Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 9 articles for you...
98
security advisoryRed Hatbug fixRed Hat Enterprise Linux 9 RHSA-2023-3722-01 Moderate OpenSSL DoS Fix
An update for openssl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: openssl security and bug fix update Advisory ID: RHSA-2023:3722-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:3722 Issue date: 2023-06-21 CVE Names: CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-1255 CVE-2023-2650 ==================================================================== 1. Summary: An update for openssl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: Possible DoS translating ASN.1 object identifiers(CVE-2023-2650) * openssl: Denial of service by excessive resource usage in verifying X509 policy constraints (CVE-2023-0464) * openssl: Invalid certificate policies in leaf certificates are silently ignored (CVE-2023-0465) * openssl: Certificate policy check not enabled (CVE-2023-0466) * openssl: Input buffer over-read in AES-XTSimplementation on 64 bit ARM (CVE-2023-1255) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * In FIPS mode, openssl KDFs should only allow selected hash algorithms (BZ#2175860) * In FIPS mode, openssl should reject short KDF input or output keys or provide an indicator (BZ#2175864) * In FIPS mode, openssl should provide an indicator for AES-GCM to query whether the IV was generated internally or provided externally (BZ#2175868) * openssl FIPS mode self-test should zeroize `out` in `verify_integrity` in providers/fips/self_test.c (BZ#2175873) * In FIPS mode, openssl should not support RSA encryption or decryption without padding (outside of RSASVE) or provide an indicator (BZ#2178029) * In FIPS mode, openssl should reject EVP_PKEY_fromdata() for short DHX keys, or provide an indicator (BZ#2178030) * In FIPS mode, openssl should not use the legacy ECDSA_do_sign(), RSA_public_encrypt(), RSA_private_decrypt() functions for pairwise consistency tests (BZ#2178034) * In FIPS mode, openssl should enter error state when DH PCT fails (BZ#2178039) * In FIPS mode, openssl should always run the PBKDF2 lower bounds checks or provide an indicator when the pkcs5 parameter is set to 1 (BZ#2178137) * Support requiring EMS in TLS 1.2, default to it when in FIPS mode (BZ#2188046) * OpenSSL rsa_verify_recover doesn't use the same key checks as rsa_verify in FIPS mode (BZ#2188052) * RHEL9.0 - sshd dumps core when ibmca engine is configured with default_algorithms = CIPHERS or ALL (openssl) (BZ#2211396) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 5. Bugs fixed (https://bugzilla.redhat.com/): 2175860 - In FIPS mode, openssl KDFs shouldonly allow selected hash algorithms [rhel-9.2.0.z] 2175864 - In FIPS mode, openssl should reject short KDF input or output keys or provide an indicator [rhel-9.2.0.z] 2175868 - In FIPS mode, openssl should provide an indicator for AES-GCM to query whether the IV was generated internally or provided externally [rhel-9.2.0.z] 2175873 - openssl FIPS mode self-test should zeroize `out` in `verify_integrity` in providers/fips/self_test.c [rhel-9.2.0.z] 2178029 - In FIPS mode, openssl should not support RSA encryption or decryption without padding (outside of RSASVE) or provide an indicator [rhel-9.2.0.z] 2178030 - In FIPS mode, openssl should reject EVP_PKEY_fromdata() for short DHX keys, or provide an indicator [rhel-9.2.0.z] 2178034 - In FIPS mode, openssl should not use the legacy ECDSA_do_sign(), RSA_public_encrypt(), RSA_private_decrypt() functions for pairwise consistency tests [rhel-9.2.0.z] 2178039 - In FIPS mode, openssl should enter error state when DH PCT fails [rhel-9.2.0.z] 2178137 - In FIPS mode, openssl should always run the PBKDF2 lower bounds checks or provide an indicator when the pkcs5 parameter is set to 1 [rhel-9.2.0.z] 2179379 - In FIPS mode, openssl should indicate that RSA encryption and RSASVE are unapproved [rhel-9.2.0.z] 2181082 - CVE-2023-0464 openssl: Denial of service by excessive resource usage in verifying X509 policy constraints 2182561 - CVE-2023-0465 openssl: Invalid certificate policies in leaf certificates are silently ignored 2182565 - CVE-2023-0466 openssl: Certificate policy check not enabled 2188046 - Support requiring EMS in TLS 1.2, default to it when in FIPS mode [rhel-9.2.0.z] 2188052 - OpenSSL rsa_verify_recover doesn't use the same key checks as rsa_verify in FIPS mode [rhel-9.2.0.z] 2188461 - CVE-2023-1255 openssl: Input buffer over-read in AES-XTS implementation on 64 bit ARM 2207947 - CVE-2023-2650 openssl: Possible DoS translating ASN.1 object identifiers 6. Package List: Red Hat Enterprise Linux AppStream (v.9): aarch64: openssl-debuginfo-3.0.7-16.el9_2.aarch64.rpm openssl-debugsource-3.0.7-16.el9_2.aarch64.rpm openssl-devel-3.0.7-16.el9_2.aarch64.rpm openssl-libs-debuginfo-3.0.7-16.el9_2.aarch64.rpm openssl-perl-3.0.7-16.el9_2.aarch64.rpm ppc64le: openssl-debuginfo-3.0.7-16.el9_2.ppc64le.rpm openssl-debugsource-3.0.7-16.el9_2.ppc64le.rpm openssl-devel-3.0.7-16.el9_2.ppc64le.rpm openssl-libs-debuginfo-3.0.7-16.el9_2.ppc64le.rpm openssl-perl-3.0.7-16.el9_2.ppc64le.rpm s390x: openssl-debuginfo-3.0.7-16.el9_2.s390x.rpm openssl-debugsource-3.0.7-16.el9_2.s390x.rpm openssl-devel-3.0.7-16.el9_2.s390x.rpm openssl-libs-debuginfo-3.0.7-16.el9_2.s390x.rpm openssl-perl-3.0.7-16.el9_2.s390x.rpm x86_64: openssl-debuginfo-3.0.7-16.el9_2.i686.rpm openssl-debuginfo-3.0.7-16.el9_2.x86_64.rpm openssl-debugsource-3.0.7-16.el9_2.i686.rpm openssl-debugsource-3.0.7-16.el9_2.x86_64.rpm openssl-devel-3.0.7-16.el9_2.i686.rpm openssl-devel-3.0.7-16.el9_2.x86_64.rpm openssl-libs-debuginfo-3.0.7-16.el9_2.i686.rpm openssl-libs-debuginfo-3.0.7-16.el9_2.x86_64.rpm openssl-perl-3.0.7-16.el9_2.x86_64.rpm Red Hat Enterprise Linux BaseOS (v.9): Source: openssl-3.0.7-16.el9_2.src.rpm aarch64: openssl-3.0.7-16.el9_2.aarch64.rpm openssl-debuginfo-3.0.7-16.el9_2.aarch64.rpm openssl-debugsource-3.0.7-16.el9_2.aarch64.rpm openssl-libs-3.0.7-16.el9_2.aarch64.rpm openssl-libs-debuginfo-3.0.7-16.el9_2.aarch64.rpm ppc64le: openssl-3.0.7-16.el9_2.ppc64le.rpm openssl-debuginfo-3.0.7-16.el9_2.ppc64le.rpm openssl-debugsource-3.0.7-16.el9_2.ppc64le.rpm openssl-libs-3.0.7-16.el9_2.ppc64le.rpm openssl-libs-debuginfo-3.0.7-16.el9_2.ppc64le.rpm s390x: openssl-3.0.7-16.el9_2.s390x.rpm openssl-debuginfo-3.0.7-16.el9_2.s390x.rpm openssl-debugsource-3.0.7-16.el9_2.s390x.rpm openssl-libs-3.0.7-16.el9_2.s390x.rpm openssl-libs-debuginfo-3.0.7-16.el9_2.s390x.rpm x86_64: openssl-3.0.7-16.el9_2.x86_64.rpm openssl-debuginfo-3.0.7-16.el9_2.i686.rpm openssl-debuginfo-3.0.7-16.el9_2.x86_64.rpm openssl-debugsource-3.0.7-16.el9_2.i686.rpm openssl-debugsource-3.0.7-16.el9_2.x86_64.rpm openssl-libs-3.0.7-16.el9_2.i686.rpm openssl-libs-3.0.7-16.el9_2.x86_64.rpm openssl-libs-debuginfo-3.0.7-16.el9_2.i686.rpm openssl-libs-debuginfo-3.0.7-16.el9_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-0464 https://access.redhat.com/security/cve/CVE-2023-0465 https://access.redhat.com/security/cve/CVE-2023-0466 https://access.redhat.com/security/cve/CVE-2023-1255 https://access.redhat.com/security/cve/CVE-2023-2650 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBZJNwkNzjgjWX9erEAQhVug/+OCeS8zuNQw9TZbXPIaKw8OzcWeIvViWS G8J0Tmb4GmO58XX5BRll9YY49E5Voa2V/Tq5Nq693rdkxb7aiN6zTBk+M2Bc6LKB MVnKebjYO9fHU8vrNx9zMxmdXuRe9GKpDbZf12e6k3QxX6q+N8oY7GqdCGJB6I/4 32JTzwrNTfxiMd54jSgBwuDmi6zg+aPXZ10IkefNQUEOH0zKaE2CBWqp04Okyg7b c0ugnOnuUEq5Z/lOjruOx/sfWxij69jSWvPjUqsCVSlb5HZxfMF5Cd2UGMc08wwx jh7vU9nTB1+T1E/olP0iRgNvHqiGX+9oIfD2v0HauR9uDGUr3px7JJ/LHH2WTcvv Tvl/xH4Kw89ssKw6JEzRJfAQSpbYgAx8+JuXVAvZUUrdBAf07tlqoBBtxPuSbmmO 4qDjbWZzVfpeuBhm3n1x4xr5WkEnTlikZf6UeOvlZr03HFlTNAx5bQCS2Ma/4jNF Sd8LKoC4Xk10TEjL/+9BQ+pJepMXwd941ElNouyFKSu0DV+nG6fyKflBDxCsTFsq 5b/lrhhHJv2/2VsSzHhe4uQ1BBAF8h/+V37oGVcHEmqI+RTjLOtKF99Mc05ih6bG pkdWjV4zF9ZplCMiNCeKzit1ZSSaQrDPHsJ2rnzdl6h93QSbxMNyEoDKKmSxkW+t X2F9Dp1A45Q=Uq7W -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 21, 2023
Red Hat
98
security advisorysecurity issueimportantRed Hat Software Collections RHSA-2022:4915-01 Key PostgreSQL Security Fix
An update for rh-postgresql12-postgresql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: rh-postgresql12-postgresql security update Advisory ID: RHSA-2022:4915-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2022:4915 Issue date: 2022-06-06 CVE Names: CVE-2022-1552 ==================================================================== 1. Summary: An update for rh-postgresql12-postgresql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: PostgreSQL is an advanced object-relational database management system (DBMS). The following packages have been upgraded to a later upstream version: rh-postgresql12-postgresql (12.11). Security Fix(es): * postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox (CVE-2022-1552) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Ifthe postgresql service is running, it will be automatically restarted after installing this update. 5. Bugs fixed (https://bugzilla.redhat.com/): 2081126 - CVE-2022-1552 postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v.7): Source: rh-postgresql12-postgresql-12.11-1.el7.src.rpm ppc64le: rh-postgresql12-postgresql-12.11-1.el7.ppc64le.rpm rh-postgresql12-postgresql-contrib-12.11-1.el7.ppc64le.rpm rh-postgresql12-postgresql-contrib-syspaths-12.11-1.el7.ppc64le.rpm rh-postgresql12-postgresql-debuginfo-12.11-1.el7.ppc64le.rpm rh-postgresql12-postgresql-devel-12.11-1.el7.ppc64le.rpm rh-postgresql12-postgresql-docs-12.11-1.el7.ppc64le.rpm rh-postgresql12-postgresql-libs-12.11-1.el7.ppc64le.rpm rh-postgresql12-postgresql-plperl-12.11-1.el7.ppc64le.rpm rh-postgresql12-postgresql-plpython-12.11-1.el7.ppc64le.rpm rh-postgresql12-postgresql-pltcl-12.11-1.el7.ppc64le.rpm rh-postgresql12-postgresql-server-12.11-1.el7.ppc64le.rpm rh-postgresql12-postgresql-server-syspaths-12.11-1.el7.ppc64le.rpm rh-postgresql12-postgresql-static-12.11-1.el7.ppc64le.rpm rh-postgresql12-postgresql-syspaths-12.11-1.el7.ppc64le.rpm rh-postgresql12-postgresql-test-12.11-1.el7.ppc64le.rpm s390x: rh-postgresql12-postgresql-12.11-1.el7.s390x.rpm rh-postgresql12-postgresql-contrib-12.11-1.el7.s390x.rpm rh-postgresql12-postgresql-contrib-syspaths-12.11-1.el7.s390x.rpm rh-postgresql12-postgresql-debuginfo-12.11-1.el7.s390x.rpm rh-postgresql12-postgresql-devel-12.11-1.el7.s390x.rpm rh-postgresql12-postgresql-docs-12.11-1.el7.s390x.rpm rh-postgresql12-postgresql-libs-12.11-1.el7.s390x.rpm rh-postgresql12-postgresql-plperl-12.11-1.el7.s390x.rpm rh-postgresql12-postgresql-plpython-12.11-1.el7.s390x.rpm rh-postgresql12-postgresql-pltcl-12.11-1.el7.s390x.rpm rh-postgresql12-postgresql-server-12.11-1.el7.s390x.rpm rh-postgresql12-postgresql-server-syspaths-12.11-1.el7.s390x.rpm rh-postgresql12-postgresql-static-12.11-1.el7.s390x.rpm rh-postgresql12-postgresql-syspaths-12.11-1.el7.s390x.rpm rh-postgresql12-postgresql-test-12.11-1.el7.s390x.rpm x86_64: rh-postgresql12-postgresql-12.11-1.el7.x86_64.rpm rh-postgresql12-postgresql-contrib-12.11-1.el7.x86_64.rpm rh-postgresql12-postgresql-contrib-syspaths-12.11-1.el7.x86_64.rpm rh-postgresql12-postgresql-debuginfo-12.11-1.el7.x86_64.rpm rh-postgresql12-postgresql-devel-12.11-1.el7.x86_64.rpm rh-postgresql12-postgresql-docs-12.11-1.el7.x86_64.rpm rh-postgresql12-postgresql-libs-12.11-1.el7.x86_64.rpm rh-postgresql12-postgresql-plperl-12.11-1.el7.x86_64.rpm rh-postgresql12-postgresql-plpython-12.11-1.el7.x86_64.rpm rh-postgresql12-postgresql-pltcl-12.11-1.el7.x86_64.rpm rh-postgresql12-postgresql-server-12.11-1.el7.x86_64.rpm rh-postgresql12-postgresql-server-syspaths-12.11-1.el7.x86_64.rpm rh-postgresql12-postgresql-static-12.11-1.el7.x86_64.rpm rh-postgresql12-postgresql-syspaths-12.11-1.el7.x86_64.rpm rh-postgresql12-postgresql-test-12.11-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-postgresql12-postgresql-12.11-1.el7.src.rpm x86_64: rh-postgresql12-postgresql-12.11-1.el7.x86_64.rpm rh-postgresql12-postgresql-contrib-12.11-1.el7.x86_64.rpm rh-postgresql12-postgresql-contrib-syspaths-12.11-1.el7.x86_64.rpm rh-postgresql12-postgresql-debuginfo-12.11-1.el7.x86_64.rpm rh-postgresql12-postgresql-devel-12.11-1.el7.x86_64.rpm rh-postgresql12-postgresql-docs-12.11-1.el7.x86_64.rpm rh-postgresql12-postgresql-libs-12.11-1.el7.x86_64.rpm rh-postgresql12-postgresql-plperl-12.11-1.el7.x86_64.rpm rh-postgresql12-postgresql-plpython-12.11-1.el7.x86_64.rpm rh-postgresql12-postgresql-pltcl-12.11-1.el7.x86_64.rpm rh-postgresql12-postgresql-server-12.11-1.el7.x86_64.rpm rh-postgresql12-postgresql-server-syspaths-12.11-1.el7.x86_64.rpm rh-postgresql12-postgresql-static-12.11-1.el7.x86_64.rpm rh-postgresql12-postgresql-syspaths-12.11-1.el7.x86_64.rpm rh-postgresql12-postgresql-test-12.11-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-1552 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details athttps://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYp4VldzjgjWX9erEAQj0EA/+PAxatmjbCz/OmgeWv3iwUdORVVV022Jn mVUhv40QSB9z3GRlod0rM55m43eSzNHD4yDqEosFGM/JPaa1r0fCYdVjqqpHGqEB YcZzhSOQbc1hSWWZyQlqflLuo1cgQ+SWfhW/m4wWW722m4QvLz0cBa86Aa06igpF OTiMPjbOC5EwB3ssqUSZmFtbwygKiPSnhsrANj9pUlLlTATkhDnX+spfBhpTfJVt TkkXnXsqDBDwQITceVUNVpb5DT0oS0OMHY4uCxRaDu8/pQiIp/RmztN9ydyZdbK1 qUuQB/XTnEC12FJXDsjzklD2wFvqG0/b8Wsn/Ci4a1pUXl7MhAP3Wq+56S0SOga3 BeK7O9ujRD7tLwHszTW6gFGDPBj5BwdwlGssHMcOJfO7uFgGgXfzKvtHAKENN1N6 UF+oTaeYrlKm98tkYRqbWOeYOO8IHRpV4jxXZ6WCbjuoGhk6Jud2egEvYmMgOUoF JU3DV4v2B2fQPwJpjZU6BVhhXRO+oF4n7JWD/CAr7Rw+2fqQHPeso2/fH/NvElJ9 MopD/51i4sFBMNxePklXZrBkub8xcgQHciujbbBuxq/XytpFa5UqZv77YeBbQcMu EN6Iea7LAtIwSh7LJWoGfJbxHR2WR1Q0aR0bIL2lWwO5rgBXyCNpRmhw+tE+tlr6 U1DioyhwUFc=80SD -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 06, 2022
•Important
Red Hat
98
security advisorycriticalcode executionRHEL 7.7: RHSA-2022:0664 Critical: Samba Code Execution Risk
An update for samba is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update Support, and Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Critical: samba security update Advisory ID: RHSA-2022:0664-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0664 Issue date: 2022-02-23 CVE Names: CVE-2021-44142 ==================================================================== 1. Summary: An update for samba is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update Support, and Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.7) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.7) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.7) - noarch, x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.6) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.7) - noarch, x86_64 Red Hat Enterprise Linux Server TUS (v. 7.7) - noarch, x86_64 3. Description: Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es): * samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows codeexecution (CVE-2021-44142) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the smb service will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 2046146 - CVE-2021-44142 samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.7): Source: samba-4.9.1-12.el7_7.src.rpm noarch: samba-common-4.9.1-12.el7_7.noarch.rpm x86_64: libsmbclient-4.9.1-12.el7_7.i686.rpm libsmbclient-4.9.1-12.el7_7.x86_64.rpm libwbclient-4.9.1-12.el7_7.i686.rpm libwbclient-4.9.1-12.el7_7.x86_64.rpm samba-4.9.1-12.el7_7.x86_64.rpm samba-client-4.9.1-12.el7_7.x86_64.rpm samba-client-libs-4.9.1-12.el7_7.i686.rpm samba-client-libs-4.9.1-12.el7_7.x86_64.rpm samba-common-libs-4.9.1-12.el7_7.x86_64.rpm samba-common-tools-4.9.1-12.el7_7.x86_64.rpm samba-debuginfo-4.9.1-12.el7_7.i686.rpm samba-debuginfo-4.9.1-12.el7_7.x86_64.rpm samba-krb5-printing-4.9.1-12.el7_7.x86_64.rpm samba-libs-4.9.1-12.el7_7.i686.rpm samba-libs-4.9.1-12.el7_7.x86_64.rpm samba-python-4.9.1-12.el7_7.i686.rpm samba-python-4.9.1-12.el7_7.x86_64.rpm samba-winbind-4.9.1-12.el7_7.x86_64.rpm samba-winbind-clients-4.9.1-12.el7_7.x86_64.rpm samba-winbind-modules-4.9.1-12.el7_7.i686.rpm samba-winbind-modules-4.9.1-12.el7_7.x86_64.rpm Red Hat Enterprise Linux Server E4S (v.7.7): Source: samba-4.9.1-12.el7_7.src.rpm noarch: samba-common-4.9.1-12.el7_7.noarch.rpm ppc64le: libsmbclient-4.9.1-12.el7_7.ppc64le.rpm libwbclient-4.9.1-12.el7_7.ppc64le.rpm samba-4.9.1-12.el7_7.ppc64le.rpm samba-client-4.9.1-12.el7_7.ppc64le.rpm samba-client-libs-4.9.1-12.el7_7.ppc64le.rpm samba-common-libs-4.9.1-12.el7_7.ppc64le.rpm samba-common-tools-4.9.1-12.el7_7.ppc64le.rpm samba-debuginfo-4.9.1-12.el7_7.ppc64le.rpm samba-krb5-printing-4.9.1-12.el7_7.ppc64le.rpm samba-libs-4.9.1-12.el7_7.ppc64le.rpm samba-winbind-4.9.1-12.el7_7.ppc64le.rpm samba-winbind-clients-4.9.1-12.el7_7.ppc64le.rpm samba-winbind-modules-4.9.1-12.el7_7.ppc64le.rpm x86_64: libsmbclient-4.9.1-12.el7_7.i686.rpm libsmbclient-4.9.1-12.el7_7.x86_64.rpm libwbclient-4.9.1-12.el7_7.i686.rpm libwbclient-4.9.1-12.el7_7.x86_64.rpm samba-4.9.1-12.el7_7.x86_64.rpm samba-client-4.9.1-12.el7_7.x86_64.rpm samba-client-libs-4.9.1-12.el7_7.i686.rpm samba-client-libs-4.9.1-12.el7_7.x86_64.rpm samba-common-libs-4.9.1-12.el7_7.x86_64.rpm samba-common-tools-4.9.1-12.el7_7.x86_64.rpm samba-debuginfo-4.9.1-12.el7_7.i686.rpm samba-debuginfo-4.9.1-12.el7_7.x86_64.rpm samba-krb5-printing-4.9.1-12.el7_7.x86_64.rpm samba-libs-4.9.1-12.el7_7.i686.rpm samba-libs-4.9.1-12.el7_7.x86_64.rpm samba-python-4.9.1-12.el7_7.i686.rpm samba-python-4.9.1-12.el7_7.x86_64.rpm samba-winbind-4.9.1-12.el7_7.x86_64.rpm samba-winbind-clients-4.9.1-12.el7_7.x86_64.rpm samba-winbind-modules-4.9.1-12.el7_7.i686.rpm samba-winbind-modules-4.9.1-12.el7_7.x86_64.rpm Red Hat Enterprise Linux Server TUS (v.7.7): Source: samba-4.9.1-12.el7_7.src.rpm noarch: samba-common-4.9.1-12.el7_7.noarch.rpm x86_64: libsmbclient-4.9.1-12.el7_7.i686.rpm libsmbclient-4.9.1-12.el7_7.x86_64.rpm libwbclient-4.9.1-12.el7_7.i686.rpm libwbclient-4.9.1-12.el7_7.x86_64.rpm samba-4.9.1-12.el7_7.x86_64.rpm samba-client-4.9.1-12.el7_7.x86_64.rpm samba-client-libs-4.9.1-12.el7_7.i686.rpm samba-client-libs-4.9.1-12.el7_7.x86_64.rpm samba-common-libs-4.9.1-12.el7_7.x86_64.rpm samba-common-tools-4.9.1-12.el7_7.x86_64.rpm samba-debuginfo-4.9.1-12.el7_7.i686.rpm samba-debuginfo-4.9.1-12.el7_7.x86_64.rpm samba-krb5-printing-4.9.1-12.el7_7.x86_64.rpm samba-libs-4.9.1-12.el7_7.i686.rpm samba-libs-4.9.1-12.el7_7.x86_64.rpm samba-python-4.9.1-12.el7_7.i686.rpm samba-python-4.9.1-12.el7_7.x86_64.rpm samba-winbind-4.9.1-12.el7_7.x86_64.rpm samba-winbind-clients-4.9.1-12.el7_7.x86_64.rpm samba-winbind-modules-4.9.1-12.el7_7.i686.rpm samba-winbind-modules-4.9.1-12.el7_7.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.7): noarch: samba-pidl-4.9.1-12.el7_7.noarch.rpm x86_64: libsmbclient-devel-4.9.1-12.el7_7.i686.rpm libsmbclient-devel-4.9.1-12.el7_7.x86_64.rpm libwbclient-devel-4.9.1-12.el7_7.i686.rpm libwbclient-devel-4.9.1-12.el7_7.x86_64.rpm samba-dc-4.9.1-12.el7_7.x86_64.rpm samba-dc-libs-4.9.1-12.el7_7.x86_64.rpm samba-debuginfo-4.9.1-12.el7_7.i686.rpm samba-debuginfo-4.9.1-12.el7_7.x86_64.rpm samba-devel-4.9.1-12.el7_7.i686.rpm samba-devel-4.9.1-12.el7_7.x86_64.rpm samba-python-test-4.9.1-12.el7_7.x86_64.rpm samba-test-4.9.1-12.el7_7.x86_64.rpm samba-test-libs-4.9.1-12.el7_7.i686.rpm samba-test-libs-4.9.1-12.el7_7.x86_64.rpm samba-vfs-glusterfs-4.9.1-12.el7_7.x86_64.rpm samba-winbind-krb5-locator-4.9.1-12.el7_7.x86_64.rpm Red Hat Enterprise Linux Server Optional E4S (v.7.6): noarch: samba-pidl-4.9.1-12.el7_7.noarch.rpm ppc64le: libsmbclient-devel-4.9.1-12.el7_7.ppc64le.rpm libwbclient-devel-4.9.1-12.el7_7.ppc64le.rpm samba-dc-4.9.1-12.el7_7.ppc64le.rpm samba-dc-libs-4.9.1-12.el7_7.ppc64le.rpm samba-debuginfo-4.9.1-12.el7_7.ppc64le.rpm samba-devel-4.9.1-12.el7_7.ppc64le.rpm samba-python-4.9.1-12.el7_7.ppc64le.rpm samba-python-test-4.9.1-12.el7_7.ppc64le.rpm samba-test-4.9.1-12.el7_7.ppc64le.rpm samba-test-libs-4.9.1-12.el7_7.ppc64le.rpm samba-winbind-krb5-locator-4.9.1-12.el7_7.ppc64le.rpm x86_64: libsmbclient-devel-4.9.1-12.el7_7.i686.rpm libsmbclient-devel-4.9.1-12.el7_7.x86_64.rpm libwbclient-devel-4.9.1-12.el7_7.i686.rpm libwbclient-devel-4.9.1-12.el7_7.x86_64.rpm samba-dc-4.9.1-12.el7_7.x86_64.rpm samba-dc-libs-4.9.1-12.el7_7.x86_64.rpm samba-debuginfo-4.9.1-12.el7_7.i686.rpm samba-debuginfo-4.9.1-12.el7_7.x86_64.rpm samba-devel-4.9.1-12.el7_7.i686.rpm samba-devel-4.9.1-12.el7_7.x86_64.rpm samba-python-test-4.9.1-12.el7_7.x86_64.rpm samba-test-4.9.1-12.el7_7.x86_64.rpm samba-test-libs-4.9.1-12.el7_7.i686.rpm samba-test-libs-4.9.1-12.el7_7.x86_64.rpm samba-vfs-glusterfs-4.9.1-12.el7_7.x86_64.rpm samba-winbind-krb5-locator-4.9.1-12.el7_7.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.7): noarch: samba-pidl-4.9.1-12.el7_7.noarch.rpm x86_64: libsmbclient-devel-4.9.1-12.el7_7.i686.rpm libsmbclient-devel-4.9.1-12.el7_7.x86_64.rpm libwbclient-devel-4.9.1-12.el7_7.i686.rpm libwbclient-devel-4.9.1-12.el7_7.x86_64.rpm samba-dc-4.9.1-12.el7_7.x86_64.rpm samba-dc-libs-4.9.1-12.el7_7.x86_64.rpm samba-debuginfo-4.9.1-12.el7_7.i686.rpm samba-debuginfo-4.9.1-12.el7_7.x86_64.rpm samba-devel-4.9.1-12.el7_7.i686.rpm samba-devel-4.9.1-12.el7_7.x86_64.rpm samba-python-test-4.9.1-12.el7_7.x86_64.rpm samba-test-4.9.1-12.el7_7.x86_64.rpm samba-test-libs-4.9.1-12.el7_7.i686.rpm samba-test-libs-4.9.1-12.el7_7.x86_64.rpm samba-vfs-glusterfs-4.9.1-12.el7_7.x86_64.rpm samba-winbind-krb5-locator-4.9.1-12.el7_7.x86_64.rpm These packages are GPG signed by Red Hat for security. Ourkey and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-44142 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYhaxfdzjgjWX9erEAQgiRA/+OW3s71s6N96G2iZh1w2A+AJhuPR9g/R9 xQ42N7OxSjqyXuGBEa75FNSg+ynFxWKaCCMs4WKT18gTw5njQJNzGAcdZ+czZBzd M3gHIbUH/KJ2OlwwGGaGvXQJfEYaQPEeqFsuvkNUYEr9fBPshjl8fNNZwqV8FIqm mQMt8PcHIfLVgbKASIc+qNEZS7ql97w3U1sYAHjwhtPNAYNlbW/jjRNrnILhgHoj Io1zIpN+qa4wZ40H3SCpGd6sC7RVqZps7nt4l73mLBewuWzJItLHTFfjI51NsNK+ 0j4VxTAwaLlh98+4R9ddbMAcySLlm9Vua3N44nFmnEZIP+ugwvJIL201l2yfxEV4 VKO0exmDqtIOBk7fuN0A+Oj9qJHxnWAAQF993jSpFt57aW9T8m+Uh6AXO2Gv7+eu 8kBd69TWwnUjHh6KbxVMV2aM675B+zLxuI1gKlAKs3DRCQf0IfKDPAuHz1qST2LM 4bT7gYV8SixAz69mGSvWyd0CP9nKYBu5iXkwaHut6BdwegUHqn5au0zmTIoU+mfi lyQ2x1q0fB3kw5Z0fKw7ZNwpBkw/B133fKcb4qLUbJZg9sxXEY3XZH/wm2Bi2U8+ Lz7XCoeJCnH8I/P9WbxSX3EZir8Z0qoNTsdFxYpVsjhQ82pbqGHRBjIWG4iXzTCi /LuSuXQFenk=EUCP -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Feb 23, 2022
•Critical
Red Hat
87
security advisorydebianbug fixDebian Stretch DSA-4367-2 Critical Systemd Memory Leak Resolution
The Qualys Research Labs reported that the backported security fixes shipped in DSA 4367-1 contained a memory leak in systemd-journald. This and an unrelated bug in systemd-coredump are corrected in this update. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-4367-2
Jan 15, 2019
•Critical
Debian
200
security advisorymoderateopensshScientific Linux 6: 2016:0466-1 Moderate: openssh Security Update
Moderate: openssh security update. Date: Mon, 21 Mar 2016 21:49:50 -0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Moderate: openssh on SL6.x i386/x86_64 MIME-Version: 1.0 Message-ID: Synopsis: Moderate: openssh security update Advisory ID: SLSA-2016:0466-1 Issue Date: 2016-03-21 CVE Numbers: CVE-2015-5600 CVE-2016-3115 -- It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions. (CVE-2016-3115) It was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks. (CVE-2015-5600) After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically. -- SL6 x86_64 openssh-5.3p1-114.el6_7.x86_64.rpm openssh-askpass-5.3p1-114.el6_7.x86_64.rpm openssh-clients-5.3p1-114.el6_7.x86_64.rpm openssh-debuginfo-5.3p1-114.el6_7.x86_64.rpm openssh-server-5.3p1-114.el6_7.x86_64.rpm openssh-debuginfo-5.3p1-114.el6_7.i686.rpm openssh-ldap-5.3p1-114.el6_7.x86_64.rpm pam_ssh_agent_auth-0.9.3-114.el6_7.i686.rpm pam_ssh_agent_auth-0.9.3-114.el6_7.x86_64.rpm i386 openssh-5.3p1-114.el6_7.i686.rpm openssh-askpass-5.3p1-114.el6_7.i686.rpm openssh-clients-5.3p1-114.el6_7.i686.rpm openssh-debuginfo-5.3p1-114.el6_7.i686.rpm openssh-server-5.3p1-114.el6_7.i686.rpm openssh-ldap-5.3p1-114.el6_7.i686.rpm pam_ssh_agent_auth-0.9.3-114.el6_7.i686.rpm - Scientific Linux Development Team . A minor security patch for OpenSSH has been released on Scientific Linux 6 to fix issues related to user login problems. openssh security update, scientific linux patch, moderate security fix, sshd vulnerability. . Severity: Important. LinuxSecurity.com Team
Mar 21, 2016
•Important
Scientific Linux
99
security advisorysoftware updateDoS attackSlackware 14.1: 2015-209-01 Critical Patching for BIND DoS Threat
New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] bind (SSA:2015-209-01) New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/bind-9.9.7_P2-i486-1_slack14.1.txz: Upgraded. This update fixes a security issue where an error in the handling of TKEY queries can be exploited by an attacker for use as a denial-of-service vector, as a constructed packet can use the defect to trigger a REQUIRE assertion failure, causing BIND to exit. Impact: Both recursive and authoritative servers are vulnerable to this defect. Additionally, exposure is not prevented by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling, before checks enforcing those boundaries. Operators should take steps to upgrade to a patched version as soon as possible. For more information, see: https://www.cve.org/CVERecord?id=CVE-2015-5477 https://kb.isc.org/docs/aa-01272 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 13.0: Updated package for Slackware x86_64 13.0: Updated package for Slackware 13.1: Updated package for Slackware x86_64 13.1: Updated package for Slackware 13.37: Updated package for Slackware x86_64 13.37: Updated package for Slackware 14.0: Updated package for Slackware x86_64 14.0: Updated package for Slackware 14.1: Updated package for Slackware x86_64 14.1: Updated package forSlackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 13.0 package: 6a7f7bbc83fd3d189d1e43f672deb33d bind-9.9.7_P2-i486-1_slack13.0.txz Slackware x86_64 13.0 package: 3b8306bfbec7ff968762ab5c38e7d419 bind-9.9.7_P2-x86_64-1_slack13.0.txz Slackware 13.1 package: cfb8dfe797158a769697c261f2e5114c bind-9.9.7_P2-i486-1_slack13.1.txz Slackware x86_64 13.1 package: 417b3bb461e5fd5aae6b671fd584a1ae bind-9.9.7_P2-x86_64-1_slack13.1.txz Slackware 13.37 package: df46b76823c598beb2d0f47f2b6a9813 bind-9.9.7_P2-i486-1_slack13.37.txz Slackware x86_64 13.37 package: b17f5230240b9a0738e2066897b09a40 bind-9.9.7_P2-x86_64-1_slack13.37.txz Slackware 14.0 package: c9f9074c811f470009e6dda97dc5ff68 bind-9.9.7_P2-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 578d63e26fee2783502f0828dc3d491c bind-9.9.7_P2-x86_64-1_slack14.0.txz Slackware 14.1 package: 9e27701833bd20df42e25418ffa8fdca bind-9.9.7_P2-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 4b9c8c11a38c28ca2f12e8f97e3763c6 bind-9.9.7_P2-x86_64-1_slack14.1.txz Slackware -current package: c47d83f7a7b31902e802df3b72d1e902 n/bind-9.10.2_P3-i586-1.txz Slackware x86_64 -current package: c95fcfd95ed0261a2dedee90432f34c7 n/bind-9.10.2_P3-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg bind-9.9.7_P2-i486-1_slack14.1.txz Then, restart the name server: # /etc/rc.d/rc.bind restart +-----+ . Urgent updates released for Fedora to address a significant security vulnerability in the authentication service. Please upgrade now.. Bind Security, Slackware Update, DoS Mitigation. . Severity: Critical. LinuxSecurity.com Team
Jul 28, 2015
•Critical
Slackware
200
security advisorysecurity updateunauthorized accessScientific Linux: SLSA-2015:0895-1 Important: 389-Ds-Base Security Update
Important: kvm security update. Date: Thu, 30 Apr 2015 17:17:02 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA important: Important: 389-Ds-Base Security Update on SL7.x srpm/x86_64 MIME-Version: 1.0 important: Important: 389-Ds-Base Security Update on SL7.x srpm/x86_64 Advisory ID: SLSA-2015:0895-1 Issue Date: 2015-04-28 CVE Numbers: CVE-2015-1854 -- A flaw was found in the way the Directory Server performed authorization of modrdn operations. An unauthenticated attacker able to issue an ldapmodrdn call to the directory server could use this flaw to perform unauthorized modifications of entries in the directory server. (CVE-2015-1854) After installing this update, the 389 server service will be restarted automatically. -- SL7 x86_64 389-ds-base-1.3.3.1-16.el7_1.x86_64.rpm 389-ds-base-debuginfo-1.3.3.1-16.el7_1.x86_64.rpm 389-ds-base-libs-1.3.3.1-16.el7_1.x86_64.rpm 389-ds-base-devel-1.3.3.1-16.el7_1.x86_64.rpm srpm 389-ds-base-1.3.3.1-16.el7_1.src.rpm - Scientific Linux Development Team lastline . A significant security patch for the 389-Ds-Core on CentOS targeting essential access vulnerabilities.. 389-Ds-Base, Scientific Linux, Directory Server Update, Security Fix. . Severity: Important. LinuxSecurity.com Team
Apr 30, 2015
•Important
Scientific Linux
200
security advisorysecurity issuecriticalScientific Linux 7: SLSA-2015:0252-1 Critical Samba Remote Code Execution
Critical: samba security update. Date: Mon, 23 Feb 2015 22:42:21 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Critical: samba on SL7.x x86_64 MIME-Version: 1.0 Synopsis: Critical: samba security update Advisory ID: SLSA-2015:0252-1 Issue Date: 2015-02-23 CVE Numbers: CVE-2015-0240 -- An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) After installing this update, the smb service will be restarted automatically. -- SL7 x86_64 libsmbclient-4.1.1-38.el7_0.i686.rpm libsmbclient-4.1.1-38.el7_0.x86_64.rpm libwbclient-4.1.1-38.el7_0.i686.rpm libwbclient-4.1.1-38.el7_0.x86_64.rpm samba-client-4.1.1-38.el7_0.x86_64.rpm samba-common-4.1.1-38.el7_0.x86_64.rpm samba-debuginfo-4.1.1-38.el7_0.i686.rpm samba-debuginfo-4.1.1-38.el7_0.x86_64.rpm samba-libs-4.1.1-38.el7_0.i686.rpm samba-libs-4.1.1-38.el7_0.x86_64.rpm samba-winbind-4.1.1-38.el7_0.x86_64.rpm samba-winbind-modules-4.1.1-38.el7_0.i686.rpm samba-winbind-modules-4.1.1-38.el7_0.x86_64.rpm - Scientific Linux Development Team . Important samba patch resolving uninitialized pointer vulnerability. Update to mitigate potential code execution threats on CentOS.. samba update, security patch, Scientific Linux. . Severity: Critical. LinuxSecurity.com Team
Feb 23, 2015
•Critical
Scientific Linux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!