Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
197
security advisoryupdatedebianDebian 9 Stretch DLA-2744-1 Moderate: Usermode Upgrade Issues Resolved
This update is merely a rebuild of the usermode package, which are a set of graphical tools for certain user account management tasks, fixing two issues: . - ----------------------------------------------------------------------- Debian LTS Advisory DLA-2744-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Utkarsh Gupta August 16, 2021 https://wiki.debian.org/LTS - ----------------------------------------------------------------------- Package : usermode Version : 1.109-1+deb9u1 Debian Bug : 991808 This update is merely a rebuild of the usermode package, which are a set of graphical tools for certain user account management tasks, fixing two issues: a) the versioning issue as wheezy (Debian 7) had a greater version than jessie (Debian 8) and stretch (Debian 9), thereby causing upgrade issues. b) the package now Depends and Build-Depends on the newer libuser1-dev (> = 1:0.62~dfsg-0.1) to ensure the latest version of libuser is used (which was a security fix). For Debian 9 stretch, this problem has been fixed in version 1.109-1+deb9u1. We recommend that you upgrade your usermode packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Ubuntu Security Notice USN-1234-1 deals with vulnerabilities in package management utilities affecting system usability during upgrades.. Debian LTS, Usermode Package, Upgrade Fix, Security Update, Graphical Account Tools. . LinuxSecurity.com Team
Aug 16, 2021
Debian LTS
98
security advisoryRed Hat LinuxexploitRed Hat Linux: RHSA-2000:075-08 Moderate: Usermode Format String Issue
The usermode package contains a potential format-string vulnerability.. ` --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Updated usermode packages available Advisory ID: RHSA-2000:075-08 Issue date: 2000-10-05 Updated on: 2000-11-27 Product: Red Hat Linux Keywords: usermode format-string Cross references: N/A --------------------------------------------------------------------- 1. Topic: Updated usermode packages are now available for Red Hat Linux 6.x and 7. 2000-11-27: Added packages for Red Hat Linux 7 for Alpha 2. Relevant releases/architectures: Red Hat Linux 6.0 - i386, alpha, sparc Red Hat Linux 6.1 - i386, alpha, sparc Red Hat Linux 6.2 - i386, alpha, sparc Red Hat Linux 7.0 - i386, alpha 3. Problem description: The usermode package contains a binary (/usr/bin/userhelper), which is used to control access to programs which are to be executed as root. Because programs invoked by userhelper are not actually running setuid-root, security measures built into recent versions of glibc are not active. If one of these programs supports internationalized text messages, a malicious user can use the LANG or LC_ALL environment variables (which are inherited by userhelper and, in turn, any programs it runs) to create a format-string exploit in these programs. These updated packages also fix a problem due to an incorrect path specification in the /usr/bin/shutdown wrapper script and close a potential security vulnerability in the userhelper binary. 4. Solution: For each RPM for your particular architecture, run: rpm -Fvh [filename] where filename is the name of the RPM. 5. Bug IDs fixed ( for more info): 18046 - Another security hole in usermode/glibc 19034 - shutdown wrapper references non-existent /usr/sbin/shutdown 20160 - shutdown script contains call to /usr/sbin/shutdown, which doesn't exist 20027 - /usr/sbin/userhelper dies in segmentation fault 6. RPMsrequired: Red Hat Linux 6.0: sparc: i386: alpha: sources: Red Hat Linux 6.1: alpha: sparc: i386: sources: Red Hat Linux 6.2: alpha: sparc: i386: sources: Red Hat Linux 7.0: alpha: i386: sources: 7. Verification: MD5 sum Package Name -------------------------------------------------------------------------- 3310677ae7403c683e7947cd86b19344 6.0/SRPMS/SysVinit-2.78-5.src.rpm e299c4b17b7eafdf66acf1fb21491d9b 6.0/SRPMS/usermode-1.37-1.6.src.rpm 546bf7949c5be73b9f28b1819bfbd7c6 6.0/alpha/SysVinit-2.78-5.alpha.rpm 978af994a09fcbc4bf1cb2fa2723bfe7 6.0/alpha/usermode-1.37-1.6.alpha.rpm ca5b97a1abb47b64d71ef69ab96fcb8a 6.0/i386/SysVinit-2.78-5.i386.rpm e8fe2db6f95348a93a373673b1c87443 6.0/i386/usermode-1.37-1.6.i386.rpm 4dfeacb8db12af4b2666f2792e1027c1 6.0/sparc/SysVinit-2.78-5.sparc.rpm ba94a59a3a8195346735f202f28af3f8 6.0/sparc/usermode-1.37-1.6.sparc.rpm 3310677ae7403c683e7947cd86b19344 6.1/SRPMS/SysVinit-2.78-5.src.rpm e299c4b17b7eafdf66acf1fb21491d9b 6.1/SRPMS/usermode-1.37-1.6.src.rpm 546bf7949c5be73b9f28b1819bfbd7c6 6.1/alpha/SysVinit-2.78-5.alpha.rpm 978af994a09fcbc4bf1cb2fa2723bfe7 6.1/alpha/usermode-1.37-1.6.alpha.rpm ca5b97a1abb47b64d71ef69ab96fcb8a 6.1/i386/SysVinit-2.78-5.i386.rpm e8fe2db6f95348a93a373673b1c87443 6.1/i386/usermode-1.37-1.6.i386.rpm 4dfeacb8db12af4b2666f2792e1027c1 6.1/sparc/SysVinit-2.78-5.sparc.rpm ba94a59a3a8195346735f202f28af3f8 6.1/sparc/usermode-1.37-1.6.sparc.rpm 3310677ae7403c683e7947cd86b19344 6.2/SRPMS/SysVinit-2.78-5.src.rpm e299c4b17b7eafdf66acf1fb21491d9b 6.2/SRPMS/usermode-1.37-1.6.src.rpm 546bf7949c5be73b9f28b1819bfbd7c6 6.2/alpha/SysVinit-2.78-5.alpha.rpm 978af994a09fcbc4bf1cb2fa2723bfe7 6.2/alpha/usermode-1.37-1.6.alpha.rpm ca5b97a1abb47b64d71ef69ab96fcb8a 6.2/i386/SysVinit-2.78-5.i386.rpm e8fe2db6f95348a93a373673b1c87443 6.2/i386/usermode-1.37-1.6.i386.rpm 4dfeacb8db12af4b2666f2792e1027c1 6.2/sparc/SysVinit-2.78-5.sparc.rpm ba94a59a3a8195346735f202f28af3f8 6.2/sparc/usermode-1.37-1.6.sparc.rpm ede9b759a01552a261c67ebf0238794a 7.0/SRPMS/usermode-1.37-2.src.rpm 6cd3999fa6015fcf301b502d4a416373 7.0/alpha/usermode-1.37-2.alpha.rpm c32888b6f362b04f8a3805d4465c042a 7.0/i386/usermode-1.37-2.i386.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg 8. References: N/A Copyright(c) 2000 Red Hat, Inc. `. Ubuntu has released a security bulletin regarding a privilege escalation vulnerability that may threaten system security and expose sensitive information, urging prompt updates to reduce risks. Red Hat Linux, usermode exploit, security advisory. . LinuxSecurity.com Team
Nov 27, 2000
Red Hat
98
security advisoryRed Hat LinuxcriticalRed Hat Linux 6.x and 7 RHSA-2000:075-05 Critical Format Exploit
Updated usermode packages are now available for Red Hat Linux 6.x and 7.. ` --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Updated usermode packages available Advisory ID: RHSA-2000:075-05 Issue date: 2000-10-05 Updated on: 2000-10-09 Product: Red Hat Linux Keywords: usermode format-string Cross references: N/A --------------------------------------------------------------------- 1. Topic: Updated usermode packages are now available for Red Hat Linux 6.x and 7. 2. Relevant releases/architectures: Red Hat Linux 6.0 - i386, alpha, sparc Red Hat Linux 6.1 - i386, alpha, sparc Red Hat Linux 6.2 - i386, alpha, sparc Red Hat Linux 6.2EE - i386, alpha, sparc Red Hat Linux 7.0 - i386 Red Hat Linux 7.0J - i386 3. Problem description: The usermode package contains a binary (/usr/bin/userhelper), which is used to control access to programs which are to be executed as root. Because programs invoked by userhelper are not actually running setuid-root, security measures built into recent versions of glibc are not active. If one of these programs supports internationalized text messages, a malicious user can use the LANG or LC_ALL environment variables (which are inherited by userhelper and, in turn, any programs it runs) to create a format-string exploit in these programs. 4. Solution: For each RPM for your particular architecture, run: rpm -Fvh [filename] where filename is the name of the RPM. 5. Bug IDs fixed ( for more info): 18046 - Another security hole in usermode/glibc 6. RPMs required: Red Hat Linux 6.0 and 6.1: alpha: sparc: i386: sources: Red Hat Linux 6.2: alpha: sparc: i386: sources: Red Hat Linux 7.0: i386: sources: 7. Verification: MD5 sum Package Name -------------------------------------------------------------------------- 3310677ae7403c683e7947cd86b19344 6.2/SRPMS/SysVinit-2.78-5.src.rpm c96aaae0df6782bb09bd65fb1d6dc69b 6.2/SRPMS/usermode-1.36-2.6.x.src.rpm 546bf7949c5be73b9f28b1819bfbd7c6 6.2/alpha/SysVinit-2.78-5.alpha.rpm afb4ad3a5715c0df6596a19db4d2b3c8 6.2/alpha/usermode-1.36-2.6.x.alpha.rpm ca5b97a1abb47b64d71ef69ab96fcb8a 6.2/i386/SysVinit-2.78-5.i386.rpm c2bac5d41ee077d2db48ed9462802ff0 6.2/i386/usermode-1.36-2.6.x.i386.rpm 4dfeacb8db12af4b2666f2792e1027c1 6.2/sparc/SysVinit-2.78-5.sparc.rpm 8567bb088fb7cab3e298d0df24f8c626 6.2/sparc/usermode-1.36-2.6.x.sparc.rpm 5ac6cca0a146d917e0ec3f6f1e046fa8 7.0/SRPMS/usermode-1.36-3.src.rpm 5d40e125fa0a31f05b8dac9321a1fa88 7.0/i386/usermode-1.36-3.i386.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg 8. References: N/A Copyright(c) 2000 Red Hat, Inc. `. Upgraded usermode utilities for Fedora Linux reduce threats related to buffer overflow weaknesses. Ensure that your servers are effectively secured.. Red Hat Linux, Usermode Packages, Format Exploit. . Severity: Critical. LinuxSecurity.com Team
Oct 09, 2000
•Critical
Red Hat
98
security advisoryRed HatcriticalRed Hat 6.1: RHSA-2000:001-03 Critical: Usermode Local Access Bug Fix
A security bug has been discovered and fixed in the userhelper program. . Red Hat, Inc. Security Advisory Package usermode, PAM Synopsis New version of usermode fixes security bug Advisory ID RHSA-2000:001-03 Issue Date 2000-01-04 Updated on 2000-01-07 Keywords root userhelper pam 1. Topic: A security bug has been discovered and fixed in the userhelper program. 2000-01-07: usermode-1.17 introduced a bug that caused a segmentation fault in userhelper in some configurations, fixed in usermode-1.18. 2000-01-04: SysVinit package added for Red Hat Linux 6.0 to fix a dependency problem. 2. Problem description: A security bug was found in userhelper; the bug can be exploited to provide local users with root access. The bug has been fixed in userhelper-1.17, and pam-0.68-10 has been modified to help prevent similar attacks on other software in the future. 2000-01-04: Red Hat Linux 6.0 users will need to upgrade to SysVinit-2.77-2 to fix a minor dependency issue. 3. Bug IDs fixed: (see bugzilla for more information) 4. Relevant releases/architectures: Red Hat Linux 6.1, all architectures 5. Obsoleted by: None 6. Conflicts with: None 7. RPMs required: Intel: pam-0.68-10.i386.rpm usermode-1.18-1.i386.rpm Alpha: pam-0.68-10.alpha.rpm usermode-1.18-1.alpha.rpm SPARC: pam-0.68-10.sparc.rpm usermode-1.18-1.sparc.rpm Source: pam-0.68-10.src.rpm usermode-1.18-1.src.rpm 8. Solution: For each RPM for your particular architecture, run: rpm -Uvh filename where filename is the name of the RPM. 9. Verification: MD5 sum Package Name -------------------------------------------------------------------------bffd4388103fa99265e267eab7ae18c8 i386/pam-0.68-10.i386.rpm 93d5f7c1316d8b926d3a47d87b28b881 i386/usermode-1.18-1.i386.rpm fed2c2ad4f95829e14727a9dfceaca07 alpha/pam-0.68-10.alpha.rpm 1a79bb403ad6d9de6bd205a901a7daee alpha/usermode-1.18-1.alpha.rpm 350662253d09b17d0aca4e9c7a511675 sparc/pam-0.68-10.sparc.rpm 068a2d4e465e6c4a33dd1dbdd1a4fa02 sparc/usermode-1.18-1.sparc.rpm f9ad800f56b7bb05ce595bad824a990d SRPMS/pam-0.68-10.src.rpm dfeca4a416f2d9417dcf739599f580fa SRPMS/usermode-1.18-1.src.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: About You can verify each package with the following command: rpm --checksig filename If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg filename Note that you need RPM > = 3.0 to check GnuPG keys. 10. References: Thanks to
Jan 10, 2000
•Critical
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!