Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
89
security advisorysecurity updatefedoraFedora 44 php-zumba-json-serializer Security Advisory 2026-ce5f5c292d
Version 3.2.4 Fix serialization of parent class private properties by @Copilot in #71 Fix fatal error when serializing objects with uninitialized typed properties by @Copilot in #68 Version 3.2.3. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-ce5f5c292d 2026-03-07 00:17:58.502071+00:00 -------------------------------------------------------------------------------- Name : php-zumba-json-serializer Product : Fedora 44 Version : 3.2.4 Release : 1.fc44 URL : https://github.com/zumba/json-serializer Summary : Serialize PHP variables Description : This is a library to serialize PHP variables in JSON format. It is similar of the serialize() function in PHP, but the output is a string JSON encoded. You can also unserialize the JSON generated by this tool and have you PHP content back. Autoloader: /usr/share/php/Zumba/JsonSerializer/autoload.php -------------------------------------------------------------------------------- Update Information: Version 3.2.4 Fix serialization of parent class private properties by @Copilot in #71 Fix fatal error when serializing objects with uninitialized typed properties by @Copilot in #68 Version 3.2.3 [Security] Added method to restrict which classes can be unserialized. Security Advisory GHSA-v7m3-fpcr-h7m2 -------------------------------------------------------------------------------- ChangeLog: * Tue Feb 24 2026 Remi Collet - 3.2.4-1 - update to 3.2.4 * Thu Feb 19 2026 Remi Collet - 3.2.3-1 - update to 3.2.3 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-ce5f5c292d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key.More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Mar 07, 2026
Fedora
89
security advisoryfedoraimportantFedora 43: Critical Rust-Reqsign Update for Http Send Reqwest Serialization
Pydantic 2.12.4 This is the fourth 2.12 patch release, fixing more regressions, and reverting a change in the build() method of the AnyUrl and Dsn types.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-312ac3e645 2025-11-10 00:46:08.034331+00:00 -------------------------------------------------------------------------------- Name : rust-reqsign-http-send-reqwest Product : Fedora 43 Version : 2.0.1 Release : 1.fc43 URL : https://crates.io/crates/reqsign-http-send-reqwest Summary : Reqwest-based HTTP client implementation for reqsign Description : Reqwest-based HTTP client implementation for reqsign. -------------------------------------------------------------------------------- Update Information: Pydantic 2.12.4 This is the fourth 2.12 patch release, fixing more regressions, and reverting a change in the build() method of the AnyUrl and Dsn types. This patch release also fixes an issue with the serialization of IP address types, when serialize_as_any is used. The next patch release will try to address the remaining issues with serialize as any behavior by introducing a new polymorphic serialization feature, that should be used in most cases in place of serialize as any. https://github.com/pydantic/pydantic/releases/tag/v2.12.4 uv / python-uv-build 0.9.7 https://github.com/astral-sh/uv/releases/tag/0.9.7 0.9.6 This release contains an upgrade to Astral's fork of async_zip, which addresses potential sources of ZIP parsing differentials between uv and other Python packaging tooling. See GHSA-pqhf-p39g-3x64 for additional details. https://github.com/astral-sh/uv/releases/tag/0.9.6 ruff 0.14.3 https://github.com/astral-sh/ruff/releases/tag/0.14.3 Update rust-get-size2/rust-get-size-derive2 to 0.7.1 (implement GetSize for RefCell). Update rust-reqsign to 0.18.1 and rust-reqsign-* to 2.0.1. Update rust-regex to 1.12.2 and rust-regex-automata to0.4.13. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 5 2025 Benjamin A. Beasley - 2.0.1-1 - Update to version 2.0.1; Fixes RHBZ#2411982 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2403244 - rust-regex-1.12.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2403244 [ 2 ] Bug #2403245 - rust-regex-automata-0.4.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=2403245 [ 3 ] Bug #2406419 - rust-get-size2-0.7.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2406419 [ 4 ] Bug #2406420 - rust-get-size-derive2-0.7.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2406420 [ 5 ] Bug #2411957 - python-cloudpickle-3.1.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2411957 [ 6 ] Bug #2411978 - rust-reqsign-core-2.0.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2411978 [ 7 ] Bug #2411979 - rust-reqsign-command-execute-tokio-2.0.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2411979 [ 8 ] Bug #2411980 - rust-reqsign-aws-v4-2.0.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2411980 [ 9 ] Bug #2411981 - rust-reqsign-0.18.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2411981 [ 10 ] Bug #2411982 - rust-reqsign-http-send-reqwest-2.0.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2411982 [ 11 ] Bug #2411983 - rust-reqsign-file-read-tokio-2.0.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2411983 [ 12 ] Bug #2412643 - python-pydantic-2.12.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2412643 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-312ac3e645' at the command line. For moreinformation, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Nov 10, 2025
•Important
Fedora
98
security advisoryRed Hatsecurity impactRedHat Enterprise Linux 7 Security Advisory: RHSA-2020:0541-01 Important
An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: java-1.7.0-openjdk security update Advisory ID: RHSA-2020:0541-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:0541 Issue date: 2020-02-18 CVE Names: CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2659 ==================================================================== 1. Summary: An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es): * OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951)(CVE-2020-2601) * OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604) * OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590) * OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548) (CVE-2020-2593) * OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654) * OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) (CVE-2020-2583) * OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1790444 - CVE-2020-2583 OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) 1790556 - CVE-2020-2590 OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) 1790570 - CVE-2020-2601 OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951) 1790884 - CVE-2020-2593 OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548) 1790944 - CVE-2020-2604 OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) 1791217 - CVE-2020-2654 OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) 1791284 - CVE-2020-2659 OpenJDK: Incomplete enforcement of maxDatagramSockets limit inDatagramChannelImpl (Networking, 8231795) 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: java-1.7.0-openjdk-1.7.0.251-2.6.21.0.el7_7.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.251-2.6.21.0.el7_7.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.251-2.6.21.0.el7_7.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.251-2.6.21.0.el7_7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: java-1.7.0-openjdk-javadoc-1.7.0.251-2.6.21.0.el7_7.noarch.rpm x86_64: java-1.7.0-openjdk-accessibility-1.7.0.251-2.6.21.0.el7_7.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.251-2.6.21.0.el7_7.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.251-2.6.21.0.el7_7.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.251-2.6.21.0.el7_7.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.251-2.6.21.0.el7_7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: java-1.7.0-openjdk-1.7.0.251-2.6.21.0.el7_7.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.251-2.6.21.0.el7_7.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.251-2.6.21.0.el7_7.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.251-2.6.21.0.el7_7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: java-1.7.0-openjdk-javadoc-1.7.0.251-2.6.21.0.el7_7.noarch.rpm x86_64: java-1.7.0-openjdk-accessibility-1.7.0.251-2.6.21.0.el7_7.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.251-2.6.21.0.el7_7.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.251-2.6.21.0.el7_7.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.251-2.6.21.0.el7_7.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.251-2.6.21.0.el7_7.x86_64.rpm Red Hat Enterprise Linux Server (v.7): Source: java-1.7.0-openjdk-1.7.0.251-2.6.21.0.el7_7.src.rpm ppc64: java-1.7.0-openjdk-1.7.0.251-2.6.21.0.el7_7.ppc64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.251-2.6.21.0.el7_7.ppc64.rpm java-1.7.0-openjdk-devel-1.7.0.251-2.6.21.0.el7_7.ppc64.rpm java-1.7.0-openjdk-headless-1.7.0.251-2.6.21.0.el7_7.ppc64.rpm ppc64le: java-1.7.0-openjdk-1.7.0.251-2.6.21.0.el7_7.ppc64le.rpm java-1.7.0-openjdk-debuginfo-1.7.0.251-2.6.21.0.el7_7.ppc64le.rpm java-1.7.0-openjdk-devel-1.7.0.251-2.6.21.0.el7_7.ppc64le.rpm java-1.7.0-openjdk-headless-1.7.0.251-2.6.21.0.el7_7.ppc64le.rpm s390x: java-1.7.0-openjdk-1.7.0.251-2.6.21.0.el7_7.s390x.rpm java-1.7.0-openjdk-debuginfo-1.7.0.251-2.6.21.0.el7_7.s390x.rpm java-1.7.0-openjdk-devel-1.7.0.251-2.6.21.0.el7_7.s390x.rpm java-1.7.0-openjdk-headless-1.7.0.251-2.6.21.0.el7_7.s390x.rpm x86_64: java-1.7.0-openjdk-1.7.0.251-2.6.21.0.el7_7.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.251-2.6.21.0.el7_7.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.251-2.6.21.0.el7_7.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.251-2.6.21.0.el7_7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v.7): noarch: java-1.7.0-openjdk-javadoc-1.7.0.251-2.6.21.0.el7_7.noarch.rpm ppc64: java-1.7.0-openjdk-accessibility-1.7.0.251-2.6.21.0.el7_7.ppc64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.251-2.6.21.0.el7_7.ppc64.rpm java-1.7.0-openjdk-demo-1.7.0.251-2.6.21.0.el7_7.ppc64.rpm java-1.7.0-openjdk-src-1.7.0.251-2.6.21.0.el7_7.ppc64.rpm ppc64le: java-1.7.0-openjdk-accessibility-1.7.0.251-2.6.21.0.el7_7.ppc64le.rpm java-1.7.0-openjdk-debuginfo-1.7.0.251-2.6.21.0.el7_7.ppc64le.rpm java-1.7.0-openjdk-demo-1.7.0.251-2.6.21.0.el7_7.ppc64le.rpm java-1.7.0-openjdk-src-1.7.0.251-2.6.21.0.el7_7.ppc64le.rpm s390x: java-1.7.0-openjdk-accessibility-1.7.0.251-2.6.21.0.el7_7.s390x.rpm java-1.7.0-openjdk-debuginfo-1.7.0.251-2.6.21.0.el7_7.s390x.rpm java-1.7.0-openjdk-demo-1.7.0.251-2.6.21.0.el7_7.s390x.rpm java-1.7.0-openjdk-src-1.7.0.251-2.6.21.0.el7_7.s390x.rpm x86_64: java-1.7.0-openjdk-accessibility-1.7.0.251-2.6.21.0.el7_7.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.251-2.6.21.0.el7_7.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.251-2.6.21.0.el7_7.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.251-2.6.21.0.el7_7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: java-1.7.0-openjdk-1.7.0.251-2.6.21.0.el7_7.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.251-2.6.21.0.el7_7.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.251-2.6.21.0.el7_7.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.251-2.6.21.0.el7_7.x86_64.rpm java-1.7.0-openjdk-headless-1.7.0.251-2.6.21.0.el7_7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: java-1.7.0-openjdk-javadoc-1.7.0.251-2.6.21.0.el7_7.noarch.rpm x86_64: java-1.7.0-openjdk-accessibility-1.7.0.251-2.6.21.0.el7_7.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.251-2.6.21.0.el7_7.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.251-2.6.21.0.el7_7.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.251-2.6.21.0.el7_7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2020-2583 https://access.redhat.com/security/cve/CVE-2020-2590 https://access.redhat.com/security/cve/CVE-2020-2593 https://access.redhat.com/security/cve/CVE-2020-2601 https://access.redhat.com/security/cve/CVE-2020-2604 https://access.redhat.com/security/cve/CVE-2020-2654 https://access.redhat.com/security/cve/CVE-2020-2659 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXkwCw9zjgjWX9erEAQin0g//Zj5c0hBDEULA+dzivQQyj6OkwwfaJQ3L iVkX3tv3n8mW/UQCpCyyid7GOhpzZPvVj7u/OsLulPQkx+bILJKQgmKyj+/8weYz l57G1gOVtIA1LPa5T6RV4106v4QzqNMJZnJaNmN5uJyXb9Kewz5pNB8yyGZC7e7U QVhXOrvgvLoVrFtGAh2Kz1QahC8izOWrNlSJZl1gZX2MeN1TfBgZHIuQDmOO9WjT NUxjNZtV8sMUebSqzvktOvD9vuJS0djPszK9zdAgyRUOCF6Zt+DwwRIF9VbWXenA uu7rGKfyYywjMNkzTIjDscGZvrG94OD2qMXRzo4d55rAmLIE/+vcP1rCYd7ZarLw tjtIdf11fp9rLmz8PgCzI3dAu/biuqBhwrtfKYN0cfaNXlm8W3RlX7pfc9+6Gxkg iNAQeZMojYlwYLrZ7iT01LeCUcMX8CYluGrKNRsP8j0UxMDUP+/vPXDU9oJrBMfK kf8uWp8j6vYsWZ0R3HU+t6AsWoU8Q0kQ8KzlZo3mIz6Nbpk2XJ3Gp3I0vM3gGsop QiWuR9TsneO+XIqMRLrYCfiBZJR1ZUbx7E6xVIKu0XhRdiMR97TQDzm/GxEVHA0w YcwWDfG66T7IcL9sSpwdoWznS3CeonsYSMegTzM6TRlVGrqaMi09MlVPdoGWxIDo NG61Fnhf064=IM+K -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Feb 18, 2020
•Important
Red Hat
98
security advisoryimportantsecurity impactRed Hat Enterprise Linux 7: RHSA-2020-0468 Important Java Security Update
An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: java-1.7.1-ibm security update Advisory ID: RHSA-2020:0468-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2020:0468 Issue date: 2020-02-11 CVE Names: CVE-2020-2583 CVE-2020-2593 CVE-2020-2604 CVE-2020-2659 ==================================================================== 1. Summary: An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Supplementary (v. 7) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 7) - x86_64 3. Description: IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP60. Security Fix(es): * OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604) * OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548) (CVE-2020-2593) * OpenJDK: Incorrect exception processing during deserializationin BeanContextSupport (Serialization, 8224909) (CVE-2020-2583) * OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of IBM Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1790444 - CVE-2020-2583 OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) 1790884 - CVE-2020-2593 OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548) 1790944 - CVE-2020-2604 OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) 1791284 - CVE-2020-2659 OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) 6. Package List: Red Hat Enterprise Linux Client Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.4.60-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.4.60-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.4.60-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.4.60-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.4.60-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.4.60-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.4.60-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.4.60-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.4.60-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.4.60-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v.7): ppc64: java-1.7.1-ibm-1.7.1.4.60-1jpp.1.el7.ppc64.rpm java-1.7.1-ibm-demo-1.7.1.4.60-1jpp.1.el7.ppc64.rpm java-1.7.1-ibm-devel-1.7.1.4.60-1jpp.1.el7.ppc64.rpm java-1.7.1-ibm-jdbc-1.7.1.4.60-1jpp.1.el7.ppc64.rpm java-1.7.1-ibm-src-1.7.1.4.60-1jpp.1.el7.ppc64.rpm ppc64le: java-1.7.1-ibm-1.7.1.4.60-1jpp.1.el7.ppc64le.rpm java-1.7.1-ibm-demo-1.7.1.4.60-1jpp.1.el7.ppc64le.rpm java-1.7.1-ibm-devel-1.7.1.4.60-1jpp.1.el7.ppc64le.rpm java-1.7.1-ibm-jdbc-1.7.1.4.60-1jpp.1.el7.ppc64le.rpm java-1.7.1-ibm-src-1.7.1.4.60-1jpp.1.el7.ppc64le.rpm s390x: java-1.7.1-ibm-1.7.1.4.60-1jpp.1.el7.s390x.rpm java-1.7.1-ibm-demo-1.7.1.4.60-1jpp.1.el7.s390x.rpm java-1.7.1-ibm-devel-1.7.1.4.60-1jpp.1.el7.s390x.rpm java-1.7.1-ibm-jdbc-1.7.1.4.60-1jpp.1.el7.s390x.rpm java-1.7.1-ibm-src-1.7.1.4.60-1jpp.1.el7.s390x.rpm x86_64: java-1.7.1-ibm-1.7.1.4.60-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.4.60-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.4.60-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.4.60-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.4.60-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.4.60-1jpp.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 7): x86_64: java-1.7.1-ibm-1.7.1.4.60-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-demo-1.7.1.4.60-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-devel-1.7.1.4.60-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-jdbc-1.7.1.4.60-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-plugin-1.7.1.4.60-1jpp.1.el7.x86_64.rpm java-1.7.1-ibm-src-1.7.1.4.60-1jpp.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2020-2583 https://access.redhat.com/security/cve/CVE-2020-2593 https://access.redhat.com/security/cve/CVE-2020-2604 https://access.redhat.com/security/cve/CVE-2020-2659 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . Morecontact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXkJmwtzjgjWX9erEAQhqwQ//YyjE0ATS5galcCufcniNeYS4olbNUbVr KINlHmAa1bMfmMkiftncLybLK5YPjKGJD3kbGZQ/PjuW6lKBgK9tj1cTkH3BlcI+ kj59q8PKTTWDi0uLk7ogIApP4ZzpnDYgyGgwh/GTw+EMfoNAoYfJomZzL6v+LZu1 eUX5NoEi4U6UO+dvJuXcnrGcPX3eyqagMkrjT1cCLAmv+dhVLPEMDFg8NVfERRY+ MCPxro14PXTHB8HZSVX+TNoH2TCO9x5m9aWFUo/cH0ZMD5EnBcZsxj2uM2psrCNO pE+JVNLSvXoZDaXxsl5KP2CTBMO1x43lHy9gXr1xjaQS12ppMipWFQP27cMecnSm BInrLMh7EhQqevTMTvWfnSbmcZt2p60blU5D3cTl/KhrMIQ/k6ch1CkC5uxXVkBm A8hWLBjc3FZq5q24Y2pRUclAllRu7Dzdvnwu4DfiiHBXxrl/SOEqomGO0FRLC+NV 54kv6d1c5EqK0sQtunUaVnz6RqadPOSSPKY+2m/xoJ8wFo09pn+YS/1eIl0CcwDy QWiR8aQH/klAFM8wHKy/Nkmaz7yuOmU0ITfgrezxs+44ZyXnig5YXC6rUjRbXBFn fl5nBlusFrRr+r7CLEl77oAdxTxEwG9Ssb4tje/LHgZ4bLFeNPFJgHRv3Mj6WfEl BQsKIyimBuw=2FTX -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Feb 11, 2020
•Important
Red Hat
89
security advisoryupdatecriticalFedora: 2019-CF87377F5F Critical: jackson-bom Serialization Threats
- Update jackson-parent to version 2.10. - Update jackson-bom to version 2.10.0. - Update jackson-annotations to version 2.10.0. - Update jackson-core to version 2.10.0. - Update jackson-databind to version 2.10.0. Resolves CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-cf87377f5f 2019-10-26 17:17:38.267827 --------------------------------------------------------------------------------Name : jackson-bom Product : Fedora 31 Version : 2.10.0 Release : 1.fc31 URL : https://github.com/FasterXML/jackson-bom Summary : Bill of materials POM for Jackson projects Description : A "bill of materials" POM for Jackson dependencies. --------------------------------------------------------------------------------Update Information: - Update jackson-parent to version 2.10. - Update jackson-bom to version 2.10.0. - Update jackson-annotations to version 2.10.0. - Update jackson-core to version 2.10.0. - Update jackson-databind to version 2.10.0. Resolves CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943. --------------------------------------------------------------------------------ChangeLog: * Thu Oct 3 2019 Alexander Scheel - 2.10.0-1 - Update to latest upstream release --------------------------------------------------------------------------------References: [ 1 ] Bug #1758193 - CVE-2019-16943 jackson-databind: Serialization gadgets in classes of the p6spy package [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1758193 [ 2 ] Bug #1758188 - CVE-2019-16942 jackson-databind: Serialization gadgets in classes of the commons-dbcp package [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1758188 [ 3 ] Bug #1758183 - jackson-databind: Serialization gadgets in classes of the xalan package [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1758183 [ 4 ] Bug#1758172 - jackson-databind: Serialization gadgets in classes of the commons-configuration package [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1758172 [ 5 ] Bug #1758168 - jackson-databind: Serialization gadgets in classes of the ehcache package [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1758168 [ 6 ] Bug #1755850 - CVE-2019-14540 jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariConfig [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1755850 [ 7 ] Bug #1755832 - CVE-2019-16335 jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariDataSource [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1755832 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-cf87377f5f' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Oct 26, 2019
•Critical
Fedora
98
security advisorymoderatesecurity issueRed Hat JBoss EAP 7.1 Security Advisory RHSA-2018-2088-01 Moderate Update
An update is now available for Red Hat JBoss Enterprise Application Platform 7.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Enterprise Application Platform 7.1.3 security update Advisory ID: RHSA-2018:2088-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2018:2088 Issue date: 2018-06-27 CVE Names: CVE-2018-7489 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Enterprise Application Platform 7.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.3 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.2, and includes bug fixes and enhancements, which are documented in the Release Notes. The Release Notes for JBoss Enterprise Application Platform can be found on the Product Documentation page, linked in References. Security Fix(es): * jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries (CVE-2018-7489) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, make sure all previouslyreleased errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 1549276 - CVE-2018-7489 jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries 5. References: https://access.redhat.com/security/cve/CVE-2018-7489 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=7.1 https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=7.1/ 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBWzOg1tzjgjWX9erEAQh52w//eJuT8AJiRnIg9CGPPTSEtn7LcGhBjyZd q5UonOvGPeWqE4/m4D3hQLUSQfQiiOKnrBA1aymoapKV2AUuJ9hR7Xx5EC4mROb5 H5tGwLU2VMZWOm2Z1xA1u3lVzAnlizBRFvpH9zNxD+q5o9Fkrajk4u9y247FaWXe yHvw0WXyia3ZQB7igyGNewnCggtsMogVlKQHWjD2vPBIJqxV5dbiXAuoPVf2aqym nAOwdGovth5ZrZDb6oKQ8Mpz74PNQkqLV7SIii6yEwPrXOxQv4z+lLLLdivaDua7 ZBOOz7H7hdYbGNTeIq9eHkdPcoeUZMcexN/JgFJuSpQHDzBNMpqNnyrsVjWjPPto +wpdtcy+DYq+EYIFJSamvWlvvMqtx5vpZp+qGKjQChgNGZT7VcvFFJJo0VWj2WOJ hf6GOOH4cThCWKWkXwuqbBEzPgSj0O24irpSgZLNkihGFBnIB8GUc6PsTkxO/ix4 o9euDT/psSvt+2L2z0hBcMFpLg3KklQktFcWwLZGc6GYryYidf2Xt2dgzV9cLMJj aOtnkisrcYp7NIzFlubKdCs0/gWeNkg6siXili+sTnEw8DKCmj6m2t4I9i21SWyB EMe2VaPJUAVTxWejhCg5sOoiN4CFlysHly/MigERRowlPjF85zwYhlO10taT+BN3 aDJEkpt4SMk=uCL2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 27, 2018
Red Hat
89
security advisoryfedorasoftware updateFedora 23: Apache Commons Collections Serialization Security Update
Update to upstream version 3.2.2 which fixes serialization vulnerability. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-0c5838abc5 2016-04-02 00:39:41.507855 -------------------------------------------------------------------------------- Name : apache-commons-collections Product : Fedora 23 Version : 3.2.2 Release : 3.fc23 URL : https://commons.apache.org/proper/commons-collections/ Summary : Provides new interfaces, implementations and utilities for Java Collections Description : The introduction of the Collections API by Sun in JDK 1.2 has been a boon to quick and effective Java programming. Ready access to powerful data structures has accelerated development by reducing the need for custom container classes around each core object. Most Java2 APIs are significantly easier to use because of the Collections API. However, there are certain holes left unfilled by Sun's implementations, and the Jakarta-Commons Collections Component strives to fulfill them. Among the features of this package are: - special-purpose implementations of Lists and Maps for fast access - adapter classes from Java1-style containers (arrays, enumerations) to Java2-style collections. - methods to test or create typical set-theory properties of collections such as union, intersection, and closure. -------------------------------------------------------------------------------- Update Information: Update to upstream version 3.2.2 which fixes serialization vulnerability -------------------------------------------------------------------------------- References: [ 1 ] Bug #1316430 - Version 3.2.1 has a CVSS 10.0 vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1316430 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update apache-commons-collections' at the command line. For more information, refer to"Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Apr 02, 2016
•Important
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!