Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
89
security advisorycriticalFedoraFedora 36: FEDORA-2023-80b2470d3c Critical Netconsole Service Update
Update to 0.2 to address CVE-2023-28753; Fixes: RHBZ#2181655. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-80b2470d3c 2023-04-02 01:33:23.803455 --------------------------------------------------------------------------------Name : netconsd Product : Fedora 36 Version : 0.2 Release : 1.fc36 URL : Summary : The Netconsole Daemon Description : This is a daemon for receiving and processing logs from the Linux Kernel, as emitted over a network by the kernel's netconsole module. It supports both the old "legacy" text-only format, and the new extended format added in v4.4. The core of the daemon does nothing but process messages and drop them: in order to make the daemon useful, the user must supply one or more "output modules". These modules are shared object files which expose a small ABI that is called by netconsd with the content and metadata for netconsole messages it receives. --------------------------------------------------------------------------------Update Information: Update to 0.2 to address CVE-2023-28753; Fixes: RHBZ#2181655 --------------------------------------------------------------------------------ChangeLog: * Fri Mar 24 2023 Davide Cavalca - 0.2-1 - Update to 0.2 to address CVE-2023-28753; Fixes: RHBZ#2181655 * Fri Jan 27 2023 Davide Cavalca - 0.1-5 - Backport upstream PR to fix FTBFS * Thu Jan 19 2023 Fedora Release Engineering - 0.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Fri Jul 22 2022 Fedora Release Engineering - 0.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #2181655 - netconsd-0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2181655 --------------------------------------------------------------------------------This update can be installed with the "dnf"update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-80b2470d3c' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Apr 02, 2023
•Critical
Fedora
203
security advisorycode executionremote loggingMageia: 2019-0079 Moderate: Logback Deserialization Threat
It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to execute arbitrary code through . MGASA-2019-0079 - Updated logback packages fix security vulnerability Publication date: 14 Feb 2019 URL: https://advisories.mageia.org/MGASA-2019-0079.html Type: security Affected Mageia releases: 6 CVE: CVE-2017-5929 It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to execute arbitrary code through deserialization of custom gadget chains (CVE-2017-5929). References: - https://bugs.mageia.org/show_bug.cgi?id=23721 - https://bugzilla.redhat.com/show_bug.cgi?id=1432858 - https://www.cve.org/CVERecord?id=CVE-2017-5929 SRPMS: - 6/core/logback-1.1.3-2.1.mga6 . Recent updates to logback libraries address a deserialization vulnerability impacting Mageia, which could lead to unauthorized code execution.. logback security, Mageia advisory, deserialization issue, remote logging exploit. . LinuxSecurity.com Team
Feb 14, 2019
Mageia
98
security advisorysecurity updatesecurity impactRed Hat: RHSA-2017-3400-01 Important: Log4j Socket Flaw Fix
An update is now available for Red Hat JBoss Enterprise Application Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 5.2 security update Advisory ID: RHSA-2017:3400-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2017:3400 Issue date: 2017-12-07 CVE Names: CVE-2017-5645 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Enterprise Application Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for log4j package in Red Hat JBoss Enterprise Application Platform 5.2.0. Security Fix(es): * It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. (CVE-2017-5645) 3. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed(https://bugzilla.redhat.com/): 1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability 5. References: https://access.redhat.com/security/cve/CVE-2017-5645 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=5.2.0 https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/ 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFaKXSlXlSAg2UNWIIRArefAKCNrcHUuB0Jmu28+K8TfkCsg/WyQwCfXkmC tx/xABNMq0u6tyetMVwS2Kw=FsJF -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Dec 07, 2017
•Important
Red Hat
98
security advisorysecurity updateRed HatRed Hat JBoss BPM Suite 6.4.6 Security Update: Remote Logging DoS Issue
An update is now available for Red Hat JBoss BPM Suite. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss BPM Suite 6.4.6 security update Advisory ID: RHSA-2017:2889-01 Product: Red Hat JBoss BPM Suite Advisory URL: https://access.redhat.com/errata/RHSA-2017:2889 Issue date: 2017-10-12 CVE Names: CVE-2017-5645 CVE-2017-7957 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss BPM Suite. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.4.6 serves as a replacement for Red Hat JBoss BPM Suite 6.4.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. (CVE-2017-5645) * It was found that XStream contains a vulnerability that allows a maliciously crafted file to beparsed successfully which could cause an application crash. The crash occurs if the file that is being fed into XStream input stream contains an instances of the primitive type 'void'. An attacker could use this flaw to create a denial of service on the target system. (CVE-2017-7957) 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1441538 - CVE-2017-7957 XStream: DoS when unmarshalling void type 1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability 5. References: https://access.redhat.com/security/cve/CVE-2017-5645 https://access.redhat.com/security/cve/CVE-2017-7957 https://access.redhat.com/security/updates/classification#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=bpm.suite&downloadType=securityPatches&version=6.4 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFZ3+YiXlSAg2UNWIIRApkVAJ94hyturYv4p01us5mQ+OobGQYEswCfcbjO QgfbMB3/sUo6+bnE6qqd+x8=uuKL -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Oct 12, 2017
•Important
Red Hat
98
security advisoryimportantDenial Of ServiceRed Hat JBoss BRMS 6.4.6 RHSA-2017:2888-01 Critical DoS Risk
An update is now available for Red Hat JBoss BRMS. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss BRMS 6.4.6 security update Advisory ID: RHSA-2017:2888-01 Product: Red Hat JBoss BRMS Advisory URL: https://access.redhat.com/errata/RHSA-2017:2888 Issue date: 2017-10-12 CVE Names: CVE-2017-5645 CVE-2017-7957 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss BRMS. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.4.6 serves as a replacement for Red Hat JBoss BRMS 6.4.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. (CVE-2017-5645) * It was found that XStream contains a vulnerability that allows a maliciously crafted file to be parsed successfully which could cause an application crash. The crash occurs if the filethat is being fed into XStream input stream contains an instances of the primitive type 'void'. An attacker could use this flaw to create a denial of service on the target system. (CVE-2017-7957) 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1441538 - CVE-2017-7957 XStream: DoS when unmarshalling void type 1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability 5. References: https://access.redhat.com/security/cve/CVE-2017-5645 https://access.redhat.com/security/cve/CVE-2017-7957 https://access.redhat.com/security/updates/classification#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=brms&downloadType=securityPatches&version=6.4 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFZ3+XmXlSAg2UNWIIRAhnZAJ904MMtdyV9D665eh+Y/2I0cMAbUQCeNoD7 CiB9NXrVMINnroXTjgZJW5c=jkNz -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Oct 12, 2017
•Important
Red Hat
200
security advisoryarbitrary code executionremote loggingScientific Linux 7 SLSA-2017:2423-1 Critical Log4j Remote Logging Flaw
It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. (CVE-2017-5645) SL7 noarch log4j-1.2.17-16.el7_4.noarch.rpm log4j-javad [More...]. Synopsis: Important: log4j security update Advisory ID: SLSA-2017:2423-1 Issue Date: 2017-08-07 CVE Numbers: CVE-2017-5645 -- Security Fix(es): * It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. (CVE-2017-5645) -- SL7 noarch log4j-1.2.17-16.el7_4.noarch.rpm log4j-javadoc-1.2.17-16.el7_4.noarch.rpm log4j-manual-1.2.17-16.el7_4.noarch.rpm - Scientific Linux Development Team . Essential log4j patch addresses a critical remote logging flaw on SL7 to improve overall system security.. log4j security, SL7 log4j update, remote logging flaw. . Severity: Important. LinuxSecurity.com Team
Aug 21, 2017
•Important
Scientific Linux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!