Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
99
security advisorysecurity fixslackwareSlackware: 2022-278-01 Fix Released for Moderate Dhcp Memory Leak Issue
New dhcp packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] dhcp (SSA:2022-278-01) New dhcp packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/dhcp-4.4.3_P1-i586-1_slack15.0.txz: Upgraded. This update fixes two security issues: Corrected a reference count leak that occurs when the server builds responses to leasequery packets. Corrected a memory leak that occurs when unpacking a packet that has an FQDN option (81) that contains a label with length greater than 63 bytes. Thanks to VictorV of Cyber Kunlun Lab for reporting these issues. For more information, see: https://www.cve.org/CVERecord?id=CVE-2022-2928 https://www.cve.org/CVERecord?id=CVE-2022-2929 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/dhcp-4.4.3_P1-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/dhcp-4.4.3_P1-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/dhcp-4.4.3_P1-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/dhcp-4.4.3_P1-x86_64-1_slack14.1.txz Updated package for Slackware14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/dhcp-4.4.3_P1-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/dhcp-4.4.3_P1-x86_64-1_slack14.2.txz Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/dhcp-4.4.3_P1-i586-1_slack15.0.txz Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/dhcp-4.4.3_P1-x86_64-1_slack15.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/dhcp-4.4.3_P1-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/dhcp-4.4.3_P1-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 package: e429e8478fe65c0c181ccd02a053c108 dhcp-4.4.3_P1-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 048b1b6cf2e438616c13c8bb9a97f74a dhcp-4.4.3_P1-x86_64-1_slack14.0.txz Slackware 14.1 package: dd65809816162013a3fb513a178a7b35 dhcp-4.4.3_P1-i486-1_slack14.1.txz Slackware x86_64 14.1 package: db85a1949e4f6c8c6a856ab867e45394 dhcp-4.4.3_P1-x86_64-1_slack14.1.txz Slackware 14.2 package: 9e0732a1ec9a45c091fc23111a164138 dhcp-4.4.3_P1-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 10c5b50ea804e6e139ad108943599ccd dhcp-4.4.3_P1-x86_64-1_slack14.2.txz Slackware 15.0 package: 3c78b341d3af7b9770948ba98f6afac7 dhcp-4.4.3_P1-i586-1_slack15.0.txz Slackware x86_64 15.0 package: 8c4e56a909641a3818d844bb504bd414 dhcp-4.4.3_P1-x86_64-1_slack15.0.txz Slackware -current package: df65be9af772690d503e2ad51848c7bf n/dhcp-4.4.3_P1-i586-1.txz Slackware x86_64 -current package: a86b84620a04c0171c6bf1de2a10c9c0 n/dhcp-4.4.3_P1-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg dhcp-4.4.3_P1-i586-1_slack15.0.txz Then, restart the dhcp daemon. +-----+ . Recent networkconfiguration updates have been released for Slackware to address memory management issues and reference counting bugs following security patches.. dhcp Update, Slackware Packages, Memory Leak Issue, Security Patch. . LinuxSecurity.com Team
Oct 05, 2022
Slackware
100
security advisorybuffer overflowimportantSUSE: 2019:1768-1 Important: Linux Kernel Fix for Reference Count Overflow
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1768-1 Rating: important References: #1133191 Cross-References: CVE-2019-11487 Affected Products: SUSE Linux Enterprise Live Patching 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.4.180-94_97 fixes one issue. The following security issue was fixed: - CVE-2019-11487: The Linux kernel allowed page-> _refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bsc#1133191). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2019-1768=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_97-default-2-2.1 kgraft-patch-4_4_180-94_97-default-debuginfo-2-2.1 References: https://www.suse.com/security/cve/CVE-2019-11487.html https://bugzilla.suse.com/1133191 _______________________________________________ sle-security-updates mailing list
Jul 08, 2019
•Important
SuSE
89
security advisoryupdatecriticalFedora 10: 2009-12652 Critical: Fix for Cups Memory Leak
This update include a fix for improper reference counting in abstract file descriptors handling interface (CVE-2009-3553), and for a memory leak in the LSPP support.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-12652 2009-12-04 22:41:17 -------------------------------------------------------------------------------- Name : cups Product : Fedora 10 Version : 1.3.11Release : 4.fc10 URL : http://www.cups.org/ Summary : Common Unix Printing System Description : The Common UNIX Printing System provides a portable printing layer for UNIX® operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. -------------------------------------------------------------------------------- Update Information: This update include a fix for improper reference counting in abstract file descriptors handling interface (CVE-2009-3553), and for a memory leak in the LSPP support. -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 3 2009 Tim Waugh - 1:1.3.11-4 - Applied patch to fix CVE-2009-3553 (bug #530111, STR #3200). * Wed Nov 11 2009 Jiri Popelka 1:1.3.11-3 - Fixed lspp-patch to avoid memory leak (bug #536741). * Tue Nov 10 2009 Tim Waugh 1:1.3.11-2 - Added fix for CVE-2009-2820 (bug #529833). * Tue Nov 3 2009 Tim Waugh 1:1.3.11-1 - 1.3.11. * Tue Nov 3 2009 Tim Waugh 1:1.3.10-7 - Removed stale patch from STR #2831 which was causing problems with number-up (bug #532516). * Tue Oct 20 2009 Jiri Popelka 1:1.3.10-6 - Fix cups-lpd to create unique temporary data files (bug #529838, STR #3382). * Wed May 6 2009 Tim Waugh 1:1.3.10-5 - Restart cupsd if "ServerAlias *" is added to cupsd.conf (bug #497354). - Ship "ServerAlias *" in cupsd.conf.default configuration file as well (bug #498884). * Mon Apr 27 2009 TimWaugh 1:1.3.10-4 - Adjust cupsd.conf by adding "ServerAlias *" automatically on upgrade (part of bug #497301). The default cupsd.conf now includes this line as well. * Sun Apr 26 2009 Tim Waugh 1:1.3.10-2 - Accept "Host: ::1" (bug #497393). - Accept Host: fields set to the ServerName value (bug #497301). - Temporarily relax requirement to have printer-uri attribute in IPP-Get-Jobs request (bug #497519). * Tue Apr 21 2009 Tim Waugh 1:1.3.10-1 - 1.3.10. No longer need ext, includeifexists, str2988, CVE-2008-5183, CVE-2008-5286, str3077, str3078, str3059, str3055 patches. - Requires poppler-utils. - NOTE: If your CUPS server is accessed using a hostname or hostnames not known to the server itself you must add "ServerAlias hostname" for each such name. The special line "ServerAlias *" disables checking (but this allows DNS rebinding attacks). * Mon Mar 9 2009 Tim Waugh 1:1.3.9-9 - Fixed getnameddest patch (bug #481481, STR #3082). - Handle https:// device URIs (bug #478677, STR #3122). * Wed Jan 28 2009 Tim Waugh 1:1.3.9-8 - Always supply document-name when printing a file (STR #3055). - Load MIME type rules correctly (bug #426089, STR #3059). * Wed Jan 28 2009 Tim Waugh 1:1.3.9-7 - Fixed quotas (STR #3077, STR #3078). * Tue Dec 9 2008 Tim Waugh 1:1.3.9-6 - Attempt to unbreak the fix for STR #2831 (bug #474742). * Mon Dec 8 2008 Tim Waugh 1:1.3.9-5 - Removed dnssd backend as it was causing problems (bug #475230). * Wed Dec 3 2008 Tim Waugh 1:1.3.9-4 - Applied patch to fix STR #2974 (bug #473905, CVE-2008-5286, CVE-2008-1722). - Applied patch to fix RSS subscription limiting (bug #473901, CVE-2008-5183). - Fixed cups-polld again for res_init (STR #3023, bug #354071). - Added patch to avoid polling busy loop (STR #2988). * Thu Oct 30 2008 Tim Waugh 1:1.3.9-3 - Fixed LSPP labels (bug #468442). -------------------------------------------------------------------------------- References: [ 1 ] Bug #530111 - CVE-2009-3553 cups: Use-after-free (crash) due improper referencecounting in abstract file descriptors handling interface https://bugzilla.redhat.com/show_bug.cgi?id=530111 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update cups' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
Dec 04, 2009
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!