search for: cve

Hi Team, I have a centos 7 running server with openssl version openssl-1.0.1e-51.el7_2.4.x86_64, I have received a set of vulnerability from security team, can anyone tell me as per below CVE do I need to update my openssl version to 1.0.1t? Or the current version which we have is safe. CVE-2016-0701, CVE-2015-3197 CVE-2015-4000 CVE-2015-0204 CVE-2015-0286, CVE-2015-0287, CVE-2015-0289, CVE-2015-0293, CVE-2015-0209, CVE-2015-0288 CVE-2015-0292, CVE-2014-8176 Thanks Aswathi _____...

Processing commands for control at bugs.debian.org: > retitle 770230 xen: CVE-2014-5146 CVE-2014-5149 CVE-2014-8594 CVE-2014-8595 CVE-2014-9030 Bug #770230 [src:xen] CVE-2014-5146 CVE-2014-5149 CVE-2014-8594 CVE-2014-8595 Changed Bug title to 'xen: CVE-2014-5146 CVE-2014-5149 CVE-2014-8594 CVE-2014-8595 CVE-2014-9030' from 'CVE-2014-5146 CVE-2014-5149 CVE-2014-85...

Release Announcements --------------------- These are security releases in order to address the following defects: o CVE-2016-2124: SMB1 client connections can be downgraded to plaintext authentication. https://www.samba.org/samba/security/CVE-2016-2124.html o CVE-2020-25717: A user on the domain can become root on domain members. https://www.samba.org/samba/sec...

Release Announcements --------------------- These are security releases in order to address the following defects: o CVE-2016-2124: SMB1 client connections can be downgraded to plaintext authentication. https://www.samba.org/samba/security/CVE-2016-2124.html o CVE-2020-25717: A user on the domain can become root on domain members. https://www.samba.org/samba/sec...

Source: xen Severity: grave Tags: security Hi, the following security issues apply to Xen in jessie: CVE-2014-5146,CVE-2014-5149: https://marc.info/?l=oss-security&m=140784877111813&w=2 CVE-2014-8594: https://marc.info/?l=oss-security&m=141631359901060&w=2 CVE-2014-8595: https://marc.info/?l=oss-security&m=141631352601020&w=2 Cheers, Moritz

Source: xen Version: 4.17.0+46-gaaf74a532c-1 Severity: grave Tags: security upstream X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org> Hi, The following vulnerabilities were published for xen. CVE-2022-42331[0]: | x86: speculative vulnerability in 32bit SYSCALL path Due to an | oversight in the very original Spectre/Meltdown security work | (XSA-254), one entrypath performs its speculation-safety actions too | late. In some configurations, there is an unprotected RET instruction | which can...

On Wed, Nov 19, 2014 at 11:45:02PM +0100, Moritz Muehlenhoff wrote: > Source: xen > Severity: grave > Tags: security > > Hi, > the following security issues apply to Xen in jessie: > > CVE-2014-5146,CVE-2014-5149: > https://marc.info/?l=oss-security&m=140784877111813&w=2 > > CVE-2014-8594: > https://marc.info/?l=oss-security&m=141631359901060&w=2 > > CVE-2014-8595: > https://marc.info/?l=oss-security&m=141631352601020&w=2 And CVE-2014-9...

...ntOS-5 based workloads to CentOS-6 and that every user stop using CentOS-5 as soon as possible. Here is a list of updates that are not done on RHEL-5 and are not planned to be done at this time by Red Hat for RHEL-5 (and therefore CentOS-5): > ruby Moderate https://access.redhat.com/security/cve/CVE-2014-8080 > python Low https://access.redhat.com/security/cve/CVE-2014-7185 > libgcrypt Moderate https://access.redhat.com/security/cve/CVE-2014-5270 > wget Moderate https://access.redhat.com/security/cve/CVE-2014-4877 > perl-Data-Dumper Low https://access.redhat.com/secu...

On 03/12/2016 12:08, Jeremiah C. Foster wrote: > On Fri, 2016-12-02 at 10:48 +0200, Aki Tuomi wrote: > On 02.12.2016 10:45, Jonas Wielicki wrote: On Freitag, 2. Dezember 2016 09:00:58 CET Aki Tuomi wrote: We are sorry to report that we have a bug in dovecot, which > merits a > CVE. See details below. If you haven't configured any > auth_policy_* > settings you are ok. This is fixed with > https://git.dovecot.net/dovecot/core/commit/c3d3faa4f72a676e183f3 > 4be960cff13 > a5a725ae and > https://git.dovecot.net/dovecot/core/commit/99abb1302ae693ccdfe0d >...

...pdate to fix it? > > ________________________________________ > De: centos-bounces at centos.org [centos-bounces at centos.org] em nome de Alice Wonder [alice at domblogger.net] > Enviado: quinta-feira, 10 de mar?o de 2016 15:31 > Para: centos at centos.org > Assunto: Re: [CentOS] CVE-2016-1285 & CVE-2016-1286 > > On 03/10/2016 07:13 AM, Michael H wrote: >> On 10/03/16 14:47, Leonardo Oliveira Ortiz wrote: >>> Hello. >>> >>> I think Centos are affected, right? >>> >>> Some update from Centos? >>> _____________...

Release Announcements --------------------- This are security releases in order to address the following defects: o CVE-2022-2127:? When winbind is used for NTLM authentication, a maliciously ????????????????? crafted request can trigger an out-of-bounds read in winbind ????????????????? and possibly crash it. https://www.samba.org/samba/security/CVE-2022-2127.html o CVE-2023-3347:? SMB2 packet signing is not e...

Release Announcements --------------------- This are security releases in order to address the following defects: o CVE-2022-2127:? When winbind is used for NTLM authentication, a maliciously ????????????????? crafted request can trigger an out-of-bounds read in winbind ????????????????? and possibly crash it. https://www.samba.org/samba/security/CVE-2022-2127.html o CVE-2023-3347:? SMB2 packet signing is not e...

On 02.12.2016 10:45, Jonas Wielicki wrote: > On Freitag, 2. Dezember 2016 09:00:58 CET Aki Tuomi wrote: >> We are sorry to report that we have a bug in dovecot, which merits a >> CVE. See details below. If you haven't configured any auth_policy_* >> settings you are ok. This is fixed with >> https://git.dovecot.net/dovecot/core/commit/c3d3faa4f72a676e183f34be960cff13 >> a5a725ae and >> https://git.dovecot.net/dovecot/core/commit/99abb1302ae693ccdfe0d...

...> >> Some update from Centos? >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> https://lists.centos.org/mailman/listinfo/centos >> > > Sure looks that way... > > https://access.redhat.com/security/cve/cve-2016-1285 > https://access.redhat.com/security/cve/cve-2016-1286 > > I don't think NSD is impacted, which is what I use for authoritative nameserver. There's an EPEL package. NSD is authoritative only, which is why I use it. No clue about unbound.

...e time-frame when security updates might be published for these applications in CentOS 5? wireshark postgresql krb5 java-1.6.0-openjdk java-1.6.0-sun The following security updates have been published upstream (after release of RHEL 5.6) to remedy the vulnerabilities described in their associated CVE reports. Remotely Exploitable: (R) RHSA-2011:0013: Moderate: wireshark security update 1/10/11 [CVE-2010-4538] (R) RHSA-2011:0197: Moderate: postgresql security update 2/3/11 [CVE-2010-4015] (R) RHSA-2011:0199: Important: krb5 security update 2/8/11 [CVE-2011-0281] (R) [CVE-2011-0282] (R) RHSA...

Source: xen Severity: important Tags: security These Xen vulnerabilities are unfixed in unstable: CVE-2015-4164: http://xenbits.xen.org/xsa/advisory-136.html CVE-2015-4163: http://xenbits.xen.org/xsa/advisory-134.html CVE-2015-3340: http://xenbits.xen.org/xsa/advisory-132.html CVE-2015-3259: http://xenbits.xen.org/xsa/advisory-137.html Cheers, Moritz

...On Fri, 2016-12-02 at 10:48 +0200, Aki Tuomi wrote: > > > On 02.12.2016 10:45, Jonas Wielicki wrote: On Freitag, 2. Dezember > > > 2016 09:00:58 CET Aki Tuomi wrote: We are sorry to report that we > > > have a bug in dovecot, which > > > merits a > > > CVE. See details below. If you haven't configured any > > > auth_policy_* > > > settings you are ok. This is fixed with > > > https://git.dovecot.net/dovecot/core/commit/c3d3faa4f72a676e183f3 > > > 4be960cff13 > > > a5a725ae and > > > https://gi...

Hi Team, Workaround for CVE-2017-12151 :- client max protocol = NT1 and CVE-2017-12163 :- server min protocol = SMB2_02 are contradicting to each other. CVE-2017-12151 impacts on SMB3 protocol but workaound suggst to use NT1. I have below queries regarding this. Is SMB2 protocol also impacted by CVE-2017-12151 ? Can i use...

Release Announcements --------------------- This are security releases in order to address the following defects: o CVE-2022-37966: This is the Samba CVE for the Windows Kerberos ????????????????? RC4-HMAC Elevation of Privilege Vulnerability ????????????????? disclosed by Microsoft on Nov 8 2022. ????????????????? A Samba Active Directory DC will issue weak rc4-hmac ????????????????? session keys for use betwe...

Release Announcements --------------------- This are security releases in order to address the following defects: o CVE-2022-37966: This is the Samba CVE for the Windows Kerberos ????????????????? RC4-HMAC Elevation of Privilege Vulnerability ????????????????? disclosed by Microsoft on Nov 8 2022. ????????????????? A Samba Active Directory DC will issue weak rc4-hmac ????????????????? session keys for use betwe...