Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -7 articles for you...
202
security advisorysecurity updatemoderate threatopenSUSE 15-SP3: 2022:0061-1 Moderate: sftp Fingerprint Verification Issue
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for mc ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0061-1 Rating: moderate References: #1190180 Cross-References: CVE-2021-36370 CVSS scores: CVE-2021-36370 (SUSE): 4.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Affected Products: openSUSE Backports SLE-15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for mc fixes the following issues: Midnight Commander 4.8.27: * Core - Reimplement version detection (#3603, #4249) - Significantly reduce rebuilt time after version change (#2252, #4266) - Drop automatic migration of configuration from ~/.mc to XDG-based directories (#3682) - zsh: support custom configuration file: ~/.local/share/mc/.zshrc (#4203) - Widgets: implement WST_VISIBLE state to show/hide widgets (#2919) - Find File: add Follow symlinks option (#2020) * VFS - extfs: support unrar-6 (#4154) - extfs: support official 7z binary (7zz) (#4239) - ftpfs: apply file list parser from lftp project (#2841, #3174) * Editor - Word completion: get candidates from all open files (#4160) - etags: get rid of hardcoded list length and window width (#4132) - Update syntax files: - python (#4140) - Add syntax highlighting: - Verilog and SystemVerilog? header files (#4215) - JSON (#4250) - openrc-run scripts (#4246) * Misc - Filehighlight of c++ and h++ files as sources (#4194) - Filehighlight of JSON files as documents (#4250) - Support of alacritty terminal emulator (??? (#4248) - Support of foot terminal emulator (??? (#4251) - Support of (alt+)shift+arrow keys in st terminal emulator (st.suckless.org) (#4267) - Mouse support in screen: don't check variable (#4233) - mc.ext: support fb2 e-books (#4167) - ext.d: use mediainfo to view info about various media files (#4167) - Remove OS/distro-specific package-related stuff from source tree (#4217) * Fixes - FTBFS against NCurses on OS X 10.9.5 (#4181) - Segfault on dialog before panels get visible (#4244) - Crash if shadow is out of screen (build against NCurses) (#4192) - Crash in search (#4222) - Crash on startup with enabled subshell in FreeBSD (workaround) (#4213) - Hang on start randomly with zsh as subshell (#4198) - If command line is invisible it's partially displayed (#4182) - Broken handling of zip archives (#4180, #4183) - Broken handling of jar files as zip archives (#4223) - Timestamps of symlinks, sockets, fifos, etc are not preserved after copy/move (#3985) - %view action in the user menu doesn't work on no-exec filesystem (#4242) - Hardlinks are not colored by file type or extension (#3375) - mcedit: silent macro makes terminal disrupted (#4171) - mcedit: disrupting of TAGS file path (#4207) - vfs: unable to browse compressed tar archives (#4191) - sftpfs vfs: CVE-2021-36370: server fingerprint isn't verified (discovered by AUT-milCERT during an audit of open source software) (#4259) - ftpfs vfs: month of file is always January (#4260) - Tests: log files are written by libcheck and automake simultaneously (#3986) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-61=1 Package List: - openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le s390x x86_64): mc-4.8.27-bp153.2.3.1 - openSUSE Backports SLE-15-SP3(noarch): mc-lang-4.8.27-bp153.2.3.1 References: https://www.suse.com/security/cve/CVE-2021-36370.html https://bugzilla.suse.com/1190180 . A crucial patch has been released for mc that addresses significant vulnerabilities, notably enhancing server identity verification in openSUSE.. openSUSE Security, mc Update, Moderate Threat, Server Fingerprint, sftp Safety. . LinuxSecurity.com Team
Mar 01, 2022
OpenSUSE
91
security advisorygentoocode executionGentoo: GLSA-200502-28 Normal: PuTTY Remote Code Execution Threat
PuTTY was found to contain vulnerabilities that can allow a malicious SFTP server to execute arbitrary code on unsuspecting PSCP and PSFTP clients. [More...]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200502-28 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: PuTTY: Remote code execution Date: February 21, 2005 Bugs: #82753 ID: 200502-28 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= PuTTY was found to contain vulnerabilities that can allow a malicious SFTP server to execute arbitrary code on unsuspecting PSCP and PSFTP clients. Background ========= PuTTY is a popular SSH client, PSCP is a secure copy implementation, and PSFTP is a SSH File Transfer Protocol client. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/putty < 0.57 > = 0.57 Description ========== Two vulnerabilities have been discovered in the PSCP and PSFTP clients, which can be triggered by the SFTP server itself. These issues are caused by the improper handling of the FXP_READDIR response, along with other string fields. Impact ===== An attacker can setup a malicious SFTP server that would send these malformed responses to a client, potentially allowing the execution of arbitrary code on their system. Workaround ========= There is no known workaround at this time. Resolution ========= All PuTTY users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-misc/putty-0.57" References ========= [ 1 ] PuTTY vulnerability vuln-sftp-readdir https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-sftp-readdir.html [ 2 ] PuTTY vulnerability vuln-sftp-string https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-sftp-string.html [ 3 ] CAN-2005-0467 https://www.cve.org/CVERecord?id=CAN-2005-0467 [ 4 ] iDEFENSE Advisory ;type=vulnerabilities Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200502-28 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Feb 21, 2005
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!