Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
98
security advisoryRed Hatlocal privilege escalationRed Hat: RHSA-2020-0595-01 Moderate: Procps-NG Local Escalation Update
An update for procps-ng is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: procps-ng security update Advisory ID: RHSA-2020:0595-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:0595 Issue date: 2020-02-25 CVE Names: CVE-2018-1122 ==================================================================== 1. Summary: An update for procps-ng is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.4) - x86_64 3. Description: The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx. Security Fix(es): * procps-ng, procps: Local privilege escalation in top (CVE-2018-1122) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, andother related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1575466 - CVE-2018-1122 procps-ng, procps: Local privilege escalation in top 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.4): Source: procps-ng-3.3.10-16.el7_4.2.src.rpm x86_64: procps-ng-3.3.10-16.el7_4.2.i686.rpm procps-ng-3.3.10-16.el7_4.2.x86_64.rpm procps-ng-debuginfo-3.3.10-16.el7_4.2.i686.rpm procps-ng-debuginfo-3.3.10-16.el7_4.2.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.4): Source: procps-ng-3.3.10-16.el7_4.2.src.rpm ppc64le: procps-ng-3.3.10-16.el7_4.2.ppc64le.rpm procps-ng-debuginfo-3.3.10-16.el7_4.2.ppc64le.rpm x86_64: procps-ng-3.3.10-16.el7_4.2.i686.rpm procps-ng-3.3.10-16.el7_4.2.x86_64.rpm procps-ng-debuginfo-3.3.10-16.el7_4.2.i686.rpm procps-ng-debuginfo-3.3.10-16.el7_4.2.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.4): Source: procps-ng-3.3.10-16.el7_4.2.src.rpm x86_64: procps-ng-3.3.10-16.el7_4.2.i686.rpm procps-ng-3.3.10-16.el7_4.2.x86_64.rpm procps-ng-debuginfo-3.3.10-16.el7_4.2.i686.rpm procps-ng-debuginfo-3.3.10-16.el7_4.2.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.4): x86_64: procps-ng-debuginfo-3.3.10-16.el7_4.2.i686.rpm procps-ng-debuginfo-3.3.10-16.el7_4.2.x86_64.rpm procps-ng-devel-3.3.10-16.el7_4.2.i686.rpm procps-ng-devel-3.3.10-16.el7_4.2.x86_64.rpm procps-ng-i18n-3.3.10-16.el7_4.2.x86_64.rpm Red Hat Enterprise Linux Server Optional E4S (v.7.4): ppc64le: procps-ng-debuginfo-3.3.10-16.el7_4.2.ppc64le.rpm procps-ng-devel-3.3.10-16.el7_4.2.ppc64le.rpm procps-ng-i18n-3.3.10-16.el7_4.2.ppc64le.rpm x86_64: procps-ng-debuginfo-3.3.10-16.el7_4.2.i686.rpm procps-ng-debuginfo-3.3.10-16.el7_4.2.x86_64.rpm procps-ng-devel-3.3.10-16.el7_4.2.i686.rpm procps-ng-devel-3.3.10-16.el7_4.2.x86_64.rpm procps-ng-i18n-3.3.10-16.el7_4.2.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.4): x86_64: procps-ng-debuginfo-3.3.10-16.el7_4.2.i686.rpm procps-ng-debuginfo-3.3.10-16.el7_4.2.x86_64.rpm procps-ng-devel-3.3.10-16.el7_4.2.i686.rpm procps-ng-devel-3.3.10-16.el7_4.2.x86_64.rpm procps-ng-i18n-3.3.10-16.el7_4.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2018-1122 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXlUO5tzjgjWX9erEAQjV+A/8CvU1SujXZAgD1jWIaHxfh9WpjoaNWTys D76UjDMlxuzKriPN1wKYjJTPYLS7XKkNUIkS/E6MyXviPJNjMU9Yp53737ySBofn 92tbVFJyJz6tAjq3cC2nf6XVeS4hFbhhrKvZQjYjY3hqILvlHD3YB2d5jQ6QKoXp iZ/kkCMrSZi4qgAEgGIV2g+ZwXSODkCY0/364Z4ScBbH3h/eSFwxLCvrLSkxa7yC 9bI4ZXU3sOX6koL7I5OMsZTFipKjzhJUj/UNPa0quNbp8AzKeLBbCxvUkKWEEAoQ U56+mL5gTQw/MFaTmkwn4fnGCaHPKPv76hOogc7zOZ5BvgygHrgS/YnKl2ZNRJD1 ySBGQzQnZK3Fun/bYIEORDJYHJQzNax53wSqe3fLtLlxukkEyI6dBwMXVYHm+ikz HgEFQGJkd0OyU/AMd6Hxe7275kHbz/mTpQBDyKwZ8zkE/kR/PkGrTs6Y0A8ptmEl H4REwX0hT1H1zteUGOh5HsdjYAboNFezr/Lt0yPs8JPJ18FAF9S0dGR+LPeJyPLa basseRMFLEHV9pZbORb9euBuDAg82mKYofBZzaj7GkPfjuyn5s62VRMZOxDJpUw0 Xojw6sSkpj1AnNPIAXEqhkLSy6gl9990C/gmTyMCANSH/0xAafaFHAU9hjKXVgm6 hz0B73pqILI=AeJY -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Feb 25, 2020
•Important
Red Hat
98
security advisorycommand executionred hat enterprise linuxRed Hat Enterprise Linux 6 RHSA-2018-1199-01 Important Command Exec Threat
An update for patch is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: patch security update Advisory ID: RHSA-2018:1199-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:1199 Issue date: 2018-04-23 CVE Names: CVE-2018-1000156 ==================================================================== 1. Summary: An update for patch is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file (patching the file). Patch should be installed because it is a common way of upgrading applications. Security Fix(es): * patch: Malicious patch files cause ed to execute arbitrary commands (CVE-2018-1000156) For more details about the security issue(s), including the impact, a CVSS score, and other related information,refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1564326 - CVE-2018-1000156 patch: Malicious patch files cause ed to execute arbitrary commands 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: patch-2.6-8.el6_9.src.rpm i386: patch-2.6-8.el6_9.i686.rpm patch-debuginfo-2.6-8.el6_9.i686.rpm x86_64: patch-2.6-8.el6_9.x86_64.rpm patch-debuginfo-2.6-8.el6_9.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: patch-2.6-8.el6_9.src.rpm x86_64: patch-2.6-8.el6_9.x86_64.rpm patch-debuginfo-2.6-8.el6_9.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: patch-2.6-8.el6_9.src.rpm i386: patch-2.6-8.el6_9.i686.rpm patch-debuginfo-2.6-8.el6_9.i686.rpm ppc64: patch-2.6-8.el6_9.ppc64.rpm patch-debuginfo-2.6-8.el6_9.ppc64.rpm s390x: patch-2.6-8.el6_9.s390x.rpm patch-debuginfo-2.6-8.el6_9.s390x.rpm x86_64: patch-2.6-8.el6_9.x86_64.rpm patch-debuginfo-2.6-8.el6_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: patch-2.6-8.el6_9.src.rpm i386: patch-2.6-8.el6_9.i686.rpm patch-debuginfo-2.6-8.el6_9.i686.rpm x86_64: patch-2.6-8.el6_9.x86_64.rpm patch-debuginfo-2.6-8.el6_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-1000156 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFa3hjUXlSAg2UNWIIRAomXAJ94xN9tteIl0fmStt5ShYzlNSCaiQCgn8PQ 7/+yd3m9ZODlJIXFxPAbo1s=hDKK -----END PGP SIGNATURE----- -- RHSA-announce mailinglist
Apr 23, 2018
•Important
Red Hat
98
security advisorykernel updatered hat enterpriseRed Hat 6.4 RHSA-2014:0284-01 Critical: Kernel Update for Security Issues
Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6.4 Extended Update Support. The Red Hat Security Response Team has rated this update as having [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2014:0284-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2014:0284.html Issue date: 2014-03-11 CVE Names: CVE-2013-2851 CVE-2013-4387 CVE-2013-4470 CVE-2013-4591 CVE-2013-6367 CVE-2013-6368 CVE-2013-6381 ==================================================================== 1. Summary: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6.4 Extended Update Support. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4) - x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.4) - noarch, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.4) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.4) - i386, ppc64, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload (UFO) feature was enabled. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-4387, Important) * A flaw was found in the way the Linuxkernel's TCP/IP protocol suite implementation handled sending of certain UDP packets over sockets that used the UDP_CORK option when the UDP Fragmentation Offload (UFO) feature was enabled on the output device. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges on the system. (CVE-2013-4470, Important) * A divide-by-zero flaw was found in the apic_get_tmcct() function in KVM's Local Advanced Programmable Interrupt Controller (LAPIC) implementation. A privileged guest user could use this flaw to crash the host. (CVE-2013-6367, Important) * A memory corruption flaw was discovered in the way KVM handled virtual APIC accesses that crossed a page boundary. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-6368, Important) * A buffer overflow flaw was found in the way the qeth_snmp_command() function in the Linux kernel's QETH network device driver implementation handled SNMP IOCTL requests with an out-of-bounds length. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-6381, Important) * It was found that the fix for CVE-2012-2375 released via RHSA-2012:1580 accidentally removed a check for small-sized result buffers. A local, unprivileged user with access to an NFSv4 mount with ACL support could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-4591, Moderate) * A format string flaw was found in the Linux kernel's block layer. A privileged, local user could potentially use this flaw to escalate their privileges to kernel level (ring0). (CVE-2013-2851, Low) Red Hat would like to thank Hannes Frederic Sowa for reporting CVE-2013-4470, Andrew Honig of Google for reporting CVE-2013-6367 and CVE-2013-6368, and Kees Cook for reporting CVE-2013-2851. This update also fixes several bugs. Documentation for these changes will beavailable shortly from the Technical Notes document linked to in the References section. All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 969515 - CVE-2013-2851 kernel: block: passing disk names as format strings 1011927 - CVE-2013-4387 Kernel: net: IPv6: panic when UFO=On for an interface 1023477 - CVE-2013-4470 Kernel: net: memory corruption with UDP_CORK and UFO 1031678 - CVE-2013-4591 kernel: nfs: missing check for buffer length in __nfs4_get_acl_uncached 1032207 - CVE-2013-6367 kvm: division by zero in apic_get_tmcct() 1032210 - CVE-2013-6368 kvm: cross page vapic_addr access 1033600 - CVE-2013-6381 Kernel: qeth: buffer overflow in snmp ioctl 6. Package List: Red Hat Enterprise Linux HPC Node EUS (v.6.4): Source: kernel-2.6.32-358.37.1.el6.src.rpm noarch: kernel-doc-2.6.32-358.37.1.el6.noarch.rpm kernel-firmware-2.6.32-358.37.1.el6.noarch.rpm x86_64: kernel-2.6.32-358.37.1.el6.x86_64.rpm kernel-debug-2.6.32-358.37.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.37.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.37.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.37.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.37.1.el6.x86_64.rpm kernel-devel-2.6.32-358.37.1.el6.x86_64.rpm kernel-headers-2.6.32-358.37.1.el6.x86_64.rpm perf-2.6.32-358.37.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.37.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.37.1.el6.x86_64.rpm Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4): Source: kernel-2.6.32-358.37.1.el6.src.rpm x86_64: kernel-debug-debuginfo-2.6.32-358.37.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.37.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.37.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.37.1.el6.x86_64.rpm python-perf-2.6.32-358.37.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.37.1.el6.x86_64.rpm Red Hat Enterprise Linux Server EUS (v.6.4): Source: kernel-2.6.32-358.37.1.el6.src.rpm i386: kernel-2.6.32-358.37.1.el6.i686.rpm kernel-debug-2.6.32-358.37.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-358.37.1.el6.i686.rpm kernel-debug-devel-2.6.32-358.37.1.el6.i686.rpm kernel-debuginfo-2.6.32-358.37.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.37.1.el6.i686.rpm kernel-devel-2.6.32-358.37.1.el6.i686.rpm kernel-headers-2.6.32-358.37.1.el6.i686.rpm perf-2.6.32-358.37.1.el6.i686.rpm perf-debuginfo-2.6.32-358.37.1.el6.i686.rpm python-perf-debuginfo-2.6.32-358.37.1.el6.i686.rpm noarch: kernel-doc-2.6.32-358.37.1.el6.noarch.rpm kernel-firmware-2.6.32-358.37.1.el6.noarch.rpm ppc64: kernel-2.6.32-358.37.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-358.37.1.el6.ppc64.rpm kernel-debug-2.6.32-358.37.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-358.37.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-358.37.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-358.37.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-358.37.1.el6.ppc64.rpm kernel-devel-2.6.32-358.37.1.el6.ppc64.rpm kernel-headers-2.6.32-358.37.1.el6.ppc64.rpm perf-2.6.32-358.37.1.el6.ppc64.rpm perf-debuginfo-2.6.32-358.37.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-358.37.1.el6.ppc64.rpm s390x: kernel-2.6.32-358.37.1.el6.s390x.rpm kernel-debug-2.6.32-358.37.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-358.37.1.el6.s390x.rpm kernel-debug-devel-2.6.32-358.37.1.el6.s390x.rpm kernel-debuginfo-2.6.32-358.37.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-358.37.1.el6.s390x.rpm kernel-devel-2.6.32-358.37.1.el6.s390x.rpm kernel-headers-2.6.32-358.37.1.el6.s390x.rpm kernel-kdump-2.6.32-358.37.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-358.37.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-358.37.1.el6.s390x.rpm perf-2.6.32-358.37.1.el6.s390x.rpm perf-debuginfo-2.6.32-358.37.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-358.37.1.el6.s390x.rpm x86_64: kernel-2.6.32-358.37.1.el6.x86_64.rpm kernel-debug-2.6.32-358.37.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-358.37.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-358.37.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.37.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.37.1.el6.x86_64.rpm kernel-devel-2.6.32-358.37.1.el6.x86_64.rpm kernel-headers-2.6.32-358.37.1.el6.x86_64.rpm perf-2.6.32-358.37.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.37.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.37.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 6.4): Source: kernel-2.6.32-358.37.1.el6.src.rpm i386: kernel-debug-debuginfo-2.6.32-358.37.1.el6.i686.rpm kernel-debuginfo-2.6.32-358.37.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-358.37.1.el6.i686.rpm perf-debuginfo-2.6.32-358.37.1.el6.i686.rpm python-perf-2.6.32-358.37.1.el6.i686.rpm python-perf-debuginfo-2.6.32-358.37.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-358.37.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-358.37.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-358.37.1.el6.ppc64.rpm perf-debuginfo-2.6.32-358.37.1.el6.ppc64.rpm python-perf-2.6.32-358.37.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-358.37.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-358.37.1.el6.s390x.rpm kernel-debuginfo-2.6.32-358.37.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-358.37.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-358.37.1.el6.s390x.rpm perf-debuginfo-2.6.32-358.37.1.el6.s390x.rpm python-perf-2.6.32-358.37.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-358.37.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-358.37.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-358.37.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-358.37.1.el6.x86_64.rpm perf-debuginfo-2.6.32-358.37.1.el6.x86_64.rpm python-perf-2.6.32-358.37.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-358.37.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7.References: https://access.redhat.com/security/cve/CVE-2013-2851 https://access.redhat.com/security/cve/CVE-2013-4387 https://access.redhat.com/security/cve/CVE-2013-4470 https://access.redhat.com/security/cve/CVE-2013-4591 https://access.redhat.com/security/cve/CVE-2013-6367 https://access.redhat.com/security/cve/CVE-2013-6368 https://access.redhat.com/security/cve/CVE-2013-6381 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.4_Technical_Notes/kernel.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. . Kernel updates for RHEL 6.4 resolve multiple serious vulnerabilities and improve system reliability.. Kernel Update, Red Hat Advisory, Critical Security Fixes, System Reboot, Privilege Escalation. . Severity: Important. LinuxSecurity.com Team
Mar 11, 2014
•Important
Red Hat
98
security advisorycross-site scriptingmoderate impactRed Hat: RHSA-2011-1440-01 Moderate: SeaMonkey Cross-Site Scripting Issue
Updated seamonkey packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: seamonkey security update Advisory ID: RHSA-2011:1440-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2011:1440.html Issue date: 2011-11-08 CVE Names: CVE-2011-3648 ==================================================================== 1. Summary: Updated seamonkey packages that fix one security issue are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. A cross-site scripting (XSS) flaw was found in the way SeaMonkey handled certain multibyte character sets. A web page containing malicious content could cause SeaMonkey to run JavaScript code with the permissions of a different website. (CVE-2011-3648) All SeaMonkey users should upgrade to these updated packages, which correct this issue. After installing the update, SeaMonkey must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure allpreviously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 751932 - CVE-2011-3648 Mozilla: Universal XSS likely with MultiByte charset (MFSA 2011-47) 6. Package List: Red Hat Enterprise Linux AS version4: Source: i386: seamonkey-1.0.9-77.el4.i386.rpm seamonkey-chat-1.0.9-77.el4.i386.rpm seamonkey-debuginfo-1.0.9-77.el4.i386.rpm seamonkey-devel-1.0.9-77.el4.i386.rpm seamonkey-dom-inspector-1.0.9-77.el4.i386.rpm seamonkey-js-debugger-1.0.9-77.el4.i386.rpm seamonkey-mail-1.0.9-77.el4.i386.rpm ia64: seamonkey-1.0.9-77.el4.ia64.rpm seamonkey-chat-1.0.9-77.el4.ia64.rpm seamonkey-debuginfo-1.0.9-77.el4.ia64.rpm seamonkey-devel-1.0.9-77.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-77.el4.ia64.rpm seamonkey-js-debugger-1.0.9-77.el4.ia64.rpm seamonkey-mail-1.0.9-77.el4.ia64.rpm ppc: seamonkey-1.0.9-77.el4.ppc.rpm seamonkey-chat-1.0.9-77.el4.ppc.rpm seamonkey-debuginfo-1.0.9-77.el4.ppc.rpm seamonkey-devel-1.0.9-77.el4.ppc.rpm seamonkey-dom-inspector-1.0.9-77.el4.ppc.rpm seamonkey-js-debugger-1.0.9-77.el4.ppc.rpm seamonkey-mail-1.0.9-77.el4.ppc.rpm s390: seamonkey-1.0.9-77.el4.s390.rpm seamonkey-chat-1.0.9-77.el4.s390.rpm seamonkey-debuginfo-1.0.9-77.el4.s390.rpm seamonkey-devel-1.0.9-77.el4.s390.rpm seamonkey-dom-inspector-1.0.9-77.el4.s390.rpm seamonkey-js-debugger-1.0.9-77.el4.s390.rpm seamonkey-mail-1.0.9-77.el4.s390.rpm s390x: seamonkey-1.0.9-77.el4.s390x.rpm seamonkey-chat-1.0.9-77.el4.s390x.rpm seamonkey-debuginfo-1.0.9-77.el4.s390x.rpm seamonkey-devel-1.0.9-77.el4.s390x.rpm seamonkey-dom-inspector-1.0.9-77.el4.s390x.rpm seamonkey-js-debugger-1.0.9-77.el4.s390x.rpm seamonkey-mail-1.0.9-77.el4.s390x.rpm x86_64: seamonkey-1.0.9-77.el4.x86_64.rpm seamonkey-chat-1.0.9-77.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-77.el4.x86_64.rpm seamonkey-devel-1.0.9-77.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-77.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-77.el4.x86_64.rpm seamonkey-mail-1.0.9-77.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version4: Source: i386: seamonkey-1.0.9-77.el4.i386.rpm seamonkey-chat-1.0.9-77.el4.i386.rpm seamonkey-debuginfo-1.0.9-77.el4.i386.rpm seamonkey-devel-1.0.9-77.el4.i386.rpm seamonkey-dom-inspector-1.0.9-77.el4.i386.rpm seamonkey-js-debugger-1.0.9-77.el4.i386.rpm seamonkey-mail-1.0.9-77.el4.i386.rpm x86_64: seamonkey-1.0.9-77.el4.x86_64.rpm seamonkey-chat-1.0.9-77.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-77.el4.x86_64.rpm seamonkey-devel-1.0.9-77.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-77.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-77.el4.x86_64.rpm seamonkey-mail-1.0.9-77.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: i386: seamonkey-1.0.9-77.el4.i386.rpm seamonkey-chat-1.0.9-77.el4.i386.rpm seamonkey-debuginfo-1.0.9-77.el4.i386.rpm seamonkey-devel-1.0.9-77.el4.i386.rpm seamonkey-dom-inspector-1.0.9-77.el4.i386.rpm seamonkey-js-debugger-1.0.9-77.el4.i386.rpm seamonkey-mail-1.0.9-77.el4.i386.rpm ia64: seamonkey-1.0.9-77.el4.ia64.rpm seamonkey-chat-1.0.9-77.el4.ia64.rpm seamonkey-debuginfo-1.0.9-77.el4.ia64.rpm seamonkey-devel-1.0.9-77.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-77.el4.ia64.rpm seamonkey-js-debugger-1.0.9-77.el4.ia64.rpm seamonkey-mail-1.0.9-77.el4.ia64.rpm x86_64: seamonkey-1.0.9-77.el4.x86_64.rpm seamonkey-chat-1.0.9-77.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-77.el4.x86_64.rpm seamonkey-devel-1.0.9-77.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-77.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-77.el4.x86_64.rpm seamonkey-mail-1.0.9-77.el4.x86_64.rpm Red Hat Enterprise Linux WS version4: Source: i386: seamonkey-1.0.9-77.el4.i386.rpm seamonkey-chat-1.0.9-77.el4.i386.rpm seamonkey-debuginfo-1.0.9-77.el4.i386.rpm seamonkey-devel-1.0.9-77.el4.i386.rpm seamonkey-dom-inspector-1.0.9-77.el4.i386.rpm seamonkey-js-debugger-1.0.9-77.el4.i386.rpm seamonkey-mail-1.0.9-77.el4.i386.rpm ia64: seamonkey-1.0.9-77.el4.ia64.rpm seamonkey-chat-1.0.9-77.el4.ia64.rpm seamonkey-debuginfo-1.0.9-77.el4.ia64.rpm seamonkey-devel-1.0.9-77.el4.ia64.rpm seamonkey-dom-inspector-1.0.9-77.el4.ia64.rpm seamonkey-js-debugger-1.0.9-77.el4.ia64.rpm seamonkey-mail-1.0.9-77.el4.ia64.rpm x86_64: seamonkey-1.0.9-77.el4.x86_64.rpm seamonkey-chat-1.0.9-77.el4.x86_64.rpm seamonkey-debuginfo-1.0.9-77.el4.x86_64.rpm seamonkey-devel-1.0.9-77.el4.x86_64.rpm seamonkey-dom-inspector-1.0.9-77.el4.x86_64.rpm seamonkey-js-debugger-1.0.9-77.el4.x86_64.rpm seamonkey-mail-1.0.9-77.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2011-3648 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOuainXlSAg2UNWIIRAjuaAJoCcwmvOHdUTsCH8k5wkSQfj4L5uQCdFUEl B7hPGUDPXQNHuRjBE02vDAs=hAEj -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Nov 08, 2011
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!