox-102.10.0-1.el7_9.i686.rpm firefox-debuginfo-102.10.0-1.el7_9.i686.rpm Red Hat Enterprise Linux Server (v. 7): Source: firefox-102.10.0-1.el7_9.src.rpm ppc64: firefox-102.10.0-1.el7_9.ppc64.rpm firefox-debuginfo-102.10.0-1.el7_9.ppc64.rpm ppc64le: firefox-102.10.0-1.el7_9.ppc64le.rpm firefox-debuginfo-102.10.0-1.el7_9.ppc64le.rpm s390x: firefox-102.10.0-1.el7_9.s390x.rpm firefox-debuginfo-102.10.0-1.el7_9.s390x.rpm x86_64: firefox-102.10.0-1.el7_9.x86_64.rpm firefox-debuginfo-102.10.0-1.el7_9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): x86_64: firefox-102.10.0-1.el7_9.i686.rpm firefox-debuginfo-102.10.0-1.el7_9.i686.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: firefox-102.10.0-1.el7_9.src.rpm x86_64: firefox-102.10.0-1.el7_9.x86_64.rpm firefox-debuginfo-102.10.0-1.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: firefox-102.10.0-1.el7_9.i686.rpm firefox-debuginfo-102.10.0-1.el7_9.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-1945 https://access.redhat.com/security/cve/CVE-2023-29533 https://access.redhat.com/security/cve/CVE-2023-29535 https://access.redhat.com/security/cve/CVE-2023-29536 https://access.redhat.com/security/cve/CVE-2023-29539 https://access.redhat.com/security/cve/CVE-2023-29541 https://access.redhat.com/security/cve/CVE-2023-29548 https://access.redhat.com/security/cve/CVE-2023-29550 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBZDmAA9zjgjWX9erEAQjhEQ//ePHC6/ezV+5kjaOaFxFNNloK4X6lG22u YgdF1sXJcZUfoIpnsgVcExHZ8b9KE/25a4dAy8Pq1iOPRdDK9nr6gdFnnXJXdzGa Vv7RiiYvwGYAWNRMrJSh9poPzjb3xJQjrVMD97/mbw+8lBbAxFMhAjBmjL+2Ooy/ WPbW9e7EBu9zE5CaP1RS3e30CHHNT4uu3tMddmzSHZBQuVadjgs1GVkg9yKmp++o Oa4Z8CahWzpBbmx/iN6oaMKwBbSPDaT3Yb2+kEcFtYiBlGInwjplXH5kW4AI9BZ0 XLHtT9S5y3/FoQvFVvVhRpajGvWUwBMzW6JEDXIOj62qlT6xJQ6/YtqbGO8PG/eO NcxB24fgTOkrNg/IEbDxfV2ntcXQ2dwM3uwnPYceXRGXaFqmEG+lbHENW+n0x2N1 ELqvAJzFjeDQXiNuVR0dIU2OIgeeSbNFyuBmxm//ZH6baozjVMTSt/OYrIjjC3S7 pLq63gjovcglUzZ9ZZ3aPT/O8VQr7zMn1rSbVHb9iKzbjspZGWL347QA5hDjCugg l3aa4jrPTRF5GAChPAeP4M4We+2urZsrxh2N+QImXD9PPOXiq6YcBQht2uzFO7YI FEJ3jH+x3hWPunYgA90iWoz1Ye9mknW8ObOjHgGHEkW00s8QL//CE6ffmS8sEdnU WzNUXlDN+80=hQPb -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 14, 2023
•Important
Red Hat
172
security advisorydenial of serviceupdateUbuntu 20.04 & 18.04 LTS USN-5248-1: Moderate Thunderbird Security Issues
Several security issues were fixed in Thunderbird.. =========================================================================Ubuntu Security Notice USN-5248-1 January 21, 2022 thunderbird vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in Thunderbird. Software Description: - thunderbird: Mozilla Open Source mail and newsgroup client Details: Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, trick a user into accepting unwanted permissions, conduct header splitting attacks, conduct spoofing attacks, bypass security restrictions, confuse the user, or execute arbitrary code. (CVE-2021-4129, CVE-2021-4140, CVE-2021-29981, CVE-2021-29982, CVE-2021-29987, CVE-2021-29991, CVE-2021-38495, CVE-2021-38496, CVE-2021-38497, CVE-2021-38498, CVE-2021-38500, CVE-2021-38501, CVE-2021-38503, CVE-2021-38504, CVE-2021-38506, CVE-2021-38507, CVE-2021-38508, CVE-2021-38509, CVE-2021-43534, CVE-2021-43535, CVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539, CVE-2021-43541, CVE-2021-43542, CVE-2021-43543, CVE-2021-43545, CVE-2021-43656, CVE-2022-22737, CVE-2022-22738, CVE-2022-22739, CVE-2022-22740, CVE-2022-22741, CVE-2022-22742, CVE-2022-22743, CVE-2022-22745, CVE-2022-22747, CVE-2022-22748, CVE-2022-22751) It was discovered that Thunderbird ignored the configuration to require STARTTLS for an SMTP connection. A person-in-the-middle could potentially exploit this to perform a downgrade attack in order to intercept messages or take control of a session. (CVE-2021-38502) It was discovered that JavaScript was unexpectedly enabled in the composition area. An attacker could potentiallyexploit this in combination with another vulnerability, with unspecified impacts. (CVE-2021-43528) A buffer overflow was discovered in the Matrix chat library bundled with Thunderbird. An attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2021-44538) It was discovered that Thunderbird's OpenPGP integration only considered the inner signed message when checking signature validity in a message that contains an additional outer MIME layer. An attacker could potentially exploit this to trick the user into thinking that a message has a valid signature. (CVE-2021-4126) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: thunderbird 1:91.5.0+build1-0ubuntu0.20.04.1 Ubuntu 18.04 LTS: thunderbird 1:91.5.0+build1-0ubuntu0.18.04.1 After a standard system update you need to restart Thunderbird to make all the necessary changes. References: CVE-2021-29981, CVE-2021-29982, CVE-2021-29987, CVE-2021-29991, CVE-2021-38495, CVE-2021-38496, CVE-2021-38497, CVE-2021-38498, CVE-2021-38500, CVE-2021-38501, CVE-2021-38502, CVE-2021-38503, CVE-2021-38504, CVE-2021-38506, CVE-2021-38507, CVE-2021-38508, CVE-2021-38509, CVE-2021-4126, CVE-2021-4129, CVE-2021-4140, CVE-2021-43528, CVE-2021-43534, CVE-2021-43535, CVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539, CVE-2021-43541, CVE-2021-43542, CVE-2021-43543, CVE-2021-43545, CVE-2021-43546, CVE-2021-44538, CVE-2022-22737, CVE-2022-22738, CVE-2022-22739, CVE-2022-22740, CVE-2022-22741, CVE-2022-22742, CVE-2022-22743, CVE-2022-22745, CVE-2022-22747, CVE-2022-22748, CVE-2022-22751 Package Information: https://launchpad.net/ubuntu/+source/thunderbird/1:91.5.0+build1-0ubuntu0.20.04.1 https://launchpad.net/ubuntu/+source/thunderbird/1:91.5.0+build1-0ubuntu0.18.04.1 . Explore the USN-5248-1 security bulletin outlining multipleThunderbird security issues in Ubuntu. Immediate upgrade recommended.. Ubuntu Security Notice, Thunderbird Threats, Update Recommendations. . LinuxSecurity.com Team
Jan 21, 2022
Ubuntu
172
security advisorysoftware updateman-in-the-middleUbuntu 10.04 LTS USN-1465-3 Critical: Client Certificate Flaw
Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet.. =========================================================================Ubuntu Security Notice USN-1465-3 June 06, 2012 ubuntuone-client regression ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 10.04 LTS Summary: Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet. Software Description: - ubuntuone-client: Ubuntu One client Details: USN-1465-1 fixed vulnerabilities in Ubuntu One Client. The update failed to install on certain Ubuntu 10.04 LTS systems that had a legacy Python 2.5 package installed. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the Ubuntu One Client incorrectly validated server certificates when using HTTPS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 10.04 LTS: python-ubuntuone-client 1.2.2-0ubuntu2.3 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-1465-3 https://ubuntu.com/security/notices/USN-1465-1 CVE-2011-4409 Package Information: https://launchpad.net/ubuntu/+source/ubuntuone-client/1.2.2-0ubuntu2.3 . Confidential data risk might arise from deceptive certificates in Ubuntu One Client, as highlighted in USN-1465-3.. Ubuntu One Client, Privacy Risk, Certificate Issue. . Severity: Critical. LinuxSecurity.com Team
Jun 06, 2012
•Critical
Ubuntu
172
security advisorydenial of servicecriticalUbuntu 10.04 LTS: USN-1218-1 Critical: Kernel Flaws Denial of Service
Multiple kernel flaws have been fixed.. =========================================================================Ubuntu Security Notice USN-1218-1 September 29, 2011 linux vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 10.04 LTS Summary: Multiple kernel flaws have been fixed. Software Description: - linux: Linux kernel Details: Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. (CVE-2010-4076, CVE-2010-4077) Alex Shi and Eric Dumazet discovered that the network stack did not correctly handle packet backlogs. A remote attacker could exploit this by sending a large amount of network traffic to cause the system to run out of memory, leading to a denial of service. (CVE-2010-4251, CVE-2010-4805) It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. (CVE-2011-1020) Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. (CVE-2011-1493) Timo Warns discovered that the GUID partition parsing routines did not correctly validate certain structures. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. (CVE-2011-1577) Dan Rosenberg discovered that the IPv4 diagnostic routines did not correctly validate certain requests. A local attacker could exploit this to consume CPU resources, leading to a denial ofservice. (CVE-2011-2213) Vasiliy Kulikov discovered that taskstats listeners were not correctly handled. A local attacker could expoit this to exhaust memory and CPU resources, leading to a denial of service. (CVE-2011-2484) It was discovered that Bluetooth l2cap and rfcomm did not correctly initialize structures. A local attacker could exploit this to read portions of the kernel stack, leading to a loss of privacy. (CVE-2011-2492) Mauro Carvalho Chehab discovered that the si4713 radio driver did not correctly check the length of memory copies. If this hardware was available, a local attacker could exploit this to crash the system or gain root privileges. (CVE-2011-2700) Herbert Xu discovered that certain fields were incorrectly handled when Generic Receive Offload (CVE-2011-2723) The performance counter subsystem did not correctly handle certain counters. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2918) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 10.04 LTS: linux-image-2.6.32-34-386 2.6.32-34.77 linux-image-2.6.32-34-generic 2.6.32-34.77 linux-image-2.6.32-34-generic-pae 2.6.32-34.77 linux-image-2.6.32-34-ia64 2.6.32-34.77 linux-image-2.6.32-34-lpia 2.6.32-34.77 linux-image-2.6.32-34-powerpc 2.6.32-34.77 linux-image-2.6.32-34-powerpc-smp 2.6.32-34.77 linux-image-2.6.32-34-powerpc64-smp 2.6.32-34.77 linux-image-2.6.32-34-preempt 2.6.32-34.77 linux-image-2.6.32-34-server 2.6.32-34.77 linux-image-2.6.32-34-sparc64 2.6.32-34.77 linux-image-2.6.32-34-sparc64-smp 2.6.32-34.77 linux-image-2.6.32-34-versatile 2.6.32-34.77 linux-image-2.6.32-34-virtual 2.6.32-34.77 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requiresyou to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-1218-1 CVE-2010-4076, CVE-2010-4077, CVE-2010-4251, CVE-2010-4805, CVE-2011-1020, CVE-2011-1493, CVE-2011-1577, CVE-2011-2213, CVE-2011-2484, CVE-2011-2492, CVE-2011-2700, CVE-2011-2723, CVE-2011-2918 Package Information: https://launchpad.net/ubuntu/+source/linux/2.6.32-34.77 . A series of vulnerabilities in the Linux kernel for Ubuntu introduces significant threats, making urgent system patches and enhanced security measures necessary.. Linux Kernel Issues, Ubuntu Security Fixes, System Update Guide. . Severity: Critical. LinuxSecurity.com Team
Sep 29, 2011
•Critical
Ubuntu
172
security advisoryremote accessUbuntuUbuntu 6.06 LTS Advisory: 1057-1 Critical XFS Filesystem Risk
Dave Chinner discovered that the XFS filesystem did not correctly orderinode lookups when exported by NFS. A remote attacker could exploit this toread or write disk blocks that had changed file assignment or had becomeunlinked, leading to a loss of privacy. (CVE-2010-2943) [More...]. ==========================================================Ubuntu Security Notice USN-1057-1 February 03, 2011 linux-source-2.6.15 vulnerabilities CVE-2010-2943, CVE-2010-3297, CVE-2010-4072 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: linux-image-2.6.15-55-386 2.6.15-55.91 linux-image-2.6.15-55-686 2.6.15-55.91 linux-image-2.6.15-55-amd64-generic 2.6.15-55.91 linux-image-2.6.15-55-amd64-k8 2.6.15-55.91 linux-image-2.6.15-55-amd64-server 2.6.15-55.91 linux-image-2.6.15-55-amd64-xeon 2.6.15-55.91 linux-image-2.6.15-55-hppa32 2.6.15-55.91 linux-image-2.6.15-55-hppa32-smp 2.6.15-55.91 linux-image-2.6.15-55-hppa64 2.6.15-55.91 linux-image-2.6.15-55-hppa64-smp 2.6.15-55.91 linux-image-2.6.15-55-itanium 2.6.15-55.91 linux-image-2.6.15-55-itanium-smp 2.6.15-55.91 linux-image-2.6.15-55-k7 2.6.15-55.91 linux-image-2.6.15-55-mckinley 2.6.15-55.91 linux-image-2.6.15-55-mckinley-smp 2.6.15-55.91 linux-image-2.6.15-55-powerpc 2.6.15-55.91 linux-image-2.6.15-55-powerpc-smp 2.6.15-55.91 linux-image-2.6.15-55-powerpc64-smp 2.6.15-55.91 linux-image-2.6.15-55-server 2.6.15-55.91 linux-image-2.6.15-55-server-bigiron 2.6.15-55.91 linux-image-2.6.15-55-sparc64 2.6.15-55.91 linux-image-2.6.15-55-sparc64-smp 2.6.15-55.91 After a standard system update you need to reboot your computer to make all the necessary changes. Details follow: Dave Chinner discovered that the XFSfilesystem did not correctly order inode lookups when exported by NFS. A remote attacker could exploit this to read or write disk blocks that had changed file assignment or had become unlinked, leading to a loss of privacy. (CVE-2010-2943) Dan Rosenberg discovered that several network ioctls did not clear kernel memory correctly. A local user could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-3297) Kees Cook and Vasiliy Kulikov discovered that the shm interface did not clear kernel memory correctly. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2010-4072) Updated packages for Ubuntu 6.06 LTS: Source archives: Size/MD5: 2979433 f5476312e3e1b76192bd8c0b13ce41b2 Size/MD5: 3041 78d176c55bac0355ef7d94e93a009f28 Size/MD5: 57403387 88ab0747cb8c2ceed662e0fd1b27d81d Architecture independent packages: Size/MD5: 5320712 7d4a2bcaae6b02380bc42412726b413a Size/MD5: 98092 8959fc08ac0cd3a55ed0c2445c874165 Size/MD5: 45412618 704af1282a348d048fb36d08e678d5d4 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 22348 819e551202aa56bf619073118066754f Size/MD5: 44774 8c1284cfd0031f4da84abc890db63348 Size/MD5: 2310 a35ae3ef2807ae4e9efa08ff28b624a5 Size/MD5: 36292 5bfbe0348ba5ef3b0b17ef075c6e38a3 Size/MD5: 102366 e7a4654639d20495358bef56bf816110 Size/MD5: 38898 de69cb7774cc60edec786c38c43be51c Size/MD5: 49156 1a0457d6398c022737cb402e73cf3b86 Size/MD5: 176616 385a6440599dda2742f1e4ab2ba86f3e Size/MD5: 36776 a963c170ef8978c66ac3a984bc5b4cb8 Size/MD5: 142344 099534a56545ae6bb10b28a4a9542a7e Size/MD5: 51062 ac9ba0e7aa3ba0d1990bc27f12d9cb65 Size/MD5: 140710 25d10752db88c54c900a70dc1ff3701c Size/MD5: 287614 32611bbe2e6b8fcf51f73a6c550443b9 Size/MD5: 97778917416fa00d7b8ead9f8f6a3a379c920 Size/MD5: 1653762 86a12f08608afa50c472f55725e82338 Size/MD5: 870420 0518445616b762545994c72112266580 Size/MD5: 870842 3f3a8ae32f5952d3a13bfa5d36abfa1a Size/MD5: 872756 e5ea58a3d46de21667d7edc27ea31cde Size/MD5: 870476 3d094413298ec3b21b282d2f75aad91d Size/MD5: 6927244 2292e4fc30e90c0716b19a7898ab8474 Size/MD5: 20819474 b5b316c01bf8556f7b9aa960789a4bf6 Size/MD5: 20801070 09e562d1b5853b9eab9c5b1c28ef0168 Size/MD5: 21635380 86815966990b1d9cfb4be2551534a3dd Size/MD5: 19904892 b5e1e4b4a21a44bed45cf9268f780e35 Size/MD5: 15630 bea24c7098f669acab78d23ce5e930d4 Size/MD5: 240370 0ab84a2f3b2dcef90d48a9d6f648a1ba Size/MD5: 202688 086ab2c76014735c61fe34193d030e6b Size/MD5: 1048614 2d20d2c96a87929019e9b04249ea9680 Size/MD5: 1543818 9b6e63e43aa6eed256ee435443fd7bbb Size/MD5: 161694 8b4bd0b7d715ce0ecfbe7ed389fc862f Size/MD5: 9838 73564ee043e9ccfaf411b39eaf707ecd Size/MD5: 80870 a3b5397fa614b703c5566f38bdd9b1ca Size/MD5: 49296 72b9a13a7be20eed72e193b0e8d3742e Size/MD5: 35166 f51f747d472856a97e8999f4f188998b Size/MD5: 70890 11011c0122858fa60b2766ed55105064 Size/MD5: 6222 03d73224edcf9456c6b7ba0c6871c88e Size/MD5: 9060 14fdc3f3bc5ad7e0e35c539726baf10e Size/MD5: 57924 6c6418869ccba3ea5b5d75626f328297 Size/MD5: 123376 c9250573a2b6f7268b23e038025efd83 Size/MD5: 101078 77d9dc8d2cea9191665137858d4515f1 Size/MD5: 79276 2258afe7c47c8d51ca486ef5026c03c8 Size/MD5: 1595502 a87b53b8300610af968ca6afebf62fa9 Size/MD5: 72350 30a5047d63e6bb0fecd7cebd5b25d2e9 Size/MD5: 12644 f4ced7a9de8a407c95c341fb3333c8f7 Size/MD5: 33804 b734b301dc49f0cb2a7baa6e2dcf47b1 Size/MD5: 138520 6ca163fe22be5982be504d0138eed2ce Size/MD5: 38938fd35226eea452b9d2536b3406a61f564 Size/MD5: 278756 fab85520877c381009874e20753e46c0 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 18974 39e2bebf8a293e3b97a4c847273bb652 Size/MD5: 43562 db6c98200493527ce972f5cd34020e9e Size/MD5: 103600 6a64a7a431d11f945a39ac48884865f8 Size/MD5: 2284 5fbac0d56c8876d6712a4c9e284bbc3b Size/MD5: 34574 7549535054dff87055886e4b05be8e38 Size/MD5: 97044 e011c851c30fae809c489df5e0dd57c7 Size/MD5: 37412 38d3d995aca92312a376a67199e20d58 Size/MD5: 44000 ce6d35121810520657fca069e48eb314 Size/MD5: 168402 5c92b93681d33723b9526c085b81335e Size/MD5: 33952 c0427ecf6c7cd406987d8836b4ba0bbf Size/MD5: 136648 2a47a3827c5c1e84ab7133a6bd201813 Size/MD5: 46846 7a28bc4190044e47e1b20ce3fcf9932e Size/MD5: 133156 6fc4f523ff0698b26c887388ba6f7674 Size/MD5: 272994 f444628ad148f81c44cdf1a37b260bd5 Size/MD5: 102294 3e7cf878c151f3df8aaad45a6e1502d3 Size/MD5: 1598868 32e1f27d30f7d5171b900c82e0b5c61f Size/MD5: 885036 dd4af3dd41fc81dad4da8bf82446a6f0 Size/MD5: 884116 9c30e392bd18e7874cec0bac97ea724a Size/MD5: 884324 60742022ca485862beb2b627ccbf75fe Size/MD5: 888782 1ed2a7006f4481d377860c5c2e55c40e Size/MD5: 886864 bd99101959188283d59b40350ea94ea9 Size/MD5: 7050582 43ea20b129da58a013aa30de5b5c9ebf Size/MD5: 21899946 1b3ab9286249739682e9ab4a88c68157 Size/MD5: 22692652 05b078ac7c23818609970a1cd1d434e1 Size/MD5: 22442106 de1eb56239013d66b5eb403217272464 Size/MD5: 23786738 ec205cce8809cfa2510cbdc22adfebfb Size/MD5: 23357810 6ee332a7e08c5ae77625dd701dc96933 Size/MD5: 15516 49b849d5914cd1b69b80ad4d9ae11176 Size/MD5: 244722 ddb6f147666cf7e132bc0628f9ab69d2 Size/MD5: 197134 99261210298487f4bca163dd6146bbe9 Size/MD5: 10814308a0972b2ef45bf833ff4dbadb3c1b060 Size/MD5: 1770728 b472bb3f5c2e004e84fe2f4705d361bb Size/MD5: 160434 ad54aeec50fee7679d643aed68420bf2 Size/MD5: 9162 fa04547fb4b9fe126995663a4f15fd9b Size/MD5: 76122 4d2ed2de9b50cc7defae152d954b42fc Size/MD5: 53542 afacc012f8248c8442ebd3868e4870b1 Size/MD5: 33050 ca7b6296976588c7448ca4f9658a2d30 Size/MD5: 85254 2ae0306131dc4ed365a61aa4973477f2 Size/MD5: 6020 57491f55d61f164d7a81540e693406d0 Size/MD5: 8762 79fb2664a591a0a796e09df5bf41679d Size/MD5: 53396 f399c901ec427a1a50d77a5f5d5606d5 Size/MD5: 130964 1153558782713200528102338a2e7117 Size/MD5: 98346 214d5d52db50c1e2eaaf73f4c8c561ab Size/MD5: 77216 e158d95a20286dfc3b14b3ced5352a20 Size/MD5: 1774674 04f6ebe399efbbbeff40cdbbabcddbd4 Size/MD5: 69178 d451cd39f3889ac246eb23fbe29c32fa Size/MD5: 11766 d0737a8cc05ee03a7b7fc2fe4e7a5083 Size/MD5: 36102 c8fc257a4ae4170d269666013d02a6d0 Size/MD5: 132610 9e98d6290292aa7dec890ebdc6dc6069 Size/MD5: 38576 de91ebe02ffd83583734804f362932bf Size/MD5: 298968 8fe1c144088f829fc167fc49df438b3c powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 23730 3c9207938e426233ade86f8e9f659a8a Size/MD5: 26006 5071104f7a1d86be78c337d9cf0a074b Size/MD5: 49328 aa7941313822eb2eebb1da3acde96be9 Size/MD5: 51536 0e14bbd892280aeaeb4e9a1e8f48fbd9 Size/MD5: 2306 10b60ff63aff5beabb32c90b9b461ef2 Size/MD5: 2480 eb9c80f2a22217a124df129798652cc3 Size/MD5: 40308 f7d2e8d1faf7a512eb18dc768af08aa7 Size/MD5: 43850 2a813b8e92c8ac7b738e50ce730a63e9 Size/MD5: 112604 31a6f5aad3a41c6100660aafc973baf5 Size/MD5: 120732 b4661b7133df272944c2b6451e53b56c Size/MD5: 40904 c8c0e1149670658cc035be5a22246494 Size/MD5: 4600262a3868eea0c8b18481cb3b95b9553a9 Size/MD5: 29030 b72bffccee31db2bb8bd149f2ad07920 Size/MD5: 29892 aad18030928667b4ad2c51e04c523045 Size/MD5: 211404 d90db056d2c360ae4ffe8d91ae2fd068 Size/MD5: 225180 a06f884d9fdcd2044d38f6a8297508ae Size/MD5: 45056 d8d46ef087cb15fd1c5b9b40ebdcd041 Size/MD5: 40224 2565c279bac2a0521ecd94c2a05675e1 Size/MD5: 1938 3903c8c02fa51235a59911af16e98dfa Size/MD5: 2200 f8bcd051cbde3cc663710758ea242db4 Size/MD5: 80768 7b4cfb2b431da04c149f934edc5f9e29 Size/MD5: 86136 7ef0b4cd7125be9fa8fbc8bcbd8b113b Size/MD5: 111588 ba4ba03faefaa5789112f347ff2498e0 Size/MD5: 125740 46b66e1669b383e7a5658a5b87700d2e Size/MD5: 53416 ff615f9b89865645a5de2ab3bf7ce3f8 Size/MD5: 58492 7c741cbb361be6ff5d85b115a4dd1edc Size/MD5: 147960 674f776345f12fb91beff53cd008d879 Size/MD5: 161898 ffa257beadec0a6dd3940f7da745978c Size/MD5: 318414 ba507497fb27353847ab543562e28cff Size/MD5: 288028 905f38af3aeb309888053314bc5fb6bd Size/MD5: 115876 fa3ab477a32eea628c794b414ccfb707 Size/MD5: 116594 ee9bc1466b016492dc72b4c7cca49fa0 Size/MD5: 1925492 37316035f890514318f2bdc28d1b0eba Size/MD5: 2449098 01f321b149a8a47e4e019b55148de9a6 Size/MD5: 872296 9a799581c8bf95efa8e09ce5268d4486 Size/MD5: 869088 c6c3dc2e3c19296516e33da5286b9b98 Size/MD5: 867090 84cdba974a8246001a596138ca02826b Size/MD5: 6948386 2c4e9bc88dc028039042df20ae19fa59 Size/MD5: 22785082 d5b699bab718e0593ef716e816ad7de3 Size/MD5: 23694194 7ae566d907961620f59b1eaf2d240a7e Size/MD5: 22367088 7b3fcb4718c1b6c517e0dc206c0f16b4 Size/MD5: 17778 c75804be608407884d1705c1805cc53d Size/MD5: 17386 249d842ad60ce1ebbeb00308c61bd073 Size/MD5: 261364 e4e21228e61f7ffe89d81fc1f0ae8f04 Size/MD5: 282632996625641b9d738d9032c08a4dd55cc6 Size/MD5: 227834 61f238ecfe7c600c056b3409602e3ef4 Size/MD5: 248952 8d54a4bdd4ed7c984ba7d2953114f5d7 Size/MD5: 1048460 d57556add8ca29f4075c21b0c68ef228 Size/MD5: 1048610 38e8eb1453ae0371ef63c1135b8d081c Size/MD5: 1738626 fb07dfa3aeaf7f1e45375774ca912974 Size/MD5: 1878270 08644c5f74a452166ef43df1cbc61c6e Size/MD5: 250824 accd051feff2c378b137750e15a33e29 Size/MD5: 233544 5f5e91b1742eb3cf7eaa1252d90d2cb0 Size/MD5: 13060 5936bd48d6fa2c5e67851a2446fd56e0 Size/MD5: 13540 4859b973fdd0ab2a454b8f3a79ca013b Size/MD5: 84798 e36ccebd4bb272409a4286f69d35fdbe Size/MD5: 52212 f583d77df681b5771dec61d31f5247dd Size/MD5: 73930 c056910a76b443d051b75f9004423989 Size/MD5: 85850 c62d7c3fb444d28b35656746f3562b72 Size/MD5: 6622 512ed8130a84cad4214b8da035141fdb Size/MD5: 7058 1820641bc58999861bc56db85040866d Size/MD5: 60390 4baeef5b11941967631d806ba3a95a61 Size/MD5: 70414 00a1abc937dd23af757bb8d0bdb6b330 Size/MD5: 128550 3bf52227d616503ed716fab30a720f62 Size/MD5: 157952 7efa1399d2d144ab108add2615000336 Size/MD5: 108158 f80aa6668ea6921d1d249bd14b971509 Size/MD5: 126126 2f5dfaa63ba355a38554c0b507808003 Size/MD5: 87290 8d5394ddf749f5777ebf047691b63262 Size/MD5: 93352 1ec33109ac3b07d4a05c3ee467c11492 Size/MD5: 2014762 ae6382982b3ebd742f26534186ee5bf7 Size/MD5: 1988752 5204120a807558a1fcd825d36f8c17ce Size/MD5: 104138 6c6e5d5f1fcc9198b12d971dec2a710c Size/MD5: 115776 0d7d6dbbafd5a168107f734b90cec49f Size/MD5: 12740 ecbf466060ef1887fdef7b1cbbe416dd Size/MD5: 14444 7c4f11cf6d1824ffbf8e9bfb453df5d9 Size/MD5: 39950 372b4ef35d6ab5d52ef9b7aa0df42436 Size/MD5: 41542 c96a5904df1a422bdb68d16427b4f308 Size/MD5: 14934298d9bd689219ac1b1a6c92e8e96430c0 Size/MD5: 168124 2d6d47a9d932b3afe6e71a95e8b8f4fd Size/MD5: 42316 bbe202946e3691dab0c9739cee827738 Size/MD5: 44922 d0f18923422771433b6b0cc4b8b89942 Size/MD5: 320150 7f55a1e04acd1444d9efdbc14f850823 Size/MD5: 324834 aa59df0ccad7472ad6134aa2dc9edc83 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 50476 00b67c420b727ea613ed864f0cd53cd4 Size/MD5: 2354 ed5896f0de302148c5cd33d532d59b29 Size/MD5: 40382 876abd679e321265c462f109814ad02f Size/MD5: 110552 dabb4f1e1422c43e54559672b88dc8f4 Size/MD5: 41208 7d48c3a0fa1aa163969d9f94692dac57 Size/MD5: 104218 2e1e2a43e6dc4d62165905ed96c6fb96 Size/MD5: 7436 b89acec8b0680ded14ba8572d914a100 Size/MD5: 149300 441d0201bbc9840fff85da65a6320959 Size/MD5: 1713194 28f8b57b507342b99c442cb37824e3e3 Size/MD5: 773152 5bd83a5ca4837691484173a8837a0989 Size/MD5: 772726 88e08381366aa477bd4dde321b64e7c9 Size/MD5: 6964828 0f2ef2b1217ce2cc5e758ed9b7870eae Size/MD5: 15017108 812ac91f5bf4aa8b14151a341f3f4eb0 Size/MD5: 14832966 597e0dff853c45b5e20ee5763c07111a Size/MD5: 7438 b95ffee97d5c12512c7f52c91b423cd1 Size/MD5: 248760 beae6277d60237ac98af879999105786 Size/MD5: 212534 344fc73712530572deb8990f6d41555d Size/MD5: 1048478 7ac57225ec5f20289c47779b7bf47d2d Size/MD5: 1482484 8f4c1ccb99cf3f8db48ab6cdc5c08ec7 Size/MD5: 10120 2c676ab984156424e03fcfaedfbfed79 Size/MD5: 40172 9657a56549d5b921bfc8b996abeaa52d Size/MD5: 9368 e354f75cb603fa12883699861efd9edc Size/MD5: 61400 9063c8d45be4d44c975efb25f6912198 Size/MD5: 163276 8e97878c94475578f476ab75b1571dcc Size/MD5: 64092 bf7315e5aab468298622b9cc8a76876f Size/MD5: 1235356 9e63f5be564dc4ece128ea994b19a98d Size/MD5: 59312fce97f910bc3860a46f1bc971c02ca8c Size/MD5: 37432 8bedd70c162f2b0cf7b685f3c5c3b350 Size/MD5: 280098 b5764c3d809ea0828df626d401ae458d . Uncover the specifics of vulnerabilities present in the Ubuntu kernel, highlighting potential risks of unauthorized access over networks and implications for user confidentiality.. Ubuntu Security Advisory, Linux Kernel Exposures, Remote Access Risks. . Severity: Critical. LinuxSecurity.com Team
Feb 03, 2011
•Critical
Ubuntu
172
security advisoryremote accessubuntuUbuntu 9.04 Security Update: CVE-2009-1171 Moodle TeX Filter Alert
Christian Eibl discovered that the TeX filter in Moodle allowed anyfunction to be used. An authenticated remote attacker could posta specially crafted TeX formula to execute arbitrary TeX functions,potentially reading any file accessible to the web server user, leadingto a loss of privacy. (CVE-2009-1171, MSA-09-0009) [More...]. ==========================================================Ubuntu Security Notice USN-791-2 June 24, 2009 moodle vulnerability CVE-2009-1171 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.04: moodle 1.9.4.dfsg-0ubuntu1.1 After a standard system upgrade you need to access the Moodle instance and accept the database update to clear any invalid cached data. Details follow: Christian Eibl discovered that the TeX filter in Moodle allowed any function to be used. An authenticated remote attacker could post a specially crafted TeX formula to execute arbitrary TeX functions, potentially reading any file accessible to the web server user, leading to a loss of privacy. (CVE-2009-1171, MSA-09-0009) Updated packages for Ubuntu 9.04: Source archives: Size/MD5: 37358 a51bee20ca3560c1b390b1e12e42c5f1 Size/MD5: 1477 a842e53d8330a56f47d09a1c19f78f11 Size/MD5: 12969234 6263f780d52114c8d6eced8308b66aa7 Architecture independent packages: Size/MD5: 9663672 12cd163fe02d67cda7f972bb5744e3e1 . Vulnerabilities in Moodle's TeX processing on Ubuntu 9.04 could expose sensitive files, endangering user data. Urgent patches necessary.. Moodle Vulnerability, Remote Access Risk, Ubuntu Security Notice, TeX Filter Issue, Database Update. . Severity: Critical. LinuxSecurity.com Team
Jun 24, 2009
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!