Alerts This Week
Warning Icon 1 562
Alerts This Week
Warning Icon 1 562

Stay Secure with the Latest Linux Advisories

Ubuntu Large Esm H800
Ubuntu

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H800
Ubuntu

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Calendar White Jun 03, 2026
Critical
Oracle Large Esm H900
Oracle

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Calendar White Jun 03, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Calendar White Jun 02, 2026
moderate
Oracle Large Esm H800
Oracle

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Calendar White Jun 02, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Calendar White Jun 02, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -4 articles for you...
99
Ls Advisories Slackware Esm H240
Price Tag 1security advisorycriticalthreat

Slackware 14.1 Advisory 2015-028-01 Critical: glibc Remote Control

New glibc packages are available for Slackware 13.0, 13.1, 13.37, 14.0, and 14.1 to fix a security issue. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] glibc (SSA:2015-028-01) New glibc packages are available for Slackware 13.0, 13.1, 13.37, 14.0, and 14.1 to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/glibc-2.17-i486-10_slack14.1.txz: Rebuilt. This update patches a security issue __nss_hostname_digits_dots() function of glibc which may be triggered through the gethostbyname*() set of functions. This flaw could allow local or remote attackers to take control of a machine running a vulnerable version of glibc. Thanks to Qualys for discovering this issue (also known as the GHOST vulnerability.) For more information, see: https://www.qualys.com/2015/01/27/cve-2015-0235/GHOST-CVE-2015-0235.txt https://www.cve.org/CVERecord?id=CVE-2015-0235 (* Security fix *) patches/packages/glibc-i18n-2.17-i486-10_slack14.1.txz: Rebuilt. patches/packages/glibc-profile-2.17-i486-10_slack14.1.txz: Rebuilt. patches/packages/glibc-solibs-2.17-i486-10_slack14.1.txz: Rebuilt. patches/packages/glibc-zoneinfo-2014j-noarch-1.txz: Upgraded. Upgraded to tzcode2014j and tzdata2014j. +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated packages for Slackware13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-2.9-i486-7_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-i18n-2.9-i486-7_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-profile-2.9-i486-7_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-solibs-2.9-i486-7_slack13.0.txz Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-2.9-x86_64-7_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-i18n-2.9-x86_64-7_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-profile-2.9-x86_64-7_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-solibs-2.9-x86_64-7_slack13.0.txz Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-2.11.1-i486-9_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-solibs-2.11.1-i486-9_slack13.1.txz Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-2.11.1-x86_64-9_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-i18n-2.11.1-x86_64-9_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-profile-2.11.1-x86_64-9_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-solibs-2.11.1-x86_64-9_slack13.1.txz Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-i18n-2.13-i486-8_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-profile-2.13-i486-8_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-solibs-2.13-i486-8_slack13.37.txz Updatedpackages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-2.13-x86_64-8_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-solibs-2.13-x86_64-8_slack13.37.txz Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/glibc-i18n-2.15-i486-9_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/glibc-profile-2.15-i486-9_slack14.0.txz Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/glibc-i18n-2.15-x86_64-9_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/glibc-solibs-2.15-x86_64-9_slack14.0.txz Updated packages for Slackware 14.1: Updated packages for Slackware x86_64 14.1: Updated packages for Slackware -current: Updated packages for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 13.0 packages: 41402c65ebdef4b022c799131556ef7e glibc-2.9-i486-7_slack13.0.txz 7095e3cd743af0179ea14b9bff81e3f4 glibc-i18n-2.9-i486-7_slack13.0.txz 901d50b809ed84837ff45b2ca7838bb3 glibc-profile-2.9-i486-7_slack13.0.txz 421a711b7cf1be2df2421ae5cd50b217 glibc-solibs-2.9-i486-7_slack13.0.txz 61278ba5a904a7474e9b0b64b0daab97 glibc-zoneinfo-2014j-noarch-1.txz Slackware x86_64 13.0 packages: d4266628a8db63751f3f55b8bc2e2162 glibc-2.9-x86_64-7_slack13.0.txz b6161a0e23da771c5c6903605e49e403 glibc-i18n-2.9-x86_64-7_slack13.0.txz b8026d61e3849cce26539def0b665ca3 glibc-profile-2.9-x86_64-7_slack13.0.txz 1f7f4cf57d44d75d4ef2786152f33403 glibc-solibs-2.9-x86_64-7_slack13.0.txz 61278ba5a904a7474e9b0b64b0daab97 glibc-zoneinfo-2014j-noarch-1.txz Slackware 13.1 packages: 03e0d0224efe8bc794b5be0454612a1e glibc-2.11.1-i486-9_slack13.1.txz fabbdd8d7f14667c7a2dc7ede87b5510 glibc-i18n-2.11.1-i486-9_slack13.1.txz 1c1d86a9dabe329c3d30796188b66ebe glibc-profile-2.11.1-i486-9_slack13.1.txz e2ebe08bb02550c69202a6f973ef7e47 glibc-solibs-2.11.1-i486-9_slack13.1.txz 61278ba5a904a7474e9b0b64b0daab97 glibc-zoneinfo-2014j-noarch-1.txz Slackware x86_64 13.1 packages: c00de492a4842e3a86101028e8cc03f0 glibc-2.11.1-x86_64-9_slack13.1.txz 9657c55f39b233333e48d08acee9ed78 glibc-i18n-2.11.1-x86_64-9_slack13.1.txz ada2d7f7b7ffdfd7a4407696ad714e48 glibc-profile-2.11.1-x86_64-9_slack13.1.txz b3c393e74aafbb5276cea1217dfcd1aa glibc-solibs-2.11.1-x86_64-9_slack13.1.txz 61278ba5a904a7474e9b0b64b0daab97 glibc-zoneinfo-2014j-noarch-1.txz Slackware 13.37 packages: 16615e6ef8311b928e3a05e0b7f3e505 glibc-2.13-i486-8_slack13.37.txz 319dfc0cbdaf8410981195fffb1371c6 glibc-i18n-2.13-i486-8_slack13.37.txz 6964339495ab981d17ba27cd5878a400 glibc-profile-2.13-i486-8_slack13.37.txz 1834abd11fab02725e897040bbead56f glibc-solibs-2.13-i486-8_slack13.37.txz 61278ba5a904a7474e9b0b64b0daab97 glibc-zoneinfo-2014j-noarch-1.txz Slackware x86_64 13.37 packages: 1753003d261831ac235445e23a9f9870 glibc-2.13-x86_64-8_slack13.37.txz 8aa103984bb2cb293072a022dd9144f2 glibc-i18n-2.13-x86_64-8_slack13.37.txz a56e90a34eec8f60e265c45d05490a57 glibc-profile-2.13-x86_64-8_slack13.37.txz c6f684ea049e4091b96d15606eb454d1 glibc-solibs-2.13-x86_64-8_slack13.37.txz 61278ba5a904a7474e9b0b64b0daab97 glibc-zoneinfo-2014j-noarch-1.txz Slackware 14.0 packages: a2fadb666bfdf5c7c4c9792cbf34785d glibc-2.15-i486-9_slack14.0.txz 3b3626f4a170a603af36ca60c7840fa6 glibc-i18n-2.15-i486-9_slack14.0.txz ad237d138bb874e57c4080071d27e798 glibc-profile-2.15-i486-9_slack14.0.txz f07d37e52014cec80e43d883eda516ae glibc-solibs-2.15-i486-9_slack14.0.txz 61278ba5a904a7474e9b0b64b0daab97 glibc-zoneinfo-2014j-noarch-1.txz Slackware x86_64 14.0 packages: a5d02d71a230b6daa39d2ebefd8a6548 glibc-2.15-x86_64-9_slack14.0.txz 62c30b615e38ba63cafb8053383eabde glibc-i18n-2.15-x86_64-9_slack14.0.txz 152d094ab6bc4c7f763dd4ad1a53784c glibc-profile-2.15-x86_64-9_slack14.0.txz b256163bb179d1aebfda5f45270a0580 glibc-solibs-2.15-x86_64-9_slack14.0.txz 61278ba5a904a7474e9b0b64b0daab97 glibc-zoneinfo-2014j-noarch-1.txz Slackware 14.1 packages: 8f2fb91bb39d8a1db3bd6510295e6b1e glibc-2.17-i486-10_slack14.1.txz 8d179820a827a4dce028b57d3fa39237 glibc-i18n-2.17-i486-10_slack14.1.txz 19a4824c6ff8792a1166a38ceff824e0 glibc-profile-2.17-i486-10_slack14.1.txz 417dede2ae464059002b6fcc2048f942 glibc-solibs-2.17-i486-10_slack14.1.txz 61278ba5a904a7474e9b0b64b0daab97 glibc-zoneinfo-2014j-noarch-1.txz Slackware x86_64 14.1 packages: 490ce11a13439e30ff312769cc4fabb1 glibc-2.17-x86_64-10_slack14.1.txz cd145e0d6a12b15d5282d7d1b3de92ed glibc-i18n-2.17-x86_64-10_slack14.1.txz 93aea777dd41dc1c631dce1cf252bf14 glibc-profile-2.17-x86_64-10_slack14.1.txz 6b759039a5b3f8c88b3753e722ded78e glibc-solibs-2.17-x86_64-10_slack14.1.txz 61278ba5a904a7474e9b0b64b0daab97 glibc-zoneinfo-2014j-noarch-1.txz Slackware -current packages: 395d4ad5fb71c4a56a500c3e51d07c8b a/glibc-solibs-2.20-i486-2.txz 61278ba5a904a7474e9b0b64b0daab97 a/glibc-zoneinfo-2014j-noarch-1.txz 3ca2827446e66d0d2d0e0bc8c55ba1ed l/glibc-2.20-i486-2.txz 94105b1a10c42ce0995f8ace6b4f06a8 l/glibc-i18n-2.20-i486-2.txz fcc2ad4f5aad3a7d704d708a170c5351 l/glibc-profile-2.20-i486-2.txz Slackware x86_64 -current packages: 25129dd9dfed8a8e834c87ba40c1ef17 a/glibc-solibs-2.20-x86_64-2.txz 61278ba5a904a7474e9b0b64b0daab97 a/glibc-zoneinfo-2014j-noarch-1.txz b8ff5e308769d8e4eddccd9940058d5c l/glibc-2.20-x86_64-2.txz 8c3db9286aa93346d25ffad38178137b l/glibc-i18n-2.20-x86_64-2.txz 21f2a62d975b433f570cd5129cdc21fb l/glibc-profile-2.20-x86_64-2.txz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg glibc-* +-----+ . Freshly released glibc updates for Slackware address significant security vulnerabilities—users are urged to upgrade immediately.. glibc Packages, Slackware Updates, Glibc Security Fix. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jan 28, 2015 Critical Slackware
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisorycriticalsystem access

Edubuntu: Critical iTALC Remote Control Vulnerability 1061-1 Identified

Stéphane Graber discovered that the iTALC private keys shipped with the Edubuntu Live DVD were not correctly regenerated once Edubuntu was installed. If an iTALC client was installed with the vulnerable keys, a remote attacker could gain control of the system. Only systems using keys from the Edubuntu Live DVD were affected. [More...]. ==========================================================Ubuntu Security Notice USN-1061-1 February 11, 2011 italc vulnerability CVE-2011-0724 ========================================================== A security issue affects the following Edubuntu releases: Edubuntu 9.10 Edubuntu 10.04 LTS Edubuntu 10.10 This advisory does not apply to the corresponding versions of Ubuntu, Kubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Edubuntu 9.10: italc-client 1:1.0.9.1-0ubuntu16.1 Edubuntu 10.04 LTS: italc-client 1:1.0.9.1-0ubuntu18.10.04.1 Edubuntu 10.10: italc-client 1:1.0.9.1-0ubuntu18.10.10.1 After a standard system update, if you had originally installed from the Edubuntu Live DVD and the bad keys were found, you will need to redistribute the newly generated public keys to your iTALC clients and restart each session. For more details, see: https://wiki.ubuntu.com/iTalc/Keys Details follow: Stéphane Graber discovered that the iTALC private keys shipped with the Edubuntu Live DVD were not correctly regenerated once Edubuntu was installed. If an iTALC client was installed with the vulnerable keys, a remote attacker could gain control of the system. Only systems using keys from the Edubuntu Live DVD were affected. Updated packages for Edubuntu 9.10: Source archives: Size/MD5: 16671 1463aaba5c51b8cec0d60b95f748604e Size/MD5: 1920 08011f20c0f1ef67bc9585cb1e7b1afd Size/MD5: 3294206 5acc6bd10139bc3e05e7106d27410e46 amd64 architecture (Athlon64, Opteron,EM64T Xeon): Size/MD5: 542156 64fb51a7bc9f270430816c26d9975087 Size/MD5: 1104570 3ec712ffb519e2d435049fef207fd2c6 Size/MD5: 203938 2f304ef75066085440e3d212a8b369cb i386 architecture (x86 compatible Intel/AMD): Size/MD5: 511854 8a7275b9a5d0bd04c72f3eb9ca1b331d Size/MD5: 1107262 d7cfffe6dac606775375e924a30e26f3 Size/MD5: 205602 2cf1ef5e65abe30128c079c3f1449384 armel architecture (ARM Architecture): Size/MD5: 538896 eb7379ae546c8536ca02c89e2bca4ef8 Size/MD5: 1091678 5b7b38132f58ecc7888c1c1f2be2ec69 Size/MD5: 193496 3c34296c12cf3196c4461c5fb466e26d lpia architecture (Low Power Intel Architecture): Size/MD5: 517964 58315714b8f7ac8947d10c006e2338b7 Size/MD5: 1112450 1e07a33fd32a2b39e2f98247fea1fd91 Size/MD5: 207090 a8de2ff7e3a63d7941c907c6f7662327 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 509256 6d3ab8b223c052daf61505e3699c548c Size/MD5: 1104256 a60f8f7864eaccd3925ed159f9922a52 Size/MD5: 207212 3f17a9133c795d574afbcaab646c0a6a sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 535652 3b4d443d9c446be018420f8d24660ec7 Size/MD5: 1113496 a69b5373083c72ae1f7fee5a8ec1ad2d Size/MD5: 199270 1d46750c6fdb042ebbc3fc8da0b87cc3 Updated packages for Edubuntu 10.04 LTS: Source archives: Size/MD5: 17359 01b5b5b9b20a3318de6eebff121bc060 Size/MD5: 1944 462055fb0ec328c3bc732189bb9b78ff Size/MD5: 3294206 5acc6bd10139bc3e05e7106d27410e46 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 540436 adf3a38bca52cfec45c0062451ae58e3 Size/MD5: 1116274 8bf410d86837d1bd44afce17a7c3259b Size/MD5: 205174 4182e5ce1528aeb2892f9cc6dc551bec i386 architecture (x86 compatible Intel/AMD): Size/MD5: 509254 fc058ac14090555b5b9a5b6258021506 Size/MD5: 1118644 4bb71f3d4d5b8ef2e77d5c9d37d340a2 Size/MD5: 206942 c875777d44d896765f38daea53b48449 armel architecture (ARM Architecture): Size/MD5: 514320 fc6ee6aeda4a44b55170b1e12935548d Size/MD5: 1096032 eecadd401d07293479828fd46119184a Size/MD5: 190692 ddfcda169a7002e70271b28c4ef0a719 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 506784 480566c62a80d3e1a031e663b82cd227 Size/MD5: 1115134 f622aaae7105494eff7c18f6bc69aba4 Size/MD5: 208300 a54eb8025c139551ed43c58560e3c90f sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 558922 bba1195414cc2683a0726c27bfd24916 Size/MD5: 1126202 bf3a680e3a0d2d51fc936490fb7a1e0f Size/MD5: 200984 67e38faf389fa0b4aaad118d00dd99e6 Updated packages for Edubuntu 10.10: Source archives: Size/MD5: 18083 39a981929bf84da42a97a54864228949 Size/MD5: 1944 24f547e0d9d843a7840bad3a9175819c Size/MD5: 3294206 5acc6bd10139bc3e05e7106d27410e46 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 532426 8d13c2c03230c8122d7bf3a0f1d5dbfd Size/MD5: 1117386 9eaa534098d4c5493fff03517c7b9545 Size/MD5: 203276 bf0bc8803ea8bf6b516ddaab9577a881 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 501438 ff1bcd699abfcc7901238a393441eb10 Size/MD5: 1120146 384a7eec9820349758c14026b11ce4ad Size/MD5: 205172 afce197eedd356c41c0363578247a815 armel architecture (ARM Architecture): Size/MD5: 570806 87388b75705ac4b3215b03d7233159fa Size/MD5: 1105250 51a40f0a7e63051a169f1c8dfc36b89e Size/MD5: 194404 e654aee0c1608fdbd939e854e694134a powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 499942 1ff63b28c25c2127e45d3bedbd1bbbae Size/MD5: 1117620 a7ca6291800aeb99410b39056fd58982 Size/MD5: 206704669dbbfde3b0fe231bb05d4522d95165 . A flaw in iTALC found within the Edubuntu Live DVD poses a threat of unauthorized system entry. Discover methods to fortify your security.. iTALC Security, Edubuntu Advisories, Remote Access, System Vulnerability, Key Management. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Feb 11, 2011 Critical Ubuntu
Banner 1 1028x280 1708121660 1771599717
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisorycriticalremote control

Ubuntu 5.10 USN-413-1 Critical: Bluez-Utils Remote Control Issue

A flaw was discovered in the HID daemon of bluez-utils. A remote attacker could gain control of the mouse and keyboard if hidd was enabled. This does not affect a default Ubuntu installation, since hidd is normally disabled. . =========================================================== Ubuntu Security Notice USN-413-1 January 24, 2007 bluez-utils vulnerability CVE-2006-6899 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: bluez-utils 2.20-0ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: A flaw was discovered in the HID daemon of bluez-utils. A remote attacker could gain control of the mouse and keyboard if hidd was enabled. This does not affect a default Ubuntu installation, since hidd is normally disabled. Updated packages for Ubuntu 5.10: Source archives: Size/MD5: 650 7bb5c0c29740dfae995a55ba26d07a57 Size/MD5: 526189 b2444d694c7511e6653a3a9cead00889 amd64 architecture (Athlon64, Opteron, EM64T Xeon) Size/MD5: 20086 3b4ed9604f7ba74d1e287614afa18cf4 Size/MD5: 187672 7aad0bfd925ef78d37cbeef826249c78 i386 architecture (x86 compatible Intel/AMD) Size/MD5: 19518 4cce6a8b87feec8426d3b2e63945c434 Size/MD5: 15604 cb8dd267df57bcb30ec3c73e180e994e Size/MD5: 164384 431ed3045356754cbdbb96a24a7ec0dd powerpc architecture (Apple Macintosh G3/G4/G5) Size/MD5: 21414 72d08ff3dd99ffd8674d88fcb56bf69b Size/MD5: 15610 c33bd675a14e05622c66fbb590a14442 Size/MD5: 194032 3a7fbfb965ca835996aee0693307de71 sparc architecture (Sun SPARC/UltraSPARC) Size/MD5: 19748 39ec9668ce2e9f71c22435585086d01f Size/MD5: 15610 7b24e1d49ba44ad98faa243a3ea3a405 Size/MD5: 169410 93215bf674614af19c8709ded03a8420 --w/VI3ydZO+RcZ3Ux Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE-----Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFtsRhH/9LqRcGPm0RApa5AJ4lyOEI+av5n53+dDgOrzHYHyTdiQCfZ1WL Wqz7gb8No7KGzhTxZAOFJqs=jadj -----END PGP SIGNATURE-------w/VI3ydZO+RcZ3Ux-- --==============62923076=Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline --ubuntu-security-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce --==============62923076==-- . Ubuntu Security Bulletin USN-413-1 highlights a vulnerability within bluez-utils, potentially permitting remote adversaries to manipulate accessible devices.. remote control exploit, bluez-utils patch, Ubuntu security notification. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jan 23, 2007 Critical Ubuntu
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorydenial of servicesamba

SUSE 9.1, 9.2: Samba Remote Denial of Service Critical Threat Fix

There is a problem in the Samba file sharing service daemon, which There is a problem in the Samba file sharing service daemon, which allows a remote user to have the service consume lots of computing allows a remote user to have the service consume lots of computing power and potentially crash the service by querying special wildcarded filenames.This attack can be successful if the Samba da [More...]. -----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SUSE Security Announcement Package: samba Announcement-ID: SUSE-SA:2004:040 Date: Monday, Nov 15th 2004 18:00 MEST Affected products: 9.1, 9.2 SUSE Linux Enterprise Server 9 Novell Linux Desktop 9 Vulnerability Type: potential remote buffer overflow remote denial of service Severity (1-10): 7 SUSE default package: yes Cross References: CAN-2004-0930 CAN-2004-0882 Content of this advisory: 1) security vulnerabilities resolved: - remote buffer overflow and remote denial of service conditions in Samba 3 packages. problem description 2) solution/workaround 3) special instructions and notes 4) package location and checksums 5) pending vulnerabilities, solutions, workarounds: - bogofilter - libxml2 - clamav - various PDF viewers - mozilla /tmp issues - sharutils - phpMyAdmin - gaim - sysconfig - perl-MIME-Tools, perl-Archive-ZIP - apache / mod_include - apache2 / mod_SSL 6) standard appendix (furtherinformation) ______________________________________________________________________________ 1) problem description, brief discussion There is a problem in the Samba file sharing service daemon, which allows a remote user to have the service consume lots of computing power and potentially crash the service by querying special wildcarded filenames. This attack can be successful if the Samba daemon is running and a remote user has access to a share (even read only). The Samba team has issued the new Samba version 3.0.8 to fix this problem, this update backports the relevant patch. This issue has been assigned the Mitre CVE ID CAN-2004-0930. Stefan Esser found a problem in the Unicode string handling in the Samba file handling which could lead to a remote heap buffer overflow and might allow remote attackers to inject code in the smbd process. This issue has been assigned the Mitre CVE ID CAN-2004-0882. We provide updated packages for both these problems. The Samba version 2 packages are not affected by this problem. 2) solution/workaround Update to the released packages. The only workaround would be not to use Samba. 3) special instructions and notes Restart the Samba daemon by entering the following command as root: rcsmb try-restart 4) package location and checksums Download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command "rpm -Fhv file.rpm" to apply the update. Our maintenance customers are being notified individually. The packages are being offered for installation from the maintenance web. x86 Platform: SUSE Linux 9.2: ea47b14d991eadfc8319d248441eb6cc patch rpm(s): 097048624c2ca75d66113c994e278bf8 source rpm(s): e90db6a68fca1660ecb1f3e833034b14 SUSE Linux 9.1: 2701bcc3f8a702828a84ca6ee6f58c47 patchrpm(s): 2ec25548844d0741ece92ea34726b962 source rpm(s): ce60179f36ea0005df7c69b64849b387 x86-64 Platform: SUSE Linux 9.2: 13b65db6a9cd46df94cd5171d4c3b916 patch rpm(s): 0e7dd46cc7187ae3a7419dfdb8cdd1b8 source rpm(s): e90db6a68fca1660ecb1f3e833034b14 SUSE Linux 9.1: 8b442529ac042ecea469972c2c85e4b5 patch rpm(s): f3c95f1940f05652393a178b6a12e226 source rpm(s): 053403aa610ea0df5b6337934e753acc ______________________________________________________________________________ 5) Pending vulnerabilities in SUSE Distributions and Workarounds: A lot of less important issues have been addressed since the last security update. To avoid spamming they are summarized here. - bogofilter The bogofilter team has notified us about a denial of service condition in bogofilter on SUSE Linux 9.2, where a non-conformant encoded word could lead to a denial of service attack against bogofilter. This issue has been assigned Mitre CVE ID CAN-2004-1007. Fixed packages are available. - libxml2 Several buffer overflows in URL handling in libxml2 were found by "infamous41md". This issue has been assigned the Mitre CVE ID CAN-2004-0989. Fixed packages are available. - clamav The clamav version shipped with SUSE Linux is too old for the new data files. The version has been upgraded to 0.80. - various xpdf based PDF viewers The SUSE QA team found several 64-bit issues in the xpdf fixes we released for CAN-2004-0888 and CAN-2004-0889. These have been fixed and updated packages have been released. - Mozilla /tmp issues The creation of several /tmp files in Mozilla and Mozilla based programs left private files with world readable permissions so that local users could read documents of other users. Packages fixing this problem have been released. - sharutils Buffer overflows and shell quoting problems have been found in the "shar" program which creates self-extracting shell archives. Fixed packages are available. - phpMyAdmin Missing parameter escapes allowed users of the phpMyAdmin frontend to execute commands as the www user on the target host. Fixed packages are available. - gaim More problems in newer versions of GAIM have been found and are tracked with the Mitre CVE ID CAN-2004-0891. Fixed packages are available. - sysconfig A permission error left the passphrase of WPA authorized wireless key world readable in SUSE Linux 9.2. Fixed packages are available. - perl-Mime-Tools / perl-Archive-ZIP Problems in the perl-MIME-Tools and perl-Archive-ZIP packages have been found which could allow virii to pass virus scanners using those packages (like for instance clamav). Fixed packages are in testing and will be released soon. - Apache 1.3 / mod_include A potential buffer overflow and a argument sanitization problem were found in the mod_include Apache 1.3 module. These issues are tracked as CAN-2004-0940 and CAN-2004-0492 by Mitre CVE. Fixed packages are in testing and will be released soon. - Apache 2 / mod_SSL SSL Ciphersuite bypass problems were identified and fixed by the Apache team in Apache 2. This is tracked under the Mitre CVE ID CAN-2004-0885. Fixed packages are in testing and will be released soon. ______________________________________________________________________________ 6) standard appendix: authenticity verification, additional information - Package authenticity verification: SUSE update packages are available on many mirror ftp servers all over the world. While this service is being considered valuable and important to the free and open source software community, many users wish to be sure about the origin of the package and its content beforeinstalling the package. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or rpm package: 1) md5sums as provided in the (cryptographically signed) announcement. 2) using the internal gpg signatures of the rpm package. 1) execute the command md5sum after you downloaded the file from a SUSE ftp server or its mirrors. Then, compare the resulting md5sum with the one that is listed in the announcement. Since the announcement containing the checksums is cryptographically signed (usually using the key This email address is being protected from spambots. You need JavaScript enabled to view it.), the checksums show proof of the authenticity of the package. We recommend against subscribing to security lists that cause the e-mail message containing the announcement to be modified so that the signature does not match after transport through the mailing list software. Downsides: You must be able to verify the authenticity of the announcement in the first place. If RPM packages are being rebuilt and a new version of a package is published on the ftp server, all md5 sums for the files are useless. 2) rpm package signatures provide an easy way to verify the authenticity of an rpm package. Use the command rpm -v --checksig to verify the signature of the package, where is the file name of the rpm package that you have downloaded. Of course, package authenticity verification can only target an uninstalled rpm package file. Prerequisites: a) gpg is installed b) The package is signed using a certain key. The public part of this key must be installed by the gpg program in the directory ~/.gnupg/ under the user's home directory who performs the signature verification (usually root). You can import the key that is used by SUSE in rpm packages for SUSE Linux by saving thisannouncement to a file ("announcement.txt") and running the command (do "su -" to be root): gpg --batch; gpg < announcement.txt | gpg --import SUSE Linux distributions version 7.1 and thereafter install the key "This email address is being protected from spambots. You need JavaScript enabled to view it." upon installation or upgrade, provided that the package gpg is installed. The file containing the public key is placed at the top-level directory of the first CD (pubring.gpg) and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de . - SUSE runs two security mailing lists to which any interested party may subscribe: This email address is being protected from spambots. You need JavaScript enabled to view it. - general/linux/SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an email to . This email address is being protected from spambots. You need JavaScript enabled to view it. - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an email to . For general information or the frequently asked questions (faq) send mail to: or respectively. ==================================================================== SUSE's security contact is or . The public key is listed below. ==================================================================== . Act quickly to address Samba vulnerabilities on SUSE distributions by updating the service, enhancing firewall settings, and monitoring for suspicious activities. Samba Update, Service Exploit, Denial of Service Fix. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Nov 15, 2004 Critical SuSE
Banner 1 1028x280 1708121660 1771599717
100
Ls Advisories Suse Esm H240
Price Tag 1security advisoryunauthorized accesscritical

SuSE: IMAP Server Critical Advisory for Remote Access Threat

A vulnerability in the SuSE Linux IMAP Server - which is unrelated to the SuSE Linux Distribution (which is unaffected) - was found which allows remote users to circumvented the imap authentication.. -----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SuSE Security Announcement Package: SuSE Linux IMAP Server Date: Wed Mar 15 20:41:42 CET 2000 Affected SuSE versions: SuSE Linux IMAP Server Vulnerability Type: remote unauthorized access SuSE default package: not a SuSE Linux Distribution package Other affected systems: no ______________________________________________________________________________ A security hole was discovered in the package mentioned above. Please update as soon as possible or disable the service if you are using this software on your SuSE Linux installation(s). Please note that we provide this information on an "as-is" basis only. There is no warranty whatsoever and no liability for any direct, indirect or incidental damage arising from this information or the installation of the update package. _____________________________________________________________________________ 1. Problem Description A vulnerability in the SuSE Linux IMAP Server - which is unrelated to the SuSE Linux Distribution (which is unaffected) - was found which allows remote users to circumvented the imap authentication. 2. Impact An attacker can receive imap administrator privilige which can be used e.g. to create or delete folders. 3. Solution Install the security fix from our FTP server. ______________________________________________________________________________ Please verify these md5 checksums of the updates before installing: bf746792686246b631996af8144f45d2 https://www.suse.com/de-de/ ______________________________________________________________________________ You can find updates on our ftp-Server: for Intel processors for Alphaprocessors or this special update at: https://www.suse.com/de-de/ or try the following web pages for a list of mirrors: https://www.suse.com/de-de/ Our webpage for patches: https://www.suse.com/de-de/ Our webpage for security announcements: https://www.suse.com/de-de/ If you want to report vulnerabilities, please contact This email address is being protected from spambots. You need JavaScript enabled to view it. ______________________________________________________________________________ SuSE has got two free security mailing list services to which any interested party may subscribe: This email address is being protected from spambots. You need JavaScript enabled to view it. - moderated and for general/linux/SuSE security discussions. All SuSE security announcements are sent to this list. This email address is being protected from spambots. You need JavaScript enabled to view it. - SuSE's announce-only mailing list. Only SuSE's security annoucements are sent to this list. To subscribe to the list, send a message to: To remove your address from the list, send a message to: Send mail to the following for info and FAQ for this list: _____________________________________________________________________________ This information is provided freely to everyone interested and may be redistributed provided that it is not altered in any way. Type Bits/KeyID Date User ID pub 2048/3D25D3D9 1999/03/06 SuSE Security Team - ------BEGIN PGP PUBLIC KEY BLOCK----- Version:2.6.3i mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12Cg==pIeS - ------END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBOM/tAney5gA9JdPZAQGcGgf+MLJKh9b/0INnZNAEJqHhtcJa4BI48iaE zrK6gDpGp85ZP2vvWieueXcPnUgN+GmgmI1TNynEMf2vJqojz28i8VsDxdHHKY81 rr/eIAyMkS3IXaXi9ROqfH0oVMD1rtRHtbce4akyJAKNHKo3pLM1ZNIhVygb8xkK LBM9QgsOq1VGB17A8ySXLuAJfVmOioVPkoE8JbCokJHnWk4nMZElVzuJyqSVvRvl b4T8wL5Qf/Ys8QoW0y4/eXe/7akuUIxw4ue9AcZIRBgRM1PbO8neUzE8EE/e4zoJ SKpA25AVWmTw4SAUdvd4tfBRetCXQOZq2VkcyEGjxm/rhC58/456VQ==J/mX -----END PGP SIGNATURE----- . A vulnerability discovered in the Ubuntu Mail Server allows unauthorized remote entry; immediate actions are required to secure infrastructures.. SuSE IMAP Server, remote unauthorized access, security hole. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Mar 15, 2000 Critical SuSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here