Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -7 articles for you...
203
security advisoryauthentication issuedovecotMageia: 2019-0072 Moderate: Dovecot Trust Issue for Usernames
CVE-2019-3814: If imap/pop3/managesieve/submission client has trusted certificate with missing username field (ssl_cert_username_field), under some configurations Dovecot mistakenly trusts the username provided via authentication instead of failing. . MGASA-2019-0072 - Updated dovecot packages fix security vulnerability Publication date: 13 Feb 2019 URL: https://advisories.mageia.org/MGASA-2019-0072.html Type: security Affected Mageia releases: 6 CVE: CVE-2019-3814 CVE-2019-3814: If imap/pop3/managesieve/submission client has trusted certificate with missing username field (ssl_cert_username_field), under some configurations Dovecot mistakenly trusts the username provided via authentication instead of failing. References: - https://bugs.mageia.org/show_bug.cgi?id=24314 - https://dovecot.org/list/dovecot-news/2019-February/000393.html - https://www.openwall.com/lists/oss-security/2019/02/05/1 - https://lists.debian.org/debian-security-announce/2019/msg00024.html - https://www.cve.org/CVERecord?id=CVE-2019-3814 SRPMS: - 6/core/dovecot-2.2.36.1-1.mga6 . MGASA-2019-0072 - Updated dovecot packages fix security vulnerability Publication date: 13 Feb 2019 . cve-2019-3814, imap/pop3/managesieve/submission, client, trusted, certificate, missing, usern. . LinuxSecurity.com Team
Feb 13, 2019
Mageia
100
security advisorysoftware updateimportantRed Hat Linux 8: 2022:9341-3 Critical: Apache HTTP Server Security Fix
An update that contains security fixes can now be An update that contains security fixes can now be An update that contains security fixes can now be installed. It includes four new package versions. installed. It includes four new package versions.. SUSE Security Update: Security update for Mozilla NSS ______________________________________________________________________________ Announcement ID: SUSE-SU-2011:1042-1 Rating: important References: #714931 Affected Products: SUSE Linux Enterprise Server 10 SP4 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Desktop 10 SP4 SLE SDK 10 SP4 SLE SDK 10 SP3 ______________________________________________________________________________ An update that contains security fixes can now be installed. It includes four new package versions. Description: This update updates Mozilla NSS to 3.12.11. The update marks the compromised DigiNotar Certificate Authority as untrusted For more information read: MFSA 2011-34 * update to 3.12.10 o root CA changes o filter certain bogus certs (bmo#642815) o fix minor memory leaks o other bugfixes * update to 3.12.9 o fix minor memory leaks (bmo#619268) o fix crash in nss_cms_decoder_work_data (bmo#607058) o fix crash in certutil (bmo#620908) o handle invalid argument in JPAKE (bmo#609068) o J-PAKE support (API requirement for Firefox > = 4.0b8) * replaced expired PayPal test certificate (fixing testsuite) * removed DigiNotar root certifiate from trusted db (bmo#682927) This update also brings the prerequired Mozilla NSPR to version 4.8.9. * update to 4.8.9 * update to 4.8.8 o support IPv6 on Android (bmo#626866) o use AI_ADDRCONFIG for loopback hostnames (bmo#614526) o support SDP sockets (bmo#518078) o support m32r architecture (bmo#635667) o use atomic functions on ARM (bmo#626309) o some other fixes notaffecting the Linux platform Indications: Please install this update. Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 1.9.2.22,3.12.11 and 4.8.9]: mozilla-nspr-4.8.9-1.5.8 mozilla-nspr-devel-4.8.9-1.5.8 mozilla-nss-3.12.11-3.7.1 mozilla-nss-devel-3.12.11-3.7.1 mozilla-nss-tools-3.12.11-3.7.1 mozilla-xulrunner192-1.9.2.22-0.5.1 mozilla-xulrunner192-gnome-1.9.2.22-0.5.1 mozilla-xulrunner192-translations-1.9.2.22-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x) [New Version: 3.6.22]: MozillaFirefox-3.6.22-0.5.1 MozillaFirefox-translations-3.6.22-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (s390x x86_64) [New Version: 1.9.2.22,3.12.11 and 4.8.9]: mozilla-nspr-32bit-4.8.9-1.5.8 mozilla-nss-32bit-3.12.11-3.7.1 mozilla-xulrunner192-32bit-1.9.2.22-0.5.1 mozilla-xulrunner192-gnome-32bit-1.9.2.22-0.5.1 mozilla-xulrunner192-translations-32bit-1.9.2.22-0.5.1 - SUSE Linux Enterprise Server 10 SP4 (ia64) [New Version: 3.12.11 and 4.8.9]: mozilla-nspr-x86-4.8.9-1.5.8 mozilla-nss-x86-3.12.11-3.7.1 - SUSE Linux Enterprise Server 10 SP4 (ppc) [New Version: 3.12.11 and 4.8.9]: mozilla-nspr-64bit-4.8.9-1.5.8 mozilla-nss-64bit-3.12.11-3.7.1 - SUSE Linux Enterprise Server 10 SP3 (i586 ia64 ppc s390x x86_64) [New Version: 1.9.2.22,3.12.11 and 4.8.9]: mozilla-nspr-4.8.9-1.5.8 mozilla-nspr-devel-4.8.9-1.5.8 mozilla-nss-3.12.11-3.7.1 mozilla-nss-devel-3.12.11-3.7.1 mozilla-nss-tools-3.12.11-3.7.1 mozilla-xulrunner192-1.9.2.22-0.5.1 mozilla-xulrunner192-gnome-1.9.2.22-0.5.1 mozilla-xulrunner192-translations-1.9.2.22-0.5.1 - SUSE Linux Enterprise Server 10 SP3 (i586 ia64 ppc s390x) [New Version: 3.6.22]: MozillaFirefox-3.6.22-0.5.1 MozillaFirefox-translations-3.6.22-0.5.1 - SUSE Linux Enterprise Server 10 SP3 (s390x x86_64) [New Version: 1.9.2.22,3.12.11 and4.8.9]: mozilla-nspr-32bit-4.8.9-1.5.8 mozilla-nss-32bit-3.12.11-3.7.1 mozilla-xulrunner192-32bit-1.9.2.22-0.5.1 mozilla-xulrunner192-gnome-32bit-1.9.2.22-0.5.1 mozilla-xulrunner192-translations-32bit-1.9.2.22-0.5.1 - SUSE Linux Enterprise Server 10 SP3 (ia64) [New Version: 3.12.11 and 4.8.9]: mozilla-nspr-x86-4.8.9-1.5.8 mozilla-nss-x86-3.12.11-3.7.1 - SUSE Linux Enterprise Server 10 SP3 (ppc) [New Version: 3.12.11 and 4.8.9]: mozilla-nspr-64bit-4.8.9-1.5.8 mozilla-nss-64bit-3.12.11-3.7.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64) [New Version: 1.9.2.22,3.12.11 and 4.8.9]: mozilla-nspr-4.8.9-1.5.8 mozilla-nspr-devel-4.8.9-1.5.8 mozilla-nss-3.12.11-3.7.1 mozilla-nss-devel-3.12.11-3.7.1 mozilla-nss-tools-3.12.11-3.7.1 mozilla-xulrunner192-1.9.2.22-0.5.1 mozilla-xulrunner192-gnome-1.9.2.22-0.5.1 mozilla-xulrunner192-translations-1.9.2.22-0.5.1 - SUSE Linux Enterprise Desktop 10 SP4 (x86_64) [New Version: 1.9.2.22,3.12.11 and 4.8.9]: mozilla-nspr-32bit-4.8.9-1.5.8 mozilla-nss-32bit-3.12.11-3.7.1 mozilla-xulrunner192-32bit-1.9.2.22-0.5.1 mozilla-xulrunner192-gnome-32bit-1.9.2.22-0.5.1 mozilla-xulrunner192-translations-32bit-1.9.2.22-0.5.1 - SUSE Linux Enterprise Desktop 10 SP4 (i586) [New Version: 3.6.22]: MozillaFirefox-3.6.22-0.5.1 MozillaFirefox-translations-3.6.22-0.5.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64) [New Version: 3.12.11]: mozilla-nss-tools-3.12.11-3.7.1 - SLE SDK 10 SP4 (i586 ia64 ppc s390x): MozillaFirefox-branding-upstream-3.6.22-0.5.1 - SLE SDK 10 SP3 (i586 ia64 ppc s390x x86_64) [New Version: 3.12.11]: mozilla-nss-tools-3.12.11-3.7.1 - SLE SDK 10 SP3 (i586 ia64 ppc s390x) [New Version: 3.6.22]: MozillaFirefox-branding-upstream-3.6.22-0.5.1 References: . Critical SUSE Security Update addressing serious Apache HTTP Server vulnerabilities.Immediate installation recommended.. SUSE Linux, Mozilla NSS, security fixes, trusted certificates, update package. . Severity: Critical. LinuxSecurity.com Team
Sep 15, 2011
•Critical
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!