Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
202
security advisoryimportant fixrequest smugglingopenSUSE: 2024:1308-1 Important Fixes for Nodejs16 Server Crash Issues
This update for nodejs16 fixes the following issues: CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session() that could lead to HTTP/2 server. # Security update for nodejs16 Announcement ID: SUSE-SU-2024:1308-1 Rating: important References: * bsc#1222244 * bsc#1222384 Cross-References: * CVE-2024-27982 * CVE-2024-27983 CVSS scores: * CVE-2024-27982 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2024-27983 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for nodejs16 fixes the following issues: * CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session() that could lead to HTTP/2 server crash (bsc#1222244) * CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation (bsc#1222384) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-1308=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1308=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1308=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1308=1 * SUSE LinuxEnterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1308=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-1308=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * corepack16-16.20.2-150400.3.33.1 * nodejs16-debuginfo-16.20.2-150400.3.33.1 * nodejs16-16.20.2-150400.3.33.1 * npm16-16.20.2-150400.3.33.1 * nodejs16-debugsource-16.20.2-150400.3.33.1 * nodejs16-devel-16.20.2-150400.3.33.1 * openSUSE Leap 15.4 (noarch) * nodejs16-docs-16.20.2-150400.3.33.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * nodejs16-debuginfo-16.20.2-150400.3.33.1 * npm16-16.20.2-150400.3.33.1 * nodejs16-16.20.2-150400.3.33.1 * nodejs16-debugsource-16.20.2-150400.3.33.1 * nodejs16-devel-16.20.2-150400.3.33.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * nodejs16-docs-16.20.2-150400.3.33.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * nodejs16-debuginfo-16.20.2-150400.3.33.1 * npm16-16.20.2-150400.3.33.1 * nodejs16-16.20.2-150400.3.33.1 * nodejs16-debugsource-16.20.2-150400.3.33.1 * nodejs16-devel-16.20.2-150400.3.33.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * nodejs16-docs-16.20.2-150400.3.33.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) * nodejs16-debuginfo-16.20.2-150400.3.33.1 * npm16-16.20.2-150400.3.33.1 * nodejs16-16.20.2-150400.3.33.1 * nodejs16-debugsource-16.20.2-150400.3.33.1 * nodejs16-devel-16.20.2-150400.3.33.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch) * nodejs16-docs-16.20.2-150400.3.33.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * nodejs16-debuginfo-16.20.2-150400.3.33.1 * npm16-16.20.2-150400.3.33.1 * nodejs16-16.20.2-150400.3.33.1 * nodejs16-debugsource-16.20.2-150400.3.33.1 * nodejs16-devel-16.20.2-150400.3.33.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * nodejs16-docs-16.20.2-150400.3.33.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * nodejs16-debuginfo-16.20.2-150400.3.33.1 * npm16-16.20.2-150400.3.33.1 * nodejs16-16.20.2-150400.3.33.1 * nodejs16-debugsource-16.20.2-150400.3.33.1 * nodejs16-devel-16.20.2-150400.3.33.1 * SUSE Manager Server 4.3 (noarch) * nodejs16-docs-16.20.2-150400.3.33.1 ## References: * https://www.suse.com/security/cve/CVE-2024-27982.html * https://www.suse.com/security/cve/CVE-2024-27983.html * https://bugzilla.suse.com/show_bug.cgi?id=1222244 * https://bugzilla.suse.com/show_bug.cgi?id=1222384 . Important security updates issued for nodejs16 tackling server instability and request manipulation vulnerabilities. Upgrade immediately!. OpenSUSE Security Update, Nodejs16 Advisory, Important Security Fix, Threat Mitigation Nodejs. . Severity: Important. LinuxSecurity.com Team
Apr 16, 2024
•Important
OpenSUSE
202
security advisorymemory leakimportant fixopenSUSE 15.4/15.5 Advisory 2023:3887-1 Critical: iperf Server Hang
This update for iperf fixes the following issues: update to 3.15 (bsc#1215662, ESNET-SECADV-2023-0002): Several bugs that could allow the iperf3 server to hang waiting for input on. # Security update for iperf Announcement ID: SUSE-SU-2023:3887-1 Rating: important References: * #1215662 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that has one security fix can now be installed. ## Description: This update for iperf fixes the following issues: * update to 3.15 (bsc#1215662, ESNET-SECADV-2023-0002): * Several bugs that could allow the iperf3 server to hang waiting for input on the control connection has been fixed (ESnet Software Security Advisory ESNET-SECADV-2023-0002) * A bug that caused garbled output with UDP tests on 32-bit hosts has been fixed (PR #1554, PR #1556). This bug was introduced in iperf-3.14. * A bug in counting UDP messages has been fixed * update to 3.14 (bsc#1213430, CVE-2023-38403): * fixes a memory allocation hazard that allowed a remote user to crash an iperf3 process * see https://downloads.es.net/pub/iperf/esnet-secadv-2023-0001.txt.asc * update to 3.13: * Added missing bind_devgetter and setter. * a fix for A resource leak bug in function iperf_create_pidfile (#1443) * doc: Fix copy-and-paste error leading to wrong error message * Fix crash on rcv-timeout with JSON logfile * update to 3.12: * cJSON has been updated to version 1.7.15 (#1383). * The --bind % option syntax now works properly (#1360 / * A server-side file descriptor leak with the --logfile option has been fixed (#1369 / #1360 / #1369 / #1389 / #1393). * A bug that caused some large values from TCP_INFO to be misprinted as negative numbers has been fixed (#1372). * Using the -k or -n flags with --reverse no longer leak into future tests (#1363 / #1364). * There are now various debug level options available with the \--debug option. These can be used to adjust the amount of debugging output (#1327). * A new --snd-timeout option has been added to set a termination timeout for idle TCP connections (#1215 / #1282). * iperf3 is slightly more robust to out-of-order packets during UDP connection setup in --reverse mode (#914 / #1123 / #1182 / #1212 / * iperf3 will now use different ports for each direction when the \--cport and --bdir options are set (#1249 / #1259). * The iperf3 server will now exit if it can't open its log file * Various help message and output fixes have been made (#1299 / * Various compiler warnings have been fixed (#1211 / #1316). * Operation of bootstrap.sh has been fixed and simplified (#1335 / * Flow label support / compatibility under Linux has been improved * Various minor memory leaks have been fixed (#1332 / #1333). * A getter/setter has been added for the bind_port parameter (--cport option). (#1303, #1305) * Various internal documentation improvements (#1265 / #1285 / #1304). * update to 3.11: * Update links to Discussions in documentation * Fix DSCP so that TOS = DSCP * 4 (#1162) * Fix --bind-dev for TCP streams (#1153) * Fix interface specification so doesn't overlap with IPv6 link-local addresses for -cand -B (#1157, #1180) * Add get/set test_unit_format function declaration to iperf_api.h * Auto adjustment of test-end condition for file transfers (-F), if no end condition is set, it will automatically adjust it to file size in bytes * Exit if idle time expires waiting for a connection in one-off mode (#1187, #1197) * Support zerocopy by reverse mode (#1204) * Update help and manpage text for #1157, support bind device * Consistently print target_bandwidth in JSON start section (#1177) * Test bitrate added to JSON output (#1168) * Remove fsync call after every write to receiving --file (#1176, #1159) * Update documentation for -w (#1175) * Fix for #952, different JSON object names for bidir reverse channel * update to 3.10.1: * Fixed a problem with autoconf scripts that made builds fail in some environments (#1154 / #1155). * GNU autoconf 2.71 or newer is now required to regenerate iperf3's configure scripts. * update to 3.10: * Fix a bug where some --reverse tests didn't terminate (#982 / #1054). * Responsiveness of control connections is slightly improved (#1045 / #1046 / #1063). * The allowable clock skew when doing authentication between client and server is now configurable with the new --time-skew-threshold (#1065 / #1070). * Bitrate throttling using the -b option now works when a burst size is specified (#1090). * A bug with calculating CPU utilization has been fixed (#1076 / #1077). * A --bind-dev option to support binding sockets to a given network interface has been added to make iperf3 work better with multi-homed machines and/or VRFs (#817 / #1089 / #1097). * \--pidfile now works with --client mode (#1110). * The server is now less likely to get stuck due to network errors (#1101, #1125), controlled by the new --rcv-timeout option. * Fixed a few bugs in termination conditions for byte or block-limited tests (#1113, #1114, #1115). * Added tcp_info.snd_wnd to JSON output (#1148). * Some bugs with garbledJSON output have been fixed (#1086, #1118, #1143 / #1146). * Support for setting the IPv4 don't-fragment (DF) bit has been added with the new --dont-fragment option (#1119). * A failure with not being able to read the congestion control algorithm under WSL1 has been fixed (#1061 / #1126). * Error handling and error messages now make more sense in cases where sockets were not successfully opened (#1129 / #1132 / #1136, #1135 / #1138, #1128 / #1139). * Some buffer overflow hazards were fixed (#1134). * It is now possible to use the API to set/get the congestion control algorithm (#1036 / #1112). * update to 3.9: * A --timestamps flag has been added, which prepends a timestamp to each output line. An optional argument to this flag, which is a format specification to strftime(3), allows for custom timestamp formats (#909, #1028). * A --server-bitrate-limit flag has been added as a server-side command-line argument. It allows a server to enforce a maximum throughput rate; client connections that specify a higher bitrate or exceed this bitrate during a test will be terminated. The bitrate is expressed in bits per second, with an optional trailing slash and integer count that specifies an averaging interval over which to enforce the limit (#999). * A bug that caused increased CPU usage with the --bidir option has been fixed (#1011). * Fixed various minor memory leaks (#1023). * update to 3.8.1 * Minor bugfixes and enhancements * update to 3.7 * Support for simultaneous bidirectional tests with the --bidir flag * Use POSIX standard clock_gettime(3) interface for timekeeping where available * Passwords for authentication can be provided via environment variable * Specifying --repeating-payload and --reverse now works * Failed authentication doesn't count for --one-off * Several memory leaks related to authenticated use were fixed * The delay for tearing down the control connection for the default timed testshas been increased, to more gracefully handle high-delay paths * Various improvements to the libiperf APIs * Fixed build behavior when OpenSSL is absent * Portability fixes * update to 3.6 * A new --extra-data option can be used to fill in a user-defined string field that appears in JSON output. * A new --repeating-payload option makes iperf3 use a payload pattern similar to that used by iperf2, which could help in recreating results that might be affected by payload entropy (for example, compression). * -B now works properly with SCTP tests. * A compile fix for Solaris 10 was added. * Some minor bug fixes for JSON output. In particular, warnings for debug and/or verbose modes with --json output and a fix for JSON output on CentOS 6 * This maintenance release adds a -1 flag to make the iperf3 execute a single test and exit, needed for an upcoming bwctl there is only one stream. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3887=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3887=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3887=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-3887=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3887=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * iperf-debuginfo-3.15-150000.3.6.1 * libiperf0-3.15-150000.3.6.1 * iperf-devel-3.15-150000.3.6.1 * libiperf0-debuginfo-3.15-150000.3.6.1 * iperf-debugsource-3.15-150000.3.6.1 * iperf-3.15-150000.3.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * iperf-debuginfo-3.15-150000.3.6.1 * libiperf0-3.15-150000.3.6.1 * iperf-devel-3.15-150000.3.6.1 * libiperf0-debuginfo-3.15-150000.3.6.1 * iperf-debugsource-3.15-150000.3.6.1 * iperf-3.15-150000.3.6.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * iperf-debuginfo-3.15-150000.3.6.1 * libiperf0-3.15-150000.3.6.1 * iperf-devel-3.15-150000.3.6.1 * libiperf0-debuginfo-3.15-150000.3.6.1 * iperf-debugsource-3.15-150000.3.6.1 * iperf-3.15-150000.3.6.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * iperf-debuginfo-3.15-150000.3.6.1 * libiperf0-3.15-150000.3.6.1 * iperf-devel-3.15-150000.3.6.1 * libiperf0-debuginfo-3.15-150000.3.6.1 * iperf-debugsource-3.15-150000.3.6.1 * iperf-3.15-150000.3.6.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * iperf-debuginfo-3.15-150000.3.6.1 * libiperf0-3.15-150000.3.6.1 * libiperf0-debuginfo-3.15-150000.3.6.1 * iperf-debugsource-3.15-150000.3.6.1 * iperf-3.15-150000.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215662 . Critical iperf patch released addresses various vulnerabilities on openSUSE installations impacting both 15.4 and 15.5 editions.. iperf Security Update, openSUSE Advisory, Performance Test Fix, Memory Leak Patch. . Severity: Important. LinuxSecurity.com Team
Sep 28, 2023
•Important
OpenSUSE
99
security advisorysecurity updatebug fixSlackware 14.2: 2018-192-02 Critical: OpenSSL Security Update
New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] bind (SSA:2018-192-01) New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/bind-9.10.8-i586-1_slack14.2.txz: Upgraded. This update fixes security issues: Fixed a bug where extraordinarily large zone transfers caused several problems, with possible outcomes including corrupted journal files or server exit due to assertion failure. Don't permit recursive query service to unauthorized clients. For more information, see: https://www.cve.org/CVERecord?id=CVE-2018-5738 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 14.0: Updated package for Slackware x86_64 14.0: Updated package for Slackware 14.1: Updated package for Slackware x86_64 14.1: Updated package for Slackware 14.2: Updated package for Slackware x86_64 14.2: Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 14.0 package: 3df72fb1579a8c0689314047f43a0a2d bind-9.9.13-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 4bc232339338d13ff37e81a7c781d26d bind-9.9.13-x86_64-1_slack14.0.txz Slackware 14.1 package: 721d903ce5a68d71dcb9801cc658d8c8 bind-9.9.13-i486-1_slack14.1.txz Slackware x86_64 14.1 package: fb3b6f8b0c6d644624094e0f07429fbd bind-9.9.13-x86_64-1_slack14.1.txz Slackware 14.2 package: 82149ea36a5c8364764ee2f04349a24e bind-9.10.8-i586-1_slack14.2.txz Slackware x86_64 14.2package: 3f6b151875e2486d262e99b341fb5023 bind-9.10.8-x86_64-1_slack14.2.txz Slackware -current package: 509e76121146d18f3872db28b4abf98f n/bind-9.13.2-i586-1.txz Slackware x86_64 -current package: 87622e82d50313b87c8860960af89d5e n/bind-9.13.2-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg bind-9.10.8-i586-1_slack14.2.txz Then, restart the name server: # /etc/rc.d/rc.bind restart +-----+ . Updated bind packages have been released for Slackware versions 14.0, 14.1, 14.2, and -current to address and remediate security vulnerabilities.. bind Security Update, Slackware Package Update, Bug Fixes. . Severity: Critical. LinuxSecurity.com Team
Jul 12, 2018
•Critical
Slackware
98
security advisoryRed HatimportantRed Hat: RHSA-2016-1602-01 Important: MariaDB Security Update
An update for mariadb is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: mariadb security update Advisory ID: RHSA-2016:1602-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:1602.html Issue date: 2016-08-11 CVE Names: CVE-2016-0640 CVE-2016-0641 CVE-2016-0643 CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650 CVE-2016-0666 CVE-2016-3452 CVE-2016-3477 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440 CVE-2016-5444 ==================================================================== 1. Summary: An update for mariadb is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: MariaDB is a multi-user, multi-threaded SQLdatabase server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb (5.5.50). Security Fix(es): * This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages, listed in the References section. (CVE-2016-0640, CVE-2016-0641, CVE-2016-0643, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0666, CVE-2016-3452, CVE-2016-3477, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440, CVE-2016-5444) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1329239 - CVE-2016-0640 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU April 2016) 1329241 - CVE-2016-0641 mysql: unspecified vulnerability in subcomponent: Server: MyISAM (CPU April 2016) 1329245 - CVE-2016-0643 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU April 2016) 1329247 - CVE-2016-0644 mysql: unspecified vulnerability in subcomponent: Server: DDL (CPU April 2016) 1329248 - CVE-2016-0646 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU April 2016) 1329249 - CVE-2016-0647 mysql: unspecified vulnerability in subcomponent: Server: FTS (CPU April 2016) 1329251 - CVE-2016-0648 mysql: unspecified vulnerability in subcomponent: Server: PS (CPU April 2016) 1329252 - CVE-2016-0649 mysql: unspecified vulnerability in subcomponent: Server: PS (CPU April 2016) 1329253 - CVE-2016-0650 mysql: unspecified vulnerability in subcomponent: Server: Replication (CPU April 2016) 1329270 - CVE-2016-0666 mysql: unspecified vulnerability in subcomponent: Server: Security: Privileges (CPU April 2016) 1358201 - CVE-2016-3452 mysql: unspecified vulnerability insubcomponent: Server: Security: Encryption (CPU July 2016) 1358205 - CVE-2016-3477 mysql: unspecified vulnerability in subcomponent: Server: Parser (CPU July 2016) 1358209 - CVE-2016-3521 mysql: unspecified vulnerability in subcomponent: Server: Types (CPU July 2016) 1358212 - CVE-2016-3615 mysql: unspecified vulnerability in subcomponent: Server: DML (CPU July 2016) 1358218 - CVE-2016-5440 mysql: unspecified vulnerability in subcomponent: Server: RBR (CPU July 2016) 1358223 - CVE-2016-5444 mysql: unspecified vulnerability in subcomponent: Server: Connection (CPU July 2016) 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: mariadb-5.5.50-1.el7_2.src.rpm x86_64: mariadb-5.5.50-1.el7_2.x86_64.rpm mariadb-debuginfo-5.5.50-1.el7_2.i686.rpm mariadb-debuginfo-5.5.50-1.el7_2.x86_64.rpm mariadb-libs-5.5.50-1.el7_2.i686.rpm mariadb-libs-5.5.50-1.el7_2.x86_64.rpm mariadb-server-5.5.50-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: mariadb-bench-5.5.50-1.el7_2.x86_64.rpm mariadb-debuginfo-5.5.50-1.el7_2.i686.rpm mariadb-debuginfo-5.5.50-1.el7_2.x86_64.rpm mariadb-devel-5.5.50-1.el7_2.i686.rpm mariadb-devel-5.5.50-1.el7_2.x86_64.rpm mariadb-embedded-5.5.50-1.el7_2.i686.rpm mariadb-embedded-5.5.50-1.el7_2.x86_64.rpm mariadb-embedded-devel-5.5.50-1.el7_2.i686.rpm mariadb-embedded-devel-5.5.50-1.el7_2.x86_64.rpm mariadb-test-5.5.50-1.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: mariadb-5.5.50-1.el7_2.src.rpm x86_64: mariadb-5.5.50-1.el7_2.x86_64.rpm mariadb-debuginfo-5.5.50-1.el7_2.i686.rpm mariadb-debuginfo-5.5.50-1.el7_2.x86_64.rpm mariadb-libs-5.5.50-1.el7_2.i686.rpm mariadb-libs-5.5.50-1.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v.7): x86_64: mariadb-bench-5.5.50-1.el7_2.x86_64.rpm mariadb-debuginfo-5.5.50-1.el7_2.i686.rpm mariadb-debuginfo-5.5.50-1.el7_2.x86_64.rpm mariadb-devel-5.5.50-1.el7_2.i686.rpm mariadb-devel-5.5.50-1.el7_2.x86_64.rpm mariadb-embedded-5.5.50-1.el7_2.i686.rpm mariadb-embedded-5.5.50-1.el7_2.x86_64.rpm mariadb-embedded-devel-5.5.50-1.el7_2.i686.rpm mariadb-embedded-devel-5.5.50-1.el7_2.x86_64.rpm mariadb-server-5.5.50-1.el7_2.x86_64.rpm mariadb-test-5.5.50-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: mariadb-5.5.50-1.el7_2.src.rpm ppc64: mariadb-5.5.50-1.el7_2.ppc64.rpm mariadb-bench-5.5.50-1.el7_2.ppc64.rpm mariadb-debuginfo-5.5.50-1.el7_2.ppc.rpm mariadb-debuginfo-5.5.50-1.el7_2.ppc64.rpm mariadb-devel-5.5.50-1.el7_2.ppc.rpm mariadb-devel-5.5.50-1.el7_2.ppc64.rpm mariadb-libs-5.5.50-1.el7_2.ppc.rpm mariadb-libs-5.5.50-1.el7_2.ppc64.rpm mariadb-server-5.5.50-1.el7_2.ppc64.rpm mariadb-test-5.5.50-1.el7_2.ppc64.rpm ppc64le: mariadb-5.5.50-1.el7_2.ppc64le.rpm mariadb-bench-5.5.50-1.el7_2.ppc64le.rpm mariadb-debuginfo-5.5.50-1.el7_2.ppc64le.rpm mariadb-devel-5.5.50-1.el7_2.ppc64le.rpm mariadb-libs-5.5.50-1.el7_2.ppc64le.rpm mariadb-server-5.5.50-1.el7_2.ppc64le.rpm mariadb-test-5.5.50-1.el7_2.ppc64le.rpm s390x: mariadb-5.5.50-1.el7_2.s390x.rpm mariadb-bench-5.5.50-1.el7_2.s390x.rpm mariadb-debuginfo-5.5.50-1.el7_2.s390.rpm mariadb-debuginfo-5.5.50-1.el7_2.s390x.rpm mariadb-devel-5.5.50-1.el7_2.s390.rpm mariadb-devel-5.5.50-1.el7_2.s390x.rpm mariadb-libs-5.5.50-1.el7_2.s390.rpm mariadb-libs-5.5.50-1.el7_2.s390x.rpm mariadb-server-5.5.50-1.el7_2.s390x.rpm mariadb-test-5.5.50-1.el7_2.s390x.rpm x86_64: mariadb-5.5.50-1.el7_2.x86_64.rpm mariadb-bench-5.5.50-1.el7_2.x86_64.rpm mariadb-debuginfo-5.5.50-1.el7_2.i686.rpm mariadb-debuginfo-5.5.50-1.el7_2.x86_64.rpm mariadb-devel-5.5.50-1.el7_2.i686.rpm mariadb-devel-5.5.50-1.el7_2.x86_64.rpm mariadb-libs-5.5.50-1.el7_2.i686.rpm mariadb-libs-5.5.50-1.el7_2.x86_64.rpm mariadb-server-5.5.50-1.el7_2.x86_64.rpm mariadb-test-5.5.50-1.el7_2.x86_64.rpm RedHat Enterprise Linux Server Optional (v. 7): ppc64: mariadb-debuginfo-5.5.50-1.el7_2.ppc.rpm mariadb-debuginfo-5.5.50-1.el7_2.ppc64.rpm mariadb-embedded-5.5.50-1.el7_2.ppc.rpm mariadb-embedded-5.5.50-1.el7_2.ppc64.rpm mariadb-embedded-devel-5.5.50-1.el7_2.ppc.rpm mariadb-embedded-devel-5.5.50-1.el7_2.ppc64.rpm ppc64le: mariadb-debuginfo-5.5.50-1.el7_2.ppc64le.rpm mariadb-embedded-5.5.50-1.el7_2.ppc64le.rpm mariadb-embedded-devel-5.5.50-1.el7_2.ppc64le.rpm s390x: mariadb-debuginfo-5.5.50-1.el7_2.s390.rpm mariadb-debuginfo-5.5.50-1.el7_2.s390x.rpm mariadb-embedded-5.5.50-1.el7_2.s390.rpm mariadb-embedded-5.5.50-1.el7_2.s390x.rpm mariadb-embedded-devel-5.5.50-1.el7_2.s390.rpm mariadb-embedded-devel-5.5.50-1.el7_2.s390x.rpm x86_64: mariadb-debuginfo-5.5.50-1.el7_2.i686.rpm mariadb-debuginfo-5.5.50-1.el7_2.x86_64.rpm mariadb-embedded-5.5.50-1.el7_2.i686.rpm mariadb-embedded-5.5.50-1.el7_2.x86_64.rpm mariadb-embedded-devel-5.5.50-1.el7_2.i686.rpm mariadb-embedded-devel-5.5.50-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: mariadb-5.5.50-1.el7_2.src.rpm x86_64: mariadb-5.5.50-1.el7_2.x86_64.rpm mariadb-bench-5.5.50-1.el7_2.x86_64.rpm mariadb-debuginfo-5.5.50-1.el7_2.i686.rpm mariadb-debuginfo-5.5.50-1.el7_2.x86_64.rpm mariadb-devel-5.5.50-1.el7_2.i686.rpm mariadb-devel-5.5.50-1.el7_2.x86_64.rpm mariadb-libs-5.5.50-1.el7_2.i686.rpm mariadb-libs-5.5.50-1.el7_2.x86_64.rpm mariadb-server-5.5.50-1.el7_2.x86_64.rpm mariadb-test-5.5.50-1.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: mariadb-debuginfo-5.5.50-1.el7_2.i686.rpm mariadb-debuginfo-5.5.50-1.el7_2.x86_64.rpm mariadb-embedded-5.5.50-1.el7_2.i686.rpm mariadb-embedded-5.5.50-1.el7_2.x86_64.rpm mariadb-embedded-devel-5.5.50-1.el7_2.i686.rpm mariadb-embedded-devel-5.5.50-1.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2016-0640 https://access.redhat.com/security/cve/CVE-2016-0641 https://access.redhat.com/security/cve/CVE-2016-0643 https://access.redhat.com/security/cve/CVE-2016-0644 https://access.redhat.com/security/cve/CVE-2016-0646 https://access.redhat.com/security/cve/CVE-2016-0647 https://access.redhat.com/security/cve/CVE-2016-0648 https://access.redhat.com/security/cve/CVE-2016-0649 https://access.redhat.com/security/cve/CVE-2016-0650 https://access.redhat.com/security/cve/CVE-2016-0666 https://access.redhat.com/security/cve/CVE-2016-3452 https://access.redhat.com/security/cve/CVE-2016-3477 https://access.redhat.com/security/cve/CVE-2016-3521 https://access.redhat.com/security/cve/CVE-2016-3615 https://access.redhat.com/security/cve/CVE-2016-5440 https://access.redhat.com/security/cve/CVE-2016-5444 https://access.redhat.com/security/updates/classification/#important https://www.oracle.com/security-alerts/cpuapr2016.html https://www.oracle.com/security-alerts/cpujul2016.html https://mariadb.com/docs/release-notes/community-server/old-releases/release-notes-mariadb-5-5-series/mariadb-5548-release-notes https://mariadb.com/docs/release-notes/community-server/old-releases/release-notes-mariadb-5-5-series/mariadb-5549-release-notes https://mariadb.com/docs/release-notes/community-server/old-releases/release-notes-mariadb-5-5-series/mariadb-5550-release-notes 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXrI5tXlSAg2UNWIIRAoMKAKCk82023z4v+aYdgpwKwjirfoOVTwCgtUwp 9y8bd6YZ2ioVv7ENX6rspoc=nTD6 -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Aug 11, 2016
•Important
Red Hat
89
security advisoryFedoraupdate informationFedora 23 Subversion Security Advisory: Integer Overflow Fixes
This update includes the latest stable release of _Apache Subversion_, version **1.9.3**. ### User-visible changes: #### Client-side bugfixes: * svn: fix possible crash in auth credentials cache * cleanup: avoid unneeded memory growth during pristine cleanup * diff: fix crash when repository is on server root * fix translations for commit notifications * ra_serf: fix crash in. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-afdb0e8aaa 2015-12-22 17:48:56.359287 -------------------------------------------------------------------------------- Name : subversion Product : Fedora 23 Version : 1.9.3 Release : 1.fc23 URL : https://subversion.apache.org/ Summary : A Modern Concurrent Version Control System Description : Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subversion is intended to be a compelling replacement for CVS. -------------------------------------------------------------------------------- Update Information: This update includes the latest stable release of _Apache Subversion_, version **1.9.3**. ### User-visible changes: #### Client-side bugfixes: * svn: fix possible crash in auth credentials cache * cleanup: avoid unneeded memory growth during pristine cleanup * diff: fix crash when repository is on server root * fix translations for commit notifications * ra_serf: fix crash in multistatus parser * svn: report lock/unlock errors as failures * svn: cleanup user deleted external registrations * svn: allow simple resolving of binary file text conflicts * svnlook: properly remove tempfiles on diff errors * ra_serf: report built- and run-time versions of libserf * ra_serf: set Content- Type header in outgoing requests * svn: fix mergingdeletes of svn:eol-style CRLF/CR files * ra_local: disable zero-copy code path #### Server-side bugfixes: * mod_authz_svn: fix authz with mod_auth_kerb/mod_auth_ntlm ( [issue 4602]()) * mod_dav_svn: fix display of process ID in cache statistics * mod_dav_svn: use LimitXMLRequestBody for skel-encoded requests * svnadmin dump: preserve no-op changes * fsfs: avoid unneeded I/O when opening transactions #### Bindings bugfixes: * javahl: fix ABI incompatibilty with 1.8 * javahl: allow non- absolute paths in SVNClient.vacuum ### Developer-visible changes: #### General: * fix patch filter invocation in svn_client_patch() * add \@since information to config defines * fix running the tests in compatibility mode * clarify documentation of svn_fs_node_created_rev() #### API changes: * fix overflow detection in svn_stringbuf_remove and _replace * don't ignore some of the parameters to svn_ra_svn_create_conn3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1289959 - CVE-2015-5343 subversion: (mod_dav_svn) integer overflow when parsing skel-encoded request bodies https://bugzilla.redhat.com/show_bug.cgi?id=1289959 [ 2 ] Bug #1289958 - CVE-2015-5259 subversion: integer overflow in the svn:// protocol parser https://bugzilla.redhat.com/show_bug.cgi?id=1289958 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update subversion' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailinglist
Dec 22, 2015
•Important
Fedora
98
security advisorycode executionsecurity fixRed Hat Enterprise Linux 6 RHSA-2012:0128-01 Moderate Httpd Security Fix
Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: httpd security update Advisory ID: RHSA-2012:0128-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2012:0128.html Issue date: 2012-02-13 CVE Names: CVE-2011-3607 CVE-2011-3639 CVE-2011-4317 CVE-2012-0031 CVE-2012-0053 ==================================================================== 1. Summary: Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 3. Description: The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 (released via RHSA-2011:1391) did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request, or by using a specially-crafted URI.(CVE-2011-3639, CVE-2011-4317) The httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies. (CVE-2012-0053) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way httpd performed substitutions in regular expressions. An attacker able to set certain httpd settings, such as a user permitted to override the httpd configuration for a specific directory using a ".htaccess" file, could use this flaw to crash the httpd child process or, possibly, execute arbitrary code with the privileges of the "apache" user. (CVE-2011-3607) A flaw was found in the way httpd handled child process status information. A malicious program running with httpd child process privileges (such as a PHP or CGI script) could use this flaw to cause the parent httpd process to crash during httpd service shutdown. (CVE-2012-0031) All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 752080 - CVE-2011-3639 httpd: http 0.9 request bypass of the reverse proxy vulnerability CVE-2011-3368 fix 756483 - CVE-2011-4317 httpd: uri scheme bypass of the reverse proxy vulnerability CVE-2011-3368 fix 769844 - CVE-2011-3607 httpd: ap_pregsub Integer overflow to buffer overflow 773744 - CVE-2012-0031 httpd: possible crash on shutdown due to flaw in scoreboard handling 785069 - CVE-2012-0053 httpd: cookie exposure due to error responses 6.Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: i386: httpd-2.2.15-15.el6_2.1.i686.rpm httpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm httpd-tools-2.2.15-15.el6_2.1.i686.rpm x86_64: httpd-2.2.15-15.el6_2.1.x86_64.rpm httpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm httpd-tools-2.2.15-15.el6_2.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: i386: httpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm httpd-devel-2.2.15-15.el6_2.1.i686.rpm mod_ssl-2.2.15-15.el6_2.1.i686.rpm noarch: httpd-manual-2.2.15-15.el6_2.1.noarch.rpm x86_64: httpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm httpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm httpd-devel-2.2.15-15.el6_2.1.i686.rpm httpd-devel-2.2.15-15.el6_2.1.x86_64.rpm mod_ssl-2.2.15-15.el6_2.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: x86_64: httpd-2.2.15-15.el6_2.1.x86_64.rpm httpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm httpd-tools-2.2.15-15.el6_2.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: noarch: httpd-manual-2.2.15-15.el6_2.1.noarch.rpm x86_64: httpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm httpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm httpd-devel-2.2.15-15.el6_2.1.i686.rpm httpd-devel-2.2.15-15.el6_2.1.x86_64.rpm mod_ssl-2.2.15-15.el6_2.1.x86_64.rpm Red Hat Enterprise Linux Server (v.6): Source: i386: httpd-2.2.15-15.el6_2.1.i686.rpm httpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm httpd-devel-2.2.15-15.el6_2.1.i686.rpm httpd-tools-2.2.15-15.el6_2.1.i686.rpm mod_ssl-2.2.15-15.el6_2.1.i686.rpm noarch: httpd-manual-2.2.15-15.el6_2.1.noarch.rpm ppc64: httpd-2.2.15-15.el6_2.1.ppc64.rpm httpd-debuginfo-2.2.15-15.el6_2.1.ppc.rpm httpd-debuginfo-2.2.15-15.el6_2.1.ppc64.rpm httpd-devel-2.2.15-15.el6_2.1.ppc.rpm httpd-devel-2.2.15-15.el6_2.1.ppc64.rpm httpd-tools-2.2.15-15.el6_2.1.ppc64.rpm mod_ssl-2.2.15-15.el6_2.1.ppc64.rpm s390x: httpd-2.2.15-15.el6_2.1.s390x.rpm httpd-debuginfo-2.2.15-15.el6_2.1.s390.rpm httpd-debuginfo-2.2.15-15.el6_2.1.s390x.rpm httpd-devel-2.2.15-15.el6_2.1.s390.rpm httpd-devel-2.2.15-15.el6_2.1.s390x.rpm httpd-tools-2.2.15-15.el6_2.1.s390x.rpm mod_ssl-2.2.15-15.el6_2.1.s390x.rpm x86_64: httpd-2.2.15-15.el6_2.1.x86_64.rpm httpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm httpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm httpd-devel-2.2.15-15.el6_2.1.i686.rpm httpd-devel-2.2.15-15.el6_2.1.x86_64.rpm httpd-tools-2.2.15-15.el6_2.1.x86_64.rpm mod_ssl-2.2.15-15.el6_2.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: i386: httpd-2.2.15-15.el6_2.1.i686.rpm httpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm httpd-devel-2.2.15-15.el6_2.1.i686.rpm httpd-tools-2.2.15-15.el6_2.1.i686.rpm mod_ssl-2.2.15-15.el6_2.1.i686.rpm noarch: httpd-manual-2.2.15-15.el6_2.1.noarch.rpm x86_64: httpd-2.2.15-15.el6_2.1.x86_64.rpm httpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm httpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm httpd-devel-2.2.15-15.el6_2.1.i686.rpm httpd-devel-2.2.15-15.el6_2.1.x86_64.rpm httpd-tools-2.2.15-15.el6_2.1.x86_64.rpm mod_ssl-2.2.15-15.el6_2.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7.References: https://access.redhat.com/security/cve/CVE-2011-3607 https://access.redhat.com/security/cve/CVE-2011-3639 https://access.redhat.com/security/cve/CVE-2011-4317 https://access.redhat.com/security/cve/CVE-2012-0031 https://access.redhat.com/security/cve/CVE-2012-0053 https://access.redhat.com/security/updates/classification#moderate https://access.redhat.com/errata/RHSA-2011:1391.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPOXUIXlSAg2UNWIIRAg4AAJ9vTPttyKrbHbaSV7xCAzG89ytZgACfTSq+ HOLS5+cKusdo+jUiYKIV4mw=fM2U -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Feb 13, 2012
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!