Alerts This Week
Warning Icon 1 566
Alerts This Week
Warning Icon 1 566

Stay Secure with the Latest Linux Advisories

Fedora Large Esm H800
Fedora

Fedora 44 Transmission 4.1.2 Important Clickjacking Fix CVE-2026-38978

Calendar White Jun 05, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 44 libre 4.8.1 Critical Update Details for Real-Time Communication

Calendar White Jun 05, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 44 NextCloud Update Denial of Service JSON Tampering 2026-30881a5be7

Calendar White Jun 05, 2026
Important
Fedora Large Esm H800
Fedora

Fedora 44 python-starlette Security Fix for CVE-2026-48710

Calendar White Jun 05, 2026
Critical
Fedora Large Esm H900
Fedora

Fedora 44 perl-Cpanel-JSON-XS Moderate Denial of Service CVE-2026-9516

Calendar White Jun 05, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 44 rubygem-yard High Path Traversal Fix Vuln 2026-acefc1fe48

Calendar White Jun 05, 2026
high
Fedora Large Esm H800
Fedora

Fedora 44 Rust Sequoia Sop Low-Severity Fix Advisory 2026-5c5f4f40a4

Calendar White Jun 05, 2026
Low
Fedora Large Esm H900
Fedora

Fedora 44 rust-sequoia-sq Low Threat Security Advisory 2026-5c5f4f40a4

Calendar White Jun 05, 2026
Low
Fedora Large Esm H900
Fedora

Fedora 44 rust-sequoia-wot Low Severity Security Fix 2026-5c5f4f40a4

Calendar White Jun 05, 2026
Low
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -1 articles for you...
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryFedoracurl

Fedora 37: FEDORA-2022-645497fb95 Moderate: nghttp2 Update Announcement

- update to the latest upstream release. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-645497fb95 2022-09-12 17:36:48.816207 --------------------------------------------------------------------------------Name : nghttp2 Product : Fedora 37 Version : 1.49.0 Release : 1.fc37 URL : https://nghttp2.org/ Summary : Experimental HTTP/2 client, server and proxy Description : This package contains the HTTP/2 client, server and proxy programs. --------------------------------------------------------------------------------Update Information: - update to the latest upstream release --------------------------------------------------------------------------------ChangeLog: * Tue Aug 23 2022 Kamil Dudka 1.49.0-1 - update to the latest upstream release --------------------------------------------------------------------------------References: [ 1 ] Bug #2120533 - nghttp2-1.49.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2120533 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-645497fb95' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines ListArchives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . The latest nghttp2 release in Fedora 37 introduces upstream improvements and fixes. Update today for enhanced efficiency.. Fedora Update, nghttp2 Client, HTTP/2 Proxy, Security Update, Upstream Release. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Sep 12, 2022 Important Fedora
199
Ls Advisories Centos Esm H240
Price Tag 1security advisorysecurity issueimportant

CentOS 6: CESA-2020-1508 Important: java-1.7.0-openjdk Security Fix

Upstream details at : https://access.redhat.com/errata/RHSA-2020:1508. CentOS Errata and Security Advisory 2020:1508 Important Upstream details at : https://access.redhat.com/errata/RHSA-2020:1508 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 26e47d9aa242a8ff26a922cd6158f57919148a340d3a4a45eac954c6eae93f58 java-1.7.0-openjdk-1.7.0.261-2.6.22.1.el6_10.i686.rpm 350776ba966fcf4e4d56f7eaf34d49dc095a4cb26328ee474a26d02dd7688232 java-1.7.0-openjdk-demo-1.7.0.261-2.6.22.1.el6_10.i686.rpm 839da6b4f494a67b660bcf50e75b6c10113aec243207becd76bb15373d551290 java-1.7.0-openjdk-devel-1.7.0.261-2.6.22.1.el6_10.i686.rpm 99b50e96607dcb1da179ac9a25f2d5f1271bfe9aab9fe00c669b5a5a9c4a4a21 java-1.7.0-openjdk-javadoc-1.7.0.261-2.6.22.1.el6_10.noarch.rpm d70ec50fdef1d55ee0e053d28923c54d48700036699f66ebadca036fa996deda java-1.7.0-openjdk-src-1.7.0.261-2.6.22.1.el6_10.i686.rpm x86_64: dcaadaedd419044b567051754bda337448c76939fbb6511d2b9c080a4ce419fe java-1.7.0-openjdk-1.7.0.261-2.6.22.1.el6_10.x86_64.rpm d2271d2bd3c586871b777f3fe63b62744b80bb1620a213f0c8b05f4d3c5b07b3 java-1.7.0-openjdk-demo-1.7.0.261-2.6.22.1.el6_10.x86_64.rpm 043079714593561b7636db4712a2d9e0906ed8bf3ae4abc09b77175c28836db8 java-1.7.0-openjdk-devel-1.7.0.261-2.6.22.1.el6_10.x86_64.rpm 99b50e96607dcb1da179ac9a25f2d5f1271bfe9aab9fe00c669b5a5a9c4a4a21 java-1.7.0-openjdk-javadoc-1.7.0.261-2.6.22.1.el6_10.noarch.rpm aa768ae41a5f835d30b6773ae0f89e3a0e00c053e69615aaec957ae8e250381c java-1.7.0-openjdk-src-1.7.0.261-2.6.22.1.el6_10.x86_64.rpm Source: 7203176340c185894bab2ab36905072a5fa5e0f03462179066e7665c54a38df1 java-1.7.0-openjdk-1.7.0.261-2.6.22.1.el6_10.src.rpm -- Johnny Hughes CentOS Project { https://www.centos.org/ } irc: hughesjr, #This email address is being protected from spambots. You need JavaScript enabled to view it. Twitter: @JohnnyCentOS _______________________________________________ CentOS-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Critical CentOS 6 notification pertains to java-1.7.0-openjdk remedies and revisionsaddressing vulnerabilities. Immediate attention required for safeguarding systems.. CentOS Update, Java Security, Security Advisory, Linux Patch. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Apr 27, 2020 Important CentOS
Banner 2 1028x280 1708121730 1 1771599631
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorybuffer overflowremote code execution

SUSE: 2007-068 Moderate: Samba Buffer Overflow Remote Code Execution

The Samba suite is an open-source implementatin of the SMB protocol. The Samba suite is an open-source implementatin of the SMB protocol. This update of samba fixes a buffer overflow in function send_mailslot() This update of samba fixes a buffer overflow in function send_mailslot() that allows remote attackers to overwrite the stack with 0 (via memset(3)) by sending specially crafted SAMLOGON pac [More...]. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: samba Announcement ID: SUSE-SA:2007:068 Date: Wed, 12 Dec 2007 09:00:00 +0000 Affected Products: SUSE LINUX 10.0 SUSE LINUX 10.1 openSUSE 10.2 openSUSE 10.3 UnitedLinux 1.0 SuSE Linux Enterprise Server 8 SuSE Linux Openexchange Server 4 SuSE Linux Desktop 1.0 SuSE Linux Standard Server 8 SuSE Linux School Server SUSE LINUX Retail Solution 8 SUSE SLES 9 Novell Linux Desktop 9 Open Enterprise Server Novell Linux POS 9 SUSE Linux Enterprise Desktop 10 SP1 SLE SDK 10 SP1 SUSE Linux Enterprise Server 10 SP1 Vulnerability Type: remote code execution Severity (1-10): 7 SUSE Default Package: no Cross-References: CVE-2007-6015 Content of This Advisory: 1) Security Vulnerability Resolved: buffer overflow fixed in send_mailslot() Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion The Samba suite is an open-source implementatin of the SMB protocol. This update of samba fixes a buffer overflow in function send_mailslot() that allows remote attackers to overwrite the stack with 0 (via memset(3)) by sending specially crafted SAMLOGON packets. This bug can only be triggered if option "domain logon" is enabled. 2) Solution or Work-Around Please install the update. 3) Special Instructions and Notes restart the samba daemon 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv to apply the update, replacing with the filename of the downloaded RPM package. x86 Platform: openSUSE 10.3: 0e5535e4f9c58befed9342a7ab1189ab 2a0a8ce1d69d105590e054cc301085e6 9354979f15b5abef17072f0203745ddf 74629f5f4b761042b30d9336c97e5b6f dbcbee4977b3beeb2a46e5b56003604c 7a6c5f65bb9aed832cec9221e41f76ef f04c0399479ecc681daa1330a187009b 92f8de627f39372775c46cc588000e31 1ee63cc24bb7862c3f80a492883a6e82 b7dcfa6d0918bb8b872901d14360824e 4a4c54c5e1bdc81d1072d547de7568bf 84c34910588e03462d122272b12abd22 c0da4925b38c010df8ea8cfbe22b17b8 68cdda40cb0ccd5bd66bc6d0c6a967b9 93cdaa0a3be9f28b1f72606cd7b13dfe openSUSE 10.2: afaa4c73ed2b630be1851db84b9c125d 7666f91e8d67dc1f8bee49e4cb0901eb 1601f1584035d7cb330067365af4acb4 b36d408ad52e39846e24c92546ff0517 3997a33f24a9f6c7fa02e5d4747f134f 6e3587e997434f4dab0c3cd531cbcc98 b6b9ad383af96ca2cd910785db95048d b0d9d68df8b89a51a831d3cfa742ce71 37f8f48ac1843b8e97a7c987d7079e64 9b6c38491f7468a6a7615d436898fa5b e4ab347d68622fc88ddc67a93d626eaf ce4f8adcdbf52a0d5dd7f935e69639af e955a157680e5b6247c18bc5034c82d1 SUSE LINUX 10.1: 2f05943a1460501e9ca60a4bd549da08 cd3711d293c3fe75869ec5988cc67573 686c003b70948a3be1fd08abfa1f3dcc d1bcf481db15df72b33a08c3d7c3e5d9 6b57bda44d4f6ab9bb8f461d822f5788 7b273fe131866037e60772b159b1c5b0 845322afd91dddf6ac2dc8e0fbc39945 1c55254ce8e2deeae55b091bb8e94f87 7e2a2c98c8aca6585fe596e2a54eb88d 250037bcd87bc1bc224777c8e851228f b30796df04b4a725e8d84f3f67c59db1 34acf5453bb5af282aef0ecd1f7abdb3 SUSE LINUX 10.0: aa3510d45fee741cbc686ea61c80ec54 350c28feca2c5df9aa60126d7e1bb307 e3db796664063204bc235d770050dc55 2755f1fb5543a12616e6e5d63bd02fd9 6aff05575f28129adc6854e9bbb19d2b 5b46e739f2710e67832bf349b7d701de f13a8777d576b78696f5093cc7ee29ff d3eab9eace2d9f4f4da161aeb1ad7a16 720af50848e8fda98933c816a7ad556e 36ef7b26083b51ade9b0faf74c916834 51f4572af72d962929017527b7d5efdd Platform Independent: openSUSE 10.3: 39467dee7de97fbfe021ad192ef3d572 openSUSE 10.2: a1b924be38bc5da02cf397271403fb15 SUSE LINUX 10.1: 5926d68856a69a339b6f9932ccd8b1fd Power PC Platform: openSUSE 10.3: 0cd62968d1c4aa6d9211c3439a117a68 a6f9195f03ab26487b52f60fd78698ed 6a185e53ce56877e6ce11553820eabe7 9a34657070463217e9e9df9687143d60 c5f7822d14047a6bcc5f9be210ef6e7b a3b16e3141481d5f1790324f03833d61 c42d71369f0149e83c55ebb7181588a3 56bfac393c26f8ed185cf288c0ec3284 07d93ee1ba0f8ba800dd225d4b9f952a 2b3b282ca2d9a71ac62ab4419345016b 1f01b5a13517cc5ccf12528c8b50d68a 05a65ebf61b618b1c4c4db4ab5f8ca33 f3be951b3cfdc871ff36e592d498e4b3 74292b93b66f7b2bbefb5187adfed6e4 4b281ee450b53b2982e5183e35b2f5c9 openSUSE 10.2: f2444c5e913e2d84a6cded6c5c794ee6 78c64dc20ebb8a3a6a175f15d504d92c db9db8c1ecfc417ec2f2720d42940d70 58a63d9a08dcd9a13129fd1f880fa1b6 d64260ddfa5bc6b5e3c9c3c2447c8f0f 5c7c53ccd7b10d89165bcbed29aded9e eed181f7254fed5b96356607c6d03389 026fba74fd7dceab4eab79eb8bef8d45 36877bb2af6e0cc2acef236e242e5b52 d28ad04339a82d79124ad9abedd2dcf6 f42c732902e8af6717129cc14a6a974f 4ee6aa7c5a5dfb0fc0bf91c5ce170b18 98521632e3273836892abfc9a8850ec8 SUSE LINUX 10.1: f0e56f33899d4868cd4ae6ac7d6eacab 481cabc078d52395d07a03afb9260a43 f460869c64684d95096e1331586dacdb acf03549cb101d7173c0412e12edad1d d53304f19b32f5b93a62e0efb69cb039 205ac90f2737fd0d12bec7c21c718a49 88304fbd17ff4f68bff897f83a4eed71 e85c92e8e1069b727de46dc8dba21178 7310693b8985014d3c0e49be93108507 c54bf91f4bf84ee9087aa5f6631c849e b0f48534514cbfbcccbcaef082c279ee 75c135d1bc2c0242ee467b1ff61da8e8 SUSE LINUX 10.0: 73b81b3856589b55b94fda3dc519f9ec 69e4ba509db113d219bd6d6b4514d74f 67be23ebf3c5690c69daa724c11ca546 4ad9822904c9c1a730ea98ad94b6912c 132d85fe5bafdde591937e905ed1dfdf 28c59d931ef479e419382b1f1c1c10ca 21b923582b3179d48eee80a6204a9f5d 68c41fccb41731ab0b82152c42503fb7 3317974bcf40ecd486874ed515dfbdaa bed5f00541dbf418ee2c266daa92c6a7 f378061ff72f1d7f2e2512d291575cb9 x86-64 Platform: openSUSE 10.3: af0f7a523a45b6db682fe22baa726478 c74da5b770b833e83c2de23763e19d9b ba8a8c86b2abc2dd07638a14acf8a749 8502b0e45b25df6153622a2ec680d2c6 a2d40bf47101679f432acf277699ab1c e2261330c01aa2cd610c01c31a3e71b3 8ac32adf2af43277ad39df05885cf004 9c92b0ad6910b5a91801118fd53a3f14 c6b097b4292fec495b59ba09354b12cf b55934f29d8a486d2abc3b2b4536e7d3 e67397a0cdcca4ffe33d458a078a71ab 216ec6be569f63742ecbf4a787e1824b 068f0ceb354a0f0741c1f1a743710dc0 c138f629b99d53769e8f18581578991d 3a001c4d1796128725e1ead04732ece1 d3cad141787e3e564d2bfd88823261e3 3479f65df3061ec6fe2f4c5f5d3e4364 b24df7dd9097e4c35385fa60d638aea2 08ca3c1773eccba6cebe600f0198bc57 openSUSE 10.2: 9081c59e9c88c537f7fecb4999070fa1 5b5d5cc40f7b51b5473c2effec7a961d b5f5bbd929ccbfb4fdeef987f1a0a7f2 3e0f3ac7cbcc182a66f99ce147812123 64377e86d45de128b22af942cab575ea 8e21116ddd67f748ba49b453e64f16af 36a4c1b65cfdd027a4726b85df6d7e75 6bd4864e67f9450d119029b8744289ad 514f048e68196dc85787ed84a209be48 cec9ba17ea0abb1962bcbc9b8791f72a af7c9a1aed49df4020a7720f5f5721f0 8d1faa3f69aeaaf9cc20d22c9dc369d9 39e1bdfdcca7e49a911efb00f33717e7 e7ac921e2ed73fce7463b0dbb2b96461 106e3660b76b9499501a0e61b01059c8 43465347bf1d998eeb3e40c3b50995a6 44fa9cfafb953cdc2e183dc8d6937acb SUSE LINUX 10.1: f399c965065c9d15fa9eb6c25d75dfd0 6ebe4219211e90da6771db9c5fa17e65 d268f0edf1ec53bdfdcc9193dab34a1a a60678ede2d3c252b2dbc907585f9059 5de55c73b1addb72fec37b90ee33b5ab d5e9f4362f7b93a23a89509b5529fab7 f0847fd830347f01686ff8ff10f01cfb b3b21034e364084d9a0437943b126007 c01154efe5c8703ba2eefb765ad92c8b fe1c09a1bd074c5b5eafdffa6dbe8690 754ec0cfbd5dc4f698c8d5d1ee6fac6b c657a9008ec9c024efbb58938e922c73 7b3a2dab4dcd936e9e9cc3165a9d5a9f e87a1a9191785d22210da556bd31da5f dff37b747c895070babb9638702a3750 827202c10aeeb251e2e40a0065abb0ab SUSE LINUX 10.0: 2aad8134654b11f9fdfcb658ed8637a5 723e5b47831f247b8f5e37dca0a2bfdb 4a5a603903cb13158895e26baec491c5 29814d08bf2348e753a19819df3beb14 4bb34360311fad4524d5167a025b145c 99aaf715ae30f7774842f1eba35820f3 c2646918e6044d0052c36dab4ffd0e93 93ffe07900ccd4c5d8e0cbacfc5e5403 5226a870eb989b475cc6a871cc024cf3 73adc1b93d86c22df501076a9a41bb68 a0f2c6fbcb92acc477370ff5609e177c 35e2801afd91d1fd4f1663c61aaa7fb4 Sources: openSUSE 10.3: 0c51e5e8c284b4a4d92e75c8e8eb8831 482dcc2dfce7d00c253ace3465400e6e openSUSE 10.2: 6d6bcf35be28199114f4e43bba61f43b 4ed2b2447d2ef68f982e803270dc9b1b SUSE LINUX 10.1: 3319209b169a2f45f066ab8934148b88 bb2e30f3bbcd5181e0d6ad6b6868d225 SUSE LINUX 10.0: ae95f8c0dc92a4096ff84ab83c8753fd Our maintenance customers are notified individually. Thepackages are offered for installation from the maintenance web: UnitedLinux 1.0 http://support.novell.com/techcenter/psdb/62b9c0440dd934e47058664687d5b084.html SuSE Linux Openexchange Server 4 http://support.novell.com/techcenter/psdb/62b9c0440dd934e47058664687d5b084.html Open Enterprise Server http://support.novell.com/techcenter/psdb/62b9c0440dd934e47058664687d5b084.html Novell Linux POS 9 http://support.novell.com/techcenter/psdb/62b9c0440dd934e47058664687d5b084.html Novell Linux Desktop 9 http://support.novell.com/techcenter/psdb/62b9c0440dd934e47058664687d5b084.html SuSE Linux Enterprise Server 8 http://support.novell.com/techcenter/psdb/62b9c0440dd934e47058664687d5b084.html SuSE Linux Standard Server 8 http://support.novell.com/techcenter/psdb/62b9c0440dd934e47058664687d5b084.html SuSE Linux School Server http://support.novell.com/techcenter/psdb/62b9c0440dd934e47058664687d5b084.html SUSE LINUX Retail Solution 8 http://support.novell.com/techcenter/psdb/62b9c0440dd934e47058664687d5b084.html SuSE Linux Desktop 1.0 http://support.novell.com/techcenter/psdb/62b9c0440dd934e47058664687d5b084.html SUSE Linux Enterprise Server 10 SP1 http://support.novell.com/techcenter/psdb/62b9c0440dd934e47058664687d5b084.html SLE SDK 10 SP1 http://support.novell.com/techcenter/psdb/62b9c0440dd934e47058664687d5b084.html SUSE Linux Enterprise Desktop 10 SP1 http://support.novell.com/techcenter/psdb/62b9c0440dd934e47058664687d5b084.html SUSE SLES 9 http://support.novell.com/techcenter/psdb/62b9c0440dd934e47058664687d5b084.html ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSEsecurity announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify replacing with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team " where is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig to verify the signature of the package, replacing with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from This email address is being protected from spambots. You need JavaScript enabled to view it. with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and thegpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by This email address is being protected from spambots. You need JavaScript enabled to view it.), the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: This email address is being protected from spambots. You need JavaScript enabled to view it. - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to . This email address is being protected from spambots. You need JavaScript enabled to view it. - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to . ==================================================================== SUSE's security contact is or . The public key is listed below. ==================================================================== . Update for Samba on SUSE addresses a buffer overflow that allows remote code execution, ensuring system integrity.. Samba Security, Remote Code Execution, Buffer Overflow. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Dec 12, 2007 Important SuSE
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorySUSEremote denial of service

SUSE: 2022-045 Low: gnome-shell Memory Overflow Vulnerability

Several bugs were fixed in Vipuls Razor spam detection framework. Several bugs were fixed in Vipuls Razor spam detection framework. These bugs could lead to remote denial-of-service conditions due to processing malformed messages and possible stepping into infinite loops. 2) Solution or Work-Around. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: razor-agents Announcement ID: SUSE-SA:2005:035 Date: Tue, 23 Jun 2005 09:00:00 +0000 Affected Products: 8.2, 9.0, 9.1, 9.2, 9.3 Vulnerability Type: remote denial of service Severity (1-10): 4 SUSE Default Package: no Cross-References: None. Content of This Advisory: 1) Security Vulnerability Resolved: denial of service attack against Vipuls razor Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion Several bugs were fixed in Vipuls Razor spam detection framework. These bugs could lead to remote denial-of-service conditions due to processing malformed messages and possible stepping into infinite loops. 2) Solution or Work-Around Please install the updated packages. 3) Special Instructions and Notes Please restart any service using razor-agents. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessarysteps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv to apply the update, replacing with the filename of the downloaded RPM package. Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web. x86 Platform: SUSE Linux 9.3: 676b7c6d977f0ed2b92ba313fa269689 SUSE Linux 9.2: fc88751db9c4a14e5fbf6221d4ec5ad9 SUSE Linux 9.1: 889f8c37bbc80d520d6c4ecbfeff1913 source rpm(s): a49208f7438160852e1dff387a70beea SUSE Linux 9.0: 7d831ac330b9ca512722ac1754ec3236 source rpm(s): db088de6b5cb8a5b67dfa485fdd22991 SUSE Linux 8.2: d96fc57ad82f716dd421f0bca1c45b57 source rpm(s): 982a7860c698f1ea9a554128ce34b45b x86-64 Platform: SUSE Linux 9.3: a1cd46cabd6e45c8f9d5ad7405085d04 source rpm(s): 5f9642b047be597bfbed8229d3098e76 SUSE Linux 9.2: 18157e6d2a2582b9a45b3a62be18ddb5 source rpm(s): 7f9d70373765389ab8284bd274af6d2d SUSE Linux 9.1: a4824f88fcb85f610ca738b6c729744c source rpm(s): 5b064357f7db0574e7b89add57a3738f SUSE Linux 9.0: 6ecca2f0cd15f7804d04dac04ad22ce6 source rpm(s): 7765df46f6b332e835da33ab04784d6e ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. Theauthenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify replacing with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team " where is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig to verify the signature of the package, replacing with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from This email address is being protected from spambots. You need JavaScript enabled to view it. with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on thefirst installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by This email address is being protected from spambots. You need JavaScript enabled to view it.), the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: This email address is being protected from spambots. You need JavaScript enabled to view it. - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to . This email address is being protected from spambots. You need JavaScript enabled to view it. - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to . For general information or the frequently asked questions (FAQ), send mail to or . ==================================================================== SUSE's security contact is or . The public key is listed below. ==================================================================== . SUSE Security Bulletin regarding razor-agents focuses on remediation for denial-of-service vulnerabilities through a critical update.. Razor-Agents Denial Of Service, SUSE Security Announcement, remote exploit patch. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jun 23, 2005 Important SuSE
Banner 2 1028x280 1708121730 1 1771599631
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorybuffer overflowremote execution

SUSE 9.1/9.2: 2005-015 Moderate: OpenSLP Buffer Overflow Risk

The SUSE Security Team reviewed critical parts of the OpenSLP package, The SUSE Security Team reviewed critical parts of the OpenSLP package, an open source implementation of the Service Location Protocol (SLP). an open source implementation of the Service Location Protocol (SLP). SLP is used by Desktops to locate certain services such as printers and by servers to announce their services. [More...]. -----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SUSE Security Announcement Package: openslp Announcement-ID: SUSE-SA:2005:015 Date: Mon, March 14th 14:41:14 CET 2005 Affected products: 9.1, 9.2 SUSE Linux Enterprise Server 9 Novell Linux Desktop 9 Vulnerability Type: remote command execution Severity (1-10): 5 SUSE default package: Yes. Cross References: - Content of this advisory: 1) security vulnerability resolved: Buffer overflows in OpenSLP. problem description 2) solution/workaround 3) special instructions and notes 4) package location and checksums 5) pending vulnerabilities, solutions, workarounds: - squirrelmail - Koffice 6) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion The SUSE Security Team reviewed critical parts of the OpenSLP package, an open source implementation of the Service Location Protocol (SLP). SLP is used by Desktops to locate certain services such as printers and by servers to announce their services. During the audit, various buffer overflows and out of bounds memory access have been fixed which can be triggered by remote attackers by sending malformed SLP packets. 2)solution/workaround There is no easy workaround except to shut down the slpd and to stop using involved clients. 3) special instructions and notes Please make sure that all running instances of slpd which were started before the update are terminated. After the update, run the following command as root: /usr/sbin/rcslpd try-restart 4) package location and checksums Download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command "rpm -Fhv file.rpm" to apply the update. Our maintenance customers are being notified individually. The packages are being offered for installation from the maintenance web. x86 Platform: SUSE Linux 9.2: e183a877674fd83b401759c071f8ebfb b68232aa97424dea8938fb07c67ee968 d15cb7cd7b224811cca38d4992d6dde9 patch rpm(s): 24fecfe10275f3995be1248307a29d8c 0b0d8b6a0bbdc8b4962f12ee0465a083 593b7c9104f1179761c2cac54431fec7 source rpm(s): a4852023f752182d68cea815d5905d7e SUSE Linux 9.1: fa20a6d60a64aff0998eed99fab4a9af 604d8b96c9bfbce6b2fac07e37465636 cd6851d2adcf9439c9dcc317de052089 patch rpm(s): 7b4688c03fd664d6742a70245530d4a6 4b46e36bd47cbb8ce2d08225dcca2c88 002c614947ede188c85bb4fb62dfdbd6 source rpm(s): 2b29878d5706dccf0b5b5902c3e9315c x86-64 Platform: SUSE Linux 9.2: dba5224660ab6f76846d5be2d2c3531d 6ab38f02002f44e24e9617794c7a50b5 d3ccb03fe6c509b05a278c60ca7be889 patch rpm(s): a9c86a43725a13fb14c86af85ace7131 cc83600072f4d3f5ededeb60c16bc25b b91a5bb0ce85bd5f30db9c794618dc00 source rpm(s): a4852023f752182d68cea815d5905d7e SUSE Linux 9.1: f15832a7d86cad37f73671123c3a1706 e418cd6a08fce7a0091fef7b4f801dd2 5f409e569a149cf83ddaf7fdb6a41dcb patch rpm(s): 737bb45b6d95f0fac5d31f2b95924b1d 8a14bb253b411bf6de617a557b2dcd6f 6936b808204a5a48faccdf8446b72a80 source rpm(s): 2e443c1bedac57827cc9d2363e0d25b1 ______________________________________________________________________________ 5) Pending vulnerabilities in SUSE Distributions and Workarounds: - squirrelmail New squirrelmail packages for the S/MIME plugin command injection vulnerability are available on our ftp servers. - Koffice New Koffice packages are available on our ftp servers, fixing buffer overflows in the pdf engine. ______________________________________________________________________________ 6) standard appendix: authenticity verification, additional information - Package authenticity verification: SUSE update packages are available on many mirror ftp servers all over the world. While this service is being considered valuable and important to the free and open source software community, many users wish to be sure about the origin of the package and its content before installing the package. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or rpm package: 1) md5sums as provided in the (cryptographically signed) announcement. 2) using the internal gpg signatures of the rpm package. 1) execute the command md5sum after you downloaded the file from a SUSE ftp server or its mirrors. Then, compare the resulting md5sum with the one that is listed in the announcement. Since the announcement containing the checksums is cryptographically signed (usually using the key This email address is being protected from spambots. You need JavaScript enabled to view it.), the checksums show proof of the authenticity of the package. We recommend against subscribing to security lists that cause the e-mail message containing the announcement to be modified so that the signature does notmatch after transport through the mailing list software. Downsides: You must be able to verify the authenticity of the announcement in the first place. If RPM packages are being rebuilt and a new version of a package is published on the ftp server, all md5 sums for the files are useless. 2) rpm package signatures provide an easy way to verify the authenticity of an rpm package. Use the command rpm -v --checksig to verify the signature of the package, where is the file name of the rpm package that you have downloaded. Of course, package authenticity verification can only target an uninstalled rpm package file. Prerequisites: a) gpg is installed b) The package is signed using a certain key. The public part of this key must be installed by the gpg program in the directory ~/.gnupg/ under the user's home directory who performs the signature verification (usually root). You can import the key that is used by SUSE in rpm packages for SUSE Linux by saving this announcement to a file ("announcement.txt") and running the command (do "su -" to be root): gpg --batch; gpg < announcement.txt | gpg --import SUSE Linux distributions version 7.1 and thereafter install the key "This email address is being protected from spambots. You need JavaScript enabled to view it." upon installation or upgrade, provided that the package gpg is installed. The file containing the public key is placed at the top-level directory of the first CD (pubring.gpg) and at . - SUSE runs two security mailing lists to which any interested party may subscribe: This email address is being protected from spambots. You need JavaScript enabled to view it. - general/linux/SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an email to . This email address is being protected from spambots. You need JavaScript enabled to view it. - SUSE's announce-only mailing list. Only SUSE's securityannouncements are sent to this list. To subscribe, send an email to . For general information or the frequently asked questions (faq) send mail to: or respectively. ==================================================================== SUSE's security contact is or . The public key is listed below. ==================================================================== . SUSE Security Announcement introduces an update for OpenSLP, addressing vulnerabilities linked to buffer overflows that may enable remote code execution; marked as critical.. OpenSLP Update, SUSE Server Security, Buffer Overflow Fix. . LinuxSecurity.com Team

Calendar 2 Mar 14, 2005 SuSE
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorydenial of servicesoftware update

SUSE Linux 9.1: SUSE-SA:2004:029 Critical: zlib DoS Vulnerability

zlib is a widely used data compression library. Programs linked against it zlib is a widely used data compression library. Programs linked against it include most desktop applications as well as servers such as Apache and include most desktop applications as well as servers such as Apache and OpenSSH. The 'inflate' function of zlib handles certain input data incorrectly which could lead to a deni [More...]. -----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SUSE Security Announcement Package: zlib Announcement-ID: SUSE-SA:2004:029 Date: Thursday, Sep 2nd 2004 17:30:00 MEST Affected products: 9.1 SUSE Linux Enterprise Server 9 Vulnerability Type: denial of service Severity (1-10): 3-5 SUSE default package: yes Cross References: CAN-2004-0797 VU#238678 Content of this advisory: 1) security vulnerability resolved: - denial of service condition in zlib 2) solution/workaround 3) special instructions and notes 4) package location and checksums 5) pending vulnerabilities, solutions, workarounds: - gaim - opera - imlib, imlib2 6) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion zlib is a widely used data compression library. Programs linked against it include most desktop applications as well as servers such as Apache and OpenSSH. The 'inflate' function of zlib handles certain input data incorrectly which could lead to a denial of service condition for programs using it with untrusted data. Whether the vulnerability can be exploided locally or remotely depends on the application using it. zlibversions older than version 1.2 are not affected. 2) solution/workaround There is no known workaround. 3) special instructions and notes After applying the update all programs linked against libz must be restarted. 4) package location and checksums Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command "rpm -Fhv file.rpm" to apply the update. Our maintenance customers are being notified individually. The packages are being offered to install from the maintenance web. x86 Platform: SUSE Linux 9.1: 831b925bd07550e53fcef3657416675d 10f7fb0af45b2c0fd436ddc8a2876697 patch rpm(s): 4a0b7a87fc8ed9129b6d940d8b577aa7 75b7929b89794b07ae96ce6bb833fcb0 source rpm(s): 1cb7920050dc98a04377837f626ebd33 x86-64 Platform: SUSE Linux 9.1: df1d74ebec5f74da7244ba8fff23feb0 284ab472d375c567557a9256ca55cdc3 patch rpm(s): 7b49fd8bc2c06becd0aec7db62e4cd3d a62b558fd4f683eddce9615090ef01b4 source rpm(s): 1ab725bb307b26a928edadfdb2d57cbc ______________________________________________________________________________ 5) Pending vulnerabilities in SUSE Distributions and Workarounds: - gaim Various buffer overflow conditions have been found in the gaim instant messenger. The MSN protocol parsing has already been fixed with the packages announced in the SUSE Security Announcement SUSE-SA:2004:025. The packages which fix the other pending bugs in gaim will be available on our FTP servers soon. - opera The web-browser opera is affected by several security bugs. New packages will soon be available on our FTP servers. - imlib, imlib2 Buffer overflows in the BMP image loader of imlib and imlib2 have been discovered. New packages will be available on our FTP serverssoon. ______________________________________________________________________________ 6) standard appendix: authenticity verification, additional information - Package authenticity verification: SUSE update packages are available on many mirror ftp servers all over the world. While this service is being considered valuable and important to the free and open source software community, many users wish to be sure about the origin of the package and its content before installing the package. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or rpm package: 1) md5sums as provided in the (cryptographically signed) announcement. 2) using the internal gpg signatures of the rpm package. 1) execute the command md5sum after you downloaded the file from a SUSE ftp server or its mirrors. Then, compare the resulting md5sum with the one that is listed in the announcement. Since the announcement containing the checksums is cryptographically signed (usually using the key This email address is being protected from spambots. You need JavaScript enabled to view it.), the checksums show proof of the authenticity of the package. We disrecommend to subscribe to security lists which cause the email message containing the announcement to be modified so that the signature does not match after transport through the mailing list software. Downsides: You must be able to verify the authenticity of the announcement in the first place. If RPM packages are being rebuilt and a new version of a package is published on the ftp server, all md5 sums for the files are useless. 2) rpm package signatures provide an easy way to verify the authenticity of an rpm package. Use the command rpm -v --checksig to verify the signature of the package, where is the filename of the rpm package that you have downloaded. Of course, package authenticity verification can onlytarget an un-installed rpm package file. Prerequisites: a) gpg is installed b) The package is signed using a certain key. The public part of this key must be installed by the gpg program in the directory ~/.gnupg/ under the user's home directory who performs the signature verification (usually root). You can import the key that is used by SUSE in rpm packages for SUSE Linux by saving this announcement to a file ("announcement.txt") and running the command (do "su -" to be root): gpg --batch; gpg < announcement.txt | gpg --import SUSE Linux distributions version 7.1 and thereafter install the key "This email address is being protected from spambots. You need JavaScript enabled to view it." upon installation or upgrade, provided that the package gpg is installed. The file containing the public key is placed at the top-level directory of the first CD (pubring.gpg) and at . - SUSE runs two security mailing lists to which any interested party may subscribe: This email address is being protected from spambots. You need JavaScript enabled to view it. - general/linux/SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an email to . This email address is being protected from spambots. You need JavaScript enabled to view it. - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an email to . For general information or the frequently asked questions (faq) send mail to: or respectively. ==================================================================== SUSE's security contact is or . The public key is listed below. ==================================================================== . Explore the SUSE Linux security advisory regarding zlib, which tackles a denial of service vulnerability with specified update instructions.. zlib Security, Denial of Service, SUSE Announcement,Software Patch. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Sep 02, 2004 Critical SuSE
Banner 2 1028x280 1708121730 1 1771599631
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorylocal privilege escalationSuSE

SuSE: 2001:11 Moderate Risk of mc Local Privilege Escalation Threat

A local attacker could trick mc into executing commands with the privileges of the user running mc. ______________________________________________________________________________ SuSE Security Announcement Package: mc Announcement-ID: SuSE-SA:2001:11 Date: Tuesday, April 10th, 2001 15.21 MEST Affected SuSE versions: 6.1, 6.2, 6.3, 6.4, 7.0, 7.1 Vulnerability Type: local privilege escalation Severity (1-10): 4 SuSE default package: no Other affected systems: all system using mc Content of this advisory: 1) security vulnerability resolved: mc problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information The Midnight Commander, mc(1), is a ncurses-based file manager. A local attacker could trick mc(1) into executing commands with the privileges of the user running mc(1) by creating malicious directory names. This attack leads to local privilege escalation. There does no workaround exist. The only solution is to update the mc package. Download the update package from locations desribed below and install the package with the command `rpm -Uhv file.rpm'. The md5sum for each file is in the line below. You can verify the integrity of the rpm files using the command `rpm --checksig --nogpg file.rpm', independently from the md5 signatures below. i386 Intel Platform: SuSE-7.1 c1eb197dff39e61065c498fa91347836 source rpm: cb768e70eacbf622464a71d8b5983769 SuSE-7.0 2770c2df6acd3e3ec8d9195e689aa037 source rpm: 579a86de5c2a14e61d0b6097611fdfb7 SuSE-6.4 c16569cbbeb1d42823c1b6abdd61c03e source rpm: d30069c9d3bf76b6f90d11b6cff86133 SuSE-6.3 655a6cac8bdb49789ee55c3bdc38e104 source rpm: 969a5f5427e04ea2710516ae3b9360c6 SuSE-6.2 c6cf641cd54c976df4f64a0fa1263d65 source rpm: ccdd4d9e727edc45c610013f69af9c86 SuSE-6.1 2dd900869259558ef6ad9b16e056322d source rpm: 10c3a9ae63cbd8e43923f9245bba166c Sparc Platform: SuSE-7.0 16fab4824da5347fe243bfd8a3196a02 source rpm: f8a51dd5975e6c1c34492f1fae6c66c7 AXP Alpha Platform: SuSE-6.4 dd80759475ca682a421cdd7dff4c6539 source rpm: 1d98da3743c951003b99bf8b88b577f1 SuSE-6.3 31a77b496e6c4185b0d9dd50336fb238 source rpm: dae662f3de8f42590feb62e1dc3abce8 SuSE-6.1 58906f33013bc64cc090ed56c05ab6d7 source rpm: 32727c15d6df11ceaa07afbd67b96b64 PPC PowerPC Platform: SuSE-7.0 0f17db922b03ee5db09e46311b5c1096 source rpm: aa1d77e05edd2b6097896be3bc3433d2 SuSE-6.4 018dbd5d4f7ed760e5fcfe22bceee016 source rpm: e56125ce9edd85accd1ea2830e578504 ______________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: - We are in the process of preparing update packages for the man package which has been found vulnerable to a commandline format string bug. The man command is installed suid man on SuSE systems. When exploited, the bug can be used to install a different man binary to introduce a trojan into the system. As an interim workaround, we recommend to `chmod -s /usr/bin/man´ and ignore the warnings and errors when viewing manpages. - Two bugs were found in the text editor vim. These bugs are currently being fixed. - A bufferoverflow in sudo was discovered andfixed RPMs will be available as soon as possible. A exploit was not made public until now. - NEdit a GUI-style text editor needs an update due to a tmp race condition. The source code is currently being reviewed and new RPMs will be available within the next days. ______________________________________________________________________________ 3) standard appendix: SuSE runs two security mailing lists to which any interested party may subscribe: This email address is being protected from spambots. You need JavaScript enabled to view it. - general/linux/SuSE security discussion. All SuSE security announcements are sent to this list. To subscribe, send an email to . This email address is being protected from spambots. You need JavaScript enabled to view it. - SuSE's announce-only mailing list. Only SuSE's security annoucements are sent to this list. To subscribe, send an email to . For general information or the frequently asked questions (faq) send mail to: or respectively. ============================================== SuSE's security contact is . ============================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. SuSE GmbH makes no warranties of any kind whatsoever with respect to the information contained in this security advisory. . SuSE Security Advisory covering mc addresses a local privilege escalation risk, including details on the patches applied and the evaluation of potential threat levels.. SuSE Mc Update, Local Privilege Escalation, Security Announcement. . LinuxSecurity.com Team

Calendar 2 Apr 10, 2001 SuSE
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorySuSEsoftware update

SuSE 6.x Advisory: Remote Code Execution Risk in qpop Package

The qpop 2.53 does not check the mail header for invalid input.. -----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SuSE Security Announcement Package: pop

Calendar 2 Jun 09, 2000 Critical SuSE
Banner 2 1028x280 1708121730 1 1771599631
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here