Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Can sandbox isolation stop malware?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/154-can-sandbox-isolation-stop-malware?task=poll.vote&format=json
154
radio
0
[{"id":497,"title":"Breaches happen despite container barriers.","votes":1,"type":"x","order":1,"pct":33.33,"resources":[]},{"id":498,"title":"Supply chain flaws exploit trust.","votes":2,"type":"x","order":2,"pct":66.67,"resources":[]},{"id":499,"title":"Flawed configurations expose vital files.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -8 articles for you...
89

Fedora 22: 2016-e289f41b76 Critical: Prosody Path Traversal and PRNG Issues

Prosody 0.9.9 -------------- * Fix path traversal vulnerability in mod_http_files (CVE-2016-1231) * Fix use of weak PRNG in generation of dialback secrets (CVE-2016-1232) Bugs ---- * Improve handling of CNAME records in DNS * Fix traceback when deleting a user in some configurations (issue #496) * MUC:. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-e289f41b76 2016-01-21 04:13:52.521214 -------------------------------------------------------------------------------- Name : prosody Product : Fedora 22 Version : 0.9.9 Release : 2.fc22 URL : https://prosody.im/ Summary : Flexible communications server for Jabber/XMPP Description : Prosody is a flexible communications server for Jabber/XMPP written in Lua. It aims to be easy to use, and light on resources. For developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols. -------------------------------------------------------------------------------- Update Information: Prosody 0.9.9 ============= A summary of changes: Security fixes -------------- * Fix path traversal vulnerability in mod_http_files (CVE-2016-1231) * Fix use of weak PRNG in generation of dialback secrets (CVE-2016-1232) Bugs ---- * Improve handling of CNAME records in DNS * Fix traceback when deleting a user in some configurations (issue #496) * MUC: restrict_room_creation could prevent users from joining rooms (issue #458) * MUC: fix occasional dropping of iq stanzas sent privately between occupants * Fix a potential memory leak in mod_pep Additions --------- * Add http:list() command to telnet to view active HTTP services * Simplify IPv4/v6 address selection code for outgoing s2s * Add support for importing SCRAM hashes from ejabberd -------------------------------------------------------------------------------- References: [ 1 ] Bug #1296984 - CVE-2016-1232 prosody: use ofweak PRNG in generation of dialback secrets https://bugzilla.redhat.com/show_bug.cgi?id=1296984 [ 2 ] Bug #1296983 - CVE-2016-1231 prosody: path traversal vulnerability in mod_http_files https://bugzilla.redhat.com/show_bug.cgi?id=1296983 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update prosody' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/admin/lists/package-announce.lists.fedoraproject.org/ . Debian's latest security patch resolves severe vulnerabilities, such as privilege escalation and insufficient entropy concerns.. Fedora Security, Prosody Update, Path Traversal, PRNG Issues, XMPP Server. . LinuxSecurity.com Team

Calendar%202 Jan 21, 2016 Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Can sandbox isolation stop malware?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/154-can-sandbox-isolation-stop-malware?task=poll.vote&format=json
154
radio
0
[{"id":497,"title":"Breaches happen despite container barriers.","votes":1,"type":"x","order":1,"pct":33.33,"resources":[]},{"id":498,"title":"Supply chain flaws exploit trust.","votes":2,"type":"x","order":2,"pct":66.67,"resources":[]},{"id":499,"title":"Flawed configurations expose vital files.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Your message here