Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
203
security advisorysoftware updatedhcpMageia 8 MGASA-2022-0374 Moderate: ISC DHCP Memory Overflow Risk
In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to . MGASA-2022-0374 - Updated dhcp packages fix security vulnerability Publication date: 18 Oct 2022 URL: https://advisories.mageia.org/MGASA-2022-0374.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-2928, CVE-2022-2929 In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort. (CVE-2022-2928) In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory. (CVE-2022-2929) References: - https://bugs.mageia.org/show_bug.cgi?id=30942 - https://kb.isc.org/docs/cve-2022-2928 - https://kb.isc.org/docs/cve-2022-2929 - https://www.openwall.com/lists/oss-security/2022/10/05/1 - https://ubuntu.com/security/notices/USN-5658-1 - https://www.cve.org/CVERecord?id=CVE-2022-2928 - https://www.cve.org/CVERecord?id=CVE-2022-2929 SRPMS: - 8/core/dhcp-4.4.2-10.2.mga8 . The MGASA-2022-0456 patch tackles urgent vulnerabilities in OpenSSH, boosting client resilience against network attacks.. ISCDhcpUpdate,MageiaSecurityPatch,OptionReferenceFix,MemoryOverflowIssue. . LinuxSecurity.com Team
Oct 18, 2022
Mageia
98
security advisorymoderatesecurity updateRedHat Enterprise Linux 8.2 RHSA-2022:0635-01 Moderate: curl TLS Issues
An update for curl is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: curl security update Advisory ID: RHSA-2022:0635-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0635 Issue date: 2022-02-22 CVE Names: CVE-2021-22946 CVE-2021-22947 ==================================================================== 1. Summary: An update for curl is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 3. Description: The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols (CVE-2021-22946) * curl: Server responses received before STARTTLS processed after TLS handshake (CVE-2021-22947) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed(https://bugzilla.redhat.com/): 2003175 - CVE-2021-22946 curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols 2003191 - CVE-2021-22947 curl: Server responses received before STARTTLS processed after TLS handshake 6. Package List: Red Hat Enterprise Linux BaseOS EUS (v.8.2): Source: curl-7.61.1-12.el8_2.4.src.rpm aarch64: curl-7.61.1-12.el8_2.4.aarch64.rpm curl-debuginfo-7.61.1-12.el8_2.4.aarch64.rpm curl-debugsource-7.61.1-12.el8_2.4.aarch64.rpm curl-minimal-debuginfo-7.61.1-12.el8_2.4.aarch64.rpm libcurl-7.61.1-12.el8_2.4.aarch64.rpm libcurl-debuginfo-7.61.1-12.el8_2.4.aarch64.rpm libcurl-devel-7.61.1-12.el8_2.4.aarch64.rpm libcurl-minimal-7.61.1-12.el8_2.4.aarch64.rpm libcurl-minimal-debuginfo-7.61.1-12.el8_2.4.aarch64.rpm ppc64le: curl-7.61.1-12.el8_2.4.ppc64le.rpm curl-debuginfo-7.61.1-12.el8_2.4.ppc64le.rpm curl-debugsource-7.61.1-12.el8_2.4.ppc64le.rpm curl-minimal-debuginfo-7.61.1-12.el8_2.4.ppc64le.rpm libcurl-7.61.1-12.el8_2.4.ppc64le.rpm libcurl-debuginfo-7.61.1-12.el8_2.4.ppc64le.rpm libcurl-devel-7.61.1-12.el8_2.4.ppc64le.rpm libcurl-minimal-7.61.1-12.el8_2.4.ppc64le.rpm libcurl-minimal-debuginfo-7.61.1-12.el8_2.4.ppc64le.rpm s390x: curl-7.61.1-12.el8_2.4.s390x.rpm curl-debuginfo-7.61.1-12.el8_2.4.s390x.rpm curl-debugsource-7.61.1-12.el8_2.4.s390x.rpm curl-minimal-debuginfo-7.61.1-12.el8_2.4.s390x.rpm libcurl-7.61.1-12.el8_2.4.s390x.rpm libcurl-debuginfo-7.61.1-12.el8_2.4.s390x.rpm libcurl-devel-7.61.1-12.el8_2.4.s390x.rpm libcurl-minimal-7.61.1-12.el8_2.4.s390x.rpm libcurl-minimal-debuginfo-7.61.1-12.el8_2.4.s390x.rpm x86_64: curl-7.61.1-12.el8_2.4.x86_64.rpm curl-debuginfo-7.61.1-12.el8_2.4.i686.rpm curl-debuginfo-7.61.1-12.el8_2.4.x86_64.rpm curl-debugsource-7.61.1-12.el8_2.4.i686.rpm curl-debugsource-7.61.1-12.el8_2.4.x86_64.rpm curl-minimal-debuginfo-7.61.1-12.el8_2.4.i686.rpm curl-minimal-debuginfo-7.61.1-12.el8_2.4.x86_64.rpm libcurl-7.61.1-12.el8_2.4.i686.rpm libcurl-7.61.1-12.el8_2.4.x86_64.rpm libcurl-debuginfo-7.61.1-12.el8_2.4.i686.rpm libcurl-debuginfo-7.61.1-12.el8_2.4.x86_64.rpm libcurl-devel-7.61.1-12.el8_2.4.i686.rpm libcurl-devel-7.61.1-12.el8_2.4.x86_64.rpm libcurl-minimal-7.61.1-12.el8_2.4.i686.rpm libcurl-minimal-7.61.1-12.el8_2.4.x86_64.rpm libcurl-minimal-debuginfo-7.61.1-12.el8_2.4.i686.rpm libcurl-minimal-debuginfo-7.61.1-12.el8_2.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-22946 https://access.redhat.com/security/cve/CVE-2021-22947 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYhVgXNzjgjWX9erEAQgHCA/+JI0ozw9cVk03UmnCHzbjlMNDRuwnKUyY PGs/vO9d1Z8aj9n6fSeSv/JKv4BWuiFzip6nNzLoId0gbevfDw2BaIr7sODRFrei dz2v44z+PMIBelCp4hEc8SJywAKx+/5pLIXZMUGrhdsF4HueSIVbIGlEGnYImdq6 wbK4jjdJlsymoVaMYPOnP9xTWG6+Mg/BZ6Yv5fvudSll88DTKygfBV1OjBLaVuPn /cdHBWsakhsVr4oS2HbEbFe8AAmmCPRib5Korc/bvQgeVKUT/l8PKOJsu6DU33oM iiWP3PkMdjmBFyH+7wYp2zdaiKRdjvzBSCw+F49x1bms8+DtHf7lQI2++y2IZE5V kvBTOBlVfBSz5m+P2yV8SVj6iPCc0D2gKo36eYoosM58CGf9RbOXXvabAU1yq+lp tlvH118iMQRlYKmodX0GT6YZh5BkXG4vv66kXMbvw1FiZhzxmsKPy6od+/Fv9j3Q ZEB5uuLMaDlDowWDo1egHa9OhH/uIGnhZYWDrXWbIUD//+frXxTGQbE0esGOX5Ek L0GHHsakKHjUanU9luIUSPzXhrfTxP0Ctj1T2URIkR66rgaYL81wWGgr1A59EPqA niRYe1YeCmVvNFB3eN75tP/r+4nh6FAG3EbTue9aOxbJOAOoZacu+8TC2CI2s1kz D0XkOmBk64M=3H1R -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Feb 22, 2022
Red Hat
100
security advisorymoderatebuffer overrunSUSE Linux Enterprise 12-SP5: 2021:0891-1 Moderate: Data Server Issue
An update that solves two vulnerabilities and has one errata is now available. . SUSE Security Update: Security update for evolution-data-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0891-1 Rating: moderate References: #1173910 #1174712 #1182882 Cross-References: CVE-2020-14928 CVE-2020-16117 CVSS scores: CVE-2020-14928 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2020-14928 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2020-16117 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-16117 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for evolution-data-server fixes the following issues: - Fix buffer overrun when parsing base64 data (bsc#1182882). - CVE-2020-16117: Fix crash on malformed server response with minimal capabilities (bsc#1174712). - CVE-2020-14928: Response injection via STARTTLS in SMTP and POP3 (bsc#1173910). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2021-891=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-891=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): evolution-data-server-3.22.7-18.7.1 evolution-data-server-32bit-3.22.7-18.7.1 evolution-data-server-debuginfo-3.22.7-18.7.1 evolution-data-server-debuginfo-32bit-3.22.7-18.7.1 evolution-data-server-debugsource-3.22.7-18.7.1 libcamel-1_2-59-3.22.7-18.7.1 libcamel-1_2-59-32bit-3.22.7-18.7.1 libcamel-1_2-59-debuginfo-3.22.7-18.7.1 libcamel-1_2-59-debuginfo-32bit-3.22.7-18.7.1 libebackend-1_2-10-3.22.7-18.7.1 libebackend-1_2-10-32bit-3.22.7-18.7.1 libebackend-1_2-10-debuginfo-3.22.7-18.7.1 libebackend-1_2-10-debuginfo-32bit-3.22.7-18.7.1 libebook-1_2-16-3.22.7-18.7.1 libebook-1_2-16-32bit-3.22.7-18.7.1 libebook-1_2-16-debuginfo-3.22.7-18.7.1 libebook-1_2-16-debuginfo-32bit-3.22.7-18.7.1 libebook-contacts-1_2-2-3.22.7-18.7.1 libebook-contacts-1_2-2-32bit-3.22.7-18.7.1 libebook-contacts-1_2-2-debuginfo-3.22.7-18.7.1 libebook-contacts-1_2-2-debuginfo-32bit-3.22.7-18.7.1 libecal-1_2-19-3.22.7-18.7.1 libecal-1_2-19-32bit-3.22.7-18.7.1 libecal-1_2-19-debuginfo-3.22.7-18.7.1 libecal-1_2-19-debuginfo-32bit-3.22.7-18.7.1 libedata-book-1_2-25-3.22.7-18.7.1 libedata-book-1_2-25-32bit-3.22.7-18.7.1 libedata-book-1_2-25-debuginfo-3.22.7-18.7.1 libedata-book-1_2-25-debuginfo-32bit-3.22.7-18.7.1 libedata-cal-1_2-28-3.22.7-18.7.1 libedata-cal-1_2-28-32bit-3.22.7-18.7.1 libedata-cal-1_2-28-debuginfo-3.22.7-18.7.1 libedata-cal-1_2-28-debuginfo-32bit-3.22.7-18.7.1 libedataserver-1_2-22-3.22.7-18.7.1 libedataserver-1_2-22-32bit-3.22.7-18.7.1 libedataserver-1_2-22-debuginfo-3.22.7-18.7.1 libedataserver-1_2-22-debuginfo-32bit-3.22.7-18.7.1 libedataserverui-1_2-1-3.22.7-18.7.1 libedataserverui-1_2-1-debuginfo-3.22.7-18.7.1 - SUSE Linux Enterprise Workstation Extension 12-SP5 (noarch): evolution-data-server-lang-3.22.7-18.7.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): evolution-data-server-debuginfo-3.22.7-18.7.1 evolution-data-server-debugsource-3.22.7-18.7.1 evolution-data-server-devel-3.22.7-18.7.1 typelib-1_0-EBook-1_2-3.22.7-18.7.1 typelib-1_0-EBookContacts-1_2-3.22.7-18.7.1 typelib-1_0-EDataServer-1_2-3.22.7-18.7.1 References: https://www.suse.com/security/cve/CVE-2020-14928.html https://www.suse.com/security/cve/CVE-2020-16117.html https://bugzilla.suse.com/1173910 https://bugzilla.suse.com/1174712 https://bugzilla.suse.com/1182882 . SUSE Security Patch for xfce4-panel resolves two concerns of moderate severity along with required remediation strategies.. SUSE Security Patch,System Update,Data Server Fix. . LinuxSecurity.com Team
Mar 19, 2021
SuSE
89
security advisorymemory overflowout-of-bounds writeFedora 24: libXrender Memory Overflow Fix for Critical Issues
Security fix for CVE-2016-7949, CVE-2016-7950. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-8877cf648b 2016-10-09 02:26:44.529578 -------------------------------------------------------------------------------- Name : libXrender Product : Fedora 24 Version : 0.9.10 Release : 1.fc24 URL : https://www.x.org/wiki/ Summary : X.Org X11 libXrender runtime library Description : X.Org X11 libXrender runtime library -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-7949, CVE-2016-7950 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1381927 - CVE-2016-7949 libXrender: Insufficient validation of server responses results in overflow of previously reserved memory https://bugzilla.redhat.com/show_bug.cgi?id=1381927 [ 2 ] Bug #1381928 - CVE-2016-7950 libXrender: Insufficient validation of server responses results out-of-bounds write in XRenderQueryFilters https://bugzilla.redhat.com/show_bug.cgi?id=1381928 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update libXrender' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Oct 09, 2016
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!