Alerts This Week
Warning Icon 1 684
Alerts This Week
Warning Icon 1 684

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -6 articles for you...
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorysecurity updatecritical

RedHat 5, 6, 7 RHSA-2015-0079-01 Critical: Java SSL Issues

Updated java-1.7.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-oracle security update Advisory ID: RHSA-2015:0079-01 Product: Oracle Java for Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2015:0079.html Issue date: 2015-01-22 CVE Names: CVE-2014-3566 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591 CVE-2014-6593 CVE-2014-6601 CVE-2015-0383 CVE-2015-0395 CVE-2015-0403 CVE-2015-0406 CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412 CVE-2015-0413 ==================================================================== 1. Summary: Updated java-1.7.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Client 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux HPC Node 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64 Oracle Java for Red HatEnterprise Linux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Workstation 6 - i386, x86_64 3. Description: Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412, CVE-2015-0413) The CVE-2015-0383 issue was discovered by Red Hat. Note: With this update, the Oracle Java SE now disables the SSL 3.0 protocol to address the CVE-2014-3566 issue (also known as POODLE). Refer to the Red Hat Bugzilla bug linked to in the References section for instructions on how to re-enable SSL 3.0 support if needed. All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 75 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1123870 - CVE-2015-0383 OpenJDK: insecure hsperfdata temporary file handling (Hotspot, 8050807) 1152789 - CVE-2014-3566 SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack 1183020 - CVE-2014-6601 OpenJDK: class verifier insufficient invokespecial calls verification (Hotspot, 8058982) 1183021 - CVE-2015-0412 OpenJDK:insufficient code privileges checks (JAX-WS, 8054367) 1183023 - CVE-2015-0408 OpenJDK: incorrect context class loader use in RMI transport (RMI, 8055309) 1183031 - CVE-2015-0395 OpenJDK: phantom references handling issue in garbage collector (Hotspot, 8047125) 1183043 - CVE-2015-0407 OpenJDK: directory information leak via file chooser (Swing, 8055304) 1183044 - CVE-2015-0410 OpenJDK: DER decoder infinite loop (Security, 8059485) 1183049 - CVE-2014-6593 OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555) 1183645 - CVE-2014-6585 ICU: font parsing OOB read (OpenJDK 2D, 8055489) 1183646 - CVE-2014-6591 ICU: font parsing OOB read (OpenJDK 2D, 8056276) 1183715 - CVE-2014-6587 OpenJDK: MulticastSocket NULL pointer dereference (Libraries, 8056264) 1184275 - CVE-2015-0403 Oracle JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment) 1184277 - CVE-2015-0406 Oracle JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment) 1184278 - CVE-2015-0413 Oracle JDK: unspecified vulnerability fixed in 7u75 and 8u31 (Serviceability) 6. Package List: Oracle Java for Red Hat Enterprise Linux Client 5: i386: java-1.7.0-oracle-1.7.0.75-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el5_11.i586.rpm x86_64: java-1.7.0-oracle-1.7.0.75-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Desktop5: i386: java-1.7.0-oracle-1.7.0.75-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el5_11.i586.rpm x86_64: java-1.7.0-oracle-1.7.0.75-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Desktop 6: i386: java-1.7.0-oracle-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el6.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux HPC Node6: i386: java-1.7.0-oracle-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el6.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server 6: i386: java-1.7.0-oracle-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el6.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation6: i386: java-1.7.0-oracle-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el6.i686.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el6.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.1.el6.x86_64.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.1.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Client (v. 7): Source: java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.src.rpm x86_64: java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.i686.rpm java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.2.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.2.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7): Source: java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.src.rpm x86_64: java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.i686.rpm java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.2.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.2.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server (v.7): Source: java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.src.rpm x86_64: java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.i686.rpm java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.2.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.2.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation (v. 7): Source: java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.src.rpm x86_64: java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.i686.rpm java-1.7.0-oracle-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.2.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.75-1jpp.2.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.75-1jpp.2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7.References: https://access.redhat.com/security/cve/CVE-2014-3566 https://access.redhat.com/security/cve/CVE-2014-6585 https://access.redhat.com/security/cve/CVE-2014-6587 https://access.redhat.com/security/cve/CVE-2014-6591 https://access.redhat.com/security/cve/CVE-2014-6593 https://access.redhat.com/security/cve/CVE-2014-6601 https://access.redhat.com/security/cve/CVE-2015-0383 https://access.redhat.com/security/cve/CVE-2015-0395 https://access.redhat.com/security/cve/CVE-2015-0403 https://access.redhat.com/security/cve/CVE-2015-0406 https://access.redhat.com/security/cve/CVE-2015-0407 https://access.redhat.com/security/cve/CVE-2015-0408 https://access.redhat.com/security/cve/CVE-2015-0410 https://access.redhat.com/security/cve/CVE-2015-0412 https://access.redhat.com/security/cve/CVE-2015-0413 https://access.redhat.com/security/updates/classification#critical https://www.oracle.com/security-alerts/cpujan2015.html https://bugzilla.redhat.com/show_bug.cgi?id=1152789#c82 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUwXGGXlSAg2UNWIIRAiEzAKCUzHBJSR0h5fzNRRGR3Er/ReR9BgCdFoMD DlOFtOkpjBsWlvgOJtawTDU=JlUw -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Important security patch for Python on CentOS addresses various vulnerabilities affecting Oracle Python setups. Upgrade advised.. Red Hat Java Update, Critical Security Patch, Oracle Java Security. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jan 22, 2015 Critical Red Hat
200
Ls Advisories Scientific Esm H240
Price Tag 1security advisorythunderbirdimportant update

SciLinux: Important Thunderbird Security Update Errata 09-58-10

Important: thunderbird security update. Date: Thu, 8 Sep 2011 09:58:10 -0500 Reply-To: "Tyler L. Parsons" Sender: Security Errata for Scientific Linux From: "Tyler L. Parsons" Subject: Security ERRATA Important: thunderbird on SL4.x, SL5.x, SL6.x i386/x86_64 Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it." MIME-Version: 1.0 Synopsis: Important: thunderbird security update Issue Date: 2011-09-06 Mozilla Thunderbird is a standalone mail and newsgroup client. A previous Thunderbird update rendered HTTPS certificates signed by a certain Certificate Authority (CA) as untrusted, but made an exception for a select few. This update removes that exception, rendering every HTTPS certificate signed by that CA as untrusted. All Thunderbird users should upgrade to this updated package, which resolves this issue. All running instances of Thunderbird must be restarted for the update to take effect. SL4: i386 thunderbird-1.5.0.12-43.el4.i386.rpm thunderbird-debuginfo-1.5.0.12-43.el4.i386.rpm x86_64 thunderbird-debuginfo-1.5.0.12-43.el4.x86_64.rpm thunderbird-1.5.0.12-43.el4.x86_64.rpm SL5: i386 thunderbird-debuginfo-2.0.0.24-25.el5.i386.rpm thunderbird-2.0.0.24-25.el5.i386.rpm x86_64 thunderbird-2.0.0.24-25.el5.x86_64.rpm thunderbird-debuginfo-2.0.0.24-25.el5.x86_64.rpm SL6: i386 thunderbird-debuginfo-3.1.14-1.el6_1.i686.rpm thunderbird-3.1.14-1.el6_1.i686.rpm x86_64 thunderbird-3.1.14-1.el6_1.x86_64.rpm thunderbird-debuginfo-3.1.14-1.el6_1.x86_64.rpm - Scientific Linux Development Team . The latest security patch for Mozilla Thunderbird addresses concerns related to SSL certificate trust for both SL4 and SL5 versions.. thunderbird security update, scientific linux, mail client update. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Sep 08, 2011 Important Scientific Linux
Banner 2 1028x280 1708121730 1 1771599631
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedorasoftware update

Fedora 10 ProFTPD 1.3.1-8 Critical: CSRF Command Execution Fix

This update fixes a security issue where an attacker could conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands. It also fixes some SSL shutdown issues seen with certain clients.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2009-0089 2009-01-07 06:45:03 --------------------------------------------------------------------------------Name : proftpd Product : Fedora 10 Version : 1.3.1 Release : 8.fc10 URL : http://www.proftpd.org/ Summary : Flexible, stable and highly-configurable FTP server Description : ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory visibility. This package defaults to the standalone behaviour of ProFTPD, but all the needed scripts to have it run by xinetd instead are included. --------------------------------------------------------------------------------Update Information: This update fixes a security issue where an attacker could conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands. It also fixes some SSL shutdown issues seen with certain clients. --------------------------------------------------------------------------------ChangeLog: * Fri Jan 2 2009 Matthias Saou 1.3.1-8 - Update default configuration to have a lit of available modules and more example configuration for them. - Include patches to fix TLS issues (#457280). * Fri Jan 2 2009 Matthias Saou 1.3.1-7 - Add Debian patch to fix CSRF vulnerability (#464127, upstream #3115). --------------------------------------------------------------------------------References: [ 1 ] Bug #464127 - CVE-2008-4242 proftpd CSRF attack https://bugzilla.redhat.com/show_bug.cgi?id=464127 --------------------------------------------------------------------------------This update can be installed with the "yum" update program. Use su -c 'yum update proftpd' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . ProFTPD patch enhances protection against CSRF vulnerabilities while addressing SSL termination issues in Fedora 10. Ensure safety with the newest updates.. ProFTPD, Fedora 10, CSRF Fixes, FTP Server Security. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jan 07, 2009 Critical Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here