Alerts This Week
Warning Icon 1 664
Alerts This Week
Warning Icon 1 664

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -3 articles for you...
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorymoderatesecurity update

Red Hat JBoss EAP 7.3.6 Security Update: RHSA-2021:0872-01 Moderate

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Enterprise Application Platform 7.3.6 security update Advisory ID: RHSA-2021:0872-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2021:0872 Issue date: 2021-03-16 CVE Names: CVE-2020-8908 CVE-2020-10687 CVE-2020-28052 CVE-2020-35510 CVE-2021-20220 CVE-2021-20250 ==================================================================== 1. Summary: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.3 for RHEL 6 Server - noarch 3. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.5, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.6 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJBclient (CVE-2020-35510) * bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible (CVE-2020-28052) * wildfly-undertow: undertow: Possible regression in fix for CVE-2020-10687 (CVE-2021-20220) * jboss-ejb-client: wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client (CVE-2021-20250) * guava: local information disclosure via temporary directory created with unsafe permissions (CVE-2020-8908) 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1905796 - CVE-2020-35510 jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client 1906919 - CVE-2020-8908 guava: local information disclosure via temporary directory created with unsafe permissions 1912881 - CVE-2020-28052 bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible 1923133 - CVE-2021-20220 undertow: Possible regression in fix for CVE-2020-10687 1929479 - CVE-2021-20250 wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client 6. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): JBEAP-20336 - (7.3.z) Upgrade Bouncy Castle from 1.65.0.redhat-00001 to 1.68.0.redhat-00001 JBEAP-20628 - [GSS] (7.3.z) Upgrade undertow from 2.0.33.SP2-redhat-00001 to 2.0.34.SP1-redhat-00001 JBEAP-20672 - [GSS](7.3.z) Upgrade Artemis from 2.9.0.redhat-00017 to 2.9.0.redhat-00019 JBEAP-20694 - (7.3.z) Upgrade WildFly Galleon Plugins from 4.2.8.Final to 4.2.10.Final JBEAP-20695 - (7.3.z) (WF-Core) Upgrade WildFly Galleon Plugins from 4.2.8.Final to 4.2.10.Final JBEAP-20715 - Tracker bug for the EAP 7.3.6 release for RHEL-6 JBEAP-20762 - [GSS](7.3.z) Upgrade jboss-ejb-client from 4.0.37.Final-redhat-00001 to 4.0.39.SP1-redhat-00001 JBEAP-20791 - (7.3.z) Upgrade WildFly Elytron from1.10.10.Final-redhat-00001 to 1.10.11.Final-redhat-00001 JBEAP-20795 - [GSS](7.3.z) Upgrade HAL from 3.2.12.Final-redhat-00001 to 3.2.13.Final-redhat-00001 JBEAP-20802 - (7.3.z) Upgrade Narayana from 5.9.10.Final-redhat-00001 to 5.9.11.Final-redhat-00001 JBEAP-20805 - (7.3.z) Upgrade guava from 25.0.redhat-1 to 30.1.0.redhat-00001 JBEAP-20815 - [GSS](7.3.z) Upgrade JBoss Remoting from 5.0.20.Final-redhat-00001 to 5.0.20.SP1-redhat-00001 JBEAP-20816 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.24.Final-redhat-00001 to 1.0.25.Final-redhat-00001 JBEAP-20883 - [GSS](7.3.z) Upgrade wildfly-naming-client from 1.0.13.Final-redhat-00001 to 1.0.14.Final-redhat-00001 JBEAP-20887 - (7.3.z) Upgrade IronJacamar from 1.4.22.Final-redhat-00001 to 1.4.27.Final-redhat-00001 JBEAP-20908 - (7.3.z)(wf-core) Upgrade guava from 20.0 to 30.1.0.redhat-00001 JBEAP-20918 - (7.3.z) Upgrade jboss-logmanager from 2.1.17.Final-redhat-00001 to 2.1.18.Final-redhat-00001 JBEAP-20941 - (7.3.z)(wf-core) Upgrade Bouncy Castle from 1.65 to 1.68 7. Package List: Red Hat JBoss EAP 7.3 for RHEL 6Server: Source: eap7-activemq-artemis-2.9.0-9.redhat_00019.1.el6eap.src.rpm eap7-bouncycastle-1.68.0-1.redhat_00001.1.el6eap.src.rpm eap7-guava-failureaccess-1.0.1-1.redhat_00002.1.el6eap.src.rpm eap7-guava-libraries-30.1.0-1.redhat_00001.1.el6eap.src.rpm eap7-hal-console-3.2.13-1.Final_redhat_00001.1.el6eap.src.rpm eap7-ironjacamar-1.4.27-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-ejb-client-4.0.39-1.SP1_redhat_00001.1.el6eap.src.rpm eap7-jboss-logmanager-2.1.18-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-remoting-5.0.20-2.SP1_redhat_00001.1.el6eap.src.rpm eap7-jboss-server-migration-1.7.2-5.Final_redhat_00006.1.el6eap.src.rpm eap7-narayana-5.9.11-1.Final_redhat_00001.1.el6eap.src.rpm eap7-undertow-2.0.34-1.SP1_redhat_00001.1.el6eap.src.rpm eap7-wildfly-7.3.6-1.GA_redhat_00002.1.el6eap.src.rpm eap7-wildfly-elytron-1.10.11-1.Final_redhat_00001.1.el6eap.src.rpm eap7-wildfly-http-client-1.0.25-1.Final_redhat_00001.1.el6eap.src.rpm eap7-wildfly-naming-client-1.0.14-1.Final_redhat_00001.1.el6eap.src.rpm noarch: eap7-activemq-artemis-2.9.0-9.redhat_00019.1.el6eap.noarch.rpm eap7-activemq-artemis-cli-2.9.0-9.redhat_00019.1.el6eap.noarch.rpm eap7-activemq-artemis-commons-2.9.0-9.redhat_00019.1.el6eap.noarch.rpm eap7-activemq-artemis-core-client-2.9.0-9.redhat_00019.1.el6eap.noarch.rpm eap7-activemq-artemis-dto-2.9.0-9.redhat_00019.1.el6eap.noarch.rpm eap7-activemq-artemis-hornetq-protocol-2.9.0-9.redhat_00019.1.el6eap.noarch.rpm eap7-activemq-artemis-hqclient-protocol-2.9.0-9.redhat_00019.1.el6eap.noarch.rpm eap7-activemq-artemis-jdbc-store-2.9.0-9.redhat_00019.1.el6eap.noarch.rpm eap7-activemq-artemis-jms-client-2.9.0-9.redhat_00019.1.el6eap.noarch.rpm eap7-activemq-artemis-jms-server-2.9.0-9.redhat_00019.1.el6eap.noarch.rpm eap7-activemq-artemis-journal-2.9.0-9.redhat_00019.1.el6eap.noarch.rpm eap7-activemq-artemis-ra-2.9.0-9.redhat_00019.1.el6eap.noarch.rpm eap7-activemq-artemis-selector-2.9.0-9.redhat_00019.1.el6eap.noarch.rpm eap7-activemq-artemis-server-2.9.0-9.redhat_00019.1.el6eap.noarch.rpm eap7-activemq-artemis-service-extensions-2.9.0-9.redhat_00019.1.el6eap.noarch.rpm eap7-activemq-artemis-tools-2.9.0-9.redhat_00019.1.el6eap.noarch.rpm eap7-bouncycastle-1.68.0-1.redhat_00001.1.el6eap.noarch.rpm eap7-bouncycastle-mail-1.68.0-1.redhat_00001.1.el6eap.noarch.rpm eap7-bouncycastle-pkix-1.68.0-1.redhat_00001.1.el6eap.noarch.rpm eap7-bouncycastle-prov-1.68.0-1.redhat_00001.1.el6eap.noarch.rpm eap7-guava-30.1.0-1.redhat_00001.1.el6eap.noarch.rpm eap7-guava-failureaccess-1.0.1-1.redhat_00002.1.el6eap.noarch.rpm eap7-guava-libraries-30.1.0-1.redhat_00001.1.el6eap.noarch.rpm eap7-hal-console-3.2.13-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-1.4.27-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-common-api-1.4.27-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-common-impl-1.4.27-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-common-spi-1.4.27-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-core-api-1.4.27-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-core-impl-1.4.27-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-deployers-common-1.4.27-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-jdbc-1.4.27-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-validator-1.4.27-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-ejb-client-4.0.39-1.SP1_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-logmanager-2.1.18-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-remoting-5.0.20-2.SP1_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-server-migration-1.7.2-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-cli-1.7.2-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-core-1.7.2-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap6.4-1.7.2-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.2-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.0-1.7.2-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.1-1.7.2-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.2-1.7.2-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.2-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.3-server-1.7.2-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.7.2-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.7.2-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-1.7.2-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-1.7.2-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly13.0-server-1.7.2-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly14.0-server-1.7.2-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly15.0-server-1.7.2-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly16.0-server-1.7.2-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly17.0-server-1.7.2-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly18.0-server-1.7.2-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.7.2-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.7.2-5.Final_redhat_00006.1.el6eap.noarch.rpm eap7-narayana-5.9.11-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-compensations-5.9.11-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-jbosstxbridge-5.9.11-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-jbossxts-5.9.11-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-jts-idlj-5.9.11-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-jts-integration-5.9.11-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-restat-api-5.9.11-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-restat-bridge-5.9.11-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-restat-integration-5.9.11-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-restat-util-5.9.11-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-narayana-txframework-5.9.11-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-undertow-2.0.34-1.SP1_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-7.3.6-1.GA_redhat_00002.1.el6eap.noarch.rpm eap7-wildfly-elytron-1.10.11-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-elytron-tool-1.10.11-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-client-common-1.0.25-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-ejb-client-1.0.25-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-naming-client-1.0.25-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-transaction-client-1.0.25-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-javadocs-7.3.6-1.GA_redhat_00002.1.el6eap.noarch.rpm eap7-wildfly-modules-7.3.6-1.GA_redhat_00002.1.el6eap.noarch.rpm eap7-wildfly-naming-client-1.0.14-1.Final_redhat_00001.1.el6eap.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 8. References: https://access.redhat.com/security/cve/CVE-2020-8908 https://access.redhat.com/security/cve/CVE-2020-10687 https://access.redhat.com/security/cve/CVE-2020-28052 https://access.redhat.com/security/cve/CVE-2020-35510 https://access.redhat.com/security/cve/CVE-2021-20220 https://access.redhat.com/security/cve/CVE-2021-20250 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3 https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/index 9. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYFC6DdzjgjWX9erEAQinwA//QQioMLdx/TEKxOQZTvYT8u6B9lAP8WWc J4N8LNGdcFToicJ+6+HrSASoTO2cAP+smsoum2EthY+9pQQZnKbkYzZVIxHkb5Ob sAbBli3aYUNe1PWjjOXtPtcfZq06obphJf6k0uy6Xj6+hRN+Rhg+j92Aq6drEIEr 1C2AbrZ5WZtMWbwWk/cKpLyntjETGE/2Ulh7UBzmlfPZwpS9+AsthwbPKfk3sgOl IVu70V/fSYtsJ+hBJF62fliC1DRFVZmdtHk5mCcy/6GLKx6gu7KfRuKcn/+r8jG5 pmMxOno2nNQI1kbTD7K1Z7yFWx1H2/mc1LNXlFzu+raT6sNpzHCS63OpwVrsjyzr wRdqno2gEXWaqipkfD7X0v7/n7T9sKRTD8hTCYb4ACVtiT7BSEvjRPjjInkRhuLs t2/JYFD33pECUL3+Kpra+golkGW+cCfZk0xP7Mq3GiOK9ve/kEQoyM9UpyUpZ/Pt onKGc/xQD2hwBMwITU68oHnkZSwb4aGQA/gpkYED5t2oiqWsN8mIdRrkerEet8/K K8A0e0ycQFRZPVfHJy1adGvZhYCmnQBAuhNu+2UZjXoeZgQ6TB/nOKDNXtbGxy4b p0abGao+HJ7iCm5NQgqW2TULyqsWYiDRGNjYbOi+HTGn9lTF/LmhI64bnaTBIUnL F8BNkuUT5+0=fyBq -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://listman.redhat.com/mailman/listinfo/rhsa-announce . Important patch release for Red Hat JBoss EAP 7.3.6 aimed at resolving various security vulnerabilities within the RHEL 6 framework.. Red Hat JBoss EAP, Java Application Security, Moderate Severity Update. . LinuxSecurity.com Team

Calendar 2 Mar 16, 2021 Red Hat
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisorydenial of serviceubuntu

Ubuntu 14.04 LTS: 3843-1 Critical: Pixman Denial of Service

pixman could be made to crash or run programs if it processed specially crafted instructions.. =========================================================================Ubuntu Security Notice USN-3843-1 December 11, 2018 pixman vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS Summary: pixman could be made to crash or run programs if it processed specially crafted instructions. Software Description: - pixman: pixel-manipulation library for X and cairo Details: It was discovered that pixman incorrectly handled the general_composite_rect function. A remote attacker could use this issue to cause pixman to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: libpixman-1-0 0.30.2-2ubuntu1.2 After a standard system update you need to restart your session to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-3843-1 CVE-2015-5297 Package Information: https://launchpad.net/ubuntu/+source/pixman/0.30.2-2ubuntu1.2 . Ubuntu 14.04 LTS has a critical pixman library vulnerability allowing code execution by non-privileged users. Update your system now to mitigate risks. Pixman Issue, Ubuntu 14.04 Advisory, Security Notice. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Dec 11, 2018 Critical Ubuntu
Banner 2 1028x280 1708121730 1 1771599631
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorymoderatedenial of service

Fedora 22: 2015-15589 Moderate: jakarta-commons-httpclient DDoS Risk

This update fixes CVE-2015-5262 denial of service security vulnerability by respectinc configured SO_TIMEOUT parameter during SSL handshake.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-15589 2015-10-01 15:59:58.767242 -------------------------------------------------------------------------------- Name : jakarta-commons-httpclient Product : Fedora 22 Version : 3.1 Release : 23.fc22 URL : https://hc.apache.org/httpclient-legacy/ Summary : Jakarta Commons HTTPClient implements the client side of HTTP standards Description : The Hyper-Text Transfer Protocol (HTTP) is perhaps the most significant protocol used on the Internet today. Web services, network-enabled appliances and the growth of network computing continue to expand the role of the HTTP protocol beyond user-driven web browsers, and increase the number of applications that may require HTTP support. Although the java.net package provides basic support for accessing resources via HTTP, it doesn't provide the full flexibility or functionality needed by many applications. The Jakarta Commons HTTP Client component seeks to fill this void by providing an efficient, up-to-date, and feature-rich package implementing the client side of the most recent HTTP standards and recommendations. Designed for extension while providing robust support for the base HTTP protocol, the HTTP Client component may be of interest to anyone building HTTP-aware client applications such as web browsers, web service clients, or systems that leverage or extend the HTTP protocol for distributed communication. -------------------------------------------------------------------------------- Update Information: This update fixes CVE-2015-5262 denial of service security vulnerability by respectinc configured SO_TIMEOUT parameter during SSL handshake. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1261538 - CVE-2015-5262jakarta-commons-httpclient, httpcomponents-core: missing HTTPS connection timeout https://bugzilla.redhat.com/show_bug.cgi?id=1261538 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update jakarta-commons-httpclient' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/admin/lists/package-announce.lists.fedoraproject.org/ . The Fedora 22 update for Jakarta Commons HTTPClient mitigates significant service disruption threats via optimized SSL handshake procedures.. Fedora Update,jakarta-commons-httpclient,Security Update,Denial of Service. . LinuxSecurity.com Team

Calendar 2 Oct 01, 2015 Fedora
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisoryremote code executionservice outage

Gentoo: 201112-04 High: TinTin++ Remote Code Execution Issue

Multiple vulnerabilities have been reported in TinTin++ which could allow a remote attacker to conduct several attacks, including the execution of arbitrary code and Denial of Service. [More...]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: TinTin++: Multiple vulnerabilities Date: November 20, 2011 Bugs: #209903 ID: 201111-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been reported in TinTin++ which could allow a remote attacker to conduct several attacks, including the execution of arbitrary code and Denial of Service. Background ========= TinTin++ is a free MUD gaming client. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 games-mud/tintin < 1.98.0 > = 1.98.0 Description ========== Multiple vulnerabilities have been discovered in TinTin++. Please review the CVE identifiers referenced below for details. Impact ===== Remote unauthenticated attackers may be able to execute arbitrary code with the privileges of the TinTin++ process, cause a Denial of Service, or truncate arbitrary files in the top level of the home directory belonging to the user running the TinTin++ process. Workaround ========= There is no known workaround at this time. Resolution ========= All TinTin++ users should upgrade to the latest stable version: # emerge --sync # emerge --ask --oneshot --verbose "> =games-mud/tintin-1.98.0" NOTE: This is a legacy GLSA. Updatesfor all affected architectures are available since March 25, 2008. It is likely that your system is already no longer affected by this issue. References ========= [ 1 ] CVE-2008-0671 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0671 [ 2 ] CVE-2008-0672 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0672 [ 3 ] CVE-2008-0673 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0673 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201111-07 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . Multiple vulnerabilities in TinTin++ could lead to code execution and denial of service. Upgrade to mitigate risks.. Gentoo Linux,TinTin++,Remote Code Execution. . LinuxSecurity.com Team

Calendar 2 Nov 20, 2011 Gentoo
Banner 2 1028x280 1708121730 1 1771599631
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorycritical issueFedora

Fedora Core 5: 2007-576 Critical: mod_perl Denial of Service

This update fixes a security issue in mod_perl. An issue was found in the "namespace_from_uri" method of the ModPerl::RegistryCooker class. If a server implemented a mod_perl registry module using this method, a remote attacker requesting a carefully crafted URI can cause resource consumption, which could lead to a denial of service. (CVE-2007-1349). ---------------------------------------------------------------------Fedora Update Notification FEDORA-2007-576 2007-06-11 ---------------------------------------------------------------------Product : Fedora Core 5 Name : mod_perl Version : 2.0.2 Release : 5.2.fc5 Summary : An embedded Perl interpreter for the Apache Web server Description : Mod_perl incorporates a Perl interpreter into the Apache web server, so that the Apache web server can directly execute Perl code. Mod_perl links the Perl runtime library into the Apache web server and provides an object-oriented Perl interface for Apache's C language API. The end result is a quicker CGI script turnaround process, since no external Perl interpreter has to be started. Install mod_perl if you're installing the Apache web server and you'd like for it to directly incorporate a Perl interpreter. ---------------------------------------------------------------------Update Information: This update fixes a security issue in mod_perl. An issue was found in the "namespace_from_uri" method of the ModPerl::RegistryCooker class. If a server implemented a mod_perl registry module using this method, a remote attacker requesting a carefully crafted URI can cause resource consumption, which could lead to a denial of service. (CVE-2007-1349) ---------------------------------------------------------------------* Fri Jun 8 2007 Joe Orton 2.0.2-5.2.fc5 - add security fix for CVE-2007-1349 - drop perl(warnings) provide (#228429) - drop perl(HTTP::Request::Common) provide ---------------------------------------------------------------------This update can bedownloaded from: 1b92c1ea6bd0f91f41ec010ecb55804c551afd74 SRPMS/mod_perl-2.0.2-5.2.fc5.src.rpm 1b92c1ea6bd0f91f41ec010ecb55804c551afd74 noarch/mod_perl-2.0.2-5.2.fc5.src.rpm c29bde551de3e22168d7ec13270632980ab35db7 ppc/debug/mod_perl-debuginfo-2.0.2-5.2.fc5.ppc.rpm f66643fd198d576dec55ed72617b019a171ab1f6 ppc/mod_perl-devel-2.0.2-5.2.fc5.ppc.rpm 56dba75ca6a4f68116c9803e21996b7e3c7e4a9a ppc/mod_perl-2.0.2-5.2.fc5.ppc.rpm 9bf9a6e3ee0e700da174cca618e30ac84b5ec4e2 x86_64/mod_perl-devel-2.0.2-5.2.fc5.x86_64.rpm b3ab3711356698f8aa9d626c25f78edbe0d3190a x86_64/mod_perl-2.0.2-5.2.fc5.x86_64.rpm b3801f05e3ec4e061b5ac70ecf958fbdfd61fbeb x86_64/debug/mod_perl-debuginfo-2.0.2-5.2.fc5.x86_64.rpm d59cb0f72b48b7e5a28e4ad4d6d7469aed05d12c i386/mod_perl-devel-2.0.2-5.2.fc5.i386.rpm 4fd5523eee7cfea55321c6630be82e9bce971b88 i386/debug/mod_perl-debuginfo-2.0.2-5.2.fc5.i386.rpm d41ac0744c6a69d7266accd3a6336d9861bebd4b i386/mod_perl-2.0.2-5.2.fc5.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at . ---------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Patch released for Fedora Core 5 to mitigate a serious vulnerability in mod_perl, aimed at preventing potential denial of service attacks.. Fedora Update, mod_perl Security, Denial of Service, Apache Perl. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jun 11, 2007 Critical Fedora
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorycode executiondebian

Debian: DSA 1069-1 Critical: Kernel Flaws Lead To Code Execution Risk

Updated package.. - --------------------------------------------------------------------------Debian Security Advisory DSA 1069-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Martin Schulze, Dann Frazier May 20th, 2006 http://www.debian.org/security/faq - --------------------------------------------------------------------------Package : kernel-source-2.4.18,kernel-image-2.4.18-1-alpha,kernel-image-2.4.18-1-i386,kernel-image-2.4.18-hppa,kernel-image-2.4.18-powerpc-xfs,kernel-patch-2.4.18-powerpc,kernel-patch-benh Vulnerability : several Problem-Type : local/remote Debian-specific: no CVE IDs : CVE-2004-0427 CVE-2005-0489 CVE-2004-0394 CVE-2004-0447 CVE-2004-0554 CVE-2004-0565 CVE-2004-0685 CVE-2005-0001 CVE-2004-0883 CVE-2004-0949 CVE-2004-1016 CVE-2004-1333 CVE-2004-0997 CVE-2004-1335 CVE-2004-1017 CVE-2005-0124 CVE-2005-0528 CVE-2003-0984 CVE-2004-1070 CVE-2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-0138 CVE-2004-1068 CVE-2004-1234 CVE-2005-0003 CVE-2004-1235 CVE-2005-0504 CVE-2005-0384 CVE-2005-0135 [This is a resend of the advisory text of DSA 1069-1, as the original one accidentally lacked te MD5 check sums] Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2004-0427 A local denial of service vulnerability in do_fork() has been found. CVE-2005-0489 A local denial of service vulnerability in proc memory handling has been found. CVE-2004-0394 A buffer overflow in the panic handling code has been found. CVE-2004-0447 A local denial of service vulnerability through a null pointer dereference in the IA64 process handling code has been found. CVE-2004-0554 A local denial of service vulnerability through an infinite loop in the signal handler code has been found. CVE-2004-0565 An information leak in the context switch code has been found on the IA64 architecture. CVE-2004-0685 Unsafe use of copy_to_user in USB drivers may disclose sensitive information. CVE-2005-0001 A race condition in the i386 page fault handler may allow privilege escalation. CVE-2004-0883 Multiple vulnerabilities in the SMB filesystem code may allow denial of service of information disclosure. CVE-2004-0949 An information leak discovered in the SMB filesystem code. CVE-2004-1016 A local denial of service vulnerability has been found in the SCM layer. CVE-2004-1333 An integer overflow in the terminal code may allow a local denial of service vulnerability. CVE-2004-0997 A local privilege escalation in the MIPS assembly code has been found. CVE-2004-1335 A memory leak in the ip_options_get() function may lead to denial of service. CVE-2004-1017 Multiple overflows exist in the io_edgeport driver which might be usable as a denial of service attack vector. CVE-2005-0124 Bryan Fulton reported a bounds checking bug in the coda_pioctl function which may allow local users to execute arbitrary code or trigger a denial of service attack. CVE-2005-0528 A local privilege escalation in the mremap function has been found CVE-2003-0984 Inproper initialization of the RTC may disclose information. CVE-2004-1070 Insufficient input sanitising in the load_elf_binary() function may lead to privilege escalation. CVE-2004-1071 Incorrect error handling in the binfmt_elf loader may lead to privilege escalation. CVE-2004-1072 A buffer overflow in the binfmt_elf loader may lead to privilege escalation or denial of service. CVE-2004-1073 The open_exec function may disclose information. CVE-2004-1074 The binfmt code is vulnerable to denial of service through malformed a.out binaries. CVE-2004-0138 A denial of service vulnerability in the ELF loader has been found. CVE-2004-1068 A programming error in the unix_dgram_recvmsg() function may lead to privilege escalation. CVE-2004-1234 The ELF loader is vulnerable to denial of service through malformed binaries. CVE-2005-0003 Crafted ELF binaries may lead to privilege escalation, due to insufficient checking of overlapping memory regions. CVE-2004-1235 A race condition in the load_elf_library() and binfmt_aout() functions may allow privilege escalation. CVE-2005-0504 An integer overflow in the Moxa driver may lead to privilege escalation. CVE-2005-0384 A remote denial of service vulnerability has been found in the PPP driver. CVE-2005-0135 An IA64 specific local denial of service vulnerability has been found in the unw_unwind_to_user() function. The following matrix explains which kernel version for which architecture fix the problems mentioned above: Debian 3.0 (woody) Source 2.4.18-14.4 Alpha architecture 2.4.18-15woody1 Intel IA-32 architecture 2.4.18-13.2 HP Precision architecture 62.4 PowerPC architecture 2.4.18-1woody6 PowerPC architecture/XFS 20020329woody1 PowerPC architecture/benh 20020304woody1 Sun Sparc architecture 22woody1 We recommend that you upgrade your kernel package immediately and reboot the machine. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-getdist-upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: Size/MD5 checksum: 664 e66eee8b35df5d9f780a2b09db3cdd05 Size/MD5 checksum: 81246 cb17a014905f2887f6b501f64f779e22 Size/MD5 checksum: 29818323 24b4c45a04a23eb4ce465eb326a6ddf2 Size/MD5 checksum: 750 522e81e5f4fdb2259bebef0e24f82b28 Size/MD5 checksum: 26998 d4788765906cfc6792dd5ec875a8ecaa Size/MD5 checksum: 1193 0ca8bc314ef54bc3ab4c9c296fd646ee Size/MD5 checksum: 72467 dce62d476deb5778a73e8d0cb1904c57 Size/MD5 checksum: 724 81445e6ef599c748a68b6ae584caaa97 Size/MD5 checksum: 33405 a50d4542f801e318b2778fcafba5f0b1 Size/MD5 checksum: 734 6b3f82a1442db234c98c1b5dd2df3b25 Size/MD5 checksum: 81919 86adfacbd335393287f4be825a2c8c89 Size/MD5 checksum: 561 59754208d1c08b2c43b0b0302853b3b0 Size/MD5 checksum: 6030131 4446b0b03cb22fe9b9c230e1a7879965 Architecture independent components: Size/MD5 checksum: 1721998 338b838922799a8b51263a0971fe48e9 Size/MD5 checksum: 24137152 0c4e20bf088cbdffbf68ba43ca26b2e1 Size/MD5 checksum: 79788 d2fd4e178d1b39f9b36d953ac8ec8743 Size/MD5 checksum: 6065046 a7108836d30e9b1e477acb49b0c0cf0f Alpha architecture: Size/MD5 checksum: 3351876 d9a4975763720d8fce7debc80bb79f63 Size/MD5 checksum: 3494576 3859c83de4315ed96f9708a51e045241 Size/MD5 checksum: 3496768 d71f68fc06c589873151f3f04bdf133e Size/MD5 checksum: 11694314 2aa8fd58fb3c399cb116e770f8a5d5d1 Size/MD5 checksum: 12027076 dd1c23f37e48ba9d0a7ddfa88cf45d29 Intel IA-32 architecture: Size/MD5 checksum: 3415450 d488aac93b07312e9dde5b91a6d631b2 Size/MD5checksum: 3505976 6eb395cc690576ec075a2b23ca4c2194 Size/MD5 checksum: 3506954 807ca24843a58cf85a5e68c89faca563 Size/MD5 checksum: 3507090 3c2546ab7c10ebf81fd455df8445a552 Size/MD5 checksum: 3507950 68223703c4365e52b72362d3e2c8de3f Size/MD5 checksum: 3506762 754fd28c88640d2adb48c9112f811550 Size/MD5 checksum: 3506818 8173434dda3517ca6d777b8a1288eb9c Size/MD5 checksum: 8802200 78add9adc25b766f6d2d71dce28c4bf6 Size/MD5 checksum: 8706062 472a648b1cc4aa7a48fd55181c65b791 Size/MD5 checksum: 8709404 eb6966cbe26c20b45b09182977574ab4 Size/MD5 checksum: 8961038 1297541ef30a29ad9650e1d40c24cd57 Size/MD5 checksum: 8659464 0ed399a5da73df3b35fcd215b5011263 Size/MD5 checksum: 8865500 1b56f2739d199dfc85edcba38386b4af Size/MD5 checksum: 231110 b6277e8187269984d46b9fbba104e195 Size/MD5 checksum: 230666 e7d69734cde1ea9172391aec10e11436 Size/MD5 checksum: 230198 ac36ed7f8dd38740a17837b2ea865fed Size/MD5 checksum: 233800 8a863bfd914780df5d33a39cd5de0aaf Size/MD5 checksum: 229768 556904c5c178f86edf7a8decbac09cc9 Size/MD5 checksum: 233054 cd4b0b4f688932c836220f77070cbd31 PowerPC architecture: Size/MD5 checksum: 11439898 64015e0730aa9cca7313c601d1c401f3 Size/MD5 checksum: 3433186 6a9e21c5ff417afe1b6c697c10f59de8 Size/MD5 checksum: 9451006 2c2b9ee09fa3e3635f785410683af1c1 Size/MD5 checksum: 10099720 4c85feb2001345ce597530d3d8b2bb86 Size/MD5 checksum: 10343584 dda622d41cbc718dc1e2202c50608f0f These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . The Debian 2.4.18 kerneladdresses several security issues, such as potential denial of service and vulnerabilities that could lead to arbitrary code execution.. Debian Security Update, Kernel Patch, Remote Access Risks, System Exploits. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 May 21, 2006 Critical Debian
Banner 2 1028x280 1708121730 1 1771599631
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here