Alerts This Week
Warning Icon 1 541
Alerts This Week
Warning Icon 1 541

Stay Secure with the Latest Linux Advisories

Ubuntu Large Esm H800
Ubuntu

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H800
Ubuntu

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Calendar White Jun 03, 2026
Critical
Oracle Large Esm H900
Oracle

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Calendar White Jun 03, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Calendar White Jun 02, 2026
moderate
Oracle Large Esm H800
Oracle

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Calendar White Jun 02, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Calendar White Jun 02, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -1 articles for you...
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorycode executionDoS

Red Hat 3.5: RHSA-2023-1486-01 Important: Gluster Storage DoS Risk

An update is now available for Red Hat Gluster Storage 3.5 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Gluster Storage web-admin-build security update Advisory ID: RHSA-2023:1486-01 Product: Red Hat Gluster Storage Advisory URL: https://access.redhat.com/errata/RHSA-2023:1486 Issue date: 2023-03-28 CVE Names: CVE-2022-24790 CVE-2022-30122 CVE-2022-30123 CVE-2022-31129 CVE-2022-31163 ==================================================================== 1. Summary: An update is now available for Red Hat Gluster Storage 3.5 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Gluster 3.5 Web Administration on RHEL-7 - noarch, x86_64 3. Description: Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself) principle. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): * puma-5.6.4: http request smuggling vulnerabilities (CVE-2022-24790) * rubygem-rack: crafted requests can cause shell escape sequences (CVE-2022-30123) * moment:inefficient parsing algorithm resulting in DoS (CVE-2022-31129) * rubygem-tzinfo: arbitrary code execution (CVE-2022-31163) * rubygem-rack: crafted multipart POST request may cause a DoS (CVE-2022-30122) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2071616 - CVE-2022-24790 puma-5.6.4: http request smuggling vulnerabilities 2099519 - CVE-2022-30122 rubygem-rack: crafted multipart POST request may cause a DoS 2099524 - CVE-2022-30123 rubygem-rack: crafted requests can cause shell escape sequences 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 2110551 - CVE-2022-31163 rubygem-tzinfo: arbitrary code execution 6. Package List: Red Hat Gluster 3.5 Web Administration onRHEL-7: Source: grafana-5.2.4-6.el7rhgs.src.rpm python-django-1.11.27-4.el7rhgs.src.rpm ruby-2.4.9-94.el7rhgs.src.rpm rubygem-activemodel-5.2.0-1.el7rhgs.src.rpm rubygem-activesupport-5.2.0-1.el7rhgs.src.rpm rubygem-bcrypt-3.1.12-2.el7rhgs.src.rpm rubygem-concurrent-ruby-1.1.9-1.el7rhgs.src.rpm rubygem-i18n-1.9.1-1.el7rhgs.src.rpm rubygem-mustermann-1.0.3-1.el7rhgs.src.rpm rubygem-nio4r-2.3.1-2.el7rhgs.src.rpm rubygem-puma-4.3.12-1.el7rhgs.src.rpm rubygem-rack-2.2.4-1.el7rhgs.src.rpm rubygem-rack-protection-2.2.0-1.el7rhgs.src.rpm rubygem-sinatra-2.2.0-1.el7rhgs.src.rpm rubygem-thread_safe-0.3.6-1.el7rhgs.src.rpm rubygem-tilt-2.0.11-1.el7rhgs.src.rpm rubygem-tzinfo-1.2.10-1.el7rhgs.src.rpm noarch: python-django-bash-completion-1.11.27-4.el7rhgs.noarch.rpm python2-django-1.11.27-4.el7rhgs.noarch.rpm python2-django-doc-1.11.27-4.el7rhgs.noarch.rpm ruby-doc-2.4.9-94.el7rhgs.noarch.rpm ruby-irb-2.4.9-94.el7rhgs.noarch.rpm rubygem-activemodel-5.2.0-1.el7rhgs.noarch.rpm rubygem-activemodel-doc-5.2.0-1.el7rhgs.noarch.rpm rubygem-activesupport-5.2.0-1.el7rhgs.noarch.rpm rubygem-activesupport-doc-5.2.0-1.el7rhgs.noarch.rpm rubygem-bcrypt-doc-3.1.12-2.el7rhgs.noarch.rpm rubygem-concurrent-ruby-1.1.9-1.el7rhgs.noarch.rpm rubygem-concurrent-ruby-doc-1.1.9-1.el7rhgs.noarch.rpm rubygem-i18n-1.9.1-1.el7rhgs.noarch.rpm rubygem-i18n-doc-1.9.1-1.el7rhgs.noarch.rpm rubygem-minitest-5.10.1-94.el7rhgs.noarch.rpm rubygem-mustermann-1.0.3-1.el7rhgs.noarch.rpm rubygem-mustermann-doc-1.0.3-1.el7rhgs.noarch.rpm rubygem-nio4r-doc-2.3.1-2.el7rhgs.noarch.rpm rubygem-power_assert-0.4.1-94.el7rhgs.noarch.rpm rubygem-puma-doc-4.3.12-1.el7rhgs.noarch.rpm rubygem-rack-2.2.4-1.el7rhgs.noarch.rpm rubygem-rack-doc-2.2.4-1.el7rhgs.noarch.rpm rubygem-rack-protection-2.2.0-1.el7rhgs.noarch.rpm rubygem-rack-protection-doc-2.2.0-1.el7rhgs.noarch.rpm rubygem-rake-12.0.0-94.el7rhgs.noarch.rpm rubygem-rdoc-5.0.1-94.el7rhgs.noarch.rpm rubygem-sinatra-2.2.0-1.el7rhgs.noarch.rpm rubygem-sinatra-doc-2.2.0-1.el7rhgs.noarch.rpm rubygem-test-unit-3.2.3-94.el7rhgs.noarch.rpm rubygem-thread_safe-0.3.6-1.el7rhgs.noarch.rpm rubygem-thread_safe-doc-0.3.6-1.el7rhgs.noarch.rpm rubygem-tilt-2.0.11-1.el7rhgs.noarch.rpm rubygem-tilt-doc-2.0.11-1.el7rhgs.noarch.rpm rubygem-tzinfo-1.2.10-1.el7rhgs.noarch.rpm rubygem-tzinfo-doc-1.2.10-1.el7rhgs.noarch.rpm rubygem-xmlrpc-0.2.1-94.el7rhgs.noarch.rpm rubygems-2.6.14.4-94.el7rhgs.noarch.rpm rubygems-devel-2.6.14.4-94.el7rhgs.noarch.rpm x86_64: grafana-5.2.4-6.el7rhgs.x86_64.rpm ruby-2.4.9-94.el7rhgs.x86_64.rpm ruby-debuginfo-2.4.9-94.el7rhgs.x86_64.rpm ruby-devel-2.4.9-94.el7rhgs.x86_64.rpm ruby-libs-2.4.9-94.el7rhgs.x86_64.rpm rubygem-bcrypt-3.1.12-2.el7rhgs.x86_64.rpm rubygem-bcrypt-debuginfo-3.1.12-2.el7rhgs.x86_64.rpm rubygem-bigdecimal-1.3.2-94.el7rhgs.x86_64.rpm rubygem-did_you_mean-1.1.0-94.el7rhgs.x86_64.rpm rubygem-io-console-0.4.6-94.el7rhgs.x86_64.rpm rubygem-json-2.0.4-94.el7rhgs.x86_64.rpm rubygem-net-telnet-0.1.1-94.el7rhgs.x86_64.rpm rubygem-nio4r-2.3.1-2.el7rhgs.x86_64.rpm rubygem-nio4r-debuginfo-2.3.1-2.el7rhgs.x86_64.rpm rubygem-openssl-2.0.9-94.el7rhgs.x86_64.rpm rubygem-psych-2.2.2-94.el7rhgs.x86_64.rpm rubygem-puma-4.3.12-1.el7rhgs.x86_64.rpm rubygem-puma-debuginfo-4.3.12-1.el7rhgs.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-24790 https://access.redhat.com/security/cve/CVE-2022-30122 https://access.redhat.com/security/cve/CVE-2022-30123 https://access.redhat.com/security/cve/CVE-2022-31129 https://access.redhat.com/security/cve/CVE-2022-31163 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBZCJbr9zjgjWX9erEAQjn5RAAoUF/k8EPq7iO9+x35TIISMUb+zNQON1F iM5r74vbqDjgB7HjNBJptdMj25UA+gOqrzl2UfpWpw5QZlPpnr3nCEcHrq1qKHHt IT7cZUWdvp1Gz+e0OtSPHDvmSlS/Wko1ElsH4i5SZayl+K9V7DJjShd0KJGpK9F4 grBeCjGqGr9Yl2QVAjrKLtWg4JGzbKO0WNJ+vs5XaN3SToCy534sIsRTkH2/JMcG B9yQPQ0uQ6p6GBzPNWwReZngACEgEVIVwyFFVuEEbli7b5d5qzRCSFycrp8qqlGd HGYVRXIk8pWnzq/Ex99Rv9ni3zQlwBkBWeQxko30NfTZAS5mS94n66+dJc6Ynxhr yQo/WHGd4OlHlBt4d3HTLfgl0O9Fwz60B/o8MWHf+FkR/byxOiPbLPuNZekCXNEP jVGnFw46osRgBjw2qerUuftnMLi9NY6+SoaEfRTjaQSxC+wv+9gUmgKkOSKgK3xr ThraNkkupLwWNA+AsIQGlGwfPHKyAbP3qr6yCulFB4fKb9btOprq7b+cxGhZt5ql R7NFlVZuMg6uTnb+YXAOoAsLzWQJpZiOXO8g3B3UhQcjqamgo/7Rr62n4kFDslfN HDWP2/GJeYe7A3DlfRawVi5zAFa5HCSDdsZUjvFa67cwv/3H2jgnFg4kSBj6yb3P dK9wE3y07no=kXpV -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Crucial safety patch for Red Hat Gluster Storage resolving vulnerabilities that could lead to Denial of Service (DoS) attacks and possible execution of malicious code.. Red Hat Important Update, Gluster Storage Advisory, Security Fixes, Web Admin Security. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Mar 28, 2023 Important Red Hat
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorysecurity issuebug fix

RedHat: RHSA-2022-2008-01 Moderate: Cockpit Security Update

An update for cockpit is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: cockpit security, bug fix, and enhancement update Advisory ID: RHSA-2022:2008-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:2008 Issue date: 2022-05-10 CVE Names: CVE-2021-3660 CVE-2021-3698 ==================================================================== 1. Summary: An update for cockpit is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. The following packages have been upgraded to a later upstream version: cockpit (264.1). (BZ#1984902, BZ#1992620, BZ#2004041, BZ#2008208) Security Fix(es): * cockpit: authenticates with revoked certificates (CVE-2021-3698) * cockpit: pages vulnerable to clickjacking (CVE-2021-3660) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: Fordetailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1792270 - [RFE] Display "User Services" tab in Services panel 1980688 - CVE-2021-3660 cockpit: pages vulnerable to clickjacking 1992149 - CVE-2021-3698 cockpit: authenticates with revoked certificates 2004041 - kdump configuration wizard must ask for path for NFS 2008208 - TestServices.testLogs is failing on retries, breaks reverse dependencies gating tests 2016998 - [cockpit] RHEL 8.6 Tier 0 Localization 2018382 - [cockpit 8.5] [ja_JP] Few strings not localized on Overview page 2018384 - [cockpit 8.5] [ja_JP, zh_CN] Few strings not localized on Networking Page 2018417 - [cockpit 8.5] [zh_CN] Few strings not localized on Diagnostic Reports Page 2029982 - Cockpit 251 Administrative Access MFA Prompt Window Broken 2056386 - Failed to configure IPv4 and IPv6 types in Bond: NM always rolls back to previous checkpoint 6. Package List: Red Hat Enterprise Linux BaseOS (v.8): Source: cockpit-264.1-1.el8.src.rpm aarch64: cockpit-264.1-1.el8.aarch64.rpm cockpit-bridge-264.1-1.el8.aarch64.rpm cockpit-debuginfo-264.1-1.el8.aarch64.rpm cockpit-debugsource-264.1-1.el8.aarch64.rpm cockpit-ws-264.1-1.el8.aarch64.rpm noarch: cockpit-doc-264.1-1.el8.noarch.rpm cockpit-system-264.1-1.el8.noarch.rpm ppc64le: cockpit-264.1-1.el8.ppc64le.rpm cockpit-bridge-264.1-1.el8.ppc64le.rpm cockpit-debuginfo-264.1-1.el8.ppc64le.rpm cockpit-debugsource-264.1-1.el8.ppc64le.rpm cockpit-ws-264.1-1.el8.ppc64le.rpm s390x: cockpit-264.1-1.el8.s390x.rpm cockpit-bridge-264.1-1.el8.s390x.rpm cockpit-debuginfo-264.1-1.el8.s390x.rpm cockpit-debugsource-264.1-1.el8.s390x.rpm cockpit-ws-264.1-1.el8.s390x.rpm x86_64: cockpit-264.1-1.el8.x86_64.rpm cockpit-bridge-264.1-1.el8.x86_64.rpm cockpit-debuginfo-264.1-1.el8.x86_64.rpm cockpit-debugsource-264.1-1.el8.x86_64.rpm cockpit-ws-264.1-1.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3660 https://access.redhat.com/security/cve/CVE-2021-3698 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYnqRftzjgjWX9erEAQg2jRAAm7yYG4KqfiUO6qdgdKsb7Dl2wUQvxEa/ rPyn8BA+JdL/6qkA6ZS4yFKUbJ2frI+lElqDtK71yRKBZRqe7AET55Q+/O+1hWFF I1HncxgmDHVjTXGxbbpMeQ3x5hoHTW8gYAvAH0i7ndhPBhRHlpOuyvUpc0bXbTsA jmNpXX2tM0pmHtAJrY/3EKQODBsK4zKMsMxvQKNKlYgMekp3UQ0YPokSoHUIww1N yoIjF0DqnB8drNBlDu/Zm6WM8G+5lGeVXLOKUEmFfQaOEz2HcFOSH8ffQRarfrel hUGEmsYrU+f1LmkXheq92m3eRI0lcd18SxwrHHaj8YM0/hSeBYRUfP8RwhdsdNSQ QBSqRonfG22z+GnhGk3d7yQZPBTtPxWPmx/dU1S1ovpif9v5Ywc8PTvyBsOegPol mmujUJVgaPpABFTWBOrt6iCHKkYkrI4+EwKbo/3WMy9GJmnM16mE1jwUCmLsscjz AKyPYfqoi9dlB7kFpiYn9Qkis9YJFTz9DZh6C/0Mtc37BjJCJnFC08PDw4vbnE3R /8pxyEd7/gvup9vVUxnCYMNZmGfQZnQ1Xxx0eMr5agCrdQcVfeGSYGezsgkDiH7J R30moE5emMp1bgCkL93of17gPyUMgHQSqKBBU+mo3FE5qrF0z0uG6t7jrbgZOJrp QoEX1eTPZZk=6N9c -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Cautionary alert issued for cockpit in Red Hat Enterprise Linux 8 to mitigate security risks. Update can be retrieved immediately.. Cockpit Update, Red Hat Security, Linux Server Management. . LinuxSecurity.com Team

Calendar 2 May 10, 2022 Red Hat
Banner 4 1028x280 1708121825 1771600306
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryupdateFedora

Fedora 31: FEDORA-2019-644b438f51 moderate: phpMyAdmin CSRF Fix

Upstream announcement: Welcome to **phpMyAdmin 4.9.1**, a bugfix release. This is a regularly-schedule bugfix release that also includes some security hardening measures. We wish to point out that this also includes a routine fix for an issue that has been reported as CVE-2019-12922. The fix for this has been in our release queue to be part of this release, however it is the opinion of. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-644b438f51 2019-10-01 00:00:33.093480 --------------------------------------------------------------------------------Name : phpMyAdmin Product : Fedora 31 Version : 4.9.1 Release : 1.fc31 URL : https://www.phpmyadmin.net/ Summary : Handle the administration of MySQL over the World Wide Web Description : phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface (managing databases, tables, fields, relations, indexes, users, permissions), while you still have the ability to directly execute any SQL statement. Features include an intuitive web interface, support for most MySQL features (browse and drop databases, tables, views, fields and indexes, create, copy, drop, rename and alter databases, tables, fields and indexes, maintenance server, databases and tables, with proposals on server configuration, execute, edit and bookmark any SQL-statement, even batch-queries, manage MySQL users and privileges, manage stored procedures and triggers), import data from CSV and SQL, export data to various formats: CSV, SQL, XML, PDF, OpenDocument Text and Spreadsheet, Word, Excel, LATEX and others, administering multiple servers, creating PDF graphics of your database layout, creating complex queries using Query-by-example (QBE), searching globally in a database or a subset of it, transforming stored data into any format using a set of predefinedfunctions, like displaying BLOB-data as image or download-link and much more... --------------------------------------------------------------------------------Update Information: Upstream announcement: Welcome to **phpMyAdmin 4.9.1**, a bugfix release. This is a regularly-schedule bugfix release that also includes some security hardening measures. We wish to point out that this also includes a routine fix for an issue that has been reported as CVE-2019-12922. The fix for this has been in our release queue to be part of this release, however it is the opinion of the team that the reported attack vector did not justify a separate release. This release includes fixes for many bugs, including: * Editing columns with CURRENT_TIMESTAMP for MySQL versions 8.0.13 and newer * Compatibility issues with PHP 8 * Export of GIS visualization * Enhanced descriptions for several collation types * Creating a user with a single quote in the password string * Unexpected quotes during import and export on text fields * Improvements to adding new tables to Designer * Fix an issue where an authenticated user could trigger heavy traffic between the database server and web server * Fix a weakness where an attacker, under certain conditions, working at the same time as an administrator is using the setup script, could delete a server from the setup script There are many, many more bug fixes thanks to the efforts of our developers, Google Summer of Code applicants, and other contributors. The phpMyAdmin team --------------------------------------------------------------------------------References: [ 1 ] Bug #1753303 - CVE-2019-12922 phpMyAdmin: a CSRF in the setup page allows deletion of server https://bugzilla.redhat.com/show_bug.cgi?id=1753303 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-644b438f51' at the command line. Formore information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . The latest PHPMyAdmin 4.9.1 version features critical security patches and various bug enhancements tailored for Fedora 31 users. Ensure you upgrade!. phpMyAdmin Update, Fedora Security, Bug Fix Release. . LinuxSecurity.com Team

Calendar 2 Sep 30, 2019 Fedora
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorycriticaldebian

Debian 8: DLA-1436-1 Critical: Gosa Cross-Site Scripting Issue

Fabian Henneke discovered a cross-site scripting vulnerability in the password change form of GOsa, a web-based LDAP administration program. . Package : gosa Version : 2.7.4+reloaded2-1+deb8u3 CVE ID : CVE-2018-1000528 Debian Bug : 902723 Fabian Henneke discovered a cross-site scripting vulnerability in the password change form of GOsa, a web-based LDAP administration program. For Debian 8 "Jessie", this problem has been fixed in version 2.7.4+reloaded2-1+deb8u3. We recommend that you upgrade your gosa packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: This email address is being protected from spambots. You need JavaScript enabled to view it., https://sunweavers.net/ . Secure your gosa package on Debian Jessie from the cross-site scripting issue identified by Fabian Henneke by following the outlined steps to patch it. Gosa Threat, Debian Update, Cross-Site Scripting, Web-Based Security, System Fix. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jul 21, 2018 Critical Debian LTS
Banner 4 1028x280 1708121825 1771600306
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorymoderateFedora

Fedora: 22 Moderate Security Advisory for phpMyAdmin 4.5.1

phpMyAdmin 4.5.1.0 (2015-10-23) argument supplied for foreach() - array_key_exists() expects parameter 2 to be array - Notice Undefined index: drop_database - Server variable edition in ANSI_QUOTES sql_mode: losing current value - Propose table structure broken - phpMyAdmin suggests upgrading to newer version not usable on that system -. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-17908c56c1 2015-10-30 19:56:00.143446 -------------------------------------------------------------------------------- Name : phpMyAdmin Product : Fedora 22 Version : 4.5.1 Release : 1.fc22 URL : https://www.phpmyadmin.net/ Summary : Handle the administration of MySQL over the World Wide Web Description : phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface (managing databases, tables, fields, relations, indexes, users, permissions), while you still have the ability to directly execute any SQL statement. Features include an intuitive web interface, support for most MySQL features (browse and drop databases, tables, views, fields and indexes, create, copy, drop, rename and alter databases, tables, fields and indexes, maintenance server, databases and tables, with proposals on server configuration, execute, edit and bookmark any SQL-statement, even batch-queries, manage MySQL usersand privileges, manage stored procedures and triggers), import data from CSV and SQL, export data to various formats: CSV, SQL, XML, PDF, OpenDocument Text and Spreadsheet, Word, Excel, LATEX and others, administering multiple servers, creating PDF graphics of your database layout, creating complex queries using Query-by-example (QBE), searching globally in a database or a subset of it, transforming stored data into any format using a set of predefined functions, like displaying BLOB-data as image or download-link and muchmore... -------------------------------------------------------------------------------- Update Information: phpMyAdmin 4.5.1.0 (2015-10-23) =============================== - Invalid argument supplied for foreach() - array_key_exists() expects parameter 2 to be array - Notice Undefined index: drop_database - Server variable edition in ANSI_QUOTES sql_mode: losing current value - Propose table structure broken - phpMyAdmin suggests upgrading to newer version not usable on that system - 'PMA_Microhistory' is undefined - Incorrect definition for getTablesWhenOpen() - Error when creating new user on MariaDB 10.0.21 - Notice on htmlspecialchars() - Notice in Structure page of views - AUTO_INCREMENT always exported when IF NOT EXISTS is on - Some partitions are missing in copied table - Notice of undefined variable when performing SHOW CREATE - Error exporting sql query results with table alias - SQL editing window does not recognise 'OUTER' keyword in 'LEFT OUTER JOIN' - "NOT IN" clause not recognized (MySQL 5.6 and 5.7) - Yellow star does not change in database Structure after add/remove from favorites - Invalid SQL in table definition when exporting table - Foreign key to other database's tables fails - Bug while exporting results when a joined table field name is in SELECT query - Strange behavior on table rename - Rename table does not result in refresh in left panel - Missing arguments for PMA_Table::generateAlter() - Notices about undefined indexes on structure pages of information_schema tables - Change minimum PHP version for Composer - Import parser and backslash - "Visualize GIS data" seems to be broken - Confirm box on "Reset slave" option - Fix cookies clearing on version change - Cannot execute SQL with subquery - Incorrect syntax creating a user using mysql_native_password with MariaDB - Cannot use third party auth plugins -------------------------------------------------------------------------------- References: [ 1 ] Bug #1275108 - CVE-2015-7873 phpMyAdmin: Content spoofing on url.php(PMASA-2015-5) https://bugzilla.redhat.com/show_bug.cgi?id=1275108 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update phpMyAdmin' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/admin/lists/package-announce.lists.fedoraproject.org/ . Fedora 22 Security Bulletin: patch for phpMyAdmin addresses a number of security flaws and problems.. phpMyAdmin Update,Fedora 22,Web Administration,Software Fix,Security Patch. . LinuxSecurity.com Team

Calendar 2 Oct 30, 2015 Fedora
200
Ls Advisories Scientific Esm H240
Price Tag 1security advisoryXSSsamba

Scientific Linux 4.x/5.x Moderate: Samba Security Update Details

Moderate: samba security update. Date: Tue, 30 Aug 2011 11:38:38 -0500 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Moderate: samba on SL4.x, SL5.x i386/x86_64 Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it." MIME-Version: 1.0 Synopsis: Moderate: samba security update Issue date: 2011-08-29 CVE Names: CVE-2010-0547 CVE-2010-0787 CVE-2011-1678 CVE-2011-2522 CVE-2011-2694 Samba is a suite of programs used by machines to share files, printers, and other information. A cross-site scripting (XSS) flaw was found in the password change page of the Samba Web Administration Tool (SWAT). If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's SWAT session. (CVE-2011-2694) It was found that SWAT web pages did not protect against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially-crafted URL, the attacker could perform Samba configuration changes with the privileges of the logged in user. (CVE-2011-2522) A race condition flaw was found in the way the mount.cifs tool mounted CIFS (Common Internet File System) shares. If mount.cifs had the setuid bit set, a local attacker could conduct a symbolic link attack to trick mount.cifs into mounting a share over an arbitrary directory they were otherwise not allowed to mount to, possibly allowing them to escalate their privileges. (CVE-2010-0787) It was found that the mount.cifs tool did not properly handle share or directory names containing a newline character. If mount.cifs had the setuid bit set, a local attacker could corrupt the mtab (mounted file systems table) file via a specially-crafted CIFS share mount request. (CVE-2010-0547) It was found that the mount.cifs tool did not handle certain errorscorrectly when updating the mtab file. If mount.cifs had thesetuid bit set, a local attacker could corrupt the mtab file by setting a small file size limit before running mount.cifs. (CVE-2011-1678) Note: mount.cifs from the samba packages distributed by Red Hat does not have the setuid bit set. We recommend that administrators do not manually set the setuid bit for mount.cifs. Users of Samba are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the smb service will be restarted automatically. SL 4.x SRPMS: samba-3.0.33-0.34.el4.src.rpm i386: samba-3.0.33-0.34.el4.i386.rpm samba-client-3.0.33-0.34.el4.i386.rpm samba-common-3.0.33-0.34.el4.i386.rpm samba-swat-3.0.33-0.34.el4.i386.rpm x86_64: samba-3.0.33-0.34.el4.x86_64.rpm samba-client-3.0.33-0.34.el4.x86_64.rpm samba-common-3.0.33-0.34.el4.i386.rpm samba-common-3.0.33-0.34.el4.x86_64.rpm samba-swat-3.0.33-0.34.el4.x86_64.rpm SL 5.x SRPMS: samba-3.0.33-3.29.el5_7.4.src.rpm i386: samba-3.0.33-3.29.el5_7.4.i386.rpm samba-client-3.0.33-3.29.el5_7.4.i386.rpm samba-common-3.0.33-3.29.el5_7.4.i386.rpm samba-swat-3.0.33-3.29.el5_7.4.i386.rpm libsmbclient-3.0.33-3.29.el5_7.4.i386.rpm libsmbclient-devel-3.0.33-3.29.el5_7.4.i386.rpm x86_64: samba-3.0.33-3.29.el5_7.4.x86_64.rpm samba-client-3.0.33-3.29.el5_7.4.x86_64.rpm samba-common-3.0.33-3.29.el5_7.4.i386.rpm samba-common-3.0.33-3.29.el5_7.4.x86_64.rpm samba-swat-3.0.33-3.29.el5_7.4.x86_64.rpm libsmbclient-3.0.33-3.29.el5_7.4.i386.rpm libsmbclient-3.0.33-3.29.el5_7.4.x86_64.rpm libsmbclient-devel-3.0.33-3.29.el5_7.4.i386.rpm libsmbclient-devel-3.0.33-3.29.el5_7.4.x86_64.rpm - Scientific Linux Development Team . A crucial samba update is now out to fix major security flaws. Upgrading to the latest patched versions is vital to protect your systems from threats. Samba Security Update, Scientific Linux Samba Patch, System Administration Security. . LinuxSecurity.com Team

Calendar 2 Aug 30, 2011 Scientific Linux
Banner 4 1028x280 1708121825 1771600306
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedoraXSS

Fedora: 2009-2984 Critical: phpMyAdmin XSS And Inclusion Threats

Improvements for 3.1.3.1: - [security] HTTP Response Splitting and file inclusion vulnerabilities - [security] XSS vulnerability on export page -[security] Insufficient output sanitizing when generating configuration file. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2009-2984 2009-03-25 15:22:54 --------------------------------------------------------------------------------Name : phpMyAdmin Product : Fedora 9 Version : 3.1.3.1 Release : 1.fc9 URL : https://www.phpmyadmin.net/ Summary : Web based MySQL browser written in php Description : phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats and is available in 50 languages --------------------------------------------------------------------------------Update Information: Improvements for 3.1.3.1: - [security] HTTP Response Splitting and file inclusion vulnerabilities - [security] XSS vulnerability on export page -[security] Insufficient output sanitizing when generating configuration file --------------------------------------------------------------------------------ChangeLog: * Wed Mar 25 2009 Robert Scheck 3.1.3.1-1 - Upstream released 3.1.3.1 (#492066) * Sun Mar 1 2009 Robert Scheck 3.1.3-1 - Upstream released 3.1.3 * Mon Feb 23 2009 Robert Scheck 3.1.2-2 - Rebuilt against rpm 4.6 * Tue Jan 20 2009 Robert Scheck 3.1.2-1 - Upstream released 3.1.2 * Thu Dec 11 2008 Robert Scheck 3.1.1-1 - Upstream released 3.1.1 (#475954) * Sat Nov 29 2008 Robert Scheck 3.1.0-1 - Upstream released 3.1.0 - Replaced LocationMatch with Directory directive (#469451) * Thu Oct 30 2008 Robert Scheck 3.0.1.1-1 - Upstream released 3.0.1.1 (#468974) * Wed Oct 22 2008 Robert Scheck 3.0.1-1 - Upstream released 3.0.1 * Sun Oct 19 2008 Robert Scheck 3.0.0-1 - Upstream released 3.0.0 * Mon Sep 22 2008 Robert Scheck 2.11.9.2-1 - Upstream released 2.11.9.2 (#463260) * Tue Sep 16 2008 Robert Scheck 2.11.9.1-1 - Upstream released 2.11.9.1 (#462430) * Fri Aug 29 2008 Robert Scheck 2.11.9-1 - Upstream released 2.11.9 * Mon Jul 28 2008 Robert Scheck 2.11.8.1-1 - Upstream released 2.11.8.1 (#456637, #456950) * Mon Jul 28 2008 Robert Scheck 2.11.8-1 - Upstream released 2.11.8 (#456637) * Tue Jul 15 2008 Robert Scheck 2.11.7.1-1 - Upstream released 2.11.7.1 (#455520) * Mon Jun 23 2008 Robert Scheck 2.11.7-1 - Upstream released 2.11.7 (#452497) * Tue Apr 29 2008 Robert Scheck 2.11.6-1 - Upstream released 2.11.6 --------------------------------------------------------------------------------References: [ 1 ] Bug #492066 - phpMyAdmin: Insufficient output sanitizing when generating configuration file (PMASA-2009-3) https://bugzilla.redhat.com/show_bug.cgi?id=492066 --------------------------------------------------------------------------------This update can be installed with the "yum" update program. Use su -c 'yum update phpMyAdmin' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Enhancement for phpMyAdmin 3.1.3.1 boosts security framework: resolves XSS vulnerabilities, file inclusion concerns, and ensures proper output sanitization.. phpMyAdmin Update,Fedora Security,Web Administration Tool. . Severity: Critical.LinuxSecurity.com Team

Calendar 2 Mar 25, 2009 Critical Fedora
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisoryGentoocode execution

Gentoo: GLSA-200510-16 Normal: phpMyAdmin Local Code Execution Threat

phpMyAdmin contains a local file inclusion vulnerability that may lead to the execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200510-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: phpMyAdmin: Local file inclusion vulnerability Date: October 17, 2005 Bugs: #108939 ID: 200510-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= phpMyAdmin contains a local file inclusion vulnerability that may lead to the execution of arbitrary code. Background ========= phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the web. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-db/phpmyadmin < 2.6.4_p2 > = 2.6.4_p2 Description ========== Maksymilian Arciemowicz reported that in libraries/grab_globals.lib.php, the $__redirect parameter was not correctly validated. Systems running PHP in safe mode are not affected. Impact ===== A local attacker may exploit this vulnerability by sending malicious requests, causing the execution of arbitrary code with the rights of the user running the web server. Workaround ========= Run PHP in safe mode. Resolution ========= All phpMyAdmin users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-db/phpmyadmin-2.6.4_p2" References ========= [ 1 ] PMASA-2005-4 https://www.phpmyadmin.net/security/PMASA-2005-4/ Availability =========== This GLSA and any updates to it are available forviewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200510-16 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.0/ . The Gentoo Linux Security Advisory GLSA 200510-16 warns of a serious phpMyAdmin vulnerability related to local file inclusion (LFI), enabling code execution risk. phpMyAdmin, local file inclusion, code execution risk, Gentoo advisory. . LinuxSecurity.com Team

Calendar 2 Oct 17, 2005 Gentoo
Banner 4 1028x280 1708121825 1771600306
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here