Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 1 articles for you...
98
security advisoryRed Hatremote code executionRed Hat Enterprise Linux: RHSA-2022-0442-01 Important: log4j RCE Risks
An update for log4j is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.6 Advanced Update Support, Red. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: log4j security update Advisory ID: RHSA-2022:0442-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0442 Issue date: 2022-02-07 CVE Names: CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 ==================================================================== 1. Summary: An update for log4j is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.6 Advanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update Support, Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions, Red Hat Enterprise Linux 7.7 Advanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update Support, and Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch Red Hat Enterprise Linux Client Optional (v. 7) - noarch Red Hat Enterprise Linux ComputeNode (v. 7) - noarch Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch Red Hat Enterprise Linux Server (v. 6 ELS) - i386, s390x, x86_64 Red Hat Enterprise LinuxServer (v. 7) - noarch Red Hat Enterprise Linux Server AUS (v. 7.3) - noarch Red Hat Enterprise Linux Server AUS (v. 7.4) - noarch Red Hat Enterprise Linux Server AUS (v. 7.6) - noarch Red Hat Enterprise Linux Server AUS (v. 7.7) - noarch Red Hat Enterprise Linux Server E4S (v. 7.6) - noarch Red Hat Enterprise Linux Server E4S (v. 7.7) - noarch Red Hat Enterprise Linux Server Optional (v. 6 ELS) - i386, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch Red Hat Enterprise Linux Server Optional AUS (v. 7.3) - noarch Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - noarch Red Hat Enterprise Linux Server Optional AUS (v. 7.6) - noarch Red Hat Enterprise Linux Server Optional AUS (v. 7.7) - noarch Red Hat Enterprise Linux Server Optional E4S (v. 7.6) - noarch Red Hat Enterprise Linux Server Optional TUS (v. 7.6) - noarch Red Hat Enterprise Linux Server Optional TUS (v. 7.7) - noarch Red Hat Enterprise Linux Server TUS (v. 7.6) - noarch Red Hat Enterprise Linux Server TUS (v. 7.7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch 3. Description: Log4j is a tool to help the programmer output log statements to a variety of output targets. Security Fix(es): * log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305) * log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307) * log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2041949 - CVE-2022-23302 log4j: Remote code execution in Log4j 1.x when applicationis configured to use JMSSink 2041959 - CVE-2022-23305 log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender 2041967 - CVE-2022-23307 log4j: Unsafe deserialization flaw in Chainsaw log viewer 6. Package List: Red Hat Enterprise Linux Server (v. 6 ELS): Source: log4j-1.2.14-6.6.el6_10.src.rpm i386: log4j-1.2.14-6.6.el6_10.i686.rpm log4j-debuginfo-1.2.14-6.6.el6_10.i686.rpm s390x: log4j-1.2.14-6.6.el6_10.s390x.rpm log4j-debuginfo-1.2.14-6.6.el6_10.s390x.rpm x86_64: log4j-1.2.14-6.6.el6_10.x86_64.rpm log4j-debuginfo-1.2.14-6.6.el6_10.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6 ELS): i386: log4j-debuginfo-1.2.14-6.6.el6_10.i686.rpm log4j-javadoc-1.2.14-6.6.el6_10.i686.rpm log4j-manual-1.2.14-6.6.el6_10.i686.rpm s390x: log4j-debuginfo-1.2.14-6.6.el6_10.s390x.rpm log4j-javadoc-1.2.14-6.6.el6_10.s390x.rpm log4j-manual-1.2.14-6.6.el6_10.s390x.rpm x86_64: log4j-debuginfo-1.2.14-6.6.el6_10.x86_64.rpm log4j-javadoc-1.2.14-6.6.el6_10.x86_64.rpm log4j-manual-1.2.14-6.6.el6_10.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: log4j-1.2.17-18.el7_4.src.rpm noarch: log4j-1.2.17-18.el7_4.noarch.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: log4j-javadoc-1.2.17-18.el7_4.noarch.rpm log4j-manual-1.2.17-18.el7_4.noarch.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: log4j-1.2.17-18.el7_4.src.rpm noarch: log4j-1.2.17-18.el7_4.noarch.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: log4j-javadoc-1.2.17-18.el7_4.noarch.rpm log4j-manual-1.2.17-18.el7_4.noarch.rpm Red Hat Enterprise Linux Server AUS (v. 7.3): Source: log4j-1.2.17-17.el7_3.src.rpm noarch: log4j-1.2.17-17.el7_3.noarch.rpm Red Hat Enterprise Linux Server AUS (v. 7.4): Source: log4j-1.2.17-18.el7_4.src.rpm noarch: log4j-1.2.17-18.el7_4.noarch.rpm Red Hat Enterprise Linux Server AUS (v. 7.6): Source: log4j-1.2.17-18.el7_4.src.rpm noarch: log4j-1.2.17-18.el7_4.noarch.rpm Red Hat Enterprise Linux Server E4S (v.7.6): Source: log4j-1.2.17-18.el7_4.src.rpm noarch: log4j-1.2.17-18.el7_4.noarch.rpm Red Hat Enterprise Linux Server TUS (v. 7.6): Source: log4j-1.2.17-18.el7_4.src.rpm noarch: log4j-1.2.17-18.el7_4.noarch.rpm Red Hat Enterprise Linux Server AUS (v. 7.7): Source: log4j-1.2.17-18.el7_4.src.rpm noarch: log4j-1.2.17-18.el7_4.noarch.rpm Red Hat Enterprise Linux Server E4S (v. 7.7): Source: log4j-1.2.17-18.el7_4.src.rpm noarch: log4j-1.2.17-18.el7_4.noarch.rpm Red Hat Enterprise Linux Server TUS (v. 7.7): Source: log4j-1.2.17-18.el7_4.src.rpm noarch: log4j-1.2.17-18.el7_4.noarch.rpm Red Hat Enterprise Linux Server (v. 7): Source: log4j-1.2.17-18.el7_4.src.rpm noarch: log4j-1.2.17-18.el7_4.noarch.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.3): noarch: log4j-javadoc-1.2.17-17.el7_3.noarch.rpm log4j-manual-1.2.17-17.el7_3.noarch.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.4): noarch: log4j-javadoc-1.2.17-18.el7_4.noarch.rpm log4j-manual-1.2.17-18.el7_4.noarch.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.6): noarch: log4j-javadoc-1.2.17-18.el7_4.noarch.rpm log4j-manual-1.2.17-18.el7_4.noarch.rpm Red Hat Enterprise Linux Server Optional E4S (v. 7.6): noarch: log4j-javadoc-1.2.17-18.el7_4.noarch.rpm log4j-manual-1.2.17-18.el7_4.noarch.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.6): noarch: log4j-javadoc-1.2.17-18.el7_4.noarch.rpm log4j-manual-1.2.17-18.el7_4.noarch.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.7): noarch: log4j-javadoc-1.2.17-18.el7_4.noarch.rpm log4j-manual-1.2.17-18.el7_4.noarch.rpm Red Hat Enterprise Linux Server Optional E4S (v. 7.6): noarch: log4j-javadoc-1.2.17-18.el7_4.noarch.rpm log4j-manual-1.2.17-18.el7_4.noarch.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.7): noarch: log4j-javadoc-1.2.17-18.el7_4.noarch.rpm log4j-manual-1.2.17-18.el7_4.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: log4j-javadoc-1.2.17-18.el7_4.noarch.rpm log4j-manual-1.2.17-18.el7_4.noarch.rpm Red HatEnterprise Linux Workstation (v. 7): Source: log4j-1.2.17-18.el7_4.src.rpm noarch: log4j-1.2.17-18.el7_4.noarch.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: log4j-javadoc-1.2.17-18.el7_4.noarch.rpm log4j-manual-1.2.17-18.el7_4.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-23302 https://access.redhat.com/security/cve/CVE-2022-23305 https://access.redhat.com/security/cve/CVE-2022-23307 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYgIB3NzjgjWX9erEAQjSGA//fa5ZGrr5rzfdILA3WRuVfpCcbwgPfUo1 MU4Xj6RZP7vVTQKLJPJJXXO+weVJO5MQobXxvqoVjUGp5IXFoIztKiFeVVCdzUQQ 7W3g9sr9G+3r819/sWinkcMztgkci9H21HIUfifEKYKvtZtVYW6U9HPq4EugOjyr AegJ3yR+wLrp8n/uUgLoCvEPCQ5Mwt/uU0OYD7Vjq/zKuBk2geCCP0s93hD1sk6w P6imdD5HX8WHnvdr/fbDOvF14Hl9sH5iPalRlr5XkajMFYB9fkNp1xoYq6waO4KW anLE24zS8AE26yt/JohuNwk1H6UEli9fci+FlFEVp3IMWxig01+EHTwDkABk3Nwk grIsDMtJZqfO/meTKIKE4i9CVrJZ5sL+Z11p64QfLrB+a6h1XzVG+9AKUfkKVYKA tywev7hz8G69uAY4AasNbLSWgkAZHh/iIRXi7kE5ESFjI17aAtM6Flm5X4Tzh5FH 7LZXP11chYMXYlLy1fhbNksCUVYD9LEGNf5glB1WLFt+bE0CJZ5R0fUrO9rrXxdS 1GheWpCgbuExpSf0+qRdOjXBc20NbK9E+aZm4a8T/Kygp5NeJZ8I9dz3B6fh16dZ 1wzOwNvfxakW7T9zbI2Imp8/u0nNUYU+BW5pIE9cOQLCkkpIVTiOZf7AUZPBrps+ 749rCc+X7Dc=p6s5 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Feb 08, 2022
•Important
Red Hat
200
security advisoryDoSarbitrary executionScientific Linux: SLSA-2021-3956-1 Important Xstream Update - DoS Risk
xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl (CVE-2021-39139) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.xml.internal.ws.client.sei.* (CVE-2021-39141) * xstream: Arbitrary code execution via unsafe deserialization of sun.tracing.* (CVE-2021-39144) * xstream: Arbitrary code execution via unsafe deserialization o [More...]. Synopsis: Important: xstream security update Advisory ID: SLSA-2021:3956-1 Issue Date: 2021-10-25 CVE Numbers: CVE-2021-39139 CVE-2021-39140 CVE-2021-39141 CVE-2021-39144 CVE-2021-39145 CVE-2021-39146 CVE-2021-39147 CVE-2021-39148 CVE-2021-39149 CVE-2021-39150 CVE-2021-39151 CVE-2021-39152 CVE-2021-39153 CVE-2021-39154 -- Security Fix(es): * xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl (CVE-2021-39139) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.xml.internal.ws.client.sei.* (CVE-2021-39141) * xstream: Arbitrary code execution via unsafe deserialization of sun.tracing.* (CVE-2021-39144) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration (CVE-2021-39145) * xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue (CVE-2021-39146) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapSearchEnumeration (CVE-2021-39147) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.toolkit.dir.ContextEnumerator (CVE-2021-39148) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.corba.* (CVE-2021-39149) * xstream: Server-side request forgery (SSRF) via unsafe deserialization of com.sun.xml.internal.ws.client.sei.* (CVE-2021-39150) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration (CVE-2021-39151) * xstream: Server-side request forgery (SSRF) via unsafe deserialization of jdk.nashorn.internal.runtime.Source$URLData (CVE-2021-39152) * xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl (CVE-2021-39153) * xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue (CVE-2021-39154) * xstream: Infinite loop DoS via unsafe deserialization of sun.reflect.annotation.AnnotationInvocationHandler (CVE-2021-39140) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE --- SL7 noarch - xstream-1.3.1-16.el7_9.noarch.rpm - xstream-javadoc-1.3.1-16.el7_9.noarch.rpm -- - Scientific Linux Development Team . Important Xstream security update outlines critical execution vulnerabilities including advisory SLSA-2021:3956-1.. Xstream Security Update, DoS Risk, Arbitrary Execution, Scientific Linux. . Severity: Important. LinuxSecurity.com Team
Oct 25, 2021
•Important
Scientific Linux
200
security advisorycriticalsecurity fixSciLinux: SLSA-2021-1354-1 Important: XStream Unsafe Deserialization Issues
XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet (CVE-2021-21344) * XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry (CVE-2021-21345) * XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue (CVE-2021-21346) * XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator (CVE-2021-21347 [More...]. Synopsis: Important: xstream security update Advisory ID: SLSA-2021:1354-1 Issue Date: 2021-04-26 CVE Numbers: CVE-2021-21344 CVE-2021-21345 CVE-2021-21346 CVE-2021-21347 CVE-2021-21350 -- Security Fix(es): * XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet (CVE-2021-21344) * XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry (CVE-2021-21345) * XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue (CVE-2021-21346) * XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator (CVE-2021-21347) * XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader (CVE-2021-21350) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE --- SL7 noarch - xstream-1.3.1-13.el7_9.noarch.rpm - xstream-javadoc-1.3.1-13.el7_9.noarch.rpm -- - Scientific Linux Development Team . Critical security release for XStream resolving numerous vulnerable deserialization concerns on Scientific Linux.. XStream Security Update, Unsafe Deserialization, Scientific Linux. . Severity: Important. LinuxSecurity.com Team
Apr 26, 2021
•Important
Scientific Linux
98
security advisorycache poisoningmemory exhaustionRed Hat JBoss EAP: RHSA-2018-0480-01 Important Security Issues Addressed
An update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: JBoss Enterprise Application Platform 7.1.1 for RHEL 7 Advisory ID: RHSA-2018:0480-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2018:0480 Issue date: 2018-03-12 CVE Names: CVE-2017-7561 CVE-2017-12174 CVE-2017-12196 CVE-2017-15089 CVE-2017-15095 CVE-2017-17485 CVE-2018-1048 CVE-2018-5968 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server - noarch 3. Description: Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * artemis/hornetq: memory exhaustion via UDP and JGroups discovery (CVE-2017-12174) * infinispan: Unsafe deserialization of malicious object injectedinto data cache (CVE-2017-15089) * jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525) (CVE-2017-15095) * jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095) (CVE-2017-17485) * resteasy: Vary header not added by CORS filter leading to cache poisoning (CVE-2017-7561) * undertow: Client can use bogus uri in Digest authentication (CVE-2017-12196) * undertow: ALLOW_ENCODED_SLASH option not taken into account in the AjpRequestParser (CVE-2018-1048) * jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485) (CVE-2018-5968) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1483823 - CVE-2017-7561 resteasy: Vary header not added by CORS filter leading to cache poisoning 1498378 - CVE-2017-12174 artemis/hornetq: memory exhaustion via UDP and JGroups discovery 1503055 - CVE-2017-12196 undertow: Client can use bogus uri in Digest authentication 1503610 - CVE-2017-15089 infinispan: Unsafe deserialization of malicious object injected into data cache 1506612 - CVE-2017-15095 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525) 1528565 - CVE-2017-17485 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095) 1534343 - CVE-2018-1048 undertow: ALLOW_ENCODED_SLASH option not taken into account in the AjpRequestParser 1538332 - CVE-2018-5968 jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485) 6. JIRA issues fixed(https://redhat.atlassian.net/jira/projects): JBEAP-7532 - Tracker bug for the EAP 7.1.1 release for RHEL-7 7. Package List: Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7Server: Source: eap7-activemq-artemis-1.5.5.009-1.redhat_1.1.ep7.el7.src.rpm eap7-apache-cxf-3.1.13-1.redhat_1.1.ep7.el7.src.rpm eap7-glassfish-jsf-2.2.13-6.SP5_redhat_1.1.ep7.el7.src.rpm eap7-hibernate-5.1.12-1.Final_redhat_1.1.ep7.el7.src.rpm eap7-infinispan-8.2.9-1.Final_redhat_1.1.ep7.el7.src.rpm eap7-ironjacamar-1.4.7-1.Final_redhat_1.1.ep7.el7.src.rpm eap7-jackson-annotations-2.8.11-1.redhat_1.1.ep7.el7.src.rpm eap7-jackson-core-2.8.11-1.redhat_1.1.ep7.el7.src.rpm eap7-jackson-databind-2.8.11-1.redhat_1.1.ep7.el7.src.rpm eap7-jackson-jaxrs-providers-2.8.11-1.redhat_1.1.ep7.el7.src.rpm eap7-jackson-module-jaxb-annotations-2.8.11-1.redhat_1.1.ep7.el7.src.rpm eap7-jackson-modules-java8-2.8.11-1.redhat_1.1.ep7.el7.src.rpm eap7-jboss-logmanager-2.0.8-1.Final_redhat_1.1.ep7.el7.src.rpm eap7-jboss-server-migration-1.0.3-6.Final_redhat_6.1.ep7.el7.src.rpm eap7-jbossws-cxf-5.1.10-1.Final_redhat_1.1.ep7.el7.src.rpm eap7-narayana-5.5.31-1.Final_redhat_1.1.ep7.el7.src.rpm eap7-picketlink-bindings-2.5.5-10.SP9_redhat_1.1.ep7.el7.src.rpm eap7-picketlink-federation-2.5.5-10.SP9_redhat_1.1.ep7.el7.src.rpm eap7-resteasy-3.0.25-1.Final_redhat_1.1.ep7.el7.src.rpm eap7-undertow-1.4.18-4.SP2_redhat_1.1.ep7.el7.src.rpm eap7-undertow-jastow-2.0.3-1.Final_redhat_1.1.ep7.el7.src.rpm eap7-wildfly-7.1.1-4.GA_redhat_2.1.ep7.el7.src.rpm eap7-wildfly-elytron-1.1.8-1.Final_redhat_1.1.ep7.el7.src.rpm eap7-wildfly-http-client-1.0.9-1.Final_redhat_1.1.ep7.el7.src.rpm eap7-wildfly-javadocs-7.1.1-3.GA_redhat_2.1.ep7.el7.src.rpm eap7-wss4j-2.1.11-1.redhat_1.1.ep7.el7.src.rpm eap7-xml-security-2.0.9-1.redhat_1.1.ep7.el7.src.rpm noarch: eap7-activemq-artemis-1.5.5.009-1.redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-cli-1.5.5.009-1.redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-commons-1.5.5.009-1.redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-core-client-1.5.5.009-1.redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-dto-1.5.5.009-1.redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-hornetq-protocol-1.5.5.009-1.redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-hqclient-protocol-1.5.5.009-1.redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-jdbc-store-1.5.5.009-1.redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-jms-client-1.5.5.009-1.redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-jms-server-1.5.5.009-1.redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-journal-1.5.5.009-1.redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-native-1.5.5.009-1.redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-ra-1.5.5.009-1.redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-selector-1.5.5.009-1.redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-server-1.5.5.009-1.redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-service-extensions-1.5.5.009-1.redhat_1.1.ep7.el7.noarch.rpm eap7-apache-cxf-3.1.13-1.redhat_1.1.ep7.el7.noarch.rpm eap7-apache-cxf-rt-3.1.13-1.redhat_1.1.ep7.el7.noarch.rpm eap7-apache-cxf-services-3.1.13-1.redhat_1.1.ep7.el7.noarch.rpm eap7-apache-cxf-tools-3.1.13-1.redhat_1.1.ep7.el7.noarch.rpm eap7-glassfish-jsf-2.2.13-6.SP5_redhat_1.1.ep7.el7.noarch.rpm eap7-hibernate-5.1.12-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-hibernate-core-5.1.12-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-hibernate-entitymanager-5.1.12-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-hibernate-envers-5.1.12-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-hibernate-infinispan-5.1.12-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-hibernate-java8-5.1.12-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-infinispan-8.2.9-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-infinispan-cachestore-jdbc-8.2.9-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-infinispan-cachestore-remote-8.2.9-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-infinispan-client-hotrod-8.2.9-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-infinispan-commons-8.2.9-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-infinispan-core-8.2.9-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-ironjacamar-1.4.7-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-ironjacamar-common-api-1.4.7-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-ironjacamar-common-impl-1.4.7-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-ironjacamar-common-spi-1.4.7-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-ironjacamar-core-api-1.4.7-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-ironjacamar-core-impl-1.4.7-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-ironjacamar-deployers-common-1.4.7-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-ironjacamar-jdbc-1.4.7-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-ironjacamar-validator-1.4.7-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-jackson-annotations-2.8.11-1.redhat_1.1.ep7.el7.noarch.rpm eap7-jackson-core-2.8.11-1.redhat_1.1.ep7.el7.noarch.rpm eap7-jackson-databind-2.8.11-1.redhat_1.1.ep7.el7.noarch.rpm eap7-jackson-datatype-jdk8-2.8.11-1.redhat_1.1.ep7.el7.noarch.rpm eap7-jackson-datatype-jsr310-2.8.11-1.redhat_1.1.ep7.el7.noarch.rpm eap7-jackson-jaxrs-base-2.8.11-1.redhat_1.1.ep7.el7.noarch.rpm eap7-jackson-jaxrs-json-provider-2.8.11-1.redhat_1.1.ep7.el7.noarch.rpm eap7-jackson-module-jaxb-annotations-2.8.11-1.redhat_1.1.ep7.el7.noarch.rpm eap7-jackson-modules-java8-2.8.11-1.redhat_1.1.ep7.el7.noarch.rpm eap7-jboss-logmanager-2.0.8-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-jboss-server-migration-1.0.3-6.Final_redhat_6.1.ep7.el7.noarch.rpm eap7-jboss-server-migration-cli-1.0.3-6.Final_redhat_6.1.ep7.el7.noarch.rpm eap7-jboss-server-migration-core-1.0.3-6.Final_redhat_6.1.ep7.el7.noarch.rpm eap7-jboss-server-migration-eap6.4-1.0.3-6.Final_redhat_6.1.ep7.el7.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.0-1.0.3-6.Final_redhat_6.1.ep7.el7.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.1-1.0.3-6.Final_redhat_6.1.ep7.el7.noarch.rpm eap7-jboss-server-migration-eap7.0-1.0.3-6.Final_redhat_6.1.ep7.el7.noarch.rpm eap7-jboss-server-migration-eap7.0-to-eap7.1-1.0.3-6.Final_redhat_6.1.ep7.el7.noarch.rpm eap7-jboss-server-migration-eap7.1-1.0.3-6.Final_redhat_6.1.ep7.el7.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.0.3-6.Final_redhat_6.1.ep7.el7.noarch.rpm eap7-jboss-server-migration-wildfly10.0-to-eap7.1-1.0.3-6.Final_redhat_6.1.ep7.el7.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.0.3-6.Final_redhat_6.1.ep7.el7.noarch.rpm eap7-jboss-server-migration-wildfly10.1-to-eap7.1-1.0.3-6.Final_redhat_6.1.ep7.el7.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.0.3-6.Final_redhat_6.1.ep7.el7.noarch.rpm eap7-jboss-server-migration-wildfly8.2-to-eap7.0-1.0.3-6.Final_redhat_6.1.ep7.el7.noarch.rpm eap7-jboss-server-migration-wildfly8.2-to-eap7.1-1.0.3-6.Final_redhat_6.1.ep7.el7.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.0.3-6.Final_redhat_6.1.ep7.el7.noarch.rpm eap7-jboss-server-migration-wildfly9.0-to-eap7.0-1.0.3-6.Final_redhat_6.1.ep7.el7.noarch.rpm eap7-jboss-server-migration-wildfly9.0-to-eap7.1-1.0.3-6.Final_redhat_6.1.ep7.el7.noarch.rpm eap7-jbossws-cxf-5.1.10-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-narayana-5.5.31-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-narayana-compensations-5.5.31-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-narayana-jbosstxbridge-5.5.31-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-narayana-jbossxts-5.5.31-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-narayana-jts-idlj-5.5.31-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-narayana-jts-integration-5.5.31-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-narayana-restat-api-5.5.31-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-narayana-restat-bridge-5.5.31-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-narayana-restat-integration-5.5.31-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-narayana-restat-util-5.5.31-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-narayana-txframework-5.5.31-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-picketlink-api-2.5.5-10.SP9_redhat_1.1.ep7.el7.noarch.rpm eap7-picketlink-bindings-2.5.5-10.SP9_redhat_1.1.ep7.el7.noarch.rpm eap7-picketlink-common-2.5.5-10.SP9_redhat_1.1.ep7.el7.noarch.rpm eap7-picketlink-config-2.5.5-10.SP9_redhat_1.1.ep7.el7.noarch.rpm eap7-picketlink-federation-2.5.5-10.SP9_redhat_1.1.ep7.el7.noarch.rpm eap7-picketlink-idm-api-2.5.5-10.SP9_redhat_1.1.ep7.el7.noarch.rpm eap7-picketlink-idm-impl-2.5.5-10.SP9_redhat_1.1.ep7.el7.noarch.rpm eap7-picketlink-idm-simple-schema-2.5.5-10.SP9_redhat_1.1.ep7.el7.noarch.rpm eap7-picketlink-impl-2.5.5-10.SP9_redhat_1.1.ep7.el7.noarch.rpm eap7-picketlink-wildfly8-2.5.5-10.SP9_redhat_1.1.ep7.el7.noarch.rpm eap7-resteasy-3.0.25-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-resteasy-atom-provider-3.0.25-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-resteasy-cdi-3.0.25-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-resteasy-client-3.0.25-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-resteasy-crypto-3.0.25-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-resteasy-jackson-provider-3.0.25-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-resteasy-jackson2-provider-3.0.25-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-resteasy-jaxb-provider-3.0.25-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-resteasy-jaxrs-3.0.25-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-resteasy-jettison-provider-3.0.25-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-resteasy-jose-jwt-3.0.25-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-resteasy-jsapi-3.0.25-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-resteasy-json-p-provider-3.0.25-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-resteasy-multipart-provider-3.0.25-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-resteasy-spring-3.0.25-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-resteasy-validator-provider-11-3.0.25-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-resteasy-yaml-provider-3.0.25-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-undertow-1.4.18-4.SP2_redhat_1.1.ep7.el7.noarch.rpm eap7-undertow-jastow-2.0.3-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-wildfly-7.1.1-4.GA_redhat_2.1.ep7.el7.noarch.rpm eap7-wildfly-elytron-1.1.8-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-wildfly-http-client-common-1.0.9-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-wildfly-http-ejb-client-1.0.9-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-wildfly-http-naming-client-1.0.9-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-wildfly-http-transaction-client-1.0.9-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-wildfly-javadocs-7.1.1-3.GA_redhat_2.1.ep7.el7.noarch.rpm eap7-wildfly-modules-7.1.1-4.GA_redhat_2.1.ep7.el7.noarch.rpm eap7-wss4j-2.1.11-1.redhat_1.1.ep7.el7.noarch.rpm eap7-wss4j-bindings-2.1.11-1.redhat_1.1.ep7.el7.noarch.rpm eap7-wss4j-policy-2.1.11-1.redhat_1.1.ep7.el7.noarch.rpm eap7-wss4j-ws-security-common-2.1.11-1.redhat_1.1.ep7.el7.noarch.rpm eap7-wss4j-ws-security-dom-2.1.11-1.redhat_1.1.ep7.el7.noarch.rpm eap7-wss4j-ws-security-policy-stax-2.1.11-1.redhat_1.1.ep7.el7.noarch.rpm eap7-wss4j-ws-security-stax-2.1.11-1.redhat_1.1.ep7.el7.noarch.rpm eap7-xml-security-2.0.9-1.redhat_1.1.ep7.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 8. References: https://access.redhat.com/security/cve/CVE-2017-7561 https://access.redhat.com/security/cve/CVE-2017-12174 https://access.redhat.com/security/cve/CVE-2017-12196 https://access.redhat.com/security/cve/CVE-2017-15089 https://access.redhat.com/security/cve/CVE-2017-15095 https://access.redhat.com/security/cve/CVE-2017-17485 https://access.redhat.com/security/cve/CVE-2018-1048 https://access.redhat.com/security/cve/CVE-2018-5968 https://access.redhat.com/security/updates/classification#important https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.1 https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1/html/installation_guide/index 9. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFaprMLXlSAg2UNWIIRAhCGAJ9snEY0uuNrrVqmM0aidwntJhDexgCcCZsg Wu8sAuppGZzph73KulIH0Yc=CxJV -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 12, 2018
•Important
Red Hat
89
security advisorycriticalFedoraFedora 26: FEDORA-2018-bbf8c38b51 Critical Issue in jackson-databind
Security fixes for CVE-2017-17485 and CVE-2018-5968.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-bbf8c38b51 2018-02-07 12:59:04.198971 --------------------------------------------------------------------------------Name : jackson-databind Product : Fedora 26 Version : 2.7.6 Release : 8.fc26 URL : Summary : General data-binding package for Jackson (2.x) Description : General data-binding functionality for Jackson: works on core streaming API. --------------------------------------------------------------------------------Update Information: Security fixes for CVE-2017-17485 and CVE-2018-5968. --------------------------------------------------------------------------------References: [ 1 ] Bug #1528565 - CVE-2017-17485 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095) https://bugzilla.redhat.com/show_bug.cgi?id=1528565 [ 2 ] Bug #1538332 - CVE-2018-5968 jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485) https://bugzilla.redhat.com/show_bug.cgi?id=1538332 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade jackson-databind' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Feb 07, 2018
•Critical
Fedora
89
security advisorymoderateFedoraFedora 26: FEDORA-2017-e16ed3f7a1 Moderate Risk from Jackson Databind
Security fix for CVE-2017-15095. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-e16ed3f7a1 2017-11-15 19:03:16.425852 --------------------------------------------------------------------------------Name : jackson-databind Product : Fedora 26 Version : 2.7.6 Release : 5.fc26 URL : Summary : General data-binding package for Jackson (2.x) Description : General data-binding functionality for Jackson: works on core streaming API. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2017-15095 --------------------------------------------------------------------------------References: [ 1 ] Bug #1506612 - CVE-2017-15095 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525) https://bugzilla.redhat.com/show_bug.cgi?id=1506612 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade jackson-databind' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Nov 15, 2017
•Important
Fedora
89
security advisoryFedoracritical fixFedora 27 FEDORA-2017-4a071ecbc7 Important: jackson-databind Security Flaw
Security fix for CVE-2017-15095. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-4a071ecbc7 2017-11-15 15:47:48.464383 --------------------------------------------------------------------------------Name : jackson-databind Product : Fedora 27 Version : 2.7.6 Release : 5.fc27 URL : Summary : General data-binding package for Jackson (2.x) Description : General data-binding functionality for Jackson: works on core streaming API. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2017-15095 --------------------------------------------------------------------------------References: [ 1 ] Bug #1506612 - CVE-2017-15095 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525) https://bugzilla.redhat.com/show_bug.cgi?id=1506612 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade jackson-databind' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Nov 15, 2017
•Important
Fedora
89
security advisorycriticalFedoraFedora 25: Critical Security Fix for Unsafe YAML Deserialization
Security fix for CVE-2017-2295 and fix for using systemd service provider in a chroot.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-8ad8d1bd86 2017-05-31 20:01:49.742622 --------------------------------------------------------------------------------Name : puppet Product : Fedora 25 Version : 4.2.1 Release : 5.fc25 URL : https://www.puppet.com/ Summary : A network tool for managing many disparate systems Description : Puppet lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2017-2295 and fix for using systemd service provider in a chroot. --------------------------------------------------------------------------------References: [ 1 ] Bug #1452651 - CVE-2017-2295 puppet: Unsafe YAML deserialization https://bugzilla.redhat.com/show_bug.cgi?id=1452651 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade puppet' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Jun 01, 2017
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!