Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 0 articles for you...
87

Debian: DSA-5699-1 Moderate: Redmine Cross-Site Scripting Threats

Multiple cross-site scripting vulnerabilities were found in Redmine, a project management web application. For the stable distribution (bookworm), these problems have been fixed in . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5699-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff May 24, 2024 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : redmine CVE ID : CVE-2023-47258 CVE-2023-47259 CVE-2023-47260 Multiple cross-site scripting vulnerabilities were found in Redmine, a project management web application. For the stable distribution (bookworm), these problems have been fixed in version 5.0.4-5+deb12u1. We recommend that you upgrade your redmine packages. For the detailed security status of redmine please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/redmine Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Several vulnerabilities related to cross-site scripting in Redmine have been addressed. Update your software packages immediately to improve security.. redmine security advisory, cross-site scripting debian, software vulnerabilities. . LinuxSecurity.com Team

Calendar%202 May 24, 2024 Debian
197

Debian LTS: DLA-2787-1 Critical: Redmine Access Filter Issue

Redmine, a project management web application, may disclose the names of users on activity views due to an insufficient access filter. An attacker may infer information of users working on private projects. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2787-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Sylvain Beucler October 18, 2021 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : redmine Version : 3.3.1-4+deb9u5 CVE ID : CVE-2021-42326 Redmine, a project management web application, may disclose the names of users on activity views due to an insufficient access filter. An attacker may infer information of users working on private projects. For Debian 9 stretch, this problem has been fixed in version 3.3.1-4+deb9u5. We recommend that you upgrade your redmine packages. For the detailed security status of redmine please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/redmine Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Debian LTS has released a security patch for Redmine, resolving a vulnerability that exposed user data through an inadequate access filter.. Debian Security Advisory, Redmine Update, User Privacy Protection. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Oct 18, 2021 Critical Debian LTS
198

Arch Linux: ASA-202105-1 Critical: Redmine Security Flaws

The package redmine before version 4.2.1-1 is vulnerable to multiple issues including arbitrary filesystem access, access restriction bypass, cross-site scripting, arbitrary file upload and information disclosure. . Arch Linux Security Advisory ASA-202105-1 ======================================== Severity: Critical Date : 2021-05-19 CVE-ID : CVE-2021-29274 CVE-2021-30163 CVE-2021-30164 CVE-2021-31863 CVE-2021-31864 CVE-2021-31865 CVE-2021-31866 Package : redmine Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1743 Summary ====== The package redmine before version 4.2.1-1 is vulnerable to multiple issues including arbitrary filesystem access, access restriction bypass, cross-site scripting, arbitrary file upload and information disclosure. Resolution ========= Upgrade to 4.2.1-1. # pacman -Syu "redmine> =4.2.1-1" The problems have been fixed upstream in version 4.2.1. Workaround ========= None. Description ========== - CVE-2021-29274 (cross-site scripting) Redmine 4.1.x before 4.1.2 allows cross-site scripting (XSS) because an issues subject is mishandled in the auto complete tip. - CVE-2021-30163 (information disclosure) Redmine before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values. - CVE-2021-30164 (access restriction bypass) Redmine before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API. - CVE-2021-31863 (arbitrary filesystem access) Insufficient input validation in the Git repository integration of Redmine before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process. - CVE-2021-31864 (access restriction bypass) Redmine before 4.2.1 allows attackers to bypass the add_issue_notes permission requirement by leveraging the incoming mail handler. - CVE-2021-31865 (arbitrary file upload) Redminebefore 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments. - CVE-2021-31866 (information disclosure) Redmine before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController. Impact ===== A remote attacker could disclose private information, perform actions without having the required permissions, or execute arbitrary JavaScript code by leveraging cross-site scripting. References ========= https://bugs.archlinux.org/task/70203 https://github.com/redmine/redmine/commit/bbfade972865e78e4d865af2cdb93e6cb57d5a45 https://github.com/redmine/redmine/commit/0d96c4ebdb1cceeb6cac8f940a11b5407a0a5211 https://github.com/redmine/redmine/commit/a7b9fa99966e8d59bd88548248ab11400ea48e5e https://github.com/redmine/redmine/commit/45461bfe51e9492d607f7204120f49ce3396a0cf https://github.com/redmine/redmine/commit/d03a718e6efca0493d8b42bd4ba356d736a77f49 https://github.com/redmine/redmine/commit/56979912c9bb041aac3fc5b88bf8275b743b0e28 https://github.com/redmine/redmine/commit/23e09ef64e26d6f63dcdcd624827440d9ad05f93 https://security.archlinux.org/CVE-2021-29274 https://security.archlinux.org/CVE-2021-30163 https://security.archlinux.org/CVE-2021-30164 https://security.archlinux.org/CVE-2021-31863 https://security.archlinux.org/CVE-2021-31864 https://security.archlinux.org/CVE-2021-31865 https://security.archlinux.org/CVE-2021-31866 . Debian Security Bulletin DSA-2021-02 discusses critical flaws found in mediawiki prior to version 1.35.0-1.. Redmine Security Issues, Arch Linux Advisory, Critical Redmine Threats. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 20, 2021 Critical ArchLinux
197

Debian 9: DLA-2658-1 Critical: Redmine Cross-Site Threats

Several issues were found in Redmine, a project management web application, which could lead to cross-site scripting, information disclosure, and reading arbitrary files from the server. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2658-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Emilio Pozuelo Monfort May 13, 2021 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : redmine Version : 3.3.1-4+deb9u4 CVE ID : CVE-2019-25026 CVE-2020-36306 CVE-2020-36307 CVE-2020-36308 CVE-2021-30163 CVE-2021-30164 CVE-2021-31863 CVE-2021-31864 CVE-2021-31865 CVE-2021-31866 Several issues were found in Redmine, a project management web application, which could lead to cross-site scripting, information disclosure, and reading arbitrary files from the server. For Debian 9 stretch, these problems have been fixed in version 3.3.1-4+deb9u4. We recommend that you upgrade your redmine packages. For the detailed security status of redmine please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/redmine Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Enhance Redmine on Debian to address urgent vulnerabilities such as cross-site scripting and data leakage.. Redmine Security Update, Debian LTS Advisory, Application Management Fix. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 13, 2021 Critical Debian LTS
172

Ubuntu: USN-4200-1 Critical: Redmine XSS and SQL Injection Threats

Several security issues were fixed in redmine.. =========================================================================Ubuntu Security Notice USN-4200-1 November 26, 2019 redmine vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.04 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in redmine. Software Description: - redmine: flexible project management web application Details: It was discovered that Redmine incorrectly handle certain inputs that could cause textile formatting errors. An attacker could possibly use this issue to cause a XSS attack. (CVE-2019-17427) It was discovered that an SQL injection could allow users to access protected information via a crafted object query. (CVE-2019-18890) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04: redmine 4.0.1-2ubuntu0.1 redmine-mysql 4.0.1-2ubuntu0.1 redmine-pgsql 4.0.1-2ubuntu0.1 redmine-sqlite 4.0.1-2ubuntu0.1 Ubuntu 18.04 LTS: redmine 3.4.4-1ubuntu0.1 redmine-mysql 3.4.4-1ubuntu0.1 redmine-pgsql 3.4.4-1ubuntu0.1 redmine-sqlite 3.4.4-1ubuntu0.1 Ubuntu 16.04 LTS: redmine 3.2.1-2ubuntu0.2 redmine-mysql 3.2.1-2ubuntu0.2 redmine-pgsql 3.2.1-2ubuntu0.2 redmine-sqlite 3.2.1-2ubuntu0.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4200-1 CVE-2019-17427, CVE-2019-18890 Package Information: https://launchpad.net/ubuntu/+source/redmine/4.0.1-2ubuntu0.1 https://launchpad.net/ubuntu/+source/redmine/3.4.4-1ubuntu0.1 https://launchpad.net/ubuntu/+source/redmine/3.2.1-2ubuntu0.2 . UbuntuSecurity Notice USN-4250-1 addresses several vulnerabilities related to the kernel and their applicable patches for different versions.. Redmine Vulnerabilities, Ubuntu Security Notice, SQL Injection, XSS, Software Update. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Nov 25, 2019 Critical Ubuntu
87

Debian: DSA-4574-1 Critical: Redmine SQL Injection and XSS Threat

Hoger Just discovered an SQL injection in Redmine, a project management web application. In addition a cross-site scripting issue was found in Textile formatting. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4574-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff November 19, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : redmine CVE ID : CVE-2019-17427 CVE-2019-18890 Hoger Just discovered an SQL injection in Redmine, a project management web application. In addition a cross-site scripting issue was found in Textile formatting. For the oldstable distribution (stretch), these problems have been fixed in version 3.3.1-4+deb9u3. We recommend that you upgrade your redmine packages. For the detailed security status of redmine please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/redmine Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Uncover vital patches for Redmine: vulnerabilities related to SQL injection and cross-site scripting fixed in Debian DSA-4574-1.. debian security, redmine update, sql injection fix. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Nov 19, 2019 Critical Debian
87

Debian: DSA-4191-2 Critical: Redmine Regression Bug Fix

The redmine security update announced as DSA-4191-1 caused regressions with multi-value fields while doing queries on project issues due to an bug in the patch to address CVE-2017-15569. Updated packages are now available to correct this issue. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-4191-2 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Salvatore Bonaccorso June 03, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : redmine Debian Bug : 900283 The redmine security update announced as DSA-4191-1 caused regressions with multi-value fields while doing queries on project issues due to an bug in the patch to address CVE-2017-15569. Updated packages are now available to correct this issue. For the stable distribution (stretch), this problem has been fixed in version 3.3.1-4+deb9u2. We recommend that you upgrade your redmine packages. For the detailed security status of redmine please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/redmine Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian has issued DSA-4191-2 for redmine, correcting issues introduced by the last patch. Recent changes resolve multiple bugs in the updated software.. redmine, regression fix, debian advisory, bug patch, security update. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 03, 2018 Critical Debian
87

Debian: DSA-4191-2 Important: Redmine Authentication Vulnerability

Multiple vulnerabilities were discovered in Redmine, a project management web application. They could lead to remote code execution, information disclosure or cross-site scripting attacks. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-4191-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Sebastien Delafond May 03, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : redmine CVE ID : CVE-2017-15568 CVE-2017-15569 CVE-2017-15570 CVE-2017-15571 CVE-2017-15572 CVE-2017-15573 CVE-2017-15574 CVE-2017-15575 CVE-2017-15576 CVE-2017-15577 CVE-2017-16804 CVE-2017-18026 Debian Bug : 882544 882545 882547 882548 887307 Multiple vulnerabilities were discovered in Redmine, a project management web application. They could lead to remote code execution, information disclosure or cross-site scripting attacks. For the stable distribution (stretch), these problems have been fixed in version 3.3.1-4+deb9u1. We recommend that you upgrade your redmine packages. In addition, this message serves as an announcement that security support for redmine in the Debian 8 oldstable release (jessie) is now discontinued. Users of redmine in Debian 8 that want security updates are strongly encouraged to upgrade now to the current Debian 9 stable release (stretch). For the detailed security status of redmine please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/redmine Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Important security patch for Debian's Redmine addresses several threats to avert possible breaches.. Debian Redmine Security,Redmine Update, Project Management Vulnerabilities. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 03, 2018 Important Debian
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200