Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Stay Secure with the Latest Linux Advisories

Fedora Large Esm H800
Fedora

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Calendar White Jun 02, 2026
Important
Oracle Large Esm H800
Oracle

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Calendar White Jun 02, 2026
moderate
Oracle Large Esm H900
Oracle

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Calendar White Jun 03, 2026
Critical
Ubuntu Large Esm H800
Ubuntu

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Calendar White Jun 03, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 5 articles for you...
200
Ls Advisories Scientific Esm H240
Price Tag 1security advisoryupdatebug fix

Scientific Linux SL6: SLSA-2016:0152-1 Moderate: sos Symbolic Link Issue

Moderate: sos security and bug fix update. Date: Tue, 9 Feb 2016 09:17:58 -0600 Reply-To: Pat Riehecky Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: FASTBUGS for SL 6x i386, x86_64 now available MIME-Version: 1.0 Message-ID: The following FASTBUGS have been uploadedto i386: 389-ds-base-1.2.11.15-69.el6_7.i686.rpm 389-ds-base-devel-1.2.11.15-69.el6_7.i686.rpm 389-ds-base-libs-1.2.11.15-69.el6_7.i686.rpm chkconfig-1.3.49.3-5.el6_7.2.i686.rpm clusterlib-3.0.12.1-73.el6_7.2.i686.rpm clusterlib-devel-3.0.12.1-73.el6_7.2.i686.rpm cman-3.0.12.1-73.el6_7.2.i686.rpm cups-pk-helper-0.0.4-13.el6.i686.rpm debugmode-9.03.49-1.el6_7.4.i686.rpm dnsmasq-2.48-16.el6_7.i686.rpm dnsmasq-utils-2.48-16.el6_7.i686.rpm firefox-38.6.0-2.el6_7.i686.rpm gedit-2.28.4-4.el6.i686.rpm gedit-devel-2.28.4-4.el6.i686.rpm gfs2-utils-3.0.12.1-73.el6_7.2.i686.rpm httpd-2.2.15-47.sl6.2.i686.rpm httpd-2.2.15-47.sl6.3.i686.rpm httpd-devel-2.2.15-47.sl6.2.i686.rpm httpd-devel-2.2.15-47.sl6.3.i686.rpm httpd-manual-2.2.15-47.sl6.2.noarch.rpm httpd-manual-2.2.15-47.sl6.3.noarch.rpm httpd-tools-2.2.15-47.sl6.2.i686.rpm httpd-tools-2.2.15-47.sl6.3.i686.rpm initscripts-9.03.49-1.el6_7.4.i686.rpm kdelibs-4.3.4-24.el6_7.i686.rpm kdelibs-apidocs-4.3.4-24.el6_7.noarch.rpm kdelibs-common-4.3.4-24.el6_7.i686.rpm kdelibs-devel-4.3.4-24.el6_7.i686.rpm kernel-2.6.32-573.18.1.el6.i686.rpm kernel-abi-whitelists-2.6.32-573.18.1.el6.noarch.rpm kernel-debug-2.6.32-573.18.1.el6.i686.rpm kernel-debug-devel-2.6.32-573.18.1.el6.i686.rpm kernel-devel-2.6.32-573.18.1.el6.i686.rpm kernel-doc-2.6.32-573.18.1.el6.noarch.rpm kernel-firmware-2.6.32-573.18.1.el6.noarch.rpm kernel-headers-2.6.32-573.18.1.el6.i686.rpm kexec-tools-2.0.0-286.el6_7.1.i686.rpm kexec-tools-eppic-2.0.0-286.el6_7.1.i686.rpm libgovirt-0.3.2-1.el6_7.2.i686.rpm libgovirt-devel-0.3.2-1.el6_7.2.i686.rpm libipa_hbac-1.12.4-47.el6_7.7.i686.rpm libipa_hbac-devel-1.12.4-47.el6_7.7.i686.rpm libipa_hbac-python-1.12.4-47.el6_7.7.i686.rpm librdmacm-1.0.19.1-1.1.el6_7.i686.rpm librdmacm-devel-1.0.19.1-1.1.el6_7.i686.rpm librdmacm-static-1.0.19.1-1.1.el6_7.i686.rpm librdmacm-utils-1.0.19.1-1.1.el6_7.i686.rpm libsss_idmap-1.12.4-47.el6_7.7.i686.rpm libsss_idmap-devel-1.12.4-47.el6_7.7.i686.rpm libsss_nss_idmap-1.12.4-47.el6_7.7.i686.rpm libsss_nss_idmap-devel-1.12.4-47.el6_7.7.i686.rpm libsss_nss_idmap-python-1.12.4-47.el6_7.7.i686.rpm libsss_simpleifp-1.12.4-47.el6_7.7.i686.rpm libsss_simpleifp-devel-1.12.4-47.el6_7.7.i686.rpm mod_ssl-2.2.15-47.sl6.2.i686.rpm mod_ssl-2.2.15-47.sl6.3.i686.rpm ntsysv-1.3.49.3-5.el6_7.2.i686.rpm pango-1.28.1-11.el6.i686.rpm pango-devel-1.28.1-11.el6.i686.rpm paps-0.6.8-13.el6.3.i686.rpm paps-devel-0.6.8-13.el6.3.i686.rpm paps-libs-0.6.8-13.el6.3.i686.rpm perf-2.6.32-573.18.1.el6.i686.rpm php-5.3.3-46.el6_7.1.i686.rpm php-bcmath-5.3.3-46.el6_7.1.i686.rpm php-cli-5.3.3-46.el6_7.1.i686.rpm php-common-5.3.3-46.el6_7.1.i686.rpm php-dba-5.3.3-46.el6_7.1.i686.rpm php-devel-5.3.3-46.el6_7.1.i686.rpm php-embedded-5.3.3-46.el6_7.1.i686.rpm php-enchant-5.3.3-46.el6_7.1.i686.rpm php-fpm-5.3.3-46.el6_7.1.i686.rpm php-gd-5.3.3-46.el6_7.1.i686.rpm php-imap-5.3.3-46.el6_7.1.i686.rpm php-intl-5.3.3-46.el6_7.1.i686.rpm php-ldap-5.3.3-46.el6_7.1.i686.rpm php-mbstring-5.3.3-46.el6_7.1.i686.rpm php-mysql-5.3.3-46.el6_7.1.i686.rpm php-odbc-5.3.3-46.el6_7.1.i686.rpm php-pdo-5.3.3-46.el6_7.1.i686.rpm php-pgsql-5.3.3-46.el6_7.1.i686.rpm php-process-5.3.3-46.el6_7.1.i686.rpm php-pspell-5.3.3-46.el6_7.1.i686.rpm php-recode-5.3.3-46.el6_7.1.i686.rpm php-snmp-5.3.3-46.el6_7.1.i686.rpm php-soap-5.3.3-46.el6_7.1.i686.rpm php-tidy-5.3.3-46.el6_7.1.i686.rpm php-xml-5.3.3-46.el6_7.1.i686.rpm php-xmlrpc-5.3.3-46.el6_7.1.i686.rpm php-zts-5.3.3-46.el6_7.1.i686.rpm pki-ca-9.0.3-45.el6_7.noarch.rpm pki-common-9.0.3-45.el6_7.noarch.rpm pki-common-javadoc-9.0.3-45.el6_7.noarch.rpm pki-java-tools-9.0.3-45.el6_7.noarch.rpm pki-java-tools-javadoc-9.0.3-45.el6_7.noarch.rpm pki-native-tools-9.0.3-45.el6_7.i686.rpm pki-selinux-9.0.3-45.el6_7.noarch.rpm pki-setup-9.0.3-45.el6_7.noarch.rpm pki-silent-9.0.3-45.el6_7.noarch.rpm pki-symkey-9.0.3-45.el6_7.i686.rpm pki-util-9.0.3-45.el6_7.noarch.rpm pki-util-javadoc-9.0.3-45.el6_7.noarch.rpm poppler-0.12.4-5.el6_7.1.i686.rpm poppler-devel-0.12.4-5.el6_7.1.i686.rpm poppler-glib-0.12.4-5.el6_7.1.i686.rpm poppler-glib-devel-0.12.4-5.el6_7.1.i686.rpm poppler-qt-0.12.4-5.el6_7.1.i686.rpm poppler-qt4-0.12.4-5.el6_7.1.i686.rpm poppler-qt4-devel-0.12.4-5.el6_7.1.i686.rpm poppler-qt-devel-0.12.4-5.el6_7.1.i686.rpm poppler-utils-0.12.4-5.el6_7.1.i686.rpm pulseaudio-0.9.21-24.el6.i686.rpm pulseaudio-esound-compat-0.9.21-24.el6.i686.rpm pulseaudio-gdm-hooks-0.9.21-24.el6.i686.rpm pulseaudio-libs-0.9.21-24.el6.i686.rpm pulseaudio-libs-devel-0.9.21-24.el6.i686.rpm pulseaudio-libs-glib2-0.9.21-24.el6.i686.rpm pulseaudio-libs-zeroconf-0.9.21-24.el6.i686.rpm pulseaudio-module-bluetooth-0.9.21-24.el6.i686.rpm pulseaudio-module-gconf-0.9.21-24.el6.i686.rpm pulseaudio-module-x11-0.9.21-24.el6.i686.rpm pulseaudio-module-zeroconf-0.9.21-24.el6.i686.rpm pulseaudio-utils-0.9.21-24.el6.i686.rpm python-perf-2.6.32-573.18.1.el6.i686.rpm python-sssdconfig-1.12.4-47.el6_7.7.noarch.rpm sg3_utils-1.28-9.el6_7.i686.rpm sg3_utils-devel-1.28-9.el6_7.i686.rpm sg3_utils-libs-1.28-9.el6_7.i686.rpm sssd-1.12.4-47.el6_7.7.i686.rpm sssd-ad-1.12.4-47.el6_7.7.i686.rpm sssd-client-1.12.4-47.el6_7.7.i686.rpm sssd-common-1.12.4-47.el6_7.7.i686.rpm sssd-common-pac-1.12.4-47.el6_7.7.i686.rpm sssd-dbus-1.12.4-47.el6_7.7.i686.rpm sssd-ipa-1.12.4-47.el6_7.7.i686.rpm sssd-krb5-1.12.4-47.el6_7.7.i686.rpm sssd-krb5-common-1.12.4-47.el6_7.7.i686.rpm sssd-ldap-1.12.4-47.el6_7.7.i686.rpm sssd-proxy-1.12.4-47.el6_7.7.i686.rpm sssd-tools-1.12.4-47.el6_7.7.i686.rpm urw-fonts-2.4-11.el6.noarch.rpm virt-manager-0.9.0-29.el6_7.1.i686.rpm x86_64: 389-ds-base-1.2.11.15-69.el6_7.x86_64.rpm 389-ds-base-devel-1.2.11.15-69.el6_7.i686.rpm 389-ds-base-devel-1.2.11.15-69.el6_7.x86_64.rpm 389-ds-base-libs-1.2.11.15-69.el6_7.i686.rpm 389-ds-base-libs-1.2.11.15-69.el6_7.x86_64.rpm chkconfig-1.3.49.3-5.el6_7.2.x86_64.rpm clusterlib-3.0.12.1-73.el6_7.2.i686.rpm clusterlib-3.0.12.1-73.el6_7.2.x86_64.rpm clusterlib-devel-3.0.12.1-73.el6_7.2.i686.rpm clusterlib-devel-3.0.12.1-73.el6_7.2.x86_64.rpm cman-3.0.12.1-73.el6_7.2.x86_64.rpm cups-pk-helper-0.0.4-13.el6.x86_64.rpm debugmode-9.03.49-1.el6_7.4.x86_64.rpm dnsmasq-2.48-16.el6_7.x86_64.rpm dnsmasq-utils-2.48-16.el6_7.x86_64.rpm firefox-38.6.0-2.el6_7.i686.rpm firefox-38.6.0-2.el6_7.x86_64.rpm gedit-2.28.4-4.el6.x86_64.rpm gedit-devel-2.28.4-4.el6.i686.rpm gedit-devel-2.28.4-4.el6.x86_64.rpm gfs2-utils-3.0.12.1-73.el6_7.2.x86_64.rpm httpd-2.2.15-47.sl6.2.x86_64.rpm httpd-2.2.15-47.sl6.3.x86_64.rpm httpd-devel-2.2.15-47.sl6.2.i686.rpm httpd-devel-2.2.15-47.sl6.2.x86_64.rpm httpd-devel-2.2.15-47.sl6.3.i686.rpm httpd-devel-2.2.15-47.sl6.3.x86_64.rpm httpd-manual-2.2.15-47.sl6.2.noarch.rpm httpd-manual-2.2.15-47.sl6.3.noarch.rpm httpd-tools-2.2.15-47.sl6.2.x86_64.rpm httpd-tools-2.2.15-47.sl6.3.x86_64.rpm initscripts-9.03.49-1.el6_7.4.x86_64.rpm kdelibs-4.3.4-24.el6_7.i686.rpm kdelibs-4.3.4-24.el6_7.x86_64.rpm kdelibs-apidocs-4.3.4-24.el6_7.noarch.rpm kdelibs-common-4.3.4-24.el6_7.x86_64.rpm kdelibs-devel-4.3.4-24.el6_7.i686.rpm kdelibs-devel-4.3.4-24.el6_7.x86_64.rpm kernel-2.6.32-573.18.1.el6.x86_64.rpm kernel-abi-whitelists-2.6.32-573.18.1.el6.noarch.rpm kernel-debug-2.6.32-573.18.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-573.18.1.el6.x86_64.rpm kernel-devel-2.6.32-573.18.1.el6.x86_64.rpm kernel-doc-2.6.32-573.18.1.el6.noarch.rpm kernel-firmware-2.6.32-573.18.1.el6.noarch.rpm kernel-headers-2.6.32-573.18.1.el6.x86_64.rpm kexec-tools-2.0.0-286.el6_7.1.x86_64.rpm kexec-tools-eppic-2.0.0-286.el6_7.1.x86_64.rpm libgovirt-0.3.2-1.el6_7.2.i686.rpm libgovirt-0.3.2-1.el6_7.2.x86_64.rpm libgovirt-devel-0.3.2-1.el6_7.2.i686.rpm libgovirt-devel-0.3.2-1.el6_7.2.x86_64.rpm libipa_hbac-1.12.4-47.el6_7.7.i686.rpm libipa_hbac-1.12.4-47.el6_7.7.x86_64.rpm libipa_hbac-devel-1.12.4-47.el6_7.7.i686.rpm libipa_hbac-devel-1.12.4-47.el6_7.7.x86_64.rpm libipa_hbac-python-1.12.4-47.el6_7.7.x86_64.rpm librdmacm-1.0.19.1-1.1.el6_7.i686.rpm librdmacm-1.0.19.1-1.1.el6_7.x86_64.rpm librdmacm-devel-1.0.19.1-1.1.el6_7.i686.rpm librdmacm-devel-1.0.19.1-1.1.el6_7.x86_64.rpm librdmacm-static-1.0.19.1-1.1.el6_7.x86_64.rpm librdmacm-utils-1.0.19.1-1.1.el6_7.x86_64.rpm libsss_idmap-1.12.4-47.el6_7.7.i686.rpm libsss_idmap-1.12.4-47.el6_7.7.x86_64.rpm libsss_idmap-devel-1.12.4-47.el6_7.7.i686.rpm libsss_idmap-devel-1.12.4-47.el6_7.7.x86_64.rpm libsss_nss_idmap-1.12.4-47.el6_7.7.i686.rpm libsss_nss_idmap-1.12.4-47.el6_7.7.x86_64.rpm libsss_nss_idmap-devel-1.12.4-47.el6_7.7.i686.rpm libsss_nss_idmap-devel-1.12.4-47.el6_7.7.x86_64.rpm libsss_nss_idmap-python-1.12.4-47.el6_7.7.x86_64.rpm libsss_simpleifp-1.12.4-47.el6_7.7.i686.rpm libsss_simpleifp-1.12.4-47.el6_7.7.x86_64.rpm libsss_simpleifp-devel-1.12.4-47.el6_7.7.i686.rpm libsss_simpleifp-devel-1.12.4-47.el6_7.7.x86_64.rpm mod_ssl-2.2.15-47.sl6.2.x86_64.rpm mod_ssl-2.2.15-47.sl6.3.x86_64.rpm ntsysv-1.3.49.3-5.el6_7.2.x86_64.rpm pango-1.28.1-11.el6.i686.rpm pango-1.28.1-11.el6.x86_64.rpm pango-devel-1.28.1-11.el6.i686.rpm pango-devel-1.28.1-11.el6.x86_64.rpm paps-0.6.8-13.el6.3.x86_64.rpm paps-devel-0.6.8-13.el6.3.i686.rpm paps-devel-0.6.8-13.el6.3.x86_64.rpm paps-libs-0.6.8-13.el6.3.i686.rpm paps-libs-0.6.8-13.el6.3.x86_64.rpm perf-2.6.32-573.18.1.el6.x86_64.rpm php-5.3.3-46.el6_7.1.x86_64.rpm php-bcmath-5.3.3-46.el6_7.1.x86_64.rpm php-cli-5.3.3-46.el6_7.1.x86_64.rpm php-common-5.3.3-46.el6_7.1.x86_64.rpm php-dba-5.3.3-46.el6_7.1.x86_64.rpm php-devel-5.3.3-46.el6_7.1.x86_64.rpm php-embedded-5.3.3-46.el6_7.1.x86_64.rpm php-enchant-5.3.3-46.el6_7.1.x86_64.rpm php-fpm-5.3.3-46.el6_7.1.x86_64.rpm php-gd-5.3.3-46.el6_7.1.x86_64.rpm php-imap-5.3.3-46.el6_7.1.x86_64.rpm php-intl-5.3.3-46.el6_7.1.x86_64.rpm php-ldap-5.3.3-46.el6_7.1.x86_64.rpm php-mbstring-5.3.3-46.el6_7.1.x86_64.rpm php-mysql-5.3.3-46.el6_7.1.x86_64.rpm php-odbc-5.3.3-46.el6_7.1.x86_64.rpm php-pdo-5.3.3-46.el6_7.1.x86_64.rpm php-pgsql-5.3.3-46.el6_7.1.x86_64.rpm php-process-5.3.3-46.el6_7.1.x86_64.rpm php-pspell-5.3.3-46.el6_7.1.x86_64.rpm php-recode-5.3.3-46.el6_7.1.x86_64.rpm php-snmp-5.3.3-46.el6_7.1.x86_64.rpm php-soap-5.3.3-46.el6_7.1.x86_64.rpm php-tidy-5.3.3-46.el6_7.1.x86_64.rpm php-xml-5.3.3-46.el6_7.1.x86_64.rpm php-xmlrpc-5.3.3-46.el6_7.1.x86_64.rpm php-zts-5.3.3-46.el6_7.1.x86_64.rpm pki-ca-9.0.3-45.el6_7.noarch.rpm pki-common-9.0.3-45.el6_7.noarch.rpm pki-common-javadoc-9.0.3-45.el6_7.noarch.rpm pki-java-tools-9.0.3-45.el6_7.noarch.rpm pki-java-tools-javadoc-9.0.3-45.el6_7.noarch.rpm pki-native-tools-9.0.3-45.el6_7.x86_64.rpm pki-selinux-9.0.3-45.el6_7.noarch.rpm pki-setup-9.0.3-45.el6_7.noarch.rpm pki-silent-9.0.3-45.el6_7.noarch.rpm pki-symkey-9.0.3-45.el6_7.x86_64.rpm pki-util-9.0.3-45.el6_7.noarch.rpm pki-util-javadoc-9.0.3-45.el6_7.noarch.rpm poppler-0.12.4-5.el6_7.1.i686.rpm poppler-0.12.4-5.el6_7.1.x86_64.rpm poppler-devel-0.12.4-5.el6_7.1.i686.rpm poppler-devel-0.12.4-5.el6_7.1.x86_64.rpm poppler-glib-0.12.4-5.el6_7.1.i686.rpm poppler-glib-0.12.4-5.el6_7.1.x86_64.rpm poppler-glib-devel-0.12.4-5.el6_7.1.i686.rpm poppler-glib-devel-0.12.4-5.el6_7.1.x86_64.rpm poppler-qt-0.12.4-5.el6_7.1.i686.rpm poppler-qt-0.12.4-5.el6_7.1.x86_64.rpm poppler-qt4-0.12.4-5.el6_7.1.i686.rpm poppler-qt4-0.12.4-5.el6_7.1.x86_64.rpm poppler-qt4-devel-0.12.4-5.el6_7.1.i686.rpm poppler-qt4-devel-0.12.4-5.el6_7.1.x86_64.rpm poppler-qt-devel-0.12.4-5.el6_7.1.i686.rpm poppler-qt-devel-0.12.4-5.el6_7.1.x86_64.rpm poppler-utils-0.12.4-5.el6_7.1.x86_64.rpm pulseaudio-0.9.21-24.el6.x86_64.rpm pulseaudio-esound-compat-0.9.21-24.el6.x86_64.rpm pulseaudio-gdm-hooks-0.9.21-24.el6.x86_64.rpm pulseaudio-libs-0.9.21-24.el6.i686.rpm pulseaudio-libs-0.9.21-24.el6.x86_64.rpm pulseaudio-libs-devel-0.9.21-24.el6.i686.rpm pulseaudio-libs-devel-0.9.21-24.el6.x86_64.rpm pulseaudio-libs-glib2-0.9.21-24.el6.i686.rpm pulseaudio-libs-glib2-0.9.21-24.el6.x86_64.rpm pulseaudio-libs-zeroconf-0.9.21-24.el6.i686.rpm pulseaudio-libs-zeroconf-0.9.21-24.el6.x86_64.rpm pulseaudio-module-bluetooth-0.9.21-24.el6.x86_64.rpm pulseaudio-module-gconf-0.9.21-24.el6.x86_64.rpm pulseaudio-module-x11-0.9.21-24.el6.x86_64.rpm pulseaudio-module-zeroconf-0.9.21-24.el6.x86_64.rpm pulseaudio-utils-0.9.21-24.el6.i686.rpm pulseaudio-utils-0.9.21-24.el6.x86_64.rpm python-perf-2.6.32-573.18.1.el6.x86_64.rpm python-sssdconfig-1.12.4-47.el6_7.7.noarch.rpm sg3_utils-1.28-9.el6_7.x86_64.rpm sg3_utils-devel-1.28-9.el6_7.i686.rpm sg3_utils-devel-1.28-9.el6_7.x86_64.rpm sg3_utils-libs-1.28-9.el6_7.i686.rpm sg3_utils-libs-1.28-9.el6_7.x86_64.rpm sssd-1.12.4-47.el6_7.7.x86_64.rpm sssd-ad-1.12.4-47.el6_7.7.x86_64.rpm sssd-client-1.12.4-47.el6_7.7.i686.rpm sssd-client-1.12.4-47.el6_7.7.x86_64.rpm sssd-common-1.12.4-47.el6_7.7.x86_64.rpm sssd-common-pac-1.12.4-47.el6_7.7.x86_64.rpm sssd-dbus-1.12.4-47.el6_7.7.x86_64.rpm sssd-ipa-1.12.4-47.el6_7.7.x86_64.rpm sssd-krb5-1.12.4-47.el6_7.7.x86_64.rpm sssd-krb5-common-1.12.4-47.el6_7.7.x86_64.rpm sssd-ldap-1.12.4-47.el6_7.7.x86_64.rpm sssd-proxy-1.12.4-47.el6_7.7.x86_64.rpm sssd-tools-1.12.4-47.el6_7.7.x86_64.rpm urw-fonts-2.4-11.el6.noarch.rpm virt-manager-0.9.0-29.el6_7.1.x86_64.rpm Date: Tue, 9 Feb 2016 17:04:10 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Moderate: sos on SL6.x (noarch) MIME-Version: 1.0 Message-ID: Synopsis: Moderate: sos security and bug fix update Advisory ID: SLSA-2016:0152-1 Issue Date: 2016-02-09 CVE Numbers: CVE-2015-7529 -- An insecure temporary file use flaw was found in the way sos created certain sosreport files. A local attacker could possibly use this flaw to perform a symbolic link attack to reveal the contents of sosreport files, or in some cases modify arbitrary files and escalate their privileges on the system. (CVE-2015-7529) This update also fixes the following bug: * Previously, when the hpasm plug-in ran the "hpasmcli" command in a Python Popen constructor or a system pipeline, the command would hang and eventually time out after 300 seconds. Sos was forced to wait for the time out to finish, unnecessarily prolonging its run time. With this update, the timeout of the "hpasmcli" command has been set to 0, eliminating the delay and speeding up sos completion time. -- SL6 noarch sos-3.2-28.el6_7.2.noarch.rpm - Scientific Linux Development Team . A recent security patch in Scientific Linux addresses a symbolic link vulnerability and enhancesthe efficiency of command execution times.. Scientific Linux Update,sos security issue,symbolic link flaw,bug fix advisory. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Feb 09, 2016 Important Scientific Linux
200
Ls Advisories Scientific Esm H240
Price Tag 1security advisoryprivilege escalationgdm

Scientific Linux: SLSA-2013:1213-1 Important GDM Security Fix

Important: gdm security update. Date: Thu, 5 Sep 2013 20:18:26 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Important: gdm on SL5.x i386/srpm/x86_64 MIME-Version: 1.0 Synopsis: Important: gdm security update Advisory ID: SLSA-2013:1213-1 Issue Date: 2013-09-05 CVE Numbers: CVE-2013-4169 -- A race condition was found in the way GDM handled the X server sockets directory located in the system temporary directory. An unprivileged user could use this flaw to perform a symbolic link attack, giving them write access to any file, allowing them to escalate their privileges to root. (CVE-2013-4169) Note that this erratum includes an updated initscripts package. To fix CVE-2013-4169, the vulnerable code was removed from GDM and the initscripts package was modified to create the affected directory safely during the system boot process. Therefore, this update will appear on all systems, however systems without GDM installed are not affected by this flaw. The system must be rebooted for this update to take effect. -- SL5 x86_64 gdm-docs-2.16.0-59.sl5.1.x86_64.rpm initscripts-8.45.42-2.el5_9.1.x86_64.rpm gdm-2.16.0-59.sl5.1.x86_64.rpm gdm-debuginfo-2.16.0-59.sl5.1.x86_64.rpm initscripts-debuginfo-8.45.42-2.el5_9.1.x86_64.rpm i386 gdm-docs-2.16.0-59.sl5.1.i386.rpm initscripts-8.45.42-2.el5_9.1.i386.rpm gdm-2.16.0-59.sl5.1.i386.rpm gdm-debuginfo-2.16.0-59.sl5.1.i386.rpm initscripts-debuginfo-8.45.42-2.el5_9.1.i386.rpm srpm gdm-2.16.0-59.sl5.1.src.rpm initscripts-8.45.42-2.el5_9.1.src.rpm noarch initscripts-debuginfo-8.45.42-2.el5_9.1.x86_64.rpm gdm-debuginfo-2.16.0-59.sl5.1.i386.rpm gdm-debuginfo-2.16.0-59.sl5.1.x86_64.rpm initscripts-debuginfo-8.45.42-2.el5_9.1.i386.rpm - Scientific Linux Development Team . A significant gdm security patch for Scientific Linux has been released to mitigate a privilege escalation vulnerability along with its potential consequences.. gdm update, scientific linux, privilegeescalation, security advisory. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Sep 05, 2013 Important Scientific Linux
Banner 2 1028x280 1708121730 1 1771599631
200
Ls Advisories Scientific Esm H240
Price Tag 1security advisoryprivilege escalationsymbolic link attack

Scientific Linux: Important Update on abrt and libreport Security Issues

Important: abrt and libreport security update. Date: Fri, 1 Feb 2013 09:47:42 -0600 Reply-To: Pat Riehecky Sender: Security Errata for Scientific Linux From: Pat Riehecky Organization: Fermilab Subject: Security ERRATA Important: abrt and libreport on SL6.x i386/x86_64 MIME-Version: 1.0 Synopsis: Important: abrt and libreport security update Issue Date: 2013-01-31 CVE Numbers: CVE-2012-5659 CVE-2012-5660 -- It was found that the /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache tool did not sufficiently sanitize its environment variables. This could lead to Python modules being loaded and run from non-standard directories (such as /tmp/). A local attacker could use this flaw to escalate their privileges to that of the abrt user. (CVE-2012-5659) A race condition was found in the way ABRT handled the directories used to store information about crashes. A local attacker with the privileges of the abrt user could use this flaw to perform a symbolic link attack, possibly allowing them to escalate their privileges to root. (CVE-2012-5660) -- SL6 x86_64 abrt-2.0.8-6.el6_3.2.x86_64.rpm abrt-addon-ccpp-2.0.8-6.el6_3.2.x86_64.rpm abrt-addon-kerneloops-2.0.8-6.el6_3.2.x86_64.rpm abrt-addon-python-2.0.8-6.el6_3.2.x86_64.rpm abrt-cli-2.0.8-6.el6_3.2.x86_64.rpm abrt-debuginfo-2.0.8-6.el6_3.2.i686.rpm abrt-debuginfo-2.0.8-6.el6_3.2.x86_64.rpm abrt-desktop-2.0.8-6.el6_3.2.x86_64.rpm abrt-gui-2.0.8-6.el6_3.2.x86_64.rpm abrt-libs-2.0.8-6.el6_3.2.i686.rpm abrt-libs-2.0.8-6.el6_3.2.x86_64.rpm abrt-tui-2.0.8-6.el6_3.2.x86_64.rpm libreport-2.0.9-5.el6_3.2.i686.rpm libreport-2.0.9-5.el6_3.2.x86_64.rpm libreport-cli-2.0.9-5.el6_3.2.x86_64.rpm libreport-debuginfo-2.0.9-5.el6_3.2.i686.rpm libreport-debuginfo-2.0.9-5.el6_3.2.x86_64.rpm libreport-gtk-2.0.9-5.el6_3.2.i686.rpm libreport-gtk-2.0.9-5.el6_3.2.x86_64.rpm libreport-newt-2.0.9-5.el6_3.2.x86_64.rpm libreport-plugin-kerneloops-2.0.9-5.el6_3.2.x86_64.rpm libreport-plugin-logger-2.0.9-5.el6_3.2.x86_64.rpm libreport-plugin-mailx-2.0.9-5.el6_3.2.x86_64.rpm libreport-plugin-reportuploader-2.0.9-5.el6_3.2.x86_64.rpm libreport-plugin-rhtsupport-2.0.9-5.el6_3.2.x86_64.rpm libreport-python-2.0.9-5.el6_3.2.x86_64.rpm abrt-addon-vmcore-2.0.8-6.el6_3.2.x86_64.rpm abrt-devel-2.0.8-6.el6_3.2.i686.rpm abrt-devel-2.0.8-6.el6_3.2.x86_64.rpm libreport-devel-2.0.9-5.el6_3.2.i686.rpm libreport-devel-2.0.9-5.el6_3.2.x86_64.rpm libreport-gtk-devel-2.0.9-5.el6_3.2.i686.rpm libreport-gtk-devel-2.0.9-5.el6_3.2.x86_64.rpm libreport-plugin-bugzilla-2.0.9-5.el6_3.2.x86_64.rpm i386 abrt-2.0.8-6.el6_3.2.i686.rpm abrt-addon-ccpp-2.0.8-6.el6_3.2.i686.rpm abrt-addon-kerneloops-2.0.8-6.el6_3.2.i686.rpm abrt-addon-python-2.0.8-6.el6_3.2.i686.rpm abrt-cli-2.0.8-6.el6_3.2.i686.rpm abrt-debuginfo-2.0.8-6.el6_3.2.i686.rpm abrt-desktop-2.0.8-6.el6_3.2.i686.rpm abrt-gui-2.0.8-6.el6_3.2.i686.rpm abrt-libs-2.0.8-6.el6_3.2.i686.rpm abrt-tui-2.0.8-6.el6_3.2.i686.rpm libreport-2.0.9-5.el6_3.2.i686.rpm libreport-cli-2.0.9-5.el6_3.2.i686.rpm libreport-debuginfo-2.0.9-5.el6_3.2.i686.rpm libreport-gtk-2.0.9-5.el6_3.2.i686.rpm libreport-newt-2.0.9-5.el6_3.2.i686.rpm libreport-plugin-kerneloops-2.0.9-5.el6_3.2.i686.rpm libreport-plugin-logger-2.0.9-5.el6_3.2.i686.rpm libreport-plugin-mailx-2.0.9-5.el6_3.2.i686.rpm libreport-plugin-reportuploader-2.0.9-5.el6_3.2.i686.rpm libreport-plugin-rhtsupport-2.0.9-5.el6_3.2.i686.rpm libreport-python-2.0.9-5.el6_3.2.i686.rpm abrt-addon-vmcore-2.0.8-6.el6_3.2.i686.rpm abrt-devel-2.0.8-6.el6_3.2.i686.rpm libreport-devel-2.0.9-5.el6_3.2.i686.rpm libreport-gtk-devel-2.0.9-5.el6_3.2.i686.rpm libreport-plugin-bugzilla-2.0.9-5.el6_3.2.i686.rpm - Scientific Linux Development Team . A vital security patch for abrt and libreport in Scientific Linux resolves privilege escalation vulnerabilities and additional concerns.. abrt update, libreport security, Scientific Linux, security patch, privilege escalation. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Feb 01, 2013 Important Scientific Linux
200
Ls Advisories Scientific Esm H240
Price Tag 1security advisorybug fixmoderate severity

Scientific Linux: Moderate Sudo Update CVE-2012-3440 - Symbolic Link Attack

Moderate: sudo security and bug fix update. Date: Wed, 8 Aug 2012 16:45:27 -0500 Reply-To: Connie Sieh Sender: Security Errata for Scientific Linux From: Connie Sieh Subject: Security ERRATA Moderate: sudo on SL5.x i386/x86_64 Comments: To: scientific MIME-Version: 1.0 Synopsis: Moderate: sudo security and bug fix update Issue Date: 2012-08-08 CVE Numbers: CVE-2012-3440 An insecure temporary file use flaw was found in the sudo package's post-uninstall script. A local attacker could possibly use this flaw to overwrite an arbitrary file via a symbolic link attack, or modify the contents of the "/etc/nsswitch.conf" file during the upgrade or removal of the sudo package. (CVE-2012-3440) This update also fixes the following bugs: - Previously, sudo escaped non-alphanumeric characters in commands using "sudo -s" or "sudo -" at the wrong place and interfered with the authorization process. Some valid commands were not permitted. Now, non-alphanumeric characters escape immediately before the command is executed and no longer interfere with the authorization process. (BZ#844418) - Prior to this update, the sudo utility could, under certain circumstances, fail to receive the SIGCHLD signal when it was executed from a process that blocked the SIGCHLD signal. As a consequence, sudo could become suspended and fail to exit. This update modifies the signal process mask so that sudo can exit and sends the correct output. (BZ#844419) - The sudo update RHSA-2012:0309 introduced a regression that caused the Security-Enhanced Linux (SELinux) context of the "/etc/nsswitch.conf" file to change during the installation or upgrade of the sudo package. This could cause various services confined by SELinux to no longer be permitted to access the file. In reported cases, this issue prevented PostgreSQL and Postfix from starting. (BZ#842759) - Updating the sudo package resulted in the "sudoers" line in "/etc/nsswitch.conf" being removed. This update corrects the bug in the sudo package's post-uninstall script that causedthis issue. (BZ#844420) - Prior to this update, a race condition bug existed in sudo. When a program was executed with sudo, the program could possibly exit successfully before sudo started waiting for it. In this situation, the program would be left in a zombie state and sudo would wait for it endlessly, expecting it to still be running. (BZ#844978) SL5 x86_64 sudo-1.7.2p1-14.el5_8.2.x86_64.rpm i386 sudo-1.7.2p1-14.el5_8.2.i386.rpm - Scientific Linux Development Team . A routine security patch for sudo mitigates a vulnerability related to file permissions on Scientific Linux. It is advised that users implement the updates without delay.. scientific Linux security, sudo bug fix, moderate security update. . LinuxSecurity.com Team

Calendar 2 Aug 08, 2012 Scientific Linux
Banner 2 1028x280 1708121730 1 1771599631
200
Ls Advisories Scientific Esm H240
Price Tag 1security advisorylow severitysymbolic link attack

Scientific Linux: Low Severity xorg-x11-server Security Update

Low: xorg-x11-server security and bug fix update. Date: Wed, 21 Mar 2012 16:24:51 -0500 Reply-To: This email address is being protected from spambots. You need JavaScript enabled to view it. Sender: Security Errata for Scientific Linux From: Patrick Riehecky Subject: Security ERRATA Low: xorg-x11-server on SL5.x i386/x86_64 Comments: To: This email address is being protected from spambots. You need JavaScript enabled to view it. Synopsis: Low: xorg-x11-server security and bug fix update Issue Date: 2012-02-21 CVE Numbers: CVE-2011-4028 X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. (CVE-2011-4028) This update also fixes the following bugs: * In rare cases, if the front and back buffer of the miDbePositionWindow() function were not both allocated in video memory, or were both allocated in system memory, the X Window System sometimes terminated unexpectedly. A patch has been provided to address this issue and X no longer crashes in the described scenario. * Previously, when the miSetShape() function called the miRegionDestroy() function with a NULL region, X terminated unexpectedly if the backing store was enabled. Now, X no longer crashes in the described scenario. * On certain workstations running in 32-bit mode, the X11 mouse cursor occasionally became stuck near the left edge of the X11 screen. A patch has been provided to address this issue and the mouse cursor no longer becomes stuck in the described scenario. * On certain workstations with a dual-head graphics adapter using the r500 driver in Zaphod mode, the mouse pointer was confined to one monitor screen and could not move to the other screen. A patch has been provided to address this issue and the mouse cursor works properly across both screens. * Due to a double free operation, Xvfb (X virtual framebuffer)terminated unexpectedly with a segmentation fault randomly when the last client disconnected, that is when the server reset. This bug has been fixed in the miDCCloseScreen() function and Xvfb no longer crashes. * Starting the Xephyr server on an AMD64 or Intel 64 architecture with an integrated graphics adapter caused the server to terminate unexpectedly. This bug has been fixed in the code and Xephyr no longer crashes in the described scenario. * Previously, when a client made a request bigger than 1/4th of the limit advertised in the BigRequestsEnable reply, the X server closed the connection unexpectedly. With this update, the maxBigRequestSize variable has been added to the code to check the size of client requests, thus fixing this bug. * When an X client running on a big-endian system called the XineramaQueryScreens() function, the X server terminated unexpectedly. This bug has been fixed in the xf86Xinerama module and the X server no longer crashes in the described scenario. * When installing Scientific Linux 5 on an IBM eServer System p blade server, the installer did not set the correct mode on the built-in KVM (Keyboard-Video-Mouse). Consequently, the graphical installer took a very long time to appear and then was displayed incorrectly. A patch has been provided to address this issue and the graphical installer now works as expected in the described scenario. Note that this fix requires the Scientific Linux 5.8 kernel update. * Lines longer than 46,340 pixels can be drawn with one of the coordinates being negative. However, for dashed lines, the miPolyBuildPoly() function overflowed the "int" type when setting up edges for a section of a dashed line. Consequently, dashed segments were not drawn at all. An upstream patch has been applied to address this issue and dashed lines are now drawn correctly. All users of xorg-x11-server are advised to upgrade to these updated packages, which correct these issues. All running X.Org server instances must be restarted for this update to take effect. SL5: i386 xorg-x11-server-debuginfo-1.1.1-48.90.el5.i386.rpm xorg-x11-server-sdk-1.1.1-48.90.el5.i386.rpm xorg-x11-server-Xdmx-1.1.1-48.90.el5.i386.rpm xorg-x11-server-Xephyr-1.1.1-48.90.el5.i386.rpm xorg-x11-server-Xnest-1.1.1-48.90.el5.i386.rpm xorg-x11-server-Xorg-1.1.1-48.90.el5.i386.rpm xorg-x11-server-Xvfb-1.1.1-48.90.el5.i386.rpm xorg-x11-server-Xvnc-source-1.1.1-48.90.el5.i386.rpm x86_64 xorg-x11-server-debuginfo-1.1.1-48.90.el5.x86_64.rpm xorg-x11-server-sdk-1.1.1-48.90.el5.x86_64.rpm xorg-x11-server-Xdmx-1.1.1-48.90.el5.x86_64.rpm xorg-x11-server-Xephyr-1.1.1-48.90.el5.x86_64.rpm xorg-x11-server-Xnest-1.1.1-48.90.el5.x86_64.rpm xorg-x11-server-Xorg-1.1.1-48.90.el5.x86_64.rpm xorg-x11-server-Xvfb-1.1.1-48.90.el5.x86_64.rpm xorg-x11-server-Xvnc-source-1.1.1-48.90.el5.x86_64.rpm - Scientific Linux Development Team . Patch release for xorg-x11-server in Scientific Linux targeting minor vulnerabilities and glitches impacting overall performance.. xorg-x11-server update, scientific linux advisory, security patch, bug fix note. . Severity: Low. LinuxSecurity.com Team

Calendar 2 Mar 21, 2012 Low Scientific Linux
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorybug fixRed Hat Enterprise Linux

Red Hat: RHSA-2012:0304-03 Low: Vixie-Cron Security Bug Fix

An updated vixie-cron package that fixes one security issue, several bugs, and adds one enhancement is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Low: vixie-cron security, bug fix, and enhancement update Advisory ID: RHSA-2012:0304-03 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2012:0304.html Issue date: 2012-02-21 Keywords: orphan, pam, pie CVE Names: CVE-2010-0424 ==================================================================== 1. Summary: An updated vixie-cron package that fixes one security issue, several bugs, and adds one enhancement is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specified programs at scheduled times. The vixie-cron package adds improved security and more powerful configuration options to the standard version of cron. A race condition was found in the way the crontab program performed file time stamp updates on a temporary file created when editing a user crontab file. A local attacker could use this flaw to change the modification time of arbitrary system files via a symbolic link attack. (CVE-2010-0424) Red Hat would like to thank Dan Rosenbergfor reporting this issue. This update also fixes the following bugs: * Cron jobs of users with home directories mounted on a Lightweight Directory Access Protocol (LDAP) server or Network File System (NFS) were often refused because jobs were marked as orphaned (typically due to a temporary NSS lookup failure, when NIS and LDAP servers were unreachable). With this update, a database of orphans is created, and cron jobs are performed as expected. (BZ#455664) * Previously, cron did not log any errors if a cron job file located in the /etc/cron.d/ directory contained invalid entries. An upstream patch has been applied to address this problem and invalid entries in the cron job files now produce warning messages. (BZ#460070) * Previously, the "@reboot" crontab macro incorrectly ran jobs when the crond daemon was restarted. If the user used the macro on multiple machines, all entries with the "@reboot" option were executed every time the crond daemon was restarted. With this update, jobs are executed only when the machine is rebooted. (BZ#476972) * The crontab utility is now compiled as a position-independent executable (PIE), which enhances the security of the system. (BZ#480930) * When the parent crond daemon was stopped, but a child crond daemon was running (executing a program), the "service crond status" command incorrectly reported that crond was running. The source code has been modified, and the "service crond status" command now correctly reports that crond is stopped. (BZ#529632) * According to the pam(8) manual page, the cron daemon, crond, supports access control with PAM (Pluggable Authentication Module). However, the PAM configuration file for crond did not export environment variables correctly and, consequently, setting PAM variables via cron did not work. This update includes a corrected /etc/pam.d/crond file that exports environment variables correctly. Setting pam variables via cron now works as documented in the pam(8) manual page. (BZ#541189) * Previously, the mcstransd daemon modifiedlabels for the crond daemon. When the crond daemon attempted to use the modified label and mcstransd was not running, crond used an incorrect label. Consequently, Security-Enhanced Linux (SELinux) denials filled up the cron log, no jobs were executed, and crond had to be restarted. With this update, both mcstransd and crond use raw SELinux labels, which prevents the problem. (BZ#625016) * Previously, the crontab(1) and cron(8) manual pages contained multiple typographical errors. This update fixes those errors. (BZ#699620, BZ#699621) In addition, this update adds the following enhancement: * Previously, the crontab utility did not use the Pluggable Authentication Module (PAM) for verification of users. As a consequence, a user could access crontab even if access had been restricted (usually by being denied in the access.conf file). With this update, crontab returns an error message that the user is not allowed to access crontab because of PAM configuration. (BZ#249512) All vixie-cron users should upgrade to this updated package, which resolves these issues and adds this enhancement. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 455664 - Adoptions at the crontab orphanage needed 460070 - cronjobs in /etc/cron.d entries with an invalid username produce no error in the logs 476972 - crontab error with @reboot entry 480930 - Make crontab a PIE 529632 - [PATCH] "service crond status" return invalid status 541189 - cron and /etc/security/pam_env.conf problem 565809 - CVE-2010-0424 vixie-cron, cronie: Race condition by setting timestamp of user's crontab file, when editing the file 625016 - crond requires a restart if mcstransd is stopped 699620 - Typo in patch for crond manpage removes mention of cron.d 699621 - manpage typo -- two be -- should be not two be's ;) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: vixie-cron-4.1-81.el5.i386.rpm vixie-cron-debuginfo-4.1-81.el5.i386.rpm x86_64: vixie-cron-4.1-81.el5.x86_64.rpm vixie-cron-debuginfo-4.1-81.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: i386: vixie-cron-4.1-81.el5.i386.rpm vixie-cron-debuginfo-4.1-81.el5.i386.rpm ia64: vixie-cron-4.1-81.el5.ia64.rpm vixie-cron-debuginfo-4.1-81.el5.ia64.rpm ppc: vixie-cron-4.1-81.el5.ppc.rpm vixie-cron-debuginfo-4.1-81.el5.ppc.rpm s390x: vixie-cron-4.1-81.el5.s390x.rpm vixie-cron-debuginfo-4.1-81.el5.s390x.rpm x86_64: vixie-cron-4.1-81.el5.x86_64.rpm vixie-cron-debuginfo-4.1-81.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2010-0424 https://access.redhat.com/security/updates/classification#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPQyTdXlSAg2UNWIIRAsf/AJ0Rnii8h7UKh/bB9cHIRiKzVWQQ9QCfY/YT EAoMEyKMLLcrhkaqoQEkMW0=LyP3 -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . A recent patch for vixie-cron has been released, bringing minor security improvements and resolving various bugs to enhance performance for Red Hat systems.. vixie-cron Update, Red Hat Enterprise, Cron Bug Fix. . Severity: Low. LinuxSecurity.com Team

Calendar 2 Feb 21, 2012 Low Red Hat
Banner 2 1028x280 1708121730 1 1771599631
200
Ls Advisories Scientific Esm H240
Price Tag 1security advisorybug fixapplication update

Scientific Linux: php-pear Low Severity Advisory CVE-2011-1072

Low: php-pear security and bug fix update. Date: Thu, 8 Dec 2011 17:08:34 -0600 Reply-To: This email address is being protected from spambots. You need JavaScript enabled to view it. Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Low: php-pear on SL6.x Comments: To: This email address is being protected from spambots. You need JavaScript enabled to view it. Synopsis: Low: php-pear security and bug fix update Issue Date: 2011-12-06 CVE Numbers: CVE-2011-1072 The php-pear package contains the PHP Extension and Application Repository (PEAR), a framework and distribution system for reusable PHP components. It was found that the "pear" command created temporary files in an insecure way when installing packages. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary files accessible to the victim running the "pear install" command. (CVE-2011-1072) This update also fixes the following bugs: * The php-pear package has been upgraded to version 1.9.4, which provides a number of bug fixes over the previous version. * Prior to this update, php-pear created a cache in the "/var/cache/php-pear/" directory when attempting to list all packages. As a consequence, php-pear failed to create or update the cache file as a regular user without sufficient file permissions and could not list all packages. With this update, php-pear no longer fails if writing to the cache directory is not permitted. Now, all packages are listed as expected. All users of php-pear are advised to upgrade to this updated package, which corrects these issues. SL6: noarch php-pear-1.9.4-4.el6.noarch.rpm - Scientific Linux Development Team . php-pear security patch mitigates minor threat posed by symbolic link vulnerabilities in Scientific Linux.. php-pear update, low severity risk, scientific linux security, security advisory. . Severity: Low. LinuxSecurity.com Team

Calendar 2 Dec 08, 2011 Low Scientific Linux
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisoryRed Hatbug fix

Red Hat: RHSA-2011-1741-03 Low: php-pear Symbolic Link Attack

An updated php-pear package that fixes one security issue and multiple bugs is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Low: php-pear security and bug fix update Advisory ID: RHSA-2011:1741-03 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2011:1741.html Issue date: 2011-12-06 CVE Names: CVE-2011-1072 ==================================================================== 1. Summary: An updated php-pear package that fixes one security issue and multiple bugs is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - noarch 3. Description: The php-pear package contains the PHP Extension and Application Repository (PEAR), a framework and distribution system for reusable PHP components. It was found that the "pear" command created temporary files in an insecure way when installing packages. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary files accessible to the victim running the "pear install" command. (CVE-2011-1072) This update also fixes the following bugs: * The php-pear package has been upgraded to version 1.9.4, which provides a number of bug fixes over the previous version. (BZ#651897) * Prior to this update, php-pear created a cache inthe "/var/cache/php-pear/" directory when attempting to list all packages. As a consequence, php-pear failed to create or update the cache file as a regular user without sufficient file permissions and could not list all packages. With this update, php-pear no longer fails if writing to the cache directory is not permitted. Now, all packages are listed as expected. (BZ#747361) All users of php-pear are advised to upgrade to this updated package, which corrects these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 651897 - update php-pear to 1.9.4 681982 - CVE-2011-1072 php-pear: symlink vulnerability in PEAR installer 747361 - pear list-all fails for regular user 6. Package List: Red Hat Enterprise Linux Server (v. 6): Source: noarch: php-pear-1.9.4-4.el6.noarch.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: noarch: php-pear-1.9.4-4.el6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2011-1072 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFO3jhJXlSAg2UNWIIRArW+AKCCTyThqpqmhOcnbV8orMnIag8uBwCfZgYk TpsOnqpC7oytz6MFHstgs2U=Qx4m -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . An insignificant update for php-pear resolves vulnerabilities and issues in Red Hat Enterprise Linux version 6.. php-pearupdate, Red Hat security, PEAR framework, low severity patch. . Severity: Low. LinuxSecurity.com Team

Calendar 2 Dec 06, 2011 Low Red Hat
Banner 2 1028x280 1708121730 1 1771599631
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here