Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
89
security advisoryfedoracriticalFedora 32: 2021-444e38face Critical: Jetty 9.4.40 DoS Threat
Update to Jetty 9.4.40 (fixes multiple CVEs). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-444e38face 2021-04-29 01:21:37.105103 --------------------------------------------------------------------------------Name : jetty Product : Fedora 32 Version : 9.4.40 Release : 1.fc32 URL : https://jetty.org/ Summary : Java Webserver and Servlet Container Description : Jetty is a 100% Java HTTP Server and Servlet Container. This means that you do not need to configure and run a separate web server (like Apache) in order to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully featured web server for static and dynamic content. Unlike separate server/container solutions, this means that your web server and web application run in the same process, without interconnection overheads and complications. Furthermore, as a pure java component, Jetty can be simply included in your application for demonstration, distribution or deployment. Jetty is available on all Java supported platforms. --------------------------------------------------------------------------------Update Information: Update to Jetty 9.4.40 (fixes multiple CVEs) --------------------------------------------------------------------------------ChangeLog: * Wed Apr 21 2021 Alexander Kurtakov 9.4.40-1 - Update to Jetty 9.4.40 (fixes multiple CVEs) * Mon Mar 29 2021 Alexander Kurtakov 9.4.38-1 - Update to Jetty 9.4.38 * Tue Jan 26 2021 Fedora Release Engineering - 9.4.36-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Mon Jan 18 2021 Mat Booth - 9.4.36-1 - Update to latest upstream release * Wed Oct 28 2020 Mat Booth - 9.4.33-1 - Update to latest upstream release * Wed Aug 19 2020 Mat Booth - 9.4.31-3 - Rebuild to regenerate OSGi metadata for dependency on servlet-api - Add patch to build against new APIs in servlet4 --------------------------------------------------------------------------------References: [ 1 ] Bug #1945710 - CVE-2021-28163 jetty: Symlink directory exposes webapp directory contents https://bugzilla.redhat.com/show_bug.cgi?id=1945710 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-444e38face' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Apr 28, 2021
•Critical
Fedora
89
security advisoryFedorasecurity fixFedora 32: FEDORA-2020-cf8ef2f333 Critical: Jetty Information Disclosure
Updates to the latest upstream release of Eclipse. See the upstream release notes for details: https://eclipseide.org/release/noteworthy/ Also contains security fixes for CVE-2019-17566 and CVE-2019-17638.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-cf8ef2f333 2020-08-31 15:48:37.485399 --------------------------------------------------------------------------------Name : jetty Product : Fedora 32 Version : 9.4.31 Release : 2.fc32 URL : https://jetty.org/ Summary : Java Webserver and Servlet Container Description : Jetty is a 100% Java HTTP Server and Servlet Container. This means that you do not need to configure and run a separate web server (like Apache) in order to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully featured web server for static and dynamic content. Unlike separate server/container solutions, this means that your web server and web application run in the same process, without interconnection overheads and complications. Furthermore, as a pure java component, Jetty can be simply included in your application for demonstration, distribution or deployment. Jetty is available on all Java supported platforms. --------------------------------------------------------------------------------Update Information: Updates to the latest upstream release of Eclipse. See the upstream release notes for details: https://eclipseide.org/release/noteworthy/ Also contains security fixes for CVE-2019-17566 and CVE-2019-17638. --------------------------------------------------------------------------------ChangeLog: * Thu Aug 13 2020 Mat Booth - 9.4.31-2 - Reflective use of classes that might not be present in the JDK should be optional when expressed as OSGi dependencies * Wed Aug 12 2020 Mat Booth - 9.4.31-1 - Update to latest upstream release * Tue Jul 28 2020 Fedora Release Engineering - 9.4.30-3.v20200611 - Rebuilt forhttps://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Fri Jul 10 2020 Jiri Vanek - 9.4.30-2.v20200611 - Rebuilt for JDK-11, see https://fedoraproject.org/wiki/Changes/Java11 * Thu Jun 18 2020 Mat Booth - 9.4.30-1.v20200611 - Update to latest upstream release * Fri Mar 20 2020 Mat Booth - 9.4.27-1.v20200227 - Update to latest upstream release --------------------------------------------------------------------------------References: [ 1 ] Bug #1848617 - CVE-2019-17566 batik: SSRF via "xlink:href" https://bugzilla.redhat.com/show_bug.cgi?id=1848617 [ 2 ] Bug #1864680 - CVE-2019-17638 jetty: double release of resource can lead to information disclosure https://bugzilla.redhat.com/show_bug.cgi?id=1864680 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-cf8ef2f333' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Aug 31, 2020
•Critical
Fedora
89
security advisorydenial of serviceupdateFedora 28: FEDORA-2018-a31054181a Critical: Lighttpd Denial Of Service
https://www.lighttpd.net/2018/10/14/1.4.51/. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-a31054181a 2018-10-23 21:06:54.129070 --------------------------------------------------------------------------------Name : lighttpd Product : Fedora 28 Version : 1.4.51 Release : 1.fc28 URL : http://www.lighttpd.net/ Summary : Lightning fast webserver with light system requirements Description : Secure, fast, compliant and very flexible web-server which has been optimized for high-performance environments. It has a very low memory footprint compared to other webservers and takes care of cpu-load. Its advanced feature-set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) make it the perfect webserver-software for every server that is suffering load problems. --------------------------------------------------------------------------------Update Information: https://www.lighttpd.net/2018/10/14/1.4.51/ --------------------------------------------------------------------------------ChangeLog: * Mon Oct 15 2018 Gwyn Ciesla - 1.4.51-1 - 1.4.51. * Mon Aug 13 2018 Gwyn Ciesla - 1.4.50-1 - 1.4.50. * Fri Jul 13 2018 Fedora Release Engineering - 1.4.49-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1639043 - update of lighttpd package from 1.4.49 to 1.4.50 causes pi-hole admin console to fail at startup. https://bugzilla.redhat.com/show_bug.cgi?id=1639043 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-a31054181a' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the FedoraProject GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Oct 23, 2018
•Critical
Fedora
89
security advisoryFedorasystem performanceFedora 22: 2016-f59b94c349 Moderate: Lighttpd Crash Fix
Bugfix release: http://www.lighttpd.net/2016/1/2/1.4.39/. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-f59b94c349 2016-01-12 04:14:59.559109 -------------------------------------------------------------------------------- Name : lighttpd Product : Fedora 22 Version : 1.4.39 Release : 1.fc22 URL : http://www.lighttpd.net/ Summary : Lightning fast webserver with light system requirements Description : Secure, fast, compliant and very flexible web-server which has been optimized for high-performance environments. It has a very low memory footprint compared to other webservers and takes care of cpu-load. Its advanced feature-set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) make it the perfect webserver-software for every server that is suffering load problems. -------------------------------------------------------------------------------- Update Information: Bugfix release: http://www.lighttpd.net/2016/1/2/1.4.39/ -------------------------------------------------------------------------------- References: [ 1 ] Bug #1295149 - lighttpd-1.4.39 is available https://bugzilla.redhat.com/show_bug.cgi?id=1295149 [ 2 ] Bug #1296487 - lighttpd: crash after use-after-free [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1296487 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update lighttpd' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailinglist
Jan 12, 2016
•Important
Fedora
202
security advisoryapachepatchopenSUSE 11.4: Security Update openSUSE-SU-2011:1217-1 Important Apache DoS
An update that solves one vulnerability and has two fixes An update that solves one vulnerability and has two fixes An update that solves one vulnerability and has two fixes is now available. is now available.. openSUSE Security Update: apache2: Fixed several security issues ______________________________________________________________________________ Announcement ID: openSUSE-SU-2011:1217-1 Rating: important References: #713966 #719236 #722545 Cross-References: CVE-2011-3192 Affected Products: openSUSE 11.4 openSUSE 11.3 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update fixes several security issues in the Apache webserver. The patch for the ByteRange remote denial of service attack (CVE-2011-3192) was refined and the configuration options used by upstream were added. Introduce new config option: Allow MaxRanges Number of ranges requested, if exceeded, the complete content is served. default: 200 0|unlimited: unlimited none: Range headers are ignored. This option is a backport from 2.2.21. Also fixed: CVE-2011-3348: Denial of service in proxy_ajp when using a undefined method. CVE-2011-3368: Exposure of internal servers via reverse proxy methods with mod_proxy enabled and incorrect Rewrite or Proxy Rules. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch apache2-5347 - openSUSE 11.3: zypper in -t patch apache2-5347 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): apache2-2.2.17-4.9.1 apache2-devel-2.2.17-4.9.1 apache2-example-certificates-2.2.17-4.9.1 apache2-example-pages-2.2.17-4.9.1 apache2-itk-2.2.17-4.9.1 apache2-prefork-2.2.17-4.9.1 apache2-utils-2.2.17-4.9.1 apache2-worker-2.2.17-4.9.1 - openSUSE 11.4 (noarch): apache2-doc-2.2.17-4.9.1 - openSUSE 11.3 (i586 x86_64): apache2-2.2.15-4.7.1 apache2-devel-2.2.15-4.7.1 apache2-example-certificates-2.2.15-4.7.1 apache2-example-pages-2.2.15-4.7.1 apache2-itk-2.2.15-4.7.1 apache2-prefork-2.2.15-4.7.1 apache2-utils-2.2.15-4.7.1 apache2-worker-2.2.15-4.7.1 - openSUSE 11.3 (noarch): apache2-doc-2.2.15-4.7.1 References: https://www.suse.com/security/cve/CVE-2011-3192.html . Important update for openSUSE users on Apache security vulnerabilities; please apply patches to enhance server protection and monitor site activities. apache security, openSUSE update, denial of service fix, important security patch, webserver vulnerability. . Severity: Important. LinuxSecurity.com Team
Nov 04, 2011
•Important
OpenSUSE
87
security advisoryDebianremoteDebian: DSA-1513-1 Critical CGI Source Exposure in Lighttpd
It was discovered that lighttpd, a fast webserver with minimal memory footprint, would display the source to CGI scripts if their execution failed in some circumstances.. - ------------------------------------------------------------------------Debian Security Advisory DSA-1513-1
Mar 06, 2008
•Critical
Debian
91
security advisorydenial of servicegentooGentoo: 200402-03 Normal: Monkeyd Denial of Service Attack
A bug in get_real_string() function allows for a Denial of Service attack to be launched against the webserver.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200402-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ~ https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ~ Severity: Normal ~ Title: Monkeyd Denial of Service vulnerability ~ Date: February 11, 2004 ~ Bugs: #41156 ~ ID: 200402-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A bug in get_real_string() function allows for a Denial of Service attack to be launched against the webserver. Background ========= The Monkey HTTP daemon is a Web server written in C that works under Linux and is based on the HTTP/1.1 protocol. It aims to develop a fast, efficient and small web server. Description ========== A bug in the URI processing of incoming requests allows for a Denial of Service to be launched against the webserver, which may cause the server to crash or behave sporadically. Impact ===== Although there are no public exploits known for bug, users are recommended to upgrade to ensure the security of their infrastructure. Workaround ========= There is no immediate workaround; a software upgrade is required. The vulnerable function in the code has been rewritten. Resolution ========= All users are recommended to upgrade monkeyd to 0.8.2: ~ # emerge sync ~ # emerge -pv "> =net-www/monkeyd-0.8.2" ~ # emerge "> =net-www/monkeyd-0.8.2" Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Feb 11, 2004
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!