Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
100
security advisorybuffer overflowimportantSUSE Linux Micro 6.0: 2025:20076-1 important: qemu Issues Resolved
* bsc#1224132 * bsc#1229007 * bsc#1229929 * bsc#1230140 * bsc#1230834 . # Security update for qemu Announcement ID: SUSE-SU-2025:20076-1 Release Date: 2025-02-03T09:05:12Z Rating: important References: * bsc#1224132 * bsc#1229007 * bsc#1229929 * bsc#1230140 * bsc#1230834 * bsc#1230915 * bsc#1231519 Cross-References: * CVE-2024-4693 * CVE-2024-7409 * CVE-2024-8354 * CVE-2024-8612 CVSS scores: * CVE-2024-4693 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-7409 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-7409 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-7409 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-8354 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-8354 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-8354 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-8354 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-8612 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-8612 ( SUSE ): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N * CVE-2024-8612 ( NVD ): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N Affected Products: * SUSE Linux Micro 6.0 An update that solves four vulnerabilities and has three fixes can now be installed. ## Description: This update for qemu fixes the following issues: * Bugfixes and CVEs: * hw/usb/hcd-ohci: Fix #1510, #303: pid not IN or OUT (bsc#1230834, CVE-2024-8354) * softmmu: Support concurrent bounce buffers (bsc#1230915, CVE-2024-8612) * system/physmem: Per-AddressSpace bounce buffering (bsc#1230915, CVE-2024-8612) * system/physmem: Propagate AddressSpace to MapClient helpers (bsc#1230915, CVE-2024-8612) * system/physmem: Replace qemu_mutex_lock() calls with QEMU_LOCK_GUARD (bsc#1230915,CVE-2024-8612) * Update version to 8.2.7 * Full changelog here: https://lore.kernel.org/qemu- devel/
Jun 04, 2025
•Important
SuSE
202
security advisorymoderateupdateopenSUSE 15.1: 2020:0261-1 Moderate: Fix for python-azure-agent Data Leak
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for python-azure-agent ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:0261-1 Rating: moderate References: #1127838 Cross-References: CVE-2019-0804 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-azure-agent fixes the following issues: python-azure-agent was updated to version 2.2.45 (jsc#ECO-80) + Add support for Gen2 VM resource disks + Use alternate systemd detection + Fix /proc/net/route requirement that causes errors on FreeBSD + Add cloud-init auto-detect to prevent multiple provisioning mechanisms from relying on configuration for coordination + Disable cgroups when daemon is setup incorrectly + Remove upgrade extension loop for the same goal state + Add container id for extension telemetry events + Be more exact when detecting IMDS service health + Changing add_event to start sending missing fields From 2.2.44 update: + Remove outdated extension ZIP packages + Improved error handling when starting extensions using systemd + Reduce provisioning time of some custom images + Improve the handling of extension download errors + New API for extension authors to handle errors during extension update + Fix handling of errors in calls to openssl + Improve logic to determine current distro + Reduce verbosity of several logging statements From 2.2.42 update: + Poll for artifact blob, addresses goal state procesing issue From 2.2.41 update: + Rewriting the mechanism to start the extension using systemd-run for systems using systemd for managing + Refactoring of resource monitoring framework using cgroup for both systemd and non-systemdapproaches [#1530, #1534] + Telemetry pipeline for resource monitoring data From 2.2.40 update: + Fixed tracking of memory/cpu usage + Do not prevent extensions from running if setting up cgroups fails + Enable systemd-aware deprovisioning on all versions > = 18.04 + Add systemd support for Debian Jessie, Stretch, and Buster + Support for Linux Openwrt From 2.2.38 update: Security issue fixed: + CVE-2019-0804: An issue with swapfile handling in the agent creates a data leak situation that exposes system memory data. (bsc#1127838) + Add fixes for handling swap file and other nit fixes From 2.2.37 update: + Improves re-try logic to handle errors while downloading extensions This update was imported from the SUSE:SLE-15-SP1:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-261=1 Package List: - openSUSE Leap 15.1 (noarch): python-azure-agent-2.2.45-lp151.2.3.1 python-azure-agent-test-2.2.45-lp151.2.3.1 References: https://www.suse.com/security/cve/CVE-2019-0804.html https://bugzilla.suse.com/1127838 -- . Update released for python-azure-agent addressing CVE-2019-0804 data exposure flaw with moderate risk level on openSUSE platform.. openSUSE Security Update, python-azure-agent Update, Linux Security Patch. . LinuxSecurity.com Team
Feb 29, 2020
OpenSUSE
100
security advisorymoderateSUSESUSE Linux 15-SP1: 2020:0440-1 Moderate: Python-Azure-Agent Data Leak
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for python-azure-agent ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0440-1 Rating: moderate References: #1127838 Cross-References: CVE-2019-0804 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-azure-agent fixes the following issues: python-azure-agent was updated to version 2.2.45 (jsc#ECO-80) + Add support for Gen2 VM resource disks + Use alternate systemd detection + Fix /proc/net/route requirement that causes errors on FreeBSD + Add cloud-init auto-detect to prevent multiple provisioning mechanisms from relying on configuration for coordination + Disable cgroups when daemon is setup incorrectly + Remove upgrade extension loop for the same goal state + Add container id for extension telemetry events + Be more exact when detecting IMDS service health + Changing add_event to start sending missing fields From 2.2.44 update: + Remove outdated extension ZIP packages + Improved error handling when starting extensions using systemd + Reduce provisioning time of some custom images + Improve the handling of extension download errors + New API for extension authors to handle errors during extension update + Fix handling of errors in calls to openssl + Improve logic to determine current distro + Reduce verbosity of several logging statements From 2.2.42 update: + Poll for artifact blob, addresses goal state procesing issue From 2.2.41 update: + Rewriting the mechanism to start the extension using systemd-run for systems usingsystemd for managing + Refactoring of resource monitoring framework using cgroup for both systemd and non-systemd approaches [#1530, #1534] + Telemetry pipeline for resource monitoring data From 2.2.40 update: + Fixed tracking of memory/cpu usage + Do not prevent extensions from running if setting up cgroups fails + Enable systemd-aware deprovisioning on all versions > = 18.04 + Add systemd support for Debian Jessie, Stretch, and Buster + Support for Linux Openwrt From 2.2.38 update: Security issue fixed: + CVE-2019-0804: An issue with swapfile handling in the agent creates a data leak situation that exposes system memory data. (bsc#1127838) + Add fixes for handling swap file and other nit fixes From 2.2.37 update: + Improves re-try logic to handle errors while downloading extensions Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-440=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-440=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): python-azure-agent-2.2.45-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): python-azure-agent-test-2.2.45-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-0804.html https://bugzilla.suse.com/1127838 _______________________________________________ sle-security-updates mailing list
Feb 24, 2020
SuSE
197
security advisorycriticaldebianDebian 7 Wheezy DLA-907-1 Critical: Xen Memory Access Risk
CVE-2017-7228 (XSA-212) An insufficient check on XENMEM_exchange may allow PV guests to access all of system memory. . Hash: SHA256 Package : xen Version : 4.1.6.lts1-6 CVE ID : CVE-2017-7228 Debian Bug : #859560 CVE-2017-7228 (XSA-212) An insufficient check on XENMEM_exchange may allow PV guests to access all of system memory. For Debian 7 "Wheezy", these problems have been fixed in version 4.1.6.lts1-6. We recommend that you upgrade your xen packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -- -------------- Ola Lundqvist -------------------- /
Apr 21, 2017
•Critical
Debian LTS
172
security advisorydenial of servicecriticalUbuntu 10.04 LTS USN-1162-1 Critical Kernel Flaws: Denial of Service
Multiple kernel flaws have been fixed.. =========================================================================Ubuntu Security Notice USN-1162-1 June 29, 2011 linux-mvl-dove vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 10.04 LTS Summary: Multiple kernel flaws have been fixed. Software Description: - linux-mvl-dove: Linux kernel for DOVE Details: Brad Spengler discovered that the kernel did not correctly account for userspace memory allocations during exec() calls. A local attacker could exploit this to consume all system memory, leading to a denial of service. (CVE-2010-4243) Alexander Duyck discovered that the Intel Gigabit Ethernet driver did not correctly handle certain configurations. If such a device was configured without VLANs, a remote attacker could crash the system, leading to a denial of service. (CVE-2010-4263) Nelson Elhage discovered that Econet did not correctly handle AUN packets over UDP. A local attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2010-4342) Dan Rosenberg discovered that IRDA did not correctly check the size of buffers. On non-x86 systems, a local attacker could exploit this to read kernel heap memory, leading to a loss of privacy. (CVE-2010-4529) Dan Rosenburg discovered that the CAN subsystem leaked kernel addresses into the /proc filesystem. A local attacker could use this to increase the chances of a successful memory corruption exploit. (CVE-2010-4565) Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly clear memory when writing certain file holes. A local attacker could exploit this to read uninitialized data from the disk, leading to a loss of privacy. (CVE-2011-0463) Jens Kuehnel discovered that the InfiniBand driver contained a race condition. On systems using InfiniBand, a local attacker could send speciallycrafted requests to crash the system, leading to a denial of service. (CVE-2011-0695) Dan Rosenberg discovered that XFS did not correctly initialize memory. A local attacker could make crafted ioctl calls to leak portions of kernel stack memory, leading to a loss of privacy. (CVE-2011-0711) Kees Cook reported that /proc/pid/stat did not correctly filter certain memory locations. A local attacker could determine the memory layout of processes in an attempt to increase the chances of a successful memory corruption exploit. (CVE-2011-0726) Matthiew Herrb discovered that the drm modeset interface did not correctly handle a signed comparison. A local attacker could exploit this to crash the system or possibly gain root privileges. (CVE-2011-1013) Marek Olšák discovered that the Radeon GPU drivers did not correctly validate certain registers. On systems with specific hardware, a local attacker could exploit this to write to arbitrary video memory. (CVE-2011-1016) Timo Warns discovered that the LDM disk partition handling code did not correctly handle certain values. By inserting a specially crafted disk device, a local attacker could exploit this to gain root privileges. (CVE-2011-1017) Vasiliy Kulikov discovered that the CAP_SYS_MODULE capability was not needed to load kernel modules. A local attacker with the CAP_NET_ADMIN capability could load existing kernel modules, possibly increasing the attack surface available on the system. (CVE-2011-1019) Neil Horman discovered that NFSv4 did not correctly handle certain orders of operation with ACL data. A remote attacker with access to an NFSv4 mount could exploit this to crash the system, leading to a denial of service. (CVE-2011-1090) Timo Warns discovered that OSF partition parsing routines did not correctly clear memory. A local attacker with physical access could plug in a specially crafted block device to read kernel memory, leading to a loss of privacy. (CVE-2011-1163) Julien Tinnes discovered that the kernel didnot correctly validate the signal structure from tkill(). A local attacker could exploit this to send signals to arbitrary threads, possibly bypassing expected restrictions. (CVE-2011-1182) Dan Rosenberg discovered that MPT devices did not correctly validate certain values in ioctl calls. If these drivers were loaded, a local attacker could exploit this to read arbitrary kernel memory, leading to a loss of privacy. (CVE-2011-1494, CVE-2011-1495) Tavis Ormandy discovered that the pidmap function did not correctly handle large requests. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-1593) Oliver Hartkopp and Dave Jones discovered that the CAN network driver did not correctly validate certain socket structures. If this driver was loaded, a local attacker could crash the system, leading to a denial of service. (CVE-2011-1598, CVE-2011-1748) Vasiliy Kulikov discovered that the AGP driver did not check certain ioctl values. A local attacker with access to the video subsystem could exploit this to crash the system, leading to a denial of service, or possibly gain root privileges. (CVE-2011-1745, CVE-2011-2022) Vasiliy Kulikov discovered that the AGP driver did not check the size of certain memory allocations. A local attacker with access to the video subsystem could exploit this to run the system out of memory, leading to a denial of service. (CVE-2011-1746, CVE-2011-1747) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 10.04 LTS: linux-image-2.6.32-217-dove 2.6.32-217.34 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that packageas well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-1162-1 CVE-2010-4243, CVE-2010-4263, CVE-2010-4342, CVE-2010-4529, CVE-2010-4565, CVE-2011-0463, CVE-2011-0695, CVE-2011-0711, CVE-2011-0726, CVE-2011-1013, CVE-2011-1016, CVE-2011-1017, CVE-2011-1019, CVE-2011-1090, CVE-2011-1163, CVE-2011-1182, CVE-2011-1494, CVE-2011-1495, CVE-2011-1593, CVE-2011-1598, CVE-2011-1745, CVE-2011-1746, CVE-2011-1747, CVE-2011-1748, CVE-2011-2022 Package Information: https://launchpad.net/ubuntu/+source/linux-mvl-dove/2.6.32-217.34 . Numerous vulnerabilities related to the kernel have been addressed in Ubuntu 10.04 LTS. It's crucial to update to maintain system integrity.. Ubuntu Updates, Kernel Security, System Vulnerability Fixes. . Severity: Critical. LinuxSecurity.com Team
Jun 29, 2011
•Critical
Ubuntu
172
security advisorymoderatedenial of serviceUbuntu 10.04 LTS: USN-1141-1 Moderate: Multiple Kernel Issues Fixed
Multiple kernel vulnerabilities have been fixed.. =========================================================================Ubuntu Security Notice USN-1141-1 May 31, 2011 linux, linux-ec2 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 10.04 LTS Summary: Multiple kernel vulnerabilities have been fixed. Software Description: - linux: Linux kernel - linux-ec2: Linux kernel for EC2 Details: Brad Spengler discovered that the kernel did not correctly account for userspace memory allocations during exec() calls. A local attacker could exploit this to consume all system memory, leading to a denial of service. (CVE-2010-4243) Alexander Duyck discovered that the Intel Gigabit Ethernet driver did not correctly handle certain configurations. If such a device was configured without VLANs, a remote attacker could crash the system, leading to a denial of service. (CVE-2010-4263) Nelson Elhage discovered that Econet did not correctly handle AUN packets over UDP. A local attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2010-4342) Dan Rosenberg discovered that IRDA did not correctly check the size of buffers. On non-x86 systems, a local attacker could exploit this to read kernel heap memory, leading to a loss of privacy. (CVE-2010-4529) Dan Rosenburg discovered that the CAN subsystem leaked kernel addresses into the /proc filesystem. A local attacker could use this to increase the chances of a successful memory corruption exploit. (CVE-2010-4565) Kees Cook discovered that the IOWarrior USB device driver did not correctly check certain size fields. A local attacker with physical access could plug in a specially crafted USB device to crash the system or potentially gain root privileges. (CVE-2010-4656) Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly clear memory whenwriting certain file holes. A local attacker could exploit this to read uninitialized data from the disk, leading to a loss of privacy. (CVE-2011-0463) Dan Carpenter discovered that the TTPCI DVB driver did not check certain values during an ioctl. If the dvb-ttpci module was loaded, a local attacker could exploit this to crash the system, leading to a denial of service, or possibly gain root privileges. (CVE-2011-0521) Jens Kuehnel discovered that the InfiniBand driver contained a race condition. On systems using InfiniBand, a local attacker could send specially crafted requests to crash the system, leading to a denial of service. (CVE-2011-0695) Rafael Dominguez Vega discovered that the caiaq Native Instruments USB driver did not correctly validate string lengths. A local attacker with physical access could plug in a specially crafted USB device to crash the system or potentially gain root privileges. (CVE-2011-0712) Kees Cook reported that /proc/pid/stat did not correctly filter certain memory locations. A local attacker could determine the memory layout of processes in an attempt to increase the chances of a successful memory corruption exploit. (CVE-2011-0726) Timo Warns discovered that MAC partition parsing routines did not correctly calculate block counts. A local attacker with physical access could plug in a specially crafted block device to crash the system or potentially gain root privileges. (CVE-2011-1010) Timo Warns discovered that LDM partition parsing routines did not correctly calculate block counts. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. (CVE-2011-1012) Matthiew Herrb discovered that the drm modeset interface did not correctly handle a signed comparison. A local attacker could exploit this to crash the system or possibly gain root privileges. (CVE-2011-1013) Marek Olšák discovered that the Radeon GPU drivers did not correctly validate certainregisters. On systems with specific hardware, a local attacker could exploit this to write to arbitrary video memory. (CVE-2011-1016) Vasiliy Kulikov discovered that the CAP_SYS_MODULE capability was not needed to load kernel modules. A local attacker with the CAP_NET_ADMIN capability could load existing kernel modules, possibly increasing the attack surface available on the system. (CVE-2011-1019) Nelson Elhage discovered that the epoll subsystem did not correctly handle certain structures. A local attacker could create malicious requests that would hang the system, leading to a denial of service. (CVE-2011-1082) Nelson Elhage discovered that the epoll subsystem did not correctly handle certain structures. A local attacker could create malicious requests that would consume large amounts of CPU, leading to a denial of service. (CVE-2011-1083) Julien Tinnes discovered that the kernel did not correctly validate the signal structure from tkill(). A local attacker could exploit this to send signals to arbitrary threads, possibly bypassing expected restrictions. (CVE-2011-1182) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 10.04 LTS: linux-image-2.6.32-316-ec2 2.6.32-316.31 linux-image-2.6.32-32-386 2.6.32-32.62 linux-image-2.6.32-32-generic 2.6.32-32.62 linux-image-2.6.32-32-generic-pae 2.6.32-32.62 linux-image-2.6.32-32-ia64 2.6.32-32.62 linux-image-2.6.32-32-lpia 2.6.32-32.62 linux-image-2.6.32-32-powerpc 2.6.32-32.62 linux-image-2.6.32-32-powerpc-smp 2.6.32-32.62 linux-image-2.6.32-32-powerpc64-smp 2.6.32-32.62 linux-image-2.6.32-32-preempt 2.6.32-32.62 linux-image-2.6.32-32-server 2.6.32-32.62 linux-image-2.6.32-32-sparc64 2.6.32-32.62 linux-image-2.6.32-32-sparc64-smp 2.6.32-32.62 linux-image-2.6.32-32-versatile 2.6.32-32.62 linux-image-2.6.32-32-virtual 2.6.32-32.62 After a standard system update you need to reboot yourcomputer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well. References: CVE-2010-4243, CVE-2010-4263, CVE-2010-4342, CVE-2010-4529, CVE-2010-4565, CVE-2010-4656, CVE-2011-0463, CVE-2011-0521, CVE-2011-0695, CVE-2011-0712, CVE-2011-0726, CVE-2011-1010, CVE-2011-1012, CVE-2011-1013, CVE-2011-1016, CVE-2011-1019, CVE-2011-1082, CVE-2011-1083, CVE-2011-1182 Package Information: https://launchpad.net/ubuntu/+source/linux/2.6.32-32.62 https://launchpad.net/ubuntu/+source/linux-ec2/2.6.32-316.31 . Various kernel vulnerabilities resolved in Ubuntu 10.04 LTS through updates that tackle denial of service threats and additional security weaknesses.. Kernel Security Advisory, Ubuntu 10.04 Flaws, Denial of Service Fixes. . Severity: Important. LinuxSecurity.com Team
Jun 01, 2011
•Important
Ubuntu
98
security advisorymoderateRed HatRed Hat: RHSA-2011:0258-01 Moderate: Subversion Access Control Issue
Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Moderate: subversion security update Advisory ID: RHSA-2011:0258-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2011:0258.html Issue date: 2011-02-15 CVE Names: CVE-2010-3315 CVE-2010-4539 CVE-2010-4644 ==================================================================== 1. Summary: Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 3. Description: Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. An access restriction bypass flaw was found in the mod_dav_svn module. If the SVNPathAuthz directive was set to "short_circuit", certain access rules were notenforced, possibly allowing sensitive repository data to be leaked to remote users. Note that SVNPathAuthz is set to "On" by default. (CVE-2010-3315) A server-side memory leak was found in the Subversion server. If a malicious, remote user performed "svn blame" or "svn log" operations on certain repository files, it could cause the Subversion server to consume a large amount of system memory. (CVE-2010-4644) A NULL pointer dereference flaw was found in the way the mod_dav_svn module processed certain requests. If a malicious, remote user issued a certain type of request to display a collection of Subversion repositories on a host that has the SVNListParentPath directive enabled, it could cause the httpd process serving the request to crash. Note that SVNListParentPath is not enabled by default. (CVE-2010-4539) All Subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the Subversion server must be restarted for the update to take effect: restart httpd if you are using mod_dav_svn, or restart svnserve if it is used. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 640317 - CVE-2010-3315 Subversion: Access restriction bypass by checkout of the root of the repository 667407 - CVE-2010-4539 Subversion (mod_dav_svn): DoS (crash) by processing certain requests to display all available repositories to a web browser 667763 - CVE-2010-4644 Subversion: DoS (memory consumption) by processing blame or log -g requests on certain files 6. Package List: Red Hat Enterprise Linux Desktop Optional (v.6): Source: i386: mod_dav_svn-1.6.11-2.el6_0.2.i686.rpm subversion-1.6.11-2.el6_0.2.i686.rpm subversion-debuginfo-1.6.11-2.el6_0.2.i686.rpm subversion-devel-1.6.11-2.el6_0.2.i686.rpm subversion-gnome-1.6.11-2.el6_0.2.i686.rpm subversion-javahl-1.6.11-2.el6_0.2.i686.rpm subversion-kde-1.6.11-2.el6_0.2.i686.rpm subversion-perl-1.6.11-2.el6_0.2.i686.rpm subversion-ruby-1.6.11-2.el6_0.2.i686.rpm noarch: subversion-svn2cl-1.6.11-2.el6_0.2.noarch.rpm x86_64: mod_dav_svn-1.6.11-2.el6_0.2.x86_64.rpm subversion-1.6.11-2.el6_0.2.i686.rpm subversion-1.6.11-2.el6_0.2.x86_64.rpm subversion-debuginfo-1.6.11-2.el6_0.2.i686.rpm subversion-debuginfo-1.6.11-2.el6_0.2.x86_64.rpm subversion-devel-1.6.11-2.el6_0.2.i686.rpm subversion-devel-1.6.11-2.el6_0.2.x86_64.rpm subversion-gnome-1.6.11-2.el6_0.2.i686.rpm subversion-gnome-1.6.11-2.el6_0.2.x86_64.rpm subversion-javahl-1.6.11-2.el6_0.2.i686.rpm subversion-javahl-1.6.11-2.el6_0.2.x86_64.rpm subversion-kde-1.6.11-2.el6_0.2.i686.rpm subversion-kde-1.6.11-2.el6_0.2.x86_64.rpm subversion-perl-1.6.11-2.el6_0.2.i686.rpm subversion-perl-1.6.11-2.el6_0.2.x86_64.rpm subversion-ruby-1.6.11-2.el6_0.2.i686.rpm subversion-ruby-1.6.11-2.el6_0.2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v.6): Source: noarch: subversion-svn2cl-1.6.11-2.el6_0.2.noarch.rpm x86_64: mod_dav_svn-1.6.11-2.el6_0.2.x86_64.rpm subversion-1.6.11-2.el6_0.2.i686.rpm subversion-1.6.11-2.el6_0.2.x86_64.rpm subversion-debuginfo-1.6.11-2.el6_0.2.i686.rpm subversion-debuginfo-1.6.11-2.el6_0.2.x86_64.rpm subversion-devel-1.6.11-2.el6_0.2.i686.rpm subversion-devel-1.6.11-2.el6_0.2.x86_64.rpm subversion-gnome-1.6.11-2.el6_0.2.i686.rpm subversion-gnome-1.6.11-2.el6_0.2.x86_64.rpm subversion-javahl-1.6.11-2.el6_0.2.i686.rpm subversion-javahl-1.6.11-2.el6_0.2.x86_64.rpm subversion-kde-1.6.11-2.el6_0.2.i686.rpm subversion-kde-1.6.11-2.el6_0.2.x86_64.rpm subversion-perl-1.6.11-2.el6_0.2.i686.rpm subversion-perl-1.6.11-2.el6_0.2.x86_64.rpm subversion-ruby-1.6.11-2.el6_0.2.i686.rpm subversion-ruby-1.6.11-2.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: i386: mod_dav_svn-1.6.11-2.el6_0.2.i686.rpm subversion-1.6.11-2.el6_0.2.i686.rpm subversion-debuginfo-1.6.11-2.el6_0.2.i686.rpm subversion-javahl-1.6.11-2.el6_0.2.i686.rpm ppc64: mod_dav_svn-1.6.11-2.el6_0.2.ppc64.rpm subversion-1.6.11-2.el6_0.2.ppc.rpm subversion-1.6.11-2.el6_0.2.ppc64.rpm subversion-debuginfo-1.6.11-2.el6_0.2.ppc.rpm subversion-debuginfo-1.6.11-2.el6_0.2.ppc64.rpm s390x: mod_dav_svn-1.6.11-2.el6_0.2.s390x.rpm subversion-1.6.11-2.el6_0.2.s390.rpm subversion-1.6.11-2.el6_0.2.s390x.rpm subversion-debuginfo-1.6.11-2.el6_0.2.s390.rpm subversion-debuginfo-1.6.11-2.el6_0.2.s390x.rpm x86_64: mod_dav_svn-1.6.11-2.el6_0.2.x86_64.rpm subversion-1.6.11-2.el6_0.2.i686.rpm subversion-1.6.11-2.el6_0.2.x86_64.rpm subversion-debuginfo-1.6.11-2.el6_0.2.i686.rpm subversion-debuginfo-1.6.11-2.el6_0.2.x86_64.rpm subversion-javahl-1.6.11-2.el6_0.2.i686.rpm subversion-javahl-1.6.11-2.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v.6): Source: i386: subversion-debuginfo-1.6.11-2.el6_0.2.i686.rpm subversion-devel-1.6.11-2.el6_0.2.i686.rpm subversion-gnome-1.6.11-2.el6_0.2.i686.rpm subversion-kde-1.6.11-2.el6_0.2.i686.rpm subversion-perl-1.6.11-2.el6_0.2.i686.rpm subversion-ruby-1.6.11-2.el6_0.2.i686.rpm noarch: subversion-svn2cl-1.6.11-2.el6_0.2.noarch.rpm ppc64: subversion-debuginfo-1.6.11-2.el6_0.2.ppc.rpm subversion-debuginfo-1.6.11-2.el6_0.2.ppc64.rpm subversion-devel-1.6.11-2.el6_0.2.ppc.rpm subversion-devel-1.6.11-2.el6_0.2.ppc64.rpm subversion-gnome-1.6.11-2.el6_0.2.ppc.rpm subversion-gnome-1.6.11-2.el6_0.2.ppc64.rpm subversion-javahl-1.6.11-2.el6_0.2.ppc.rpm subversion-javahl-1.6.11-2.el6_0.2.ppc64.rpm subversion-kde-1.6.11-2.el6_0.2.ppc.rpm subversion-kde-1.6.11-2.el6_0.2.ppc64.rpm subversion-perl-1.6.11-2.el6_0.2.ppc.rpm subversion-perl-1.6.11-2.el6_0.2.ppc64.rpm subversion-ruby-1.6.11-2.el6_0.2.ppc.rpm subversion-ruby-1.6.11-2.el6_0.2.ppc64.rpm s390x: subversion-debuginfo-1.6.11-2.el6_0.2.s390.rpm subversion-debuginfo-1.6.11-2.el6_0.2.s390x.rpm subversion-devel-1.6.11-2.el6_0.2.s390.rpm subversion-devel-1.6.11-2.el6_0.2.s390x.rpm subversion-gnome-1.6.11-2.el6_0.2.s390.rpm subversion-gnome-1.6.11-2.el6_0.2.s390x.rpm subversion-javahl-1.6.11-2.el6_0.2.s390.rpm subversion-javahl-1.6.11-2.el6_0.2.s390x.rpm subversion-kde-1.6.11-2.el6_0.2.s390.rpm subversion-kde-1.6.11-2.el6_0.2.s390x.rpm subversion-perl-1.6.11-2.el6_0.2.s390.rpm subversion-perl-1.6.11-2.el6_0.2.s390x.rpm subversion-ruby-1.6.11-2.el6_0.2.s390.rpm subversion-ruby-1.6.11-2.el6_0.2.s390x.rpm x86_64: subversion-debuginfo-1.6.11-2.el6_0.2.i686.rpm subversion-debuginfo-1.6.11-2.el6_0.2.x86_64.rpm subversion-devel-1.6.11-2.el6_0.2.i686.rpm subversion-devel-1.6.11-2.el6_0.2.x86_64.rpm subversion-gnome-1.6.11-2.el6_0.2.i686.rpm subversion-gnome-1.6.11-2.el6_0.2.x86_64.rpm subversion-kde-1.6.11-2.el6_0.2.i686.rpm subversion-kde-1.6.11-2.el6_0.2.x86_64.rpm subversion-perl-1.6.11-2.el6_0.2.i686.rpm subversion-perl-1.6.11-2.el6_0.2.x86_64.rpm subversion-ruby-1.6.11-2.el6_0.2.i686.rpm subversion-ruby-1.6.11-2.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: i386: mod_dav_svn-1.6.11-2.el6_0.2.i686.rpm subversion-1.6.11-2.el6_0.2.i686.rpm subversion-debuginfo-1.6.11-2.el6_0.2.i686.rpm subversion-javahl-1.6.11-2.el6_0.2.i686.rpm x86_64: mod_dav_svn-1.6.11-2.el6_0.2.x86_64.rpm subversion-1.6.11-2.el6_0.2.i686.rpm subversion-1.6.11-2.el6_0.2.x86_64.rpm subversion-debuginfo-1.6.11-2.el6_0.2.i686.rpm subversion-debuginfo-1.6.11-2.el6_0.2.x86_64.rpm subversion-javahl-1.6.11-2.el6_0.2.i686.rpm subversion-javahl-1.6.11-2.el6_0.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: i386: subversion-debuginfo-1.6.11-2.el6_0.2.i686.rpm subversion-devel-1.6.11-2.el6_0.2.i686.rpm subversion-gnome-1.6.11-2.el6_0.2.i686.rpm subversion-kde-1.6.11-2.el6_0.2.i686.rpm subversion-perl-1.6.11-2.el6_0.2.i686.rpm subversion-ruby-1.6.11-2.el6_0.2.i686.rpm noarch: subversion-svn2cl-1.6.11-2.el6_0.2.noarch.rpm x86_64: subversion-debuginfo-1.6.11-2.el6_0.2.i686.rpm subversion-debuginfo-1.6.11-2.el6_0.2.x86_64.rpm subversion-devel-1.6.11-2.el6_0.2.i686.rpm subversion-devel-1.6.11-2.el6_0.2.x86_64.rpm subversion-gnome-1.6.11-2.el6_0.2.i686.rpm subversion-gnome-1.6.11-2.el6_0.2.x86_64.rpm subversion-kde-1.6.11-2.el6_0.2.i686.rpm subversion-kde-1.6.11-2.el6_0.2.x86_64.rpm subversion-perl-1.6.11-2.el6_0.2.i686.rpm subversion-perl-1.6.11-2.el6_0.2.x86_64.rpm subversion-ruby-1.6.11-2.el6_0.2.i686.rpm subversion-ruby-1.6.11-2.el6_0.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2010-3315 https://access.redhat.com/security/cve/CVE-2010-4539 https://access.redhat.com/security/cve/CVE-2010-4644 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details athttps://access.redhat.com/security/team/contact Copyright 2011 Red Hat, Inc. . A mild patch for security concerns in Subversion deployed on Red Hat Enterprise Linux tackling various vulnerabilities.. Subversion Update, Red Hat Advisory, Security Issues. . LinuxSecurity.com Team
Feb 15, 2011
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!