Alerts This Week
Warning Icon 1 562
Alerts This Week
Warning Icon 1 562

Stay Secure with the Latest Linux Advisories

Ubuntu Large Esm H800
Ubuntu

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H800
Ubuntu

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Calendar White Jun 03, 2026
Critical
Oracle Large Esm H900
Oracle

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Calendar White Jun 03, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Calendar White Jun 02, 2026
moderate
Oracle Large Esm H800
Oracle

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Calendar White Jun 02, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Calendar White Jun 02, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -1 articles for you...
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryFedoracritical severity

Fedora 39: FEDORA-2023-d2956318e4 Urgent: python-asyncssh Session Threat

Security fix for CVE-2023-46446 and CVE-2023-46445. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-d2956318e4 2023-11-26 01:54:52.536334 -------------------------------------------------------------------------------- Name : python-asyncssh Product : Fedora 39 Version : 2.14.1 Release : 1.fc39 URL : https://github.com/ronf/asyncssh Summary : Asynchronous SSH for Python Description : Python 3 library for asynchronous client and server-side SSH communication. It uses the Python asyncio module and implements many SSH protocol features such as the various channels, SFTP, SCP, forwarding, session multiplexing over a connection and more. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2023-46446 and CVE-2023-46445 -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 11 2023 Georg Sauthoff - 2.14.1-1 - Update to latest upstream version (fixes fedora#2241582) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2250326 - CVE-2023-46445 python-asyncssh: Rogue Extension Negotiation https://bugzilla.redhat.com/show_bug.cgi?id=2250326 [ 2 ] Bug #2250329 - CVE-2023-46446 python-asyncssh: Rogue Session Attack https://bugzilla.redhat.com/show_bug.cgi?id=2250329 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-d2956318e4' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . A critical update for python-asyncssh has been released in Fedora 39 to address security flaws. It’s essential for users to upgrade without delay.. Fedora Security Advisory, Python SSH, Attack Mitigation. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Nov 26, 2023 Critical Fedora
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisoryupdatedebian

Debian LTS: DLA-1790-1 Critical: Lemonldap-ng Session Attack Fix

Erratum: bad versions An attack vector was discovered by lemonldap-ng developers. When the SAML or CAS service provider is enable and the administrator has chosen to store . Package : lemonldap-ng Version : 1.3.3-1+deb9u1 CVE ID : CVE-2019-12046 Debian Bug : 928944 Erratum: bad versions An attack vector was discovered by lemonldap-ng developers. When the SAML or CAS service provider is enable and the administrator has chosen to store SAML/CAS tokens in the session database, an attacker can open an anonymous session to connect to any protected application that does not have specific access rules. For Debian 8 "Jessie", this problem has been fixed in version 1.3.3-1+deb9u1. We recommend that you upgrade your lemonldap-ng packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Boost your Debian LTS setup by updating lemonldap-ng to mitigate and resolve session hijacking threats.. lemonldap-ng security update, Debian LTS advisory, session management issues. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 May 18, 2019 Critical Debian LTS
Banner 2 1028x280 1708121730 1 1771599631
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisoryRed HatDoS

Red Hat: RHSA-2015:1686-01 Moderate: Django DoS Issue in OpenStack

Updated python-django packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5. Red Hat Product Security has rated this update as having Moderate security [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Moderate: python-django security update Advisory ID: RHSA-2015:1686-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2015:1686.html Issue date: 2015-08-25 CVE Names: CVE-2015-5143 ==================================================================== 1. Summary: Updated python-django packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - noarch Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7 - noarch 3. Description: Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. A flaw was found in the Django session backend, which could allow an unauthenticated attacker to create session records in the configured session store, causing a denial of service by filling up the session store. (CVE-2015-5143) Red Hat would like to thank the upstream Django project for reporting this issue. All python-django users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have beenapplied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1239010 - CVE-2015-5143 Django: possible DoS by filling session store 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6: Source: python-django-1.6.11-1.el6ost.src.rpm noarch: python-django-1.6.11-1.el6ost.noarch.rpm python-django-bash-completion-1.6.11-1.el6ost.noarch.rpm python-django-doc-1.6.11-1.el6ost.noarch.rpm Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7: Source: python-django-1.6.11-2.el7ost.src.rpm noarch: python-django-1.6.11-2.el7ost.noarch.rpm python-django-bash-completion-1.6.11-2.el7ost.noarch.rpm python-django-doc-1.6.11-2.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5143 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. . New django-related packages released for Red Hat addressing a moderate security vulnerability. This update resolves an issue that could lead to denial of service in the session storage.. Red Hat Enterprise, python-django update, OpenStack security fix. . LinuxSecurity.com Team

Calendar 2 Aug 25, 2015 Red Hat
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisoryred hatbug fix

Red Hat 5: RHSA-2013:0128-01 Low: Conga Session Attack Fix

Updated conga packages that fix one security issue, multiple bugs, and add two enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Low: conga security, bug fix, and enhancement update Advisory ID: RHSA-2013:0128-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2013:0128.html Issue date: 2013-01-08 CVE Names: CVE-2012-3359 ==================================================================== 1. Summary: Updated conga packages that fix one security issue, multiple bugs, and add two enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Clustering (v. 5 server) - i386, ia64, ppc, x86_64 3. Description: The Conga project is a management system for remote workstations. It consists of luci, which is a secure web-based front end, and ricci, which is a secure daemon that dispatches incoming messages to underlying management modules. It was discovered that luci stored usernames and passwords in session cookies. This issue prevented the session inactivity timeout feature from working correctly, and allowed attackers able to get access to a session cookie to obtain the victim's authentication credentials. (CVE-2012-3359) Red Hat would like to thank George Hedfors of Cybercom Sweden East AB for reporting this issue. This update also fixes the following bugs: * Prior to this update, luci did not allow the fence_apc_snmp agent to be configured. As a consequence, users could not configure or view an existing configuration forfence_apc_snmp. This update adds a new screen that allows fence_apc_snmp to be configured. (BZ#832181) * Prior to this update, luci did not allow the SSL operation of the fence_ilo fence agent to be enabled or disabled. As a consequence, userscould not configure or view an existing configuration for the 'ssl' attribute for fence_ilo. This update adds a checkbox to show whether the SSL operation is enabled and allows users to edit that attribute. (BZ#832183) * Prior to this update, luci did not allow the "identity_file" attribute of the fence_ilo_mp fence agent to be viewed or edited. As a consequence, users could not configure or view an existing configuration for the "identity_file" attribute of the fence_ilo_mp fence agent. This update adds a text input box to show the current state of the "identity_file" attribute of fence_ilo_mp and allows users to edit that attribute. (BZ#832185) * Prior to this update, redundant files and directories remained on the file system at /var/lib/luci/var/pts and /usr/lib{,64}/luci/zope/var/pts when the luci package was uninstalled. This update removes these files and directories when the luci package is uninstalled. (BZ#835649) * Prior to this update, the "restart-disable" recovery policy was not displayed in the recovery policy list from which users could select when they configure a recovery policy for a failover domain. As a consequence, the "restart-disable" recovery policy could not be set with the luci GUI. This update adds the "restart-disable" recovery option to the recovery policy pulldown list. (BZ#839732) * Prior to this update, line breaks that were not anticipated in the "yum list" output could cause package upgrade and/or installation to fail when creating clusters or adding nodes to existing clusters. As a consequence, creating clusters and adding cluster nodes to existing clusters could fail. This update modifies the ricci daemon to be able to correctly handle line breaks in the "yum list" output. (BZ#842865) In addition, this update adds the followingenhancements: * This update adds support for configuring the Intel iPDU fence agent to the luci package. (BZ#741986) * This update adds support for viewing and changing the state of the new 'nfsrestart' attribute to the FS and Cluster FS resource agent configuration screens. (BZ#822633) All users of conga are advised to upgrade to these updated packages, which resolve these issues and add these enhancements. After installing this update, the luci and ricci services will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 607179 - CVE-2012-3359 conga: insecure handling of luci web interface sessions 832181 - fence_apc_snmp is missing from luci 832183 - Luci is missing configuration of ssl for fence_ilo 832185 - Luci cannot configure the "identity_file" attribute for fence_ilo_mp 835649 - luci uninstall will leave /var/lib/luci/var/pts and /usr/lib*/luci/zope/var/pts behind 839732 - Conga Add a Service Screen is Missing Option for Restart-Disable Recovery Policy 6. Package List: RHEL Clustering (v. 5 server): Source: i386: conga-debuginfo-0.12.2-64.el5.i386.rpm luci-0.12.2-64.el5.i386.rpm ricci-0.12.2-64.el5.i386.rpm ia64: conga-debuginfo-0.12.2-64.el5.ia64.rpm luci-0.12.2-64.el5.ia64.rpm ricci-0.12.2-64.el5.ia64.rpm ppc: conga-debuginfo-0.12.2-64.el5.ppc.rpm luci-0.12.2-64.el5.ppc.rpm ricci-0.12.2-64.el5.ppc.rpm x86_64: conga-debuginfo-0.12.2-64.el5.x86_64.rpm luci-0.12.2-64.el5.x86_64.rpm ricci-0.12.2-64.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7.References: https://access.redhat.com/security/cve/CVE-2012-3359 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. . Latest conga updates deliver crucial improvements and fixes for Red Hat Enterprise Linux, targeting security vulnerabilities.. Conga Update, Linux Security Fixes, Red Hat Enhancements. . Severity: Low. LinuxSecurity.com Team

Calendar 2 Jan 08, 2013 Low Red Hat
Banner 2 1028x280 1708121730 1 1771599631
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorymoderatered hat

Red Hat Enterprise Linux 5: RHSA-2010:0155-01 Moderate: TLS Session Attack

Updated java-1.4.2-ibm packages that fix one security issue and a bug are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Moderate: java-1.4.2-ibm security and bug fix update Advisory ID: RHSA-2010:0155-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://access.redhat.com/errata/RHSA-2010:0155.html Issue date: 2010-03-17 CVE Names: CVE-2009-3555 ==================================================================== 1. Summary: Updated java-1.4.2-ibm packages that fix one security issue and a bug are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Desktop version 3 Extras - i386, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 3 Extras - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 Extras - i386, ia64, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 Extras - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, ia64, x86_64 3. Description: The IBM 1.4.2 SR13-FP4 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. A flaw was found in the way the TLS/SSL(Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session (for example, an HTTPS connection to a website). This could force the server to process an attacker's request as if authenticated using the victim's credentials. (CVE-2009-3555) This update disables renegotiation in the non-default IBM JSSE2 provider for the Java Secure Socket Extension (JSSE) component. The default JSSE provider is not updated with this fix. Refer to the IBMJSSE2 Provider Reference Guide, linked to in the References, for instructions on how to configure the IBM Java 2 Runtime Environment to use the JSSE2 provider by default. When using the JSSE2 provider, unsafe renegotiation can be re-enabled using the com.ibm.jsse2.renegotiate property. Refer to the following Knowledgebase article for details: This update also fixes the following bug: * the libjaasauth.so file was missing from the java-1.4.2-ibm packages for the Intel Itanium architecture (.ia64.rpm). This update adds the file to the packages for the Itanium architecture, which resolves this issue. (BZ#572577) All users of java-1.4.2-ibm are advised to upgrade to these updated packages, which contain the IBM 1.4.2 SR13-FP4 Java release. All running instances of IBM Java must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 533125 - CVE-2009-3555 TLS: MITM attacks via session renegotiation 6. Package List: Red Hat Enterprise Linux AS version 3Extras: i386: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el3.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el3.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el3.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.4-1jpp.1.el3.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.4-1jpp.1.el3.i386.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el3.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el3.ia64.rpm ppc: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el3.ppc.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el3.ppc.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el3.ppc.rpm java-1.4.2-ibm-jdbc-1.4.2.13.4-1jpp.1.el3.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el3.ppc.rpm s390: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el3.s390.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el3.s390.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el3.s390.rpm java-1.4.2-ibm-jdbc-1.4.2.13.4-1jpp.1.el3.s390.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el3.s390.rpm s390x: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el3.s390x.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el3.s390x.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el3.s390x.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el3.s390x.rpm x86_64: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el3.x86_64.rpm Red Hat Desktop version 3 Extras: i386: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el3.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el3.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el3.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.4-1jpp.1.el3.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.4-1jpp.1.el3.i386.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el3.i386.rpm x86_64: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el3.x86_64.rpm Red Hat Enterprise LinuxES version 3 Extras: i386: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el3.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el3.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el3.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.4-1jpp.1.el3.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.4-1jpp.1.el3.i386.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el3.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el3.ia64.rpm x86_64: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el3.x86_64.rpm Red Hat Enterprise Linux WS version 3 Extras: i386: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el3.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el3.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el3.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.4-1jpp.1.el3.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.4-1jpp.1.el3.i386.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el3.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el3.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el3.ia64.rpm x86_64: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el3.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el3.x86_64.rpm Red Hat Enterprise Linux AS version 4Extras: i386: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el4.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el4.ia64.rpm ppc: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el4.ppc64.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el4.ppc64.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el4.ppc64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.4-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-javacomm-1.4.2.13.4-1jpp.1.el4.ppc64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.4-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el4.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el4.ppc64.rpm s390: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el4.s390.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el4.s390.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el4.s390.rpm java-1.4.2-ibm-jdbc-1.4.2.13.4-1jpp.1.el4.s390.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el4.s390.rpm s390x: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el4.s390x.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el4.s390x.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el4.s390x.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el4.s390x.rpm x86_64: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.4-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el4.x86_64.rpm Red Hat Desktop version 4Extras: i386: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el4.i386.rpm x86_64: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.4-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el4.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el4.ia64.rpm x86_64: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.4-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4Extras: i386: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.4-1jpp.1.el4.i386.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el4.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el4.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el4.ia64.rpm x86_64: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.4-1jpp.1.el4.x86_64.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el4.x86_64.rpm RHEL Desktop Supplementary (v. 5 client): i386: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el5.i386.rpm x86_64: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.4-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el5.x86_64.rpm RHEL Supplementary (v. 5server): i386: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-jdbc-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el5.i386.rpm ia64: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el5.ia64.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el5.ia64.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el5.ia64.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el5.ia64.rpm ppc: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el5.ppc64.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el5.ppc64.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el5.ppc64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.4-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-javacomm-1.4.2.13.4-1jpp.1.el5.ppc64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.4-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el5.ppc.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el5.ppc64.rpm s390x: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el5.s390.rpm java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el5.s390x.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el5.s390.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el5.s390x.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el5.s390.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el5.s390x.rpm java-1.4.2-ibm-jdbc-1.4.2.13.4-1jpp.1.el5.s390.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el5.s390.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el5.s390x.rpm x86_64: java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-1.4.2.13.4-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-demo-1.4.2.13.4-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-devel-1.4.2.13.4-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-javacomm-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-javacomm-1.4.2.13.4-1jpp.1.el5.x86_64.rpm java-1.4.2-ibm-jdbc-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-plugin-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el5.i386.rpm java-1.4.2-ibm-src-1.4.2.13.4-1jpp.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2009-3555 https://access.redhat.com/security/updates/classification#moderate https://www.ibm.com/support/pages/java-sdk/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2010 Red Hat, Inc. . Cautionary Ubuntu notice regarding java-1.4.2-oracle security patch tackling SSL connection vulnerabilities and additional bugs. Update suggested.. Java Security Update, Red Hat Security, TLS Renegotiation Fix, Java 1.4.2 Advisory. . LinuxSecurity.com Team

Calendar 2 Mar 17, 2010 Red Hat
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorymoderateupdate

Red Hat Enterprise Linux 3 & 5 RHSA-2009:1579-02 Moderate: Session Attack

Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: httpd security update Advisory ID: RHSA-2009:1579-02 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2009:1579.html Issue date: 2009-11-11 CVE Names: CVE-2009-3094 CVE-2009-3095 CVE-2009-3555 ==================================================================== 1. Summary: Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Description: The Apache HTTP Server is a popular Web server. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session (for example, an HTTPS connection to a website). This could force the server to process an attacker's request as if authenticated using the victim's credentials. This update partially mitigates this flaw for SSL sessions to HTTP servers using mod_ssl by rejecting client-requested renegotiation.(CVE-2009-3555) Note: This update does not fully resolve the issue for HTTPS servers. An attack is still possible in configurations that require a server-initiated renegotiation. Refer to the following Knowledgebase article for further information: A NULL pointer dereference flaw was found in the Apache mod_proxy_ftp module. A malicious FTP server to which requests are being proxied could use this flaw to crash an httpd child process via a malformed reply to the EPSV or PASV commands, resulting in a limited denial of service. (CVE-2009-3094) A second flaw was found in the Apache mod_proxy_ftp module. In a reverse proxy configuration, a remote attacker could use this flaw to bypass intended access restrictions by creating a carefully-crafted HTTP Authorization header, allowing the attacker to send arbitrary commands to the FTP server. (CVE-2009-3095) All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 521619 - CVE-2009-3094 httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply 522209 - CVE-2009-3095 httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header 533125 - CVE-2009-3555 TLS: MITM attacks via session renegotiation 6. Package List: Red Hat Enterprise Linux AS version3: Source: i386: httpd-2.0.46-77.ent.i386.rpm httpd-debuginfo-2.0.46-77.ent.i386.rpm httpd-devel-2.0.46-77.ent.i386.rpm mod_ssl-2.0.46-77.ent.i386.rpm ia64: httpd-2.0.46-77.ent.ia64.rpm httpd-debuginfo-2.0.46-77.ent.ia64.rpm httpd-devel-2.0.46-77.ent.ia64.rpm mod_ssl-2.0.46-77.ent.ia64.rpm ppc: httpd-2.0.46-77.ent.ppc.rpm httpd-debuginfo-2.0.46-77.ent.ppc.rpm httpd-devel-2.0.46-77.ent.ppc.rpm mod_ssl-2.0.46-77.ent.ppc.rpm s390: httpd-2.0.46-77.ent.s390.rpm httpd-debuginfo-2.0.46-77.ent.s390.rpm httpd-devel-2.0.46-77.ent.s390.rpm mod_ssl-2.0.46-77.ent.s390.rpm s390x: httpd-2.0.46-77.ent.s390x.rpm httpd-debuginfo-2.0.46-77.ent.s390x.rpm httpd-devel-2.0.46-77.ent.s390x.rpm mod_ssl-2.0.46-77.ent.s390x.rpm x86_64: httpd-2.0.46-77.ent.x86_64.rpm httpd-debuginfo-2.0.46-77.ent.x86_64.rpm httpd-devel-2.0.46-77.ent.x86_64.rpm mod_ssl-2.0.46-77.ent.x86_64.rpm Red Hat Desktop version 3: Source: i386: httpd-2.0.46-77.ent.i386.rpm httpd-debuginfo-2.0.46-77.ent.i386.rpm httpd-devel-2.0.46-77.ent.i386.rpm mod_ssl-2.0.46-77.ent.i386.rpm x86_64: httpd-2.0.46-77.ent.x86_64.rpm httpd-debuginfo-2.0.46-77.ent.x86_64.rpm httpd-devel-2.0.46-77.ent.x86_64.rpm mod_ssl-2.0.46-77.ent.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: i386: httpd-2.0.46-77.ent.i386.rpm httpd-debuginfo-2.0.46-77.ent.i386.rpm httpd-devel-2.0.46-77.ent.i386.rpm mod_ssl-2.0.46-77.ent.i386.rpm ia64: httpd-2.0.46-77.ent.ia64.rpm httpd-debuginfo-2.0.46-77.ent.ia64.rpm httpd-devel-2.0.46-77.ent.ia64.rpm mod_ssl-2.0.46-77.ent.ia64.rpm x86_64: httpd-2.0.46-77.ent.x86_64.rpm httpd-debuginfo-2.0.46-77.ent.x86_64.rpm httpd-devel-2.0.46-77.ent.x86_64.rpm mod_ssl-2.0.46-77.ent.x86_64.rpm Red Hat Enterprise Linux WS version3: Source: i386: httpd-2.0.46-77.ent.i386.rpm httpd-debuginfo-2.0.46-77.ent.i386.rpm httpd-devel-2.0.46-77.ent.i386.rpm mod_ssl-2.0.46-77.ent.i386.rpm ia64: httpd-2.0.46-77.ent.ia64.rpm httpd-debuginfo-2.0.46-77.ent.ia64.rpm httpd-devel-2.0.46-77.ent.ia64.rpm mod_ssl-2.0.46-77.ent.ia64.rpm x86_64: httpd-2.0.46-77.ent.x86_64.rpm httpd-debuginfo-2.0.46-77.ent.x86_64.rpm httpd-devel-2.0.46-77.ent.x86_64.rpm mod_ssl-2.0.46-77.ent.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: httpd-2.2.3-31.el5_4.2.i386.rpm httpd-debuginfo-2.2.3-31.el5_4.2.i386.rpm mod_ssl-2.2.3-31.el5_4.2.i386.rpm x86_64: httpd-2.2.3-31.el5_4.2.x86_64.rpm httpd-debuginfo-2.2.3-31.el5_4.2.x86_64.rpm mod_ssl-2.2.3-31.el5_4.2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: i386: httpd-debuginfo-2.2.3-31.el5_4.2.i386.rpm httpd-devel-2.2.3-31.el5_4.2.i386.rpm httpd-manual-2.2.3-31.el5_4.2.i386.rpm x86_64: httpd-debuginfo-2.2.3-31.el5_4.2.i386.rpm httpd-debuginfo-2.2.3-31.el5_4.2.x86_64.rpm httpd-devel-2.2.3-31.el5_4.2.i386.rpm httpd-devel-2.2.3-31.el5_4.2.x86_64.rpm httpd-manual-2.2.3-31.el5_4.2.x86_64.rpm Red Hat Enterprise Linux (v. 5server): Source: i386: httpd-2.2.3-31.el5_4.2.i386.rpm httpd-debuginfo-2.2.3-31.el5_4.2.i386.rpm httpd-devel-2.2.3-31.el5_4.2.i386.rpm httpd-manual-2.2.3-31.el5_4.2.i386.rpm mod_ssl-2.2.3-31.el5_4.2.i386.rpm ia64: httpd-2.2.3-31.el5_4.2.ia64.rpm httpd-debuginfo-2.2.3-31.el5_4.2.ia64.rpm httpd-devel-2.2.3-31.el5_4.2.ia64.rpm httpd-manual-2.2.3-31.el5_4.2.ia64.rpm mod_ssl-2.2.3-31.el5_4.2.ia64.rpm ppc: httpd-2.2.3-31.el5_4.2.ppc.rpm httpd-debuginfo-2.2.3-31.el5_4.2.ppc.rpm httpd-debuginfo-2.2.3-31.el5_4.2.ppc64.rpm httpd-devel-2.2.3-31.el5_4.2.ppc.rpm httpd-devel-2.2.3-31.el5_4.2.ppc64.rpm httpd-manual-2.2.3-31.el5_4.2.ppc.rpm mod_ssl-2.2.3-31.el5_4.2.ppc.rpm s390x: httpd-2.2.3-31.el5_4.2.s390x.rpm httpd-debuginfo-2.2.3-31.el5_4.2.s390.rpm httpd-debuginfo-2.2.3-31.el5_4.2.s390x.rpm httpd-devel-2.2.3-31.el5_4.2.s390.rpm httpd-devel-2.2.3-31.el5_4.2.s390x.rpm httpd-manual-2.2.3-31.el5_4.2.s390x.rpm mod_ssl-2.2.3-31.el5_4.2.s390x.rpm x86_64: httpd-2.2.3-31.el5_4.2.x86_64.rpm httpd-debuginfo-2.2.3-31.el5_4.2.i386.rpm httpd-debuginfo-2.2.3-31.el5_4.2.x86_64.rpm httpd-devel-2.2.3-31.el5_4.2.i386.rpm httpd-devel-2.2.3-31.el5_4.2.x86_64.rpm httpd-manual-2.2.3-31.el5_4.2.x86_64.rpm mod_ssl-2.2.3-31.el5_4.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CVE-2009-3094 https://www.cve.org/CVERecord?id=CVE-2009-3095 https://www.cve.org/CVERecord?id=CVE-2009-3555 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFK+zb/XlSAg2UNWIIRAmwYAKC0f8RduYXFgbsf6oC7QCyjT2bvRACff3ty zuZc7hPPvh0QopUIr2V974o=Go9J -----END PGP SIGNATURE----- -- Enterprise-watch-list mailinglist This email address is being protected from spambots. You need JavaScript enabled to view it. . Addresses various vulnerabilities in httpd for Red Hat Enterprise, assessed as moderate by the Red Hat Security Team.. httpd Security, Red Hat Updates, Security Patch. . LinuxSecurity.com Team

Calendar 2 Nov 11, 2009 Red Hat
Banner 2 1028x280 1708121730 1 1771599631
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisoryremote code executionUbuntu

Ubuntu: USN-536-1 Moderate: Exploitable Thunderbird Code Execution

Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user's privileges. (CVE-2007-5339, . =========================================================== Ubuntu Security Notice USN-536-1 October 23, 2007 mozilla-thunderbird, thunderbird vulnerabilities CVE-2006-2894, CVE-2007-1095, CVE-2007-2292, CVE-2007-3511, CVE-2007-5334, CVE-2007-5337, CVE-2007-5338, CVE-2007-5339, CVE-2007-5340 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: mozilla-thunderbird 1.5.0.13+1.5.0.14b-0ubuntu0.6.06 Ubuntu 6.10: mozilla-thunderbird 1.5.0.13+1.5.0.14b-0ubuntu0.6.10 Ubuntu 7.04: mozilla-thunderbird 1.5.0.13+1.5.0.14b-0ubuntu0.7.04 Ubuntu 7.10: mozilla-thunderbird 2.0.0.8~pre071022+nobinonly-0ubuntu0.7.10 After a standard system upgrade you need to restart Thunderbird to affect the necessary changes. Details follow: Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user's privileges. (CVE-2007-5339, CVE-2007-5340) Flaws were discovered in the file upload form control. By tricking a user into opening a malicious web page, an attacker could force arbitrary files from the user's computer to be uploaded without their consent. (CVE-2006-2894, CVE-2007-3511) Michal Zalewski discovered that the onUnload event handlers were incorrectly able to access information outside the old page content. A malicious web site could exploit this to modify the contents, or stealconfidential data (such as passwords), of the next loaded web page. (CVE-2007-1095) Stefano Di Paola discovered that Thunderbird did not correctly request Digest Authentications. A malicious web site could exploit this to inject arbitrary HTTP headers or perform session splitting attacks against proxies. (CVE-2007-2292) Eli Friedman discovered that XUL could be used to hide a window's titlebar. A malicious web site could exploit this to enhance their attempts at creating phishing web sites. (CVE-2007-5334) Georgi Guninski discovered that Thunderbird would allow file-system based web pages to access additional files. By tricking a user into opening a malicious web page from a gnome-vfs location, an attacker could steal arbitrary files from the user's computer. (CVE-2007-5337) It was discovered that the XPCNativeWrappers were not safe in certain situations. By tricking a user into opening a malicious web page, an attacker could run arbitrary JavaScript with the user's privileges. (CVE-2007-5338) Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it. Updated packages for Ubuntu 6.06 LTS: Source archives: Size/MD5: 455375 faa09532449603dddf8f08ab675d1b28 Size/MD5: 1633 716dc01b46f55b7045db497ecf871874 Size/MD5: 37228621 d17ccd750ecbb20cb3413a76d3b9aae9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 3589076 51438f61eae1815349044e7cfc4dd664 Size/MD5: 194480 1470536e4f9b3bbcf92b956c68ab4d8e Size/MD5: 59714 db759c01b3f5ecdb496d719db147ec74 Size/MD5: 12101388 21d24eb29519199dc19cedf9bca46eb6 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 3581470 e17577b8af7238161c7831e1ecfecc5a Size/MD5: 187860 cc5dd9051e827a8eeb874dc0519d44a7 Size/MD5: 55236 882bd94d3e51324668a541794a9689d3 Size/MD5: 10377152 edcf5e8407c40cbc27b62d98db297aac powerpc architecture (AppleMacintosh G3/G4/G5): Size/MD5: 3587070 adbd64b3bb6f85203d4b075c5304ccfa Size/MD5: 191194 41408b0d34b0bd0a1b919ea7af516b63 Size/MD5: 58828 9451eccd032a26b915214e5e644f3d54 Size/MD5: 11654878 8973a98920d27c367cdffeeeed2c07ac sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 3583334 57003876e1b00085ff70ed60f4d8450c Size/MD5: 188650 3c42ca5fd35b149d8f02832c5cdc1bb6 Size/MD5: 56726 ae5f8045618af4b30ba64d539554eec7 Size/MD5: 10850460 0d23999e44719bfda650855aa0abda4b Updated packages for Ubuntu 6.10: Source archives: Size/MD5: 456289 fbff6f4a38782775d86001752db48e79 Size/MD5: 1631 8ed4674213d59fa99f7659b6d80368a0 Size/MD5: 37228621 d17ccd750ecbb20cb3413a76d3b9aae9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 3588932 45bf673232ae2168d251257c2834ecbc Size/MD5: 194632 e37ccf86d3fcd9f29d08f2f204520d8b Size/MD5: 59750 9dd3e401e0861bec20513f4999ff9c9c Size/MD5: 12099034 811de96627c75c24bc018e6c6a3216e2 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 3585342 77c28d7972ce69adc29aee2397ff290f Size/MD5: 189282 1a40dc4fd814d0e0b1cac4f4bbfb5c0c Size/MD5: 56374 2905363391284cd15372c561afa58c84 Size/MD5: 10835860 1d5f09005f41d82b1fc8de6bbbbc704e powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 3587416 4fb0627eb34ede9cdef222ac6922f864 Size/MD5: 191710 e861aa2ac24b002c3d8d09d92361b479 Size/MD5: 59456 e7730e5281e7a1497dc7acc33cbafbd7 Size/MD5: 11786868 5d30ff59c7a79180e44ceede748cfe2b sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 3583440 ba60a3479ae70b4676bd4b6dd0969550 Size/MD5: 189126 f341629f11ab148821df03bfb9040776 Size/MD5: 56804 94062fed37c885f973f5b88bc1f8ff32 Size/MD5: 110513944abf064bc37a5fc70cccbe2a151fef43 Updated packages for Ubuntu 7.04: Source archives: Size/MD5: 126869 8dc57ffb89831b4dc66c4f051aa57f95 Size/MD5: 1631 c7f6fce58ec18bb5723778b59178bc7a Size/MD5: 37228621 d17ccd750ecbb20cb3413a76d3b9aae9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 3589658 27b9d5fdce9cfe126752bd7859e8308a Size/MD5: 195102 2fea377df032d8ce1c930a5e954748e6 Size/MD5: 60238 755f612bbb949646e750d1618924d02d Size/MD5: 12192262 a1568e41e6dbff1116aceb7c67fe9158 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 3586226 a2cb8a7f7d47c7c5f0f56d2c212cc12f Size/MD5: 189754 fba57a9700197d65dcc3699d1ed037f2 Size/MD5: 56852 116efc9a033f033f270654fe3b23ea3b Size/MD5: 10922872 75967a89ffbd394a0273d03705b48301 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 3590366 a0683d32f537dba7e0a4377ebd403e59 Size/MD5: 193248 a6428c169a03e2546a8d7fa9995a099a Size/MD5: 60234 1dec455cf1e883cdb37ea1568c6fb8e6 Size/MD5: 12138012 34e24e0295304b4a8df6f0a2cdc63213 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 3585084 53d581a08ada5f8f64947c1d36a468c4 Size/MD5: 189580 3b4486fd86b0b30328ba510b062f3447 Size/MD5: 57290 0cded8c0cf68745a01124184a1b2687e Size/MD5: 11152460 1fc1f96a648a553ee45affa8eedd7885 Updated packages for Ubuntu 7.10: Source archives: Size/MD5: 125259 4f889da5270b094f4ddb87561be82d37 Size/MD5: 1856 3c1acdf646f5a9d1f081ad01022cff2b Size/MD5: 35014336 23abe29e46bad10f874cfbc8380db2ef Architecture independent packages: Size/MD5: 59810 d2c94c734ce828be7d96423b755075fd Size/MD5: 59796 ff876515c1b37974d15c292bd5fd5eb8 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 3770448a931fcffe4748f8807a14f27de636958 Size/MD5: 84916 9fd78bd9ae0447e0b6306dd8edf37015 Size/MD5: 12390206 88606b14790bd6b2fa5acf6ef90aab99 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 3759064 2923f86da6f4d86baec8dde4293618b0 Size/MD5: 80272 f27201c2d4becd2326e07cae825d547a Size/MD5: 10964382 4bff0c2913d6dcbaadb730701de18f08 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 3773776 f22345e3f7838c96077a703d9c087bc6 Size/MD5: 83268 5e83d783ce3175956186722d45544eee Size/MD5: 12237922 21afdb04b647c76f3c2474adce0fd1a6 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 3755566 9491b1ae1db67968ba94075284708b66 Size/MD5: 79672 00eecd245a7667c985135a2c53aa9f9c Size/MD5: 11233884 8652b25a70b2844be0ab3aa5f3480cb6 . Investigate vulnerabilities in Thunderbird highlighted in USN-536-1, resulting in possible execution of harmful code on users' devices.. Thunderbird Vulnerabilities, Ubuntu Security Notice, Remote Code Execution, Security Patch. . LinuxSecurity.com Team

Calendar 2 Oct 23, 2007 Ubuntu
200
Ls Advisories Scientific Esm H240
Price Tag 1security advisorydenial of serviceremote code execution

Scientific Linux: PHP Security Update Affects Remote Code Execution

Moderate: php security update. Date: Wed, 26 Sep 2007 14:38:42 -0500 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA for php on SL3,x i386/x86_64 Comments: To: This email address is being protected from spambots. You need JavaScript enabled to view it. Synopsis: Moderate: php security update Issue date: 2007-09-26 CVE Names: CVE-2007-2509 CVE-2007-2756 CVE-2007-2872 CVE-2007-3799 CVE-2007-3996 CVE-2007-3998 CVE-2007-4658 CVE-2007-4670 Various integer overflow flaws were found in the PHP gd extension script that could be forced to resize images from an untrusted source, possibly allowing a remote attacker to execute arbitrary code as the apache user. (CVE-2007-3996) An integer overflow flaw was found in the PHP chunk_split function. If a remote attacker was able to pass arbitrary data to the third argument of chunk_split they could possibly execute arbitrary code as the apache user. Note that it is unusual for a PHP script to use the chunk_split function with a user-supplied third argument. (CVE-2007-2872) A previous security update introduced a bug into PHP session cookie handling. This could allow an attacker to stop a victim from viewing a vulnerable web site if the victim has first visited a malicious web page under the control of the attacker, and that page can set a cookie for the vulnerable web site. (CVE-2007-4670) A flaw was found in the PHP money_format function. If a remote attacker was able to pass arbitrary data to the money_format function this could possibly result in an information leak or denial of service. Note that it is unusual for a PHP script to pass user-supplied data to the money_format function. (CVE-2007-4658) A flaw was found in the PHP wordwrap function. If a remote attacker was able to pass arbitrary data to the wordwrap function this could possibly result in a denial of service. (CVE-2007-3998) A bug was found in PHP session cookie handling. This could allow an attacker to create a cross-site cookie insertion attack if a victim follows an untrustedcarefully-crafted URL. (CVE-2007-3799) An infinite-loop flaw was discovered in the PHP gd extension. A script that could be forced to process PNG images from an untrusted source could allow a remote attacker to cause a denial of service. (CVE-2007-2756) A flaw was found in the PHP "ftp" extension. If a PHP script used this extension to provide access to a private FTP server, and passed untrusted script input directly to any function provided by this extension, a remote attacker would be able to send arbitrary FTP commands to the server. (CVE-2007-2509) SL 3.0.x SRPMS: php-4.3.2-43.ent.src.rpm i386: php-4.3.2-43.ent.i386.rpm php-devel-4.3.2-43.ent.i386.rpm php-imap-4.3.2-43.ent.i386.rpm php-ldap-4.3.2-43.ent.i386.rpm php-mysql-4.3.2-43.ent.i386.rpm php-odbc-4.3.2-43.ent.i386.rpm php-pgsql-4.3.2-43.ent.i386.rpm x86_64: php-4.3.2-43.ent.x86_64.rpm php-devel-4.3.2-43.ent.x86_64.rpm php-imap-4.3.2-43.ent.x86_64.rpm php-ldap-4.3.2-43.ent.x86_64.rpm php-mysql-4.3.2-43.ent.x86_64.rpm php-odbc-4.3.2-43.ent.x86_64.rpm php-pgsql-4.3.2-43.ent.x86_64.rpm -Connie Sieh -Troy Dawson . A recent PHP security patch for Scientific Linux addresses multiple vulnerabilities related to code execution and denial of service.. php security, Scientific Linux, remote code execution, denial of service, security update. . LinuxSecurity.com Team

Calendar 2 Sep 26, 2007 Scientific Linux
Banner 2 1028x280 1708121730 1 1771599631
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here