Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -4 articles for you...
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydebianprivacy issue

Debian: DSA-1532-1 Moderate: Xulrunner Remote Flaws Exploited

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems:. - ------------------------------------------------------------------------Debian Security Advisory DSA-1532-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Moritz Muehlenhoff March 27, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------Package : xulrunner Vulnerability : several Problem-Type : remote Debian-specific: no CVE ID : CVE-2007-4879 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235 CVE-2008-1236 CVE-2008-1237 CVE-2008-1238 CVE-2008-1240 CVE-2008-1241 Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-4879 Peter Brodersen and Alexander Klink discovered that the autoselection of SSL client certificates could lead to users being tracked, resulting in a loss of privacy. CVE-2008-1233 "moz_bug_r_a4" discovered that variants of CVE-2007-3738 and CVE-2007-5338 allow the execution of arbitrary code through XPCNativeWrapper. CVE-2008-1234 "moz_bug_r_a4" discovered that insecure handling of event handlers could lead to cross-site scripting. CVE-2008-1235 Boris Zbarsky, Johnny Stenback, and "moz_bug_r_a4" discovered that incorrect principal handling could lead to cross-site scripting and the execution of arbitrary code. CVE-2008-1236 Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats Palmgren discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2008-1237 "georgi", "tgirmann" and Igor Bukanov discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. CVE-2008-1238 Gregory Fleischer discovered that HTTP Referrer headers were handled incorrectly in combination with URLs containing Basic Authentication credentials with empty usernames, resulting in potential Cross-Site Request Forgery attacks. CVE-2008-1240 Gregory Fleischer discovered that web content fetched through the jar: protocol can use Java to connect to arbitrary ports. This is only an issue in combination with the non-free Java plugin. CVE-2008-1241 Chris Thomas discovered that background tabs could generate XUL popups overlaying the current tab, resulting in potential spoofing attacks. For the stable distribution (etch), these problems have been fixed in version 1.8.0.15~pre080323b-0etch1. The Mozilla products from the old stable distribution (sarge) are no longer supported. For the unstable distribution (sid), these problems have been fixed in version 1.8.1.13-1. We recommend that you upgrade your xulrunner packages. Upgrade instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 4.0 (stable) - -------------------Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: Size/MD5 checksum: 45764828 f7e8262a29bf69cce700927bef7300af Size/MD5 checksum: 145281 bfc8c2aa41a7862e08aea26d511b0d7f Size/MD5 checksum: 1346 b9aa349380f911380c63ea80d830e714 Architecture independent packages: Size/MD5 checksum: 35882f2ce370eaf317061047c2ddb5d06fe9e Size/MD5 checksum: 175242 8fbf589810a9b9ba093f0a1edfcb35a8 Size/MD5 checksum: 35922 920c075859f9b5eefd80e15bc99d7bdd Size/MD5 checksum: 2837876 633673664eed374b6430312dfb6e0c63 Size/MD5 checksum: 238196 c59bb911bbab99561ea6062bef50da97 Size/MD5 checksum: 1030224 cd6b30bdbae92062cc9df0895a9e4062 Size/MD5 checksum: 211622 9a16bcf2dc9628ad51e77ced0fbeded7 Size/MD5 checksum: 1088114 6283895f8024771715073e99ef85a3b3 alpha architecture (DEC Alpha) Size/MD5 checksum: 161226 d729ab085bdee6e9dcf1dce05850a14e Size/MD5 checksum: 3186384 c8245333f0130863a80879c3811929db Size/MD5 checksum: 906444 b70dcd7971c698078dc68f11abe5e1aa Size/MD5 checksum: 764982 4a1e753e3842e06918f9323b6240f856 Size/MD5 checksum: 291230 57f40c7ad0e0f90387ede43c30ece309 Size/MD5 checksum: 70456 3b2f1ff05eadb6b0340863f1d07fc63f Size/MD5 checksum: 45975008 10514a1d33bb59593369a93bf4f76de8 Size/MD5 checksum: 7332642 f96396caa887d64f6d74a81b5228e2b2 Size/MD5 checksum: 385530 62d1df3e585b309fc07c5660e2f414b4 Size/MD5 checksum: 52438 22eab64b251c3e9ee06af63d708a82ff Size/MD5 checksum: 130362 379933f55ced82411f6915d06b73a664 Size/MD5 checksum: 301088 fd967936c8f8acc89af1916ddb121ecc Size/MD5 checksum: 738554 2d2de82747b04baad87cd396f550d1bf amd64 architecture (AMD x86_64 (AMD64)) Size/MD5 checksum: 148652 d0b4c30467002dea3626d90cb3297686 Size/MD5 checksum: 6331562 ecd902372e4951675dc503b7090161fc Size/MD5 checksum: 45177656 9a724b6f54ad3e93baac620d03bc6401 Size/MD5 checksum: 124378 da9982815bc3835842e9cb0237394982 Size/MD5 checksum: 354910 4946a918d569cccc124ee2f59be69af7 Size/MD5 checksum: 51862 f66865da6c44f43baa1a710f2bc7c2e3 Size/MD5 checksum: 669580 71e5321adeba7c1d4229e60f63d43069 Size/MD5 checksum: 753904 d1ff3bb62276219b7c32b6e33884172f Size/MD5 checksum: 3174456 c426cff365dd6c40c563f27573360770 Size/MD5 checksum: 808390 e86e788d2de494f12920f643158f1b6f Size/MD5 checksum: 277228 63ac70cbbd875ae7fb936b1741671d54 Size/MD5 checksum: 303338 47356a1188c0317da55b9fd9a5a5846e Size/MD5 checksum: 68270 db208422feaf2260ae88cbef481aa611 i386 architecture (Intel ia32) Size/MD5 checksum: 49652 b1e665106b63bc6ad8f04cfb77d9ed11 Size/MD5 checksum: 116748 41cc2a92e3e04b1559dbdd7b72fb7554 Size/MD5 checksum: 5372530 250f5b5f520ec5928c1bd66991bbda1f Size/MD5 checksum: 62786 f655dcb5aeec4a2c8923c232a388b471 Size/MD5 checksum: 335966 50a07d15670d74e724f8e483488949e3 Size/MD5 checksum: 3032842 20bee79266e72f57403cb3152671086d Size/MD5 checksum: 44658644 8aade9e0c4627707dd1ca99a28e132aa Size/MD5 checksum: 741670 c3951402efc54ddba61955fd93d8e3ce Size/MD5 checksum: 714016 c98812879b4550e6dd9e9e36b494f850 Size/MD5 checksum: 295656 0edd608c1d4dbb74ee978e8447f0face Size/MD5 checksum: 627318 e00b9254b0fbde1ff7c439e7f944c5ae Size/MD5 checksum: 138788 f0fa8a248699b29c1bb0f6bc9c42079b Size/MD5 checksum: 266766 d1ca812ce1ceb0eeab2ced78d0284a25 ia64 architecture (Intel ia64) Size/MD5 checksum: 56664 f5a75b2bb0b2823f23842a7a59923c8c Size/MD5 checksum: 79828 76473d42d1d983482338404bcdc0d865 Size/MD5 checksum: 286608 2605ca0cd488319d2e86fb053ccf31d4 Size/MD5 checksum: 936698 58fc441685f9c8a0bbed396f97072bfa Size/MD5 checksum: 332758 cf8c60c72fe7affa7a1ff84a17ec1aca Size/MD5 checksum: 197996 0207c44d2d339999f14b774eb39120de Size/MD5 checksum: 3051188 989a4d21ba77742e40a04406ac37fe74 Size/MD5 checksum: 531358 0e4beefa497ac52badd68a16813c100c Size/MD5 checksum: 1121218 c6ad4ad7f40f89720b809e86db1970fb Size/MD5 checksum: 9669140 ef137b9f65d18ec6bdad0881866bcb16 Size/MD5 checksum: 149248 8dd09b6e7cfbd14793e308c7a96f6961 Size/MD5 checksum: 756024 b553fb0b46c31c24ba97703758c9631d Size/MD5 checksum: 45389676 d6aa7c13c2213f62c5c302a3a60344f2 mips architecture (MIPS (Big Endian)) Size/MD5 checksum: 785092 4edf15273e68511a2d446dd07d0dd809 Size/MD5 checksum: 46723876 ee24fe73fd2300a8b2de27273085f6eb Size/MD5 checksum: 3289318 586bc4d51c3b8d7ccd60e42ef5c98753 Size/MD5 checksum: 274386 7311c00c61911e38d78f6ecac78047c5 Size/MD5 checksum: 63498 05c52433cb018f6f69f1478f8ad3a327 Size/MD5 checksum: 311870 7f9eb42dbc6b12dbdcf1b0d0542332d6 Size/MD5 checksum: 50778 8bed283129f6829b14ffdd412a5ff263 Size/MD5 checksum: 118094 245b435752a2bb02fb2462ff2a10db6a Size/MD5 checksum: 669864 f9f020be575216a0928462f1d8e90ef4 Size/MD5 checksum: 5946452 27ae0bd5b72056f79be3032aa32d3e3f Size/MD5 checksum: 145790 851c54d5d237ff610b3d5ab98d5fde5a Size/MD5 checksum: 351584 5f32453811c2992e2e52f0f574909fdb Size/MD5 checksum: 808368 077cf1def9c63a018ba5ba94a4016576 mipsel architecture (MIPS (Little Endian)) Size/MD5 checksum: 117784 1572f36c48293326a866cdfe34cfdfae Size/MD5 checksum: 145356 1bf8c9026f7e86a4dd9a4a226c01c2b3 Size/MD5 checksum: 350146 c52571ed70ce5ba88eb745691bf01ebb Size/MD5 checksum: 669682 1d6d7b0cce2283b9d468f7e9e63014e1 Size/MD5 checksum: 64070 029439008e32a309b2c48a2cc40e9540 Size/MD5 checksum: 304858 ae2b98349c0c6e833c4b446bfe3e6c6e Size/MD5 checksum: 51366 4d5c48175269f4bba867a894cd680487 Size/MD5 checksum: 45326432 ad07c2fc78e16fc9787fc6aa5d520c38 Size/MD5 checksum: 3186104 d54c0bd3b7f5d0aa38863bae901494ae Size/MD5 checksum: 765954 dec06465580de9d6777110f111681df6 Size/MD5 checksum: 273808 d8048e010b2e3f4d8ac5f8566c59594c Size/MD5 checksum: 784690 d5e82d07385de9c3d486ccdf0292db6d Size/MD5 checksum: 5745222 3efa9fc25037a4f4747a1f2d9515476b powerpc architecture (PowerPC) Size/MD5 checksum: 469060583e248440ae765c7ed64bf9dcc62bd5eb Size/MD5 checksum: 348768 26c683a72ad08d4f7f6759ad43ccc7de Size/MD5 checksum: 639430 6566ef1a600701d73d9bbfa61a5a46ed Size/MD5 checksum: 52632 93cf2165ae5639afe615f43fb04ea13c Size/MD5 checksum: 278018 c2ed2d505e3caab62b3ba4a2225d85e6 Size/MD5 checksum: 63986 5e0452a82a88dd1c0a9bd34faffbec6b Size/MD5 checksum: 6101626 af82f05e648802c03a18dc5de96b5033 Size/MD5 checksum: 809428 1e80fe2da6becf2a15d971b22e404650 Size/MD5 checksum: 773254 95e411af4fc1b2e4426bc073d81e49ef Size/MD5 checksum: 310316 c0bddab9d07772942034e5fddd5ad9e4 Size/MD5 checksum: 123254 9961833815143c8ce15cdb2e553edceb Size/MD5 checksum: 147112 e4d0ad40cc109ae0cd14d92bd338f902 Size/MD5 checksum: 3207168 551666c0a866c3304d853d83e02dacd2 s390 architecture (IBM S/390) Size/MD5 checksum: 687758 757fa88a79dbae077be47e8bf1494a10 Size/MD5 checksum: 305978 19ae358d489bb7fc82bfb1ebd686626a Size/MD5 checksum: 281708 2255e5dd1d696e337930a14588741739 Size/MD5 checksum: 898196 95922b0ea1711d700bf090eed5782eb0 Size/MD5 checksum: 755712 3589abdc1c72b80fa2480c359c436f23 Size/MD5 checksum: 3180612 f95a6db580e98f6b023ce13abd4a62ca Size/MD5 checksum: 6807102 06d0aec7760683f47ddb47e3fb049a98 Size/MD5 checksum: 46039278 d9188f5282b60f333f1a2bafd0ad2867 Size/MD5 checksum: 68972 c80df62d2f503e5bee986f6aa9215a65 Size/MD5 checksum: 52866 8fcb54ef65fd1b95f1106662c66ebc88 Size/MD5 checksum: 371524 a417939e58bf7e005995da13b81b1c3c Size/MD5 checksum: 159698 42ce7553a3bb90bd0cd5526cac51e82b Size/MD5 checksum: 126174 c70ff0e986ef87352c609db8d38ee9a2 sparc architecture (Sun SPARC/UltraSPARC) Size/MD5 checksum: 322582 2c18a34bd799015fa0807021bed307be Size/MD5 checksum: 117932 7c43500e827c70d2d2bd0e701f3e9aca Size/MD5 checksum: 260210 5d629ece7be7fed2984404bad20c3c31 Size/MD5 checksum: 718838 9f00574bc04a2a40cf34ad0abff46ad4 Size/MD5 checksum: 585340 f47998d5f69b8e4cdab0fcb8fc43ff6e Size/MD5 checksum: 44751342 0c441a5d7f99f9ce0828ffe83f677282 Size/MD5 checksum: 62272 cbb5218e8dd7697831759096450af93c Size/MD5 checksum: 283370 89f4d127c00856f5f03cdf526278953e Size/MD5 checksum: 50750 2a1c75692c21c72caafff2259fd96be6 Size/MD5 checksum: 2853850 8a7b99a0dfed7669ebd669db8d5b01c9 Size/MD5 checksum: 135910 99bc8823167b2a0657a52a25fbc2a609 Size/MD5 checksum: 674772 5ef9d0792cdba9211452c75d1daf365b Size/MD5 checksum: 5681186 a9e27572a661821abad23967ac4d8543 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Enhance your xulrunner iterations to address external vulnerabilities and improve safety measures. Refer to notice DSA-1532-1 for comprehensive insights.. Xulrunner Issues, Debian Updates, Remote Security Flaws. . LinuxSecurity.com Team

Calendar 2 Mar 27, 2008 Debian
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydebiancritical threat

Debian: DSA-1345-1 Urgent: Xulrunner Remote Security Vulnerability Alert

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the security flaws."moz_bug_r_a4" discovered that a regression in the handling of "about:blank" windows used by addons may lead to an attacker being able to modify the content of web sites.. - --------------------------------------------------------------------------Debian Security Advisory DSA 1345-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Moritz Muehlenhoff August 4th, 2007 http://www.debian.org/security/faq - --------------------------------------------------------------------------Package : xulrunner Vulnerability : several Problem-Type : remote Debian-specific: no CVE ID : CVE-2007-3844 CVE-2007-3845 Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-3844 "moz_bug_r_a4" discovered that a regression in the handling of "about:blank" windows used by addons may lead to an attacker being able to modify the content of web sites. CVE-2007-3845 Jesper Johansson discovered that missing sanitising of double-quotes and spaces in URIs passed to external programs may allow an attacker to pass arbitrary arguments to the helper program if the user is tricked into opening a malformed web page. The oldstable distribution (sarge) doesn't include xulrunner. For the stable distribution (etch) these problems have been fixed in version 1.8.0.13~pre070720-0etch3. For the unstable distribution (sid) these problems have been fixed in version 1.8.1.6-1. We recommend that you upgrade your xulrunner packages. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install thereferenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: Size/MD5 checksum: 1343 dbd3a3e5bb2625c5d7fca33f4b7fd0c7 Size/MD5 checksum: 145744 68b03625cd8b9dfb9e21c6bbac6f05f5 Size/MD5 checksum: 41410770 e30ab38e9926b780baf7b500fb6201ab Architecture independent components: Size/MD5 checksum: 1025812 2dee7c156facf681e14e97dbe9e4ec61 Size/MD5 checksum: 175276 2d0744fde889898d039fe88bf261f7fe Size/MD5 checksum: 206342 2730bcfc7ec21a5fcf3be768429a633e Size/MD5 checksum: 229870 ac01cb6a914ea2948fa0b40006327d31 Size/MD5 checksum: 35198 c6e48ade347877975bab6a917dd6fb6e Size/MD5 checksum: 35162 3a2f2d4b3040efe0a27333916b47bda8 Size/MD5 checksum: 1048126 df59b35db38a5b01ab2532840274a452 Size/MD5 checksum: 2630136 0e40d0620546e4b87507116a8f794724 Alpha architecture: Size/MD5 checksum: 384452 0e7c982f22dbd8fc25501f17c3503f67 Size/MD5 checksum: 763812 9928525686432e64b56d214f4ab24d5b Size/MD5 checksum: 160592 d96aee2d9141d9c738ef70ce57e56653 Size/MD5 checksum: 300318 b9a064a38970fc166dc49a9a21527f79 Size/MD5 checksum: 905726 c7b12d8206652435ca1ad7caa6197c4c Size/MD5 checksum: 3185688 73edb6bb50e61b9fcd0022d7448a2c56 Size/MD5 checksum: 737654 ad3eda0c05d7d0aabba837cd1c5b4e54 Size/MD5 checksum: 7319242 78fc18a284f304afc5658c719bce3481 Size/MD5 checksum: 45904322 8be0d432242e9129700f387ced0439a5 Size/MD5 checksum: 129512 db20c210605c0411a1b105f93cbc3a1c Size/MD5 checksum: 51608 4f81fbf2bbc1489bf80a2ae36ba297d9 Size/MD5 checksum: 290464 e49153c41f2bedba00cdad598859e6db Size/MD5 checksum: 70000 21a181f109a1d718acfb91eca58ab46d AMD64 architecture: Size/MD5 checksum: 353990 64169b5b446712290f034f9fa54de9b3 Size/MD5 checksum: 752414 fbb3938ab8d8ccbeaf616fd5c2e04787 Size/MD5 checksum: 147248 bde468e71342ca5426f223b3a139eb39 Size/MD5 checksum: 303022 78d35fedf52d632328b443814e932b73 Size/MD5 checksum: 807974 9a0e5e8c32f8fdf994746ac9962cd731 Size/MD5 checksum: 3172586 3b169384d33f2bb857846cd231904a33 Size/MD5 checksum: 669080 a90ff5b76c702b721f118d6a4d54c477 Size/MD5 checksum: 6315934 f536f2cb79fa15c5dcd01dcd6a2f9246 Size/MD5 checksum: 45115198 0081a4a1cfcc624bd90295bf76bb8f9c Size/MD5 checksum: 124516 5ff71a37e8656513e7c65d5a2d249ecf Size/MD5 checksum: 51432 fec31a840d8bbb92109f0e8990df5b7e Size/MD5 checksum: 276528 813e9892b2af0309ee6f5e5ecf899b9e Size/MD5 checksum: 67888 8d15b6f08630b24d1cbc08e59d098ae4 ARM architecture: Size/MD5 checksum: 324456 b6e3fcf84e32b9873bc6957caa71cf92 Size/MD5 checksum: 702384 9137800b2bd6954b75cac374d2234271 Size/MD5 checksum: 134584 0b6702d5592acbd8324d39b6dec651f3 Size/MD5 checksum: 289904 2e5a46af1aea795a77df1c2f864f4dc7 Size/MD5 checksum: 730166 2fe617ec200410b2aa3c943717056d0d Size/MD5 checksum: 2966096 9b09d87d7791b0c8d7606eda20dab381 Size/MD5 checksum: 592994 ed93a2d9c5d4addcd8e58f02484293f1 Size/MD5 checksum: 5349820 ed66d997634fc83d01598e48dd5ef059 Size/MD5 checksum: 44632536 66a6042b7cc967ed43ed0409bb355b29 Size/MD5 checksum: 116548 da6448268aab2fec2d80eea3b263b216 Size/MD5 checksum: 49820 84755a5c85b1572b2acd104c6dad27c9 Size/MD5 checksum: 263642 5a4dc3d7f6ab50edfa7a74273d32b808 Size/MD5 checksum: 61994 33851f80ee386d38b025edf2be362f62 HP Precision architecture: Size/MD5 checksum: 388350 2d4afd12c16479b1a7a065027ad4d2b8 Size/MD5 checksum: 749940 6bd37e6472a3c381178f3f110b75082f Size/MD5 checksum: 158980 d4b6db0e6c9e00d674e0e087d7c0680f Size/MD5 checksum: 300290 060519cfd7cc2748613cbb7e75f2e3f1 Size/MD5 checksum: 873494 c837ba8f7152e9a3457bedf436f7e100 Size/MD5 checksum: 3101738 f502fcfd1ddb27c1ab44df1ad492a87f Size/MD5 checksum: 702216 ff4a8270dc00bbbb2b0b2f556cdd0267 Size/MD5 checksum: 7521276 96cbbe3b811fd1e9a0d5d8068e818384 Size/MD5 checksum: 46018326 1147715127aaf8d92222c7e3d9a3e82b Size/MD5 checksum: 131808 e9c1e62192683d6a426f944316259e99 Size/MD5 checksum: 52056 db9130c84cc09631306d97f287ccf85a Size/MD5 checksum: 285832 623e22c660ca0640666db3709779c24b Size/MD5 checksum: 69550 ac2297bc75082c8c0eb2d32d0b2ed248 Intel IA-32 architecture: Size/MD5 checksum: 334030 29bd14bde68260ac4b273dcd1b2b930e Size/MD5 checksum: 710022 6e67f0b53a7a68282aa3b549bebd3324 Size/MD5 checksum: 138128 7cdc1f50dae06c0fa91299bc3a37d7ef Size/MD5 checksum: 294884 ca71776d77041655ae3b89caf4d7b8ac Size/MD5 checksum: 741046 58b3e4bbc2e4d9b2b87f566516af131a Size/MD5 checksum: 3032634 834ee201037a557aa37f23aa53c7d35a Size/MD5 checksum: 626706 b72ee37d8b4655e3884b2b573e7cca87 Size/MD5 checksum: 5359414 d7cfd6f15b967c84338b2d8efb4345c1 Size/MD5 checksum: 44592224 7089d3970af58cbcbc1a61e1fc962389 Size/MD5 checksum: 116636 267a8858ec21278df9798932e9be0f67 Size/MD5 checksum: 50130 6e56d289007a3708f8c913a05915df5f Size/MD5 checksum: 266444 43d61b81435cc12ceac5b2fef87bde84 Size/MD5 checksum: 62282 3c3a9697ef21fafeb94a79193dd65408 Intel IA-64 architecture: Size/MD5 checksum: 530230 b6e66f61e5c687dddce60be51c0bee5c Size/MD5 checksum: 755416 93bf2e2bf9fafb05cdba808111d3068f Size/MD5 checksum: 197504 72f57a8bb0713338aa0f9825643e0afb Size/MD5 checksum: 285800 0aa4fd02e0bf3d1cfdd9a9ecd47c9d2a Size/MD5 checksum: 1121086 75d93105d77e57b4921e7a053dea4263 Size/MD5 checksum: 3051290 bedb9d006974240a4f96caf1ea835833 Size/MD5 checksum: 936622 5fb55dceb961649d9b5cd88963e99ba9 Size/MD5 checksum: 9646400 5d1e432bd6dc3bb7bc3d7375778b0e5c Size/MD5 checksum: 45309820 bdfeb9abe2967581e83050e92b43082e Size/MD5 checksum: 148336 dcc13d4f93f66cf93df4750aadda865b Size/MD5 checksum: 55944 17aad342c3dcd24faba7af0255200f04 Size/MD5 checksum: 332004 bf7ab811210da474b4ac0ee62d0dac3b Size/MD5 checksum: 79478 bf2e45a5a5685df1868714f20c88e9bd Little endian MIPS architecture: Size/MD5 checksum: 349394 99ed07237972f5aae7bd7b47470c7631 Size/MD5 checksum: 764436 4a8758ccd2c25b377eb2e77649921d4d Size/MD5 checksum: 144654 546e40d757d6d37762a528d41b63542e Size/MD5 checksum: 304438 e8d10bf5c1738e0388acf635b5b6bdb2 Size/MD5 checksum: 784226 d8d394553ca107149dcf22ea273be18c Size/MD5 checksum: 3185512 da78429b9b816e8834c946d10c6f8f93 Size/MD5 checksum: 669116 2613da1fd7dc28cd05eeb51e0e702071 Size/MD5 checksum: 5731608 10f7c5bf1d3aab81ec1ed2351f69e636 Size/MD5 checksum: 45254888 bbe5c3acc0dee48d15f2cc1135d76c86 Size/MD5 checksum: 117194 ef0384146d78751dfccbe60eaf199a8d Size/MD5 checksum: 50646 6daeeda22f93cd3f428a1ad16a983597 Size/MD5 checksum: 273098 436aee983bdd918bf026f39b243ded25 Size/MD5 checksum: 63556 249337178df86f8a96ab3f0933e610e5 PowerPC architecture: Size/MD5 checksum: 347886 1ec5e4a25f50a6b93461e104dadadd70 Size/MD5 checksum: 7720247790fac9f70877c44867cb2d1c6545be Size/MD5 checksum: 146442 85cc5f50518aaf7a70fc6ccd36d367f3 Size/MD5 checksum: 309686 f40e1758df0c3b1e53c22f7cef6ba606 Size/MD5 checksum: 808802 f35b85cf0f24b6bcf5959fd5851f8dae Size/MD5 checksum: 3206828 de8bd6a0bd8809548abfb7bb12009f4e Size/MD5 checksum: 638744 a008710c0f0dac99b6b89f5948640240 Size/MD5 checksum: 6067218 44f36d438a2941090ea2afa8f2a2ba62 Size/MD5 checksum: 46659394 338c04684890476a1ee202d91edf4dd8 Size/MD5 checksum: 122346 c4f1efda60350b2686f5f12eb85bffa9 Size/MD5 checksum: 51908 8bdab1ad9e6f27b854f1dc435161d992 Size/MD5 checksum: 277148 fac05ee30ce0e36c2d0a3c5c74c76d17 Size/MD5 checksum: 63542 9e069d009f5bbaa1ca89975ee41a07b2 IBM S/390 architecture: Size/MD5 checksum: 370830 1db8096c773d1bf0bb3e1ade998b0047 Size/MD5 checksum: 754672 e446cd658e81652293bd58b5cc4b5d9d Size/MD5 checksum: 159026 014091760e051c31117d57a2cf8e228b Size/MD5 checksum: 305208 1b3797d6c32fa751837eb923c53d6763 Size/MD5 checksum: 897298 913a9864763e8a682476998efe2b75d2 Size/MD5 checksum: 3179912 1f4ed8feff056a62b8a687128a413c6c Size/MD5 checksum: 687354 ab90e3a1585d5b56b1510a78f178d1a4 Size/MD5 checksum: 6789624 4f4e2524afd72dedee2dd0b42392b63d Size/MD5 checksum: 45980748 547322da2ee28419c3751725889b9374 Size/MD5 checksum: 125362 0fad68b653d293531f7f5fa56e4619dd Size/MD5 checksum: 52140 952eac3ac0b6d36e5e53f22334a3db35 Size/MD5 checksum: 280996 fbb1766d8c8f829ca56590e98fc4da79 Size/MD5 checksum: 68484 be027287e3c40671569a417061288f74 Sun Sparc architecture: Size/MD5 checksum: 321698 5f005606847d2ad573b35fc80706f812 Size/MD5 checksum: 673540 cc2dcb4786d0d5aa4859d12758124daf Size/MD5 checksum: 135230 288154a62f5c8b06eb5c7d2078005cfa Size/MD5 checksum: 282638 454888e97cec5eda028956416251c38c Size/MD5 checksum: 718390 d5d25644099147ddcb05fa5dd62dce14 Size/MD5 checksum: 2853770 426df3b7a2bd4ef95d90d1f1dcfcbd5d Size/MD5 checksum: 584568 2116124ab1648ee6f65c06e08e30e825 Size/MD5 checksum: 5667558 e09dec2fb265e508c054530d979a487c Size/MD5 checksum: 44689266 b21e7efbe1b3e20e94073d4f35184cf4 Size/MD5 checksum: 117398 a6559c72521efcf839e58b3812b01ebd Size/MD5 checksum: 50020 b4ed31862abc6d43aa3b5753ac9d9daa Size/MD5 checksum: 259470 69690b07059b1b00c551c17011c8caf9 Size/MD5 checksum: 61834 47fc11640a7330165a6dbfb2dd2049a4 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Critical weaknesses identified in Xulrunner, impacting Debian systems. Security patches issued to address these vulnerabilities.. xulrunner security, debian upgrade, remote application threats. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Aug 04, 2007 Important Debian
Banner 4 1028x280 1708121825 1771600306
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorycode executiondebian

Debian: DSA 1069-1 Critical: Kernel Flaws Lead To Code Execution Risk

Updated package.. - --------------------------------------------------------------------------Debian Security Advisory DSA 1069-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Martin Schulze, Dann Frazier May 20th, 2006 http://www.debian.org/security/faq - --------------------------------------------------------------------------Package : kernel-source-2.4.18,kernel-image-2.4.18-1-alpha,kernel-image-2.4.18-1-i386,kernel-image-2.4.18-hppa,kernel-image-2.4.18-powerpc-xfs,kernel-patch-2.4.18-powerpc,kernel-patch-benh Vulnerability : several Problem-Type : local/remote Debian-specific: no CVE IDs : CVE-2004-0427 CVE-2005-0489 CVE-2004-0394 CVE-2004-0447 CVE-2004-0554 CVE-2004-0565 CVE-2004-0685 CVE-2005-0001 CVE-2004-0883 CVE-2004-0949 CVE-2004-1016 CVE-2004-1333 CVE-2004-0997 CVE-2004-1335 CVE-2004-1017 CVE-2005-0124 CVE-2005-0528 CVE-2003-0984 CVE-2004-1070 CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-0138 CVE-2004-1068 CVE-2004-1234 CVE-2005-0003 CVE-2004-1235 CVE-2005-0504 CVE-2005-0384 CVE-2005-0135 [This is a resend of the advisory text of DSA 1069-1, as the original one accidentally lacked te MD5 check sums] Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2004-0427 A local denial of service vulnerability in do_fork() has been found. CVE-2005-0489 A local denial of service vulnerability in proc memory handling has been found. CVE-2004-0394 A buffer overflow in the panic handling code has been found. CVE-2004-0447 A local denial of service vulnerability through a null pointer dereference in the IA64 process handling code has been found. CVE-2004-0554 A local denial of service vulnerability through an infinite loop in the signal handler code has been found. CVE-2004-0565 An information leak in the context switch code has been found on the IA64 architecture. CVE-2004-0685 Unsafe use of copy_to_user in USB drivers may disclose sensitive information. CVE-2005-0001 A race condition in the i386 page fault handler may allow privilege escalation. CVE-2004-0883 Multiple vulnerabilities in the SMB filesystem code may allow denial of service of information disclosure. CVE-2004-0949 An information leak discovered in the SMB filesystem code. CVE-2004-1016 A local denial of service vulnerability has been found in the SCM layer. CVE-2004-1333 An integer overflow in the terminal code may allow a local denial of service vulnerability. CVE-2004-0997 A local privilege escalation in the MIPS assembly code has been found. CVE-2004-1335 A memory leak in the ip_options_get() function may lead to denial of service. CVE-2004-1017 Multiple overflows exist in the io_edgeport driver which might be usable as a denial of service attack vector. CVE-2005-0124 Bryan Fulton reported a bounds checking bug in the coda_pioctl function which may allow local users to execute arbitrary code or trigger a denial of service attack. CVE-2005-0528 A local privilege escalation in the mremap function has been found CVE-2003-0984 Inproper initialization of the RTC may disclose information. CVE-2004-1070 Insufficient input sanitising in the load_elf_binary() function may lead to privilege escalation. CVE-2004-1071 Incorrect error handling in the binfmt_elf loader may lead to privilege escalation. CVE-2004-1072 A buffer overflow in the binfmt_elf loader may lead to privilege escalation or denial of service. CVE-2004-1073 The open_exec function may disclose information. CVE-2004-1074 The binfmt code is vulnerable to denial of service through malformed a.out binaries. CVE-2004-0138 A denial of service vulnerability in the ELF loader has been found. CVE-2004-1068 A programming error in the unix_dgram_recvmsg() function may lead to privilege escalation. CVE-2004-1234 The ELF loader is vulnerable to denial of service through malformed binaries. CVE-2005-0003 Crafted ELF binaries may lead to privilege escalation, due to insufficient checking of overlapping memory regions. CVE-2004-1235 A race condition in the load_elf_library() and binfmt_aout() functions may allow privilege escalation. CVE-2005-0504 An integer overflow in the Moxa driver may lead to privilege escalation. CVE-2005-0384 A remote denial of service vulnerability has been found in the PPP driver. CVE-2005-0135 An IA64 specific local denial of service vulnerability has been found in the unw_unwind_to_user() function. The following matrix explains which kernel version for which architecture fix the problems mentioned above: Debian 3.0 (woody) Source 2.4.18-14.4 Alpha architecture 2.4.18-15woody1 Intel IA-32 architecture 2.4.18-13.2 HP Precision architecture 62.4 PowerPC architecture 2.4.18-1woody6 PowerPC architecture/XFS 20020329woody1 PowerPC architecture/benh 20020304woody1 Sun Sparc architecture 22woody1 We recommend that you upgrade your kernel package immediately and reboot the machine. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-getdist-upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: Size/MD5 checksum: 664 e66eee8b35df5d9f780a2b09db3cdd05 Size/MD5 checksum: 81246 cb17a014905f2887f6b501f64f779e22 Size/MD5 checksum: 29818323 24b4c45a04a23eb4ce465eb326a6ddf2 Size/MD5 checksum: 750 522e81e5f4fdb2259bebef0e24f82b28 Size/MD5 checksum: 26998 d4788765906cfc6792dd5ec875a8ecaa Size/MD5 checksum: 1193 0ca8bc314ef54bc3ab4c9c296fd646ee Size/MD5 checksum: 72467 dce62d476deb5778a73e8d0cb1904c57 Size/MD5 checksum: 724 81445e6ef599c748a68b6ae584caaa97 Size/MD5 checksum: 33405 a50d4542f801e318b2778fcafba5f0b1 Size/MD5 checksum: 734 6b3f82a1442db234c98c1b5dd2df3b25 Size/MD5 checksum: 81919 86adfacbd335393287f4be825a2c8c89 Size/MD5 checksum: 561 59754208d1c08b2c43b0b0302853b3b0 Size/MD5 checksum: 6030131 4446b0b03cb22fe9b9c230e1a7879965 Architecture independent components: Size/MD5 checksum: 1721998 338b838922799a8b51263a0971fe48e9 Size/MD5 checksum: 24137152 0c4e20bf088cbdffbf68ba43ca26b2e1 Size/MD5 checksum: 79788 d2fd4e178d1b39f9b36d953ac8ec8743 Size/MD5 checksum: 6065046 a7108836d30e9b1e477acb49b0c0cf0f Alpha architecture: Size/MD5 checksum: 3351876 d9a4975763720d8fce7debc80bb79f63 Size/MD5 checksum: 3494576 3859c83de4315ed96f9708a51e045241 Size/MD5 checksum: 3496768 d71f68fc06c589873151f3f04bdf133e Size/MD5 checksum: 11694314 2aa8fd58fb3c399cb116e770f8a5d5d1 Size/MD5 checksum: 12027076 dd1c23f37e48ba9d0a7ddfa88cf45d29 Intel IA-32 architecture: Size/MD5 checksum: 3415450 d488aac93b07312e9dde5b91a6d631b2 Size/MD5checksum: 3505976 6eb395cc690576ec075a2b23ca4c2194 Size/MD5 checksum: 3506954 807ca24843a58cf85a5e68c89faca563 Size/MD5 checksum: 3507090 3c2546ab7c10ebf81fd455df8445a552 Size/MD5 checksum: 3507950 68223703c4365e52b72362d3e2c8de3f Size/MD5 checksum: 3506762 754fd28c88640d2adb48c9112f811550 Size/MD5 checksum: 3506818 8173434dda3517ca6d777b8a1288eb9c Size/MD5 checksum: 8802200 78add9adc25b766f6d2d71dce28c4bf6 Size/MD5 checksum: 8706062 472a648b1cc4aa7a48fd55181c65b791 Size/MD5 checksum: 8709404 eb6966cbe26c20b45b09182977574ab4 Size/MD5 checksum: 8961038 1297541ef30a29ad9650e1d40c24cd57 Size/MD5 checksum: 8659464 0ed399a5da73df3b35fcd215b5011263 Size/MD5 checksum: 8865500 1b56f2739d199dfc85edcba38386b4af Size/MD5 checksum: 231110 b6277e8187269984d46b9fbba104e195 Size/MD5 checksum: 230666 e7d69734cde1ea9172391aec10e11436 Size/MD5 checksum: 230198 ac36ed7f8dd38740a17837b2ea865fed Size/MD5 checksum: 233800 8a863bfd914780df5d33a39cd5de0aaf Size/MD5 checksum: 229768 556904c5c178f86edf7a8decbac09cc9 Size/MD5 checksum: 233054 cd4b0b4f688932c836220f77070cbd31 PowerPC architecture: Size/MD5 checksum: 11439898 64015e0730aa9cca7313c601d1c401f3 Size/MD5 checksum: 3433186 6a9e21c5ff417afe1b6c697c10f59de8 Size/MD5 checksum: 9451006 2c2b9ee09fa3e3635f785410683af1c1 Size/MD5 checksum: 10099720 4c85feb2001345ce597530d3d8b2bb86 Size/MD5 checksum: 10343584 dda622d41cbc718dc1e2202c50608f0f These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . The Debian 2.4.18 kerneladdresses several security issues, such as potential denial of service and vulnerabilities that could lead to arbitrary code execution.. Debian Security Update, Kernel Patch, Remote Access Risks, System Exploits. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 May 21, 2006 Critical Debian
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisorydenial of servicesecurity issue

Gentoo: GLSA-200506-11 Normal: Gaim DoS Threats Detected

Gaim contains two remote Denial of Service vulnerabilities.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200506-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Gaim: Denial of Service vulnerabilities Date: June 12, 2005 Bugs: #95347 ID: 200506-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Gaim contains two remote Denial of Service vulnerabilities. Background ========= Gaim is a full featured instant messaging client which handles a variety of instant messaging protocols. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-im/gaim < 1.3.1 > = 1.3.1 Description ========== Jacopo Ottaviani discovered a vulnerability in the Yahoo! file transfer code when being offered files with names containing non-ASCII characters (CAN-2005-1269). Hugo de Bokkenrijder discovered a vulnerability when receiving malformed MSN messages (CAN-2005-1934). Impact ===== Both vulnerabilities cause Gaim to crash, resulting in a Denial of Service. Workaround ========= There are no known workarounds at this time. Resolution ========= All Gaim users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-im/gaim-1.3.1" References ========= [ 1 ] Gaim Vulnerability: Remote Yahoo! crash [ 2 ] Gaim Vulnerability: MSN Remote DoS [ 3 ] CAN-2005-1269 https://www.cve.org/CVERecord?id=CVE-CAN-2005-1269 [ 4 ] CAN-2005-1934 https://www.cve.org/CVERecord?id=CVE-CAN-2005-1934 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200506-11 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.0/ . Gaim network service vulnerabilities outlined in Gentoo announcement GLSA 200506-15; users advised to update software.. Gaim Denial of Service,Gentoo Security Advisory,Remote Flaws. . LinuxSecurity.com Team

Calendar 2 Jun 12, 2005 Gentoo
Banner 4 1028x280 1708121825 1771600306
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorydenial of serviceRed Hat

Red Hat 3 RHSA-2004:120-01 Critical: OpenSSL Remote Denial Of Service

Updated OpenSSL packages that fix several remote denial of servicevulnerabilities are available for Red Hat Enterprise Linux 3.. Red Hat Security Advisory Synopsis: Updated OpenSSL packages fix vulnerabilities Advisory ID: RHSA-2004:120-01 Issue date: 2004-03-17 Updated on: 2004-03-17 Product: Red Hat Enterprise Linux Keywords: DoS Cross references: Obsoletes: RHBA-2003:295 CVE Names: CAN-2004-0079 CAN-2004-0081 CAN-2004-0112 - --------------------------------------------------------------------- 1. Topic: Updated OpenSSL packages that fix several remote denial of service vulnerabilities are available for Red Hat Enterprise Linux 3. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, i686, ia64, ppc, ppc64, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 - i386, i686 Red Hat Enterprise Linux WS version 3 - i386, i686, ia64, x86_64 3. Problem description: The OpenSSL toolkit implements Secure Sockets Layer (SSL v2/v3), Transport Layer Security (TLS v1) protocols, and serves as a full-strength general purpose cryptography library. Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a null-pointer assignment in the do_change_cipher_spec() function in OpenSSL 0.9.6c-0.9.6k and 0.9.7a-0.9.7c. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server that uses the OpenSSL library in such a way as to cause OpenSSL to crash. Depending on the application this could lead to a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0079 to this issue. Stephen Henson discovered a flaw in SSL/TLS handshaking code when using Kerberos ciphersuites in OpenSSL 0.9.7a-0.9.7c. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server configured to use Kerberos ciphersuites in such a way as to cause OpenSSL to crash. Most applications have no ability to useKerberos ciphersuites and will therefore be unaffected by this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0112 to this issue. Testing performed by the OpenSSL group using the Codenomicon TLS Test Tool uncovered a bug in older versions of OpenSSL 0.9.6 prior to 0.9.6d that may lead to a denial of service attack (infinite loop). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0081 to this issue. This issue affects only the OpenSSL compatibility packages shipped with Red Hat Enterprise Linux 3. These updated packages contain patches provided by the OpenSSL group that protect against these issues. Additionally, the version of libica included in the OpenSSL packages has been updated to 1.3.5. This only affects IBM s390 and IBM eServer zSeries customers and is required for the latest openCryptoki packages. NOTE: Because server applications are affected by this issue, users are advised to either restart all services that use OpenSSL functionality or restart their systems after installing these updates. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. If up2date fails to connect to Red Hat Network due toSSL Certificate Errors, you need to install a version of the up2date client with an updated certificate. The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website: https://access.redhat.com 5. Bug IDs fixed ( for more info): 117770 - CAN-2004-0079/0081/0112 Flaws in OpenSSL 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: i386: Available from Red Hat Network: openssl-0.9.7a-33.4.i386.rpm Available from Red Hat Network: openssl-devel-0.9.7a-33.4.i386.rpm Available from Red Hat Network: openssl-perl-0.9.7a-33.4.i386.rpm Available from Red Hat Network: openssl096b-0.9.6b-16.i386.rpm i686: Available from Red Hat Network: openssl-0.9.7a-33.4.i686.rpm ia64: Available from Red Hat Network: openssl-0.9.7a-33.4.ia64.rpm Available from Red Hat Network: openssl-0.9.7a-33.4.i686.rpm Available from Red Hat Network: openssl-devel-0.9.7a-33.4.ia64.rpm Available from Red Hat Network: openssl-perl-0.9.7a-33.4.ia64.rpm Available from Red Hat Network: openssl096b-0.9.6b-16.ia64.rpm ppc: Available from Red Hat Network: openssl-0.9.7a-33.4.ppc.rpm Available from Red Hat Network: openssl-devel-0.9.7a-33.4.ppc.rpm Available from Red Hat Network: openssl-perl-0.9.7a-33.4.ppc.rpm Available from Red Hat Network: openssl096b-0.9.6b-16.ppc.rpm ppc64: Available from Red Hat Network: openssl-0.9.7a-33.4.ppc64.rpm Available from Red Hat Network: openssl-devel-0.9.7a-33.4.ppc64.rpm Available from Red Hat Network: openssl-perl-0.9.7a-33.4.ppc64.rpm s390: Available from Red Hat Network: openssl-0.9.7a-33.4.s390.rpm Available from Red Hat Network: openssl-devel-0.9.7a-33.4.s390.rpm Available from Red Hat Network: openssl-perl-0.9.7a-33.4.s390.rpm Available from Red Hat Network: openssl096b-0.9.6b-16.s390.rpm s390x: Available from Red Hat Network: openssl-0.9.7a-33.4.s390x.rpm Available from Red Hat Network: openssl-0.9.7a-33.4.s390.rpm Available from Red Hat Network: openssl-devel-0.9.7a-33.4.s390x.rpm Available from Red Hat Network:openssl-perl-0.9.7a-33.4.s390x.rpm x86_64: Available from Red Hat Network: openssl-0.9.7a-33.4.x86_64.rpm Available from Red Hat Network: openssl-0.9.7a-33.4.i686.rpm Available from Red Hat Network: openssl-devel-0.9.7a-33.4.x86_64.rpm Available from Red Hat Network: openssl-perl-0.9.7a-33.4.x86_64.rpm Available from Red Hat Network: openssl096b-0.9.6b-16.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: i386: Available from Red Hat Network: openssl-0.9.7a-33.4.i386.rpm Available from Red Hat Network: openssl-devel-0.9.7a-33.4.i386.rpm Available from Red Hat Network: openssl-perl-0.9.7a-33.4.i386.rpm Available from Red Hat Network: openssl096b-0.9.6b-16.i386.rpm i686: Available from Red Hat Network: openssl-0.9.7a-33.4.i686.rpm Red Hat Enterprise Linux WS version 3: SRPMS: i386: Available from Red Hat Network: openssl-0.9.7a-33.4.i386.rpm Available from Red Hat Network: openssl-devel-0.9.7a-33.4.i386.rpm Available from Red Hat Network: openssl-perl-0.9.7a-33.4.i386.rpm Available from Red Hat Network: openssl096b-0.9.6b-16.i386.rpm i686: Available from Red Hat Network: openssl-0.9.7a-33.4.i686.rpm ia64: Available from Red Hat Network: openssl-0.9.7a-33.4.ia64.rpm Available from Red Hat Network: openssl-0.9.7a-33.4.i686.rpm Available from Red Hat Network: openssl-devel-0.9.7a-33.4.ia64.rpm Available from Red Hat Network: openssl-perl-0.9.7a-33.4.ia64.rpm Available from Red Hat Network: openssl096b-0.9.6b-16.ia64.rpm x86_64: Available from Red Hat Network: openssl-0.9.7a-33.4.x86_64.rpm Available from Red Hat Network: openssl-0.9.7a-33.4.i686.rpm Available from Red Hat Network: openssl-devel-0.9.7a-33.4.x86_64.rpm Available from Red Hat Network: openssl-perl-0.9.7a-33.4.x86_64.rpm Available from Red Hat Network: openssl096b-0.9.6b-16.x86_64.rpm 7. Verificationx: MD5 sum Package Name - -------------------------------------------------------------------------- 3b3b2a993ec786f7a1f31c7ec284ea1e3AS/en/os/SRPMS/openssl-0.9.7a-33.4.src.rpm fbe9785da72499e6a1bd2063ed6f4c98 3AS/en/os/SRPMS/openssl096b-0.9.6b-16.src.rpm d05bb8902819dc2c689a70e9db80d744 3AS/en/os/i386/openssl-0.9.7a-33.4.i386.rpm 3f3d4ecbe4b1587939502f92f24e2b37 3AS/en/os/i386/openssl-devel-0.9.7a-33.4.i386.rpm 7dbb734563c4c2ba2b1c4f2908e452ce 3AS/en/os/i386/openssl-perl-0.9.7a-33.4.i386.rpm 01f99bab463ea2a0c34a2435776bbb07 3AS/en/os/i386/openssl096b-0.9.6b-16.i386.rpm 23ea387b8e0d59674b221cf6bd711da5 3AS/en/os/i686/openssl-0.9.7a-33.4.i686.rpm 55cabb0cf72a17fbdc4ec3f645189506 3AS/en/os/ia64/openssl-0.9.7a-33.4.ia64.rpm 23ea387b8e0d59674b221cf6bd711da5 3AS/en/os/ia64/openssl-0.9.7a-33.4.i686.rpm 3199e19f8077fc05b34315f214ac721c 3AS/en/os/ia64/openssl-devel-0.9.7a-33.4.ia64.rpm c861a0dd00d2f843ac8c7865f78103b2 3AS/en/os/ia64/openssl-perl-0.9.7a-33.4.ia64.rpm 0152bfbded573d76abe5463cdda0f12f 3AS/en/os/ia64/openssl096b-0.9.6b-16.ia64.rpm 99c6aeac7b0ea8535e1984459d76e3bf 3AS/en/os/ppc/openssl-0.9.7a-33.4.ppc.rpm 76ebb7864ad21d231a557a0819ec9de9 3AS/en/os/ppc/openssl-devel-0.9.7a-33.4.ppc.rpm cfe5035405485155fad6e270f62ac383 3AS/en/os/ppc/openssl-perl-0.9.7a-33.4.ppc.rpm 4e648449f2c1db92a638b0287fd42165 3AS/en/os/ppc/openssl096b-0.9.6b-16.ppc.rpm ed685cb7cec41e6dfbd56914aeb074b5 3AS/en/os/ppc64/openssl-0.9.7a-33.4.ppc64.rpm 7ebb94cbb8175dd1e974254a51c72b44 3AS/en/os/ppc64/openssl-devel-0.9.7a-33.4.ppc64.rpm d87236c47aba867545991572eb06b3d8 3AS/en/os/ppc64/openssl-perl-0.9.7a-33.4.ppc64.rpm bef3431f7d8c1aef5342b63b59995d4b 3AS/en/os/s390/openssl-0.9.7a-33.4.s390.rpm c5be24b20d318c17634fe70e548a49c4 3AS/en/os/s390/openssl-devel-0.9.7a-33.4.s390.rpm 8047af064fc9b2c4473208ef71f89551 3AS/en/os/s390/openssl-perl-0.9.7a-33.4.s390.rpm bf0a81fbcde746ad2d90502fa07e2b08 3AS/en/os/s390/openssl096b-0.9.6b-16.s390.rpm e32a76bcacbdf9784cea51e72ebbd0be 3AS/en/os/s390x/openssl-0.9.7a-33.4.s390x.rpm bef3431f7d8c1aef5342b63b59995d4b 3AS/en/os/s390x/openssl-0.9.7a-33.4.s390.rpm a79b9cf9018edc2a329569bdf45390123AS/en/os/s390x/openssl-devel-0.9.7a-33.4.s390x.rpm 94d49f39aa1e86c37e697ece88b1dcfb 3AS/en/os/s390x/openssl-perl-0.9.7a-33.4.s390x.rpm 02e2620abd085cca1fd3ff02d6e6b027 3AS/en/os/x86_64/openssl-0.9.7a-33.4.x86_64.rpm 23ea387b8e0d59674b221cf6bd711da5 3AS/en/os/x86_64/openssl-0.9.7a-33.4.i686.rpm 31ee33af40c6077a0433c50227bf1d2f 3AS/en/os/x86_64/openssl-devel-0.9.7a-33.4.x86_64.rpm 5b6fef5ba19a4abc843da86aa285110e 3AS/en/os/x86_64/openssl-perl-0.9.7a-33.4.x86_64.rpm 93d75bd894053d6017157269654f2580 3AS/en/os/x86_64/openssl096b-0.9.6b-16.x86_64.rpm 3b3b2a993ec786f7a1f31c7ec284ea1e 3ES/en/os/SRPMS/openssl-0.9.7a-33.4.src.rpm fbe9785da72499e6a1bd2063ed6f4c98 3ES/en/os/SRPMS/openssl096b-0.9.6b-16.src.rpm d05bb8902819dc2c689a70e9db80d744 3ES/en/os/i386/openssl-0.9.7a-33.4.i386.rpm 3f3d4ecbe4b1587939502f92f24e2b37 3ES/en/os/i386/openssl-devel-0.9.7a-33.4.i386.rpm 7dbb734563c4c2ba2b1c4f2908e452ce 3ES/en/os/i386/openssl-perl-0.9.7a-33.4.i386.rpm 01f99bab463ea2a0c34a2435776bbb07 3ES/en/os/i386/openssl096b-0.9.6b-16.i386.rpm 23ea387b8e0d59674b221cf6bd711da5 3ES/en/os/i686/openssl-0.9.7a-33.4.i686.rpm 3b3b2a993ec786f7a1f31c7ec284ea1e 3WS/en/os/SRPMS/openssl-0.9.7a-33.4.src.rpm fbe9785da72499e6a1bd2063ed6f4c98 3WS/en/os/SRPMS/openssl096b-0.9.6b-16.src.rpm d05bb8902819dc2c689a70e9db80d744 3WS/en/os/i386/openssl-0.9.7a-33.4.i386.rpm 3f3d4ecbe4b1587939502f92f24e2b37 3WS/en/os/i386/openssl-devel-0.9.7a-33.4.i386.rpm 7dbb734563c4c2ba2b1c4f2908e452ce 3WS/en/os/i386/openssl-perl-0.9.7a-33.4.i386.rpm 01f99bab463ea2a0c34a2435776bbb07 3WS/en/os/i386/openssl096b-0.9.6b-16.i386.rpm 23ea387b8e0d59674b221cf6bd711da5 3WS/en/os/i686/openssl-0.9.7a-33.4.i686.rpm 55cabb0cf72a17fbdc4ec3f645189506 3WS/en/os/ia64/openssl-0.9.7a-33.4.ia64.rpm 23ea387b8e0d59674b221cf6bd711da5 3WS/en/os/ia64/openssl-0.9.7a-33.4.i686.rpm 3199e19f8077fc05b34315f214ac721c 3WS/en/os/ia64/openssl-devel-0.9.7a-33.4.ia64.rpm c861a0dd00d2f843ac8c7865f78103b2 3WS/en/os/ia64/openssl-perl-0.9.7a-33.4.ia64.rpm 0152bfbded573d76abe5463cdda0f12f3WS/en/os/ia64/openssl096b-0.9.6b-16.ia64.rpm 02e2620abd085cca1fd3ff02d6e6b027 3WS/en/os/x86_64/openssl-0.9.7a-33.4.x86_64.rpm 23ea387b8e0d59674b221cf6bd711da5 3WS/en/os/x86_64/openssl-0.9.7a-33.4.i686.rpm 31ee33af40c6077a0433c50227bf1d2f 3WS/en/os/x86_64/openssl-devel-0.9.7a-33.4.x86_64.rpm 5b6fef5ba19a4abc843da86aa285110e 3WS/en/os/x86_64/openssl-perl-0.9.7a-33.4.x86_64.rpm 93d75bd894053d6017157269654f2580 3WS/en/os/x86_64/openssl096b-0.9.6b-16.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key is available from https://access.redhat.com/security/team/key You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum 8. References: CVE -CVE-2004-0079 CVE -CVE-2004-0081 CVE -CVE-2004-0112 9. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/en/technologies/all-products Copyright 2003 Red Hat, Inc. . Updated OpenSSL packages enhance Red Hat's security by fixing remote exploitation vulnerabilities through swift updates.. OpenSSL Updates, Red Hat Security, Denial of Service, Remote Threats. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Mar 17, 2004 Critical Red Hat
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here