Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 7 articles for you...
89
security advisorymoderateupdateFedora 36: FEDORA-2022-1c459083df Moderate: Moodle Updates
3.11.6. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-1c459083df 2022-03-26 14:56:28.658720 --------------------------------------------------------------------------------Name : moodle Product : Fedora 36 Version : 3.11.6 Release : 1.fc36 URL : https://moodle.org/ Summary : A Course Management System Description : Moodle is a course management system (CMS) - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities. --------------------------------------------------------------------------------Update Information: 3.11.6 --------------------------------------------------------------------------------ChangeLog: * Mon Mar 14 2022 Gwyn Ciesla - 3.11.6-1 - 3.11.6 --------------------------------------------------------------------------------References: [ 1 ] Bug #2063394 - moodle-3.11.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=2063394 [ 2 ] Bug #2064123 - CVE-2022-0985 moodle: Users with moodle/site:uploadusers but without moodle/user:delete could delete users [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2064123 [ 3 ] Bug #2064125 - CVE-2022-0984 moodle: possible to reach the profile field badge criteria on a course page [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2064125 [ 4 ] Bug #2064126 - CVE-2022-0983 moodle: SQL injection risk in badges criteria code [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2064126 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-1c459083df' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPGkey. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Mar 26, 2022
Fedora
89
security advisorysecurity updateFedoraFedora 29: FEDORA-2019-27e7b92407 moderate: Executable Stack Bug Fix
This update fixes a [bug](https://github.com/mesonbuild/meson/issues/5268) in the Meson build system which caused binaries and libraries to incorrectly be marking as requiring an executable stack. This makes them more vulnerable to security issues, and also can result in errors caused by SELinux denials. This update also provides rebuilds of all the packages that were built with the buggy. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-27e7b92407 2019-04-22 05:09:02.624501 --------------------------------------------------------------------------------Name : mate-user-admin Product : Fedora 29 Version : 1.4.1 Release : 2.fc29 URL : https://github.com/zhuyaliang/user-admin Summary : User management tool Description : Mate User management tool --------------------------------------------------------------------------------Update Information: This update fixes a [bug](https://github.com/mesonbuild/meson/issues/5268) in the Meson build system which caused binaries and libraries to incorrectly be marking as requiring an executable stack. This makes them more vulnerable to security issues, and also can result in errors caused by SELinux denials. This update also provides rebuilds of all the packages that were built with the buggy Meson, excepting packages for updates were already pending (in those cases, those updates have been edited instead). --------------------------------------------------------------------------------ChangeLog: * Tue Apr 16 2019 Adam Williamson - 1.4.1-2 - Rebuild with Meson fix for #1699099 * Mon Mar 25 2019 Wolfgang Ulbrich - 1.4.1-1 - update to 1.4.1 * Thu Jan 24 2019 Wolfgang Ulbrich - 1.3.1-1 - update to 1.2.1 * Thu Dec 13 2018 Wolfgang Ulbrich - 1.2.1-1 - update to 1.2.1 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisoryFEDORA-2019-27e7b92407' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Apr 22, 2019
Fedora
100
security advisorymoderatesecurity issueSUSE Linux: 2018:2834-1 Moderate: Shadow User Management Security Fix
An update that contains security fixes can now be installed. . SUSE Security Update: Security update for shadow ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2834-1 Rating: moderate References: #1106914 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for shadow fixes the following security issue: - Prevent useradd from creating intermediate directories with mode 0777 (bsc#1106914) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1993=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): shadow-4.5-7.3.1 shadow-debuginfo-4.5-7.3.1 shadow-debugsource-4.5-7.3.1 References: https://bugzilla.suse.com/1106914 _______________________________________________ sle-security-updates mailing list
Sep 24, 2018
SuSE
202
security advisorysecurity updatecriticalopenSUSE Leap 42.1: 2016:1226-1 important: Yast2-Users Security Issue
An update that solves one vulnerability and has two fixes An update that solves one vulnerability and has two fixes An update that solves one vulnerability and has two fixes is now available. is now available.. openSUSE Security Update: Security update for yast2-users______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:1226-1 Rating: important References: #971804 #973639 #974220 Cross-References: CVE-2016-1601 Affected Products: openSUSE Leap 42.1 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: yast2-users was updated to fix one security issue. This security issue was fixed: - CVE-2016-1601: Empty passwords fields in /etc/shadow after SLES 12 SP1 autoyast installation (bsc#974220). This update includes a script that fixes installations that we're affected by this problem. It is run automatically upon installing the update. This non-security issue was fixed: - bsc#971804: Set root password correctly when using a minimal profile This update was imported from the SUSE:SLE-12-SP1:Update update project. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-555=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (i586 x86_64): yast2-users-3.1.41.3-10.1 yast2-users-debuginfo-3.1.41.3-10.1 yast2-users-debugsource-3.1.41.3-10.1 yast2-users-devel-doc-3.1.41.3-10.1 References: https://www.suse.com/security/cve/CVE-2016-1601.html https://bugzilla.suse.com/971804 https://bugzilla.suse.com/973639 https://bugzilla.suse.com/974220 . openSUSE has issued a patch for a critical user management vulnerabilityin yast2-users, featuring an automated script to simplify the remediation for affected systems. openSUSE Security Update,yast2-users patch,user management resolution. . Severity: Important. LinuxSecurity.com Team
May 04, 2016
•Important
OpenSUSE
89
security advisoryfedoracriticalFedora: 2015-12064 Critical: libuser Security Flaws Addressed
Security fix for CVE-2015-3245, CVE-2015-3246. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-12064 2015-07-29 21:35:17 -------------------------------------------------------------------------------- Name : libuser Product : Fedora 21 Version : 0.62 Release : 1.fc21 URL : https://fedoraproject.org/wiki/Infrastructure/Fedorahosted-retirement Summary : A user and group account administration library Description : The libuser library implements a standardized interface for manipulating and administering user and group accounts. The library uses pluggable back-ends to interface to its data sources. Sample applications modeled after those included with the shadow password suite are included. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2015-3245, CVE-2015-3246 -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 23 2015 Miloslav TrmaÄ - 0.62-1 - Update to libuser-0.62 Resolves: #1246225 (CVE-2015-3245, CVE-2015-3246) * Wed Jun 17 2015 Fedora Release Engineering - 0.61-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild * Wed Mar 25 2015 Miloslav TrmaÄ - 0.61-1 - Update to libuser-0.61, notably adding Python 3 bindings Resolves: #1014555 - Filter out libuser plugin and Python extension Provides: * Sat Feb 21 2015 Till Maas - 0.60-7 - Rebuilt for Fedora 23 Change https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code -------------------------------------------------------------------------------- References: [ 1 ] Bug #1233043 - CVE-2015-3245 libuser does not filter newline characters in the GECOS field https://bugzilla.redhat.com/show_bug.cgi?id=1233043 [ 2 ] Bug #1233052 - CVE-2015-3246 libuser: Security flaw in handling /etc/passwd file https://bugzilla.redhat.com/show_bug.cgi?id=1233052 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update libuser' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Aug 03, 2015
•Critical
Fedora
98
security advisoryRed Hat Enterprise Linuxuser managementRed Hat: RHSA-2011:0170-01 Moderate: Libuser LDAP Issue
Updated libuser packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: libuser security update Advisory ID: RHSA-2011:0170-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2011:0170.html Issue date: 2011-01-20 CVE Names: CVE-2011-0002 ==================================================================== 1. Summary: Updated libuser packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386,x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The libuser library implements a standardized interface for manipulating and administering user and group accounts. Sample applications that are modeled after applications from the shadow password suite (shadow-utils) are included in these packages. It was discovered that libuser did not set the password entry correctly when creating LDAP (Lightweight Directory Access Protocol) users. If an administrator did not assign a password to an LDAP based user account, either at account creation with luseradd, or with lpasswd after account creation, an attacker could use this flaw to log into that account with a default password string that should have been rejected. (CVE-2011-0002) Note: LDAP administrators that have used libuser tools to add users should check existing user accounts for plain text passwords, and reset them as necessary. Users of libuser should upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 643227 - CVE-2011-0002 libuser creates LDAP users with a default password 6. Package List: Red Hat Enterprise Linux AS version4: Source: i386: libuser-0.52.5-1.1.el4_8.1.i386.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.i386.rpm libuser-devel-0.52.5-1.1.el4_8.1.i386.rpm ia64: libuser-0.52.5-1.1.el4_8.1.i386.rpm libuser-0.52.5-1.1.el4_8.1.ia64.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.i386.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.ia64.rpm libuser-devel-0.52.5-1.1.el4_8.1.ia64.rpm ppc: libuser-0.52.5-1.1.el4_8.1.ppc.rpm libuser-0.52.5-1.1.el4_8.1.ppc64.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.ppc.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.ppc64.rpm libuser-devel-0.52.5-1.1.el4_8.1.ppc.rpm s390: libuser-0.52.5-1.1.el4_8.1.s390.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.s390.rpm libuser-devel-0.52.5-1.1.el4_8.1.s390.rpm s390x: libuser-0.52.5-1.1.el4_8.1.s390.rpm libuser-0.52.5-1.1.el4_8.1.s390x.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.s390.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.s390x.rpm libuser-devel-0.52.5-1.1.el4_8.1.s390x.rpm x86_64: libuser-0.52.5-1.1.el4_8.1.i386.rpm libuser-0.52.5-1.1.el4_8.1.x86_64.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.i386.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.x86_64.rpm libuser-devel-0.52.5-1.1.el4_8.1.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: i386: libuser-0.52.5-1.1.el4_8.1.i386.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.i386.rpm libuser-devel-0.52.5-1.1.el4_8.1.i386.rpm x86_64: libuser-0.52.5-1.1.el4_8.1.i386.rpm libuser-0.52.5-1.1.el4_8.1.x86_64.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.i386.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.x86_64.rpm libuser-devel-0.52.5-1.1.el4_8.1.x86_64.rpm Red Hat Enterprise Linux ES version4: Source: i386: libuser-0.52.5-1.1.el4_8.1.i386.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.i386.rpm libuser-devel-0.52.5-1.1.el4_8.1.i386.rpm ia64: libuser-0.52.5-1.1.el4_8.1.i386.rpm libuser-0.52.5-1.1.el4_8.1.ia64.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.i386.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.ia64.rpm libuser-devel-0.52.5-1.1.el4_8.1.ia64.rpm x86_64: libuser-0.52.5-1.1.el4_8.1.i386.rpm libuser-0.52.5-1.1.el4_8.1.x86_64.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.i386.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.x86_64.rpm libuser-devel-0.52.5-1.1.el4_8.1.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: i386: libuser-0.52.5-1.1.el4_8.1.i386.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.i386.rpm libuser-devel-0.52.5-1.1.el4_8.1.i386.rpm ia64: libuser-0.52.5-1.1.el4_8.1.i386.rpm libuser-0.52.5-1.1.el4_8.1.ia64.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.i386.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.ia64.rpm libuser-devel-0.52.5-1.1.el4_8.1.ia64.rpm x86_64: libuser-0.52.5-1.1.el4_8.1.i386.rpm libuser-0.52.5-1.1.el4_8.1.x86_64.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.i386.rpm libuser-debuginfo-0.52.5-1.1.el4_8.1.x86_64.rpm libuser-devel-0.52.5-1.1.el4_8.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: libuser-0.54.7-2.1.el5_5.2.i386.rpm libuser-debuginfo-0.54.7-2.1.el5_5.2.i386.rpm x86_64: libuser-0.54.7-2.1.el5_5.2.i386.rpm libuser-0.54.7-2.1.el5_5.2.x86_64.rpm libuser-debuginfo-0.54.7-2.1.el5_5.2.i386.rpm libuser-debuginfo-0.54.7-2.1.el5_5.2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: i386: libuser-debuginfo-0.54.7-2.1.el5_5.2.i386.rpm libuser-devel-0.54.7-2.1.el5_5.2.i386.rpm x86_64: libuser-debuginfo-0.54.7-2.1.el5_5.2.i386.rpm libuser-debuginfo-0.54.7-2.1.el5_5.2.x86_64.rpm libuser-devel-0.54.7-2.1.el5_5.2.i386.rpm libuser-devel-0.54.7-2.1.el5_5.2.x86_64.rpm Red Hat Enterprise Linux (v. 5server): Source: i386: libuser-0.54.7-2.1.el5_5.2.i386.rpm libuser-debuginfo-0.54.7-2.1.el5_5.2.i386.rpm libuser-devel-0.54.7-2.1.el5_5.2.i386.rpm ia64: libuser-0.54.7-2.1.el5_5.2.ia64.rpm libuser-debuginfo-0.54.7-2.1.el5_5.2.ia64.rpm libuser-devel-0.54.7-2.1.el5_5.2.ia64.rpm ppc: libuser-0.54.7-2.1.el5_5.2.ppc.rpm libuser-0.54.7-2.1.el5_5.2.ppc64.rpm libuser-debuginfo-0.54.7-2.1.el5_5.2.ppc.rpm libuser-debuginfo-0.54.7-2.1.el5_5.2.ppc64.rpm libuser-devel-0.54.7-2.1.el5_5.2.ppc.rpm libuser-devel-0.54.7-2.1.el5_5.2.ppc64.rpm s390x: libuser-0.54.7-2.1.el5_5.2.s390.rpm libuser-0.54.7-2.1.el5_5.2.s390x.rpm libuser-debuginfo-0.54.7-2.1.el5_5.2.s390.rpm libuser-debuginfo-0.54.7-2.1.el5_5.2.s390x.rpm libuser-devel-0.54.7-2.1.el5_5.2.s390.rpm libuser-devel-0.54.7-2.1.el5_5.2.s390x.rpm x86_64: libuser-0.54.7-2.1.el5_5.2.i386.rpm libuser-0.54.7-2.1.el5_5.2.x86_64.rpm libuser-debuginfo-0.54.7-2.1.el5_5.2.i386.rpm libuser-debuginfo-0.54.7-2.1.el5_5.2.x86_64.rpm libuser-devel-0.54.7-2.1.el5_5.2.i386.rpm libuser-devel-0.54.7-2.1.el5_5.2.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: i386: libuser-0.56.13-4.el6_0.1.i686.rpm libuser-debuginfo-0.56.13-4.el6_0.1.i686.rpm libuser-python-0.56.13-4.el6_0.1.i686.rpm x86_64: libuser-0.56.13-4.el6_0.1.i686.rpm libuser-0.56.13-4.el6_0.1.x86_64.rpm libuser-debuginfo-0.56.13-4.el6_0.1.i686.rpm libuser-debuginfo-0.56.13-4.el6_0.1.x86_64.rpm libuser-python-0.56.13-4.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: i386: libuser-debuginfo-0.56.13-4.el6_0.1.i686.rpm libuser-devel-0.56.13-4.el6_0.1.i686.rpm x86_64: libuser-debuginfo-0.56.13-4.el6_0.1.i686.rpm libuser-debuginfo-0.56.13-4.el6_0.1.x86_64.rpm libuser-devel-0.56.13-4.el6_0.1.i686.rpm libuser-devel-0.56.13-4.el6_0.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: x86_64: libuser-0.56.13-4.el6_0.1.x86_64.rpm libuser-debuginfo-0.56.13-4.el6_0.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v.6): Source: x86_64: libuser-0.56.13-4.el6_0.1.i686.rpm libuser-debuginfo-0.56.13-4.el6_0.1.i686.rpm libuser-debuginfo-0.56.13-4.el6_0.1.x86_64.rpm libuser-devel-0.56.13-4.el6_0.1.i686.rpm libuser-devel-0.56.13-4.el6_0.1.x86_64.rpm libuser-python-0.56.13-4.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: i386: libuser-0.56.13-4.el6_0.1.i686.rpm libuser-debuginfo-0.56.13-4.el6_0.1.i686.rpm libuser-python-0.56.13-4.el6_0.1.i686.rpm ppc64: libuser-0.56.13-4.el6_0.1.ppc.rpm libuser-0.56.13-4.el6_0.1.ppc64.rpm libuser-debuginfo-0.56.13-4.el6_0.1.ppc.rpm libuser-debuginfo-0.56.13-4.el6_0.1.ppc64.rpm libuser-python-0.56.13-4.el6_0.1.ppc64.rpm s390x: libuser-0.56.13-4.el6_0.1.s390.rpm libuser-0.56.13-4.el6_0.1.s390x.rpm libuser-debuginfo-0.56.13-4.el6_0.1.s390.rpm libuser-debuginfo-0.56.13-4.el6_0.1.s390x.rpm libuser-python-0.56.13-4.el6_0.1.s390x.rpm x86_64: libuser-0.56.13-4.el6_0.1.i686.rpm libuser-0.56.13-4.el6_0.1.x86_64.rpm libuser-debuginfo-0.56.13-4.el6_0.1.i686.rpm libuser-debuginfo-0.56.13-4.el6_0.1.x86_64.rpm libuser-python-0.56.13-4.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: i386: libuser-debuginfo-0.56.13-4.el6_0.1.i686.rpm libuser-devel-0.56.13-4.el6_0.1.i686.rpm ppc64: libuser-debuginfo-0.56.13-4.el6_0.1.ppc.rpm libuser-debuginfo-0.56.13-4.el6_0.1.ppc64.rpm libuser-devel-0.56.13-4.el6_0.1.ppc.rpm libuser-devel-0.56.13-4.el6_0.1.ppc64.rpm s390x: libuser-debuginfo-0.56.13-4.el6_0.1.s390.rpm libuser-debuginfo-0.56.13-4.el6_0.1.s390x.rpm libuser-devel-0.56.13-4.el6_0.1.s390.rpm libuser-devel-0.56.13-4.el6_0.1.s390x.rpm x86_64: libuser-debuginfo-0.56.13-4.el6_0.1.i686.rpm libuser-debuginfo-0.56.13-4.el6_0.1.x86_64.rpm libuser-devel-0.56.13-4.el6_0.1.i686.rpm libuser-devel-0.56.13-4.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v.6): Source: i386: libuser-0.56.13-4.el6_0.1.i686.rpm libuser-debuginfo-0.56.13-4.el6_0.1.i686.rpm libuser-python-0.56.13-4.el6_0.1.i686.rpm x86_64: libuser-0.56.13-4.el6_0.1.i686.rpm libuser-0.56.13-4.el6_0.1.x86_64.rpm libuser-debuginfo-0.56.13-4.el6_0.1.i686.rpm libuser-debuginfo-0.56.13-4.el6_0.1.x86_64.rpm libuser-python-0.56.13-4.el6_0.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: i386: libuser-debuginfo-0.56.13-4.el6_0.1.i686.rpm libuser-devel-0.56.13-4.el6_0.1.i686.rpm x86_64: libuser-debuginfo-0.56.13-4.el6_0.1.i686.rpm libuser-debuginfo-0.56.13-4.el6_0.1.x86_64.rpm libuser-devel-0.56.13-4.el6_0.1.i686.rpm libuser-devel-0.56.13-4.el6_0.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2011-0002 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFNOGXgXlSAg2UNWIIRAqP6AJ488LAohz9gAkhLZ5gzY8HAsZARfwCgmkcS IrkC4/av51TwmwmUHwicnXM=E9JI -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Jan 20, 2011
Red Hat
91
security advisorygentooprivilege escalationGentoo 200805-09 Normal: MoinMoin Privilege Escalation Issue
A vulnerability in MoinMoin may allow a remote attacker to elevate his privileges.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200805-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: MoinMoin: Privilege escalation Date: May 11, 2008 Bugs: #218752 ID: 200805-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability in MoinMoin may allow a remote attacker to elevate his privileges. Background ========= MoinMoin is an advanced and extensible Wiki Engine. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/moinmoin < 1.6.3 > = 1.6.3 Description ========== It has been reported that the user form processing in the file userform.py does not properly manage users when using Access Control Lists or a non-empty superusers list. Impact ===== A remote attacker could exploit this vulnerability to gain superuser privileges on the application. Workaround ========= There is no known workaround at this time. Resolution ========= All MoinMoin users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =www-apps/moinmoin-1.6.3" References ========= [ 1 ] CVE-2008-1937 https://www.cve.org/CVERecord?id=CVE-2008-1937 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200805-09 Concerns? ======== Security is a primaryfocus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
May 11, 2008
Gentoo
89
security advisorycriticaluser managementFedora Core 5 FEDORA-2006-699 Critical: Shadow-Utils Update
Updated package.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2006-699 2006-06-12 ---------------------------------------------------------------------Product : Fedora Core 5 Name : shadow-utils Version : 4.0.14 Release : 9.FC5 Summary : Utilities for managing accounts and shadow password files. Description : The shadow-utils package includes the necessary programs for converting UNIX password files to the shadow password format, plus programs for managing user and group accounts. The pwconv command converts passwords to the shadow password format. The pwunconv command unconverts shadow passwords and generates an npasswd file (a standard UNIX password file). The pwck command checks the integrity of password and shadow files. The lastlog command prints out the last login times for all users. The useradd, userdel, and usermod commands are used for managing user accounts. The groupadd, groupdel, and groupmod commands are used for managing group accounts. ---------------------------------------------------------------------* Mon Jun 12 2006 Peter Vrabec 2:4.0.14-9.FC5 - "useradd -r" must create a system group (#194728) * Wed May 31 2006 Peter Vrabec 2:4.0.14-8.FC5 - do not replace login.defs * Sat Apr 8 2006 Peter Vrabec 2:4.0.14-7.FC5 - fix typo in shadow-970616.login.defs (#188263) ---------------------------------------------------------------------This update can be downloaded from: 97ea926a1083ae3de8c2bd175f4cda66c86e78db SRPMS/shadow-utils-4.0.14-9.FC5.src.rpm 97ea926a1083ae3de8c2bd175f4cda66c86e78db noarch/shadow-utils-4.0.14-9.FC5.src.rpm 55f0005273a1800e84eb9e048c8ba41bec6daf84 ppc/shadow-utils-4.0.14-9.FC5.ppc.rpm 90b900e6cf195b693ef6c7107cc8cdf46ba2e296 ppc/debug/shadow-utils-debuginfo-4.0.14-9.FC5.ppc.rpm d159d8b67564e1b46c823a7c749a306be1b61552 x86_64/shadow-utils-4.0.14-9.FC5.x86_64.rpm c091e8fc4ddd7fea4abc09f58f5c5eda63bd8673 x86_64/debug/shadow-utils-debuginfo-4.0.14-9.FC5.x86_64.rpm 1f9fef61de4a63c5c332e02011a144dc58d768c1 i386/debug/shadow-utils-debuginfo-4.0.14-9.FC5.i386.rpm 2240a8906a1015a3fa523134fb52efaf55c2f958 i386/shadow-utils-4.0.14-9.FC5.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at . ---------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailing list
Jun 12, 2006
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!