Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
91
security advisorysecurity issuegentooFedora: FSA-201611-12 Critical: libxml2 Denial of Service Vulnerability
Multiple vulnerabilities have been found in Xerces-C++, the worst of which may allow remote attackers to execute arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201612-46 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Xerces-C++: Multiple vulnerabilities Date: December 24, 2016 Bugs: #575700, #584506 ID: 201612-46 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in Xerces-C++, the worst of which may allow remote attackers to execute arbitrary code. Background ========= Xerces-C++ is a validating XML parser written in a portable subset of C++. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/xerces-c < 3.1.4-r1 > = 3.1.4-r1 Description ========== Multiple vulnerabilities have been discovered in Xerces-C++. Please review the CVE identifiers referenced below for details. Impact ===== A remote attacker could entice a user to process a specially crafted file, possibly resulting in the remote execution of arbitrary code with the privileges of the process, or a Denial of Service condition. Workaround ========= There is no known workaround at this time. Resolution ========= All Xerces-C++ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-libs/xerces-c-3.1.4-r1" References ========= [ 1 ] CVE-2016-0729 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0729 [ 2 ] CVE-2016-2099 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2099 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201612-46 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Dec 24, 2016
Gentoo
98
security advisorycritical issueRed Hat Enterprise LinuxRed Hat 6.5 RHSA-2015:1031-01 Important: QEMU-KVM Memory Flaw Critical
Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: qemu-kvm security update Advisory ID: RHSA-2015:1031-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2015:1031.html Issue date: 2015-05-27 CVE Names: CVE-2015-3456 ==================================================================== 1. Summary: Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HPC Node EUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.5) - i386, x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. (CVE-2015-3456) Red Hat would like to thank Jason Geffner of CrowdStrike for reporting this issue. All qemu-kvm users are advised to upgrade tothese updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1218611 - CVE-2015-3456 qemu: fdc: out-of-bounds fifo buffer memory access 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v. 6.5): Source: qemu-kvm-0.12.1.2-2.415.el6_5.15.src.rpm x86_64: qemu-guest-agent-0.12.1.2-2.415.el6_5.15.x86_64.rpm qemu-img-0.12.1.2-2.415.el6_5.15.x86_64.rpm qemu-kvm-0.12.1.2-2.415.el6_5.15.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.415.el6_5.15.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.415.el6_5.15.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 6.5): Source: qemu-kvm-0.12.1.2-2.415.el6_5.15.src.rpm i386: qemu-guest-agent-0.12.1.2-2.415.el6_5.15.i686.rpm qemu-kvm-debuginfo-0.12.1.2-2.415.el6_5.15.i686.rpm x86_64: qemu-guest-agent-0.12.1.2-2.415.el6_5.15.x86_64.rpm qemu-img-0.12.1.2-2.415.el6_5.15.x86_64.rpm qemu-kvm-0.12.1.2-2.415.el6_5.15.x86_64.rpm qemu-kvm-debuginfo-0.12.1.2-2.415.el6_5.15.x86_64.rpm qemu-kvm-tools-0.12.1.2-2.415.el6_5.15.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2015-3456 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVZb7HXlSAg2UNWIIRAse7AJ9ddnWco1rUrMYVwUex3DGOBMuK5gCdES2Z NtLD3OLQ5kietKEpqy5SUHM=Uufz -----END PGPSIGNATURE----- -- Enterprise-watch-list mailing list
May 27, 2015
•Important
Red Hat
98
security advisorysecurity issuemoderate impactRed Hat Enterprise: RHSA-2014-0456-01 Moderate Django Security Issue
Updated Django packages that fix three security issues are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Django security update Advisory ID: RHSA-2014:0456-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2014:0456.html Issue date: 2014-04-30 CVE Names: CVE-2014-0472 CVE-2014-0473 CVE-2014-0474 ==================================================================== 1. Summary: Updated Django packages that fix three security issues are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 4.0 - noarch 3. Description: The Django web framework is used by horizon, the OpenStack Dashboard, which is a web interface for managing OpenStack services. A flaw was found in the way Django's reverse() URL resolver function constructed certain URLs. A remote attacker able to request a specially crafted view from a Django application could use this flaw to import and execute arbitrary Python modules on the system under the privileges of the user running the application. (CVE-2014-0472) It was found that Django's caching framework reused Cross-Site Request Forgery (CSRF) nonces for all requests from unauthenticated clients. A remote attacker could use this flaw to acquire the CSRF token of a different user and bypassintended CSRF protections in a Django application. (CVE-2014-0473) It was discovered that certain Django model field classes did not properly perform type conversion on their arguments. A remote attacker could use this flaw to submit a specially crafted SQL query that, when processed by a Django application using a MySQL database, could have various application-specific impacts on the MySQL database. (CVE-2014-0474) Red Hat would like to thank the upstream Django project for reporting this issue. Upstream acknowledges Benjamin Bach as the original reporter of CVE-2014-0472, Paul McMillan as the original reporter of CVE-2014-0473, and the Ruby on Rails team, and specifically Michael Koziarski, as the original reporters of CVE-2014-0474. All users of OpenStack Dashboard are advised to upgrade to these updated packages, which resolve these issues. After installing the updated packages, the httpd daemon must be restarted ("service httpd restart") for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1090588 - CVE-2014-0472 python-django: unexpected code execution using reverse() 1090592 - CVE-2014-0473 python-django: caching of anonymous pages could reveal CSRF token 1090593 - CVE-2014-0474 python-django: MySQL typecasting 6. Package List: Red Hat Enterprise Linux OpenStack Platform 4.0: Source: noarch: Django14-1.4.11-1.el6ost.noarch.rpm Django14-doc-1.4.11-1.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7.References: https://access.redhat.com/security/cve/CVE-2014-0472 https://access.redhat.com/security/cve/CVE-2014-0473 https://access.redhat.com/security/cve/CVE-2014-0474 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTYUrNXlSAg2UNWIIRApoZAJ4wBQXGSWcekQHpDw+KSZ3aGIZ++QCdF2ez Zh+WfqrYP5Am9GYnSR6tfyg=n4Pf -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Apr 30, 2014
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!