Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
100
security advisorymoderatenginxopenSUSE: nginx Moderate Session Leak Auth Bypass CVE-2025-23419
* bsc#1236851 * bsc#1248070 Cross-References: * CVE-2025-23419 . # Security update for nginx Announcement ID: SUSE-SU-2025:03243-1 Release Date: 2025-09-17T10:24:11Z Rating: moderate References: * bsc#1236851 * bsc#1248070 Cross-References: * CVE-2025-23419 * CVE-2025-53859 CVSS scores: * CVE-2025-23419 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-23419 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2025-23419 ( NVD ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-23419 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2025-53859 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-53859 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2025-53859 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-53859 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: * openSUSE Leap 15.4 An update that solves two vulnerabilities can now be installed. ## Description: This update for nginx fixes the following issues: * CVE-2025-53859: the server side may leak arbitrary bytes during the NGINX SMTP authentication process (bsc#1248070). * CVE-2025-23419: session resumption can bypass client certificate authentication requirements using TLSv1.3 (bsc#1236851). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_updateor "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-3243=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * nginx-debugsource-1.21.5-150400.3.12.1 * nginx-debuginfo-1.21.5-150400.3.12.1 * nginx-1.21.5-150400.3.12.1 * openSUSE Leap 15.4 (noarch) * nginx-source-1.21.5-150400.3.12.1 ## References: * https://www.suse.com/security/cve/CVE-2025-23419.html * https://www.suse.com/security/cve/CVE-2025-53859.html * https://bugzilla.suse.com/show_bug.cgi?id=1236851 * https://bugzilla.suse.com/show_bug.cgi?id=1248070 . An update has been released to fix a session leak and critical TLS authentication bypass vulnerability in nginx on openSUSE, vital for user security and deployment reliability. openSUSE security, nginx update, TLS issues, session leak. . LinuxSecurity.com Team
Sep 17, 2025
SuSE
89
security advisoryupdateFedoraFedora 33: CAB5C9BEF High: Curl TLS Session Leak And Credential Fix
- fix TLS 1.3 session ticket proxy host mixup (CVE-2021-22890) - prevent automatic referer from leaking credentials (CVE-2021-22876). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-cab5c9befb 2021-04-04 01:07:36.552529 --------------------------------------------------------------------------------Name : curl Product : Fedora 33 Version : 7.71.1 Release : 9.fc33 URL : https://curl.se/ Summary : A utility for getting files from remote servers (FTP, HTTP, and others) Description : curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. --------------------------------------------------------------------------------Update Information: - fix TLS 1.3 session ticket proxy host mixup (CVE-2021-22890) - prevent automatic referer from leaking credentials (CVE-2021-22876) --------------------------------------------------------------------------------ChangeLog: * Wed Mar 31 2021 Kamil Dudka - 7.71.1-9 - fix TLS 1.3 session ticket proxy host mixup (CVE-2021-22890) - prevent automatic referer from leaking credentials (CVE-2021-22876) --------------------------------------------------------------------------------References: [ 1 ] Bug #1945058 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1945058 [ 2 ] Bug #1945059 - CVE-2021-22890 curl: TLS 1.3 session ticket mix-up with HTTPS proxy host [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1945059 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-cab5c9befb' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Apr 03, 2021
Fedora
98
security advisoryred hatcriticalRed Hat: RHSA-2014:1852-01 Critical: Flash-Plugin Session Leak
An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:1852-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2014:1852.html Issue date: 2014-11-13 CVE Names: CVE-2014-0573 CVE-2014-0574 CVE-2014-0576 CVE-2014-0577 CVE-2014-0581 CVE-2014-0582 CVE-2014-0584 CVE-2014-0585 CVE-2014-0586 CVE-2014-0588 CVE-2014-0589 CVE-2014-0590 CVE-2014-8437 CVE-2014-8438 CVE-2014-8440 CVE-2014-8441 ==================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains aMozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-24, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2014-0573, CVE-2014-0574, CVE-2014-0576, CVE-2014-0577, CVE-2014-0581, CVE-2014-0582, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, CVE-2014-0588, CVE-2014-0589, CVE-2014-0590, CVE-2014-8438, CVE-2014-8440, CVE-2014-8441) This update also fixes an information disclosure flaw in flash-plugin that could allow a remote attacker to obtain a victim's session cookie. (CVE-2014-8437) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.418. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1162911 - flash-plugin: multiple code execution flaws (APSB14-24) 1162912 - CVE-2014-8437 flash-plugin: information disclosure leading to session token leak (APSB14-24) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.418-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.418-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.418-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.418-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v.6): i386: flash-plugin-11.2.202.418-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.418-1.el6.i686.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: flash-plugin-11.2.202.418-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.418-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.418-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.418-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.418-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2014-0573 https://access.redhat.com/security/cve/CVE-2014-0574 https://access.redhat.com/security/cve/CVE-2014-0576 https://access.redhat.com/security/cve/CVE-2014-0577 https://access.redhat.com/security/cve/CVE-2014-0581 https://access.redhat.com/security/cve/CVE-2014-0582 https://access.redhat.com/security/cve/CVE-2014-0584 https://access.redhat.com/security/cve/CVE-2014-0585 https://access.redhat.com/security/cve/CVE-2014-0586 https://access.redhat.com/security/cve/CVE-2014-0588 https://access.redhat.com/security/cve/CVE-2014-0589 https://access.redhat.com/security/cve/CVE-2014-0590 https://access.redhat.com/security/cve/CVE-2014-8437 https://access.redhat.com/security/cve/CVE-2014-8438 https://access.redhat.com/security/cve/CVE-2014-8440 https://access.redhat.com/security/cve/CVE-2014-8441 https://access.redhat.com/security/updates/classification#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUY/m4XlSAg2UNWIIRAnucAJ9FEEr9ZDeoe7/BF77dhXKgzSPf1wCgkdhn 8zFraVcUPA+vpzzYwVjX5LE=L7wt -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Nov 13, 2014
•Critical
Red Hat
98
security advisorysecurity issueRed HatRed Hat Application Stack: RHSA-2008:0582-01 Moderate PHP Session Leak
Updated PHP packages that fix several security issues are now available for Red Hat Application Stack v1. This update has been rated as having moderate security impact by the Red Hat Security Response Team.. ==================================================================== Red Hat Security Advisory Synopsis: Moderate: php security update Advisory ID: RHSA-2008:0582-01 Product: Red Hat Application Stack Advisory URL: https://access.redhat.com/errata/RHSA-2008:0582.html Issue date: 2008-07-22 CVE Names: CVE-2008-2051 CVE-2007-5898 CVE-2007-5899 CVE-2007-4782 CVE-2008-2107 CVE-2008-2108 ==================================================================== 1. Summary: Updated PHP packages that fix several security issues are now available for Red Hat Application Stack v1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Application Stack v1 for Enterprise Linux AS (v.4) - i386, x86_64 Red Hat Application Stack v1 for Enterprise Linux ES (v.4) - i386, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. It was discovered that the PHP escapeshellcmd() function did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions imposed by escapeshellcmd() and execute arbitrary commands if the PHP script was using certain locales. Scripts using the default UTF-8 locale are not affected by this issue. (CVE-2008-2051) PHP functions htmlentities() and htmlspecialchars() did not properly recognize partial multi-byte sequences. Certain sequences of bytes could be passed through these functions without being correctly HTML-escaped. Depending on the browser being used, an attacker could use this flaw to conduct cross-site scripting attacks.(CVE-2007-5898) A PHP script which used the transparent session ID configuration option, or which used the output_add_rewrite_var() function, could leak session identifiers to external web sites. If a page included an HTML form with an ACTION attribute referencing a non-local URL, the user's session ID would be included in the form data passed to that URL. (CVE-2007-5899) It was discovered that PHP fnmatch() function did not restrict the length of the string argument. An attacker could use this flaw to crash the PHP interpreter where a script used fnmatch() on untrusted input data. (CVE-2007-4782) It was discovered that PHP did not properly seed its pseudo-random number generator used by functions such as rand() and mt_rand(), possibly allowing an attacker to easily predict the generated pseudo-random values. (CVE-2008-2107, CVE-2008-2108) Users of PHP should upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 285881 - CVE-2007-4782 php crash in glob() and fnmatch() functions 382411 - CVE-2007-5898 php htmlentities/htmlspecialchars multibyte sequences 382431 - CVE-2007-5899 php session ID leakage 445006 - CVE-2008-2051 PHP multibyte shell escape flaw 445684 - CVE-2008-2107 PHP 32 bit weak random seed 445685 - CVE-2008-2108 PHP weak 64 bit random seed 6. Package List: Red Hat Application Stack v1 for Enterprise Linux AS(v.4): Source: i386: php-5.1.6-3.el4s1.10.i386.rpm php-bcmath-5.1.6-3.el4s1.10.i386.rpm php-cli-5.1.6-3.el4s1.10.i386.rpm php-common-5.1.6-3.el4s1.10.i386.rpm php-dba-5.1.6-3.el4s1.10.i386.rpm php-debuginfo-5.1.6-3.el4s1.10.i386.rpm php-devel-5.1.6-3.el4s1.10.i386.rpm php-gd-5.1.6-3.el4s1.10.i386.rpm php-imap-5.1.6-3.el4s1.10.i386.rpm php-ldap-5.1.6-3.el4s1.10.i386.rpm php-mbstring-5.1.6-3.el4s1.10.i386.rpm php-mysql-5.1.6-3.el4s1.10.i386.rpm php-ncurses-5.1.6-3.el4s1.10.i386.rpm php-odbc-5.1.6-3.el4s1.10.i386.rpm php-pdo-5.1.6-3.el4s1.10.i386.rpm php-pgsql-5.1.6-3.el4s1.10.i386.rpm php-snmp-5.1.6-3.el4s1.10.i386.rpm php-soap-5.1.6-3.el4s1.10.i386.rpm php-xml-5.1.6-3.el4s1.10.i386.rpm php-xmlrpc-5.1.6-3.el4s1.10.i386.rpm x86_64: php-5.1.6-3.el4s1.10.x86_64.rpm php-bcmath-5.1.6-3.el4s1.10.x86_64.rpm php-cli-5.1.6-3.el4s1.10.x86_64.rpm php-common-5.1.6-3.el4s1.10.x86_64.rpm php-dba-5.1.6-3.el4s1.10.x86_64.rpm php-debuginfo-5.1.6-3.el4s1.10.x86_64.rpm php-devel-5.1.6-3.el4s1.10.x86_64.rpm php-gd-5.1.6-3.el4s1.10.x86_64.rpm php-imap-5.1.6-3.el4s1.10.x86_64.rpm php-ldap-5.1.6-3.el4s1.10.x86_64.rpm php-mbstring-5.1.6-3.el4s1.10.x86_64.rpm php-mysql-5.1.6-3.el4s1.10.x86_64.rpm php-ncurses-5.1.6-3.el4s1.10.x86_64.rpm php-odbc-5.1.6-3.el4s1.10.x86_64.rpm php-pdo-5.1.6-3.el4s1.10.x86_64.rpm php-pgsql-5.1.6-3.el4s1.10.x86_64.rpm php-snmp-5.1.6-3.el4s1.10.x86_64.rpm php-soap-5.1.6-3.el4s1.10.x86_64.rpm php-xml-5.1.6-3.el4s1.10.x86_64.rpm php-xmlrpc-5.1.6-3.el4s1.10.x86_64.rpm Red Hat Application Stack v1 for Enterprise Linux ES(v.4): Source: i386: php-5.1.6-3.el4s1.10.i386.rpm php-bcmath-5.1.6-3.el4s1.10.i386.rpm php-cli-5.1.6-3.el4s1.10.i386.rpm php-common-5.1.6-3.el4s1.10.i386.rpm php-dba-5.1.6-3.el4s1.10.i386.rpm php-debuginfo-5.1.6-3.el4s1.10.i386.rpm php-devel-5.1.6-3.el4s1.10.i386.rpm php-gd-5.1.6-3.el4s1.10.i386.rpm php-imap-5.1.6-3.el4s1.10.i386.rpm php-ldap-5.1.6-3.el4s1.10.i386.rpm php-mbstring-5.1.6-3.el4s1.10.i386.rpm php-mysql-5.1.6-3.el4s1.10.i386.rpm php-ncurses-5.1.6-3.el4s1.10.i386.rpm php-odbc-5.1.6-3.el4s1.10.i386.rpm php-pdo-5.1.6-3.el4s1.10.i386.rpm php-pgsql-5.1.6-3.el4s1.10.i386.rpm php-snmp-5.1.6-3.el4s1.10.i386.rpm php-soap-5.1.6-3.el4s1.10.i386.rpm php-xml-5.1.6-3.el4s1.10.i386.rpm php-xmlrpc-5.1.6-3.el4s1.10.i386.rpm x86_64: php-5.1.6-3.el4s1.10.x86_64.rpm php-bcmath-5.1.6-3.el4s1.10.x86_64.rpm php-cli-5.1.6-3.el4s1.10.x86_64.rpm php-common-5.1.6-3.el4s1.10.x86_64.rpm php-dba-5.1.6-3.el4s1.10.x86_64.rpm php-debuginfo-5.1.6-3.el4s1.10.x86_64.rpm php-devel-5.1.6-3.el4s1.10.x86_64.rpm php-gd-5.1.6-3.el4s1.10.x86_64.rpm php-imap-5.1.6-3.el4s1.10.x86_64.rpm php-ldap-5.1.6-3.el4s1.10.x86_64.rpm php-mbstring-5.1.6-3.el4s1.10.x86_64.rpm php-mysql-5.1.6-3.el4s1.10.x86_64.rpm php-ncurses-5.1.6-3.el4s1.10.x86_64.rpm php-odbc-5.1.6-3.el4s1.10.x86_64.rpm php-pdo-5.1.6-3.el4s1.10.x86_64.rpm php-pgsql-5.1.6-3.el4s1.10.x86_64.rpm php-snmp-5.1.6-3.el4s1.10.x86_64.rpm php-soap-5.1.6-3.el4s1.10.x86_64.rpm php-xml-5.1.6-3.el4s1.10.x86_64.rpm php-xmlrpc-5.1.6-3.el4s1.10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7.References: https://www.cve.org/CVERecord?id=CVE-2008-2051 https://www.cve.org/CVERecord?id=CVE-2007-5898 https://www.cve.org/CVERecord?id=CVE-2007-5899 https://www.cve.org/CVERecord?id=CVE-2007-4782 https://www.cve.org/CVERecord?id=CVE-2008-2107 https://www.cve.org/CVERecord?id=CVE-2008-2108 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2008 Red Hat, Inc. . Recent PHP updates tackle various security vulnerabilities marked as moderate by Red Hat, bolstering the safety of web applications.. PHP Update, Red Hat Stack, Application Security, Session Protection, PHP Threats. . LinuxSecurity.com Team
Jul 22, 2008
Red Hat
200
security advisorybug fixphp updateScientific Linux: Moderate Risk Detected for PHP - CVE-2008-2051
Moderate: php security and bug fix update. Date: Wed, 16 Jul 2008 13:31:26 -0500 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA for php on SL4.x i386/x86_64 Comments: To: "
Jul 16, 2008
Scientific Linux
98
security advisorysecurity updatered hatRed Hat Enterprise Linux 4: RHSA-2008:0545-01 Moderate: PHP Update
Updated php packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team.. ==================================================================== Red Hat Security Advisory Synopsis: Moderate: php security and bug fix update Advisory ID: RHSA-2008:0545-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2008:0545.html Issue date: 2008-07-16 CVE Names: CVE-2008-2051 CVE-2007-5898 CVE-2007-5899 CVE-2007-4782 CVE-2008-2107 CVE-2008-2108 ==================================================================== 1. Summary: Updated php packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. It was discovered that the PHP escapeshellcmd() function did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions imposed by escapeshellcmd() and execute arbitrary commands if the PHP script was using certain locales. Scripts using the default UTF-8 locale are not affected by this issue. (CVE-2008-2051) The PHP functions htmlentities() and htmlspecialchars() did not properly recognize partial multi-byte sequences. Certain sequences of bytes could be passed through these functions without beingcorrectly HTML-escaped. Depending on the browser being used, an attacker could use this flaw to conduct cross-site scripting attacks. (CVE-2007-5898) A PHP script which used the transparent session ID configuration option, or which used the output_add_rewrite_var() function, could leak session identifiers to external web sites. If a page included an HTML form with an ACTION attribute referencing a non-local URL, the user's session ID would be included in the form data passed to that URL. (CVE-2007-5899) It was discovered that the PHP fnmatch() function did not restrict the length of the string argument. An attacker could use this flaw to crash the PHP interpreter where a script used fnmatch() on untrusted input data. (CVE-2007-4782) It was discovered that PHP did not properly seed its pseudo-random number generator used by functions such as rand() and mt_rand(), possibly allowing an attacker to easily predict the generated pseudo-random values. (CVE-2008-2107, CVE-2008-2108) As well, these updated packages fix the following bug: * after 2008-01-01, when using PEAR version 1.3.6 or older, it was not possible to use the PHP Extension and Application Repository (PEAR) to upgrade or install packages. In these updated packages, PEAR has been upgraded to version 1.4.9, which restores support for the current pear.php.net update server. The following changes were made to the PEAR packages included in php-pear: Console_Getopt and Archive_Tar are now included by default, and XML_RPC has been upgraded to version 1.5.0. All php users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 263501 - fix PEAR with currentpear.php.net server 285881 - CVE-2007-4782 php crash in glob() and fnmatch() functions 382411 - CVE-2007-5898 php htmlentities/htmlspecialchars multibyte sequences 382431 - CVE-2007-5899 php session ID leakage 445006 - CVE-2008-2051 PHP multibyte shell escape flaw 445684 - CVE-2008-2107 PHP 32 bit weak random seed 445685 - CVE-2008-2108 PHP weak 64 bit random seed 6. Package List: Red Hat Enterprise Linux AS version4: Source: i386: php-4.3.9-3.22.12.i386.rpm php-debuginfo-4.3.9-3.22.12.i386.rpm php-devel-4.3.9-3.22.12.i386.rpm php-domxml-4.3.9-3.22.12.i386.rpm php-gd-4.3.9-3.22.12.i386.rpm php-imap-4.3.9-3.22.12.i386.rpm php-ldap-4.3.9-3.22.12.i386.rpm php-mbstring-4.3.9-3.22.12.i386.rpm php-mysql-4.3.9-3.22.12.i386.rpm php-ncurses-4.3.9-3.22.12.i386.rpm php-odbc-4.3.9-3.22.12.i386.rpm php-pear-4.3.9-3.22.12.i386.rpm php-pgsql-4.3.9-3.22.12.i386.rpm php-snmp-4.3.9-3.22.12.i386.rpm php-xmlrpc-4.3.9-3.22.12.i386.rpm ia64: php-4.3.9-3.22.12.ia64.rpm php-debuginfo-4.3.9-3.22.12.ia64.rpm php-devel-4.3.9-3.22.12.ia64.rpm php-domxml-4.3.9-3.22.12.ia64.rpm php-gd-4.3.9-3.22.12.ia64.rpm php-imap-4.3.9-3.22.12.ia64.rpm php-ldap-4.3.9-3.22.12.ia64.rpm php-mbstring-4.3.9-3.22.12.ia64.rpm php-mysql-4.3.9-3.22.12.ia64.rpm php-ncurses-4.3.9-3.22.12.ia64.rpm php-odbc-4.3.9-3.22.12.ia64.rpm php-pear-4.3.9-3.22.12.ia64.rpm php-pgsql-4.3.9-3.22.12.ia64.rpm php-snmp-4.3.9-3.22.12.ia64.rpm php-xmlrpc-4.3.9-3.22.12.ia64.rpm ppc: php-4.3.9-3.22.12.ppc.rpm php-debuginfo-4.3.9-3.22.12.ppc.rpm php-devel-4.3.9-3.22.12.ppc.rpm php-domxml-4.3.9-3.22.12.ppc.rpm php-gd-4.3.9-3.22.12.ppc.rpm php-imap-4.3.9-3.22.12.ppc.rpm php-ldap-4.3.9-3.22.12.ppc.rpm php-mbstring-4.3.9-3.22.12.ppc.rpm php-mysql-4.3.9-3.22.12.ppc.rpm php-ncurses-4.3.9-3.22.12.ppc.rpm php-odbc-4.3.9-3.22.12.ppc.rpm php-pear-4.3.9-3.22.12.ppc.rpm php-pgsql-4.3.9-3.22.12.ppc.rpm php-snmp-4.3.9-3.22.12.ppc.rpm php-xmlrpc-4.3.9-3.22.12.ppc.rpm s390: php-4.3.9-3.22.12.s390.rpm php-debuginfo-4.3.9-3.22.12.s390.rpm php-devel-4.3.9-3.22.12.s390.rpm php-domxml-4.3.9-3.22.12.s390.rpm php-gd-4.3.9-3.22.12.s390.rpm php-imap-4.3.9-3.22.12.s390.rpm php-ldap-4.3.9-3.22.12.s390.rpm php-mbstring-4.3.9-3.22.12.s390.rpm php-mysql-4.3.9-3.22.12.s390.rpm php-ncurses-4.3.9-3.22.12.s390.rpm php-odbc-4.3.9-3.22.12.s390.rpm php-pear-4.3.9-3.22.12.s390.rpm php-pgsql-4.3.9-3.22.12.s390.rpm php-snmp-4.3.9-3.22.12.s390.rpm php-xmlrpc-4.3.9-3.22.12.s390.rpm s390x: php-4.3.9-3.22.12.s390x.rpm php-debuginfo-4.3.9-3.22.12.s390x.rpm php-devel-4.3.9-3.22.12.s390x.rpm php-domxml-4.3.9-3.22.12.s390x.rpm php-gd-4.3.9-3.22.12.s390x.rpm php-imap-4.3.9-3.22.12.s390x.rpm php-ldap-4.3.9-3.22.12.s390x.rpm php-mbstring-4.3.9-3.22.12.s390x.rpm php-mysql-4.3.9-3.22.12.s390x.rpm php-ncurses-4.3.9-3.22.12.s390x.rpm php-odbc-4.3.9-3.22.12.s390x.rpm php-pear-4.3.9-3.22.12.s390x.rpm php-pgsql-4.3.9-3.22.12.s390x.rpm php-snmp-4.3.9-3.22.12.s390x.rpm php-xmlrpc-4.3.9-3.22.12.s390x.rpm x86_64: php-4.3.9-3.22.12.x86_64.rpm php-debuginfo-4.3.9-3.22.12.x86_64.rpm php-devel-4.3.9-3.22.12.x86_64.rpm php-domxml-4.3.9-3.22.12.x86_64.rpm php-gd-4.3.9-3.22.12.x86_64.rpm php-imap-4.3.9-3.22.12.x86_64.rpm php-ldap-4.3.9-3.22.12.x86_64.rpm php-mbstring-4.3.9-3.22.12.x86_64.rpm php-mysql-4.3.9-3.22.12.x86_64.rpm php-ncurses-4.3.9-3.22.12.x86_64.rpm php-odbc-4.3.9-3.22.12.x86_64.rpm php-pear-4.3.9-3.22.12.x86_64.rpm php-pgsql-4.3.9-3.22.12.x86_64.rpm php-snmp-4.3.9-3.22.12.x86_64.rpm php-xmlrpc-4.3.9-3.22.12.x86_64.rpm Red Hat Enterprise Linux Desktop version4: Source: i386: php-4.3.9-3.22.12.i386.rpm php-debuginfo-4.3.9-3.22.12.i386.rpm php-devel-4.3.9-3.22.12.i386.rpm php-domxml-4.3.9-3.22.12.i386.rpm php-gd-4.3.9-3.22.12.i386.rpm php-imap-4.3.9-3.22.12.i386.rpm php-ldap-4.3.9-3.22.12.i386.rpm php-mbstring-4.3.9-3.22.12.i386.rpm php-mysql-4.3.9-3.22.12.i386.rpm php-ncurses-4.3.9-3.22.12.i386.rpm php-odbc-4.3.9-3.22.12.i386.rpm php-pear-4.3.9-3.22.12.i386.rpm php-pgsql-4.3.9-3.22.12.i386.rpm php-snmp-4.3.9-3.22.12.i386.rpm php-xmlrpc-4.3.9-3.22.12.i386.rpm x86_64: php-4.3.9-3.22.12.x86_64.rpm php-debuginfo-4.3.9-3.22.12.x86_64.rpm php-devel-4.3.9-3.22.12.x86_64.rpm php-domxml-4.3.9-3.22.12.x86_64.rpm php-gd-4.3.9-3.22.12.x86_64.rpm php-imap-4.3.9-3.22.12.x86_64.rpm php-ldap-4.3.9-3.22.12.x86_64.rpm php-mbstring-4.3.9-3.22.12.x86_64.rpm php-mysql-4.3.9-3.22.12.x86_64.rpm php-ncurses-4.3.9-3.22.12.x86_64.rpm php-odbc-4.3.9-3.22.12.x86_64.rpm php-pear-4.3.9-3.22.12.x86_64.rpm php-pgsql-4.3.9-3.22.12.x86_64.rpm php-snmp-4.3.9-3.22.12.x86_64.rpm php-xmlrpc-4.3.9-3.22.12.x86_64.rpm Red Hat Enterprise Linux ES version4: Source: i386: php-4.3.9-3.22.12.i386.rpm php-debuginfo-4.3.9-3.22.12.i386.rpm php-devel-4.3.9-3.22.12.i386.rpm php-domxml-4.3.9-3.22.12.i386.rpm php-gd-4.3.9-3.22.12.i386.rpm php-imap-4.3.9-3.22.12.i386.rpm php-ldap-4.3.9-3.22.12.i386.rpm php-mbstring-4.3.9-3.22.12.i386.rpm php-mysql-4.3.9-3.22.12.i386.rpm php-ncurses-4.3.9-3.22.12.i386.rpm php-odbc-4.3.9-3.22.12.i386.rpm php-pear-4.3.9-3.22.12.i386.rpm php-pgsql-4.3.9-3.22.12.i386.rpm php-snmp-4.3.9-3.22.12.i386.rpm php-xmlrpc-4.3.9-3.22.12.i386.rpm ia64: php-4.3.9-3.22.12.ia64.rpm php-debuginfo-4.3.9-3.22.12.ia64.rpm php-devel-4.3.9-3.22.12.ia64.rpm php-domxml-4.3.9-3.22.12.ia64.rpm php-gd-4.3.9-3.22.12.ia64.rpm php-imap-4.3.9-3.22.12.ia64.rpm php-ldap-4.3.9-3.22.12.ia64.rpm php-mbstring-4.3.9-3.22.12.ia64.rpm php-mysql-4.3.9-3.22.12.ia64.rpm php-ncurses-4.3.9-3.22.12.ia64.rpm php-odbc-4.3.9-3.22.12.ia64.rpm php-pear-4.3.9-3.22.12.ia64.rpm php-pgsql-4.3.9-3.22.12.ia64.rpm php-snmp-4.3.9-3.22.12.ia64.rpm php-xmlrpc-4.3.9-3.22.12.ia64.rpm x86_64: php-4.3.9-3.22.12.x86_64.rpm php-debuginfo-4.3.9-3.22.12.x86_64.rpm php-devel-4.3.9-3.22.12.x86_64.rpm php-domxml-4.3.9-3.22.12.x86_64.rpm php-gd-4.3.9-3.22.12.x86_64.rpm php-imap-4.3.9-3.22.12.x86_64.rpm php-ldap-4.3.9-3.22.12.x86_64.rpm php-mbstring-4.3.9-3.22.12.x86_64.rpm php-mysql-4.3.9-3.22.12.x86_64.rpm php-ncurses-4.3.9-3.22.12.x86_64.rpm php-odbc-4.3.9-3.22.12.x86_64.rpm php-pear-4.3.9-3.22.12.x86_64.rpm php-pgsql-4.3.9-3.22.12.x86_64.rpm php-snmp-4.3.9-3.22.12.x86_64.rpm php-xmlrpc-4.3.9-3.22.12.x86_64.rpm Red Hat Enterprise Linux WS version4: Source: i386: php-4.3.9-3.22.12.i386.rpm php-debuginfo-4.3.9-3.22.12.i386.rpm php-devel-4.3.9-3.22.12.i386.rpm php-domxml-4.3.9-3.22.12.i386.rpm php-gd-4.3.9-3.22.12.i386.rpm php-imap-4.3.9-3.22.12.i386.rpm php-ldap-4.3.9-3.22.12.i386.rpm php-mbstring-4.3.9-3.22.12.i386.rpm php-mysql-4.3.9-3.22.12.i386.rpm php-ncurses-4.3.9-3.22.12.i386.rpm php-odbc-4.3.9-3.22.12.i386.rpm php-pear-4.3.9-3.22.12.i386.rpm php-pgsql-4.3.9-3.22.12.i386.rpm php-snmp-4.3.9-3.22.12.i386.rpm php-xmlrpc-4.3.9-3.22.12.i386.rpm ia64: php-4.3.9-3.22.12.ia64.rpm php-debuginfo-4.3.9-3.22.12.ia64.rpm php-devel-4.3.9-3.22.12.ia64.rpm php-domxml-4.3.9-3.22.12.ia64.rpm php-gd-4.3.9-3.22.12.ia64.rpm php-imap-4.3.9-3.22.12.ia64.rpm php-ldap-4.3.9-3.22.12.ia64.rpm php-mbstring-4.3.9-3.22.12.ia64.rpm php-mysql-4.3.9-3.22.12.ia64.rpm php-ncurses-4.3.9-3.22.12.ia64.rpm php-odbc-4.3.9-3.22.12.ia64.rpm php-pear-4.3.9-3.22.12.ia64.rpm php-pgsql-4.3.9-3.22.12.ia64.rpm php-snmp-4.3.9-3.22.12.ia64.rpm php-xmlrpc-4.3.9-3.22.12.ia64.rpm x86_64: php-4.3.9-3.22.12.x86_64.rpm php-debuginfo-4.3.9-3.22.12.x86_64.rpm php-devel-4.3.9-3.22.12.x86_64.rpm php-domxml-4.3.9-3.22.12.x86_64.rpm php-gd-4.3.9-3.22.12.x86_64.rpm php-imap-4.3.9-3.22.12.x86_64.rpm php-ldap-4.3.9-3.22.12.x86_64.rpm php-mbstring-4.3.9-3.22.12.x86_64.rpm php-mysql-4.3.9-3.22.12.x86_64.rpm php-ncurses-4.3.9-3.22.12.x86_64.rpm php-odbc-4.3.9-3.22.12.x86_64.rpm php-pear-4.3.9-3.22.12.x86_64.rpm php-pgsql-4.3.9-3.22.12.x86_64.rpm php-snmp-4.3.9-3.22.12.x86_64.rpm php-xmlrpc-4.3.9-3.22.12.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7.References: https://www.cve.org/CVERecord?id=CVE-2008-2051 https://www.cve.org/CVERecord?id=CVE-2007-5898 https://www.cve.org/CVERecord?id=CVE-2007-5899 https://www.cve.org/CVERecord?id=CVE-2007-4782 https://www.cve.org/CVERecord?id=CVE-2008-2107 https://www.cve.org/CVERecord?id=CVE-2008-2108 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2008 Red Hat, Inc. . Oracle announces a critical patch for Java, resolving several vulnerabilities and a performance glitch, assessed as high severity by their cybersecurity division.. PHP Security Update, Red Hat Advisory, Security Impact, PHP Bug Fix. . LinuxSecurity.com Team
Jul 16, 2008
Red Hat
98
security advisorysecurity updatemoderate severityRed Hat Application Stack Moderate Advisory: JBoss Session Leak
Updated JBoss Enterprise Application Platform packages that fix several security issues and bugs are now available for Red Hat Application Stack v1 and v2. Tomcat incorrectly treated a single quote character (') in a cookie value as a delimiter. In some circumstances this lead to the leaking of information such as session ID to an attacker. This update has been rated as having moderate security impact by the Red Hat Security Response Team.. - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: JBoss Enterprise Application Platform security update Advisory ID: RHSA-2007:0950-01 Advisory URL: https://access.redhat.com/errata/RHSA-2007:0950.html Issue date: 2007-11-05 Updated on: 2007-11-05 Product: Red Hat Application Stack CVE Names: CVE-2007-3382 CVE-2007-3385 - ---------------------------------------------------------------------1. Summary: Updated JBoss Enterprise Application Platform packages that fix several security issues and bugs are now available for Red Hat Application Stack v1 and v2. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Application Stack v1 for Enterprise Linux AS (v.4) - noarch Red Hat Application Stack v1 for Enterprise Linux ES (v.4) - noarch Red Hat Application Stack v2 for Enterprise Linux (v.5) - noarch 3. Problem description: The updated packages address the following security vulnerabilities: Tomcat incorrectly treated a single quote character (') in a cookie value as a delimiter. In some circumstances this lead to the leaking of information such as session ID to an attacker (CVE-2007-3382). Tomcat incorrectly handled the character sequence \" in a cookie value. In some circumstances this lead to the leaking of information such as session ID to an attacker (CVE-2007-3385). In addition to these securityfixes, this update also fixes several bugs in JBoss Enterprise Application Platform. Please see the referenced release notes for the list of bugs fixed. Users of JBoss Enterprise Application Platform should upgrade to these updated packages which contain fixes to correct these issues. For users of Red Hat Application Stack v1, installation of this errata will automatically bring the system up to V.1.2. Please note the following changes that may affect you: - - Stacks V.1.2 has a new version of JBoss Application Server which requires Java version 1.5 to run. - - Unless the JBOSS_IP variable is explicitly set in the configuration file, JBoss Application Server services are now bound to localhost. - - Unless the JBOSSCONF variable is explicitly set in the configuration file, JBoss Application Server will start with the production config when started via the init script. Refer to the release notes for more information on how to set the JBOSS_IP and JBOSSCONF variables. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bug IDs fixed (http://bugzilla.redhat.com/): 247972 - CVE-2007-3382 tomcat handling of cookies 247976 - CVE-2007-3385 tomcat handling of cookie values 6. RPMs required: Red Hat Application Stack v1 for Enterprise Linux AS (v.4): SRPMS: 3e6d36d2288f3119b14d0e3dd25599c9 berkeleydb-2.0.90-1jpp.ep1.1.src.rpm c45bea49f9a9460400a2da68565b49cb hibernate3-annotations-3.2.1-1.patch01.1jpp.ep1.2.src.rpm 3e32c2ce08a2f07dd027ff86446af6d8 hibernate3-ejb-persistence-3.0-api-3.2.1-1jpp.ep1.1.src.rpm 3b350d7de3b713a06221d2edb18abbc4 hibernate3-entitymanager-3.2.1-1jpp.ep1.5.src.rpm ff1beb2147c7a5aad8e64de2b83ba0aa jacorb-2.3.0-1jpp.ep1.1.src.rpm 15e5b40fbc9f3e41dbf0b74cdf7b0017 jboss-aop-1.5.5-0jpp.ep1.2.1.src.rpm c638e8e39f4524bfddbf07c914024c0b jboss-cache-1.4.1-1.SP3.1jpp.ep1.1.src.rpm d56036f4b74525ae351030f4c1a8eb9a jboss-remoting-2.2.2-1jpp.ep1.4.src.rpm 0c5d62cc1e37bb8dd47b2e17b96b7149 jboss-seam-1.2.1-1.ep1.2.src.rpm 862809bc4e78e5a8777c0c31fcd3a555 jboss-serialization-1.0.3-1jpp.ep1.3.src.rpm d137454d4f562778a0cfd9475ed3bbf0 jbossas-4.2.0-2.CP01.ep1.4.src.rpm cba7829b13f79de64b4cbd0422acbaa2 jbossweb-2.0.0-2.CP01.0jpp.ep1.4.src.rpm 16a51b52b0d53b65d474c1c104c125e9 jbossxb-1.0.0-1.CP01.0jpp.ep1.1.src.rpm 92c34a206cecaf59e62d7a3eb38fdc1f jcommon-0.9.7-1jpp.el4ep1.1.src.rpm d474fd5e30d873738eec028c88164bab jfreechart-0.9.21-2jpp.el4ep1.1.src.rpm 723a3f1afb218740be1f5d782e80cc25 rh-eap-docs-4.2.0-2.CP01.ep1.2.src.rpm noarch: 9603b96542df9e138e252ee5a701aed4 berkeleydb-2.0.90-1jpp.ep1.1.noarch.rpm 379f1308aa47160a341c35e9bf45aa65 hibernate3-annotations-3.2.1-1.patch01.1jpp.ep1.2.noarch.rpm 5e39db41c091e098c95edd53c94d3c2d hibernate3-annotations-javadoc-3.2.1-1.patch01.1jpp.ep1.2.noarch.rpm 53896bfbb3bb3f874e160e237b30e2ca hibernate3-ejb-persistence-3.0-api-3.2.1-1jpp.ep1.1.noarch.rpm c54b366b96e62fee6ea225d802c0e3d2 hibernate3-ejb-persistence-3.0-api-javadoc-3.2.1-1jpp.ep1.1.noarch.rpm 8635620bce0bef87a8256ec82577f804 hibernate3-entitymanager-3.2.1-1jpp.ep1.5.noarch.rpm 11076de6fc94fe5fc92ededfa22b46a6 hibernate3-entitymanager-javadoc-3.2.1-1jpp.ep1.5.noarch.rpm 05b568ffc52cefb9abad01678b8cd7ef jacorb-2.3.0-1jpp.ep1.1.noarch.rpm 75f791f3a359dac015d7159e1fdee9ce jboss-aop-1.5.5-0jpp.ep1.2.1.noarch.rpm dc933213e3041cbe05a61685913b234b jboss-cache-1.4.1-1.SP3.1jpp.ep1.1.noarch.rpm 30d63ec755235f595dd4fc8207926fa7 jboss-remoting-2.2.2-1jpp.ep1.4.noarch.rpm 63b040353b821f8cbc5ccd186cd4d792 jboss-seam-1.2.1-1.ep1.2.noarch.rpm 5543500f72d98d57105e45e33f227fea jboss-seam-docs-1.2.1-1.ep1.2.noarch.rpm 6b3266b5951ed27bedf610e47c619bb1 jboss-serialization-1.0.3-1jpp.ep1.3.noarch.rpm 672f485649dcfbb7a2720939a946893b jbossas-4.2.0-2.CP01.ep1.4.noarch.rpm fb3cc11b0a1719c625820d63c3eb0d5d jbossweb-2.0.0-2.CP01.0jpp.ep1.4.noarch.rpm 3a03da161c9148892c706332f97cc53d jbossxb-1.0.0-1.CP01.0jpp.ep1.1.noarch.rpm ec2d3af5e0a2dbc092e334444d31f2f4 jcommon-0.9.7-1jpp.el4ep1.1.noarch.rpm e064470349b6cc22b1ce1a5bb0b91034 jfreechart-0.9.21-2jpp.el4ep1.1.noarch.rpm 18e8c6084efaa0be97865e3f97b13db2 rh-eap-docs-4.2.0-2.CP01.ep1.2.noarch.rpm Red Hat Application Stack v1 for Enterprise Linux ES (v.4): SRPMS: 3e6d36d2288f3119b14d0e3dd25599c9 berkeleydb-2.0.90-1jpp.ep1.1.src.rpm c45bea49f9a9460400a2da68565b49cb hibernate3-annotations-3.2.1-1.patch01.1jpp.ep1.2.src.rpm 3e32c2ce08a2f07dd027ff86446af6d8 hibernate3-ejb-persistence-3.0-api-3.2.1-1jpp.ep1.1.src.rpm 3b350d7de3b713a06221d2edb18abbc4 hibernate3-entitymanager-3.2.1-1jpp.ep1.5.src.rpm ff1beb2147c7a5aad8e64de2b83ba0aa jacorb-2.3.0-1jpp.ep1.1.src.rpm 15e5b40fbc9f3e41dbf0b74cdf7b0017 jboss-aop-1.5.5-0jpp.ep1.2.1.src.rpm c638e8e39f4524bfddbf07c914024c0b jboss-cache-1.4.1-1.SP3.1jpp.ep1.1.src.rpm d56036f4b74525ae351030f4c1a8eb9a jboss-remoting-2.2.2-1jpp.ep1.4.src.rpm 0c5d62cc1e37bb8dd47b2e17b96b7149 jboss-seam-1.2.1-1.ep1.2.src.rpm 862809bc4e78e5a8777c0c31fcd3a555 jboss-serialization-1.0.3-1jpp.ep1.3.src.rpm d137454d4f562778a0cfd9475ed3bbf0 jbossas-4.2.0-2.CP01.ep1.4.src.rpm cba7829b13f79de64b4cbd0422acbaa2 jbossweb-2.0.0-2.CP01.0jpp.ep1.4.src.rpm 16a51b52b0d53b65d474c1c104c125e9 jbossxb-1.0.0-1.CP01.0jpp.ep1.1.src.rpm 92c34a206cecaf59e62d7a3eb38fdc1f jcommon-0.9.7-1jpp.el4ep1.1.src.rpm d474fd5e30d873738eec028c88164bab jfreechart-0.9.21-2jpp.el4ep1.1.src.rpm 723a3f1afb218740be1f5d782e80cc25 rh-eap-docs-4.2.0-2.CP01.ep1.2.src.rpm noarch: 9603b96542df9e138e252ee5a701aed4 berkeleydb-2.0.90-1jpp.ep1.1.noarch.rpm 379f1308aa47160a341c35e9bf45aa65 hibernate3-annotations-3.2.1-1.patch01.1jpp.ep1.2.noarch.rpm 5e39db41c091e098c95edd53c94d3c2d hibernate3-annotations-javadoc-3.2.1-1.patch01.1jpp.ep1.2.noarch.rpm 53896bfbb3bb3f874e160e237b30e2ca hibernate3-ejb-persistence-3.0-api-3.2.1-1jpp.ep1.1.noarch.rpm c54b366b96e62fee6ea225d802c0e3d2 hibernate3-ejb-persistence-3.0-api-javadoc-3.2.1-1jpp.ep1.1.noarch.rpm 8635620bce0bef87a8256ec82577f804 hibernate3-entitymanager-3.2.1-1jpp.ep1.5.noarch.rpm 11076de6fc94fe5fc92ededfa22b46a6 hibernate3-entitymanager-javadoc-3.2.1-1jpp.ep1.5.noarch.rpm 05b568ffc52cefb9abad01678b8cd7ef jacorb-2.3.0-1jpp.ep1.1.noarch.rpm 75f791f3a359dac015d7159e1fdee9ce jboss-aop-1.5.5-0jpp.ep1.2.1.noarch.rpm dc933213e3041cbe05a61685913b234b jboss-cache-1.4.1-1.SP3.1jpp.ep1.1.noarch.rpm 30d63ec755235f595dd4fc8207926fa7 jboss-remoting-2.2.2-1jpp.ep1.4.noarch.rpm 63b040353b821f8cbc5ccd186cd4d792 jboss-seam-1.2.1-1.ep1.2.noarch.rpm 5543500f72d98d57105e45e33f227fea jboss-seam-docs-1.2.1-1.ep1.2.noarch.rpm 6b3266b5951ed27bedf610e47c619bb1 jboss-serialization-1.0.3-1jpp.ep1.3.noarch.rpm 672f485649dcfbb7a2720939a946893b jbossas-4.2.0-2.CP01.ep1.4.noarch.rpm fb3cc11b0a1719c625820d63c3eb0d5d jbossweb-2.0.0-2.CP01.0jpp.ep1.4.noarch.rpm 3a03da161c9148892c706332f97cc53d jbossxb-1.0.0-1.CP01.0jpp.ep1.1.noarch.rpm ec2d3af5e0a2dbc092e334444d31f2f4 jcommon-0.9.7-1jpp.el4ep1.1.noarch.rpm e064470349b6cc22b1ce1a5bb0b91034 jfreechart-0.9.21-2jpp.el4ep1.1.noarch.rpm 18e8c6084efaa0be97865e3f97b13db2 rh-eap-docs-4.2.0-2.CP01.ep1.2.noarch.rpm Red Hat Application Stack v2 for Enterprise Linux (v.5): SRPMS: 1364824c1ee97e7f0fcb241328e9df69 berkeleydb-2.0.90-1jpp.ep1.1.el5.src.rpm 40d5faea59fd9e5f9436fd45523c8070 bsh2-2.0-0.b4.1jpp.ep1.1.el5.src.rpm 8f6f712b7a2253f1d6b29ae35f8b7c94 hibernate3-annotations-3.2.1-1.patch01.1jpp.ep1.3.el5.src.rpm 9cdd12f342aa59b7107739ee4d8705be hibernate3-ejb-persistence-3.0-api-3.2.1-1jpp.ep1.1.el5.src.rpm aae323eb86189e960036688084c3fe44 hibernate3-entitymanager-3.2.1-1jpp.ep1.5.el5.src.rpm 8fbbf0b14100f6321d390b8778ef4c1e jboss-cache-1.4.1-1.SP3.1jpp.ep1.1.el5.src.rpm ce29506939a744277b93b37c7dafec83 jboss-remoting-2.2.2-1jpp.ep1.5.el5.src.rpm e563128ec97b2be57b56b9997711f36b jboss-seam-1.2.1-1.ep1.2.el5.src.rpm 60d15223c3215e23627723e5603da12b jboss-serialization-1.0.3-1jpp.ep1.4.el5.src.rpm e7f2185315348598788131da1c83dec8 jbossas-4.2.0-2.CP01.ep1.3.el5.src.rpm d82e72da9bac49c8ba90ab425cbaa894 jbossweb-2.0.0-2.CP01.0jpp.ep1.4.el5.src.rpm 07c5344200f93a07e8e46619a8b0d469 jbossxb-1.0.0-1.CP01.0jpp.ep1.2.el5.src.rpm 854f94d9d2d8816ab556233173e262d2 jcommon-0.9.7-1jpp.ep1.1.el5.src.rpm 61d66b662ef265be93c48a09b30dde4d jfreechart-0.9.21-2jpp.ep1.1.el5.2.src.rpm 7c8b1e2360100685e1b0ac4b4e05cc26 rh-eap-docs-4.2.0-2.CP01.ep1.2.el5.src.rpm noarch: ff70a7c2ece755ce4ce357b484eda115 berkeleydb-2.0.90-1jpp.ep1.1.el5.noarch.rpm c6ca766ab43cca7b1988989c87c8024e bsh2-2.0-0.b4.1jpp.ep1.1.el5.noarch.rpm 39220cf779de34db59de5f911dc83fe4 hibernate3-annotations-3.2.1-1.patch01.1jpp.ep1.3.el5.noarch.rpm 38d14e60c80432ae28d64c55df8263f0 hibernate3-annotations-javadoc-3.2.1-1.patch01.1jpp.ep1.3.el5.noarch.rpm b66229122a3a9c50a738734dc3b52543 hibernate3-ejb-persistence-3.0-api-3.2.1-1jpp.ep1.1.el5.noarch.rpm 96e5571896595832aa0f03d4bdac01d7 hibernate3-ejb-persistence-3.0-api-javadoc-3.2.1-1jpp.ep1.1.el5.noarch.rpm 1f12ab51909c31709d1322a8b425997b hibernate3-entitymanager-3.2.1-1jpp.ep1.5.el5.noarch.rpm d084bb0e4cf54d4a2ac3c0a520310dbd hibernate3-entitymanager-javadoc-3.2.1-1jpp.ep1.5.el5.noarch.rpm 55e29258406c1decddc23793152dd497 jboss-cache-1.4.1-1.SP3.1jpp.ep1.1.el5.noarch.rpm a836aa273e7af578292fc7327db7c005 jboss-remoting-2.2.2-1jpp.ep1.5.el5.noarch.rpm 37aefe6fa970e840ed69ed5b0169cd92 jboss-seam-1.2.1-1.ep1.2.el5.noarch.rpm 56032018c262062aec27e7909b526e39 jboss-seam-docs-1.2.1-1.ep1.2.el5.noarch.rpm a1f90135b91310cbbc57dcb983684022 jboss-serialization-1.0.3-1jpp.ep1.4.el5.noarch.rpm 2baed88bbd3d80ca3f9835f50d44dec2 jbossas-4.2.0-2.CP01.ep1.3.el5.noarch.rpm f0fb7530810ea9edff633c6080b09116 jbossweb-2.0.0-2.CP01.0jpp.ep1.4.el5.noarch.rpm 8aa3b658479515e7caae1eb304c3f6a1 jbossxb-1.0.0-1.CP01.0jpp.ep1.2.el5.noarch.rpm be2f08599120e22b74e37b360c984348 jcommon-0.9.7-1jpp.ep1.1.el5.noarch.rpm 33366ca9ba0a15acb3d77e884d58675e jfreechart-0.9.21-2jpp.ep1.1.el5.2.noarch.rpm 6ac949ba8f4dd30894a2260e038c30c8 rh-eap-docs-4.2.0-2.CP01.ep1.2.el5.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CVE-2007-3382 https://www.cve.org/CVERecord?id=CVE-2007-3385 https://docs.redhat.com/en https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. . Essential security patch released for JBoss Enterprise Application Framework tackling significant session vulnerabilities.. Red Hat Application Stack, JBoss EAP, session ID leak. . LinuxSecurity.com Team
Nov 05, 2007
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!