Stay Vigilant with Timely Linux Security Advisories

Loading...

security advisoryred hatimportant

Red Hat: RHSA-2022:8961-01 Important: Keycloak Session Takeover

New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Single Sign-On 7.6.1 security update on RHEL 7 Advisory ID: RHSA-2022:8961-01 Product: Red Hat Single Sign-On Advisory URL: https://access.redhat.com/errata/RHSA-2022:8961 Issue date: 2022-12-13 CVE Names: CVE-2022-3782 CVE-2022-3916 ==================================================================== 1. Summary: New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Single Sign-On 7.6 for RHEL 7 Server - noarch 3. Description: Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.1 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes the security fixes listed below. Security Fix(es): * keycloak: path traversal via double URL encoding (CVE-2022-3782) * keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includesthe changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2138971 - CVE-2022-3782 keycloak: path traversal via double URL encoding 2141404 - CVE-2022-3916 keycloak: Session takeover with OIDC offline refreshtokens 6. JIRA issues fixed (https://issues.redhat.com/): CIAM-4414 - Build RPMs for this patch 7. Package List: Red Hat Single Sign-On 7.6 for RHEL 7 Server: Source: rh-sso7-keycloak-18.0.3-1.redhat_00002.1.el7sso.src.rpm noarch: rh-sso7-keycloak-18.0.3-1.redhat_00002.1.el7sso.noarch.rpm rh-sso7-keycloak-server-18.0.3-1.redhat_00002.1.el7sso.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. References: https://access.redhat.com/security/cve/CVE-2022-3782 https://access.redhat.com/security/cve/CVE-2022-3916 https://access.redhat.com/security/updates/classification/#important 9. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY5ipotzjgjWX9erEAQjCBA//UBYUDvesP1x2wXWYvnR28asrOWhGk7tA n2G9Rf8/9jkZS2QetFy9xLsSBVGEOz+4ZhnyMST5XgjRkdpC+TcpcjgkgZ+w3V6X fSfbeyC3SvxK9S8+s59yrRHmBbkXBhlJf37BEXhWaJXJ0FTO72NvPM1vUWRKWW1w vK5/CW27UBTqxNgpXSiBeO/rIVRbknVCxD+YXQlwaGW8+jvxWzo/8JJ/nshJ1bDg 5Q3mC6kuv5SFpF4UhjGBQAuw+COoMZ+4FNRSUNWuErpvPd1YpEDyEEfxT1tArZDM IKWxpaVSNnFvKrkAqFUs6uuNiW/vzc+Sm7u79Ax0o6WUpD3J3t7oAstS8FWHM6qL WFuEUv0sKROLtR1o1IxROwjlMRyJXhTKwNZI3A8xG762/tFX9N0y1tJFO5rm/Wqf cXsi9fily473Y+JCnTNQS0rrwhy3ZV2w3SFM1lcrgMA5Y3BuRYqz63yLq8EsYMwX hW/1TgBj0QBP5QLlncs9eFF+vfvSFMq5780JJhniTkmdfLtuIPlWhFPjpwcA0XKY K+pVXDSfZ76V4mZaNKN8JQnps/xvbc7rUHjWZ8MCi2PDnZwpzj2KT+WjI31YsQbe 5CHaMYS5ikZ3P2xHQIqaacAmEUqrYHo1dI75KZ9azjXcubgMk5/KNXD+gmo0bmnX uI04HxR4UHc=9d1O -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Note: RedHat Single Sign-On 7.6.1 for RHEL 7 resolves critical security vulnerabilities.. Red Hat Single Sign-On, Important Security Update, Keycloak Security, RHEL 7 Update. . Severity: Important. LinuxSecurity.com Team

Dec 13, 2022 •Important Red Hat

security advisoryimportantpath traversal

Red Hat Single Sign-On 7.6.1 Advisory RHSA-2022:8963-01 Important Severity

New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Single Sign-On 7.6.1 security update on RHEL 9 Advisory ID: RHSA-2022:8963-01 Product: Red Hat Single Sign-On Advisory URL: https://access.redhat.com/errata/RHSA-2022:8963 Issue date: 2022-12-13 CVE Names: CVE-2022-3782 CVE-2022-3916 ==================================================================== 1. Summary: New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Single Sign-On 7.6 for RHEL 9 - noarch 3. Description: Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.1 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes the security fixes listed below. Security Fix(es): * keycloak: path traversal via double URL encoding (CVE-2022-3782) * keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes thechanges described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2138971 - CVE-2022-3782 keycloak: path traversal via double URL encoding 2141404 - CVE-2022-3916 keycloak: Session takeover with OIDC offline refreshtokens 6. JIRA issues fixed (https://issues.redhat.com/): CIAM-4414 - Build RPMs for this patch 7. Package List: Red Hat Single Sign-On 7.6 for RHEL 9: Source: rh-sso7-keycloak-18.0.3-1.redhat_00002.1.el9sso.src.rpm noarch: rh-sso7-keycloak-18.0.3-1.redhat_00002.1.el9sso.noarch.rpm rh-sso7-keycloak-server-18.0.3-1.redhat_00002.1.el9sso.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. References: https://access.redhat.com/security/cve/CVE-2022-3782 https://access.redhat.com/security/cve/CVE-2022-3916 https://access.redhat.com/security/updates/classification/#important 9. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY5ipndzjgjWX9erEAQhVcxAAnTGHyVcLWPvYT8iwc9H8oDFxvLGgHmzc dWM5kJDBs6in9LmpRfuK+e2+ImTB51tJevuhhlWK352/sNaNLUqRDVwh3lC+5j/I Wg9OVsLlSDrlaB8XPUP2W7yDa8ZHc4SMb6t4h/h7xKc4ylLAJNM2K/d/wiisAK3n 154VOxiaQJjfSOk1EPJipg6oe8iT0ytStcWqxstpvVQj8oWEvyghzeZyQbcy/+Ar 9L7lc43jCkZWq8LVRznX4SwooqJvsARuvw9M54dvaWAkdr4lme07BIAY2AEIk1k3 fB3to4RtSb2I6H/PsJn2uZ4r0aeigWMTEG4M+8RluAjjglVtBISjwzQ4WAahwL7o 2Gjoxpoe81WFSLAqwvmNdqQplJSMVajymKweFVQBZih0VGYTCGR/LRCg57Fjh3UZ o96jAUIjR7DtXrU0PtuXvDyi4L8dNFRHh4oXzFVGH+0VyT/QSOonEJM2qcDcXFjv OD19J3457M+qTrJkqeeuFY5UhyfxzCD5fcDzOlt4YK95ptx+0dV4dlbDq3ECGbw9 jWX1QGKnXFjsljZLCacT1RoS6wwWnDg8ZTIDZdm1FKyEA9wlqhuJMPgKFpTri7y0 YYO14rCXVuKkoHBVB+sgpup4w2B47v897DtGw+J51hWBdmYg/miYiEUbod+Z3V8t 7C6RUvKvSmo=XpnE -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Latest Red Hat SSO7.6.1 packages for RHEL 9 now available, including critical security patches. Discover more about the enhancements.. Red Hat Single Sign-On, RHEL 9 Security, Authentication Risks. . Severity: Important. LinuxSecurity.com Team

Dec 13, 2022 •Important Red Hat

security advisoryRed Hatauthentication

Red Hat: RHSA-2022:8962-01 Important: Single Sign-On 7.6.1 Security Issues

New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Single Sign-On 7.6.1 security update on RHEL 8 Advisory ID: RHSA-2022:8962-01 Product: Red Hat Single Sign-On Advisory URL: https://access.redhat.com/errata/RHSA-2022:8962 Issue date: 2022-12-13 CVE Names: CVE-2022-3782 CVE-2022-3916 ==================================================================== 1. Summary: New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Single Sign-On 7.6 for RHEL 8 - noarch 3. Description: Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.1 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes the security fixes listed below. Security Fix(es): * keycloak: path traversal via double URL encoding (CVE-2022-3782) * keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes thechanges described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2138971 - CVE-2022-3782 keycloak: path traversal via double URL encoding 2141404 - CVE-2022-3916 keycloak: Session takeover with OIDC offline refreshtokens 6. JIRA issues fixed (https://issues.redhat.com/): CIAM-4414 - Build RPMs for this patch 7. Package List: Red Hat Single Sign-On 7.6 for RHEL 8: Source: rh-sso7-keycloak-18.0.3-1.redhat_00002.1.el8sso.src.rpm noarch: rh-sso7-keycloak-18.0.3-1.redhat_00002.1.el8sso.noarch.rpm rh-sso7-keycloak-server-18.0.3-1.redhat_00002.1.el8sso.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. References: https://access.redhat.com/security/cve/CVE-2022-3782 https://access.redhat.com/security/cve/CVE-2022-3916 https://access.redhat.com/security/updates/classification/#important 9. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY5ipldzjgjWX9erEAQiTxQ//X1uZTMfjqFKgWwdGQx+411ANW503To42 itxaBWhSxJmbzOhJB0QKoABPCapl3mwrPC+XfdGL2sorqFFjbXNa6TkaQecfVqt2 qwTqtEix3WQVmK2PY9e//9sea/vwfwBOfhqxgiML3ZMzrfXHzIgnWNSPE5eYT+n9 riKkquCR7kInls3lkxgpKEQjsJXyR1FhIGzS4J8tmgHsG46zOF4fYsPI2BVj6VJg Y55XjFXoPjZdKWzdHNVBzuRIuoCBEToZHPNzA4D387FsAPSqVwrEQ5S0VUL7bJ/t WY03oVmytyvgwUnwzUSy1qgFDpzY68YAtCLdO2sNPqybiFUKAWevhCNK8Dksf7VM zUpmIZF5EtKAQZIF1LH+DTtwWJr+Uvy/vnbA+CqwwUcQv6/mKQIBLsIHMaLyB3Bu 3KSksEllW6XQ+c1JFQ1BmDdkyHhmRYXxxkGqxmtW7cFj4K+rnWqu+o7IRJvbXUJM F3ryJcFk/0tYmzHUqCgQZQvJQwF5QCVZdIMZrAAI6ugGE5m2VeSJBgb+aHNIwn9/ Ji9OdKRuzPJFjmuZy67RaFbF37ILTeQB6uVPz0PLjcjJZAP/NN5CjWbTS/D7Q0J/ RgIZe5uv4sYOkH0+jd6CYQp7GVXlPvT/uVE3eONol+FgT5lyf6fWZE2vjQQsO/26 ZyVkdE4wcmo=CFoY -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Oracle announces avital update for Identity Management 5.3.2 addressing severe vulnerabilities related to privilege escalation and directory traversal.. Red Hat Single Sign-On, security fixes, session takeover, path traversal, security updates. . Severity: Important. LinuxSecurity.com Team

Dec 13, 2022 •Important Red Hat

security advisoryremote accesslow severity

Arch Linux: ASA-202106-19 Low Severity: Keycloak Session Takeover Risk

The package keycloak before version 13.0.1-1 is vulnerable to incorrect calculation. . Arch Linux Security Advisory ASA-202106-19 ========================================= Severity: Low Date : 2021-06-01 CVE-ID : CVE-2021-3461 Package : keycloak Type : incorrect calculation Remote : Yes Link : https://security.archlinux.org/AVG-1994 Summary ====== The package keycloak before version 13.0.1-1 is vulnerable to incorrect calculation. Resolution ========= Upgrade to 13.0.1-1. # pacman -Syu "keycloak> =13.0.1-1" The problem has been fixed upstream in version 13.0.1. Workaround ========= None. Description ========== Keycloak may fail to logout a user session if the logout request comes from an external SAML identity provider that is set up to identify the principal via attributes rather than by Subject Name ID. Impact ===== A remote attacker could take over a logged out user session if they manage to obtain the old session token. References ========= https://bugzilla.redhat.com/show_bug.cgi?id=1941565 https://github.com/keycloak/keycloak/commit/f014299e7c781dff2b492b81bc81adcf717bd530 https://security.archlinux.org/CVE-2021-3461 . The recent Debian Security Advisory DSA-2023-45 addresses a medium severity issue found in OpenLDAP that enables possible information disclosure risks.. Arch Linux, Keycloak, Remote Access, Security Advisory, Calculation Issue. . Severity: Low. LinuxSecurity.com Team

Jun 03, 2021 •Low ArchLinux

security advisorydenial of servicedebian

Debian: DSA-2332-1 Moderate: Python-Django Session Takeover

Paul McMillan, Mozilla and the Django core team discovered several vulnerabilities in Django, a Python web framework: CVE-2011-4136 . - ------------------------------------------------------------------------- Debian Security Advisory DSA-2332-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Thijs Kinkhorst October 29, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : python-django Vulnerability : several issues Problem type : remote Debian-specific: no CVE ID : CVE-2011-4136 CVE-2011-4137 CVE-2011-4138 CVE-2011-4139 CVE-2011-4140 Debian Bug : 641405 Paul McMillan, Mozilla and the Django core team discovered several vulnerabilities in Django, a Python web framework: CVE-2011-4136 When using memory-based sessions and caching, Django sessions are stored directly in the root namespace of the cache. When user data is stored in the same cache, a remote user may take over a session. CVE-2011-4137, CVE-2011-4138 Django's field type URLfield by default checks supplied URL's by issuing a request to it, which doesn't time out. A Denial of Service is possible by supplying specially prepared URL's that keep the connection open indefinately or fill the Django's server memory. CVE-2011-4139 Django used X-Forwarded-Host headers to construct full URL's. This header may not contain trusted input and could be used to poison the cache. CVE-2011-4140 The CSRF protection mechanism in Django does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests. For the oldstable distribution (lenny), this problem has been fixed in version 1.0.2-1+lenny3. For the stable distribution (squeeze), this problem has been fixed in version 1.2.3-3+squeeze2. For the testing (wheezy) and unstable distribution (sid), thisproblem has been fixed in version 1.3.1-1. We recommend that you upgrade your python-django packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Numerous vulnerabilities identified in Django yield session hijacking and service interruption risks. Update advised.. Django Security Update, Debian DSA-2332-1, Remote Issues. . LinuxSecurity.com Team

Oct 29, 2011 Debian

security advisoryDebianlocal exploit

Debian DSA 660-1 Critical: KDE Screensaver Local Session Takeover

Raphaël Enrici discovered that the KDE screensaver can crash under certain local circumstances. This can be exploited by an attacker with physical access to the workstation to take over the desktop session.. - --------------------------------------------------------------------------Debian Security Advisory DSA 660-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Martin Schulze January 26th, 2005 http://www.debian.org/security/faq - --------------------------------------------------------------------------Package : kdebse Vulnerability : missing return value check Problem-Type : local Debian-specific: no CVE ID : CAN-2005-0078 Raphaël Enrici discovered that the KDE screensaver can crash under certain local circumstances. This can be exploited by an attacker with physical access to the workstation to take over the desktop session. For the stable distribution (woody) this problem has been fixed in version 2.2.2-14.9. This problem has been fixed upstream in KDE 3.0.5 and is therefore fixed in the unstable (sid) and testing (sarge) distributions already. We recommend that you upgrade your kscreensaver package. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: Size/MD5 checksum: 1155 dfe0d609c615fe8b7935892ccd0dab4e Size/MD5 checksum: 73052 abcc2cbac602c1c557fad0816e970db5 Size/MD5 checksum: 13035693 3c17b6821bbd05c7e04682c70cb7de8a Architecture independent components: Size/MD5 checksum: 3140996 17745ec3c454d65516d6e19af77ba080 Size/MD5 checksum: 962194 a6e045e59fb5f5d409eef6f91cafda37 Alpha architecture: Size/MD5 checksum: 488956 cebb2cb36c834c6693cad6ff9214cf15 Size/MD5 checksum: 6991454 4c054e1747b10c4465f6430c3329eb13 Size/MD5 checksum: 108078 1103e988ce6817b8f7085ed7bf57f7d7 Size/MD5 checksum: 49514 0a60e5d0b2ce1f848d82ef20c5167691 Size/MD5 checksum: 1988950 d75b23f2b08b1611a6947c26044ce641 Size/MD5 checksum: 436126 b39964dfd1a9090c8fef9265829d9e57 Size/MD5 checksum: 2229054 6e57e8b0639bb780707c1a4e747d5cf6 Size/MD5 checksum: 538632 39ee4795e5ab89cf52704fd4c2db06fa Size/MD5 checksum: 482956 4482d999c2981e95db3a3d47f4444f96 Size/MD5 checksum: 46042 8d894c8f9f1c376f5a5300a94fe9b04b Size/MD5 checksum: 270520 1a6e146175770e64d965ffd031abd519 ARM architecture: Size/MD5 checksum: 418864 e203c7a41042168e7ec089cc08fcdce9 Size/MD5 checksum: 6520888 09ba2542f77611bbc392185a34b6a235 Size/MD5 checksum: 86506 40f71a0729f46cc49c1b014d5e5e9f35 Size/MD5 checksum: 48612 afe2715d9a3eee6a20a8ac5bd200172e Size/MD5 checksum: 1680906 c0530300b569a5a37d722f681c0701d5 Size/MD5 checksum: 390882 cdef2636462f0b210de63271b4c4f771 Size/MD5 checksum: 1926580 76e6578bc030bd975b1a6795b3957a5d Size/MD5 checksum: 457596 ec72c3fbb862b4658365f7e1a3c879a3 Size/MD5 checksum: 375628 72ef3fa402a0a7431df669a88d97def4 Size/MD5 checksum: 46046 33ce8b120a20172ebdbaf87c87592169 Size/MD5 checksum: 216052 e6f3a3b8241e0db05f55c8415e510ecb Intel IA-32 architecture: Size/MD5 checksum: 407970 0b38c2916480159a70f4099b75053cf4 Size/MD5 checksum: 6486276 ad3dadbc95b46598105de11f7e740a7a Size/MD5 checksum: 84028b9aa9ee1f7f57d6e9e122a2c28192d6f Size/MD5 checksum: 47816 036e86f41c43ec6f2ec65ebe77f8d758 Size/MD5 checksum: 1653012 5b195fdbb260cb9dd909cd7d440e65d9 Size/MD5 checksum: 395818 0ba48e2582510942777b42b9c961d0c0 Size/MD5 checksum: 1929328 b31b3b160c849141cc1bd1a78e3c6c55 Size/MD5 checksum: 459074 69e1a604af6da9f2a066db19024faf43 Size/MD5 checksum: 396370 10708fe013b78828a1a99fb3d97838db Size/MD5 checksum: 46048 bbad375447a928a1a139a4904a861de8 Size/MD5 checksum: 221032 c78e8eae29e20bad3e41658ad78787eb Intel IA-64 architecture: Size/MD5 checksum: 611890 5a0c52e8b157dbd2e64b9389a1b03950 Size/MD5 checksum: 7541710 448f5fa9121adaa13ce78c0d686fa76a Size/MD5 checksum: 120072 220e21286d13a231a678d52800c7362e Size/MD5 checksum: 52250 842516a87bc2ab2a7e4025841c8ecb3d Size/MD5 checksum: 2465710 732bd2c1c5d39d404c2a14443314e440 Size/MD5 checksum: 538810 62b9975f93d1b1d749234999b315afbf Size/MD5 checksum: 2490004 1cf73d089139a55dcb25598cc947aa17 Size/MD5 checksum: 598614 b600efadf0f8cb66fe826640ada3fe8b Size/MD5 checksum: 551750 8a55a06301a84473009226cb5976042e Size/MD5 checksum: 46036 f9681cb495e56a3224f8bca6d9d68b0a Size/MD5 checksum: 347646 ef3d8d7209c297c995a3f7b042d747be HP Precision architecture: Size/MD5 checksum: 514094 2eb07e6acd45bb7847807a69f1c2c6d6 Size/MD5 checksum: 6986014 ed12ea654a6d000bce9def3696c27fb4 Size/MD5 checksum: 106130 f51a4108d6101e52db2455dbc646ffba Size/MD5 checksum: 49686 887499fa02280212867459c77c80ed63 Size/MD5 checksum: 2085756 548a99abdf666883f8aa9cf49061cb17 Size/MD5 checksum: 445852 fded136e5ddb52ab29cafd7d69e55d7e Size/MD5 checksum: 2190354 35757070838eb023fc43f6baf9a201a9 Size/MD5 checksum: 517774 eead16edc06d70e083a2e06a9a539459 Size/MD5 checksum: 456948 c408303889ceda15ff248eaeb0d1e61d Size/MD5 checksum: 46040 20e7c3be70470cf60093da3b73b1067d Size/MD5 checksum: 260306 437312542ffb7486c18d97bc9f1fe48b Motorola 680x0 architecture: Size/MD5 checksum: 403884 7844857493ec07c68f1a9f568d9cddb4 Size/MD5 checksum: 6472796 ac6f1697ec714ab8f11ad2cbed1352a0 Size/MD5 checksum: 84792 c322d9cb2ff703cde4415fc97c2b6c72 Size/MD5 checksum: 47580 2f7b713e25132a6c8c0018572ee192c9 Size/MD5 checksum: 1633348 fdd16124da1626012ae6b52000acf20c Size/MD5 checksum: 381482 7ffef06bb41a5c38d6a1dce88f8635b5 Size/MD5 checksum: 1915896 60a42a0b6d2323c35a490534640acbd2 Size/MD5 checksum: 458218 6b2ef323d7faaed0cb06cd9d13656436 Size/MD5 checksum: 394510 6e442e47b60fcce94af235e51c40bdda Size/MD5 checksum: 46044 52ae57a7c907641c2b59320fb63bfc20 Size/MD5 checksum: 212060 0a4be5dfc31ae0e3deeb8d110b9ce859 Big endian MIPS architecture: Size/MD5 checksum: 413590 9dc1fe8f2522d18766b9d24ef6545f79 Size/MD5 checksum: 6476868 1ccdb4b6e924c6df6c7b03d5e325ac5e Size/MD5 checksum: 81234 e916912d6d4d9b67fbb30e31029e5f4a Size/MD5 checksum: 49570 87614b6d2b7ea08ae1ffbfab2a4251b6 Size/MD5 checksum: 1531226 d399256ffcd12ab9928a83da0885fe72 Size/MD5 checksum: 381466 2aebf97b0c92505105dc2865dce3766f Size/MD5 checksum: 1884966 9ff5812fab1142811f4f92143f4ddcbd Size/MD5 checksum: 477618 376a2f114ddd58f04ae646197f045c58 Size/MD5 checksum: 420094 8323871f3474733b911379b5a96378bf Size/MD5 checksum: 46046 3e0327aee72d00aa42dea64c358c397b Size/MD5 checksum: 206052 42ab931bcf3ddd9dc4d85d167ea62438 Little endian MIPS architecture: Size/MD5 checksum: 408664 b3099a63b4094579c91b410b49d83529 Size/MD5 checksum: 6448420e14dd39e3da6f208c981e954e5751351 Size/MD5 checksum: 80674 33fc4fb06df59e03876c8ffad32c95ae Size/MD5 checksum: 49652 f60498f2dfc73ebb17fa09c42a1f7087 Size/MD5 checksum: 1513044 64899a5cff5d59b741dc0cf4ff7eddf4 Size/MD5 checksum: 379328 7e9192a349f3010dd507767585c0a94b Size/MD5 checksum: 1869748 e4f2e9974392c55b860a96f0bd4a6515 Size/MD5 checksum: 474078 0e8f84272c164dd4dd9cfc70095affd7 Size/MD5 checksum: 416880 5dab7aa13a7b63a8fdcecb06c8224979 Size/MD5 checksum: 46046 862b384dd78394336a4bd90677041c65 Size/MD5 checksum: 203500 77b9625085171d0f3ffc5450e3f3fe5a PowerPC architecture: Size/MD5 checksum: 424568 0e7724795fff69713e61737304b011a6 Size/MD5 checksum: 6494884 994a68ccf381bc560acb7784c7bd19d6 Size/MD5 checksum: 85654 842951482e03727551878eb312b0af67 Size/MD5 checksum: 48680 38da3b9cadde36be3c9078118e595726 Size/MD5 checksum: 1665002 79175104f5b11fc1bbf6a2e4ae22c272 Size/MD5 checksum: 388384 0118926ee6cc39f61fb4cfd38f036f48 Size/MD5 checksum: 1931522 731ffdb85e956700a562c44f3f4d3f34 Size/MD5 checksum: 459866 2fdf70f483bb56ed5b40b3993b8ce6fe Size/MD5 checksum: 369616 e5f1c98b98b99cc2c307e3279dfd7df1 Size/MD5 checksum: 46042 90a9717d835ce257756bef07eb84bca0 Size/MD5 checksum: 220524 258f7ef196999c48f9586b60894fc27c IBM S/390 architecture: Size/MD5 checksum: 434620 2644f6e7392eaeb1e909262e9b25a50b Size/MD5 checksum: 6577338 dfd793aff448e4c8a332330a9f0d5f14 Size/MD5 checksum: 85472 83a87d726b05c070cbdf27f439817724 Size/MD5 checksum: 48134 440ed2d3d0abc0c15ebad8a1099095b4 Size/MD5 checksum: 1699114 3d8dedbe000116f6089d4d37c1ce980e Size/MD5 checksum: 392128 c4f42f7ddd5c24e48d83ff3b34a010f4 Size/MD5 checksum: 1977992 f7cceb9e9309bc01ae761dc4bd83f63b Size/MD5 checksum: 478626 75754353588d0f2bbf7f6f8993432ef3 Size/MD5 checksum: 428768 e9cf91a0766f9c3aeefbe227f4f8c061 Size/MD5 checksum: 46040 95ab5d3a3006bd1f21c4c273f4bfddc8 Size/MD5 checksum: 227590 4ab5593c6f62bcaecde3b0f8275f4a72 Sun Sparc architecture: Size/MD5 checksum: 427276 c01793500f0644abee85f7bab876b4d2 Size/MD5 checksum: 6528768 3c3068f375072560a5f4203980f560f5 Size/MD5 checksum: 86702 ebcfd07aab1a5e98f2f21c294b9acec2 Size/MD5 checksum: 48042 19d9d7d96bf6964117af204eb52dbec8 Size/MD5 checksum: 1671584 e3cb6241c21ad30e34a668140d582dc4 Size/MD5 checksum: 390762 f6b891cea82726586a0551bfb08688de Size/MD5 checksum: 1939998 4b66439b38ab03d4882b9651523f46ab Size/MD5 checksum: 468830 f4d49ea7fa19782987bf7ad3048e1556 Size/MD5 checksum: 391342 2fbd92a134367967f5af6d74b54d67d1 Size/MD5 checksum: 46038 a31928bb3ae42311d8c12a7a4d857cbc Size/MD5 checksum: 219372 cd51b55bd951624d5336fc56d0befdf8 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian Security Announcement DSA 660-1 addressing a vulnerability in the screensaver leading to potential session hijacking by malicious actors.. Debian Security,KDE Exploit,Session Management,Attack Mitigation. . Severity: Critical. LinuxSecurity.com Team

Jan 26, 2005 •Critical Debian

Stay Secure with the Latest Linux Advisories

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

Red Hat: RHSA-2022:8961-01 Important: Keycloak Session Takeover

Red Hat Single Sign-On 7.6.1 Advisory RHSA-2022:8963-01 Important Severity

Red Hat: RHSA-2022:8962-01 Important: Single Sign-On 7.6.1 Security Issues

Arch Linux: ASA-202106-19 Low Severity: Keycloak Session Takeover Risk

Debian: DSA-2332-1 Moderate: Python-Django Session Takeover

Debian DSA 660-1 Critical: KDE Screensaver Local Session Takeover

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Refine advisories

severity

Topics

Distro

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!