Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 1 articles for you...
202

openSUSE: 2019:0293-1 Important: Supportutils Issues Resolved

An update that solves four vulnerabilities and has 9 fixes is now available.. openSUSE Security Update: Security update for supportutils ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:0293-1 Rating: important References: #1043311 #1046681 #1051797 #1071545 #1105849 #1112461 #1115245 #1117776 #1118460 #1118462 #1118463 #1125609 #1125666 Cross-References: CVE-2018-19637 CVE-2018-19638 CVE-2018-19639 CVE-2018-19640 Affected Products: openSUSE Leap 15.0 ______________________________________________________________________________ An update that solves four vulnerabilities and has 9 fixes is now available. Description: This update for supportutils fixes the following issues: Security issues fixed: - CVE-2018-19640: Fixed an issue where users could kill arbitrary processes (bsc#1118463). - CVE-2018-19638: Fixed an issue where users could overwrite arbitrary log files (bsc#1118460). - CVE-2018-19639: Fixed a code execution if run with -v (bsc#1118462). - CVE-2018-19637: Fixed an issue where static temporary filename could allow overwriting of files (bsc#1117776). Other issues fixed: - Fixed invalid exit code commands (bsc#1125666). - Included additional SUSE separation (bsc#1125609). - Merged added listing of locked packes by zypper. - Exclude pam.txt per GDPR by default (bsc#1112461). - Clarified -x functionality in supportconfig(8) (bsc#1115245). - udev service and provide the whole journal content in supportconfig (bsc#1051797). - supportconfig collects tuned profile settings (bsc#1071545). - sfdisk -d no disk device specified (bsc#1043311). - Added vulnerabilites status check in basic-health.txt (bsc#1105849). - Added only sched_domain from cpu0. - Blacklist sched_domain from proc.txt (bsc#1046681). - Added firewall-cmd info. - Add ls -lA--time-style=long-iso /etc/products.d/ - Dump lsof errors. - Added corosync status to ha_info. - Dump find errors in ib_info. This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.0: zypper in -t patch openSUSE-2019-293=1 Package List: - openSUSE Leap 15.0 (noarch): supportutils-3.1-lp150.4.3.1 References: https://www.suse.com/security/cve/CVE-2018-19637.html https://www.suse.com/security/cve/CVE-2018-19638.html https://www.suse.com/security/cve/CVE-2018-19639.html https://www.suse.com/security/cve/CVE-2018-19640.html https://bugzilla.suse.com/1043311 https://bugzilla.suse.com/1046681 https://bugzilla.suse.com/1051797 https://bugzilla.suse.com/1071545 https://bugzilla.suse.com/1105849 https://bugzilla.suse.com/1112461 https://bugzilla.suse.com/1115245 https://bugzilla.suse.com/1117776 https://bugzilla.suse.com/1118460 https://bugzilla.suse.com/1118462 https://bugzilla.suse.com/1118463 https://bugzilla.suse.com/1125609 https://bugzilla.suse.com/1125666 -- . openSUSE Security Update: Security update for supportutils _________________________________________. update, solves, vulnerabilities, fixes, opensuse, security, updat. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Mar 06, 2019 Important OpenSUSE
197

Debian 7: DLA-1069-1 Moderate: Tenshi Process Control Flaw

Tenshi creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a root script executes a "kill `cat /pathname/tenshi.pid`" command. . Hash: SHA512 Package : tenshi Version : 0.13-2+deb7u1 CVE ID : CVE-2017-11746 Debian Bug : 871321 Tenshi creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a root script executes a "kill `cat /pathname/tenshi.pid`" command. For Debian 7 "Wheezy", these problems have been fixed in version 0.13-2+deb7u1. We recommend that you upgrade your tenshi packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Tenshi patch enhances system management defects in Debian 7. Upgrade to version 0.13-2+deb7u1 to ensure safety.. Tenshi Security Update, Debian LTS, Process Control Issues. . LinuxSecurity.com Team

Calendar%202 Aug 27, 2017 Debian LTS
87

Debian: DSA-3942-1 High: Supervisor XML-RPC Command Injection

Calum Hutton reported that the XML-RPC server in supervisor, a system for controlling process state, does not perform validation on requested XML-RPC methods, allowing an authenticated client to send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on . - ------------------------------------------------------------------------- Debian Security Advisory DSA-3942-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Salvatore Bonaccorso August 13, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : supervisor CVE ID : CVE-2017-11610 Debian Bug : 870187 Calum Hutton reported that the XML-RPC server in supervisor, a system for controlling process state, does not perform validation on requested XML-RPC methods, allowing an authenticated client to send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server as the same user as supervisord. The vulnerability has been fixed by disabling nested namespace lookup entirely. supervisord will now only call methods on the object registered to handle XML-RPC requests and not any child objects it may contain, possibly breaking existing setups. No publicly available plugins are currently known that use nested namespaces. Plugins that use a single namespace will continue to work as before. Details can be found on the upstream issue at https://github.com/Supervisor/supervisor/issues/964 . For the oldstable distribution (jessie), this problem has been fixed in version 3.0r1-1+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 3.3.1-1+deb9u1. We recommend that you upgrade your supervisor packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list:This email address is being protected from spambots. You need JavaScript enabled to view it. . Ubuntu: USN-5432-1 highlights a vulnerability in controller enabling unauthorized command execution via JSON-RPC interfaces.. Debian Security Update, Supervisor XML-RPC Vulnerability, Process Control Security Advisory. . LinuxSecurity.com Team

Calendar%202 Aug 13, 2017 Debian
89

Fedora 26: Critical Security Update for Supervisor Command Injection

Security fix for CVE-2017-11610. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-307eab89e1 2017-08-07 13:52:27.804029 --------------------------------------------------------------------------------Name : supervisor Product : Fedora 26 Version : 3.3.3 Release : 1.fc26 URL : https://supervisord.org/ Summary : A System for Allowing the Control of Process State on UNIX Description : The supervisor is a client/server system that allows its users to control a number of processes on UNIX-like operating systems. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2017-11610 --------------------------------------------------------------------------------References: [ 1 ] Bug #1476144 - CVE-2017-11610 supervisor: Command injection via malicious XML-RPC request [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1476144 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade supervisor' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. . Fedora 26 patch resolves a significant vulnerability in the supervisor component, bolstering protection for systems against potential attacks.. Fedora 26 Supervisor Update, Command Injection Fix, Process Control Security, MaliciousXML-RPC Security. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Aug 07, 2017 Critical Fedora
197

Debian 7: DLA-1047-1 Critical: Supervisor Arbitrary Command Execution

A vulnerability has been found in supervisor, a system for controlling process state, where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. . Hash: SHA512 Package : supervisor Version : 3.0a8-1.1+deb7u2 CVE ID : CVE-2017-11610 Debian Bug : 870187 A vulnerability has been found in supervisor, a system for controlling process state, where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. For Debian 7 "Wheezy", these problems have been fixed in version 3.0a8-1.1+deb7u2. We recommend that you upgrade your supervisor packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . An exploit in supervisord permits unauthorized command execution through crafted XML-RPC requests on Debian 7.. supervisor security, debian update, arbitrary command execution. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 31, 2017 Critical Debian LTS
89

Fedora 24: Moderate Security Fix for Util-Linux CVE-2017-2616

Security fix for CVE-2017-2616. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2017-b11b460865 2017-02-28 19:55:06.900435 -------------------------------------------------------------------------------- Name : util-linux Product : Fedora 24 Version : 2.28.2 Release : 2.fc24 URL : https://en.wikipedia.org/wiki/Util-linux Summary : A collection of basic system utilities Description : The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, Util-linux contains the fdisk configuration tool and the login program. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2017-2616 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1418710 - CVE-2017-2616 util-linux: Sending SIGKILL to other processes with root privileges via su https://bugzilla.redhat.com/show_bug.cgi?id=1418710 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade util-linux' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. . Solution for essential process oversight vulnerability in util-linux aimed at boosting both Fedora's security measures and overall system reliability.. util-linux SecurityUpdate, Fedora 24 Vulnerability, Linux Process Controls. . LinuxSecurity.com Team

Calendar%202 Mar 01, 2017 Fedora
100

SUSE 12-SP2 Important: Util-Linux Process Control Fix for CVE-2017-2616

An update that solves one vulnerability and has 6 fixes is An update that solves one vulnerability and has 6 fixes is An update that solves one vulnerability and has 6 fixes is now available. now available.. SUSE Security Update: Security update for util-linux ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0554-1 Rating: important References: #1008965 #1012504 #1012632 #1019332 #1020077 #1020985 #1023041 Cross-References: CVE-2017-2616 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has 6 fixes is now available. Description: This update for util-linux fixes the following issues: This security issue was fixed: - CVE-2017-2616: In su with PAM support it was possible for local users to send SIGKILL to selected other processes with root privileges (bsc#1023041). This non-security issues were fixed: - lscpu: Implement WSL detection and work around crash (bsc#1019332) - fstrim: De-duplicate btrfs sub-volumes for "fstrim -a" and bind mounts (bsc#1020077) - Fix regressions in safe loop re-use patch set for libmount (bsc#1012504) - Disable ro checks for mtab (bsc#1012632) - Ensure that the option "users,exec,dev,suid" work as expected on NFS mounts (bsc#1008965) - Fix empty slave detection to prevent 100% CPU load in some cases (bsc#1020985) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux EnterpriseWorkstation Extension 12-SP2: zypper in -t patch SUSE-SLE-WE-12-SP2-2017-292=1 - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-292=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-292=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-292=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-292=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Workstation Extension 12-SP2 (x86_64): libuuid-devel-2.28-44.3.1 util-linux-debuginfo-2.28-44.3.1 util-linux-debugsource-2.28-44.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): libblkid-devel-2.28-44.3.1 libmount-devel-2.28-44.3.1 libsmartcols-devel-2.28-44.3.1 libuuid-devel-2.28-44.3.1 util-linux-debuginfo-2.28-44.3.1 util-linux-debugsource-2.28-44.3.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): libblkid1-2.28-44.3.1 libblkid1-debuginfo-2.28-44.3.1 libfdisk1-2.28-44.3.1 libfdisk1-debuginfo-2.28-44.3.1 libmount1-2.28-44.3.1 libmount1-debuginfo-2.28-44.3.1 libsmartcols1-2.28-44.3.1 libsmartcols1-debuginfo-2.28-44.3.1 libuuid1-2.28-44.3.1 libuuid1-debuginfo-2.28-44.3.1 python-libmount-2.28-44.3.3 python-libmount-debuginfo-2.28-44.3.3 python-libmount-debugsource-2.28-44.3.3 util-linux-2.28-44.3.1 util-linux-debuginfo-2.28-44.3.1 util-linux-debugsource-2.28-44.3.1 util-linux-systemd-2.28-44.3.3 util-linux-systemd-debuginfo-2.28-44.3.3 util-linux-systemd-debugsource-2.28-44.3.3 uuidd-2.28-44.3.3 uuidd-debuginfo-2.28-44.3.3 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (noarch): util-linux-lang-2.28-44.3.1 - SUSE LinuxEnterprise Server 12-SP2 (aarch64 ppc64le x86_64): libblkid1-2.28-44.3.1 libblkid1-debuginfo-2.28-44.3.1 libfdisk1-2.28-44.3.1 libfdisk1-debuginfo-2.28-44.3.1 libmount1-2.28-44.3.1 libmount1-debuginfo-2.28-44.3.1 libsmartcols1-2.28-44.3.1 libsmartcols1-debuginfo-2.28-44.3.1 libuuid1-2.28-44.3.1 libuuid1-debuginfo-2.28-44.3.1 python-libmount-2.28-44.3.3 python-libmount-debuginfo-2.28-44.3.3 python-libmount-debugsource-2.28-44.3.3 util-linux-2.28-44.3.1 util-linux-debuginfo-2.28-44.3.1 util-linux-debugsource-2.28-44.3.1 util-linux-systemd-2.28-44.3.3 util-linux-systemd-debuginfo-2.28-44.3.3 util-linux-systemd-debugsource-2.28-44.3.3 uuidd-2.28-44.3.3 uuidd-debuginfo-2.28-44.3.3 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libblkid1-32bit-2.28-44.3.1 libblkid1-debuginfo-32bit-2.28-44.3.1 libmount1-32bit-2.28-44.3.1 libmount1-debuginfo-32bit-2.28-44.3.1 libuuid1-32bit-2.28-44.3.1 libuuid1-debuginfo-32bit-2.28-44.3.1 - SUSE Linux Enterprise Server 12-SP2 (noarch): util-linux-lang-2.28-44.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libblkid1-2.28-44.3.1 libblkid1-32bit-2.28-44.3.1 libblkid1-debuginfo-2.28-44.3.1 libblkid1-debuginfo-32bit-2.28-44.3.1 libfdisk1-2.28-44.3.1 libfdisk1-debuginfo-2.28-44.3.1 libmount1-2.28-44.3.1 libmount1-32bit-2.28-44.3.1 libmount1-debuginfo-2.28-44.3.1 libmount1-debuginfo-32bit-2.28-44.3.1 libsmartcols1-2.28-44.3.1 libsmartcols1-debuginfo-2.28-44.3.1 libuuid-devel-2.28-44.3.1 libuuid1-2.28-44.3.1 libuuid1-32bit-2.28-44.3.1 libuuid1-debuginfo-2.28-44.3.1 libuuid1-debuginfo-32bit-2.28-44.3.1 python-libmount-2.28-44.3.3 python-libmount-debuginfo-2.28-44.3.3 python-libmount-debugsource-2.28-44.3.3 util-linux-2.28-44.3.1 util-linux-debuginfo-2.28-44.3.1 util-linux-debugsource-2.28-44.3.1 util-linux-systemd-2.28-44.3.3 util-linux-systemd-debuginfo-2.28-44.3.3 util-linux-systemd-debugsource-2.28-44.3.3 uuidd-2.28-44.3.3 uuidd-debuginfo-2.28-44.3.3 - SUSE Linux Enterprise Desktop 12-SP2 (noarch): util-linux-lang-2.28-44.3.1 References: https://www.suse.com/security/cve/CVE-2017-2616.html https://bugzilla.suse.com/1008965 https://bugzilla.suse.com/1012504 https://bugzilla.suse.com/1012632 https://bugzilla.suse.com/1019332 https://bugzilla.suse.com/1020077 https://bugzilla.suse.com/1020985 https://bugzilla.suse.com/1023041 . SUSE Security Patch for util-linux fixes security flaws and improves operational features. Keep your systems safe!. SUSE Linux, important security updates, system integrity, util-linux, process management. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Feb 23, 2017 Important SuSE
87

Debian: DSA-3058-1 Moderate: Torque Process Control Security Issue

Chad Vizino reported a vulnerability in torque, a PBS-derived batch processing queueing system. A non-root user could exploit the flaw in the tm_adopt() library call to kill any process, including root-owned ones on any node in a job. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-3058-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Salvatore Bonaccorso October 27, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : torque CVE ID : CVE-2014-3684 Debian Bug : 763922 Chad Vizino reported a vulnerability in torque, a PBS-derived batch processing queueing system. A non-root user could exploit the flaw in the tm_adopt() library call to kill any process, including root-owned ones on any node in a job. For the stable distribution (wheezy), this problem has been fixed in version 2.4.16+dfsg-1+deb7u4. For the unstable distribution (sid), this problem has been fixed in version 2.4.16+dfsg-1.5. We recommend that you upgrade your torque packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . - ------------------------------------------------------------------------- Debian Security Advisory. vizino, reported, vulnerability, torque, pbs-derived, batch, processing, queueing, system. . LinuxSecurity.com Team

Calendar%202 Oct 27, 2014 Debian
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200