Alerts This Week
Warning Icon 1 659
Alerts This Week
Warning Icon 1 659

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -3 articles for you...
203
Ls Advisories Mageia Esm H240
Price Tag 1security advisorymoderateupgrade

Mageia: 2021-0182 Moderate: Apache SpamAssassin Command Exploitation

In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places. (CVE-2020-1946) . MGASA-2021-0182 - Updated spamassassin packages fix security vulnerability Publication date: 12 Apr 2021 URL: https://advisories.mageia.org/MGASA-2021-0182.html Type: security Affected Mageia releases: 7, 8 CVE: CVE-2020-1946 In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places. (CVE-2020-1946) References: - https://bugs.mageia.org/show_bug.cgi?id=28673 - https://spamassassin.apache.org/news.html - https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.5.txt - https://www.openwall.com/lists/oss-security/2021/03/24/3 - https://www.cve.org/CVERecord?id=CVE-2020-1946 SRPMS: - 7/core/spamassassin-3.4.5-1.mga7 - 7/core/spamassassin-rules-3.4.5-1.mga7 - 8/core/spamassassin-3.4.5-1.mga8 - 8/core/spamassassin-rules-3.4.5-1.mga8 . Mitigate potential vulnerabilities in Apache SpamAssassin through the MGASA-2021-0182 patch for Mageia distributions. Prioritize your safety!. Apache, Command Injection, Security Update, SpamAssassin, Mageia. . LinuxSecurity.com Team

Calendar 2 Apr 12, 2021 Mageia
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorycritical issuesecurity issue

Fedora 33: 2021-90e915cc4f Critical: Spamassassin Command Execution Issue

Upstream version 3.4.5. See https://lists.apache.org/thread/%This email address is being protected from spambots. You need JavaScript enabled to view it.%3E for details. Fixes CVE-2020-1946. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-90e915cc4f 2021-04-04 01:07:36.552283 --------------------------------------------------------------------------------Name : spamassassin Product : Fedora 33 Version : 3.4.5 Release : 1.fc33 URL : https://spamassassin.apache.org/ Summary : Spam filter for email which can be invoked from mail delivery agents Description : SpamAssassin provides you with a way to reduce if not completely eliminate Unsolicited Commercial Email (SPAM) from your incoming email. It can be invoked by a MDA such as sendmail or postfix, or can be called from a procmail script, .forward file, etc. It uses a genetic-algorithm evolved scoring system to identify messages which look spammy, then adds headers to the message so they can be filtered by the user's mail reading software. This distribution includes the spamd/spamc components which create a server that considerably speeds processing of mail. To enable spamassassin, if you are receiving mail locally, simply add this line to your ~/.procmailrc: INCLUDERC=/etc/mail/spamassassin/spamassassin-default.rc To filter spam for all users, add that line to /etc/procmailrc (creating if necessary). --------------------------------------------------------------------------------Update Information: Upstream version 3.4.5. See https://lists.apache.org/thread/%This email address is being protected from spambots. You need JavaScript enabled to view it.%3E for details. Fixes CVE-2020-1946 --------------------------------------------------------------------------------ChangeLog: * Thu Mar 25 2021 Kevin Fenzi - 3.4.5-1 - Update to 3.4.5. Fixes rhbz#1942575 - Fixes CVE-2020-1946 * Wed Jan 27 2021 Fedora Release Engineering - 3.4.4-8 - Rebuilt forhttps://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1862520 - request rebuild for F32; compile-time SSL lib update for 'spamc' https://bugzilla.redhat.com/show_bug.cgi?id=1862520 [ 2 ] Bug #1943277 - CVE-2020-1946 spamassassin: Malicious rule configuration files can be configured to run system commands [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1943277 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-90e915cc4f' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . Fedora 34 enhances ClamAV to optimize malware detection and rectify serious CVE-2021-1234 vulnerability.. SpamAssassin Update,Fedora 33 Security,Email Filtering Threats. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Apr 03, 2021 Critical Fedora
Banner 3 1028x280 1708121785 1771599793
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedorabuffer overflow

Fedora 33 FEDORA-2021-d20c8a4730 Critical: Busybox Buffer Overflow

Fix for CVE-2021-28831.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-d20c8a4730 2021-03-31 01:14:21.607191 --------------------------------------------------------------------------------Name : busybox Product : Fedora 33 Version : 1.32.1 Release : 1.fc33 URL : Summary : Statically linked binary providing simplified versions of system commands Description : Busybox is a single binary which includes versions of a large number of system commands, including a shell. This package can be very useful for recovering from certain types of system failures, particularly those involving broken shared libraries. --------------------------------------------------------------------------------Update Information: Fix for CVE-2021-28831. --------------------------------------------------------------------------------ChangeLog: * Mon Mar 22 2021 Tom Callaway - 1:1.32.1-1 - update to 1.32.1 - apply upstream fix for CVE-2021-28831 --------------------------------------------------------------------------------References: [ 1 ] Bug #1941028 - CVE-2021-28831 busybox: invalid free or segmentation fault via malformed gzip data https://bugzilla.redhat.com/show_bug.cgi?id=1941028 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-d20c8a4730' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . Patch addressing CVE-2021-28831 in Fedora 33 BusyBox. Important upgrade for improved command reliability and enhanced security measures.. Fedora Busybox Update, Command Security, System Stability. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Mar 30, 2021 Critical Fedora
100
Ls Advisories Suse Esm H240
Price Tag 1security advisoryimportantSUSE

SUSE: 2020:0813-1 Important: spamassassin Configuration Issues

An update that solves three vulnerabilities and has one errata is now available. . SUSE Security Update: Security update for spamassassin ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0813-1 Rating: important References: #1118987 #1162197 #1162200 #862963 Cross-References: CVE-2018-11805 CVE-2020-1930 CVE-2020-1931 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for spamassassin fixes the following issues: Security issues fixed: - CVE-2018-11805: Fixed an issue with delimiter handling in rule files related to is_regexp_valid() (bsc#1118987). - CVE-2020-1930: Fixed an issue with rule configuration (.cf) files which can be configured to run system commands (bsc#1162197). - CVE-2020-1931: Fixed an issue with rule configuration (.cf) files which can be configured to run system commands with warnings (bsc#1162200). Non-security issue fixed: - Altering hash requires restarting loop (bsc#862963). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-813=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-813=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patchSUSE-SLE-Product-HPC-15-2020-813=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-813=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): perl-Mail-SpamAssassin-3.4.2-7.9.1 perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-7.9.1 spamassassin-3.4.2-7.9.1 spamassassin-debuginfo-3.4.2-7.9.1 spamassassin-debugsource-3.4.2-7.9.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): perl-Mail-SpamAssassin-3.4.2-7.9.1 perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-7.9.1 spamassassin-3.4.2-7.9.1 spamassassin-debuginfo-3.4.2-7.9.1 spamassassin-debugsource-3.4.2-7.9.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): perl-Mail-SpamAssassin-3.4.2-7.9.1 perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-7.9.1 spamassassin-3.4.2-7.9.1 spamassassin-debuginfo-3.4.2-7.9.1 spamassassin-debugsource-3.4.2-7.9.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): perl-Mail-SpamAssassin-3.4.2-7.9.1 perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-7.9.1 spamassassin-3.4.2-7.9.1 spamassassin-debuginfo-3.4.2-7.9.1 spamassassin-debugsource-3.4.2-7.9.1 References: https://www.suse.com/security/cve/CVE-2018-11805.html https://www.suse.com/security/cve/CVE-2020-1930.html https://www.suse.com/security/cve/CVE-2020-1931.html https://bugzilla.suse.com/1118987 https://bugzilla.suse.com/1162197 https://bugzilla.suse.com/1162200 https://bugzilla.suse.com/862963 _______________________________________________ sle-security-updates mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. http://lists.suse.com/mailman/listinfo/sle-security-updates . This Red Hat patch resolves significant vulnerabilities in Snort, impacting essential network settings.. SUSE Security Update, SpamAssassin Issues, Configuration Vulnerabilities. . Severity: Important. LinuxSecurity.comTeam

Calendar 2 Mar 30, 2020 Important SuSE
Banner 3 1028x280 1708121785 1771599793
100
Ls Advisories Suse Esm H240
Price Tag 1security advisoryimportantthreat mitigation

SUSE: 2020:0810-1 Important: spamassassin System Command Issues

An update that fixes three vulnerabilities is now available. . SUSE Security Update: Security update for spamassassin ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0810-1 Rating: important References: #1118987 #1162197 #1162200 Cross-References: CVE-2018-11805 CVE-2020-1930 CVE-2020-1931 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server for SAP 12-SP1 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP1-LTSS SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for spamassassin fixes the following issues: - CVE-2018-11805: Fixed an issue with delimiter handling in rule files related to is_regexp_valid() (bsc#1118987). - CVE-2020-1930: Fixed an issue with rule configuration (.cf) files which can be configured to run system commands (bsc#1162197). - CVE-2020-1931: Fixed an issue with rule configuration (.cf) files which can be configured to run system commands with warnings (bsc#1162200). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-810=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-810=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-810=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-810=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-810=1 - SUSE Linux Enterprise Server for SAP 12-SP1: zypper in -t patch SUSE-SLE-SAP-12-SP1-2020-810=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-810=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-810=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-810=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-810=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-810=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-810=1 - SUSE Linux Enterprise Server 12-SP1-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2020-810=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-810=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-810=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): perl-Mail-SpamAssassin-3.4.2-44.8.1 spamassassin-3.4.2-44.8.1 spamassassin-debuginfo-3.4.2-44.8.1 spamassassin-debugsource-3.4.2-44.8.1 - SUSE OpenStack Cloud 8 (x86_64): perl-Mail-SpamAssassin-3.4.2-44.8.1 spamassassin-3.4.2-44.8.1 spamassassin-debuginfo-3.4.2-44.8.1 spamassassin-debugsource-3.4.2-44.8.1 - SUSE OpenStackCloud 7 (s390x x86_64): perl-Mail-SpamAssassin-3.4.2-44.8.1 spamassassin-3.4.2-44.8.1 spamassassin-debuginfo-3.4.2-44.8.1 spamassassin-debugsource-3.4.2-44.8.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): perl-Mail-SpamAssassin-3.4.2-44.8.1 spamassassin-3.4.2-44.8.1 spamassassin-debuginfo-3.4.2-44.8.1 spamassassin-debugsource-3.4.2-44.8.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): perl-Mail-SpamAssassin-3.4.2-44.8.1 spamassassin-3.4.2-44.8.1 spamassassin-debuginfo-3.4.2-44.8.1 spamassassin-debugsource-3.4.2-44.8.1 - SUSE Linux Enterprise Server for SAP 12-SP1 (x86_64): perl-Mail-SpamAssassin-3.4.2-44.8.1 spamassassin-3.4.2-44.8.1 spamassassin-debuginfo-3.4.2-44.8.1 spamassassin-debugsource-3.4.2-44.8.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): perl-Mail-SpamAssassin-3.4.2-44.8.1 spamassassin-3.4.2-44.8.1 spamassassin-debuginfo-3.4.2-44.8.1 spamassassin-debugsource-3.4.2-44.8.1 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): perl-Mail-SpamAssassin-3.4.2-44.8.1 spamassassin-3.4.2-44.8.1 spamassassin-debuginfo-3.4.2-44.8.1 spamassassin-debugsource-3.4.2-44.8.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): perl-Mail-SpamAssassin-3.4.2-44.8.1 spamassassin-3.4.2-44.8.1 spamassassin-debuginfo-3.4.2-44.8.1 spamassassin-debugsource-3.4.2-44.8.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): perl-Mail-SpamAssassin-3.4.2-44.8.1 spamassassin-3.4.2-44.8.1 spamassassin-debuginfo-3.4.2-44.8.1 spamassassin-debugsource-3.4.2-44.8.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): perl-Mail-SpamAssassin-3.4.2-44.8.1 spamassassin-3.4.2-44.8.1 spamassassin-debuginfo-3.4.2-44.8.1 spamassassin-debugsource-3.4.2-44.8.1 - SUSE LinuxEnterprise Server 12-SP2-BCL (x86_64): perl-Mail-SpamAssassin-3.4.2-44.8.1 spamassassin-3.4.2-44.8.1 spamassassin-debuginfo-3.4.2-44.8.1 spamassassin-debugsource-3.4.2-44.8.1 - SUSE Linux Enterprise Server 12-SP1-LTSS (ppc64le s390x x86_64): perl-Mail-SpamAssassin-3.4.2-44.8.1 spamassassin-3.4.2-44.8.1 spamassassin-debuginfo-3.4.2-44.8.1 spamassassin-debugsource-3.4.2-44.8.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): perl-Mail-SpamAssassin-3.4.2-44.8.1 spamassassin-3.4.2-44.8.1 spamassassin-debuginfo-3.4.2-44.8.1 spamassassin-debugsource-3.4.2-44.8.1 - HPE Helion Openstack 8 (x86_64): perl-Mail-SpamAssassin-3.4.2-44.8.1 spamassassin-3.4.2-44.8.1 spamassassin-debuginfo-3.4.2-44.8.1 spamassassin-debugsource-3.4.2-44.8.1 References: https://www.suse.com/security/cve/CVE-2018-11805.html https://www.suse.com/security/cve/CVE-2020-1930.html https://www.suse.com/security/cve/CVE-2020-1931.html https://bugzilla.suse.com/1118987 https://bugzilla.suse.com/1162197 https://bugzilla.suse.com/1162200 _______________________________________________ sle-security-updates mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. http://lists.suse.com/mailman/listinfo/sle-security-updates . New release for spamassassin targets critical vulnerabilities. Apply fix promptly to ensure system defense.. SUSE Security Update, spamassassin security, threat mitigation, update instructions. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Mar 30, 2020 Important SuSE
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisoryGentoohigh severity

Gentoo: GLSA-201206-36 High: Logrotate Command Execution Risk

Multiple vulnerabilities were found in logrotate, which could lead to arbitrary system command execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201206-36 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: logrotate: Multiple vulnerabilities Date: June 25, 2012 Bugs: #356811, #372973 ID: 201206-36 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities were found in logrotate, which could lead to arbitrary system command execution. Background ========= logrotate rotates, compresses, and mails system logs. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-admin/logrotate < 3.8.0 > = 3.8.0 Description ========== Multiple vulnerabilities have been discovered in logrotate. Please review the CVE identifiers referenced below for details. Impact ===== A local attacker could use this flaw to truncate arbitrary system file, to change file owner or mode on arbitrary system files, to conduct symlink attacks and send arbitrary system files, to execute arbitrary system commands, to cause abort in subsequent logrotate runs, to disclose sensitive information, to execute arbitrary code or cause a Denial of Service condition. Workaround ========= There is no known workaround at this time. Resolution ========= All logrotate users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-admin/logrotate-3.8.0" References ========= [ 1 ] CVE-2011-1098 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1098 [ 2 ] CVE-2011-1154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1154 [ 3 ] CVE-2011-1155 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1155 [ 4 ] CVE-2011-1549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1549 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201206-36 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . Critical flaws found in logrotate could allow for unauthorized command execution; Gentoo users should upgrade promptly.. logrotate vulnerabilities,gentoo security advisory,high severity threat,command execution risk. . LinuxSecurity.com Team

Calendar 2 Jun 25, 2012 Gentoo
Banner 3 1028x280 1708121785 1771599793
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here