Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 17 articles for you...
200
security advisorybug fixsecurity patchSciLinux SL7 SLSA-2021:2845-1 Critical: Java Security Fixes
OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066) (CVE-2021-2388) * OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432) (CVE-2021-2341) * OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967) (CVE-2021-2369) For more details about the security issue(s), including the [More...]. Synopsis: Important: java-1.8.0-openjdk security and bug fix update Advisory ID: SLSA-2021:2845-1 Issue Date: 2021-07-21 CVE Numbers: CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 -- Security Fix(es): * OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066) (CVE-2021-2388) * OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432) (CVE-2021-2341) * OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967) (CVE-2021-2369) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * JDK-8266279: 8u292 NoSuchAlgorithmException unrecognized algorithmname: PBEWithSHA1AndDESede --- SL7 x86_64 java-1.8.0-openjdk-1.8.0.302.b08-0.el7_9.i686.rpm java-1.8.0-openjdk-1.8.0.302.b08-0.el7_9.x86_64.rpm java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el7_9.i686.rpm java-1.8.0-openjdk-accessibility-1.8.0.302.b08-0.el7_9.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.302.b08-0.el7_9.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el7_9.i686.rpm java-1.8.0-openjdk-demo-1.8.0.302.b08-0.el7_9.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el7_9.i686.rpm java-1.8.0-openjdk-devel-1.8.0.302.b08-0.el7_9.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el7_9.i686.rpm java-1.8.0-openjdk-headless-1.8.0.302.b08-0.el7_9.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.302.b08-0.el7_9.i686.rpm java-1.8.0-openjdk-src-1.8.0.302.b08-0.el7_9.x86_64.rpm noarch java-1.8.0-openjdk-javadoc-1.8.0.302.b08-0.el7_9.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.302.b08-0.el7_9.noarch.rpm -- - Scientific Linux Development Team . Critical enhancement for java-1.8.0-openjdk features security improvements alongside bug resolutions concerning boundary validations and FTP reply handling.. java update, openjdk security, java bug fix, FTP command issue, Java security patches. . Severity: Critical. LinuxSecurity.com Team
Jul 26, 2021
•Critical
Scientific Linux
200
security advisorysecurity issuememory accessSciLinux: SLSA-2021-1145-1 Important Memory Access Issue
nettle: Out of bounds memory access in signature verification (CVE-2021-20305) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE - Scientific Linux Development Team. Synopsis: Important: nettle security update Advisory ID: SLSA-2021:1145-1 Issue Date: 2021-04-09 CVE Numbers: CVE-2021-20305 -- Security Fix(es): * nettle: Out of bounds memory access in signature verification (CVE-2021-20305) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE -- - Scientific Linux Development Team . A vulnerability in the Nettle library, CVE-2021-20305, allows memory access issues due to inadequate validation. Users should update to the latest version for enhanced security.. Nettle Update, Memory Access Fix, Security Advisory, Signature Verification Issue. . Severity: Important. LinuxSecurity.com Team
Apr 12, 2021
•Important
Scientific Linux
200
security advisorymoderatehttp redirectionSciLinux: SLSA-2020-2081-1 Moderate: python-virtualenv Security Fix for SL7
python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) * python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service (CVE-2019-11236) * python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) SL7 noarch python-virtualenv- [More...]. Synopsis: Moderate: python-virtualenv security update Advisory ID: SLSA-2020:2081-1 Issue Date: 2020-05-12 CVE Numbers: None -- Security Fix(es): * python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) * python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service (CVE-2019-11236) * python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) -- SL7 noarch python-virtualenv-15.1.0-4.el7_8.noarch.rpm - Scientific Linux Development Team . Cautious security warning regarding python-virtualenv on Scientific Linux SL7 pertaining to potential risks from authorization header leakage.. python-security, scilinux-advisory, python-virtualenv-update, authorization-header-removal, credential-exposure. . LinuxSecurity.com Team
Jun 01, 2020
Scientific Linux
200
security advisorymoderatebuffer overflowSciLinux SL7: SLSA-2020-1062-1 Moderate: Dovecot Buffer Overflow
dovecot: Improper certificate validation * dovecot: Buffer overflow in indexer-worker process results in privilege escalation SL7 x86_64 dovecot-pgsql-2.2.36-6.el7.x86_64.rpm dovecot-pigeonhole-2.2.36-6.el7.x86_64.rpm dovecot-mysql-2.2.36-6.el7.x86_64.rpm dovecot-2.2.36-6.el7.x86_64.rpm dovecot-2.2.36-6.el7.i686.rpm dovecot-debuginfo-2.2.36-6.el7.i686.rpm [More...]. Synopsis: Moderate: dovecot security and bug fix update Advisory ID: SLSA-2020:1062-1 Issue Date: 2020-04-07 CVE Numbers: CVE-2019-7524 CVE-2019-3814 -- * dovecot: Improper certificate validation * dovecot: Buffer overflow in indexer-worker process results in privilege escalation -- SL7 x86_64 dovecot-pgsql-2.2.36-6.el7.x86_64.rpm dovecot-pigeonhole-2.2.36-6.el7.x86_64.rpm dovecot-mysql-2.2.36-6.el7.x86_64.rpm dovecot-2.2.36-6.el7.x86_64.rpm dovecot-2.2.36-6.el7.i686.rpm dovecot-debuginfo-2.2.36-6.el7.i686.rpm dovecot-debuginfo-2.2.36-6.el7.x86_64.rpm dovecot-devel-2.2.36-6.el7.x86_64.rpm - Scientific Linux Development Team . Essential dovecot security patch addressing flawed validation and overflow vulnerabilities on SL7 distribution.. Dovecot Security, SL7 Updates, Buffer Overflow Fix, Privilege Escalation. . LinuxSecurity.com Team
Apr 20, 2020
Scientific Linux
200
security advisorymoderatephpSciLinux: SLSA-2020:1112-1 Moderate PHP Security Update
php: Reflected XSS on PHAR 404 page * php: Stack-based buffer under-read in php_stream_url_wrap_http_ex() in http_fopen_wrapper.c when parsing HTTP response * php: Reflected XSS vulnerability on PHAR 403 and 404 error pages * php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c SL7 x86_64 php-pdo-5.4.16-48.el7.x86_64.rpm php-pgsql-5. [More...]. Synopsis: Moderate: php security update Advisory ID: SLSA-2020:1112-1 Issue Date: 2020-04-07 CVE Numbers: CVE-2018-10547 CVE-2019-9024 CVE-2018-7584 CVE-2018-5712 -- * php: Reflected XSS on PHAR 404 page * php: Stack-based buffer under-read in php_stream_url_wrap_http_ex() in http_fopen_wrapper.c when parsing HTTP response * php: Reflected XSS vulnerability on PHAR 403 and 404 error pages * php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c -- SL7 x86_64 php-pdo-5.4.16-48.el7.x86_64.rpm php-pgsql-5.4.16-48.el7.x86_64.rpm php-recode-5.4.16-48.el7.x86_64.rpm php-common-5.4.16-48.el7.x86_64.rpm php-gd-5.4.16-48.el7.x86_64.rpm php-mysql-5.4.16-48.el7.x86_64.rpm php-soap-5.4.16-48.el7.x86_64.rpm php-xml-5.4.16-48.el7.x86_64.rpm php-xmlrpc-5.4.16-48.el7.x86_64.rpm php-process-5.4.16-48.el7.x86_64.rpm php-odbc-5.4.16-48.el7.x86_64.rpm php-ldap-5.4.16-48.el7.x86_64.rpm php-5.4.16-48.el7.x86_64.rpm php-cli-5.4.16-48.el7.x86_64.rpm php-bcmath-5.4.16-48.el7.x86_64.rpm php-dba-5.4.16-48.el7.x86_64.rpm php-debuginfo-5.4.16-48.el7.x86_64.rpm php-devel-5.4.16-48.el7.x86_64.rpm php-embedded-5.4.16-48.el7.x86_64.rpm php-enchant-5.4.16-48.el7.x86_64.rpm php-fpm-5.4.16-48.el7.x86_64.rpm php-intl-5.4.16-48.el7.x86_64.rpm php-mbstring-5.4.16-48.el7.x86_64.rpm php-mysqlnd-5.4.16-48.el7.x86_64.rpm php-pspell-5.4.16-48.el7.x86_64.rpm php-snmp-5.4.16-48.el7.x86_64.rpm - Scientific Linux Development Team . Timely securitypatch issued for potential reflected XSS vulnerabilities, buffer overflows, and out-of-bounds memory accesses on Scientific Linux.. php security, buffer overflow, out-of-bounds read, xss flaw, scilinux update. . LinuxSecurity.com Team
Apr 20, 2020
Scientific Linux
200
security advisorymoderatebug fixSciLinux: SLSA-2020-1084-1 Moderate: Samba Path Escaping Issue
samba: Combination of parameters and permissions can allow user to escape from the share path definition * samba: smb client vulnerable to filenames containing path separators SL7 x86_64 samba-libs-4.10.4-10.el7.i686.rpm samba-krb5-printing-4.10.4-10.el7.x86_64.rpm libsmbclient-4.10.4-10.el7.i686.rpm samba-common-tools-4.10.4-10.el7.x86_64.rpm samba-libs-4.10.4-1 [More...]. Synopsis: Moderate: samba security, bug fix, and enhancement update Advisory ID: SLSA-2020:1084-1 Issue Date: 2020-04-07 CVE Numbers: CVE-2019-10197 CVE-2019-10218 -- * samba: Combination of parameters and permissions can allow user to escape from the share path definition * samba: smb client vulnerable to filenames containing path separators-- SL7 x86_64 samba-libs-4.10.4-10.el7.i686.rpm samba-krb5-printing-4.10.4-10.el7.x86_64.rpm libsmbclient-4.10.4-10.el7.i686.rpm samba-common-tools-4.10.4-10.el7.x86_64.rpm samba-libs-4.10.4-10.el7.x86_64.rpm samba-winbind-clients-4.10.4-10.el7.x86_64.rpm libwbclient-4.10.4-10.el7.x86_64.rpm samba-python-4.10.4-10.el7.x86_64.rpm samba-common-4.10.4-10.el7.noarch.rpm samba-client-libs-4.10.4-10.el7.i686.rpm samba-winbind-modules-4.10.4-10.el7.x86_64.rpm samba-winbind-4.10.4-10.el7.x86_64.rpm samba-client-libs-4.10.4-10.el7.x86_64.rpm samba-python-4.10.4-10.el7.i686.rpm libsmbclient-4.10.4-10.el7.x86_64.rpm samba-client-4.10.4-10.el7.x86_64.rpm samba-4.10.4-10.el7.x86_64.rpm samba-common-libs-4.10.4-10.el7.x86_64.rpm libwbclient-4.10.4-10.el7.i686.rpm samba-winbind-modules-4.10.4-10.el7.i686.rpm samba-debuginfo-4.10.4-10.el7.i686.rpm samba-debuginfo-4.10.4-10.el7.x86_64.rpm libsmbclient-devel-4.10.4-10.el7.i686.rpm libsmbclient-devel-4.10.4-10.el7.x86_64.rpm libwbclient-devel-4.10.4-10.el7.i686.rpm libwbclient-devel-4.10.4-10.el7.x86_64.rpm samba-dc-4.10.4-10.el7.x86_64.rpm samba-dc-libs-4.10.4-10.el7.x86_64.rpm samba-devel-4.10.4-10.el7.i686.rpm samba-devel-4.10.4-10.el7.x86_64.rpm samba-python-test-4.10.4-10.el7.x86_64.rpm samba-test-4.10.4-10.el7.x86_64.rpm samba-test-libs-4.10.4-10.el7.i686.rpm samba-test-libs-4.10.4-10.el7.x86_64.rpm samba-vfs-glusterfs-4.10.4-10.el7.x86_64.rpm samba-winbind-krb5-locator-4.10.4-10.el7.x86_64.rpm noarch samba-common-4.10.4-10.el7.noarch.rpm samba-pidl-4.10.4-10.el7.noarch.rpm - Scientific Linux Development Team . Samba security update addresses intermediate vulnerabilities, patches, and revisions for Scientific Linux. Strengthen your defenses today.. samba security, scilinux advisory, samba update, samba risk, samba permissions. . LinuxSecurity.com Team
Apr 20, 2020
Scientific Linux
200
security advisorymoderatebug fixScientific Linux 7: SLSA-2020-1061-1 Moderate: bind TCP Issues
bind: TCP Pipelining doesn't limit TCP clients on a single connection * bind: An assertion failure if a trust anchor rolls over to an unsupported key algorithm when using managed-keys * bind: Controls for zone transfers may not be properly applied to DLZs if the zones are writable SL7 x86_64 bind-utils-9.11.4-16.P2.el7.x86_64.rpm bind-export-libs-9.11.4-16.P2.el7.i6 [More...]. Synopsis: Moderate: bind security and bug fix update Advisory ID: SLSA-2020:1061-1 Issue Date: 2020-04-07 CVE Numbers: CVE-2018-5745 CVE-2019-6477 CVE-2019-6465 -- * bind: TCP Pipelining doesn't limit TCP clients on a single connection * bind: An assertion failure if a trust anchor rolls over to an unsupported key algorithm when using managed-keys * bind: Controls for zone transfers may not be properly applied to DLZs if the zones are writable -- SL7 x86_64 bind-utils-9.11.4-16.P2.el7.x86_64.rpm bind-export-libs-9.11.4-16.P2.el7.i686.rpm bind-pkcs11-libs-9.11.4-16.P2.el7.i686.rpm bind-license-9.11.4-16.P2.el7.noarch.rpm bind-libs-9.11.4-16.P2.el7.i686.rpm bind-libs-lite-9.11.4-16.P2.el7.i686.rpm bind-pkcs11-utils-9.11.4-16.P2.el7.x86_64.rpm bind-export-libs-9.11.4-16.P2.el7.x86_64.rpm bind-pkcs11-9.11.4-16.P2.el7.x86_64.rpm bind-libs-9.11.4-16.P2.el7.x86_64.rpm bind-pkcs11-libs-9.11.4-16.P2.el7.x86_64.rpm bind-libs-lite-9.11.4-16.P2.el7.x86_64.rpm bind-chroot-9.11.4-16.P2.el7.x86_64.rpm bind-9.11.4-16.P2.el7.x86_64.rpm bind-debuginfo-9.11.4-16.P2.el7.i686.rpm bind-debuginfo-9.11.4-16.P2.el7.x86_64.rpm bind-devel-9.11.4-16.P2.el7.i686.rpm bind-devel-9.11.4-16.P2.el7.x86_64.rpm bind-export-devel-9.11.4-16.P2.el7.i686.rpm bind-export-devel-9.11.4-16.P2.el7.x86_64.rpm bind-lite-devel-9.11.4-16.P2.el7.i686.rpm bind-lite-devel-9.11.4-16.P2.el7.x86_64.rpm bind-pkcs11-devel-9.11.4-16.P2.el7.i686.rpm bind-pkcs11-devel-9.11.4-16.P2.el7.x86_64.rpm bind-sdb-9.11.4-16.P2.el7.x86_64.rpm bind-sdb-chroot-9.11.4-16.P2.el7.x86_64.rpm noarch bind-license-9.11.4-16.P2.el7.noarch.rpm - Scientific Linux Development Team . Updated security and stability patch for Scientific Linux 7.x. Resolves issues with TCP congestion control and fixes potential segmentation faults.. bind patch, SL7 security, bug fix update, TCP pipelining, assertion failure. . LinuxSecurity.com Team
Apr 20, 2020
Scientific Linux
200
security advisoryupdateimportantSciLinux: Important Update SLSA-2020-0702-1 for Xerces-C Use-After-Free
xerces-c: XML parser contains a use-after-free error triggered during the scanning of external DTDs (CVE-2018-1311) SL6 x86_64 xerces-c-3.0.1-21.el6_10.i686.rpm xerces-c-3.0.1-21.el6_10.x86_64.rpm xerces-c-debuginfo-3.0.1-21.el6_10.i686.rpm xerces-c-debuginfo-3.0.1-21.el6_10.x86_64.rpm xerces-c-devel-3.0.1-21.el6_10.i686.rpm xerces-c-devel-3.0.1-21.el6_10.x86_64.rpm [More...]. Synopsis: Important: xerces-c security update Advisory ID: SLSA-2020:0702-1 Issue Date: 2020-03-04 CVE Numbers: CVE-2018-1311 -- Security Fix(es): * xerces-c: XML parser contains a use-after-free error triggered during the scanning of external DTDs (CVE-2018-1311) -- SL6 x86_64 xerces-c-3.0.1-21.el6_10.i686.rpm xerces-c-3.0.1-21.el6_10.x86_64.rpm xerces-c-debuginfo-3.0.1-21.el6_10.i686.rpm xerces-c-debuginfo-3.0.1-21.el6_10.x86_64.rpm xerces-c-devel-3.0.1-21.el6_10.i686.rpm xerces-c-devel-3.0.1-21.el6_10.x86_64.rpm i386 xerces-c-3.0.1-21.el6_10.i686.rpm xerces-c-debuginfo-3.0.1-21.el6_10.i686.rpm xerces-c-devel-3.0.1-21.el6_10.i686.rpm noarch xerces-c-doc-3.0.1-21.el6_10.noarch.rpm - Scientific Linux Development Team . Critical patch issued for xerces-c on SL6 addressing a vulnerability related to a use-after-free condition that occurs while processing external DTDs.. xerces-c security, use-after-free error, XML parser fix, Scientific Linux update. . Severity: Important. LinuxSecurity.com Team
Mar 05, 2020
•Important
Scientific Linux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!