Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
203
security advisoryserver exploitmageiaMageia 8: 2022-0434 Moderate: Varnish Cache HTTP Request Forgery
An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to . MGASA-2022-0434 - Updated varnish packages fix security vulnerability Publication date: 18 Nov 2022 URL: https://advisories.mageia.org/MGASA-2022-0434.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-45060 An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. (CVE-2022-45060) References: - https://bugs.mageia.org/show_bug.cgi?id=31121 - - https://docs.varnish-software.com/security/VSV00011/ - https://www.cve.org/CVERecord?id=CVE-2022-45060 SRPMS: - 8/core/varnish-6.5.1-1.3.mga8 . Nginx configurations revised for Fedora 36 to address a potential denial of service vulnerability, improving system resilience on 25 Dec 2022.. HTTP Request Forgery, Varnish Cache, Mageia Security Update, Exploit Risk, Server Vulnerability. . LinuxSecurity.com Team
Nov 18, 2022
Mageia
98
security advisoryred hatheap overflowDebian: DSA-2022:4567 Critical: OpenSSL Security Vulnerability
An update for rsyslog is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: rsyslog security update Advisory ID: RHSA-2022:4803-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:4803 Issue date: 2022-05-30 CVE Names: CVE-2022-24903 ==================================================================== 1. Summary: An update for rsyslog is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format. Security Fix(es): * rsyslog: Heap-based overflow in TCP syslog server (CVE-2022-24903) For more detailsabout the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2081353 - CVE-2022-24903 rsyslog: Heap-based overflow in TCP syslog server 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: rsyslog-8.24.0-57.el7_9.3.src.rpm x86_64: rsyslog-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-debuginfo-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-gnutls-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-gssapi-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-kafka-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-mmjsonparse-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-relp-8.24.0-57.el7_9.3.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: rsyslog-doc-8.24.0-57.el7_9.3.noarch.rpm x86_64: rsyslog-crypto-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-debuginfo-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-elasticsearch-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-libdbi-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-mmaudit-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-mmkubernetes-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-mmnormalize-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-mmsnmptrapd-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-mysql-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-pgsql-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-snmp-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-udpspoof-8.24.0-57.el7_9.3.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: rsyslog-8.24.0-57.el7_9.3.src.rpm x86_64: rsyslog-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-debuginfo-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-gnutls-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-gssapi-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-kafka-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-mmjsonparse-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-relp-8.24.0-57.el7_9.3.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v.7): noarch: rsyslog-doc-8.24.0-57.el7_9.3.noarch.rpm x86_64: rsyslog-crypto-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-debuginfo-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-elasticsearch-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-libdbi-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-mmaudit-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-mmkubernetes-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-mmnormalize-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-mmsnmptrapd-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-mysql-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-pgsql-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-snmp-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-udpspoof-8.24.0-57.el7_9.3.x86_64.rpm Red Hat Enterprise Linux Server (v.7): Source: rsyslog-8.24.0-57.el7_9.3.src.rpm ppc64: rsyslog-8.24.0-57.el7_9.3.ppc64.rpm rsyslog-debuginfo-8.24.0-57.el7_9.3.ppc64.rpm rsyslog-gnutls-8.24.0-57.el7_9.3.ppc64.rpm rsyslog-gssapi-8.24.0-57.el7_9.3.ppc64.rpm rsyslog-kafka-8.24.0-57.el7_9.3.ppc64.rpm rsyslog-mysql-8.24.0-57.el7_9.3.ppc64.rpm rsyslog-pgsql-8.24.0-57.el7_9.3.ppc64.rpm rsyslog-relp-8.24.0-57.el7_9.3.ppc64.rpm ppc64le: rsyslog-8.24.0-57.el7_9.3.ppc64le.rpm rsyslog-debuginfo-8.24.0-57.el7_9.3.ppc64le.rpm rsyslog-gnutls-8.24.0-57.el7_9.3.ppc64le.rpm rsyslog-gssapi-8.24.0-57.el7_9.3.ppc64le.rpm rsyslog-kafka-8.24.0-57.el7_9.3.ppc64le.rpm rsyslog-mysql-8.24.0-57.el7_9.3.ppc64le.rpm rsyslog-pgsql-8.24.0-57.el7_9.3.ppc64le.rpm rsyslog-relp-8.24.0-57.el7_9.3.ppc64le.rpm s390x: rsyslog-8.24.0-57.el7_9.3.s390x.rpm rsyslog-debuginfo-8.24.0-57.el7_9.3.s390x.rpm rsyslog-gnutls-8.24.0-57.el7_9.3.s390x.rpm rsyslog-gssapi-8.24.0-57.el7_9.3.s390x.rpm rsyslog-kafka-8.24.0-57.el7_9.3.s390x.rpm rsyslog-mysql-8.24.0-57.el7_9.3.s390x.rpm rsyslog-pgsql-8.24.0-57.el7_9.3.s390x.rpm rsyslog-relp-8.24.0-57.el7_9.3.s390x.rpm x86_64: rsyslog-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-debuginfo-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-gnutls-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-gssapi-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-kafka-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-mmjsonparse-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-mysql-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-pgsql-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-relp-8.24.0-57.el7_9.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v.7): noarch: rsyslog-doc-8.24.0-57.el7_9.3.noarch.rpm ppc64: rsyslog-crypto-8.24.0-57.el7_9.3.ppc64.rpm rsyslog-debuginfo-8.24.0-57.el7_9.3.ppc64.rpm rsyslog-elasticsearch-8.24.0-57.el7_9.3.ppc64.rpm rsyslog-libdbi-8.24.0-57.el7_9.3.ppc64.rpm rsyslog-mmaudit-8.24.0-57.el7_9.3.ppc64.rpm rsyslog-mmjsonparse-8.24.0-57.el7_9.3.ppc64.rpm rsyslog-mmkubernetes-8.24.0-57.el7_9.3.ppc64.rpm rsyslog-mmnormalize-8.24.0-57.el7_9.3.ppc64.rpm rsyslog-mmsnmptrapd-8.24.0-57.el7_9.3.ppc64.rpm rsyslog-snmp-8.24.0-57.el7_9.3.ppc64.rpm rsyslog-udpspoof-8.24.0-57.el7_9.3.ppc64.rpm ppc64le: rsyslog-crypto-8.24.0-57.el7_9.3.ppc64le.rpm rsyslog-debuginfo-8.24.0-57.el7_9.3.ppc64le.rpm rsyslog-elasticsearch-8.24.0-57.el7_9.3.ppc64le.rpm rsyslog-libdbi-8.24.0-57.el7_9.3.ppc64le.rpm rsyslog-mmaudit-8.24.0-57.el7_9.3.ppc64le.rpm rsyslog-mmjsonparse-8.24.0-57.el7_9.3.ppc64le.rpm rsyslog-mmkubernetes-8.24.0-57.el7_9.3.ppc64le.rpm rsyslog-mmnormalize-8.24.0-57.el7_9.3.ppc64le.rpm rsyslog-mmsnmptrapd-8.24.0-57.el7_9.3.ppc64le.rpm rsyslog-snmp-8.24.0-57.el7_9.3.ppc64le.rpm rsyslog-udpspoof-8.24.0-57.el7_9.3.ppc64le.rpm s390x: rsyslog-crypto-8.24.0-57.el7_9.3.s390x.rpm rsyslog-debuginfo-8.24.0-57.el7_9.3.s390x.rpm rsyslog-elasticsearch-8.24.0-57.el7_9.3.s390x.rpm rsyslog-libdbi-8.24.0-57.el7_9.3.s390x.rpm rsyslog-mmaudit-8.24.0-57.el7_9.3.s390x.rpm rsyslog-mmjsonparse-8.24.0-57.el7_9.3.s390x.rpm rsyslog-mmkubernetes-8.24.0-57.el7_9.3.s390x.rpm rsyslog-mmnormalize-8.24.0-57.el7_9.3.s390x.rpm rsyslog-mmsnmptrapd-8.24.0-57.el7_9.3.s390x.rpm rsyslog-snmp-8.24.0-57.el7_9.3.s390x.rpm rsyslog-udpspoof-8.24.0-57.el7_9.3.s390x.rpm x86_64: rsyslog-crypto-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-debuginfo-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-elasticsearch-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-libdbi-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-mmaudit-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-mmkubernetes-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-mmnormalize-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-mmsnmptrapd-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-snmp-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-udpspoof-8.24.0-57.el7_9.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: rsyslog-8.24.0-57.el7_9.3.src.rpm x86_64: rsyslog-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-debuginfo-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-gnutls-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-gssapi-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-kafka-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-mmjsonparse-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-mysql-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-pgsql-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-relp-8.24.0-57.el7_9.3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: rsyslog-doc-8.24.0-57.el7_9.3.noarch.rpm x86_64: rsyslog-crypto-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-debuginfo-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-elasticsearch-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-libdbi-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-mmaudit-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-mmkubernetes-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-mmnormalize-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-mmsnmptrapd-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-snmp-8.24.0-57.el7_9.3.x86_64.rpm rsyslog-udpspoof-8.24.0-57.el7_9.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-24903 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYpTSCtzjgjWX9erEAQihkQ/+KbtOd8ui5z9M5bcEfoSqZvcTQ1L2Hfi4 mMLxmToFrbmdmdCq1oChrMzN/ub+R3wUrwY7j8QYkZk5DvOWFtSFGDSha9x0ga9l uzsuKoF6giI3nyiXjJrn38/Y9tiAjdGwbxdR/1zEuNGfhUeNg265/5lMbSORzqel A455wMJ6BD6G06ZVZ0XqBDGBSqmneAWya7dP9Kz95XAw36ePYE86Y78T7vpNwsM6 MS5OMUJxsjJcwLRMZw2EEOI0wzDzIt2XKitd3n6vDvDK9UddPkRBvGdKiJVjrBdC Xr5RH7zB0AbUqPUkGN5GHSZXvUJeUvQQv6nTJID/irBxzSvKgGP+f+kCZ26C6Xqb 3kVgqudtHktFWdtLO+iel4GmgmuI/dUN/065JWvpmouRTE7APslhkOMsAYj2+xaK yOsqwlD9cQiNbx5iCJ2mJy3RkrkZVi5DA3YrTKRPx999IsJSaS+PmWPX/zTjHQx3 mM4y2rJxidpvnZkSMpSuMoE6q7Xg3Xkki5OrRo7/3LMlAFIVT+ONbtNJgOEQ6cJu WxSczdZXgB9M79G8X0JLBj6EFRAXOzFg+pESCHiNz8eOi6EujqA8Q6gtsaC86itN QynjZawnyl0pu6N0y0ATp+vAWwEN0+dx8Y6NwfZmAONX+Kev6JTtcEXt/JrtF26j KGZslKaHe74=P4H5 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 30, 2022
•Important
Red Hat
98
security advisorycritical issuesecurity updateRed Hat: RHSA-2014:0211-01 Important: PostgreSQL Buffer Overflow Threat
Updated postgresql84 and postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: postgresql84 and postgresql security update Advisory ID: RHSA-2014:0211-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2014:0211.html Issue date: 2014-02-25 CVE Names: CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066 ==================================================================== 1. Summary: Updated postgresql84 and postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: PostgreSQL is an advanced object-relational database managementsystem (DBMS). Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0063) Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in various type input functions in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0064) Multiple potential buffer overflow flaws were found in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0065) It was found that granting an SQL role to a database user in a PostgreSQL database without specifying the "ADMIN" option allowed the grantee to remove other users from their granted role. An authenticated database user could use this flaw to remove a user from an SQL role which they were granted access to. (CVE-2014-0060) A flaw was found in the validator functions provided by PostgreSQL's procedural languages (PLs). An authenticated database user could possibly use this flaw to escalate their privileges. (CVE-2014-0061) A race condition was found in the way the CREATE INDEX command performed multiple independent lookups of a table that had to be indexed. An authenticated database user could possibly use this flaw to escalate their privileges. (CVE-2014-0062) It was found that the chkpass extension of PostgreSQL did not check the return value of the crypt() function. An authenticated database user could possibly use this flaw to crash PostgreSQL via a null pointer dereference. (CVE-2014-0066) Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstreamacknowledges Noah Misch as the original reporter of CVE-2014-0060 and CVE-2014-0063, Heikki Linnakangas and Noah Misch as the original reporters of CVE-2014-0064, Peter Eisentraut and Jozef Mlich as the original reporters of CVE-2014-0065, Andres Freund as the original reporter of CVE-2014-0061, Robert Haas and Andres Freund as the original reporters of CVE-2014-0062, and Honza Horak and Bruce Momjian as the original reporters of CVE-2014-0066. These updated packages upgrade PostgreSQL to version 8.4.20, which fixes these issues as well as several non-security issues. Refer to the PostgreSQL Release Notes for a full list of changes: https://www.postgresql.org/docs/8.4/release-8-4-19.html https://https://www.postgresql.org/docs/8.4/release-8-4-20.html All PostgreSQL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1065219 - CVE-2014-0060 postgresql: SET ROLE without ADMIN OPTION allows adding and removing group members1065220 - CVE-2014-0061 postgresql: privilege escalation via procedural language validator functions 1065222 - CVE-2014-0062 postgresql: CREATE INDEX race condition possibly leading to privilege escalation 1065226 - CVE-2014-0063 postgresql: stack-based buffer overflow in datetime input/output 1065230 - CVE-2014-0064 postgresql: integer overflows leading to buffer overflows 1065235 - CVE-2014-0065 postgresql: possible buffer overflow flaws 1065236 - CVE-2014-0066 postgresql: NULL pointer dereference 6. Package List: Red Hat Enterprise Linux Desktop (v. 5client): Source: i386: postgresql84-8.4.20-1.el5_10.i386.rpm postgresql84-contrib-8.4.20-1.el5_10.i386.rpm postgresql84-debuginfo-8.4.20-1.el5_10.i386.rpm postgresql84-docs-8.4.20-1.el5_10.i386.rpm postgresql84-libs-8.4.20-1.el5_10.i386.rpm postgresql84-python-8.4.20-1.el5_10.i386.rpm postgresql84-tcl-8.4.20-1.el5_10.i386.rpm x86_64: postgresql84-8.4.20-1.el5_10.x86_64.rpm postgresql84-contrib-8.4.20-1.el5_10.x86_64.rpm postgresql84-debuginfo-8.4.20-1.el5_10.i386.rpm postgresql84-debuginfo-8.4.20-1.el5_10.x86_64.rpm postgresql84-docs-8.4.20-1.el5_10.x86_64.rpm postgresql84-libs-8.4.20-1.el5_10.i386.rpm postgresql84-libs-8.4.20-1.el5_10.x86_64.rpm postgresql84-python-8.4.20-1.el5_10.x86_64.rpm postgresql84-tcl-8.4.20-1.el5_10.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: i386: postgresql84-debuginfo-8.4.20-1.el5_10.i386.rpm postgresql84-devel-8.4.20-1.el5_10.i386.rpm postgresql84-plperl-8.4.20-1.el5_10.i386.rpm postgresql84-plpython-8.4.20-1.el5_10.i386.rpm postgresql84-pltcl-8.4.20-1.el5_10.i386.rpm postgresql84-server-8.4.20-1.el5_10.i386.rpm postgresql84-test-8.4.20-1.el5_10.i386.rpm x86_64: postgresql84-debuginfo-8.4.20-1.el5_10.i386.rpm postgresql84-debuginfo-8.4.20-1.el5_10.x86_64.rpm postgresql84-devel-8.4.20-1.el5_10.i386.rpm postgresql84-devel-8.4.20-1.el5_10.x86_64.rpm postgresql84-plperl-8.4.20-1.el5_10.x86_64.rpm postgresql84-plpython-8.4.20-1.el5_10.x86_64.rpm postgresql84-pltcl-8.4.20-1.el5_10.x86_64.rpm postgresql84-server-8.4.20-1.el5_10.x86_64.rpm postgresql84-test-8.4.20-1.el5_10.x86_64.rpm Red Hat Enterprise Linux (v. 5server): Source: i386: postgresql84-8.4.20-1.el5_10.i386.rpm postgresql84-contrib-8.4.20-1.el5_10.i386.rpm postgresql84-debuginfo-8.4.20-1.el5_10.i386.rpm postgresql84-devel-8.4.20-1.el5_10.i386.rpm postgresql84-docs-8.4.20-1.el5_10.i386.rpm postgresql84-libs-8.4.20-1.el5_10.i386.rpm postgresql84-plperl-8.4.20-1.el5_10.i386.rpm postgresql84-plpython-8.4.20-1.el5_10.i386.rpm postgresql84-pltcl-8.4.20-1.el5_10.i386.rpm postgresql84-python-8.4.20-1.el5_10.i386.rpm postgresql84-server-8.4.20-1.el5_10.i386.rpm postgresql84-tcl-8.4.20-1.el5_10.i386.rpm postgresql84-test-8.4.20-1.el5_10.i386.rpm ia64: postgresql84-8.4.20-1.el5_10.ia64.rpm postgresql84-contrib-8.4.20-1.el5_10.ia64.rpm postgresql84-debuginfo-8.4.20-1.el5_10.ia64.rpm postgresql84-devel-8.4.20-1.el5_10.ia64.rpm postgresql84-docs-8.4.20-1.el5_10.ia64.rpm postgresql84-libs-8.4.20-1.el5_10.ia64.rpm postgresql84-plperl-8.4.20-1.el5_10.ia64.rpm postgresql84-plpython-8.4.20-1.el5_10.ia64.rpm postgresql84-pltcl-8.4.20-1.el5_10.ia64.rpm postgresql84-python-8.4.20-1.el5_10.ia64.rpm postgresql84-server-8.4.20-1.el5_10.ia64.rpm postgresql84-tcl-8.4.20-1.el5_10.ia64.rpm postgresql84-test-8.4.20-1.el5_10.ia64.rpm ppc: postgresql84-8.4.20-1.el5_10.ppc.rpm postgresql84-8.4.20-1.el5_10.ppc64.rpm postgresql84-contrib-8.4.20-1.el5_10.ppc.rpm postgresql84-debuginfo-8.4.20-1.el5_10.ppc.rpm postgresql84-debuginfo-8.4.20-1.el5_10.ppc64.rpm postgresql84-devel-8.4.20-1.el5_10.ppc.rpm postgresql84-devel-8.4.20-1.el5_10.ppc64.rpm postgresql84-docs-8.4.20-1.el5_10.ppc.rpm postgresql84-libs-8.4.20-1.el5_10.ppc.rpm postgresql84-libs-8.4.20-1.el5_10.ppc64.rpm postgresql84-plperl-8.4.20-1.el5_10.ppc.rpm postgresql84-plpython-8.4.20-1.el5_10.ppc.rpm postgresql84-pltcl-8.4.20-1.el5_10.ppc.rpm postgresql84-python-8.4.20-1.el5_10.ppc.rpm postgresql84-server-8.4.20-1.el5_10.ppc.rpm postgresql84-tcl-8.4.20-1.el5_10.ppc.rpm postgresql84-test-8.4.20-1.el5_10.ppc.rpm s390x: postgresql84-8.4.20-1.el5_10.s390x.rpm postgresql84-contrib-8.4.20-1.el5_10.s390x.rpm postgresql84-debuginfo-8.4.20-1.el5_10.s390.rpm postgresql84-debuginfo-8.4.20-1.el5_10.s390x.rpm postgresql84-devel-8.4.20-1.el5_10.s390.rpm postgresql84-devel-8.4.20-1.el5_10.s390x.rpm postgresql84-docs-8.4.20-1.el5_10.s390x.rpm postgresql84-libs-8.4.20-1.el5_10.s390.rpm postgresql84-libs-8.4.20-1.el5_10.s390x.rpm postgresql84-plperl-8.4.20-1.el5_10.s390x.rpm postgresql84-plpython-8.4.20-1.el5_10.s390x.rpm postgresql84-pltcl-8.4.20-1.el5_10.s390x.rpm postgresql84-python-8.4.20-1.el5_10.s390x.rpm postgresql84-server-8.4.20-1.el5_10.s390x.rpm postgresql84-tcl-8.4.20-1.el5_10.s390x.rpm postgresql84-test-8.4.20-1.el5_10.s390x.rpm x86_64: postgresql84-8.4.20-1.el5_10.x86_64.rpm postgresql84-contrib-8.4.20-1.el5_10.x86_64.rpm postgresql84-debuginfo-8.4.20-1.el5_10.i386.rpm postgresql84-debuginfo-8.4.20-1.el5_10.x86_64.rpm postgresql84-devel-8.4.20-1.el5_10.i386.rpm postgresql84-devel-8.4.20-1.el5_10.x86_64.rpm postgresql84-docs-8.4.20-1.el5_10.x86_64.rpm postgresql84-libs-8.4.20-1.el5_10.i386.rpm postgresql84-libs-8.4.20-1.el5_10.x86_64.rpm postgresql84-plperl-8.4.20-1.el5_10.x86_64.rpm postgresql84-plpython-8.4.20-1.el5_10.x86_64.rpm postgresql84-pltcl-8.4.20-1.el5_10.x86_64.rpm postgresql84-python-8.4.20-1.el5_10.x86_64.rpm postgresql84-server-8.4.20-1.el5_10.x86_64.rpm postgresql84-tcl-8.4.20-1.el5_10.x86_64.rpm postgresql84-test-8.4.20-1.el5_10.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: i386: postgresql-debuginfo-8.4.20-1.el6_5.i686.rpm postgresql-libs-8.4.20-1.el6_5.i686.rpm x86_64: postgresql-debuginfo-8.4.20-1.el6_5.i686.rpm postgresql-debuginfo-8.4.20-1.el6_5.x86_64.rpm postgresql-libs-8.4.20-1.el6_5.i686.rpm postgresql-libs-8.4.20-1.el6_5.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v.6): Source: i386: postgresql-8.4.20-1.el6_5.i686.rpm postgresql-contrib-8.4.20-1.el6_5.i686.rpm postgresql-debuginfo-8.4.20-1.el6_5.i686.rpm postgresql-devel-8.4.20-1.el6_5.i686.rpm postgresql-docs-8.4.20-1.el6_5.i686.rpm postgresql-plperl-8.4.20-1.el6_5.i686.rpm postgresql-plpython-8.4.20-1.el6_5.i686.rpm postgresql-pltcl-8.4.20-1.el6_5.i686.rpm postgresql-server-8.4.20-1.el6_5.i686.rpm postgresql-test-8.4.20-1.el6_5.i686.rpm x86_64: postgresql-8.4.20-1.el6_5.i686.rpm postgresql-8.4.20-1.el6_5.x86_64.rpm postgresql-contrib-8.4.20-1.el6_5.x86_64.rpm postgresql-debuginfo-8.4.20-1.el6_5.i686.rpm postgresql-debuginfo-8.4.20-1.el6_5.x86_64.rpm postgresql-devel-8.4.20-1.el6_5.i686.rpm postgresql-devel-8.4.20-1.el6_5.x86_64.rpm postgresql-docs-8.4.20-1.el6_5.x86_64.rpm postgresql-plperl-8.4.20-1.el6_5.x86_64.rpm postgresql-plpython-8.4.20-1.el6_5.x86_64.rpm postgresql-pltcl-8.4.20-1.el6_5.x86_64.rpm postgresql-server-8.4.20-1.el6_5.x86_64.rpm postgresql-test-8.4.20-1.el6_5.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: x86_64: postgresql-8.4.20-1.el6_5.i686.rpm postgresql-8.4.20-1.el6_5.x86_64.rpm postgresql-debuginfo-8.4.20-1.el6_5.i686.rpm postgresql-debuginfo-8.4.20-1.el6_5.x86_64.rpm postgresql-libs-8.4.20-1.el6_5.i686.rpm postgresql-libs-8.4.20-1.el6_5.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: x86_64: postgresql-contrib-8.4.20-1.el6_5.x86_64.rpm postgresql-debuginfo-8.4.20-1.el6_5.i686.rpm postgresql-debuginfo-8.4.20-1.el6_5.x86_64.rpm postgresql-devel-8.4.20-1.el6_5.i686.rpm postgresql-devel-8.4.20-1.el6_5.x86_64.rpm postgresql-docs-8.4.20-1.el6_5.x86_64.rpm postgresql-plperl-8.4.20-1.el6_5.x86_64.rpm postgresql-plpython-8.4.20-1.el6_5.x86_64.rpm postgresql-pltcl-8.4.20-1.el6_5.x86_64.rpm postgresql-server-8.4.20-1.el6_5.x86_64.rpm postgresql-test-8.4.20-1.el6_5.x86_64.rpm Red Hat Enterprise Linux Server (v.6): Source: i386: postgresql-8.4.20-1.el6_5.i686.rpm postgresql-contrib-8.4.20-1.el6_5.i686.rpm postgresql-debuginfo-8.4.20-1.el6_5.i686.rpm postgresql-devel-8.4.20-1.el6_5.i686.rpm postgresql-docs-8.4.20-1.el6_5.i686.rpm postgresql-libs-8.4.20-1.el6_5.i686.rpm postgresql-plperl-8.4.20-1.el6_5.i686.rpm postgresql-plpython-8.4.20-1.el6_5.i686.rpm postgresql-pltcl-8.4.20-1.el6_5.i686.rpm postgresql-server-8.4.20-1.el6_5.i686.rpm postgresql-test-8.4.20-1.el6_5.i686.rpm ppc64: postgresql-8.4.20-1.el6_5.ppc.rpm postgresql-8.4.20-1.el6_5.ppc64.rpm postgresql-contrib-8.4.20-1.el6_5.ppc64.rpm postgresql-debuginfo-8.4.20-1.el6_5.ppc.rpm postgresql-debuginfo-8.4.20-1.el6_5.ppc64.rpm postgresql-devel-8.4.20-1.el6_5.ppc.rpm postgresql-devel-8.4.20-1.el6_5.ppc64.rpm postgresql-docs-8.4.20-1.el6_5.ppc64.rpm postgresql-libs-8.4.20-1.el6_5.ppc.rpm postgresql-libs-8.4.20-1.el6_5.ppc64.rpm postgresql-plperl-8.4.20-1.el6_5.ppc64.rpm postgresql-plpython-8.4.20-1.el6_5.ppc64.rpm postgresql-pltcl-8.4.20-1.el6_5.ppc64.rpm postgresql-server-8.4.20-1.el6_5.ppc64.rpm postgresql-test-8.4.20-1.el6_5.ppc64.rpm s390x: postgresql-8.4.20-1.el6_5.s390.rpm postgresql-8.4.20-1.el6_5.s390x.rpm postgresql-contrib-8.4.20-1.el6_5.s390x.rpm postgresql-debuginfo-8.4.20-1.el6_5.s390.rpm postgresql-debuginfo-8.4.20-1.el6_5.s390x.rpm postgresql-devel-8.4.20-1.el6_5.s390.rpm postgresql-devel-8.4.20-1.el6_5.s390x.rpm postgresql-docs-8.4.20-1.el6_5.s390x.rpm postgresql-libs-8.4.20-1.el6_5.s390.rpm postgresql-libs-8.4.20-1.el6_5.s390x.rpm postgresql-plperl-8.4.20-1.el6_5.s390x.rpm postgresql-plpython-8.4.20-1.el6_5.s390x.rpm postgresql-pltcl-8.4.20-1.el6_5.s390x.rpm postgresql-server-8.4.20-1.el6_5.s390x.rpm postgresql-test-8.4.20-1.el6_5.s390x.rpm x86_64: postgresql-8.4.20-1.el6_5.i686.rpm postgresql-8.4.20-1.el6_5.x86_64.rpm postgresql-contrib-8.4.20-1.el6_5.x86_64.rpm postgresql-debuginfo-8.4.20-1.el6_5.i686.rpm postgresql-debuginfo-8.4.20-1.el6_5.x86_64.rpm postgresql-devel-8.4.20-1.el6_5.i686.rpm postgresql-devel-8.4.20-1.el6_5.x86_64.rpm postgresql-docs-8.4.20-1.el6_5.x86_64.rpm postgresql-libs-8.4.20-1.el6_5.i686.rpm postgresql-libs-8.4.20-1.el6_5.x86_64.rpm postgresql-plperl-8.4.20-1.el6_5.x86_64.rpm postgresql-plpython-8.4.20-1.el6_5.x86_64.rpm postgresql-pltcl-8.4.20-1.el6_5.x86_64.rpm postgresql-server-8.4.20-1.el6_5.x86_64.rpm postgresql-test-8.4.20-1.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: i386: postgresql-8.4.20-1.el6_5.i686.rpm postgresql-contrib-8.4.20-1.el6_5.i686.rpm postgresql-debuginfo-8.4.20-1.el6_5.i686.rpm postgresql-devel-8.4.20-1.el6_5.i686.rpm postgresql-docs-8.4.20-1.el6_5.i686.rpm postgresql-libs-8.4.20-1.el6_5.i686.rpm postgresql-plperl-8.4.20-1.el6_5.i686.rpm postgresql-plpython-8.4.20-1.el6_5.i686.rpm postgresql-pltcl-8.4.20-1.el6_5.i686.rpm postgresql-server-8.4.20-1.el6_5.i686.rpm postgresql-test-8.4.20-1.el6_5.i686.rpm x86_64: postgresql-8.4.20-1.el6_5.i686.rpm postgresql-8.4.20-1.el6_5.x86_64.rpm postgresql-contrib-8.4.20-1.el6_5.x86_64.rpm postgresql-debuginfo-8.4.20-1.el6_5.i686.rpm postgresql-debuginfo-8.4.20-1.el6_5.x86_64.rpm postgresql-devel-8.4.20-1.el6_5.i686.rpm postgresql-devel-8.4.20-1.el6_5.x86_64.rpm postgresql-docs-8.4.20-1.el6_5.x86_64.rpm postgresql-libs-8.4.20-1.el6_5.i686.rpm postgresql-libs-8.4.20-1.el6_5.x86_64.rpm postgresql-plperl-8.4.20-1.el6_5.x86_64.rpm postgresql-plpython-8.4.20-1.el6_5.x86_64.rpm postgresql-pltcl-8.4.20-1.el6_5.x86_64.rpm postgresql-server-8.4.20-1.el6_5.x86_64.rpm postgresql-test-8.4.20-1.el6_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7.References: https://access.redhat.com/security/cve/CVE-2014-0060 https://access.redhat.com/security/cve/CVE-2014-0061 https://access.redhat.com/security/cve/CVE-2014-0062 https://access.redhat.com/security/cve/CVE-2014-0063 https://access.redhat.com/security/cve/CVE-2014-0064 https://access.redhat.com/security/cve/CVE-2014-0065 https://access.redhat.com/security/cve/CVE-2014-0066 https://access.redhat.com/security/updates/classification#important https://www.postgresql.org/docs/8.4/release-8-4-19.html https://https://www.postgresql.org/docs/8.4/release-8-4-20.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTDMg+XlSAg2UNWIIRAlSvAJ9P4sARMig4TkGayGSS3Nl8CgxZ8gCfcfRC KPGhDgsx0R8Puuwcq/FvBrg=YvQj -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Feb 25, 2014
•Important
Red Hat
99
security advisorypackage updatesecurity fixSlackware 14.0 2013-161-01 Moderate: PHP Heap Overflow Exploit Fix
New php packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] php (SSA:2013-161-01) New php packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ patches/packages/php-5.4.16-i486-1_slack14.0.txz: Upgraded. This is a bugfix release. It also fixes a security issue -- a heap-based overflow in the quoted_printable_encode() function, which could be used by a remote attacker to crash PHP or execute code as the 'apache' user. For more information, see: https://www.cve.org/CVERecord?id=CVE-2013-2110 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 12.1: Updated package for Slackware 12.2: Updated package for Slackware 13.0: Updated package for Slackware x86_64 13.0: Updated package for Slackware 13.1: Updated package for Slackware x86_64 13.1: Updated package for Slackware 13.37: Updated package for Slackware x86_64 13.37: Updated package for Slackware 14.0: Updated package for Slackware x86_64 14.0: Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 12.1 package: 3e5af1a00cc18cd6545e605e255efc67 php-5.3.26-i486-1_slack12.1.tgz Slackware 12.2 package: a75b7ab86d9bbff99d64cf1f4931c589 php-5.3.26-i486-1_slack12.2.tgz Slackware 13.0 package: 1783ec6a10cdef944d6b5feb60f11805 php-5.3.26-i486-1_slack13.0.txz Slackware x86_64 13.0 package: 261d15d71eb1511fe76adca78bf9f688 php-5.3.26-x86_64-1_slack13.0.txz Slackware 13.1 package: bbfea2c007af80f60855790253ae8a4c php-5.3.26-i486-1_slack13.1.txz Slackware x86_64 13.1 package: 4a66118a2b9cf8753bbe9417079f6bf1 php-5.3.26-x86_64-1_slack13.1.txz Slackware 13.37 package: 2848b87f9e5af6e65323d26ea18c5ab6 php-5.3.26-i486-1_slack13.37.txz Slackware x86_64 13.37 package: 2bdc93156be85466131ff6b1735b39ed php-5.3.26-x86_64-1_slack13.37.txz Slackware 14.0 package: 4b1d89bdc7eaf8657643b713847f4dd6 php-5.4.16-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 4e1514ec28b2784f9df5e4804071385b php-5.4.16-x86_64-1_slack14.0.txz Slackware -current package: 6d251fcb0f7bfa5fdac78eb7f143b986 n/php-5.4.16-i486-1.txz Slackware x86_64 -current package: 85b55c7bc9f42304b13fdd88cab43a7e n/php-5.4.16-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg php-5.4.16-i486-1_slack14.0.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start +-----+ . Fresh PHP packages now launch for Slackware to mitigate a significant heap overflow vulnerability impacting various iterations.. Slackware Security Updates, Heap Overflow Fix, PHP Package Update. . LinuxSecurity.com Team
Jun 11, 2013
Slackware
172
security advisoryaccess controlUbuntuUbuntu 8.04 LTS USN-838-1 Moderate: Dovecot Access Control Issues
It was discovered that the ACL plugin in Dovecot would incorrectly handle negative access rights. An attacker could exploit this flaw to access the Dovecot server, bypassing the indended access restrictions. This only affected Ubuntu 8.04 LTS. (CVE-2008-4577) [More...]. ==========================================================Ubuntu Security Notice USN-838-1 September 28, 2009 dovecot vulnerabilities CVE-2008-4577, CVE-2008-5301, CVE-2009-2632, CVE-2009-3235 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: dovecot-common 1:1.0.10-1ubuntu5.2 Ubuntu 8.10: dovecot-common 1:1.1.4-0ubuntu1.3 Ubuntu 9.04: dovecot-common 1:1.1.11-0ubuntu4.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that the ACL plugin in Dovecot would incorrectly handle negative access rights. An attacker could exploit this flaw to access the Dovecot server, bypassing the indended access restrictions. This only affected Ubuntu 8.04 LTS. (CVE-2008-4577) It was discovered that the ManageSieve service in Dovecot incorrectly handled ".." in script names. A remote attacker could exploit this to read and modify arbitrary sieve files on the server. This only affected Ubuntu 8.10. (CVE-2008-5301) It was discovered that the Sieve plugin in Dovecot incorrectly handled certain sieve scripts. An authenticated user could exploit this with a crafted sieve script to cause a denial of service or possibly execute arbitrary code. (CVE-2009-2632, CVE-2009-3235) Updated packages for Ubuntu 8.04 LTS: Source archives: Size/MD5: 4077858bab610c8eaa3d584251f43f589458ef Size/MD5: 1295 381a3267d0258419fee8f054ee5bcd13 Size/MD5: 1797790 c050fa2a7dae8984d432595e3e8183e1 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 1838902 c0bd69b04f49b20bdbe7e2c830660e04 Size/MD5: 387834 b6a474d722d36ca98e2790954304d249 Size/MD5: 662814 ab6309638125fabe5752177671b3f8b3 Size/MD5: 625852 ce40fd95a9dc4bcc60c1b0c473a5e117 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 1695832 b1c5df762f681ee1c6ab3a9903ff367a Size/MD5: 387848 d00535e76b28f9622ea77c36c69b808d Size/MD5: 629748 61cb4fda4aa29fce1bf326522bbb2dda Size/MD5: 596084 d97fb54aba0f43f014f9e1dfd6404456 lpia architecture (Low Power Intel Architecture): Size/MD5: 1689932 e20d72de31679d4698caaa2d3fd92ebb Size/MD5: 387846 34903b7cdb220e85978c6483c7f09848 Size/MD5: 630210 7238a78a55f787251facd75cc3a15539 Size/MD5: 596564 f969a0ee5a2de65dee4e81de9c103622 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 1859284 96619941551bb690e56d6604972370da Size/MD5: 387880 cf175dd90cf5b677f55106c4e680ed9b Size/MD5: 669752 2b3b052e0d9703b41886c57793e7d1d6 Size/MD5: 633286 d87398d7e70d3eaf53e2c6fdd8652c5b sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 1688040 38f3316086f8e23d3894a3391d5e1a4d Size/MD5: 387864 ddb730f73fa997e160fc5cecb33849fa Size/MD5: 626886 6f8101225f556210c487c1b893aa639e Size/MD5: 593772 ea19773a3574702074ae05e30bdb248a Updated packages for Ubuntu 8.10: Source archives: Size/MD5: 928070 e0aa195d3428177fe9411548751772bd Size/MD5: 1631 9c08ffd5652cfb1773f44e124d13ca61 Size/MD5: 2314155 0050dd609cb456c8e52565a85373df28 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 37419520b0cfe3678735916771b36e5ec160e06 Size/MD5: 550040 1917dfa8998eb7ca66ca3976bda173e1 Size/MD5: 950536 17d646723188b605fa3a3049498fe4ff Size/MD5: 905584 f387f84340a9504321524219474fa147 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 3517356 7e0152635e337f3270880854fd6c9915 Size/MD5: 550052 13bf7c6602410ef8f36e12a0ad9acfa2 Size/MD5: 921792 417d56c7b938c795e55f49900e915b3b Size/MD5: 875792 09ff4ebec07209aa3a6c8e4948a9fdef lpia architecture (Low Power Intel Architecture): Size/MD5: 3462178 1069f6a2dba50c0ca051f6729d5b690c Size/MD5: 550044 ff2f07f9bf2e2790dfa3a0bb179f9818 Size/MD5: 913898 a9b186e1376c95035149e03cb6304f06 Size/MD5: 869782 3100c863e91d39871bbef95eb90fc5d2 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 3809458 549f771da3cc47778cf39cd136fb31ea Size/MD5: 550068 a7684b6f8de2bdc0779e3f1909a71ddd Size/MD5: 967808 ac60bc51b60709e87c16e1a89b4d86a4 Size/MD5: 917878 1a97248a18f853868f79a647baddadf9 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 3504892 2f9769dba2217da279734406fc4f7598 Size/MD5: 550104 785e41269e14f2dc8259b4c50d7521f5 Size/MD5: 919240 32d5e97daaac4a485a73e1c2deb4b12a Size/MD5: 872784 ba89567df97c5852802dee8664592440 Updated packages for Ubuntu 9.04: Source archives: Size/MD5: 933389 e69b949ee26b6f2d59549c14f473ff36 Size/MD5: 1655 55553d872f13646ee67923675ba5aeca Size/MD5: 2362415 c973eb41aca79fb16630a16f0d84f765 Architecture independent packages: Size/MD5: 22572 dc5219ed120e1541596d327ea3c5bb25 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 3708084 016223dc6893ecf7e87d269f49125e58 Size/MD5: 565074 1d847edeba4f72d6bc849af74facb327 Size/MD5: 9698287f4fae28f42007ddc221cb17a4698b46 Size/MD5: 925688 079c721b1076d1e0fbe207250acaac2f i386 architecture (x86 compatible Intel/AMD): Size/MD5: 3489560 4891c8aaa08191613a910abca4004807 Size/MD5: 565088 205baabd1480d8dc192ad8664806d79f Size/MD5: 939976 51b85c21d6985a0179ae400f150bbc43 Size/MD5: 896494 c509b3e8e4f33a7b89b09fe898aa0a26 lpia architecture (Low Power Intel Architecture): Size/MD5: 3438158 00fd839575485921909b33205279f434 Size/MD5: 565062 3f97b5355509275f1e895a2f8f2548b1 Size/MD5: 932192 69836d9eb88460c42f5fdea61a6e70aa Size/MD5: 890114 c23e4311d013a7416392a2c2c28c2144 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 3780660 bab41c6fcbcdf7e2f39d32f27e090ec3 Size/MD5: 565124 b3d5cc8886c6be0b4c538c3204cb6cef Size/MD5: 987250 7a018b6c36747bde9d1cff6eb79a7a5d Size/MD5: 938730 c3a8c128308f0b1212300a0a2121ca43 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 3473282 d20e674b6c5fff91f20a75182b836664 Size/MD5: 565124 d9abbe6098367fbdb0cb75c58197edab Size/MD5: 936990 62c55214cbb59c52e6df64a599135b28 Size/MD5: 893462 c613a178367b122aa0a4ef525f9f55e8 . Dovecot access control flaws may enable unauthorized remote access on certain Ubuntu versions. Immediate action required.. Dovecot Access Control, Ubuntu Security Notice, Server Exploit, ACL Plugin Issues. . Severity: Important. LinuxSecurity.com Team
Sep 28, 2009
•Important
Ubuntu
91
security advisoryGentoohigh severityGentoo: GLSA-202304-15 Critical Alert: Retro Racer Engine Exploit
Scorched 3D is vulnerable to a format string attack in the chat box that leads to Denial of Service on the game server and possibly allows execution of arbitrary code. [More...]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200404-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Scorched 3D server chat box format string vulnerability Date: April 09, 2004 Bugs: #39302 ID: 200404-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Scorched 3D is vulnerable to a format string attack in the chat box that leads to Denial of Service on the game server and possibly allows execution of arbitrary code. Background ========= Scorched 3D is a game based loosely on the classic DOS game "Scorched Earth". Scorched 3D adds amongst other new features a 3D island environment and LAN and internet play. Scorched 3D is totally free and is available for multiple operating systems. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- games-strategy/scorched3d < 37 > = 37 Description ========== Scorched 3D (build 36.2 and before) does not properly check the text entered in the Chat box (T key). Using format string characters, you can generate a heap overflow. This and several other unchecked buffershave been corrected in the build 37 release. Impact ===== This vulnerability can be easily exploited to remotely crash the Scorched 3D server, disconnecting all clients. It could also theorically be used to execute arbitrary code on the server with the rights ofthe user running the server. Workaround ========= A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package. Resolution ========= Scorched 3D users should upgrade to version 37 or later: # emerge sync # emerge -pv "> =games-strategy/scorched3d-37" # emerge "> =games-strategy/scorched3d-37" Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200404-12 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Apr 09, 2004
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!