Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
98
security advisoryRed Hatremote code executionRedHat: RHSA-2019-3140-01 Important: JBoss Data Virtualization Security Fix
An update is now available for Red Hat JBoss Data Virtualization. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Data Virtualization 6.4.8 security update Advisory ID: RHSA-2019:3140-01 Product: Red Hat JBoss Data Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2019:3140 Issue date: 2019-10-17 CVE Names: CVE-2016-5397 CVE-2018-1335 CVE-2018-8088 CVE-2018-11307 CVE-2018-11798 CVE-2018-12022 CVE-2018-12023 CVE-2018-14718 CVE-2018-14719 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 CVE-2019-0201 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Data Virtualization. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems - such as multiple databases, XML files, and even Hadoop systems - appear as a set of tables in a local database. This release of Red Hat JBoss Data Virtualization 6.4.8 serves as a replacement for Red Hat JBoss Data Virtualization 6.4.7, and includes bug fixes and enhancements, which are documented in the Release Notesdocument linked to in the References. Security Fix(es): * thrift: Improper file path sanitization in t_go_generator.cc:format_go_output() of the go client library can allow an attacker to inject commands (CVE-2016-5397) * tika-core: tika: Command injection in tika-server can allow remote attackers to execute arbitrary commands via crafted headers (CVE-2018-1335) * slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088) * jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis (CVE-2018-11307) * libthrift: thrift: Improper Access Control grants access to files outside the webservers docroot path (CVE-2018-11798) * jackson-databind: improper polymorphic deserialization of types from Jodd-db library (CVE-2018-12022) * jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver (CVE-2018-12023) * jackson-databind: arbitrary code execution in slf4j-ext class (CVE-2018-14718) * jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes (CVE-2018-14719) * jackson-databind: improper polymorphic deserialization in axis2-transport-jms class (CVE-2018-19360) * jackson-databind: improper polymorphic deserialization in openjpa class (CVE-2018-19361) * jackson-databind: improper polymorphic deserialization in jboss-common-core class (CVE-2018-19362) * zookeeper: Information disclosure in Apache ZooKeeper (CVE-2019-0201) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1544620 - CVE-2016-5397 thrift:Improper file path sanitization in t_go_generator.cc:format_go_output() of the go client library can allow an attacker to inject commands 1548909 - CVE-2018-8088 slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution 1572416 - CVE-2018-1335 tika: Command injection in tika-server can allow remote attackers to execute arbitrary commands via crafted headers1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class 1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class 1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class 1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class 1667188 - CVE-2018-11798 thrift: Improper Access Control grants access to files outside the webservers docroot path 1671096 - CVE-2018-12023 jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver 1671097 - CVE-2018-12022 jackson-databind: improper polymorphic deserialization of types from Jodd-db library 1677341 - CVE-2018-11307 jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis 1715197 - CVE-2019-0201 zookeeper: Information disclosure in Apache ZooKeeper 5.References: https://access.redhat.com/security/cve/CVE-2016-5397 https://access.redhat.com/security/cve/CVE-2018-1335 https://access.redhat.com/security/cve/CVE-2018-8088 https://access.redhat.com/security/cve/CVE-2018-11307 https://access.redhat.com/security/cve/CVE-2018-11798 https://access.redhat.com/security/cve/CVE-2018-12022 https://access.redhat.com/security/cve/CVE-2018-12023 https://access.redhat.com/security/cve/CVE-2018-14718 https://access.redhat.com/security/cve/CVE-2018-14719 https://access.redhat.com/security/cve/CVE-2018-19360 https://access.redhat.com/security/cve/CVE-2018-19361 https://access.redhat.com/security/cve/CVE-2018-19362 https://access.redhat.com/security/cve/CVE-2019-0201 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.services.platform&downloadType=securityPatches&version=6.4 https://access.redhat.com/documentation/en-us/red_hat_jboss_data_virtualization/6.4/html/release_notes/ 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXaiAz9zjgjWX9erEAQgAXxAAlmR+/vjSvP15vDwv0W9mWse8ILnbSP1F hP6WSE2CJPW8jrFQY+1oemTW2dlBs/mK78nQCvV5tCEwKJOAVVWOik23EP4Ft9PV aZPRyo73tp5tPSHvE2jfDDoBOul4tt0rUZ1je+x3x5c/wTL4ORzduy+Ij9vNy59a /9qfZaKltdJis8mRyq6tpRUTLU5+qm0wP7XiwT4xFUyVZC1uCYM/lKLqCHmK11ev tfYUOFtcRn0YBpb6iu8MF8x0KY2RYj7W/b2HzcdZuPTAMg7ozThDzttj8AkMLToS BNRlKRLitkJX7XcfgB4XQw6dhPPt3FhQl6noqPKNmp8ojV5Ajt+IQzM+9+dVB9sH DbFC3D3vaLJGyVRqggzy/a4TMRw1KRcx4PF6+VnB5A4LgRSu2s5JzmL5D3n9lDXq SCP8eR6FFh0AQu6DTcnEsX7jTMGpBQpwXhj8dOEZdK+g4XZLbdRMqGeMx8lARXgf AOH8ETI2ynqio4gDX7Oc/vt+1RxXvkIABt1Tlarqo3mDy7bDKOHeveUUpc6OIz3Z HFoFr0OSqn/h7kb1dyYRuqgMfru2AfNRsGXPBRw7djdSR1jM3im+qql1W9M8MTCl CrT0I3gA/AGgVcZ1b+3tL4EfnL30mFhf4BfnxRz9Q8RNIlKX9rDLuA7o+mhjcyJs PBmZdOJqS8M=GmQ6 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Oct 17, 2019
•Important
Red Hat
89
security advisoryFedorahostapdFedora 28 hostapd Advisory: Multiple Critical Cache Attacks Fixed
Update to version 2.7 from upstream Security fix for CVE-2019-9494 (cache attack against SAE) Security fix for CVE-2019-9495 (cache attack against EAP-pwd) Security fix for CVE-2019-9496 (SAE confirm missing state validation in hostapd/AP) Security fix for CVE-2019-9497 (EAP-pwd server not checking for reflection attack) Security fix for CVE-2019-9498 (EAP-pwd server missing commit. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-d03bae77f5 2019-04-23 18:49:02.441793 --------------------------------------------------------------------------------Name : hostapd Product : Fedora 28 Version : 2.7 Release : 2.fc28 URL : http://w1.fi/hostapd/ Summary : IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator Description : hostapd is a user space daemon for access point and authentication servers. It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators and RADIUS authentication server. hostapd is designed to be a "daemon" program that runs in the back-ground and acts as the backend component controlling authentication. hostapd supports separate frontend programs and an example text-based frontend, hostapd_cli, is included with hostapd. --------------------------------------------------------------------------------Update Information: Update to version 2.7 from upstream Security fix for CVE-2019-9494 (cache attack against SAE) Security fix for CVE-2019-9495 (cache attack against EAP-pwd) Security fix for CVE-2019-9496 (SAE confirm missing state validation in hostapd/AP) Security fix for CVE-2019-9497 (EAP-pwd server not checking for reflection attack) Security fix for CVE-2019-9498 (EAP-pwd server missing commit validation for scalar/element) Security fix for CVE-2019-9499 (EAP-pwd peer missing commit validation for scalar/element) --------------------------------------------------------------------------------ChangeLog: * Fri Apr 12 2019 JohnW. Linville - 2.7-2 - Bump N-V-R for rebuild * Fri Apr 12 2019 John W. Linville - 2.7-1 - Update to version 2.7 from upstream - Remove obsolete patches for NL80211_ATTR_SMPS_MODE encoding and KRACK - Fix CVE-2019-9494 (cache attack against SAE) - Fix CVE-2019-9495 (cache attack against EAP-pwd) - Fix CVE-2019-9496 (SAE confirm missing state validation in hostapd/AP) - Fix CVE-2019-9497 (EAP-pwd server not checking for reflection attack) - Fix CVE-2019-9498 (EAP-pwd server missing commit validation for scalar/element) - Fix CVE-2019-9499 (EAP-pwd peer missing commit validation for scalar/element) * Fri Feb 1 2019 Fedora Release Engineering - 2.6-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Fri Jul 20 2018 John W. Linville - 2.6-11 - Add previously unnecessary BuildRequires for gcc * Fri Jul 13 2018 Fedora Release Engineering - 2.6-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Tue May 29 2018 Davide Caratti - 2.6-9 - backport fix for Fix NL80211_ATTR_SMPS_MODE encoding (rh #1582839) --------------------------------------------------------------------------------References: [ 1 ] Bug #1699141 - CVE-2019-9494 wpa_supplicant: SAE Timing-based and Cache-based side-channel attack against WPA3's Dragonfly handshake https://bugzilla.redhat.com/show_bug.cgi?id=1699141 [ 2 ] Bug #1699149 - CVE-2019-9495 wpa_supplicant: EAP-pwd cache side-channel attack https://bugzilla.redhat.com/show_bug.cgi?id=1699149 [ 3 ] Bug #1699153 - CVE-2019-9496 hostapd: SAE confirm missing state validation in hostapd/AP https://bugzilla.redhat.com/show_bug.cgi?id=1699153 [ 4 ] Bug #1699164 - CVE-2019-9497 wpa_supplicant: EAP-pwd server not checking for reflection attack https://bugzilla.redhat.com/show_bug.cgi?id=1699164 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisoryFEDORA-2019-d03bae77f5' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Apr 23, 2019
•Critical
Fedora
197
security advisorydebianserver attackDebian 9 Stretch: DLA-2022-2 Urgent Adminer Remote Code Vulnerability
It was discovered that there was a server-side request forgery exploit in adminer, a web-based database administration tool. Adminer allowed unauthenticated connections to be initiated to arbitrary . Package : adminer Version : 3.3.3-1+deb7u1 CVE ID : CVE-2018-7667 Debian Bug : #893668 It was discovered that there was a server-side request forgery exploit in adminer, a web-based database administration tool. Adminer allowed unauthenticated connections to be initiated to arbitrary systems and ports which could bypass external firewalls to identify internal hosts or perform port scanning of other servers. For Debian 7 "Wheezy", this issue has been fixed in adminer version 3.3.3-1+deb7u1. We recommend that you upgrade your adminer packages. Regards, - -- ,'`. : :' : Chris Lamb `. `'`
Mar 22, 2018
•Important
Debian LTS
98
security advisorymoderatesecurity updateRed Hat 6 Moderate: RHSA-2014:1123-01 Axis Certificate Spoofing
An updated devtoolset-2-axis package that fixes one security issue is now available for Red Hat Developer Toolset 2. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: devtoolset-2-axis security update Advisory ID: RHSA-2014:1123-01 Product: Red Hat Developer Toolset Advisory URL: https://access.redhat.com/errata/RHSA-2014:1123.html Issue date: 2014-09-02 CVE Names: CVE-2012-5784 ==================================================================== 1. Summary: An updated devtoolset-2-axis package that fixes one security issue is now available for Red Hat Developer Toolset 2. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Developer Toolset 2 for Red Hat Enterprise Linux 6 Server - noarch Red Hat Developer Toolset 2 for Red Hat Enterprise Linux 6 Workstation - noarch 3. Description: Apache Axis is an implementation of SOAP (Simple Object Access Protocol). It can be used to build both web service clients and servers. Apache Axis did not verify that the server host name matched the domain name in the subject's Common Name (CN) or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. (CVE-2012-5784) All devtoolset-2-axis users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system havebeen applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 873252 - CVE-2012-5784 axis: missing connection hostname check against X.509 certificate name 6. Package List: Red Hat Developer Toolset 2 for Red Hat Enterprise Linux 6 Server: Source: devtoolset-2-axis-1.4-23.el6.src.rpm noarch: devtoolset-2-axis-1.4-23.el6.noarch.rpm Red Hat Developer Toolset 2 for Red Hat Enterprise Linux 6 Workstation: Source: devtoolset-2-axis-1.4-23.el6.src.rpm noarch: devtoolset-2-axis-1.4-23.el6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2012-5784 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUBg01XlSAg2UNWIIRAl+7AJ4sjQKlo7nTf4AOUOme9Yp8JsoGEQCfe4XB +efYiK56ySRceKbo6lkVfOw=An2l -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Sep 02, 2014
Red Hat
98
security advisorymoderatesecurity issueRed Hat: RHSA-2010-0979-01 Moderate: OpenSSL Ciphersuite Flaw
Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: openssl security update Advisory ID: RHSA-2010:0979-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2010:0979.html Issue date: 2010-12-13 CVE Names: CVE-2010-4180 ==================================================================== 1. Summary: Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code. A remote attacker could possibly use this flaw to change the ciphersuite associated with a cached sessionstored on the server, if the server enabled the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option, possibly forcing the client to use a weaker ciphersuite after resuming the session. (CVE-2010-4180) Note: With this update, setting the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option has no effect and this bug workaround can no longer be enabled. All OpenSSL users should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 659462 - CVE-2010-4180 openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG ciphersuite downgrade attack 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: i386: openssl-1.0.0-4.el6_0.2.i686.rpm openssl-debuginfo-1.0.0-4.el6_0.2.i686.rpm x86_64: openssl-1.0.0-4.el6_0.2.i686.rpm openssl-1.0.0-4.el6_0.2.x86_64.rpm openssl-debuginfo-1.0.0-4.el6_0.2.i686.rpm openssl-debuginfo-1.0.0-4.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: i386: openssl-debuginfo-1.0.0-4.el6_0.2.i686.rpm openssl-devel-1.0.0-4.el6_0.2.i686.rpm openssl-perl-1.0.0-4.el6_0.2.i686.rpm openssl-static-1.0.0-4.el6_0.2.i686.rpm x86_64: openssl-debuginfo-1.0.0-4.el6_0.2.i686.rpm openssl-debuginfo-1.0.0-4.el6_0.2.x86_64.rpm openssl-devel-1.0.0-4.el6_0.2.i686.rpm openssl-devel-1.0.0-4.el6_0.2.x86_64.rpm openssl-perl-1.0.0-4.el6_0.2.x86_64.rpm openssl-static-1.0.0-4.el6_0.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: x86_64: openssl-1.0.0-4.el6_0.2.i686.rpm openssl-1.0.0-4.el6_0.2.x86_64.rpm openssl-debuginfo-1.0.0-4.el6_0.2.i686.rpm openssl-debuginfo-1.0.0-4.el6_0.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v.6): Source: x86_64: openssl-debuginfo-1.0.0-4.el6_0.2.i686.rpm openssl-debuginfo-1.0.0-4.el6_0.2.x86_64.rpm openssl-devel-1.0.0-4.el6_0.2.i686.rpm openssl-devel-1.0.0-4.el6_0.2.x86_64.rpm openssl-perl-1.0.0-4.el6_0.2.x86_64.rpm openssl-static-1.0.0-4.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: i386: openssl-1.0.0-4.el6_0.2.i686.rpm openssl-debuginfo-1.0.0-4.el6_0.2.i686.rpm openssl-devel-1.0.0-4.el6_0.2.i686.rpm ppc64: openssl-1.0.0-4.el6_0.2.ppc.rpm openssl-1.0.0-4.el6_0.2.ppc64.rpm openssl-debuginfo-1.0.0-4.el6_0.2.ppc.rpm openssl-debuginfo-1.0.0-4.el6_0.2.ppc64.rpm openssl-devel-1.0.0-4.el6_0.2.ppc.rpm openssl-devel-1.0.0-4.el6_0.2.ppc64.rpm s390x: openssl-1.0.0-4.el6_0.2.s390.rpm openssl-1.0.0-4.el6_0.2.s390x.rpm openssl-debuginfo-1.0.0-4.el6_0.2.s390.rpm openssl-debuginfo-1.0.0-4.el6_0.2.s390x.rpm openssl-devel-1.0.0-4.el6_0.2.s390.rpm openssl-devel-1.0.0-4.el6_0.2.s390x.rpm x86_64: openssl-1.0.0-4.el6_0.2.i686.rpm openssl-1.0.0-4.el6_0.2.x86_64.rpm openssl-debuginfo-1.0.0-4.el6_0.2.i686.rpm openssl-debuginfo-1.0.0-4.el6_0.2.x86_64.rpm openssl-devel-1.0.0-4.el6_0.2.i686.rpm openssl-devel-1.0.0-4.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: i386: openssl-debuginfo-1.0.0-4.el6_0.2.i686.rpm openssl-perl-1.0.0-4.el6_0.2.i686.rpm openssl-static-1.0.0-4.el6_0.2.i686.rpm ppc64: openssl-debuginfo-1.0.0-4.el6_0.2.ppc64.rpm openssl-perl-1.0.0-4.el6_0.2.ppc64.rpm openssl-static-1.0.0-4.el6_0.2.ppc64.rpm s390x: openssl-debuginfo-1.0.0-4.el6_0.2.s390x.rpm openssl-perl-1.0.0-4.el6_0.2.s390x.rpm openssl-static-1.0.0-4.el6_0.2.s390x.rpm x86_64: openssl-debuginfo-1.0.0-4.el6_0.2.x86_64.rpm openssl-perl-1.0.0-4.el6_0.2.x86_64.rpm openssl-static-1.0.0-4.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v.6): Source: i386: openssl-1.0.0-4.el6_0.2.i686.rpm openssl-debuginfo-1.0.0-4.el6_0.2.i686.rpm openssl-devel-1.0.0-4.el6_0.2.i686.rpm x86_64: openssl-1.0.0-4.el6_0.2.i686.rpm openssl-1.0.0-4.el6_0.2.x86_64.rpm openssl-debuginfo-1.0.0-4.el6_0.2.i686.rpm openssl-debuginfo-1.0.0-4.el6_0.2.x86_64.rpm openssl-devel-1.0.0-4.el6_0.2.i686.rpm openssl-devel-1.0.0-4.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: i386: openssl-debuginfo-1.0.0-4.el6_0.2.i686.rpm openssl-perl-1.0.0-4.el6_0.2.i686.rpm openssl-static-1.0.0-4.el6_0.2.i686.rpm x86_64: openssl-debuginfo-1.0.0-4.el6_0.2.x86_64.rpm openssl-perl-1.0.0-4.el6_0.2.x86_64.rpm openssl-static-1.0.0-4.el6_0.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2010-4180 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2010 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNBmoxXlSAg2UNWIIRApuhAJ4/rYz+B21DIirwsrbeQPnm8OTmaQCgi2dq B9NstJ1WS7bj6BT6U30llW8=OuwV -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Dec 13, 2010
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!