Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
172
security advisorymoderatedenial of serviceUbuntu 24.04 moderate: USN-7272-1 Symfony user access issues
Several security issues were fixed in Symfony.. ========================================================================== Ubuntu Security Notice USN-7272-1 February 18, 2025 symfony vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in Symfony. Software Description: - symfony: set of reusable components and framework for web projects Details: Soner Sayakci discovered that Symfony incorrectly handled cookie storage in the web cache. An attacker could possibly use this issue to obtain sensitive information and access unauthorized resources. (CVE-2022-24894) Marco Squarcina discovered that Symfony incorrectly handled the storage of user session information. An attacker could possibly use this issue to perform a cross-site request forgery (CSRF) attack. (CVE-2022-24895) Pierre Rudloff discovered that Symfony incorrectly checked HTML input. An attacker could possibly use this issue to perform cross site scripting. (CVE-2023-46734) Vladimir Dusheyko discovered that Symfony incorrectly sanitized special input with a PHP directive in URL query strings. An attacker could possibly use this issue to expose sensitive information or cause a denial of service. This issue only affected Ubuntu 24.04 LTS and Ubuntu 22.04 LTS. (CVE-2024-50340) Oleg Andreyev, Antoine Makdessi, and Moritz Rauch discovered that Symfony incorrectly handled user authentication. An attacker could possibly use this issue to access unauthorized resources and expose sensitive information. This issue was only addressed in Ubuntu 24.04 LTS. (CVE-2024-50341, CVE-2024-51996) Linus Karlsson and Chris Smith discovered that Symfony returned internal host information during host resolution. An attacker could possibly use this issue to obtain sensitive information. This issue only affectedUbuntu 24.04 LTS and Ubuntu 22.04 LTS. (CVE-2024-50342) It was discovered that Symfony incorrectly parsed user input through regular expressions. An attacker could possibly use this issue to expose sensitive information. (CVE-2024-50343) Sam Mush discovered that Symfony incorrectly parsed URIs with special characters. An attacker could possibly use this issue to perform phishing attacks. (CVE-2024-50345) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS php-symfony 6.4.5+dfsg-3ubuntu3+esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS php-symfony 5.4.4+dfsg-1ubuntu8+esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS php-symfony 4.3.8+dfsg-1ubuntu1+esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7272-1 CVE-2022-24894, CVE-2022-24895, CVE-2023-46734, CVE-2024-50340, CVE-2024-50341, CVE-2024-50342, CVE-2024-50343, CVE-2024-50345, CVE-2024-51996 . Ubuntu has released vital security updates for Symfony to tackle several vulnerabilities, which compromise sensitive data and session management.. Symfony Security Updates, Ubuntu Security Notice, Web Application Threats, Software Vulnerability Management. . LinuxSecurity.com Team
Feb 18, 2025
Ubuntu
98
security advisorysecurity updatemoderate impactRed Hat JBoss Core Services RHEL 7/8 RHSA-2023:4629-01 Moderate Threat
An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 security update Advisory ID: RHSA-2023:4629-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2023:4629 Issue date: 2023-08-15 CVE Names: CVE-2022-24963 CVE-2022-36760 CVE-2022-37436 CVE-2022-48279 CVE-2023-24021 CVE-2023-27522 CVE-2023-28319 CVE-2023-28321 CVE-2023-28322 ===================================================================== 1. Summary: An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Core Services on RHEL 7 Server - noarch, x86_64 Red Hat JBoss Core Services on RHEL 8 - noarch, x86_64 3. Description: Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes andenhancements, which are documented in the Release Notes linked to in the References section. Security Fix(es): * apr-util: integer overflow/wraparound in apr_encode (CVE-2022-24963) * httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-36760) * httpd: mod_proxy: HTTP response splitting (CVE-2022-37436) * mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass (CVE-2022-48279) * modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass (CVE-2023-24021) * httpd: mod_proxy_uwsgi HTTP response splitting (CVE-2023-27522) * curl: use after free in SSH sha256 fingerprint check (CVE-2023-28319) * curl: IDN wildcard match may lead to Improper Cerificate Validation (CVE-2023-28321) * curl: more POST-after-PUT confusion (CVE-2023-28322) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2161773 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting 2161777 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request smuggling 2163615 - CVE-2023-24021 modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass 2163622 - CVE-2022-48279 mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass 2169465 - CVE-2022-24963 apr: integer overflow/wraparound in apr_encode 2176211 - CVE-2023-27522 httpd: mod_proxy_uwsgi HTTP response splitting 2196778 - CVE-2023-28319 curl: use after free in SSH sha256 fingerprint check 2196786 - CVE-2023-28321 curl: IDN wildcard match may lead to Improper Cerificate Validation 2196793 - CVE-2023-28322 curl:more POST-after-PUT confusion 6. Package List: Red Hat JBoss Core Services on RHEL 7Server: Source: jbcs-httpd24-apr-1.7.0-8.el7jbcs.src.rpm jbcs-httpd24-apr-util-1.6.1-102.el7jbcs.src.rpm jbcs-httpd24-curl-8.2.1-1.el7jbcs.src.rpm jbcs-httpd24-httpd-2.4.57-5.el7jbcs.src.rpm jbcs-httpd24-mod_http2-1.15.19-28.el7jbcs.src.rpm jbcs-httpd24-mod_jk-1.2.48-51.redhat_1.el7jbcs.src.rpm jbcs-httpd24-mod_md-2.4.0-25.el7jbcs.src.rpm jbcs-httpd24-mod_proxy_cluster-1.3.19-4.el7jbcs.src.rpm jbcs-httpd24-mod_security-2.9.3-29.el7jbcs.src.rpm noarch: jbcs-httpd24-httpd-manual-2.4.57-5.el7jbcs.noarch.rpm x86_64: jbcs-httpd24-apr-1.7.0-8.el7jbcs.x86_64.rpm jbcs-httpd24-apr-debuginfo-1.7.0-8.el7jbcs.x86_64.rpm jbcs-httpd24-apr-devel-1.7.0-8.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-1.6.1-102.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-102.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-devel-1.6.1-102.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-1.6.1-102.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-1.6.1-102.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-1.6.1-102.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-1.6.1-102.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-1.6.1-102.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-102.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-102.el7jbcs.x86_64.rpm jbcs-httpd24-curl-8.2.1-1.el7jbcs.x86_64.rpm jbcs-httpd24-curl-debuginfo-8.2.1-1.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-2.4.57-5.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.57-5.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.57-5.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.57-5.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.57-5.el7jbcs.x86_64.rpm jbcs-httpd24-libcurl-8.2.1-1.el7jbcs.x86_64.rpm jbcs-httpd24-libcurl-devel-8.2.1-1.el7jbcs.x86_64.rpm jbcs-httpd24-mod_http2-1.15.19-28.el7jbcs.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.19-28.el7jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.48-51.redhat_1.el7jbcs.x86_64.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.48-51.redhat_1.el7jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.57-5.el7jbcs.x86_64.rpm jbcs-httpd24-mod_md-2.4.0-25.el7jbcs.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.4.0-25.el7jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-1.3.19-4.el7jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.19-4.el7jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.57-5.el7jbcs.x86_64.rpm jbcs-httpd24-mod_security-2.9.3-29.el7jbcs.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.3-29.el7jbcs.x86_64.rpm jbcs-httpd24-mod_session-2.4.57-5.el7jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.57-5.el7jbcs.x86_64.rpm Red Hat JBoss Core Services on RHEL8: Source: jbcs-httpd24-apr-1.7.0-8.el8jbcs.src.rpm jbcs-httpd24-apr-util-1.6.1-102.el8jbcs.src.rpm jbcs-httpd24-curl-8.2.1-1.el8jbcs.src.rpm jbcs-httpd24-httpd-2.4.57-5.el8jbcs.src.rpm jbcs-httpd24-mod_http2-1.15.19-28.el8jbcs.src.rpm jbcs-httpd24-mod_jk-1.2.48-51.redhat_1.el8jbcs.src.rpm jbcs-httpd24-mod_md-2.4.0-25.el8jbcs.src.rpm jbcs-httpd24-mod_proxy_cluster-1.3.19-4.el8jbcs.src.rpm jbcs-httpd24-mod_security-2.9.3-29.el8jbcs.src.rpm noarch: jbcs-httpd24-httpd-manual-2.4.57-5.el8jbcs.noarch.rpm x86_64: jbcs-httpd24-apr-1.7.0-8.el8jbcs.x86_64.rpm jbcs-httpd24-apr-debuginfo-1.7.0-8.el8jbcs.x86_64.rpm jbcs-httpd24-apr-devel-1.7.0-8.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-1.6.1-102.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-102.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-devel-1.6.1-102.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-1.6.1-102.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-debuginfo-1.6.1-102.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-1.6.1-102.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-debuginfo-1.6.1-102.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-1.6.1-102.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-debuginfo-1.6.1-102.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-1.6.1-102.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-debuginfo-1.6.1-102.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-1.6.1-102.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-debuginfo-1.6.1-102.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-102.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-debuginfo-1.6.1-102.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-102.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-debuginfo-1.6.1-102.el8jbcs.x86_64.rpm jbcs-httpd24-curl-8.2.1-1.el8jbcs.x86_64.rpm jbcs-httpd24-curl-debuginfo-8.2.1-1.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-2.4.57-5.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.57-5.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.57-5.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.57-5.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.57-5.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-debuginfo-2.4.57-5.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-8.2.1-1.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-debuginfo-8.2.1-1.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-devel-8.2.1-1.el8jbcs.x86_64.rpm jbcs-httpd24-mod_http2-1.15.19-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.19-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.48-51.redhat_1.el8jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-debuginfo-1.2.48-51.redhat_1.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.57-5.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-debuginfo-2.4.57-5.el8jbcs.x86_64.rpm jbcs-httpd24-mod_md-2.4.0-25.el8jbcs.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.4.0-25.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-1.3.19-4.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.19-4.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.57-5.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-debuginfo-2.4.57-5.el8jbcs.x86_64.rpm jbcs-httpd24-mod_security-2.9.3-29.el8jbcs.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.3-29.el8jbcs.x86_64.rpm jbcs-httpd24-mod_session-2.4.57-5.el8jbcs.x86_64.rpm jbcs-httpd24-mod_session-debuginfo-2.4.57-5.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.57-5.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-debuginfo-2.4.57-5.el8jbcs.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-24963 https://access.redhat.com/security/cve/CVE-2022-36760 https://access.redhat.com/security/cve/CVE-2022-37436 https://access.redhat.com/security/cve/CVE-2022-48279 https://access.redhat.com/security/cve/CVE-2023-24021 https://access.redhat.com/security/cve/CVE-2023-27522 https://access.redhat.com/security/cve/CVE-2023-28319 https://access.redhat.com/security/cve/CVE-2023-28321 https://access.redhat.com/security/cve/CVE-2023-28322 https://access.redhat.com/security/updates/classification#moderate 8.Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJk2938AAoJENzjgjWX9erEtTsP/3LmmBo74lDl/6hEmS7CVjrG tNDPsAWewTMp9k1SOFqRtVY/B5lFTUMP47nAlozHcVwtqfr8hNTRNot0FgrZZJBM lHqzvNGLZBFSDP4/otKRj37kTi9N2LTBj2CUWok72XbQlxO0Lyqa33XR4LbqMdzk ZZ/Bx2n6bi8hzGSr2ESXGv+PFl0XsjMZH4XAeU/XOR6kThlOJPAKnl+jzA3r2ip6 EJrOwDM1Kh0oXs6+aVC7aKkqdihRmxbmONzVjv3EGt/CfEoJCf9XmFKfnEugEP8W EGomu/5iwcYDYoauRR/WGf49MylrOEiqGYkglkbXH5G8iMGpZTuSqnqK0wzdPhgJ xwDaid3+JPxB0tbtaBpEdH1trYNxrySvVD2XEe8UP5sdft8Ix9tOndHGOgl2P7I2 ws64DPAL32H4TyoiuXAid0tPIsSPzPuBBupW2sMI0LBmKSsiQ83Q3foYXDlLo+FM V5qtHcsKpeXsyJ27brIMgT2mRm8NL26qGmqsp+u1Jq2xceNzn8H9O2HbVCUQXrXo RofB2qkwwopjW5T0xun9WRle6uWuzzVQQXidT4zlmt5L6Q5myJ56/LD6mL1sIfRg BnoZbUpjOxwP2SWNHPZvxCiu0hN7nQUQKzP+kTkeKVOIx60KY/xmK4ROmimVR8lB K4ikAMvb9gMm7tCnaD5E =zxHu -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 15, 2023
Red Hat
98
security advisorydenial of servicebuffer overflowRed Hat JBoss 7.4 Security Update: RHSA-2021-3658-01 Critical DoS Issues
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.4.1 security update on RHEL 8 Advisory ID: RHSA-2021:3658-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2021:3658 Issue date: 2021-09-23 CVE Names: CVE-2020-13936 CVE-2021-3536 CVE-2021-3597 CVE-2021-3642 CVE-2021-3644 CVE-2021-3690 CVE-2021-21295 CVE-2021-21409 CVE-2021-28170 CVE-2021-29425 ==================================================================== 1. Summary: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.4 for RHEL 8 - noarch 3. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.0 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.1 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): *velocity: arbitrary code execution when attacker is able to modify templates (CVE-2020-13936) * undertow: buffer leak on incoming websocket PONG message may lead to DoS (CVE-2021-3690) * undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS (CVE-2021-3597) * wildfly-elytron: possible timing attack in ScramServer (CVE-2021-3642) * netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295) * netty: Request smuggling via content-length header (CVE-2021-21409) * jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate (CVE-2021-28170) * apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 (CVE-2021-29425) * wildfly: XSS via admin console when creating roles in domain mode (CVE-2021-3536) * wildfly-core: Invalid Sensitivity Classification of Vault Expression (CVE-2021-3644) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1937364 - CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation 1937440 - CVE-2020-13936 velocity: arbitrary code execution when attacker is able to modify templates 1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 1948001 - CVE-2021-3536 wildfly: XSS via admin console when creating roles in domain mode 1948752 - CVE-2021-29425 apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 1965497 - CVE-2021-28170 jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate 1970930 - CVE-2021-3597 undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS 1976052- CVE-2021-3644 wildfly-core: Invalid Sensitivity Classification of Vault Expression 1981407 - CVE-2021-3642 wildfly-elytron: possible timing attack in ScramServer 1991299 - CVE-2021-3690 undertow: buffer leak on incoming websocket PONG message may lead to DoS 6. JIRA issues fixed (https://issues.redhat.com/): JBEAP-18402 - Tracker bug for the EAP 7.4.1 release for RHEL-8 JBEAP-21231 - (7.4.x) Upgrade jgroups-kubernetes to 1.0.16.Final JBEAP-21257 - (7.4.z) Upgrade Infinispan from 11.0.9.Final to 11.0.11.Final JBEAP-21258 - (7.4.z) ISPN-12807 - Simple cache does not update eviction statistics JBEAP-21261 - (7.4.z) Upgrade to wildfly-http-client to 1.1.7.Final JBEAP-21263 - [GSS](7.4.z) Upgrade yasson from 1.0.5 to 1.0.9 JBEAP-21270 - [GSS] (7.4.z) Upgrade undertow from 2.2.5.Final to 2.2.8.SP1 JBEAP-21276 - [GSS](7.4.z) Non Transactional Cache needs to be invalidated after commit on JPQL update/delete operation JBEAP-21277 - [GSS](7.4.z) Upgrade Hibernate ORM from 5.3.20.Final-redhat-00001 to 5.3.20.SP1-redhat-00001 JBEAP-21281 - (7.4.z) Upgrade xalan from 2.7.1.redhat-12 to 2.7.1.redhat-13 JBEAP-21300 - (7.4.x) Upgrade velocity from 2.2.0.redhat-00001 to 2.3.0.redhat-00001 JBEAP-21309 - (7.4.z) Upgrade artemis-wildfly-integration from 1.0.2 to 1.0.4 JBEAP-21313 - [GSS](7.4.z) Upgrade Ironjacamar from 1.4.27.Final to 1.4.33.Final JBEAP-21472 - (7.4.z) Upgrade Elytron from 1.15.3.Final-redhat-00001 to 1.15.5.Final-redhat-00001 JBEAP-21569 - [GSS](7.4.z) Upgrade HAL from 3.3.2.Final-redhat-00001 to 3.3.7.Final-redhat-00001 JBEAP-21777 - (7.4.z) Upgrade jberet from 1.3.7.Final-redhat-00001 to 1.3.8.Final-redhat-00001 JBEAP-21781 - [GSS](7.4.z) WFCORE-5185 - Update ProviderDefinition to use optimised service loading API JBEAP-21818 - (7.4.z) Upgrade elytron-web from 1.6.2.Final-redhat-00001 to 1.9.1.Final JBEAP-21961 - (7.4.z) Upgrade remoting from 5.0.20.SP1-redhat-00001 to 5.0.23.Final-redhat-00001 JBEAP-21978 - (7.4.z) Upgrade WildFly Core from 15.0.2.Final-redhat-00001 to 15.0.3.Final-redhat-00001 JBEAP-22009- [GSS](7.4.z) HAL-1753 - The Locations table is not updated after changing the profile in breadcrumb navigation JBEAP-22084 - [GSS](7.4.z) Upgrade PicketBox from 5.0.3.Final-redhat-00007 to 5.0.3.Final-redhat-00008 JBEAP-22088 - (7.4.z) Upgrade wildfly-transaction-client from 1.1.13.Final-redhat-00001 to 1.1.14.Final-redhat-00001 JBEAP-22160 - (7.4.z) Upgrade jakarta.el from 3.0.3.redhat-00002 to 3.0.3.redhat-00006 JBEAP-22209 - (7.4.z) Upgrade commons-io from 2.5 to 2.10.0 JBEAP-22318 - (7.4.z) Upgrade WildFly Core from 15.0.3.Final-redhat-00001 to 15.0.4.Final-redhat-00001 JBEAP-22319 - (7.4.z) Upgrade undertow from 2.2.9.Final-redhat-00001 to 2.2.9.SP1-redhat-00001 7. Package List: Red Hat JBoss EAP 7.4 for RHEL8: Source: eap7-apache-commons-io-2.10.0-1.redhat_00001.1.el8eap.src.rpm eap7-artemis-wildfly-integration-1.0.4-1.redhat_00001.1.el8eap.src.rpm eap7-elytron-web-1.9.1-1.Final_redhat_00001.1.el8eap.src.rpm eap7-hal-console-3.3.7-1.Final_redhat_00001.1.el8eap.src.rpm eap7-hibernate-5.3.21-1.Final_redhat_00001.1.el8eap.src.rpm eap7-infinispan-11.0.12-1.Final_redhat_00001.1.el8eap.src.rpm eap7-ironjacamar-1.4.35-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jakarta-el-3.0.3-2.redhat_00006.1.el8eap.src.rpm eap7-jberet-1.3.9-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-remoting-5.0.23-2.SP1_redhat_00001.1.el8eap.src.rpm eap7-jboss-server-migration-1.10.0-8.Final_redhat_00009.1.el8eap.src.rpm eap7-jgroups-kubernetes-1.0.16-1.Final_redhat_00001.1.el8eap.src.rpm eap7-netty-4.1.63-1.Final_redhat_00001.1.el8eap.src.rpm eap7-picketbox-5.0.3-9.Final_redhat_00008.1.el8eap.src.rpm eap7-undertow-2.2.9-2.SP1_redhat_00001.1.el8eap.src.rpm eap7-velocity-2.3.0-1.redhat_00001.1.el8eap.src.rpm eap7-wildfly-7.4.1-2.GA_redhat_00003.1.el8eap.src.rpm eap7-wildfly-elytron-1.15.5-1.Final_redhat_00001.1.el8eap.src.rpm eap7-wildfly-http-client-1.1.8-1.Final_redhat_00001.1.el8eap.src.rpm eap7-wildfly-transaction-client-1.1.14-2.Final_redhat_00001.1.el8eap.src.rpm eap7-xalan-j2-2.7.1-36.redhat_00013.1.el8eap.src.rpm eap7-yasson-1.0.9-1.redhat_00001.1.el8eap.src.rpm noarch: eap7-apache-commons-io-2.10.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-artemis-wildfly-integration-1.0.4-1.redhat_00001.1.el8eap.noarch.rpm eap7-hal-console-3.3.7-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-5.3.21-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-core-5.3.21-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-entitymanager-5.3.21-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-envers-5.3.21-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-java8-5.3.21-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-11.0.12-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-cachestore-jdbc-11.0.12-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-cachestore-remote-11.0.12-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-client-hotrod-11.0.12-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-commons-11.0.12-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-component-annotations-11.0.12-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-core-11.0.12-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-hibernate-cache-commons-11.0.12-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-hibernate-cache-spi-11.0.12-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-hibernate-cache-v53-11.0.12-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-1.4.35-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-common-api-1.4.35-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-common-impl-1.4.35-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-common-spi-1.4.35-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-core-api-1.4.35-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-core-impl-1.4.35-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-deployers-common-1.4.35-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-jdbc-1.4.35-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ironjacamar-validator-1.4.35-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jakarta-el-3.0.3-2.redhat_00006.1.el8eap.noarch.rpm eap7-jberet-1.3.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jberet-core-1.3.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-remoting-5.0.23-2.SP1_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-server-migration-1.10.0-8.Final_redhat_00009.1.el8eap.noarch.rpm eap7-jboss-server-migration-cli-1.10.0-8.Final_redhat_00009.1.el8eap.noarch.rpm eap7-jboss-server-migration-core-1.10.0-8.Final_redhat_00009.1.el8eap.noarch.rpm eap7-jgroups-kubernetes-1.0.16-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-netty-4.1.63-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-netty-all-4.1.63-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-picketbox-5.0.3-9.Final_redhat_00008.1.el8eap.noarch.rpm eap7-picketbox-infinispan-5.0.3-9.Final_redhat_00008.1.el8eap.noarch.rpm eap7-undertow-2.2.9-2.SP1_redhat_00001.1.el8eap.noarch.rpm eap7-undertow-server-1.9.1-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-velocity-2.3.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-velocity-engine-core-2.3.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-7.4.1-2.GA_redhat_00003.1.el8eap.noarch.rpm eap7-wildfly-elytron-1.15.5-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-elytron-tool-1.15.5-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-http-client-common-1.1.8-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-http-ejb-client-1.1.8-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-http-naming-client-1.1.8-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-http-transaction-client-1.1.8-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-javadocs-7.4.1-2.GA_redhat_00003.1.el8eap.noarch.rpm eap7-wildfly-modules-7.4.1-2.GA_redhat_00003.1.el8eap.noarch.rpm eap7-wildfly-transaction-client-1.1.14-2.Final_redhat_00001.1.el8eap.noarch.rpm eap7-xalan-j2-2.7.1-36.redhat_00013.1.el8eap.noarch.rpm eap7-yasson-1.0.9-1.redhat_00001.1.el8eap.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8.References: https://access.redhat.com/security/cve/CVE-2020-13936 https://access.redhat.com/security/cve/CVE-2021-3536 https://access.redhat.com/security/cve/CVE-2021-3597 https://access.redhat.com/security/cve/CVE-2021-3642 https://access.redhat.com/security/cve/CVE-2021-3644 https://access.redhat.com/security/cve/CVE-2021-3690 https://access.redhat.com/security/cve/CVE-2021-21295 https://access.redhat.com/security/cve/CVE-2021-21409 https://access.redhat.com/security/cve/CVE-2021-28170 https://access.redhat.com/security/cve/CVE-2021-29425 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/ 9. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYUyqm9zjgjWX9erEAQjH1g/+Ppuz7krcdea4827pGXsIGzieQDvw4h/u j85t5i0/k9UKm5I4RLNBlxABURGjNVgl3ITDLU0HCBPYW0Y1unquUe6ybXxyp55H fQ88nUVhuVS1KA8u1+JLnyI07k8he5wkyqyDa72Z+ULpXDjua7PfK+jI3RQkAp8B yqeP+gyMLq5lb4bFaSQV7+xfAAsjtB9B2tSwZTYioKxVwmGs6qOLFEZSgJrm1FyL lDhra9IcEmjnWj7QfAElELH1KdnguWf1l6fxOss/u/0IU4Kb9/it63w/KKiH7eKl TYLeMP+z03Yv9FP6LQwuGpJZL24F0g0ZEY8pG23b4/doNrvJhA/b8vdwE4xdS0VO Wht0PLdIMWXmf7JdwaSWHYiZrYBV42E+Ac6o5//q06B4lbg/NsW5g2cRvLT8BF4v MrS59t866xhWLCPaexTWuaugdaXq0lJy23NkWFPaYf3S3i4lYAoxfVy2BH9TAXQ7 qoCZpXQi5680yzxBMC4Db91AakVMK6EijTiwm0XSqFjSYZ2fjo3PZX3vHTxw5rYo uNXHSVMfc4+7NfBcE2TS122i3/Achy8W6yk9Rq8EEI0yldQP47CKY6EC/r0HDJ2/ coK/yHG63//e2rJiZS6bfV8W9QP1REkZTBrBbZjjidGXKFYqXjUKbTrnGxhuV1yZ 5957NNRhLbY=LINr -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Sep 23, 2021
•Important
Red Hat
91
security advisorydenial of servicegentooGentoo: GLSA-201812-01 Normal: PHP Denial of Service Threat
Multiple vulnerabilities have been found in PHP, the worst of which could result in a Denial of Service condition.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201812-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: PHP: Multiple vulnerabilities Date: December 02, 2018 Bugs: #658092, #666256 ID: 201812-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in PHP, the worst of which could result in a Denial of Service condition. Background ========= PHP is an open source general-purpose scripting language that is especially suited for web development. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-lang/php *< 5.6.38 *> = 5.6.38 *< 7.0.32 *> = 7.0.32 *< 7.1.22 *> = 7.1.22 < 7.2.10 > = 7.2.10 Description ========== Multiple vulnerabilities have been discovered in PHP. Please review the referenced CVE identifiers for details. Impact ===== An attacker could cause a Denial of Service condition or obtain sensitive information. Workaround ========= There is no known workaround at this time. Resolution ========= All PHP 5.6.X users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-lang/php-5.6.38" All PHP 7.0.X users should upgrade to the latest version: # emerge --sync # emerge --ask--oneshot --verbose "> =dev-lang/php-7.0.32" All PHP 7.1.X users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-lang/php-7.1.22" All PHP 7.2.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-lang/php-7.2.10" References ========= [ 1 ] CVE-2018-10545 https://nvd.nist.gov/vuln/detail/CVE-2018-10545 [ 2 ] CVE-2018-10546 https://nvd.nist.gov/vuln/detail/CVE-2018-10546 [ 3 ] CVE-2018-10548 https://nvd.nist.gov/vuln/detail/CVE-2018-10548 [ 4 ] CVE-2018-10549 https://nvd.nist.gov/vuln/detail/CVE-2018-10549 [ 5 ] CVE-2018-17082 https://nvd.nist.gov/vuln/detail/CVE-2018-17082 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201812-01 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Dec 02, 2018
Gentoo
98
security advisoryRed HatXSSRed Hat: RHSA-2008:0648-01 Important: Tomcat XSS Remote Attack
Updated tomcat packages that fix several security issues are now available for Red Hat Enterprise Linux 5. A cross-site scripting vulnerability was discovered in the HttpServletResponse.sendError() method. A remote attacker could inject arbitrary web script or HTML via forged HTTP headers. This update has been rated as having important security impact by the Red Hat Security Response Team.. ==================================================================== Red Hat Security Advisory Synopsis: Important: tomcat security update Advisory ID: RHSA-2008:0648-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2008:0648.html Issue date: 2008-08-27 Keywords: Security CVE Names: CVE-2008-1232 CVE-2008-1947 CVE-2008-2370 CVE-2008-2938 ==================================================================== 1. Summary: Updated tomcat packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A cross-site scripting vulnerability was discovered in the HttpServletResponse.sendError() method. A remote attacker could inject arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232) An additional cross-site scripting vulnerability was discovered in the host manager application. A remote attacker could inject arbitrary web script or HTML via the hostname parameter. (CVE-2008-1947) A traversal vulnerability was discovered when using a RequestDispatcher in combination with aservlet or JSP. A remote attacker could utilize a specially-crafted request parameter to access protected web resources. (CVE-2008-2370) An additional traversal vulnerability was discovered when the "allowLinking" and "URIencoding" settings were activated. A remote attacker could use a UTF-8-encoded request to extend their privileges and obtain local files accessible to the Tomcat process. (CVE-2008-2938) Users of tomcat should upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 446393 - CVE-2008-1947 Tomcat host manager xss - name field 456120 - CVE-2008-2938 tomcat Unicode directory traversal vulnerability 457597 - CVE-2008-1232 tomcat: Cross-Site-Scripting enabled by sendError call 457934 - CVE-2008-2370 tomcat RequestDispatcher information disclosure vulnerability 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: tomcat5-debuginfo-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_2.1.i386.rpm x86_64: tomcat5-debuginfo-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_2.1.x86_64.rpm RHEL Desktop Workstation (v. 5client): Source: i386: tomcat5-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-admin-webapps-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-common-lib-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-debuginfo-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-jasper-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-server-lib-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-webapps-5.5.23-0jpp.7.el5_2.1.i386.rpm x86_64: tomcat5-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-admin-webapps-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-common-lib-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-debuginfo-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-jasper-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-server-lib-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-webapps-5.5.23-0jpp.7.el5_2.1.x86_64.rpm Red Hat Enterprise Linux (v. 5server): Source: i386: tomcat5-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-admin-webapps-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-common-lib-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-debuginfo-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-jasper-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-server-lib-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_2.1.i386.rpm tomcat5-webapps-5.5.23-0jpp.7.el5_2.1.i386.rpm ia64: tomcat5-5.5.23-0jpp.7.el5_2.1.ia64.rpm tomcat5-admin-webapps-5.5.23-0jpp.7.el5_2.1.ia64.rpm tomcat5-common-lib-5.5.23-0jpp.7.el5_2.1.ia64.rpm tomcat5-debuginfo-5.5.23-0jpp.7.el5_2.1.ia64.rpm tomcat5-jasper-5.5.23-0jpp.7.el5_2.1.ia64.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_2.1.ia64.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_2.1.ia64.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_2.1.ia64.rpm tomcat5-server-lib-5.5.23-0jpp.7.el5_2.1.ia64.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_2.1.ia64.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_2.1.ia64.rpm tomcat5-webapps-5.5.23-0jpp.7.el5_2.1.ia64.rpm ppc: tomcat5-5.5.23-0jpp.7.el5_2.1.ppc.rpm tomcat5-5.5.23-0jpp.7.el5_2.1.ppc64.rpm tomcat5-admin-webapps-5.5.23-0jpp.7.el5_2.1.ppc.rpm tomcat5-common-lib-5.5.23-0jpp.7.el5_2.1.ppc.rpm tomcat5-debuginfo-5.5.23-0jpp.7.el5_2.1.ppc.rpm tomcat5-debuginfo-5.5.23-0jpp.7.el5_2.1.ppc64.rpm tomcat5-jasper-5.5.23-0jpp.7.el5_2.1.ppc.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_2.1.ppc.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_2.1.ppc.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_2.1.ppc.rpm tomcat5-server-lib-5.5.23-0jpp.7.el5_2.1.ppc.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_2.1.ppc.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_2.1.ppc.rpm tomcat5-webapps-5.5.23-0jpp.7.el5_2.1.ppc.rpm s390x: tomcat5-5.5.23-0jpp.7.el5_2.1.s390x.rpm tomcat5-admin-webapps-5.5.23-0jpp.7.el5_2.1.s390x.rpm tomcat5-common-lib-5.5.23-0jpp.7.el5_2.1.s390x.rpm tomcat5-debuginfo-5.5.23-0jpp.7.el5_2.1.s390x.rpm tomcat5-jasper-5.5.23-0jpp.7.el5_2.1.s390x.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_2.1.s390x.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_2.1.s390x.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_2.1.s390x.rpm tomcat5-server-lib-5.5.23-0jpp.7.el5_2.1.s390x.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_2.1.s390x.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_2.1.s390x.rpm tomcat5-webapps-5.5.23-0jpp.7.el5_2.1.s390x.rpm x86_64: tomcat5-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-admin-webapps-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-common-lib-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-debuginfo-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-jasper-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-jasper-javadoc-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-jsp-2.0-api-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-jsp-2.0-api-javadoc-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-server-lib-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-servlet-2.4-api-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-servlet-2.4-api-javadoc-5.5.23-0jpp.7.el5_2.1.x86_64.rpm tomcat5-webapps-5.5.23-0jpp.7.el5_2.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CVE-2008-1232 https://www.cve.org/CVERecord?id=CVE-2008-1947 https://www.cve.org/CVERecord?id=CVE-2008-2370 https://www.cve.org/CVERecord?id=CVE-2008-2938 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2008 Red Hat, Inc. . A vital security patch for Tomcat on Red Hat Enterprise Linux mitigates risks linked to remote exploits and existing vulnerabilities,significantly enhancing protection.. Tomcat Security, Red Hat Update, Web Application Security. . Severity: Important. LinuxSecurity.com Team
Aug 27, 2008
•Important
Red Hat
98
security advisorybuffer overflowcross-site scriptingRed Hat Developer Suite 3 RHSA-2007:0328-01 Critical: Tomcat Update
Updated tomcat packages that fix multiple security issues and a bug are now available for Red Hat Developer Suite 3. Tomcat was found to accept multiple content-length headers in a request. This could allow attackers to poison a web-cache, bypass web application firewall protection, or conduct cross-site scripting attacks. . - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: tomcat security update Advisory ID: RHSA-2007:0328-01 Advisory URL: https://access.redhat.com/errata/RHSA-2007:0328.html Issue date: 2007-05-24 Updated on: 2007-05-24 Product: Red Hat Developer Suite v.3 CVE Names: CVE-2005-2090 CVE-2006-7195 CVE-2007-0450 - ---------------------------------------------------------------------1. Summary: Updated tomcat packages that fix multiple security issues and a bug are now available for Red Hat Developer Suite 3. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Developer Suite v.3 (AS v.4) - noarch Red Hat Developer Suite v.3 (ES v.4) - noarch Red Hat Developer Suite v.3 (WS v.4) - noarch 3. Problem description: Tomcat is a servlet container for Java Servlet and JavaServer Pages technologies. Tomcat was found to accept multiple content-length headers in a request. This could allow attackers to poison a web-cache, bypass web application firewall protection, or conduct cross-site scripting attacks. (CVE-2005-2090) Tomcat permitted various characters as path delimiters. If Tomcat was used behind certain proxies and configured to only proxy some contexts, an attacker could construct an HTTP request to work around the context restriction and potentially access non-proxied content. (CVE-2007-0450) The implict-objects.jsp file distributed in the examples webapp displayed a number of unfiltered header values. If the JSPexamples are accessible, this flaw could allow a remote attacker to perform cross-site scripting attacks. (CVE-2006-7195) Updated jakarta-commons-modeler packages which correct a bug when used with Tomcat 5.5.23 are also included. Users should upgrade to these erratum packages which contain an update to Tomcat that resolves these issues. 4. Solution: Note: /etc/tomcat5/web.xml has been updated to disable directory listing by default. If you have previously modified /etc/tomcat5/web.xml, this change will not be made automatically and you should manually update the value for the "listings" parameter to "false". Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 237109 - CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195) 6. RPMs required: Red Hat Developer Suite v.3 (AS v.4): SRPMS: 4222be2605c1611c0fa35dbb6bd6e4f0 jakarta-commons-modeler-2.0-3jpp_3rh.src.rpm a5dd8945b03a8c0c95db79d58fbd3ca7 tomcat5-5.5.23-0jpp_6rh.src.rpm noarch: 9390a4076d922b0de9560187e83a6f82 jakarta-commons-modeler-2.0-3jpp_3rh.noarch.rpm a65422af787444bc997f561246e94348 tomcat5-5.5.23-0jpp_6rh.noarch.rpm bfac8a20f267cf60b508bd3097827d3f tomcat5-common-lib-5.5.23-0jpp_6rh.noarch.rpm 612d61b93903cfff32be17dc7faa733b tomcat5-jasper-5.5.23-0jpp_6rh.noarch.rpm 6ad168cda6379b7c6c0348eb1fc6a52e tomcat5-jsp-2.0-api-5.5.23-0jpp_6rh.noarch.rpm 41b2143aafc7986f8d7ae7b84eca9411 tomcat5-server-lib-5.5.23-0jpp_6rh.noarch.rpm cf311e6fc560319b3581e6a1b80c81a6 tomcat5-servlet-2.4-api-5.5.23-0jpp_6rh.noarch.rpm Red Hat Developer Suite v.3 (ES v.4): SRPMS: 4222be2605c1611c0fa35dbb6bd6e4f0 jakarta-commons-modeler-2.0-3jpp_3rh.src.rpm a5dd8945b03a8c0c95db79d58fbd3ca7 tomcat5-5.5.23-0jpp_6rh.src.rpm noarch: 9390a4076d922b0de9560187e83a6f82 jakarta-commons-modeler-2.0-3jpp_3rh.noarch.rpm a65422af787444bc997f561246e94348 tomcat5-5.5.23-0jpp_6rh.noarch.rpm bfac8a20f267cf60b508bd3097827d3f tomcat5-common-lib-5.5.23-0jpp_6rh.noarch.rpm 612d61b93903cfff32be17dc7faa733b tomcat5-jasper-5.5.23-0jpp_6rh.noarch.rpm 6ad168cda6379b7c6c0348eb1fc6a52e tomcat5-jsp-2.0-api-5.5.23-0jpp_6rh.noarch.rpm 41b2143aafc7986f8d7ae7b84eca9411 tomcat5-server-lib-5.5.23-0jpp_6rh.noarch.rpm cf311e6fc560319b3581e6a1b80c81a6 tomcat5-servlet-2.4-api-5.5.23-0jpp_6rh.noarch.rpm Red Hat Developer Suite v.3 (WS v.4): SRPMS: 4222be2605c1611c0fa35dbb6bd6e4f0 jakarta-commons-modeler-2.0-3jpp_3rh.src.rpm a5dd8945b03a8c0c95db79d58fbd3ca7 tomcat5-5.5.23-0jpp_6rh.src.rpm noarch: 9390a4076d922b0de9560187e83a6f82 jakarta-commons-modeler-2.0-3jpp_3rh.noarch.rpm a65422af787444bc997f561246e94348 tomcat5-5.5.23-0jpp_6rh.noarch.rpm bfac8a20f267cf60b508bd3097827d3f tomcat5-common-lib-5.5.23-0jpp_6rh.noarch.rpm 612d61b93903cfff32be17dc7faa733b tomcat5-jasper-5.5.23-0jpp_6rh.noarch.rpm 6ad168cda6379b7c6c0348eb1fc6a52e tomcat5-jsp-2.0-api-5.5.23-0jpp_6rh.noarch.rpm 41b2143aafc7986f8d7ae7b84eca9411 tomcat5-server-lib-5.5.23-0jpp_6rh.noarch.rpm cf311e6fc560319b3581e6a1b80c81a6 tomcat5-servlet-2.4-api-5.5.23-0jpp_6rh.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are availablefrom https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CVE-2005-2090 https://www.cve.org/CVERecord?id=CVE-2006-7195 https://www.cve.org/CVERecord?id=CVE-2007-0450 https://tomcat.apache.org/security-5.html https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2007 Red Hat, Inc. . Apache Tomcat security patch: vital vulnerabilities fixed for Ubuntu Dev Tools, improving overall software protection.. Tomcat Update, Red Hat Security, Application Security, Critical Issues. . Severity: Important. LinuxSecurity.com Team
May 24, 2007
•Important
Red Hat
172
security advisorycritical threatubuntuUbuntu 6.06 LTS USN-397-1 Severity: Mono Directory Vulnerability
Jose Ramon Palanco discovered that the mono System.Web class did not consistently verify local file paths. As a result, the source code for mono web applications could be retrieved remotely, possibly leading to further compromise via the application's source. . =========================================================== Ubuntu Security Notice USN-397-1 December 20, 2006 mono vulnerability CVE-2006-6104 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: mono-classlib-1.0 1.1.13.6-0ubuntu3.2 mono-classlib-2.0 1.1.13.6-0ubuntu3.2 Ubuntu 6.10: libmono-system-web1.0-cil 1.1.17.1-1ubuntu7.1 libmono-system-web2.0-cil 1.1.17.1-1ubuntu7.1 After a standard system upgrade you need to restart any mono web applications to effect the necessary changes. Details follow: Jose Ramon Palanco discovered that the mono System.Web class did not consistently verify local file paths. As a result, the source code for mono web applications could be retrieved remotely, possibly leading to further compromise via the application's source. Updated packages for Ubuntu 6.06 LTS: Source archives: Size/MD5: 48871 95da1c90d723f6849f6996a12a60cbc6 Size/MD5: 1047 21557fc891cfdb0a9af47451010c218a Size/MD5: 18217583 330cc66c6a44525950daf10c4f17c10e Architecture independent packages: Size/MD5: 42032 11c561430b9d35ebc4c62f5d8982250e Size/MD5: 3794836 6d7e9dad1a8f98a9e5c9fc704148cc53 Size/MD5: 4560128 21602e7ff91b1f711873011ed7d87f66 Size/MD5: 4568456 9c30b6dcba099ea96eb4f9e8c618a3cc Size/MD5: 5218186f9f6fb451a766a1afa3ad0022f9252a9 Size/MD5: 53264 568d945f286aa77f4bf1a0101c1554bf Size/MD5: 841102 75142252d7637d54a44da37414090189 Size/MD5: 1415842 9e8b5ae50e7644763308cbe6096c35d8 amd64 architecture (Athlon64, Opteron, EM64T Xeon) Size/MD5: 1127690 1b4c2d97b84c0864a5b101709172ec9e Size/MD5: 866072 b1f3fd709caa15cd2c54c4953fe1668f Size/MD5: 115972 6beabaca2a334afb123d602f950dc004 Size/MD5: 42066 17bfdcd4a86f4e5e9c033d14d6fa1384 Size/MD5: 57624 5262d467e37ba718996a0b057b9b5c85 Size/MD5: 12924 69deab0d023bfcdedff49c8c9e0fe316 Size/MD5: 1117590 28380154c21bd7dad17f361555d84af8 Size/MD5: 1214 0ed2e4b1b5b975d6850458d0d7be67be i386 architecture (x86 compatible Intel/AMD) Size/MD5: 1017346 b5cf785db92bcdf2ec66e88f649359e3 Size/MD5: 780556 601d21535e3baa5f02124fcebf545006 Size/MD5: 115534 55d7b1e8bfc0b49806ce6fbe879292d1 Size/MD5: 42064 a1025dce492c6e925c4306f9a2cfa007 Size/MD5: 50692 a50854b6d1df53e9b70d9f2c2566a15a Size/MD5: 12724 243586247671b7faa749a4d6cd3c33a7 Size/MD5: 1015004 8b9cfe5134cfe97f585080d2c571ef5b Size/MD5: 1210 32d89462b5e4398db6b4807575e3b0f3 powerpc architecture (Apple Macintosh G3/G4/G5) Size/MD5: 1085196 acd7fc6c681501959273b01f0e510233 Size/MD5: 816242 465fa119ffee6aac2d569ff7f04883f2 Size/MD5: 116514 26c997fe0a8ed68c66b54a00e7d52357 Size/MD5: 42068 f6dfd7e19ddb761902ccfa2d9f5344ce Size/MD5: 56654 a0eb22b159b7037ea7f286148dc56c39 Size/MD5: 14790 1ba1e121936d0588f4921a8481fa200e Size/MD5: 1102970 6a02b9bf34da073067ec61970ec5c4c9 Size/MD5: 1214 0caf8bd6ce431b226941c62a602369cc sparc architecture (Sun SPARC/UltraSPARC) Size/MD5: 1093072 4500d1121f03adeea62cb27d327c61f2 Size/MD5: 8209447073e3ded35354f6de76e68b25bb108c Size/MD5: 116092 067c29ec0dc398c4279d46004970176d Size/MD5: 42064 efcdda6f00ff3539dadfb60d69eb13ee Size/MD5: 53662 51aa7729f708eb2ea4903c42bdffc143 Size/MD5: 13002 cfa13256a3e43d73f82e8e9ff51d7fc3 Size/MD5: 1049814 76c2214b80471d6233021f10fad0fca9 Size/MD5: 1214 cbf5c0379713b9fbff6f8abc443a6a54 Updated packages for Ubuntu 6.10: Source archives: Size/MD5: 41023 f023375eafc247cf75d0452571ec393a Size/MD5: 2303 4c239666e467fa49eb99e2329cefd631 Size/MD5: 19352812 072cb3de1f19cbebd6034f7a5cff1292 Architecture independent packages: Size/MD5: 19704 415f4665cfcbf1020697fcaad74a3781 Size/MD5: 19638 478c9b6316f4fb1e6774a784b6eb1162 Size/MD5: 91206 e3107aeae7dcb3c9113c17f8658ee15e Size/MD5: 91268 2a82d60eca1313f98ca390d310249c67 Size/MD5: 226832 6f69ab121db51554e3be115655e97885 Size/MD5: 45284 82995c188697c5f1c22e4043c2df598b Size/MD5: 45080 527a1dcadc94992ad317d3c1c7387169 Size/MD5: 1845196 fce79a13a9061e1663777f51171be67f Size/MD5: 2086932 2642319f830d8ff8f94df19a397271e3 Size/MD5: 24042 15bff0120d4fa815f2e27d4e010287ea Size/MD5: 24274 f883d9922ccfa443ba124358aa90b7d2 Size/MD5: 64786 0621bcb4cfdbdf69af07b344e3399807 Size/MD5: 68502 5afb4df0eee2a7c74cea0a3cced50471 Size/MD5: 295562 18719dfa8f62049754f405a591dc7a67 Size/MD5: 221734 00373852dca844ec04782c038ff14fb5 Size/MD5: 221588 ece3b4dc87635b8a10d89d9292283526 Size/MD5: 196264 48f7563e4a9f132b0e2e589987179f54 Size/MD5: 272388 69a2a0193c5c6899815dede37c4abe87 Size/MD5: 272460 cd96cc27916215880d0bc5d12d523fe8 Size/MD5: 130810 f95d1d2f193b28cc03720c9c85288d6f Size/MD5: 131002 25058c028f497bd536e2dd22dc06fec2 Size/MD5: 113192 765bf6ca38bca5438760577734649bb2 Size/MD5: 112682 c86c16ea72e930e158ddda1b5f54d200 Size/MD5: 100978 d6dbe49b7a731dc410e69fc8bd111259 Size/MD5: 101016 76df4fad22d6a36b5a05899ab9f2c734 Size/MD5: 178548 8ce8c27c9cfe9b46066005a0defcb955 Size/MD5: 179020 dba2968c13a7bf3d828224ddd23ca123 Size/MD5: 247092 e0ff3768cb9943fc0b33370bdd52fb2d Size/MD5: 248302 36bbbc4b14ded0afa0e951f65c156d61 Size/MD5: 109692 244b57cd04ea60d12940851132e85522 Size/MD5: 131906 f3bde99a2c0786ba8ad87c4d183c256b Size/MD5: 109778 4670af48d9dfa8ba77baf0fb889f1fc4 Size/MD5: 131968 903962af278fc1cf9d4cc1dfc51eee66 Size/MD5: 43128 b1d362169846207b08b5a2527b8877cb Size/MD5: 43100 dfc5aaf37ab6a1bf5c8d180e7f7f35ea Size/MD5: 457190 7246bc28c92c70d5708b0a34502f1c10 Size/MD5: 522340 a953c525229103481063219285ed082a Size/MD5: 48068 e3e5eb751ae55ad29312a228401e81a5 Size/MD5: 48028 3e6fac752208e6ca4dd2c42c0f586ada Size/MD5: 63496 d2ea4fb9e29efa4677825afe266464e5 Size/MD5: 63494 99e64b84751580e777e6f7554e1458eb Size/MD5: 118400 47f669e86356f713474d310e22ff59b2 Size/MD5: 135976 481b165e89b015f1018c9730a74e2b53 Size/MD5: 773126 7c3ab311fc18a7955d08a797b7bdd2b6 Size/MD5: 1414414 98992dbb9a8379607a2d508ef6aeb2d0 Size/MD5: 1747274 6cacfc2f93b9ff4a496368fbd9a20a31 Size/MD5: 2286404 35459134d553371940a0610cec144182 Size/MD5: 1364398 387b26116687f175d349726605f9061d Size/MD5: 1563772 e526e6ed11f8d1422fb85357224f3810 Size/MD5: 403398 c586276f6e18c50a2744d5659d807d52 Size/MD5: 403468 4e2069173a529a7c7f00222e95d66620 Size/MD5: 15932 f5d0e0b1096e5eac4c96f169b0e176e4 Size/MD5: 15912 4793e87d090a46d3f7685b6d8c7da662 Size/MD5: 29368bd3b18c67416199522215bce088ace8f Size/MD5: 839480 2f4e9b0cd4759166408dbbf3fd51fc21 Size/MD5: 1012390 11f5282cf5d033cf622861509e629a37 Size/MD5: 26122 20dd25afee3f83dc1e212dc2a54edbe0 amd64 architecture (Athlon64, Opteron, EM64T Xeon) Size/MD5: 1145618 85857b8102b3228b8726582f246bd238 Size/MD5: 871482 4fcf666e9b9f0c7bb8e3e95663b275dc Size/MD5: 93458 b2514c1e1400afd2206d34cd70757457 Size/MD5: 15892 998c84af3ffb55064621e67cb8bda067 Size/MD5: 59986 4d773655db93dac648bee002aba38400 Size/MD5: 752996 2f3ec0865a533e43a87147e642b183cd Size/MD5: 15860 ad0ebdc556e927546bec5dbb7d62b591 Size/MD5: 1164930 c9bc39cc32a10441c46e27757d198e51 Size/MD5: 1260 53eed5f5714aaaaccfe1c9a74861df47 i386 architecture (x86 compatible Intel/AMD) Size/MD5: 1075932 b57808aa52e598c304d6d56718034bc5 Size/MD5: 831988 d6b3fc0b4c0fd8ea33867a54f80f380f Size/MD5: 93020 51361081e622cbee1b3ba33f32cac0de Size/MD5: 15886 2b7381abbfd2e09c00bd3f32122e1028 Size/MD5: 53642 019d8e834568651b9949cff6ea44f292 Size/MD5: 697248 7f6db63e2fb5593c699c46717336f650 Size/MD5: 15856 7114e6d2c648d93df426fe75a9ead053 Size/MD5: 1107016 bfc189007e62c2637f72b12372152949 Size/MD5: 1260 a8b2313e9bc6989a55ea25a909d3ff86 powerpc architecture (Apple Macintosh G3/G4/G5) Size/MD5: 1109028 dd4f5249b6439c99a4d5269222388059 Size/MD5: 832364 da661a458e1278c34528696457ede4c3 Size/MD5: 93896 5ff5eb7f165b6c2c2d82c0ab955c59a2 Size/MD5: 15894 17a7d78602fbac998549caac69b33227 Size/MD5: 58712 74385f2f9d46556693082cf2fb6fca53 Size/MD5: 716246 6a0ed7f2c72f5d18757c397e4af2fc68 Size/MD5: 15862 b461f6b6676af3bd79a4dadfdda08ff2 Size/MD5: 1160836 81deab21481bf57def0c1108be597101 Size/MD5: 1260 482c88080f1375e327e631b61adc6552 sparc architecture (Sun SPARC/UltraSPARC) Size/MD5: 1124674 01d7a962a0035faea6746e979d01776c Size/MD5: 839334 b3be3cdabecdfaa375090127c04ef2d5 Size/MD5: 93488 3bbf0e0433549db3a40d3a98081d9af8 Size/MD5: 15892 746e0b301c4017d9c38d54515eeb13d1 Size/MD5: 56182 08a1b26440c074071129120adde393b7 Size/MD5: 704896 17189bf83898893b4da699653b1ed2a9 Size/MD5: 15862 d18ac3cc83e94fe549c32d57bc512f65 Size/MD5: 1110106 1de8dc45fdcd083a298e876a39e4c676 Size/MD5: 1260 91765ebd3ef94a7ba557aef413a86951 . Ubuntu Security Notice USN-398-1 addresses a mono flaw that could result in sensitive data exposure.. Ubuntu Security Advisory, Mono Framework Risks, Web App Vulnerabilities. . Severity: Critical. LinuxSecurity.com Team
Dec 20, 2006
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!