Explore top 10 tips to secure your open-source projects now. Read More
×Several security issues were fixed in PostfixAdmin.. ========================================================================== Ubuntu Security Notice USN-6550-1 December 12, 2023 postfixadmin vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS (Available with Ubuntu Pro) - Ubuntu 20.04 LTS (Available with Ubuntu Pro) - Ubuntu 18.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in PostfixAdmin. Software Description: - postfixadmin: Virtual mail hosting interface for Postfix Details: It was discovered that Smarty, that is integrated in the PostfixAdmin code, was not properly sanitizing user input when generating templates. An attacker could, through PHP injection, possibly use this issue to execute arbitrary code. (CVE-2022-29221) It was discovered that Moment.js, that is integrated in the PostfixAdmin code, was using an inefficient parsing algorithm when processing date strings in the RFC 2822 standard. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-31129) It was discovered that Smarty, that is integrated in the PostfixAdmin code, was not properly escaping JavaScript code. An attacker could possibly use this issue to conduct cross-site scripting attacks (XSS). (CVE-2023-28447) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS (Available with Ubuntu Pro): postfixadmin 3.3.10-2ubuntu0.1~esm1 Ubuntu 20.04 LTS (Available with Ubuntu Pro): postfixadmin 3.2.1-3ubuntu0.1~esm1 Ubuntu 18.04 LTS (Available with Ubuntu Pro): postfixadmin 3.0.2-2ubuntu0.1~esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6550-1 CVE-2022-29221, CVE-2022-31129, CVE-2023-28447 . Ubuntu Security Advisory USN-6571-1addresses security flaws found in Phabricator affecting several Ubuntu releases.. PostfixAdmin Security, Denial of Service Threats, XSS Attacks. . LinuxSecurity.com Team
AWStats, a powerful and featureful web server log analyzer, allowed XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks. . - ----------------------------------------------------------------------- Debian LTS Advisory DLA-3225-1
Several issues were discovered in Epiphany, the GNOME web browser, allowing XSS attacks by malicious websites, or memory corruption and application crash by a page with a very long title. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3074-1
phpLiteAdmin could allow cross-site scripting (XSS) attacks.. =========================================================================Ubuntu Security Notice USN-5552-1 August 08, 2022 phpliteadmin vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: phpLiteAdmin could allow cross-site scripting (XSS) attacks. Software Description: - phpliteadmin: web-based SQLite database admin tool Details: It was discovered that phpLiteAdmin incorrectly handled certain GET requests. An attacker could possibly use this issue to perform cross-site scripting (XSS) attacks. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: phpliteadmin 1.9.8.2-1ubuntu0.20.04.1 Ubuntu 18.04 LTS: phpliteadmin 1.9.7.1-1ubuntu0.3 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5552-1 CVE-2021-46709 Package Information: https://launchpad.net/ubuntu/+source/phpliteadmin/1.9.8.2-1ubuntu0.20.04.1 https://launchpad.net/ubuntu/+source/phpliteadmin/1.9.7.1-1ubuntu0.3 . phpLiteAdmin has a vulnerability that exposes it to cross-site scripting (XSS) threats. Ensure your Ubuntu installation is updated to secure your system.. phpLiteAdmin,XSS Attack,Ubuntu Security,Web Application. . Severity: Critical. LinuxSecurity.com Team
An update that fixes two vulnerabilities is now available. . SUSE Security Update: Security update for python-Django1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0285-1 Rating: important References: #1195086 #1195088 Cross-References: CVE-2022-22818 CVE-2022-23833 CVSS scores: CVE-2022-22818 (SUSE): 5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-23833 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python-Django1 fixes the following issues: - CVE-2022-22818: Fixed possible XSS via {% debug %} template tag (bsc#1195086) - CVE-2022-23833: Fixed denial-of-service possibility in file uploads. (bsc#1195088) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-285=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-285=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): python-Django1-1.11.29-3.37.1 - SUSE OpenStack Cloud 9 (noarch): python-Django1-1.11.29-3.37.1 venv-openstack-barbican-x86_64-7.0.1~dev24-3.30.1 venv-openstack-cinder-x86_64-13.0.10~dev23-3.33.1 venv-openstack-designate-x86_64-7.0.2~dev2-3.30.1 venv-openstack-glance-x86_64-17.0.1~dev30-3.28.1 venv-openstack-heat-x86_64-11.0.4~dev4-3.30.1 venv-openstack-horizon-x86_64-14.1.1~dev11-4.34.2 venv-openstack-ironic-x86_64-11.1.5~dev17-4.28.1 venv-openstack-keystone-x86_64-14.2.1~dev7-3.31.1 venv-openstack-magnum-x86_64-7.2.1~dev1-4.30.1 venv-openstack-manila-x86_64-7.4.2~dev60-3.36.1 venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.30.1 venv-openstack-monasca-x86_64-2.7.1~dev10-3.32.1 venv-openstack-neutron-x86_64-13.0.8~dev164-6.34.1 venv-openstack-nova-x86_64-18.3.1~dev91-3.34.1 venv-openstack-octavia-x86_64-3.2.3~dev7-4.30.1 venv-openstack-sahara-x86_64-9.0.2~dev15-3.30.1 venv-openstack-swift-x86_64-2.19.2~dev48-2.25.1 References: https://www.suse.com/security/cve/CVE-2022-22818.html https://www.suse.com/security/cve/CVE-2022-23833.html https://bugzilla.suse.com/1195086 https://bugzilla.suse.com/1195088 . A critical patch for python-Django1 tackles major security flaws within SUSE OpenStack. Ensure your protection!. Python Django XSS Fix, SUSE OpenStack Security, Denial of Service Update. . Severity: Important. LinuxSecurity.com Team
It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly sanitize HTML messages. This would allow an attacker to perform Cross-Side Scripting (XSS) attacks. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-5037-1
Go applications could be made to perform XSS attacks.. =========================================================================Ubuntu Security Notice USN-4758-1 March 08, 2021 golang-1.10, golang-1.14 vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Go applications could be made to perform XSS attacks. Software Description: - golang-1.14: Go programming language compiler - golang-1.10: Go programming language compiler Details: It was discovered that Go applications incorrectly handled uploaded content. If a user were tricked into visiting a malicious page, a remote attacker could exploit this with a crafted file to conduct cross-site scripting (XSS) attacks. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: golang-1.14 1.14.7-2ubuntu1.1 golang-1.14-go 1.14.7-2ubuntu1.1 Ubuntu 20.04 LTS: golang-1.14 1.14.3-2ubuntu2~20.04.2 golang-1.14-go 1.14.3-2ubuntu2~20.04.2 Ubuntu 18.04 LTS: golang-1.10 1.10.4-2ubuntu1~18.04.2 golang-1.10-go 1.10.4-2ubuntu1~18.04.2 Ubuntu 16.04 LTS: golang-1.10 1.10.4-2ubuntu1~16.04.2 golang-1.10-go 1.10.4-2ubuntu1~16.04.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4758-1 CVE-2020-24553 Package Information: https://launchpad.net/ubuntu/+source/golang-1.14/1.14.7-2ubuntu1.1 https://launchpad.net/ubuntu/+source/golang-1.14/1.14.3-2ubuntu2~20.04.2 https://launchpad.net/ubuntu/+source/golang-1.10/1.10.4-2ubuntu1~18.04.2 https://launchpad.net/ubuntu/+source/golang-1.10/1.10.4-2ubuntu1~16.04.2 .Cross-site scripting vulnerability detected in Go programs, highlighted in Ubuntu Security Alert USN-4758-1 with corresponding patches available.. Ubuntu Security,Golang Update,XSS Threat,Security Notice,Go Packages. . Severity: Critical. LinuxSecurity.com Team
Multiple vulnerabilities have been found in phpMyAdmin, allowing remote attackers to conduct XSS.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202101-35 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: phpMyAdmin: Multiple vulnerabilities Date: January 27, 2021 Bugs: #747805 ID: 202101-35 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in phpMyAdmin, allowing remote attackers to conduct XSS. Background ========= phpMyAdmin is a web-based management tool for MySQL databases. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-db/phpmyadmin < 4.9.6:4.9.6 > = 4.9.6:4.9.6 Description ========== Multiple vulnerabilities have been discovered in phpMyAdmin. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All phpMyAdmin users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-db/phpmyadmin-4.9.6" References ========= [ 1 ] CVE-2020-26934 https://nvd.nist.gov/vuln/detail/CVE-2020-26934 [ 2 ] CVE-2020-26935 https://nvd.nist.gov/vuln/detail/CVE-2020-26935 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202101-35 Concerns? ======== Security is a primary focus of Gentoo Linux andensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Get the latest Linux and open source security news straight to your inbox.