Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
172
security advisoryremote attackmoderate severityUbuntu 23.10 USN-6666-1 Moderate: Libuv Hostname Truncation Issue
libuv could be made to truncate certain hostnames.. ========================================================================== Ubuntu Security Notice USN-6666-1 February 28, 2024 libuv1 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: libuv could be made to truncate certain hostnames. Software Description: - libuv1: asynchronous event notification library Details: It was discovered that libuv incorrectly truncated certain hostnames. A remote attacker could possibly use this issue with specially crafted hostnames to bypass certain checks. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: libuv1 1.44.2-1ubuntu0.1 Ubuntu 22.04 LTS: libuv1 1.43.0-1ubuntu0.1 Ubuntu 20.04 LTS: libuv1 1.34.2-1ubuntu1.5 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6666-1 CVE-2024-24806 Package Information: https://launchpad.net/ubuntu/+source/libuv1/1.44.2-1ubuntu0.1 https://launchpad.net/ubuntu/+source/libuv1/1.43.0-1ubuntu0.1 https://launchpad.net/ubuntu/+source/libuv1/1.34.2-1ubuntu1.5 . A security flaw identified in libuv poses risks to Ubuntu systems; users are advised to apply updates to mitigate possible hostname truncation exploitation.. libuv Vulnerability, Ubuntu Security Fixes, Hostname Attack Mitigation. . Severity: Important. LinuxSecurity.com Team
Feb 28, 2024
•Important
Ubuntu
89
security advisorysoftware updateFedoraFedora 39: FEDORA-2023-e77300e4b5 moderate: Python AsyncSSH prefix attack
Security fix for CVE-2023-48795. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-e77300e4b5 2023-12-30 01:20:53.296310 -------------------------------------------------------------------------------- Name : python-asyncssh Product : Fedora 39 Version : 2.14.2 Release : 1.fc39 URL : https://github.com/ronf/asyncssh Summary : Asynchronous SSH for Python Description : Python 3 library for asynchronous client and server-side SSH communication. It uses the Python asyncio module and implements many SSH protocol features such as the various channels, SFTP, SCP, forwarding, session multiplexing over a connection and more. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2023-48795 -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 21 2023 Georg Sauthoff - 2.14.2-1 - Update to latest upstream version (fixes fedora#2255038) - Fix CVE-2023-48795 ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (fixes fedora#2254210) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2254210 - CVE-2023-48795 ssh: Prefix truncation attack on Binary Packet Protocol (BPP) https://bugzilla.redhat.com/show_bug.cgi?id=2254210 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-e77300e4b5' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Dec 30, 2023
Fedora
203
security advisoryseverity moderateexploit codeMageia: 2020-0115 Moderate: Firejail Truncation and Seccomp Issues
Updated firejail package fixes security vulnerabilities: Firejail before 0.9.60 allows truncation (resizing to length 0) of the firejail binary on the host by running exploit code inside a firejail sandbox and having the sandbox terminated. To succeed, certain conditions . MGASA-2020-0115 - Updated firejail packages fix security vulnerabilities Publication date: 06 Mar 2020 URL: https://advisories.mageia.org/MGASA-2020-0115.html Type: security Affected Mageia releases: 7 CVE: CVE-2019-12499, CVE-2019-12589 Updated firejail package fixes security vulnerabilities: Firejail before 0.9.60 allows truncation (resizing to length 0) of the firejail binary on the host by running exploit code inside a firejail sandbox and having the sandbox terminated. To succeed, certain conditions need to be fulfilled: The jail (with the exploit code inside) needs to be started as root, and it also needs to be terminated as root from the host (either by stopping it ungracefully (e.g., SIGKILL), or by using the --shutdown control command) (CVE-2019-12499). In Firejail before 0.9.60, seccomp filters are writable inside the jail, leading to a lack of intended seccomp restrictions for a process that is joined to the jail after a filter has been modified by an attacker (CVE-2019-12589). References: - https://bugs.mageia.org/show_bug.cgi?id=26013 - https://lists.fedoraproject.org/archives/list/
Mar 06, 2020
Mageia
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!