Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
100
security advisorysoftware updatearbitrary code executionSUSE: 2018:1744-1 Important: slf4j Arbitrary Code Execution Fix
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for slf4j ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1744-1 Rating: important References: #1085970 Cross-References: CVE-2018-8088 Affected Products: SUSE OpenStack Cloud 8 SUSE Manager Server 3.1 SUSE Manager Server 3.0 SUSE Linux Enterprise Software Development Kit 12-SP3 OpenStack Cloud Crowbar 8 HPE Helion OpenStack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for slf4j fixes the following issues: - CVE-2018-8088: Disallow EventData deserialization by default to avoid arbitrary code execution using serialized data (bsc#1085970) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2018-1175=1 - SUSE Manager Server 3.1: zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-1175=1 - SUSE Manager Server 3.0: zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2018-1175=1 - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1175=1 - OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2018-1175=1 - HPE Helion OpenStack 8: zypper in -t patch HPE-Helion-OpenStack-8-2018-1175=1 Package List: - SUSE OpenStack Cloud 8 (noarch): slf4j-1.7.12-3.3.1 - SUSE Manager Server 3.1 (noarch): slf4j-1.7.12-3.3.1 - SUSE Manager Server 3.0 (noarch): slf4j-1.7.12-3.3.1 - SUSE LinuxEnterprise Software Development Kit 12-SP3 (noarch): slf4j-1.7.12-3.3.1 - OpenStack Cloud Crowbar 8 (noarch): slf4j-1.7.12-3.3.1 - HPE Helion OpenStack 8 (noarch): slf4j-1.7.12-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-8088.html https://bugzilla.suse.com/1085970 . SUSE has released a security patch for slf4j addressing a critical vulnerability tied to the execution of unauthorized code. Discover the details of the fix.. SUSE Update, slf4j Security, Software Patch, Code Execution Risk. . Severity: Important. LinuxSecurity.com Team
Jun 19, 2018
•Important
SuSE
202
security advisorysoftware updateaccess controlopenSUSE Leap 15.0: 2018:1625-1 Important: slf4j Remote Access
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for slf4j ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:1625-1 Rating: important References: #1085970 Cross-References: CVE-2018-8088 Affected Products: openSUSE Leap 15.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for slf4j fixes the following security issue: - CVE-2018-8088: Remote attackers could have bypassed intended access restrictions via crafted data. Disallow EventData deserialization by default from now on (bsc#1085970). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.0: zypper in -t patch openSUSE-2018-601=1 Package List: - openSUSE Leap 15.0 (noarch): slf4j-1.7.12-lp150.4.3.1 slf4j-javadoc-1.7.12-lp150.4.3.1 slf4j-manual-1.7.12-lp150.4.3.1 References: https://www.suse.com/security/cve/CVE-2018-8088.html https://bugzilla.suse.com/1085970 -- . openSUSE Security Update: Security update for slf4j ________________________________________________. update, security, fixes, vulnerability, opensuse. . Severity: Important. LinuxSecurity.com Team
Jun 09, 2018
•Important
OpenSUSE
199
security advisorycritical updatesoftware fixCentOS 7 CESA-2018-0592 Critical: SLF4J Software Update
Upstream details at : https://access.redhat.com/errata/RHSA-2018:0592. CentOS Errata and Security Advisory 2018:0592 Important Upstream details at : https://access.redhat.com/errata/RHSA-2018:0592 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 733630907981b82d45bd40cf4d3f113ff2193a4fdf1e293818669a707b739189 slf4j-1.7.4-4.el7_4.noarch.rpm d145b3bc3337e418173681eade8a1666ad7624271a6e0b10cb41a39010c0fdef slf4j-javadoc-1.7.4-4.el7_4.noarch.rpm 58f4c9dd119e297fd38fcc638d1dc1d359fa281fb425d14eaaa6ec79f548c33f slf4j-manual-1.7.4-4.el7_4.noarch.rpm -- Johnny Hughes CentOS Project { https://www.centos.org/ } irc: hughesjr, #
Mar 27, 2018
•Critical
CentOS
98
security advisoryRed Hatarbitrary code executionCritical Update for Red Hat Enterprise Linux 7: SLF4J Code Execution Risk
An update for slf4j is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: slf4j security update Advisory ID: RHSA-2018:0592-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:0592 Issue date: 2018-03-26 CVE Names: CVE-2018-8088 ==================================================================== 1. Summary: An update for slf4j is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - noarch Red Hat Enterprise Linux ComputeNode (v. 7) - noarch Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Enterprise Linux Server Optional (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - noarch Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - noarch 3. Description: The Simple Logging Facade for Java or (SLF4J) is a simple facade for various logging APIs allowing the end-user to plug in the desired implementation at deployment time. SLF4J also allows for a gradual migration path away from Jakarta Commons Logging (JCL). Security Fix(es): *slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Chris McCown for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1548909 - CVE-2018-8088 slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution 6. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: slf4j-1.7.4-4.el7_4.src.rpm noarch: slf4j-1.7.4-4.el7_4.noarch.rpm slf4j-javadoc-1.7.4-4.el7_4.noarch.rpm slf4j-manual-1.7.4-4.el7_4.noarch.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: slf4j-1.7.4-4.el7_4.src.rpm noarch: slf4j-1.7.4-4.el7_4.noarch.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: slf4j-javadoc-1.7.4-4.el7_4.noarch.rpm slf4j-manual-1.7.4-4.el7_4.noarch.rpm Red Hat Enterprise Linux Server (v. 7): Source: slf4j-1.7.4-4.el7_4.src.rpm noarch: slf4j-1.7.4-4.el7_4.noarch.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: slf4j-1.7.4-4.el7_4.src.rpm noarch: slf4j-1.7.4-4.el7_4.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: slf4j-javadoc-1.7.4-4.el7_4.noarch.rpm slf4j-manual-1.7.4-4.el7_4.noarch.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): noarch: slf4j-javadoc-1.7.4-4.el7_4.noarch.rpm slf4j-manual-1.7.4-4.el7_4.noarch.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: slf4j-1.7.4-4.el7_4.src.rpm noarch: slf4j-1.7.4-4.el7_4.noarch.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: slf4j-javadoc-1.7.4-4.el7_4.noarch.rpm slf4j-manual-1.7.4-4.el7_4.noarch.rpm These packages are GPGsigned by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-8088 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFauU9pXlSAg2UNWIIRAq5nAJ43DFuDCDID+XOZbqzAVYLT1FfH8QCfT3a0 zGEVfR4/IZha9mgrcCMOJFo=Jvxx -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 26, 2018
•Important
Red Hat
200
security advisorycode executiondeserializationSciLinux: SLSA-2018-0592-1 Important: slf4j Code Execution Threat
slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088) SL7 noarch slf4j-1.7.4-4.el7_4.noarch.rpm slf4j-javadoc-1.7.4-4.el7_4.noarch.rpm slf4j-manual-1.7.4-4.el7_4.noarch.rpm - Scientific Linux Development Team. Synopsis: Important: slf4j security update Advisory ID: SLSA-2018:0592-1 Issue Date: 2018-03-26 CVE Numbers: CVE-2018-8088 -- Security Fix(es): * slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088) -- SL7 noarch slf4j-1.7.4-4.el7_4.noarch.rpm slf4j-javadoc-1.7.4-4.el7_4.noarch.rpm slf4j-manual-1.7.4-4.el7_4.noarch.rpm - Scientific Linux Development Team . Crucial security patch for slf4j tackling deserialization vulnerability that permits arbitrary code execution within SL7.. slf4j security, deserialization issue, arbitrary code execution, SL7 security. . Severity: Important. LinuxSecurity.com Team
Mar 26, 2018
•Important
Scientific Linux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!