Alerts This Week
Warning Icon 1 659
Alerts This Week
Warning Icon 1 659

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -4 articles for you...
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryFedorabug fix

CentOS 8 Stream: Fix for Vulnerability in php-pear-Auth – 2023-85b2f36h67

**Changes in version 1.6.0** Bug Fixes: * Introduce required service_name constructor argument to fix service hostname discovery exploitation vulnerability **CVE-2022-39369** (Henry Pan) * Set user agent [#421] (Fydon). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-37c2d26f59 2022-11-11 01:15:27.280920 --------------------------------------------------------------------------------Name : php-pear-CAS Product : Fedora 36 Version : 1.6.0 Release : 1.fc36 URL : https://apereo.atlassian.net/wiki/spaces/CASC/overview Summary : Central Authentication Service client library in php Description : This package is a PEAR library for using a Central Authentication Service. Autoloader: %{pear_phpdir}/CAS/Autoload.php --------------------------------------------------------------------------------Update Information: **Changes in version 1.6.0** Bug Fixes: * Introduce required service_name constructor argument to fix service hostname discovery exploitation vulnerability **CVE-2022-39369** (Henry Pan) * Set user agent [#421] (Fydon) --------------------------------------------------------------------------------ChangeLog: * Thu Nov 3 2022 Remi Collet - 1.6.0-1 - update to 1.6.0 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-37c2d26f59' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. Tounsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . This release delivers critical enhancements in the php-pear-Auth library, optimizing system configurations and bolstering security measures.. Fedora 36, php-pear-CAS, security update, bug fix, service enhancements. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Nov 10, 2022 Critical Fedora
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisoryupdatesecurity fix

openSUSE Leap 42.2: 2016:2985-1 Important: Java Security Enhancements

An update that solves 7 vulnerabilities and has one errata An update that solves 7 vulnerabilities and has one errata An update that solves 7 vulnerabilities and has one errata is now available. is now available.. openSUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:2985-1 Rating: important References: #1005522 #1005523 #1005524 #1005525 #1005526 #1005527 #1005528 #988651 Cross-References: CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5582 CVE-2016-5597 Affected Products: openSUSE Leap 42.2 openSUSE Leap 42.1 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has one errata is now available. Description: OpenJDK Java was updated to jdk8u111 (icedtea 3.2.0) to fix the following issues: * Security fixes + S8146490: Direct indirect CRL checks + S8151921: Improved page resolution + S8155968: Update command line options + S8155973, CVE-2016-5542: Tighten jar checks (bsc#1005522) + S8156794: Extend data sharing + S8157176: Improved classfile parsing + S8157739, CVE-2016-5554: Classloader Consistency Checking (bsc#1005523) + S8157749: Improve handling of DNS error replies + S8157753: Audio replay enhancement + S8157759: LCMS Transform Sampling Enhancement + S8157764: Better handling of interpolation plugins + S8158302: Handle contextual glyph substitutions + S8158993, CVE-2016-5568: Service Menu services (bsc#1005525) + S8159495: Fix index offsets + S8159503: Amend Annotation Actions + S8159511: Stack map validation + S8159515: Improve indy validation + S8159519, CVE-2016-5573: Reformat JDWP messages(bsc#1005526) + S8160090: Better signature handling in pack200 + S8160094: Improve pack200 layout + S8160098: Clean up color profiles + S8160591, CVE-2016-5582: Improve internal array handling (bsc#1005527) + S8160838, CVE-2016-5597: Better HTTP service (bsc#1005528) + PR3206, RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read() + CVE-2016-5556 (bsc#1005524) * New features + PR1370: Provide option to build without debugging + PR1375: Provide option to strip and link debugging info after build + PR1537: Handle alternative Kerberos credential cache locations + PR1978: Allow use of system PCSC + PR2445: Support system libsctp + PR3182: Support building without pre-compiled headers + PR3183: Support Fedora/RHEL system crypto policy + PR3221: Use pkgconfig to detect Kerberos CFLAGS and libraries * Import of OpenJDK 8 u102 build 14 + S4515292: ReferenceType.isStatic() returns true for arrays + S4858370: JDWP: Memory Leak: GlobalRefs never deleted when processing invokeMethod command + S6976636: JVM/TI test ex03t001 fails assertion + S7185591: jcmd-big-script.sh ERROR: could not find app's Java pid. + S8017462: G1: guarantee fails with UseDynamicNumberOfGCThreads + S8034168: ThreadMXBean/Locks.java failed, blocked on wrong object + S8036006: [TESTBUG] sun/tools/native2ascii/NativeErrors.java fails: Process exit code was 0, but error was expected. + S8041781: Need new regression tests for PBE keys + S8041787: Need new regressions tests for buffer handling for PBE algorithms + S8043836: Need new tests for AES cipher + S8044199: Tests for RSA keys and key specifications + S8044772: TempDirTest.java still times out with -Xcomp + S8046339: sun.rmi.transport.DGCAckHandler leaks memory + S8047031: Add SocketPermission tests for legacy socket types + S8048052:Permission tests for setFactory + S8048138: Tests for JAAS callbacks + S8048147: Privilege tests with JAAS Subject.doAs + S8048356: SecureRandom default provider tests + S8048357: PKCS basic tests + S8048360: Test signed jar files + S8048362: Tests for doPrivileged with accomplice + S8048596: Tests for AEAD ciphers + S8048599: Tests for key wrap and unwrap operations + S8048603: Additional tests for MAC algorithms + S8048604: Tests for strong crypto ciphers + S8048607: Test key generation of DES and DESEDE + S8048610: Implement regression test for bug fix of 4686632 in JCE + S8048617: Tests for PKCS12 read operations + S8048618: Tests for PKCS12 write operations. + S8048619: Implement tests for converting PKCS12 keystores + S8048624: Tests for SealedObject + S8048819: Implement reliability test for DH algorithm + S8048820: Implement tests for SecretKeyFactory + S8048830: Implement tests for new functionality provided in JEP 166 + S8049237: Need new tests for X509V3 certificates + S8049321: Support SHA256WithDSA in JSSE + S8049429: Tests for java client server communications with various TLS/SSL combinations. + S8049432: New tests for TLS property jdk.tls.client.protocols + S8049814: Additional SASL client-server tests + S8050281: New permission tests for JEP 140 + S8050370: Need new regressions tests for messageDigest with DigestIOStream + S8050371: More MessageDigest tests + S8050374: More Signature tests + S8050427: LoginContext tests to cover JDK-4703361 + S8050460: JAAS login/logout tests with LoginContext + S8050461: Tests for syntax checking of JAAS configuration file + S8054278: Refactor jps utility tests + S8055530: assert(_exits.control()-> is_top() || !_gvn.type(ret_phi)-> empty()) failed: return value must be well defined + S8055844:[TESTBUG] test/runtime/NMT/VirtualAllocCommitUncommitRecommit.java fails on Solaris Sparc due to incorrect page size being used + S8059677: Thread.getName() instantiates Strings + S8061464: A typo in CipherTestUtils test + S8062536: [TESTBUG] Conflicting GC combinations in jdk tests + S8065076: java/net/SocketPermission/SocketPermissionTest.java fails intermittently + S8065078: NetworkInterface.getNetworkInterfaces() triggers intermittent test failures + S8066871: java.lang.VerifyError: Bad local variable type - local final String + S8068427: Hashtable deserialization reconstitutes table with wrong capacity + S8069038: javax/net/ssl/TLS/TLSClientPropertyTest.java needs to be updated for JDK-8061210 + S8069253: javax/net/ssl/TLS/TestJSSE.java failed on Mac + S8071125: Improve exception messages in URLPermission + S8072081: Supplementary characters are rejected in comments + S8072463: Remove requirement that AKID and SKID have to match when building certificate chain + S8072725: Provide more granular levels for GC verification + S8073400: Some Monospaced logical fonts have a different width + S8073872: Schemagen fails with StackOverflowError if element references containing class + S8074931: Additional tests for CertPath API + S8075286: Additional tests for signature algorithm OIDs and transformation string + S8076486: [TESTBUG] javax/security/auth/Subject/doAs/NestedActions.java fails if extra VM options are given + S8076545: Text size is twice bigger under Windows L&F on Win 8.1 with HiDPI display + S8076995: gc/ergonomics/TestDynamicNumberOfGCThreads.java failed with java.lang.RuntimeException: 'new_active_workers' missing from stdout/stderr + S8079138: Additional negative tests for XML signature processing + S8081512: Removesun.invoke.anon classes, or move / co-locate them with tests + S8081771: ProcessTool.createJavaProcessBuilder() needs new addTestVmAndJavaOptions argument + S8129419: heapDumper.cpp: assert(length_in_bytes > 0) failed: nothing to copy + S8130150: Implement BigInteger.montgomeryMultiply intrinsic + S8130242: DataFlavorComparator transitivity exception + S8130304: Inference: NodeNotFoundException thrown with deep generic method call chain + S8130425: libjvm crash due to stack overflow in executables with 32k tbss/tdata + S8133023: ParallelGCThreads is not calculated correctly + S8134111: Unmarshaller unmarshalls XML element which doesn't have the expected namespace + S8135259: InetAddress.getAllByName only reports "unknown error" instead of actual cause + S8136506: Include sun.arch.data.model as a property that can be queried by jtreg + S8137068: Tests added in JDK-8048604 fail to compile + S8139040: Fix initializations before ShouldNotReachHere() etc. and enable -Wuninitialized on linux. + S8139581: AWT components are not drawn after removal and addition to a container + S8141243: Unexpected timezone returned after parsing a date + S8141420: Compiler runtime entries don't hold Klass* from being GCed + S8141445: Use of Solaris/SPARC M7 libadimalloc.so can generate unknown signal in hs_err file + S8141551: C2 can not handle returns with inccompatible interface arrays + S8143377: Test PKCS8Test.java fails + S8143647: Javac compiles method reference that allows results in an IllegalAccessError + S8144144: ORB destroy() leaks filedescriptors after unsuccessful connection + S8144593: Suppress not recognized property/feature warning messages from SAXParser + S8144957: Remove PICL warning message + S8145039: JAXB marshaller failswith ClassCastException on classes generated by xjc + S8145228: Java Access Bridge, getAccessibleStatesStringFromContext doesn't wrap the call to getAccessibleRole + S8145388: URLConnection.guessContentTypeFromStream returns image/jpg for some JPEG images + S8145974: XMLStreamWriter produces invalid XML for surrogate pairs on OutputStreamWriter + S8146035: Windows - With LCD antialiasing, some glyphs are not rendered correctly + S8146192: Add test for JDK-8049321 + S8146274: Thread spinning on WeakHashMap.getEntry() with concurrent use of nashorn + S8147468: Allow users to bound the size of buffers cached in the per-thread buffer caches + S8147645: get_ctrl_no_update() code is wrong + S8147807: crash in libkcms.so on linux-sparc + S8148379: jdk.nashorn.api.scripting spec. adjustments, clarifications + S8148627: RestrictTestMaxCachedBufferSize.java to 64-bit platforms + S8148820: Missing @since Javadoc tag in Logger.log(Level, Supplier) + S8148926: Call site profiling fails on braces-wrapped anonymous function + S8149017: Delayed provider selection broken in RSA client key exchange + S8149029: Secure validation of XML based digital signature always enabled when checking wrapping attacks + S8149330: Capacity of StringBuilder should not get close to Integer.MAX_VALUE unless necessary + S8149334: JSON.parse(JSON.stringify([])).push(10) creates an array containing two elements + S8149368: [hidpi] JLabel font is twice bigger than JTextArea font on Windows 7,HiDPI, Windows L&F + S8149411: PKCS12KeyStore cannot extract AES Secret Keys + S8149417: Use final restricted flag + S8149450: LdapCtx.processReturnCode() throwing Null Pointer Exception + S8149453: [hidpi] JFileChooser does not scale properly on Windows with HiDPI display and Windows L&F + S8149543: range check CastII nodes should not be split through Phi + S8149743: JVM crash after debugger hotswap with lambdas + S8149744: fix testng.jar delivery in Nashorn build.xml + S8149915: enabling validate-annotations feature for xsd schema with annotation causes NPE + S8150002: Check for the validity of oop before printing it in verify_remembered_set + S8150470: JCK: api/xsl/conf/copy/copy19 test failure + S8150518: G1 GC crashes at G1CollectedHeap::do_collection_pause_at_safepoint(double) + S8150533: Test java/util/logging/LogManagerAppContextDeadlock.java times out intermittently. + S8150704: XALAN: ERROR: 'No more DTM IDs are available' when transforming with lots of temporary result trees + S8150780: Repeated offer and remove on ConcurrentLinkedQueue lead to an OutOfMemoryError + S8151064: com/sun/jdi/RedefineAddPrivateMethod.sh fails intermittently + S8151197: [TEST_BUG] Need to backport fix for test/javax/net/ssl/TLS/TestJSSE.java + S8151352: jdk/test/sample fails with "effective library path is outside the test suite" + S8151431: DateFormatSymbols triggers this.clone() in the constructor + S8151535: TESTBUG: java/lang/invoke/AccessControlTest.java should be modified to run with JTREG 4.1 b13 + S8151731: Add new jtreg keywords to jdk 8 + S8151998: VS2010 ThemeReader.cpp(758) : error C3861: 'round': identifier not found + S8152927: Incorrect GPL header in StubFactoryDynamicBase.java reported + S8153252: SA: Hotspot build on Windows fails if make/closed folder does not exist + S8153531: Improve exception messaging for RSAClientKeyExchange + S8153641: assert(thread_state == _thread_in_native) failed: Assumed thread_in_native while heap dump + S8153673: [BACKOUT] JDWP: Memory Leak: GlobalRefs never deleted when processing invokeMethod command + S8154304: NullpointerException at LdapReferralException.getReferralContext + S8154722: Test gc/ergonomics/TestDynamicNumberOfGCThreads.java fails + S8157078: 8u102 L10n resource file updates + S8157838: Personalized Windows Font Size is not taken into account in Java8u102 * Import of OpenJDK 8 u111 build 14 + S6882559: new JEditorPane("text/plain","") fails for null context class loader + S8049171: Additional tests for jarsigner's warnings + S8063086: Math.pow yields different results upon repeated calls + S8140530: Creating a VolatileImage with size 0,0 results in no longer working g2d.drawString + S8142926: OutputAnalyzer's shouldXXX() calls return this + S8147077: IllegalArgumentException thrown by api/java_awt/Component/FlipBufferStrategy/indexTGF_General + S8148127: IllegalArgumentException thrown by JCK test api/java_awt/Component/FlipBufferStrategy/indexTGF_General in opengl pipeline + S8150611: Security problem on sun.misc.resources.Messages* + S8153399: Constrain AppCDS behavior (back port) + S8157653: [Parfait] Uninitialised variable in awt_Font.cpp + S8158734: JEditorPane.createEditorKitForContentType throws NPE after 6882559 + S8158994: Service Menu services + S8159684: (tz) Support tzdata2016f + S8160904: Typo in code from 8079718 fix : enableCustomValueHanlde + S8160934: isnan() is not available on older MSVC compilers + S8161141: correct bugId for JDK-8158994 fix push + S8162411: Service Menu services 2 + S8162419: closed/com/oracle/jfr/runtime/TestVMInfoEvent.sh failing after JDK-8155968 + S8162511: 8u111 L10n resource file updates + S8162792: Remove constraint DSA keySize < 1024 from jdk.jar.disabledAlgorithms in jdk8 + S8164452: 8u111 L10n resource file update - msgdrop 20 + S8165816:jarsigner -verify shows jar unsigned if it was signed with a weak algorithm + S8166381: Back out changes to the java.security file to not disable MD5 * Backports + S8078628, PR3208: Zero build fails with pre-compiled headers disabled + S8141491, PR3159, G592292: Unaligned memory access in Bits.c + S8157306, PR3121: Random infrequent null pointer exceptions in javac (enabled on AArch64 only) + S8162384, PR3122: Performance regression: bimorphic inlining may be bypassed by type speculation * Bug fixes + PR3123: Some object files built without -fPIC on x86 only + PR3126: pax-mark-vm script calls "exit -1" which is invalid in dash + PR3127, G590348: Only apply PaX markings by default on running PaX kernels + PR3199: Invalid nashorn URL + PR3201: Update infinality configure test + PR3218: PR3159 leads to build failure on clean tree * AArch64 port + S8131779, PR3220: AARCH64: add Montgomery multiply intrinsic + S8167200, PR3220: AArch64: Broken stack pointer adjustment in interpreter + S8167421, PR3220: AArch64: in one core system, fatal error: Illegal threadstate encountered + S8167595, PR3220: AArch64: SEGV in stub code cipherBlockChaining_decryptAESCrypt + S8168888, PR3220: Port 8160591: Improve internal array handling to AArch64. * Shenandoah + PR3224: Shenandoah broken when building without pre-compiled headers - Build against system kerberos - Build against system pcsc and sctp - S8158260, PR2991, RH1341258: PPC64: unaligned Unsafe.getInt can lead to the generation of illegal instructions (bsc#988651) This update was imported from the SUSE:SLE-12-SP1:Update update project. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patchopenSUSE-2016-1380=1 - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-1380=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (i586 x86_64): java-1_8_0-openjdk-1.8.0.111-3.1 java-1_8_0-openjdk-accessibility-1.8.0.111-3.1 java-1_8_0-openjdk-debuginfo-1.8.0.111-3.1 java-1_8_0-openjdk-debugsource-1.8.0.111-3.1 java-1_8_0-openjdk-demo-1.8.0.111-3.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.111-3.1 java-1_8_0-openjdk-devel-1.8.0.111-3.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.111-3.1 java-1_8_0-openjdk-headless-1.8.0.111-3.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.111-3.1 java-1_8_0-openjdk-src-1.8.0.111-3.1 - openSUSE Leap 42.2 (noarch): java-1_8_0-openjdk-javadoc-1.8.0.111-3.1 - openSUSE Leap 42.1 (i586 x86_64): java-1_8_0-openjdk-1.8.0.111-18.1 java-1_8_0-openjdk-accessibility-1.8.0.111-18.1 java-1_8_0-openjdk-debuginfo-1.8.0.111-18.1 java-1_8_0-openjdk-debugsource-1.8.0.111-18.1 java-1_8_0-openjdk-demo-1.8.0.111-18.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.111-18.1 java-1_8_0-openjdk-devel-1.8.0.111-18.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.111-18.1 java-1_8_0-openjdk-headless-1.8.0.111-18.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.111-18.1 java-1_8_0-openjdk-src-1.8.0.111-18.1 - openSUSE Leap 42.1 (noarch): java-1_8_0-openjdk-javadoc-1.8.0.111-18.1 References: https://www.suse.com/security/cve/CVE-2016-5542.html https://www.suse.com/security/cve/CVE-2016-5554.html https://www.suse.com/security/cve/CVE-2016-5556.html https://www.suse.com/security/cve/CVE-2016-5568.html https://www.suse.com/security/cve/CVE-2016-5573.html https://www.suse.com/security/cve/CVE-2016-5582.html https://www.suse.com/security/cve/CVE-2016-5597.html https://bugzilla.suse.com/1005522 https://bugzilla.suse.com/1005523 https://bugzilla.suse.com/1005524 https://bugzilla.suse.com/1005525 https://bugzilla.suse.com/1005526 https://bugzilla.suse.com/1005527 https://bugzilla.suse.com/1005528 https://bugzilla.suse.com/988651 . Address various problems pertaining to java-1_8_0-openjdk in openSUSE. The update brings crucial updates aimed at improving security protocols.. openSUSE Java update, security fixes, program enhancements, system updates. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Dec 02, 2016 Important OpenSUSE
Banner 3 1028x280 1708121785 1771599793
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorysecurity issueRed Hat

Red Hat Enterprise Linux 5: RHSA-2012-0310-03 Low: NFS-Utils Security Fix

An updated nfs-utils package that fixes one security issue, various bugs, and adds one enhancement is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Low: nfs-utils security, bug fix, and enhancement update Advisory ID: RHSA-2012:0310-03 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2012:0310.html Issue date: 2012-02-21 CVE Names: CVE-2011-1749 ==================================================================== 1. Summary: An updated nfs-utils package that fixes one security issue, various bugs, and adds one enhancement is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The nfs-utils package provides a daemon for the kernel Network File System (NFS) server, and related tools such as the mount.nfs, umount.nfs, and showmount programs. It was found that the mount.nfs tool did not handle certain errorscorrectly when updating the mtab (mounted file systems table) file. A local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1749) This update also fixes the following bugs: * The nfs service failed to start if the NFSv1, NFSv2, and NFSv4 support was disabled (the MOUNTD_NFS_V1="no", MOUNTD_NFS_V2="no" MOUNTD_NFS_V3="no" lines in /etc/sysconfig/nfs were uncommented) because themountd daemon failed to handle the settings correctly. With this update, the underlying code has been modified and the nfs service starts successfully in the described scenario. (BZ#529588) * When a user's Kerberos ticket expired, the "sh rpc.gssd" messages flooded the /var/log/messages file. With this update, the excessive logging has been suppressed. (BZ#593097) * The crash simulation (SM_SIMU_CRASH) of the rpc.statd service had a vulnerability that could be detected by ISS (Internet Security Scanner). As a result, the rpc.statd service terminated unexpectedly with the following error after an ISS scan: rpc.statd[xxxx]: recv_rply: can't decode RPC message! rpc.statd[xxxx]: *** SIMULATING CRASH! *** rpc.statd[xxxx]: unable to register (statd, 1, udp). However, the rpc.statd service ignored SM_SIMU_CRASH. This update removes the simulation crash support from the service and the problem no longer occurs. (BZ#600497) * The nfs-utils init scripts returned incorrect status codes in the following cases: if the rpcgssd and rpcsvcgssd daemon were not configured, were provided an unknown argument, their function call failed, if a program was no longer running and a /var/lock/subsys/$SERVICE file existed, if starting a service under an unprivileged user, if a program was no longer running and its pid file still existed in the /var/run/ directory. With this update, the correct codes are returned in these scenarios. (BZ#710020) * The "nfsstat -m" command did not display NFSv4 mounts. With this update, the underlying code has been modified and the command returns the list of all mounts, including any NFSv4 mounts, as expected. (BZ#712438) * Previously, the nfs manual pages described the fsc mount option; however, this option is not supported. This update removes the option description from the manual pages. (BZ#715523) * The nfs-utils preinstall scriptlet failed to change the default group ID for the nfsnobody user to 65534. This update modifies the preinstall scriptlet and the default group ID is changed to65534 after nfs-utils upgrade as expected. (BZ#729603) * The mount.nfs command with the "-o retry" option did not try to mount for the time specified in the "retry=X" configuration option. This occurred due to incorrect error handling by the command. With this update, the underlying code has been fixed and the "-o retry" option works as expected. (BZ#736677) In addition, this update adds the following enhancement: * The noresvport option, which allows NFS clients to use insecure ports (ports above 1023), has been added to the NFS server configuration options. (BZ#513094) All nfs-utils users are advised to upgrade to this updated package, which resolves these issues and adds this enhancement. After installing this update, the nfs service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 697975 - CVE-2011-1749 nfs-utils: mount.nfs fails to anticipate RLIMIT_FSIZE 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: nfs-utils-1.0.9-60.el5.i386.rpm nfs-utils-debuginfo-1.0.9-60.el5.i386.rpm x86_64: nfs-utils-1.0.9-60.el5.x86_64.rpm nfs-utils-debuginfo-1.0.9-60.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: i386: nfs-utils-1.0.9-60.el5.i386.rpm nfs-utils-debuginfo-1.0.9-60.el5.i386.rpm ia64: nfs-utils-1.0.9-60.el5.ia64.rpm nfs-utils-debuginfo-1.0.9-60.el5.ia64.rpm ppc: nfs-utils-1.0.9-60.el5.ppc.rpm nfs-utils-debuginfo-1.0.9-60.el5.ppc.rpm s390x: nfs-utils-1.0.9-60.el5.s390x.rpm nfs-utils-debuginfo-1.0.9-60.el5.s390x.rpm x86_64: nfs-utils-1.0.9-60.el5.x86_64.rpm nfs-utils-debuginfo-1.0.9-60.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are availablefrom https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2011-1749 https://access.redhat.com/security/updates/classification#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPQyHPXlSAg2UNWIIRAkHTAJ0TMbKUs7q0R5vktgiWH0ZhQmxQswCffSLG PuhOJmFB1aWWZWFpYgOApek=LR3n -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . A refreshed nfs-utils package for CentOS addresses a minor security vulnerability along with various bug fixes and improvements.. nfs-utils Update, Red Hat Security, Low Impact Fix. . Severity: Low. LinuxSecurity.com Team

Calendar 2 Feb 21, 2012 Low Red Hat
200
Ls Advisories Scientific Esm H240
Price Tag 1security advisoryaccess controlupdate recommendation

Scientific Linux: 10-20-17 Low SELinux Policy Updates for SL6.x

Low: selinux-policy enhancement update. Date: Tue, 14 Feb 2012 10:20:17 -0600 Reply-To: Pat Riehecky Sender: Security Errata for Scientific Linux From: Pat Riehecky Organization: Fermilab Subject: Security ERRATA Low: selinux-policy on SL6.x i386/x86_64 MIME-Version: 1.0 Synopsis: Low: selinux-policy enhancement update Issue date: 2012-02-13 The selinux-policy packages contain the rules that govern how confined processes run on the system. This update fixes the following bug: * An incorrect SELinux policy prevented the qpidd service from starting. These selinux-policy packages contain updated SELinux rules, which allow the qpidd service to be started correctly. * With SELinux in enforcing mode, the ssh-keygen utility was prevented from access to various applications and thus could not be used to generate SSH keys for these programs. With this update, the "ssh_keygen_t" SELinux domain type has been implemented as unconfined, which ensures the ssh-keygen utility to work correctly. All users of selinux-policy are advised to upgrade to these updated packages, which fix these bugs. SL6.x SRPMS: selinux-policy-3.7.19-126.el6_2.6.src.rpm i386: selinux-policy-3.7.19-126.el6_2.6.noarch.rpm selinux-policy-doc-3.7.19-126.el6_2.6.noarch.rpm selinux-policy-minimum-3.7.19-126.el6_2.6.noarch.rpm selinux-policy-mls-3.7.19-126.el6_2.6.noarch.rpm selinux-policy-targeted-3.7.19-126.el6_2.6.noarch.rpm x86_64: selinux-policy-3.7.19-126.el6_2.6.noarch.rpm selinux-policy-doc-3.7.19-126.el6_2.6.noarch.rpm selinux-policy-minimum-3.7.19-126.el6_2.6.noarch.rpm selinux-policy-mls-3.7.19-126.el6_2.6.noarch.rpm selinux-policy-targeted-3.7.19-126.el6_2.6.noarch.rpm . The recent SELinux policy modification addresses service initiation problems and enhances SSH key creation within Scientific Linux operating systems.. scientific linux selinux enhancement, selinux policy update, security patch. . Severity: Low. LinuxSecurity.com Team

Calendar 2 Feb 14, 2012 Low Scientific Linux
Banner 3 1028x280 1708121785 1771599793
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorymoderatesecurity issue

RHEL 6: RHSA-2011:0600-01 Moderate: Dovecot IMAP Security Issues

Updated dovecot packages that fix two security issues and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Moderate: dovecot security and enhancement update Advisory ID: RHSA-2011:0600-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2011:0600.html Issue date: 2011-05-19 CVE Names: CVE-2010-3707 CVE-2010-3780 ==================================================================== 1. Summary: Updated dovecot packages that fix two security issues and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Dovecot is an IMAP server for Linux, UNIX, and similar operating systems, primarily written with security in mind. A flaw was found in the way Dovecot handled SIGCHLD signals. If a large amount of IMAP or POP3 session disconnects caused the Dovecot master process to receive these signals rapidly, it could cause the master process to crash. (CVE-2010-3780) A flaw was found in the way Dovecot processed multiple Access Control Lists (ACL) defined for a mailbox. In some cases, Dovecot could fail to apply the more specific ACL entry, possibly resulting in more access being granted to the user thanintended. (CVE-2010-3707) This update also adds the following enhancement: * This erratum upgrades Dovecot to upstream version 2.0.9, providing multiple fixes for the "dsync" utility and improving overall performance. Refer to the "/usr/share/doc/dovecot-2.0.9/ChangeLog" file after installing this update for further information about the changes. (BZ#637056) Users of dovecot are advised to upgrade to these updated packages, which resolve these issues and add this enhancement. After installing the updated packages, the dovecot service will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 637056 - rebase dovecot to 2.0 final 640410 - CVE-2010-3707 Dovecot: Failed to properly update ACL cache, when multiple rules defined rights for one subject 641276 - CVE-2010-3780 Dovecot: Busy master process, receiving a lot of SIGCHLD signals rapidly while logging, could die 6. Package List: Red Hat Enterprise Linux Server (v.6): Source: i386: dovecot-2.0.9-2.el6.i686.rpm dovecot-debuginfo-2.0.9-2.el6.i686.rpm dovecot-mysql-2.0.9-2.el6.i686.rpm dovecot-pgsql-2.0.9-2.el6.i686.rpm dovecot-pigeonhole-2.0.9-2.el6.i686.rpm ppc64: dovecot-2.0.9-2.el6.ppc.rpm dovecot-2.0.9-2.el6.ppc64.rpm dovecot-debuginfo-2.0.9-2.el6.ppc.rpm dovecot-debuginfo-2.0.9-2.el6.ppc64.rpm dovecot-mysql-2.0.9-2.el6.ppc64.rpm dovecot-pgsql-2.0.9-2.el6.ppc64.rpm dovecot-pigeonhole-2.0.9-2.el6.ppc64.rpm s390x: dovecot-2.0.9-2.el6.s390.rpm dovecot-2.0.9-2.el6.s390x.rpm dovecot-debuginfo-2.0.9-2.el6.s390.rpm dovecot-debuginfo-2.0.9-2.el6.s390x.rpm dovecot-mysql-2.0.9-2.el6.s390x.rpm dovecot-pgsql-2.0.9-2.el6.s390x.rpm dovecot-pigeonhole-2.0.9-2.el6.s390x.rpm x86_64: dovecot-2.0.9-2.el6.i686.rpm dovecot-2.0.9-2.el6.x86_64.rpm dovecot-debuginfo-2.0.9-2.el6.i686.rpm dovecot-debuginfo-2.0.9-2.el6.x86_64.rpm dovecot-mysql-2.0.9-2.el6.x86_64.rpm dovecot-pgsql-2.0.9-2.el6.x86_64.rpm dovecot-pigeonhole-2.0.9-2.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: i386: dovecot-debuginfo-2.0.9-2.el6.i686.rpm dovecot-devel-2.0.9-2.el6.i686.rpm ppc64: dovecot-debuginfo-2.0.9-2.el6.ppc64.rpm dovecot-devel-2.0.9-2.el6.ppc64.rpm s390x: dovecot-debuginfo-2.0.9-2.el6.s390x.rpm dovecot-devel-2.0.9-2.el6.s390x.rpm x86_64: dovecot-debuginfo-2.0.9-2.el6.x86_64.rpm dovecot-devel-2.0.9-2.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: i386: dovecot-2.0.9-2.el6.i686.rpm dovecot-debuginfo-2.0.9-2.el6.i686.rpm dovecot-mysql-2.0.9-2.el6.i686.rpm dovecot-pgsql-2.0.9-2.el6.i686.rpm dovecot-pigeonhole-2.0.9-2.el6.i686.rpm x86_64: dovecot-2.0.9-2.el6.i686.rpm dovecot-2.0.9-2.el6.x86_64.rpm dovecot-debuginfo-2.0.9-2.el6.i686.rpm dovecot-debuginfo-2.0.9-2.el6.x86_64.rpm dovecot-mysql-2.0.9-2.el6.x86_64.rpm dovecot-pgsql-2.0.9-2.el6.x86_64.rpm dovecot-pigeonhole-2.0.9-2.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v.6): Source: i386: dovecot-debuginfo-2.0.9-2.el6.i686.rpm dovecot-devel-2.0.9-2.el6.i686.rpm x86_64: dovecot-debuginfo-2.0.9-2.el6.x86_64.rpm dovecot-devel-2.0.9-2.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2010-3707 https://access.redhat.com/security/cve/CVE-2010-3780 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2011 Red Hat, Inc. . Cautious IBM notice for dovecot targeting vulnerabilities and improvements for Red Hat Enterprise Linux 7.. Dovecot Update, Red Hat IMAP Security, Linux Enhancements. . LinuxSecurity.com Team

Calendar 2 May 19, 2011 Red Hat
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here