Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
203
security advisorysambaout-of-bounds readMageia: 2023-0247 Moderate: Samba Issues Including Out-Of-Bounds Read
Out-of-bounds read due to insufficient length checks in winbindd_pam_auth_crap.c (CVE-2022-2127) Improper SMB2 packet signing mechanism leading to man in the middle risk (CVE-2023-3347) Infinite loop vulnerability was found in Samba's mdssvc RPC service for . MGASA-2023-0247 - Updated samba packages fix security vulnerability Publication date: 23 Aug 2023 URL: https://advisories.mageia.org/MGASA-2023-0247.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-2127, CVE-2023-3347, CVE-2023-34966, CVE-2023-34967, CVE-2023-34968 Out-of-bounds read due to insufficient length checks in winbindd_pam_auth_crap.c (CVE-2022-2127) Improper SMB2 packet signing mechanism leading to man in the middle risk (CVE-2023-3347) Infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight (CVE-2023-34966) Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight (CVE-2023-34967) Path disclosure vulnerability in the Spotlight protocol (CVE-2023-34968) References: - https://bugs.mageia.org/show_bug.cgi?id=32152 - - - - - - - - https://www.cve.org/CVERecord?id=CVE-2022-2127 - https://www.cve.org/CVERecord?id=CVE-2023-3347 - https://www.cve.org/CVERecord?id=CVE-2023-34966 - https://www.cve.org/CVERecord?id=CVE-2023-34967 - https://www.cve.org/CVERecord?id=CVE-2023-34968 SRPMS: - 8/core/samba-4.16.11-1.mga8 . Revised Samba distributions address multiple security flaws, including improper memory access and inadequate packet authentication. Learn more!. Samba Security Fix, Mageia Samba Update, Out-of-Bounds Read Defense, Security Package Management. . LinuxSecurity.com Team
Aug 23, 2023
Mageia
98
security advisoryRed Hatmemory leakRed Hat 6 RHSA-2017-1267-01 Important: Rpcbind Memory Leak
An update for rpcbind is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: rpcbind security update Advisory ID: RHSA-2017:1267-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:1267 Issue date: 2017-05-23 CVE Names: CVE-2017-8779 ==================================================================== 1. Summary: An update for rpcbind is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The rpcbind utility is a server that converts Remote Procedure Call (RPC) program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix(es): * It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779) 4. Solution: For details on how to apply this update, whichincludes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1448124 - CVE-2017-8779 rpcbind, libtirpc, libntirpc: Memory leak when failing to parse XDR strings or bytearrays 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: rpcbind-0.2.0-13.el6_9.src.rpm i386: rpcbind-0.2.0-13.el6_9.i686.rpm rpcbind-debuginfo-0.2.0-13.el6_9.i686.rpm x86_64: rpcbind-0.2.0-13.el6_9.x86_64.rpm rpcbind-debuginfo-0.2.0-13.el6_9.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: rpcbind-0.2.0-13.el6_9.src.rpm x86_64: rpcbind-0.2.0-13.el6_9.x86_64.rpm rpcbind-debuginfo-0.2.0-13.el6_9.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: rpcbind-0.2.0-13.el6_9.src.rpm i386: rpcbind-0.2.0-13.el6_9.i686.rpm rpcbind-debuginfo-0.2.0-13.el6_9.i686.rpm ppc64: rpcbind-0.2.0-13.el6_9.ppc64.rpm rpcbind-debuginfo-0.2.0-13.el6_9.ppc64.rpm s390x: rpcbind-0.2.0-13.el6_9.s390x.rpm rpcbind-debuginfo-0.2.0-13.el6_9.s390x.rpm x86_64: rpcbind-0.2.0-13.el6_9.x86_64.rpm rpcbind-debuginfo-0.2.0-13.el6_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: rpcbind-0.2.0-13.el6_9.src.rpm i386: rpcbind-0.2.0-13.el6_9.i686.rpm rpcbind-debuginfo-0.2.0-13.el6_9.i686.rpm x86_64: rpcbind-0.2.0-13.el6_9.x86_64.rpm rpcbind-debuginfo-0.2.0-13.el6_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2017-8779 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFZJDaaXlSAg2UNWIIRAtmIAJ9YnpnT252HvqlJC7rWZKDVQYzjswCgwgVs u8uZenXYjXJ2txFOCmwBmGw=nJZJ -----END PGP SIGNATURE----- -- Enterprise-watch-list mailinglist
May 23, 2017
•Important
Red Hat
200
security advisoryaccess controlremote accessScientific Linux: CVE-2012-3417 Low Severity: Quota Remote Access Issue
Low: quota security and bug fix update. Date: Wed, 16 Jan 2013 16:10:14 -0600 Reply-To: Pat Riehecky Sender: Security Errata for Scientific Linux From: Pat Riehecky Organization: Fermilab Subject: Security ERRATA Low: quota on SL5.x i386/x86_64 MIME-Version: 1.0 Synopsis: Low: quota security and bug fix update Issue Date: 2013-01-08 CVE Numbers: CVE-2012-3417 -- It was discovered that the rpc.rquotad service did not use tcp_wrapperscorrectly. Certain hosts access rules defined in "/etc/hosts.allow" and "/etc/hosts.deny" may not have been honored, possibly allowing remote attackersto bypass intended access restrictions. (CVE-2012-3417) This update also fixes the following bugs: * Prior to this update, values were not properly transported via the remote procedure call (RPC) and interpreted by the client when querying the quota usage or limits for network-mounted file systems if the quota values were 2^32 kilobytes or greater. As a consequence, the client reported mangled values. This update modifies the underlying code so that such values are correctly interpreted by the client. * Prior to this update, warnquota sent messages about exceeded quota limits from a valid domain name if the warnquota tool was enabled to send warning e-mails and the superuser did not change the default warnquota configuration. As a consequence, the recipient could reply to invalid addresses. This update modifies the default warnquota configuration to use the reserved . domain. Now, warnings about exceeded quota limits are sent from the reserved domain that inform the superuser to change to the correct value. * Previously, quota utilities could not recognize the file system as having quotas enabled and refused to operate on it due to incorrect updating of /etc/mtab. This update prefers /proc/mounts to get a list of file systems with enabled quotas. Now, quota utilities recognize file systems with enabled quotas as expected. * Prior to this update, the setquota(8) tool on XFS file systems failed to set disk limits to valuesgreater than 2^31 kilobytes. This update modifies the integer conversion in the setquota(8) tool to use a 64-bit variable big enough to store such values. -- SL5 x86_64 quota-3.13-8.el5.x86_64.rpm quota-debuginfo-3.13-8.el5.x86_64.rpm i386 quota-3.13-8.el5.i386.rpm quota-debuginfo-3.13-8.el5.i386.rpm - Scientific Linux Development Team . A recent security patch for Scientific Linux has been released, aimed at resolving remote access vulnerabilities and fixing multiple bugs.. quota security fix, Scientific Linux update, remote access vulnerabilities. . Severity: Low. LinuxSecurity.com Team
Jan 16, 2013
•Low
Scientific Linux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!