Explore top 10 tips to secure your open-source projects now. Read More
×
An update for libreswan is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: libreswan security update Advisory ID: RHSA-2023:2633-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2633 Issue date: 2023-05-09 CVE Names: CVE-2023-23009 ==================================================================== 1. Summary: An update for libreswan is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 3. Description: Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN). Security Fix(es): * libreswan: remote DoS via crafted TS payload with an incorrect selector length (CVE-2023-23009) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2173610 - CVE-2023-23009 libreswan: remote DoS via crafted TS payload with an incorrect selector length 6. Package List: Red Hat Enterprise Linux AppStream (v. 9): Source: libreswan-4.9-2.el9_2.src.rpm aarch64: libreswan-4.9-2.el9_2.aarch64.rpm libreswan-debuginfo-4.9-2.el9_2.aarch64.rpm libreswan-debugsource-4.9-2.el9_2.aarch64.rpm ppc64le: libreswan-4.9-2.el9_2.ppc64le.rpm libreswan-debuginfo-4.9-2.el9_2.ppc64le.rpm libreswan-debugsource-4.9-2.el9_2.ppc64le.rpm s390x: libreswan-4.9-2.el9_2.s390x.rpm libreswan-debuginfo-4.9-2.el9_2.s390x.rpm libreswan-debugsource-4.9-2.el9_2.s390x.rpm x86_64: libreswan-4.9-2.el9_2.x86_64.rpm libreswan-debuginfo-4.9-2.el9_2.x86_64.rpm libreswan-debugsource-4.9-2.el9_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-23009 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBZFo1ttzjgjWX9erEAQgZXQ//UQvyPxc6t0XOwsPkwx3/c3OBa8s8k5AQ 2BNC4MtLcMEZC5uoUkcW03oAWYweIZhY0gI4T++WfdhYrq54YMswJlvYY9Hh1Q4N qHcKqLrBFAu2g6AQAXn/7Z3eIbJgxXI8K8/zMeNyYbezF6DlV9S6Va9GpLMBZ9Ka 0GAOA5fdl1sYAJOWMFiZEjQB+utQUQCQndb+tGQoUIwEJjD5OWgge0iJXdWQQjTt IfxCmDsp3rfjZ47jONERiSxzZPXx7PZZCd13Dy0riLGHZ5fSjmNMeNVppaYOiYWF uxmT2MWuqtVcx0v4jjg7rxCsfVdpaQwLAfLhEpE1w0M805IlsD8Aew1RuMjMD2YH d8PqIR65/Zr6cmviYB6KlJMHpW9kCSbnUtC/mNpEaJoRXCO4yQnwbzDvqbyUFvXs nxG/hGhpLyDGnc7aRJuVOVlJBAKerqe3Y5+t9h20ZJKPkC33/ead469UFvQIcXhh 4Mm9eaNlLJSBCV4QtcIpGmKYSHF9UOs+AezkSCIRbclwetqqhK27cu0BFd557C07 W7AAXgr/r+oCEBwdrTRmNRZ0MpsmFJGdfyYiQK6cINKXeO5E5dQDWqbVNUMRX/xG fpBf+5OLqK2EuEE46ePQJHmSUIMpAMK52Y/pIIm3H1k6Cy7XpzZhCD60ELi8TGWK qcGsUob7QDQ=GgpK -----END PGP SIGNATURE----- -- RHSA-announce mailing list
The container suse/sle15 was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:477-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.537 Container Release : 4.22.537 Severity : moderate Type : security References : 1121227 1121230 1122004 1122021 CVE-2018-20573 CVE-2018-20574 CVE-2019-6285 CVE-2019-6292 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). The following package changes have been done: - libyaml-cpp0_6-0.6.1-4.5.1 updated . SUSE Container Security Bulletin: suse/sle15 has received updates addressing vulnerabilities related to potential remote denial-of-service threats of a moderate level.. SUSE Update, Security Patch, Remote DoS, yaml-cpp Patch. . LinuxSecurity.com Team
Update to upstream 13.18.4 release to address AST-2017-012/CVE-2017-17664 security issue. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-38fbcdffc3 2017-12-26 15:02:57.898103 --------------------------------------------------------------------------------Name : asterisk Product : Fedora 26 Version : 13.18.4 Release : 1.fc26 URL : https://www.asterisk.org/ Summary : The Open Source PBX Description : Asterisk is a complete PBX in software. It runs on Linux and provides all of the features you would expect from a PBX and more. Asterisk does voice over IP in three protocols, and can interoperate with almost all standards-based telephony equipment using relatively inexpensive hardware. --------------------------------------------------------------------------------Update Information: Update to upstream 13.18.4 release to address AST-2017-012/CVE-2017-17664 security issue --------------------------------------------------------------------------------References: [ 1 ] Bug #1525689 - CVE-2017-17664 asterisk: Remote DOS via compound RTCP packet https://bugzilla.redhat.com/show_bug.cgi?id=1525689 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade asterisk' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Updated kernel packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4.7 Extended Update Support. This update has been rated as having important security impact by the Red Hat Security Response Team.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2010:0111-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2010:0111.html Issue date: 2010-02-16 CVE Names: CVE-2009-4536 CVE-2009-4537 CVE-2009-4538 ==================================================================== 1. Summary: Updated kernel packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4.7 Extended Update Support. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4.7.z - i386, ia64, noarch, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 4.7.z - i386, ia64, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * a flaw was found in each of the following Intel PRO/1000 Linux drivers in the Linux kernel: e1000 and e1000e. A remote attacker using packets larger than the MTU could bypass the existing fragment check, resulting in partial, invalid frames being passed to the network stack. These flaws could also possibly be used to trigger a remote denial of service. (CVE-2009-4536, CVE-2009-4538, Important) * a flaw was found in the Realtek r8169 Ethernet driver in the Linux kernel. Receiving overly-long frames with a certain revision of the network cards supported by this driver could possibly result in a remote denial of service. (CVE-2009-4537, Important) Users should upgradeto these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 550907 - CVE-2009-4537 kernel: r8169 issue reported at 26c3 551214 - CVE-2009-4538 kernel: e1000e frame fragment issue 552126 - CVE-2009-4536 kernel: e1000 issue reported at 26c3 6. Package List: Red Hat Enterprise Linux AS version4.7.z: Source: kernel-2.6.9-78.0.29.EL.src.rpm i386: kernel-2.6.9-78.0.29.EL.i686.rpm kernel-debuginfo-2.6.9-78.0.29.EL.i686.rpm kernel-devel-2.6.9-78.0.29.EL.i686.rpm kernel-hugemem-2.6.9-78.0.29.EL.i686.rpm kernel-hugemem-devel-2.6.9-78.0.29.EL.i686.rpm kernel-smp-2.6.9-78.0.29.EL.i686.rpm kernel-smp-devel-2.6.9-78.0.29.EL.i686.rpm kernel-xenU-2.6.9-78.0.29.EL.i686.rpm kernel-xenU-devel-2.6.9-78.0.29.EL.i686.rpm ia64: kernel-2.6.9-78.0.29.EL.ia64.rpm kernel-debuginfo-2.6.9-78.0.29.EL.ia64.rpm kernel-devel-2.6.9-78.0.29.EL.ia64.rpm kernel-largesmp-2.6.9-78.0.29.EL.ia64.rpm kernel-largesmp-devel-2.6.9-78.0.29.EL.ia64.rpm noarch: kernel-doc-2.6.9-78.0.29.EL.noarch.rpm ppc: kernel-2.6.9-78.0.29.EL.ppc64.rpm kernel-2.6.9-78.0.29.EL.ppc64iseries.rpm kernel-debuginfo-2.6.9-78.0.29.EL.ppc64.rpm kernel-debuginfo-2.6.9-78.0.29.EL.ppc64iseries.rpm kernel-devel-2.6.9-78.0.29.EL.ppc64.rpm kernel-devel-2.6.9-78.0.29.EL.ppc64iseries.rpm kernel-largesmp-2.6.9-78.0.29.EL.ppc64.rpm kernel-largesmp-devel-2.6.9-78.0.29.EL.ppc64.rpm s390: kernel-2.6.9-78.0.29.EL.s390.rpm kernel-debuginfo-2.6.9-78.0.29.EL.s390.rpm kernel-devel-2.6.9-78.0.29.EL.s390.rpm s390x: kernel-2.6.9-78.0.29.EL.s390x.rpm kernel-debuginfo-2.6.9-78.0.29.EL.s390x.rpm kernel-devel-2.6.9-78.0.29.EL.s390x.rpm x86_64: kernel-2.6.9-78.0.29.EL.x86_64.rpm kernel-debuginfo-2.6.9-78.0.29.EL.x86_64.rpm kernel-devel-2.6.9-78.0.29.EL.x86_64.rpm kernel-largesmp-2.6.9-78.0.29.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-78.0.29.EL.x86_64.rpm kernel-smp-2.6.9-78.0.29.EL.x86_64.rpm kernel-smp-devel-2.6.9-78.0.29.EL.x86_64.rpm kernel-xenU-2.6.9-78.0.29.EL.x86_64.rpm kernel-xenU-devel-2.6.9-78.0.29.EL.x86_64.rpm Red Hat Enterprise Linux ES version4.7.z: Source: kernel-2.6.9-78.0.29.EL.src.rpm i386: kernel-2.6.9-78.0.29.EL.i686.rpm kernel-debuginfo-2.6.9-78.0.29.EL.i686.rpm kernel-devel-2.6.9-78.0.29.EL.i686.rpm kernel-hugemem-2.6.9-78.0.29.EL.i686.rpm kernel-hugemem-devel-2.6.9-78.0.29.EL.i686.rpm kernel-smp-2.6.9-78.0.29.EL.i686.rpm kernel-smp-devel-2.6.9-78.0.29.EL.i686.rpm kernel-xenU-2.6.9-78.0.29.EL.i686.rpm kernel-xenU-devel-2.6.9-78.0.29.EL.i686.rpm ia64: kernel-2.6.9-78.0.29.EL.ia64.rpm kernel-debuginfo-2.6.9-78.0.29.EL.ia64.rpm kernel-devel-2.6.9-78.0.29.EL.ia64.rpm kernel-largesmp-2.6.9-78.0.29.EL.ia64.rpm kernel-largesmp-devel-2.6.9-78.0.29.EL.ia64.rpm noarch: kernel-doc-2.6.9-78.0.29.EL.noarch.rpm x86_64: kernel-2.6.9-78.0.29.EL.x86_64.rpm kernel-debuginfo-2.6.9-78.0.29.EL.x86_64.rpm kernel-devel-2.6.9-78.0.29.EL.x86_64.rpm kernel-largesmp-2.6.9-78.0.29.EL.x86_64.rpm kernel-largesmp-devel-2.6.9-78.0.29.EL.x86_64.rpm kernel-smp-2.6.9-78.0.29.EL.x86_64.rpm kernel-smp-devel-2.6.9-78.0.29.EL.x86_64.rpm kernel-xenU-2.6.9-78.0.29.EL.x86_64.rpm kernel-xenU-devel-2.6.9-78.0.29.EL.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2009-4536 https://access.redhat.com/security/cve/CVE-2009-4537 https://access.redhat.com/security/cve/CVE-2009-4538 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFLetDUXlSAg2UNWIIRAooiAKCwdWEZRLDgl6LGGnwLrGlwJ9FBFwCgm7UJ xWaGjHj04vBsJpDydM4zJ58=X+Fe -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
An error in the way zlib handles the inflation of certain compressed files can cause a program which uses zlib to crash when opening an invalid file.. - ------------------------------------------------------------------------Debian Security Advisory DSA 740-1
Fetchmail versions 6.2.4 and earlier can be crashed by sending a specially-crafted email to a fetchmail user.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200403-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Fetchmail 6.2.5 fixes a remote DoS Date: March 30, 2004 Bugs: #37717 ID: 200403-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Fetchmail versions 6.2.4 and earlier can be crashed by sending a specially-crafted email to a fetchmail user. Background ========= Fetchmail is a utility that retrieves and forwards mail from remote systems using IMAP, POP, and other protocols. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- net-mail/fetchmail = 6.2.5 Description ========== Fetchmail versions 6.2.4 and earlier can be crashed by sending a specially-crafted email to a fetchmail user. This problem occursbecause Fetchmail does not properly allocate memory for long lines in an incoming email. Impact ===== Fetchmail users who receive a malicious email may have their fetchmail program crash. Workaround ========= While a workaround is not currently known for this issue, all users are advised to upgrade to the latest version of the affected package. Resolution ========= Fetchmail users should upgrade to version 6.2.5 or later: # emerge sync # emerge -pv "> =net-mail/fetchmail-6.2.5" # emerge "> =net-mail/fetchmail-6.2.5" References ========= [ 1 ] [ 2 ] https://www.cve.org/CVERecord?id=CAN-2003-0792 Concerns? ======== Security is aprimary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
A vulnerability exists in the parsing of ISAKMP packets (UDP port 500) that allows an attacker to force TCPDUMP into an infinite loop upon receipt of a specially crafted packet.. - - --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200303-5 - - --------------------------------------------------------------------- PACKAGE : tcpdump SUMMARY : remote dos DATE : 2003-03-05 10:19 UTC EXPLOIT : remote VERSIONS AFFECTED : 3.7.2 CVE : CAN-2003-0108 - - --------------------------------------------------------------------- - From advisory: "A vulnerability exists in the parsing of ISAKMP packets (UDP port 500) that allows an attacker to force TCPDUMP into an infinite loop upon receipt of a specially crafted packet." Read the full advisory at: /us-en SOLUTION It is recommended that all Gentoo Linux users who are running net-analyzer/tcpdump upgrade to tcpdump-3.7.2 as follows: emerge sync emerge -u tcpdump emerge clean - - ---------------------------------------------------------------------
Vladimir Ivaschenko found a problem in squid (a popular proxy cache).. ------------------------------------------------------------------------ Debian Security Advisory DSA-077-1
Get the latest Linux and open source security news straight to your inbox.