Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
98
security advisoryupdatered hatRed Hat: RHSA-2017-3189-01 Important: Jackson-Databind Code Execution
An update for rh-eclipse47-jackson-databind is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: rh-eclipse47-jackson-databind security update Advisory ID: RHSA-2017:3189-01 Product: Red Hat Developer Tools Advisory URL: https://access.redhat.com/errata/RHSA-2017:3189 Issue date: 2017-11-13 CVE Names: CVE-2017-15095 ==================================================================== 1. Summary: An update for rh-eclipse47-jackson-databind is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Developer Tools for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Developer Tools for Red Hat Enterprise Linux Workstation (v. 7) - noarch 3. Description: The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Security Fix(es): * A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously. (CVE-2017-15095) Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1506612 - CVE-2017-15095 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525) 6. Package List: Red Hat Developer Tools for Red Hat Enterprise Linux Server (v. 7): Source: rh-eclipse47-jackson-databind-2.7.6-3.3.el7.src.rpm noarch: rh-eclipse47-jackson-databind-2.7.6-3.3.el7.noarch.rpm rh-eclipse47-jackson-databind-javadoc-2.7.6-3.3.el7.noarch.rpm Red Hat Developer Tools for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-eclipse47-jackson-databind-2.7.6-3.3.el7.src.rpm noarch: rh-eclipse47-jackson-databind-2.7.6-3.3.el7.noarch.rpm rh-eclipse47-jackson-databind-javadoc-2.7.6-3.3.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-15095 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFaCR6mXlSAg2UNWIIRArTDAJ97zSWosYMnDCr9SgvRIIi3PIMdZwCeJA9y XpdkSIBpifOcj4QQND2ELOQ=Wpd1 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 13, 2017
•Important
Red Hat
197
security advisorycriticaldebianDebian 7: DLA-1122-1 Critical Asterisk Command Injection Advisory
A security vulnerability was discovered in Asterisk, an Open Source PBX and telephony toolkit, that may lead to unauthorized command execution. . Hash: SHA512 Package : asterisk Version : 1:1.8.13.1~dfsg1-3+deb7u7 CVE ID : CVE-2017-14100 Debian Bug : 873908 A security vulnerability was discovered in Asterisk, an Open Source PBX and telephony toolkit, that may lead to unauthorized command execution. The app_minivm module has an "externnotify" program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection. For Debian 7 "Wheezy", these problems have been fixed in version 1:1.8.13.1~dfsg1-3+deb7u7. We recommend that you upgrade your asterisk packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Security patches for Asterisk address command injection weaknesses impacting Debian LTS. Enhanced protection through upgrade is advised.. Asterisk Security Update, Debian LTS Advisory, Command Injection Risk, Open Source PBX, Security Patch. . Severity: Critical. LinuxSecurity.com Team
Oct 05, 2017
•Critical
Debian LTS
89
security advisoryfedoracriticalFedora 24 Smb4k: Critical Threat Due To Unauthorized Execution
Security fix for CVE-2017-8849. https://kde.org/info/security/advisory-20170510-2.txt. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-aceb424894 2017-05-22 00:11:26.944147 --------------------------------------------------------------------------------Name : smb4k Product : Fedora 24 Version : 1.2.2 Release : 3.fc24 URL : https://sourceforge.net/p/smb4k/home/Home/ Summary : The SMB/CIFS Share Browser for KDE Description : Smb4K is an SMB/CIFS share browser for KDE. It uses the Samba software suite to access the SMB/CIFS shares of the local network neighborhood. Its purpose is to provide a program that's easy to use and has as many features as possible. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2017-8849. https://kde.org/info/security/advisory-20170510-2.txt --------------------------------------------------------------------------------References: [ 1 ] Bug #1449658 - CVE-2017-8849 smb4k: unauthorized local command execution as root [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1449658 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade smb4k' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
May 22, 2017
•Critical
Fedora
89
security advisoryFedoramoderate severityFedora 25: Update for smb4k Moderate Risk of Command Execution
Security fix for CVE-2017-8849. https://kde.org/info/security/advisory-20170510-2.txt. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-2cc18e2b3b 2017-05-20 03:07:28.221106 --------------------------------------------------------------------------------Name : smb4k Product : Fedora 25 Version : 1.2.2 Release : 3.fc25 URL : https://sourceforge.net/p/smb4k/home/Home/ Summary : The SMB/CIFS Share Browser for KDE Description : Smb4K is an SMB/CIFS share browser for KDE. It uses the Samba software suite to access the SMB/CIFS shares of the local network neighborhood. Its purpose is to provide a program that's easy to use and has as many features as possible. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2017-8849. https://kde.org/info/security/advisory-20170510-2.txt --------------------------------------------------------------------------------References: [ 1 ] Bug #1449658 - CVE-2017-8849 smb4k: unauthorized local command execution as root [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1449658 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade smb4k' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
May 20, 2017
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!