Linux security Advisories

6 óra 30 perc

Debian: DSA-4416-1: wireshark security update

It was discovered that Wireshark, a network traffic analyzer, contained several vulnerabilities in the dissectors for 6LoWPAN, P_MUL, RTSE, ISAKMP, TCAP, ASN.1 BER and RPCAP, which could result in denial of service.
8 óra 29 perc

Debian: DSA-4415-1: passenger security update

An arbitrary file read vulnerability was discovered in passenger, a web application server. A local user allowed to deploy an application to passenger, can take advantage of this flaw by creating a symlink from the REVISION file to an arbitrary file on the system and have its
9 óra 57 perc

ArchLinux: 201903-14: firefox: arbitrary code execution

The package firefox before version 66.0.1-1 is vulnerable to arbitrary code execution.
2019. március 23.

Debian: DSA-4414-1: libapache2-mod-auth-mellon security update

Several issues have been discovered in Apache module auth_mellon, which provides SAML 2.0 authentication. CVE-2019-3877
2019. március 23.

Fedora 29: php-twig2 Security Update

**Version 2.7.2** (2019-03-12) * added TemplateWrapper::getTemplateName() ---- **Version 2.7.1** (2019-03-12) * fixed class aliases ---- **Version 2.7.0** (2019-03-12) * fixed sandbox security issue (under some circumstances, calling the __toString() method on an object was possible even if not allowed by the security policy) * fixed batch filter clobbers array keys when fill
2019. március 23.

Fedora 29: php-twig Security Update

**Version 1.38.2** (2019-03-12) * added TemplateWrapper::getTemplateName() ---- **Version 1.38.1** (2019-03-12) * fixed class aliases ---- **Version 1.38.0** (2019-03-12) * fixed sandbox security issue (under some circumstances, calling the __toString() method on an object was possible even if not allowed by the security policy) * fixed batch filter clobbers array
2019. március 23.

Fedora 29: filezilla Security Update

Backport a security fix from PuTTY 0.71 affecting SFTP connections: Fix an integer overflow in the RSA key exchange preceeding host key verification
2019. március 23.

Fedora 29: libssh2 Security Update

This update addresses various overflow conditions that could result in possible memory read/write out of bounds errors or zero byte allocations when connected to a malicious server.
2019. március 23.

Fedora 29: tcpreplay Security Update

Patch CVE-2019-8376, CVE-2019-8377 and CVE-2019-8381.
2019. március 23.

Fedora 28: tcpreplay Security Update

Patch CVE-2019-8376, CVE-2019-8377 and CVE-2019-8381.
2019. március 23.

Fedora 28: php-twig2 Security Update

**Version 2.7.2** (2019-03-12) * added TemplateWrapper::getTemplateName() ---- **Version 2.7.1** (2019-03-12) * fixed class aliases ---- **Version 2.7.0** (2019-03-12) * fixed sandbox security issue (under some circumstances, calling the __toString() method on an object was possible even if not allowed by the security policy) * fixed batch filter clobbers array keys when fill
2019. március 23.

Fedora 28: php-twig Security Update

**Version 1.38.2** (2019-03-12) * added TemplateWrapper::getTemplateName() ---- **Version 1.38.1** (2019-03-12) * fixed class aliases ---- **Version 1.38.0** (2019-03-12) * fixed sandbox security issue (under some circumstances, calling the __toString() method on an object was possible even if not allowed by the security policy) * fixed batch filter clobbers array
2019. március 23.

ArchLinux: 201903-12: libssh2: multiple issues

The package libssh2 before version 1.8.1-1 is vulnerable to multiple issues including arbitrary code execution and information disclosure.
2019. március 23.

ArchLinux: 201903-13: powerdns: insufficient validation

The package powerdns before version 4.1.7-1 is vulnerable to insufficient validation.
2019. március 23.

ArchLinux: 201903-11: firefox: multiple issues

The package firefox before version 66.0-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure, same-origin policy bypass, access restriction bypass, content spoofing and denial of service.
2019. március 22.

Slackware: 2019-081-01: mozilla-firefox Security Update

New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.
2019. március 22.

SUSE: 2019:0716-1 moderate: openstack-cinder, openstack-horizon-plugin-designate-ui, openstack-neutron, openstack-neutron-lbaas

An update that solves one vulnerability and has four fixes is now available.
2019. március 22.

SUSE: 2019:0719-1 important: ghostscript

An update that fixes one vulnerability is now available.
2019. március 22.

SUSE: 2019:0711-1 moderate: libjpeg-turbo

An update that fixes three vulnerabilities is now available.
2019. március 22.

SUSE: 2019:0709-1 important: the Linux Kernel (Live Patch 26 for SLE 12 SP2)

An update that fixes three vulnerabilities is now available.