Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
89
security advisoryFedoracache poisoningFedora 39: 2023-cf176d02d8 Moderate: Cache Poisoning in Exporter Toolkit
Security fix for CVE-2022-46146, update to v0.10.0. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-cf176d02d8 2023-09-20 00:18:06.817008 -------------------------------------------------------------------------------- Name : golang-github-prometheus-exporter-toolkit Product : Fedora 39 Version : 0.10.0 Release : 1.fc39 URL : https://github.com/prometheus/exporter-toolkit Summary : Utility package to build exporters Description : Utility package to build exporters. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2022-46146, update to v0.10.0 -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 12 2023 Mark E. Fuller - 0.10.0-1 - update to v0.10.0, close rhbz#2016209 #2171533 #2225870 * Thu Jul 20 2023 Fedora Release Engineering - 0.8.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2149436 - CVE-2022-46146 exporter-toolkit: authentication bypass via cache poisoning https://bugzilla.redhat.com/show_bug.cgi?id=2149436 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-cf176d02d8' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Sep 20, 2023
Fedora
89
security advisorycriticalFedoraFedora 26: 2017-07-14 Critical Advisory On Globus GASS Cache Program
globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-0eea793538 2017-07-14 11:45:23.814507 --------------------------------------------------------------------------------Name : globus-gass-cache-program Product : Fedora 26 Version : 6.7 Release : 1.fc26 URL : http://toolkit.globus.org/ Summary : Globus Toolkit - Tools to manipulate local and remote GASS caches Description : The Globus Toolkit is an open source software toolkit used for building Grid systems and applications. It is being developed by the Globus Alliance and many others all over the world. A growing number of projects and companies are using the Globus Toolkit to unlock the potential of grids for their cause. The globus-gass-cache-program package contains: Tools to manipulate local and remote GASS caches --------------------------------------------------------------------------------Update Information: globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public handle (9.26) * Prevent some race conditions (9.27) globus-gram-client * GT6 update globus-gram-job-manager * Default to running personal gatekeeper on an ephemeral port globus-gram-job-manager-condor * Make noarch build arch independent globus-gridftp-server * New error message format (12.0) * Configuration database (12.0) * Better delay for end of session ref check (12.1) * Fix tests when getgroups() does not return effective gid (12.2) globus-gssapi-gsi * Don't unlock unlocked mutex (12.14) * Remove legacy SSLv3 support (12.15) * Test fixes (12.16/12.17) * Drop patch globus-gssapi-gsi-mutex-unlock.patch (fixed upstream 12.14) globus-io * Remove legacy SSLv3 support globus-net-manager * Fix .pc typo * Drop patch globus-net-manager-pkgconfig.patch (fixed upstream) globus-xio * Don't rely on globus_error_put(NULL) to be GLOBUS_SUCCESS (5.15) * Fix crash in error handling in http driver (5.16) globus-xio-gsi-driver * Fix crash when checking for anonymous GSS name when name comparison fails globus-xio-pipe-driver * Fix .pc typo globus-xio-udt-driver * Don't force --static flag to pkg-config * Drop some BuildRequires no longer needed with above change * Fix undefined symbols during linking myproxy * Fix error check (6.1.26) * Remove legacy SSLv3 support (6.1.27) --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade globus-gass-cache-program' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Jul 14, 2017
•Critical
Fedora
89
security advisoryupdatedata protectionFedora 24 Security Advisory: Critical Update for Globus-XIO Framework
globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-5f8ebbd2b1 2017-07-03 18:56:27.414469 --------------------------------------------------------------------------------Name : globus-xio Product : Fedora 24 Version : 5.16 Release : 1.fc24 URL : http://toolkit.globus.org/ Summary : Globus Toolkit - Globus XIO Framework Description : The Globus Toolkit is an open source software toolkit used for building Grid systems and applications. It is being developed by the Globus Alliance and many others all over the world. A growing number of projects and companies are using the Globus Toolkit to unlock the potential of grids for their cause. The globus-xio package contains: Globus XIO Framework --------------------------------------------------------------------------------Update Information: globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public handle (9.26) * Prevent some race conditions (9.27) globus-gram-job-manager * Default to running personal gatekeeper on an ephemeral port globus-gridftp-server * New error message format (12.0) * Configuration database (12.0) * Better delay for end of session ref check (12.1) * Fix tests when getgroups() does not return effective gid(12.2) globus-gssapi-gsi * Don't unlock unlocked mutex (12.14) * Remove legacy SSLv3 support (12.15) * Test fixes (12.16) * Drop patch globus-gssapi-gsi-mutex-unlock.patch (fixed upstream 12.14) globus-io * Remove legacy SSLv3 support globus-net-manager * Fix .pc typo * Drop patch globus-net-manager-pkgconfig.patch (fixed upstream) globus-xio * Don't rely on globus_error_put(NULL) to be GLOBUS_SUCCESS (5.15) * Fix crash in error handling in http driver (5.16) globus-xio-gsi-driver * Fix crash when checking for anonymous GSS name when name comparison fails globus-xio-pipe-driver * Fix .pc typo globus-xio-udt-driver * Don't force --static flag to pkg-config * Drop some BuildRequires no longer needed with above change * Fix undefined symbols during linking myproxy * Fix error check (6.1.26) * Remove legacy SSLv3 support (6.1.27) --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade globus-xio' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Jul 04, 2017
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!