Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
219
security advisorymoderate severitypcs updateRocky Linux 8 RLSA-2023:0855 Moderate: pcs Reflected File Download
Moderate: pcs security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2023:0855", "synopsis": "Moderate: pcs security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for pcs.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.\n\nSecurity Fix(es):\n\n* sinatra: Reflected File Download attack (CVE-2022-45442)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2153363", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2153363", "description": ""}], "cves": [{"name": "CVE-2022-45442", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2022-45442", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.8", "cwe": "CWE-494"}], "references": [], "publishedAt": "2023-02-22T01:08:55.795175Z", "rpms": {"Rocky Linux 8": {"nvras": ["pcs-0:0.10.14-5.el8_7.2.aarch64.rpm", "pcs-0:0.10.14-5.el8_7.2.src.rpm", "pcs-0:0.10.14-5.el8_7.2.x86_64.rpm", "pcs-snmp-0:0.10.14-5.el8_7.2.aarch64.rpm", "pcs-snmp-0:0.10.14-5.el8_7.2.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Routine security patch for Rocky Linux 8 targeting a reflected file download vulnerability. Urgent severity update released.. Rocky Linux Update, pcs Command-Line Configuration, Security Patch. . LinuxSecurity.com Team
Feb 22, 2023
Rocky Linux
98
security advisorymoderateRed Hat Enterprise LinuxRed Hat Enterprise Linux 8.1 RHSA-2023:0857-01 Moderate pcs RFD Issue
An update for pcs is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: pcs security update Advisory ID: RHSA-2023:0857-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:0857 Issue date: 2023-02-21 CVE Names: CVE-2022-45442 ==================================================================== 1. Summary: An update for pcs is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux High Availability E4S (v. 8.1) - aarch64, ppc64le, s390x, x86_64 3. Description: The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix(es): * sinatra: Reflected File Download attack (CVE-2022-45442) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2153363 - CVE-2022-45442 sinatra: Reflected File Download attack 6. Package List: Red Hat Enterprise Linux High Availability E4S (v.8.1): Source: pcs-0.10.2-4.el8_1.3.src.rpm aarch64: pcs-0.10.2-4.el8_1.3.aarch64.rpm pcs-snmp-0.10.2-4.el8_1.3.aarch64.rpm ppc64le: pcs-0.10.2-4.el8_1.3.ppc64le.rpm pcs-snmp-0.10.2-4.el8_1.3.ppc64le.rpm s390x: pcs-0.10.2-4.el8_1.3.s390x.rpm pcs-snmp-0.10.2-4.el8_1.3.s390x.rpm x86_64: pcs-0.10.2-4.el8_1.3.x86_64.rpm pcs-snmp-0.10.2-4.el8_1.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-45442 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY/S5F9zjgjWX9erEAQhzUxAAi8UkJNwV5jCQoZK3b5TdAIzRTWBJP6e9 Nm+TNfORMSjIiucmyDpHpOfbhQKeyA/IAIQ5zUf1WKRkERyB4XTYAtOOYsHNp8aZ a6KiQBtjHdB85v7Ued9k6hcmWpLdMdZtcop22s+Ox6xi9zApHThuxiY4cwGCGoJ1 BcRh6bsTp+gGTpSjUXWTJALzojZeZYKVZyabIpUDuebmtq9jvfamhjQ83TrgwyvZ g47474ca1cXbmRUpyDwtnW0pZO/cHJJnZpVCPMP6c+aeO2XEhSPTjB7NsSIFZB47 5M6TTOKfpsLpudJ1IY5XFOE4xggjB9qk76Ag2jDAe0Oa+AWgQ9B7nBeqMxJjQnWv i5Su/qIogWEmVLd5fsfrs3LbVaGrj9pNBQoEci1e5R+kqk4hHEpbmm6VvGmYcRPF vhRgfL1CMYMSv0u3ypjH7BZshxmIkaela6m95HW8mZDiG8xeeRQwA9kITmSv0od1 C10AUDq23HuEPFvbvOlX0zBCa6XrmJlOIH5LfOQwo7x/xxL488KPkarWxIDMxjJS IkIZBXc5u8jl2YEfoqNSD052Tj/gz4+G7Jt1+JUUA4y51kZ/o4Rp1RMblzOixE7x qwl7Ctx7UKaSf4CCBJkmR1FOFSltu20idoM2rdAdn87xtUg/UdKmY9EHJhITGmK3 APs39EHbJzk=k0Ul -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Feb 21, 2023
Red Hat
98
security advisorymoderatesecurity updateRed Hat 9.0: RHSA-2023-0527-01 Moderate pcs Reflected File Download
An update for pcs is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: pcs security update Advisory ID: RHSA-2023:0527-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:0527 Issue date: 2023-01-30 CVE Names: CVE-2022-45442 ==================================================================== 1. Summary: An update for pcs is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux High Availability EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Resilient Storage EUS (v.9.0) - ppc64le, s390x, x86_64 3. Description: The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix(es): * sinatra: Reflected File Download attack (CVE-2022-45442) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2153363 - CVE-2022-45442 sinatra: Reflected File Download attack 6. Package List: Red Hat Enterprise Linux HighAvailability EUS (v.9.0): Source: pcs-0.11.1-10.el9_0.3.src.rpm aarch64: pcs-0.11.1-10.el9_0.3.aarch64.rpm pcs-snmp-0.11.1-10.el9_0.3.aarch64.rpm ppc64le: pcs-0.11.1-10.el9_0.3.ppc64le.rpm pcs-snmp-0.11.1-10.el9_0.3.ppc64le.rpm s390x: pcs-0.11.1-10.el9_0.3.s390x.rpm pcs-snmp-0.11.1-10.el9_0.3.s390x.rpm x86_64: pcs-0.11.1-10.el9_0.3.x86_64.rpm pcs-snmp-0.11.1-10.el9_0.3.x86_64.rpm Red Hat Enterprise Linux Resilient Storage EUS (v.9.0): Source: pcs-0.11.1-10.el9_0.3.src.rpm ppc64le: pcs-0.11.1-10.el9_0.3.ppc64le.rpm pcs-snmp-0.11.1-10.el9_0.3.ppc64le.rpm s390x: pcs-0.11.1-10.el9_0.3.s390x.rpm pcs-snmp-0.11.1-10.el9_0.3.s390x.rpm x86_64: pcs-0.11.1-10.el9_0.3.x86_64.rpm pcs-snmp-0.11.1-10.el9_0.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-45442 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY9fxnNzjgjWX9erEAQiNqA/+O+hbg+/u/Ba+jVhT6wACCwbLCxlyM3rq TkhbpqBMjZQ6krvIQ9ceS5vLWFp+yBbfg2faTFCC+OSHf5fxSMES2FeRsnbOUq9C TqJOlR2LvNcjjyVfxcGM+yWNSG54fdN1juP286f4wCzcnbUR675pqphKkK7FT9Js 70buM3nOw14y2jQ1070c58S2xDWtDYc6oMenHDZu8rCPP/PdJeKROBPm8kQX5h9i 0iaaJjPcRlASE6c19F6hCtQwkSgsLA6pLDR/N5EIahKJ1203eeshM9ISR7mimPS/ iWUoNIQu4ZWpHv6BscoYn6TfD14ymQgJaeWT8sgvLBCfCLO2XvfGJSxyu4/Yo2uW QkMrPywHyYTeHt5E2msS/rgMHaGcKhPohuOTVDvJbdfFwu/JX7srclfzy628nERh n8rWz3RtofEEDnF90OKCZM0hPSyQZGillElthkE+KWbnEVfc2dhzxGpawlGqNpZk 4YBGT2hw6hLvubfOdUcBcAS3vuZylcMI51L9ARscM9c0C9B1qaoTX/sZYA68HQ42 QRlmztihtJjtInrjCwMg4q6YO0Lr+xBLgh5gP1/DR5yj2xoD2DwLL+6q3tv0didR kkfgKYZnfQ6xPBmhD+BLWfqPICCX93un6PNWkjM63bdNraCqTLxF2HVYFijw0ZNg /9ZZHIAPXWE=1ju9 -----END PGP SIGNATURE----- -- RHSA-announce mailinglist
Jan 30, 2023
Red Hat
98
security advisoryRed Hat Enterprise Linuxmoderate severityRed Hat Enterprise Linux 8.2 RHSA-2023-0393-01 Moderate: pcs Update
An update for pcs is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: pcs security update Advisory ID: RHSA-2023:0393-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:0393 Issue date: 2023-01-24 CVE Names: CVE-2022-45442 ==================================================================== 1. Summary: An update for pcs is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux High Availability E4S (v. 8.2) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux High Availability TUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 3. Description: The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix(es): * sinatra: Reflected File Download attack (CVE-2022-45442) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed(https://bugzilla.redhat.com/): 2153363 - CVE-2022-45442 sinatra: Reflected File Download attack 6. Package List: Red Hat Enterprise Linux High Availability E4S (v. 8.2): Source: pcs-0.10.4-6.el8_2.4.src.rpm aarch64: pcs-0.10.4-6.el8_2.4.aarch64.rpm pcs-snmp-0.10.4-6.el8_2.4.aarch64.rpm ppc64le: pcs-0.10.4-6.el8_2.4.ppc64le.rpm pcs-snmp-0.10.4-6.el8_2.4.ppc64le.rpm s390x: pcs-0.10.4-6.el8_2.4.s390x.rpm pcs-snmp-0.10.4-6.el8_2.4.s390x.rpm x86_64: pcs-0.10.4-6.el8_2.4.x86_64.rpm pcs-snmp-0.10.4-6.el8_2.4.x86_64.rpm Red Hat Enterprise Linux High Availability TUS (v. 8.2): Source: pcs-0.10.4-6.el8_2.4.src.rpm aarch64: pcs-0.10.4-6.el8_2.4.aarch64.rpm pcs-snmp-0.10.4-6.el8_2.4.aarch64.rpm ppc64le: pcs-0.10.4-6.el8_2.4.ppc64le.rpm pcs-snmp-0.10.4-6.el8_2.4.ppc64le.rpm s390x: pcs-0.10.4-6.el8_2.4.s390x.rpm pcs-snmp-0.10.4-6.el8_2.4.s390x.rpm x86_64: pcs-0.10.4-6.el8_2.4.x86_64.rpm pcs-snmp-0.10.4-6.el8_2.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-45442 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBY8+0PNzjgjWX9erEAQgNkA//edHjahjCaKOYb3cR/ahSnNXjhhl/x4nM lX18WSd2PpJ1KvUbVBXo2BL0jlfDBwTpFvdJmzTcxjrEM10i0B84c4DJDJfmcdI0 CWnh85UpwUpTGvqhxUpf8EWDNh6yrLrdDh1RjBc765/Ldy4ai67cqoCv2FzkCBRo sPtPQBLt6eVME/39tarbX3mwN6JUGPEiXmSkKv2KqN+Jf4kLzLjrs4Cj0/V0WXrW MZwMnVnfKqL+XerOCincbCvwfNByfN0seVj9wIkOaAu+Zz4YASXzZl8wtbkN3Gr5 UV0vZ68MegZPTLsvre+inn2DIQfBOH1xxN352Vz1q3lBu2TnyC/mC0Leun2lK7bY rbG7pz3piN4xOZNvOcPl0id0d6DMauDdZnNv9kF/A7K9EbqooMaR/H1I3CgsqIuo p3Mvrfx7GuLFUyGNkUMV5Gkm9Gdc64JLXFVA3kqTitp36dr2APx//D5KDbAZfWG3 fnTJgIRovcE0+/dt6RfFkFDufBh7vKYJLIf/2+GBKnDjTEXzjus627VSBXx3Z2wM 4fWCZe7YfYvQY0lxQMOKIXC1l5T+9LFgOnl7FcsgU/krR17pwU0zRBKOdKC8SsPa R1Lz0b/NKPh6ABykjKyoI/irdnp8Xy8M++98UsQHkI4oMvebl/nsx5BAjlzanBSZ FhiArI4ug2Y=YPWO -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jan 24, 2023
Red Hat
197
security advisorydebianmoderate severityDebian 10: DLA-3264-1 Moderate: Ruby-Sinatra Reflected File Download
It was discovered that there was a potential reflected file download (RFD) vulnerability in ruby-sinatra, a Ruby library for writing HTTP applications. A Content-Disposition HTTP header was being incorrectly derived from a potentially user-supplied filename. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3264-1
Jan 10, 2023
Debian LTS
202
security advisoryimportanceopenSUSEopenSUSE: 2022:10103-1 Critical: Python-Django File Download Issue
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for python-Django ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10103-1 Rating: important References: #1201923 Cross-References: CVE-2022-36359 CVSS scores: CVE-2022-36359 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-36359 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N Affected Products: openSUSE Backports SLE-15-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Django fixes the following issues: - CVE-2022-36359: Fixed potential reflected file download vulnerability in FileResponse (boo#1201923) * Backport fix and tests from uptream branch 3.2.X Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2022-10103=1 Package List: - openSUSE Backports SLE-15-SP4 (noarch): python3-Django-2.2.28-bp154.2.3.3 References: https://www.suse.com/security/cve/CVE-2022-36359.html https://bugzilla.suse.com/1201923 . A critical update for python-Django has been released to fix security vulnerabilities. Users should apply this patch to protect their systems effectively. openSUSE Security Update, python-Django Fixes, Reflected File Download. . Severity: Important. LinuxSecurity.com Team
Aug 27, 2022
•Important
OpenSUSE
89
security advisoryFedorasecurity fixUbuntu 20.04: UBUNTU-2021-9300124780 High: Unrestricted File Upload
Security fix for CVE-2015-5211. Update to 3.2.15.RELEASE. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-693035254a 2015-11-01 18:14:58.630611 -------------------------------------------------------------------------------- Name : springframework Product : Fedora 22 Version : 3.2.15 Release : 1.fc22 URL : https://spring.io/projects/spring-framework/ Summary : Spring Java Application Framework Description : Spring is a layered Java/J2EE application framework, based on code published in Expert One-on-One J2EE Design and Development by Rod Johnson (Wrox, 2002). -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2015-5211. Update to 3.2.15.RELEASE -------------------------------------------------------------------------------- References: [ 1 ] Bug #1272946 - CVE-2015-5211 Spring Framework: Reflected File Download (RFD) vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1272946 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update springframework' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Nov 01, 2015
Fedora
89
security advisoryFedoracritical fixFedora 23 FEDORA-2015-065d9953e8 Critical: Spring RFD Issue
Security fix for CVE-2015-5211. Update to 3.2.15.RELEASE. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-065d9953e8 2015-11-01 01:51:21.168679 -------------------------------------------------------------------------------- Name : springframework Product : Fedora 23 Version : 3.2.15 Release : 1.fc23 URL : https://spring.io/projects/spring-framework/ Summary : Spring Java Application Framework Description : Spring is a layered Java/J2EE application framework, based on code published in Expert One-on-One J2EE Design and Development by Rod Johnson (Wrox, 2002). -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2015-5211. Update to 3.2.15.RELEASE -------------------------------------------------------------------------------- References: [ 1 ] Bug #1272946 - CVE-2015-5211 Spring Framework: Reflected File Download (RFD) vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1272946 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update springframework' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Nov 01, 2015
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!