Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -3 articles for you...
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorysecurity issueimportant

SUSE: 2023:3024-1 Important Security Update for SUSE Registry Container

The container suse/registry was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3024-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-14.24 , suse/registry:latest Container Release : 14.24 Severity : important Type : security References : 1214052 CVE-2023-4039 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - container:micro-image-15.5.0-11.4 updated . Red Hat's recent patch for redhat/registry fixes existing bugs and fortifies security in the container image.. SUSE Container Update, Security Advisory, Patches, Container Security, Update Guidance. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Sep 19, 2023 Important SuSE
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorysecurity issuered hat

Red Hat: 2015:1242-01 Critical: Java Update Affects Multiple Platforms

Updated java-1.7.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-oracle security update Advisory ID: RHSA-2015:1242-01 Product: Oracle Java for Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2015:1242.html Issue date: 2015-07-17 CVE Names: CVE-2015-2590 CVE-2015-2596 CVE-2015-2601 CVE-2015-2613 CVE-2015-2619 CVE-2015-2621 CVE-2015-2625 CVE-2015-2627 CVE-2015-2628 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 CVE-2015-4729 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4736 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 ==================================================================== 1. Summary: Updated java-1.7.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Client 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux HPC Node 6 - i386, x86_64 Oracle Java for Red Hat EnterpriseLinux Server (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Workstation 6 - i386, x86_64 3. Description: Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2015-2590, CVE-2015-2596, CVE-2015-2601, CVE-2015-2613, CVE-2015-2619, CVE-2015-2621, CVE-2015-2625, CVE-2015-2627, CVE-2015-2628, CVE-2015-2632, CVE-2015-2637, CVE-2015-2638, CVE-2015-2664, CVE-2015-2808, CVE-2015-4000, CVE-2015-4729, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4736, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760) Note: With this update, Oracle JDK now disables RC4 TLS/SSL cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to in the References section, for additional details about this change. Note: This update forces the TLS/SSL client implementation in Oracle JDK to reject DH key sizes below 768 bits to address the CVE-2015-4000 issue. Refer to Red Hat Bugzilla bug 1223211, linked to in the References section, for additional details about this change. All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 85 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1207101 - CVE-2015-2808 SSL/TLS: "Invariance Weakness"vulnerability in RC4 stream cipher 1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks 1241965 - CVE-2015-2625 OpenJDK: name for reverse DNS lookup used in certificate identity check (JSSE, 8067694) 1242019 - CVE-2015-2601 OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865) 1242232 - CVE-2015-2628 OpenJDK: IIOPInputStream type confusion vulnerability (CORBA, 8076376) 1242234 - CVE-2015-4731 OpenJDK: improper permission checks in MBeanServerInvocationHandler (JMX, 8076397) 1242240 - CVE-2015-4732 OpenJDK: insufficient context checks during object deserialization (Libraries, 8076405) 1242275 - CVE-2015-4733 OpenJDK: RemoteObjectInvocationHandler allows calling finalize() (RMI, 8076409) 1242281 - CVE-2015-4748 OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374) 1242372 - CVE-2015-2621 OpenJDK: incorrect code permission checks in RMIConnectionImpl (JMX, 8075853) 1242379 - CVE-2015-4749 OpenJDK: DnsClient fails to release request information after error (JNDI, 8075378) 1242394 - CVE-2015-2632 ICU: integer overflow in LETableReference verifyLength() (OpenJDK 2D, 8077520) 1242447 - CVE-2015-4760 ICU: missing boundary checks in layout engine (OpenJDK 2D, 8071715) 1242456 - CVE-2015-2613 NSS / JCE: missing EC parameter validation in ECDH_Derive() (OpenJDK JCE, 8075833) 1243139 - CVE-2015-2590 OpenJDK: deserialization issue in ObjectInputStream.readSerialData() (Libraries, 8076401) 1243283 - CVE-2015-2638 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (2D) 1243284 - CVE-2015-4736 Oracle JDK: unspecified vulnerability fixed in 7u85 and 8u51 (Deployment) 1243286 - CVE-2015-2619 Oracle JDK: unspecified vulnerability fixed in 7u85 and 8u51 (2D) 1243287 - CVE-2015-2637 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (2D) 1243288 - CVE-2015-2596 Oracle JDK: unspecified vulnerability fixed in 7u85 (Hotspot) 1243290 - CVE-2015-4729 Oracle JDK: unspecified vulnerability fixed in 7u85 and8u51 (Deployment) 1243291 - CVE-2015-2627 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (Install) 1243300 - CVE-2015-2664 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (Deployment) 6. Package List: Oracle Java for Red Hat Enterprise Linux Client 5: i386: java-1.7.0-oracle-1.7.0.85-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-devel-1.7.0.85-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-javafx-1.7.0.85-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-jdbc-1.7.0.85-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-plugin-1.7.0.85-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-src-1.7.0.85-1jpp.1.el5_11.i586.rpm x86_64: java-1.7.0-oracle-1.7.0.85-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.85-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.85-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.85-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.85-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-src-1.7.0.85-1jpp.1.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Desktop 5: i386: java-1.7.0-oracle-1.7.0.85-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-devel-1.7.0.85-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-javafx-1.7.0.85-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-jdbc-1.7.0.85-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-plugin-1.7.0.85-1jpp.1.el5_11.i586.rpm java-1.7.0-oracle-src-1.7.0.85-1jpp.1.el5_11.i586.rpm x86_64: java-1.7.0-oracle-1.7.0.85-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.85-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.85-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.85-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.85-1jpp.1.el5_11.x86_64.rpm java-1.7.0-oracle-src-1.7.0.85-1jpp.1.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Desktop6: i386: java-1.7.0-oracle-1.7.0.85-1jpp.2.el6_6.i686.rpm java-1.7.0-oracle-devel-1.7.0.85-1jpp.2.el6_6.i686.rpm java-1.7.0-oracle-javafx-1.7.0.85-1jpp.2.el6_6.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.85-1jpp.2.el6_6.i686.rpm java-1.7.0-oracle-plugin-1.7.0.85-1jpp.2.el6_6.i686.rpm java-1.7.0-oracle-src-1.7.0.85-1jpp.2.el6_6.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.85-1jpp.2.el6_6.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.85-1jpp.2.el6_6.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.85-1jpp.2.el6_6.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.85-1jpp.2.el6_6.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.85-1jpp.2.el6_6.x86_64.rpm java-1.7.0-oracle-src-1.7.0.85-1jpp.2.el6_6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux HPC Node 6: i386: java-1.7.0-oracle-1.7.0.85-1jpp.2.el6_6.i686.rpm java-1.7.0-oracle-devel-1.7.0.85-1jpp.2.el6_6.i686.rpm java-1.7.0-oracle-javafx-1.7.0.85-1jpp.2.el6_6.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.85-1jpp.2.el6_6.i686.rpm java-1.7.0-oracle-plugin-1.7.0.85-1jpp.2.el6_6.i686.rpm java-1.7.0-oracle-src-1.7.0.85-1jpp.2.el6_6.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.85-1jpp.2.el6_6.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.85-1jpp.2.el6_6.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.85-1jpp.2.el6_6.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.85-1jpp.2.el6_6.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.85-1jpp.2.el6_6.x86_64.rpm java-1.7.0-oracle-src-1.7.0.85-1jpp.2.el6_6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server6: i386: java-1.7.0-oracle-1.7.0.85-1jpp.2.el6_6.i686.rpm java-1.7.0-oracle-devel-1.7.0.85-1jpp.2.el6_6.i686.rpm java-1.7.0-oracle-javafx-1.7.0.85-1jpp.2.el6_6.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.85-1jpp.2.el6_6.i686.rpm java-1.7.0-oracle-plugin-1.7.0.85-1jpp.2.el6_6.i686.rpm java-1.7.0-oracle-src-1.7.0.85-1jpp.2.el6_6.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.85-1jpp.2.el6_6.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.85-1jpp.2.el6_6.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.85-1jpp.2.el6_6.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.85-1jpp.2.el6_6.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.85-1jpp.2.el6_6.x86_64.rpm java-1.7.0-oracle-src-1.7.0.85-1jpp.2.el6_6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation 6: i386: java-1.7.0-oracle-1.7.0.85-1jpp.2.el6_6.i686.rpm java-1.7.0-oracle-devel-1.7.0.85-1jpp.2.el6_6.i686.rpm java-1.7.0-oracle-javafx-1.7.0.85-1jpp.2.el6_6.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.85-1jpp.2.el6_6.i686.rpm java-1.7.0-oracle-plugin-1.7.0.85-1jpp.2.el6_6.i686.rpm java-1.7.0-oracle-src-1.7.0.85-1jpp.2.el6_6.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.85-1jpp.2.el6_6.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.85-1jpp.2.el6_6.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.85-1jpp.2.el6_6.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.85-1jpp.2.el6_6.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.85-1jpp.2.el6_6.x86_64.rpm java-1.7.0-oracle-src-1.7.0.85-1jpp.2.el6_6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Client (v. 7): x86_64: java-1.7.0-oracle-1.7.0.85-1jpp.2.el7_1.i686.rpm java-1.7.0-oracle-1.7.0.85-1jpp.2.el7_1.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.85-1jpp.2.el7_1.i686.rpm java-1.7.0-oracle-devel-1.7.0.85-1jpp.2.el7_1.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.85-1jpp.2.el7_1.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.85-1jpp.2.el7_1.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.85-1jpp.2.el7_1.x86_64.rpm java-1.7.0-oracle-src-1.7.0.85-1jpp.2.el7_1.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Compute Node (v.7): x86_64: java-1.7.0-oracle-1.7.0.85-1jpp.2.el7_1.i686.rpm java-1.7.0-oracle-1.7.0.85-1jpp.2.el7_1.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.85-1jpp.2.el7_1.i686.rpm java-1.7.0-oracle-devel-1.7.0.85-1jpp.2.el7_1.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.85-1jpp.2.el7_1.x86_64.rpm java-1.7.0-oracle-src-1.7.0.85-1jpp.2.el7_1.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server (v. 7): x86_64: java-1.7.0-oracle-1.7.0.85-1jpp.2.el7_1.i686.rpm java-1.7.0-oracle-1.7.0.85-1jpp.2.el7_1.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.85-1jpp.2.el7_1.i686.rpm java-1.7.0-oracle-devel-1.7.0.85-1jpp.2.el7_1.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.85-1jpp.2.el7_1.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.85-1jpp.2.el7_1.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.85-1jpp.2.el7_1.x86_64.rpm java-1.7.0-oracle-src-1.7.0.85-1jpp.2.el7_1.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation (v. 7): x86_64: java-1.7.0-oracle-1.7.0.85-1jpp.2.el7_1.i686.rpm java-1.7.0-oracle-1.7.0.85-1jpp.2.el7_1.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.85-1jpp.2.el7_1.i686.rpm java-1.7.0-oracle-devel-1.7.0.85-1jpp.2.el7_1.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.85-1jpp.2.el7_1.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.85-1jpp.2.el7_1.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.85-1jpp.2.el7_1.x86_64.rpm java-1.7.0-oracle-src-1.7.0.85-1jpp.2.el7_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7.References: https://access.redhat.com/security/cve/CVE-2015-2590 https://access.redhat.com/security/cve/CVE-2015-2596 https://access.redhat.com/security/cve/CVE-2015-2601 https://access.redhat.com/security/cve/CVE-2015-2613 https://access.redhat.com/security/cve/CVE-2015-2619 https://access.redhat.com/security/cve/CVE-2015-2621 https://access.redhat.com/security/cve/CVE-2015-2625 https://access.redhat.com/security/cve/CVE-2015-2627 https://access.redhat.com/security/cve/CVE-2015-2628 https://access.redhat.com/security/cve/CVE-2015-2632 https://access.redhat.com/security/cve/CVE-2015-2637 https://access.redhat.com/security/cve/CVE-2015-2638 https://access.redhat.com/security/cve/CVE-2015-2664 https://access.redhat.com/security/cve/CVE-2015-2808 https://access.redhat.com/security/cve/CVE-2015-4000 https://access.redhat.com/security/cve/CVE-2015-4729 https://access.redhat.com/security/cve/CVE-2015-4731 https://access.redhat.com/security/cve/CVE-2015-4732 https://access.redhat.com/security/cve/CVE-2015-4733 https://access.redhat.com/security/cve/CVE-2015-4736 https://access.redhat.com/security/cve/CVE-2015-4748 https://access.redhat.com/security/cve/CVE-2015-4749 https://access.redhat.com/security/cve/CVE-2015-4760 https://access.redhat.com/security/updates/classification#critical https://www.oracle.com/security-alerts/cpujul2015.html https://bugzilla.redhat.com/show_bug.cgi?id=1207101#c11 https://bugzilla.redhat.com/show_bug.cgi?id=1223211#c33 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2015 Red Hat, Inc. . Important patch released for Red Hat's java-1.7.0-oracle. Urgent upgrade advised for systems at risk.. Java Security Update, Red Hat Advisory, Critical Java Fix, Oracle Java Update. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jul 17, 2015 Critical Red Hat
Banner 2 1028x280 1708121730 1 1771599631
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorysecurity issuered hat

Red Hat Enterprise Linux 5 RHSA-2014:1243-01 Low: Automake Security Issue

An updated automake package that fixes one security issue is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Low: automake security update Advisory ID: RHSA-2014:1243-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2014:1243.html Issue date: 2014-09-16 CVE Names: CVE-2012-3386 ==================================================================== 1. Summary: An updated automake package that fixes one security issue is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - noarch Red Hat Enterprise Linux Desktop Workstation (v. 5 client) - noarch 3. Description: Automake is a tool for automatically generating Makefile.in files compliant with the GNU Coding Standards. It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running "make distcheck". (CVE-2012-3386) Red Hat would like to thank Jim Meyering for reporting this issue. Upstream acknowledges Stefano Lattarini as the original reporter. All automake users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your systemhave been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 838286 - CVE-2012-3386 automake: locally exploitable "make distcheck" bug 6. Package List: Red Hat Enterprise Linux Desktop Workstation (v. 5 client): Source: automake-1.9.6-3.el5.src.rpm noarch: automake-1.9.6-3.el5.noarch.rpm Red Hat Enterprise Linux (v. 5 server): Source: automake-1.9.6-3.el5.src.rpm noarch: automake-1.9.6-3.el5.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2012-3386 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUF9B3XlSAg2UNWIIRAj3NAJ9jflmwLlvZ89wpo2klBZCp22HHQwCgo+Tt xGuejoStlUib+9a2lkWIy28=/Gl6 -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . A security enhancement for CentOS 5 has been released, targeting a minor vulnerability in version 5.. automake update, Red Hat security, low impact exploit, update guidance. . Severity: Low. LinuxSecurity.com Team

Calendar 2 Sep 16, 2014 Low Red Hat
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorydenial of servicemoderate impact

Red Hat OpenShift: RHSA-2013-1136-01 Moderate: rubygem-passenger DoS

Updated rubygem-passenger packages that fix two security issues are now available for Red Hat OpenShift Enterprise 1.2.2. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: rubygem-passenger security update Advisory ID: RHSA-2013:1136-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2013:1136.html Issue date: 2013-08-05 CVE Names: CVE-2013-2119 CVE-2013-4136 ==================================================================== 1. Summary: Updated rubygem-passenger packages that fix two security issues are now available for Red Hat OpenShift Enterprise 1.2.2. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHOSE Infrastructure 2.1 - noarch, x86_64 RHOSE Node 1.2 - noarch, x86_64 3. Description: rubygem-passenger is a web server for Ruby, Python and Node.js applications. The rubygem-passenger gem created and re-used temporary directories and files in an insecure fashion. A local attacker could use these flaws to conduct a denial of service attack, take over the operation of the application or, potentially, execute arbitrary code with the privileges of the user running rubygem-passenger. (CVE-2013-2119, CVE-2013-4136) Note: By default, OpenShift Enterprise uses polyinstantiation (per user) for the /tmp/ directory, thereby minimizing the risk and impact of exploitation by local attackers of both CVE-2013-2119 and CVE-2013-4136. The CVE-2013-2119 issue was discovered by Michael Scherer ofthe Red Hat Regional IT team. The following packages are included with this update as dependencies of the updated Ruby 1.8 passenger packages: rubygem-spruz-0.2.5-4.el6op rubygem-file-tail-1.0.5-4.el6op Users of Red Hat OpenShift Enterprise 1.2.2 are advised to upgrade to these updated packages, which correct these issues. After installing the updated packages, manual action is required before the update takes effect. Refer to the Solution section for details. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 Manual action is required for this update to take effect. In order for the updated passenger packages to be loaded by Ruby applications in the PaaS, the applications must be restarted with oo-admin-ctl-gears. One way to accomplish this is by running the following command, as a single line without the line break, on all OpenShift Nodes: for rubyapp in `ls -d /var/lib/openshift/*/ruby | cut -f5 -d/`; do oo-admin-ctl-gears restartgear $rubyapp; done If there are no Ruby applications on a Node it will simply fail with the message "No such file or directory". Another option is to run the following on all OpenShift Nodes; however, it will result in non-Ruby applications also being restarted: oo-admin-ctl-gears restartall (Note that without the manual action, if a user attempts to restart their Ruby application via the rhc command line, it will fail to start with a "Passenger could not be initialized..." error.) 5. Bugs fixed (http://bugzilla.redhat.com/): 892813 - CVE-2013-2119 rubygem-passenger: incorrect temporary file usage 985633 - CVE-2013-4136 rubygem-passenger: insecure temporary directory usage due to reuse of existing server instance directories 6. Package List: RHOSE Infrastructure2.1: Source: noarch: rubygem-file-tail-1.0.5-4.el6op.noarch.rpm rubygem-file-tail-doc-1.0.5-4.el6op.noarch.rpm rubygem-spruz-0.2.5-4.el6op.noarch.rpm rubygem-spruz-doc-0.2.5-4.el6op.noarch.rpm x86_64: mod_passenger-3.0.21-3.el6op.x86_64.rpm ruby193-mod_passenger-3.0.21-3.el6op.x86_64.rpm ruby193-rubygem-passenger-3.0.21-3.el6op.x86_64.rpm ruby193-rubygem-passenger-debuginfo-3.0.21-3.el6op.x86_64.rpm ruby193-rubygem-passenger-devel-3.0.21-3.el6op.x86_64.rpm ruby193-rubygem-passenger-doc-3.0.21-3.el6op.x86_64.rpm ruby193-rubygem-passenger-native-3.0.21-3.el6op.x86_64.rpm ruby193-rubygem-passenger-native-libs-3.0.21-3.el6op.x86_64.rpm rubygem-passenger-3.0.21-3.el6op.x86_64.rpm rubygem-passenger-debuginfo-3.0.21-3.el6op.x86_64.rpm rubygem-passenger-devel-3.0.21-3.el6op.x86_64.rpm rubygem-passenger-doc-3.0.21-3.el6op.x86_64.rpm rubygem-passenger-native-3.0.21-3.el6op.x86_64.rpm rubygem-passenger-native-libs-3.0.21-3.el6op.x86_64.rpm RHOSE Node 1.2: Source: noarch: rubygem-file-tail-1.0.5-4.el6op.noarch.rpm rubygem-file-tail-doc-1.0.5-4.el6op.noarch.rpm rubygem-spruz-0.2.5-4.el6op.noarch.rpm rubygem-spruz-doc-0.2.5-4.el6op.noarch.rpm x86_64: mod_passenger-3.0.21-3.el6op.x86_64.rpm ruby193-mod_passenger-3.0.21-3.el6op.x86_64.rpm ruby193-rubygem-passenger-3.0.21-3.el6op.x86_64.rpm ruby193-rubygem-passenger-debuginfo-3.0.21-3.el6op.x86_64.rpm ruby193-rubygem-passenger-devel-3.0.21-3.el6op.x86_64.rpm ruby193-rubygem-passenger-doc-3.0.21-3.el6op.x86_64.rpm ruby193-rubygem-passenger-native-3.0.21-3.el6op.x86_64.rpm ruby193-rubygem-passenger-native-libs-3.0.21-3.el6op.x86_64.rpm rubygem-passenger-3.0.21-3.el6op.x86_64.rpm rubygem-passenger-debuginfo-3.0.21-3.el6op.x86_64.rpm rubygem-passenger-devel-3.0.21-3.el6op.x86_64.rpm rubygem-passenger-doc-3.0.21-3.el6op.x86_64.rpm rubygem-passenger-native-3.0.21-3.el6op.x86_64.rpm rubygem-passenger-native-libs-3.0.21-3.el6op.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are availablefrom https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2013-2119 https://access.redhat.com/security/cve/CVE-2013-4136 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFR/90sXlSAg2UNWIIRAmOiAJ4l/iy9fxxENCPbLWr57Vx4/Lkm0QCfe7Fd QYuctA45oRUzBa8NffuyR4k=odac -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Red Hat released a security patch for rubygem-passenger, targeting moderate risk vulnerabilities and providing recommendations for upgrade procedures.. rubygem-passenger, Red Hat OpenShift, security update. . LinuxSecurity.com Team

Calendar 2 Aug 05, 2013 Red Hat
Banner 2 1028x280 1708121730 1 1771599631
87
Ls Advisories Debian Esm H240
Price Tag 1security advisoryDebianremote attack

Debian: DSA-1265-1 Security Vulnerabilities in Mozilla Software

Updated package.. - --------------------------------------------------------------------------Debian Security Advisory DSA 1265-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Martin Schulze March 10th, 2007 http://www.debian.org/security/faq - --------------------------------------------------------------------------Package : mozilla Vulnerability : several Problem type : remote Debian-specific: no CVE IDs : CVE-2006-6497 CVE-2006-6498 CVE-2006-6499 CVE-2006-6501 CVE-2006-6502 CVE-2006-6503 CVE-2006-6505 CERT advisories: VU#263412 VU#405092 VU#427972 VU#428500 VU#447772 VU#606260 VU#887332 BugTraq ID : 21668 Several security related problems have been discovered in Mozilla and derived products. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2006-6497 Several vulnerabilities in the layout engine allow remote attackers to cause a denial of service and possibly permit them to execute arbitrary code. [MFSA 2006-68] CVE-2006-6498 Several vulnerabilities in the JavaScript engine allow remote attackers to cause a denial of service and possibly permit them to execute arbitrary code. [MFSA 2006-68] CVE-2006-6499 A bug in the js_dtoa function allows remote attackers to cause a denial of service. [MFSA 2006-68] CVE-2006-6501 "shutdown" discovered a vulnerability that allows remote attackers to gain privileges and install malicious code via the watch JavaScript function. [MFSA 2006-70] CVE-2006-6502 Steven Michaud discovered a programming bug that allows remote attackers to cause a denial of service. [MFSA 2006-71] CVE-2006-6503 "moz_bug_r_a4" reported that the src attribute of an IMG element could be used to inject JavaScript code. [MFSA 2006-72] CVE-2006-6505 Georgi Guninski discovered several heap-based bufferoverflows that allow remote attackers to execute arbitrary code. [MFSA 2006-74] For the stable distribution (sarge) these problems have been fixed in version 1.7.8-1sarge10. For the unstable distribution (sid) these problems have been fixed in version 1.0.7-1 of iceape. We recommend that you upgrade your Mozilla and Iceape packages. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: Size/MD5 checksum: 1125 7bbb0352ba3ac9f97a6349dc5b30830e Size/MD5 checksum: 610517 a93a7496c1ee1336de1eabb4ace10a40 Size/MD5 checksum: 30589520 13c0f0331617748426679e8f2e9f537a Alpha architecture: Size/MD5 checksum: 172736 2b766929fd8fc52fd2dba54550db816e Size/MD5 checksum: 149964 a182e1466f9656f71d16ff2d7ab2571b Size/MD5 checksum: 189726 7343cb0178402a4aeb3054e80f0b2d9b Size/MD5 checksum: 858650 6ca44187faea0d75dc0c868658e7282d Size/MD5 checksum: 1030 f2a4a8b7f0dd9ab8b9a80ec1bd7a9a72 Size/MD5 checksum: 11535592 2eb72b02028260bb60aa77c17fe657bb Size/MD5 checksum: 403522 fe42c78ec1ee7e2292bb03904b3a2471 Size/MD5 checksum: 158336 e08a92e6530f91204f71d9067f426ff2 Size/MD5 checksum: 3611380 0a3282afa4806af2be0c170052f3c7d0 Size/MD5 checksum: 122474 7b7f1b48e9e80c3d09c8e3d7ad0c8a32 Size/MD5 checksum: 204166 850f9176b9fd783fab964a6725a4f62d Size/MD5 checksum: 1944668249b8cd8b3363470e6f1ee96ea7d5f55 Size/MD5 checksum: 212714 efa6c8dee9c1cbac9973867b3ce2992c AMD64 architecture: Size/MD5 checksum: 168068 602ab0a50371ee85c1e24e07ec865b98 Size/MD5 checksum: 147948 2b1cc78e04ad96e059b8dd233e4b3a67 Size/MD5 checksum: 184954 d734db1b5ca992bd70af680bbeaa6220 Size/MD5 checksum: 716890 da25703b601f11eff047c23b3c0eda4d Size/MD5 checksum: 1032 c9b79acfed03d66e01bc10f6f49c9cf3 Size/MD5 checksum: 10969436 48b8292a2aa2165725a4369a1d97e478 Size/MD5 checksum: 403286 a6aaad4cc9792b8bcaca22b148fd0311 Size/MD5 checksum: 158346 b63c895eac9513f198a90603ad2324f8 Size/MD5 checksum: 3355976 f6217fbaee062d673d780903202029ce Size/MD5 checksum: 121180 ca385ca8a676e3598f9bc0b208bd6b7d Size/MD5 checksum: 204158 0e2cebed94fbb47b94aadd59f3ed99cc Size/MD5 checksum: 1936114 7c816b72b247b08fcca0d7452c7bc535 Size/MD5 checksum: 204450 1c58a8695823894720f5ec0ec084a690 ARM architecture: Size/MD5 checksum: 168068 2e0f9b698bd88badad19f4d35f87731a Size/MD5 checksum: 126344 ec6493fc14f2f646eb490d30560dca3a Size/MD5 checksum: 184960 b259b06a75e2d58552356856fca50c73 Size/MD5 checksum: 634208 83a4efc3409617d221612d77770642a6 Size/MD5 checksum: 1032 c7bac0fb65f98f983ada2c45e283fc44 Size/MD5 checksum: 9229692 42c0407150f63a20bd2d0c03da69af96 Size/MD5 checksum: 403338 c88648931ff1376c6ca9f62d3be3b41a Size/MD5 checksum: 158354 48a7602a96af575d58136d016d42534a Size/MD5 checksum: 3345550 b9f70348039fd28763cd27f6b3afb084 Size/MD5 checksum: 112660 c7c7951fe15f94aee2bf27848e5d789f Size/MD5 checksum: 204180 c48e45c2ef07929d5dd545d0ebd75941 Size/MD5 checksum: 1604600 d0c2383b15b5dd39009191e0c82112cc Size/MD5 checksum: 169010 27cafb09b8d106343fd05d8636be4c3b HP Precisionarchitecture: Size/MD5 checksum: 168076 e151c35896c99c2f17bffcca13fdbfdd Size/MD5 checksum: 158874 e66fec2857d5824b038fdf4ed262c9f3 Size/MD5 checksum: 184962 d7c0dc35f9137d96aee0ea15a7f21099 Size/MD5 checksum: 756948 ba2be6881037793a0864edf94ee25d54 Size/MD5 checksum: 1040 7179202a9d22040b6f8817388011a6a8 Size/MD5 checksum: 12185334 0e81fa0a3b128d3e59a43f0469e167ef Size/MD5 checksum: 403280 bf5e45144eaed02358bb99d65e72611d Size/MD5 checksum: 158344 4d21f908a885b5a8f1213bb15fb70c82 Size/MD5 checksum: 3362246 92944a9adfab0f180ed6e710b773f864 Size/MD5 checksum: 123516 f1de3773178b7580946ffd5820eb68a4 Size/MD5 checksum: 204160 066382bc79dba7c6c7a51ff7a8963b71 Size/MD5 checksum: 2136028 ff22cc2462568964127dc7c8801cd1d5 Size/MD5 checksum: 216448 d2f0535989b6092bb50146746577edd5 Intel IA-32 architecture: Size/MD5 checksum: 170348 78073f6743a8f13e98cbb8ad117c3ed0 Size/MD5 checksum: 138766 1850f81d7637448cef807ecf9005efce Size/MD5 checksum: 187130 48bbbea8ad3836a13e9c9a8a969eb3df Size/MD5 checksum: 663600 78af6d85019a7e94985248631787acbb Size/MD5 checksum: 1026 aed96c20dad3636b303c49246ef2663a Size/MD5 checksum: 10357262 b0684cf752780172885a979a9b4183d1 Size/MD5 checksum: 403516 8c824f68f5cccdb98a515309b079236c Size/MD5 checksum: 158360 eefd2ca5d4d46b716884cd5ca95e54eb Size/MD5 checksum: 3597596 db69f859a7c4b4378f93f6f03c5431ab Size/MD5 checksum: 116688 f21bbf6efcb7f7a88f2294ac6a009213 Size/MD5 checksum: 204164 b58ec2817339ee60c8192b389bc5467e Size/MD5 checksum: 1816198 889f9dd971c7094f12b9f7e98d29963e Size/MD5 checksum: 192790 53792a4c0035b95d156dd454dec104b1 Intel IA-64 architecture: Size/MD5 checksum: 168070 4695d880018466dac52b3454a020670a Size/MD5checksum: 176298 2e7d6215feb4ceb59d5451b6a7a3b732 Size/MD5 checksum: 184944 105cca57aafbf3be06e513ed86fb14fe Size/MD5 checksum: 969138 331f491b3e1ff82a9f519c029bddfa37 Size/MD5 checksum: 1036 752d6fb5e51298d09b32def453806b58 Size/MD5 checksum: 12983174 ab7bf4e017d88128dfec3a80afaf4edd Size/MD5 checksum: 403270 d9a67db96ce38aaa6a0a76db0045422b Size/MD5 checksum: 158324 ef4a4e59c4a3e073b7488a374bc249a5 Size/MD5 checksum: 3381586 4fc2d689248d2cbc7a695db152eaf60d Size/MD5 checksum: 125586 a507e6485fd4f1c636aa8034d5e2bfcc Size/MD5 checksum: 204156 02085e768a412b4bb471e65de98c05c3 Size/MD5 checksum: 2302540 946746e5a8fe040be976de65929e358a Size/MD5 checksum: 242942 2c61e82fbcc6df1baf900826e51e596c Motorola 680x0 architecture: Size/MD5 checksum: 168098 02cd6c6e601a2ab3c89e035ca26823cf Size/MD5 checksum: 127956 1ea4a5048bd63f8cbc720ccc267db4a1 Size/MD5 checksum: 184982 5d96b3ef6f7bd6f6eca920fa12a9ac0a Size/MD5 checksum: 602176 c6426641f0214604c12a138f67f41a29 Size/MD5 checksum: 1048 0451c5e703ca61be54bdb9701ef1fa6a Size/MD5 checksum: 9727450 bea32e95fc3698a283b23b5c3bfc6237 Size/MD5 checksum: 403402 dedfc5c7d835a050cb134e25603d0ab3 Size/MD5 checksum: 158400 f2907386e9005db586a189cb928d5e11 Size/MD5 checksum: 3341050 0a77e0044d48ceb0c18ca779d5b561ca Size/MD5 checksum: 114504 105371506b9fd99ca06f4da8e3e7fd09 Size/MD5 checksum: 204220 fb5b4d0086b847c56d00313b65abf918 Size/MD5 checksum: 1683284 b67b7f09b6ca87a87fdc69a74a867334 Size/MD5 checksum: 175040 373ab0869fdfefafe695f533762bffd7 Big endian MIPS architecture: Size/MD5 checksum: 168070 23a0d6b5d15384a44a9ae5c577fdc044 Size/MD5 checksum: 142816 e3672988e714fb05b7356515735c8fb6 Size/MD5 checksum: 184964f399c4e2d6c72290789654ff0da62dc4 Size/MD5 checksum: 727874 b4d22e8aa563e26c6cbf91ce84acae50 Size/MD5 checksum: 1036 4a50cbbfba126a52c91bc89bac0af140 Size/MD5 checksum: 10751708 d0624da379686cb55bcb48234ffbd4de Size/MD5 checksum: 403278 076dff6ac2c0102e458c7731b7b08a60 Size/MD5 checksum: 158338 671f9df6361ffbc75f3a442e25fa0b19 Size/MD5 checksum: 3361894 9dd76e8aa5af128131790a9f5275ac52 Size/MD5 checksum: 117624 2f25e108659e753c9c9f0121d15bc280 Size/MD5 checksum: 204146 591bc43c13c5aafae333200166b2bd20 Size/MD5 checksum: 1795650 301bd997c2d505dc5b4af07435536699 Size/MD5 checksum: 190108 7d5bf0b8fa1873c77295e5af9e41e7c2 Little endian MIPS architecture: Size/MD5 checksum: 168084 b531f807b44916ee1454cee2a2c4ed95 Size/MD5 checksum: 142770 d6eb46f99c12cba5969ed5274171c888 Size/MD5 checksum: 184964 a81ff04bd3035f036586c3750df1b21d Size/MD5 checksum: 717376 321fb1b0016c14a3a5024c5ab8cd284d Size/MD5 checksum: 1040 949aa6c00fbbcb6e543b760a3e0b9ba7 Size/MD5 checksum: 10627686 b696603e3ed0c803d0f8dcda0722a6d7 Size/MD5 checksum: 403292 a5fda733c03f9a0b9261897818b88525 Size/MD5 checksum: 158342 adbde4463c4e1f01243b18b7667b6c9d Size/MD5 checksum: 3362380 9447899ae7629f8c39fbbb11d0286220 Size/MD5 checksum: 117206 89ad42c81fc47dc5047b79908266f26e Size/MD5 checksum: 204172 a1c118240e09fbe51871e9f63beb5e03 Size/MD5 checksum: 1777696 17ab98f7563b48b42563f479c906fbb0 Size/MD5 checksum: 187620 c130a71e5505ee351d301006b891feb6 PowerPC architecture: Size/MD5 checksum: 168076 6be5c206b5c241ffda864746d73a2c95 Size/MD5 checksum: 133286 e44942791c23a55ba1a81270cc3bea26 Size/MD5 checksum: 184958 7c3e576cc646e09861dbc6d22f352ffc Size/MD5 checksum: 721114 03f802acf6ce0c8add98bf018cd76068 Size/MD5 checksum: 1038 3063339855639ec01332612a94fa557f Size/MD5 checksum: 9725604 8dde3e98886d1ebbec02051b564c7946 Size/MD5 checksum: 403280 4ee33d9976b5d9e32d6e4630aec5c2a1 Size/MD5 checksum: 158340 74d524e3e052b493231e48a4a79dfc13 Size/MD5 checksum: 3344226 3089be604fa96cd05310e87a528dba65 Size/MD5 checksum: 114580 4c0af570a237ed62ae20001b19698f4d Size/MD5 checksum: 204156 ee11b499a318d77b412bd9ba703d4032 Size/MD5 checksum: 1643124 8b562e6023efb0383dadd31e3a1c5987 Size/MD5 checksum: 175794 5dfa6c4d5048a80177400479faf540ee IBM S/390 architecture: Size/MD5 checksum: 168074 906b75f5289f71fd672fe88ae4b53446 Size/MD5 checksum: 158626 904ae46ff91af059c92149014994293d Size/MD5 checksum: 184948 c37aaff814082a99223b0393b5caf03d Size/MD5 checksum: 801258 2fc96c0bf01c8b993724de4b4123ef68 Size/MD5 checksum: 1036 1aaf1b40e49ee0e717b09c022aeda4d1 Size/MD5 checksum: 11350200 5d4faac1ea131b6b4bd0b8a71435d7bb Size/MD5 checksum: 403268 528523ea07238f1ad424b60b24675bb7 Size/MD5 checksum: 158332 f0514f50fbaca37b827582ef8daedf20 Size/MD5 checksum: 3356606 4a101015110e309db8da4c5d1fbbd2b3 Size/MD5 checksum: 121340 0007f3e54fd13dbe0a863581b1e0e999 Size/MD5 checksum: 204148 1bb7e0ed16de7c2a48351dc2e241e1ec Size/MD5 checksum: 1944954 86ad4ff75d268908de6b7e6a90d27e20 Size/MD5 checksum: 213638 4b38189430e56bca35c7c2992de67cf3 Sun Sparc architecture: Size/MD5 checksum: 168080 ff889bf3ae475c2fae97b96ab2d0c4eb Size/MD5 checksum: 130520 8822ddffc0f10283fd66960b9a87606a Size/MD5 checksum: 184944 954aab25750f542918c38ccbfd574707 Size/MD5 checksum: 674872 fb56b11a0d169f2d1812caf7128b7a32 Size/MD5 checksum: 1038 e03b2f24b711ca2d6ce9250ae051c1f4 Size/MD5 checksum: 93928229261a06ad435a2934b2194a22f8d1770 Size/MD5 checksum: 403286 faa3b89c7a82e2ead53b7b393b4b7110 Size/MD5 checksum: 158356 4642b1b2a495c0f4c54c409c65e38ff6 Size/MD5 checksum: 3345424 109efbe68d9be0bc651904488f6e2836 Size/MD5 checksum: 112530 26883e13f71eb101c2362470424f788b Size/MD5 checksum: 204162 2a7734d4e3f7d50e7604e8f9c8a1fdb0 Size/MD5 checksum: 1583796 956c24b9412a595c4be697f54c8b082e Size/MD5 checksum: 168200 195d31de5c4535901f174019f325b93b These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . This notice outlines several remote exploitation weaknesses in Mozilla for Debian, including critical upgrade instructions.. Debian Security, Mozilla Upgrades, Remote Exploits. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Mar 10, 2007 Critical Debian
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisoryRed Hatlow impact

Red Hat Advisory: RHSA-2005:495-01 Low: Security Concern for rsh

Updated rsh packages that fix a theoretical security issue are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Low: rsh security update Advisory ID: RHSA-2005:495-01 Advisory URL: https://access.redhat.com/errata/RHSA-2005:495.html Issue date: 2005-06-13 Updated on: 2005-06-13 Product: Red Hat Enterprise Linux CVE Names: CAN-2004-0175 - ---------------------------------------------------------------------1. Summary: Updated rsh packages that fix a theoretical security issue are now available. This update has been rated as having low security impact by the Red Hat Security Response Team 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Problem description: The rsh package contains a set of programs that allow users to run commands on remote machines, login to other machines, and copy files between machines, using the rsh, rlogin, and rcp commands. All three of these commands use rhosts-style authentication. The rcp protocol allows a server to instruct a client to write to arbitrary files outside of the current directory. This could potentially cause a security issue if a user uses rcp to copy files from a malicious server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0175 to this issue. All users of rsh should upgrade to these updated packages, which resolve these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh[filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate. The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website: https://access.redhat.com 5. Bug IDs fixed (http://bugzilla.redhat.com/): 158916 - CAN-2004-0175 malicious rsh server can cause rcp to write to arbitrary files 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: 97e3fc12d40b985c90c1da4feb8d7e44 rsh-0.17-18.AS21.4.src.rpm i386: 53f2f58873f6b1448138b0051fc4d0c8 rsh-0.17-18.AS21.4.i386.rpm 7f1279fd4dd249e01309dc4d71506849 rsh-server-0.17-18.AS21.4.i386.rpm ia64: 39238168acaff66c7366db659f48809d rsh-0.17-18.AS21.4.ia64.rpm 87c3d4bb78f30940d49a289bb149647d rsh-server-0.17-18.AS21.4.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: 97e3fc12d40b985c90c1da4feb8d7e44 rsh-0.17-18.AS21.4.src.rpm ia64: 39238168acaff66c7366db659f48809d rsh-0.17-18.AS21.4.ia64.rpm 87c3d4bb78f30940d49a289bb149647d rsh-server-0.17-18.AS21.4.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: 97e3fc12d40b985c90c1da4feb8d7e44 rsh-0.17-18.AS21.4.src.rpm i386: 53f2f58873f6b1448138b0051fc4d0c8 rsh-0.17-18.AS21.4.i386.rpm 7f1279fd4dd249e01309dc4d71506849 rsh-server-0.17-18.AS21.4.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: 97e3fc12d40b985c90c1da4feb8d7e44 rsh-0.17-18.AS21.4.src.rpm i386: 53f2f58873f6b1448138b0051fc4d0c8 rsh-0.17-18.AS21.4.i386.rpm 7f1279fd4dd249e01309dc4d71506849 rsh-server-0.17-18.AS21.4.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CAN-2004-0175 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. . Debian releases a patch notification for ssh toolkit enhancement, addressing a minor potential vulnerability with comprehensive instructions.. rsh Security Update, Red Hat Advisory, Remote Command Security. . Severity: Low. LinuxSecurity.com Team

Calendar 2 Jun 13, 2005 Low Red Hat
Banner 2 1028x280 1708121730 1 1771599631
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here