similar to: CVE-2019-6470 - dhcpd6 bug in CentOS 8 not being fixed?

Hi-- Are folks familiar with: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0997 http://www.isc.org/software/dhcp/advisories/cve-2011-0997 http://nakedsecurity.sophos.com/2011/04/07/flaw-in-iscs-dhclient-could-allow-remote-code-execution/ Checking http://www.freebsd.org/cgi/cvsweb.cgi/src/sbin/dhclient/dhclient.c, I don't see signs that it may have been updated. But, I also

Sidharth Sharma: > > When we can expect Security Update for Bind Vulnerability on Centos 6.8/7.2? > ISC BIND Lightweight Resolver Protocol Req Processing Dos Vulnerability: >CVE-2016-2775 See: https://access.redhat.com/security/cve/cve-2016-2775 James Pearson

Hello Experts, When we can expect Security Update for Bind Vulnerability on Centos 6.8/7.2? ISC BIND Lightweight Resolver Protocol Req Processing Dos Vulnerability: CVE-2016-2775 -- With Thanks & Regards: Sidharth Sharma

On 4/3/19 1:53 PM, Leon Fauster via CentOS wrote: > It seems that httpd24-httpd from SCL is affected by CVE-2019-0211 [1]. > > Does the SIG has plans to update these rpms for EL6? > > [1] https://httpd.apache.org/security/vulnerabilities_24.html > https://access.redhat.com/security/cve/cve-2019-0211 That says SCLs are affected .. BUT .. they do not yet have a plan. The

> Am 08.04.2019 um 17:49 schrieb Johnny Hughes <johnny at centos.org>: > > On 4/3/19 1:53 PM, Leon Fauster via CentOS wrote: >> It seems that httpd24-httpd from SCL is affected by CVE-2019-0211 [1]. >> >> Does the SIG has plans to update these rpms for EL6? >> >> [1] https://httpd.apache.org/security/vulnerabilities_24.html >> > >

Dear subscribers, we're sharing our latest advisory with you and would like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs (open-xchange, dovecot, powerdns) at HackerOne. Please find patches for v2.2.36 and v2.3.4 attached, or download new version from https://dovecot.org Yours sincerely, Aki Tuomi Open-Xchange Oy

Hi folks, On April 11th 2019 RedHat has responded to httpd: privilege escalation from modules scripts (CVE-2019-0211) mod_auth_mellon: authentication bypass in ECP flow (CVE-2019-3878) building a patched Apache http24 version for Software Collections - https://access.redhat.com/errata/RHSA-2019:0746 When can we expect this will be done for the SCL CentOS 7? Regards, Vesselin

Open-Xchange Security Advisory 2019-04-30 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-3212 (Bug ID) Vulnerability type: CWE-476 Vulnerable version: 2.3.0 - 2.3.5.2 Vulnerable component: submission-login Report confidence: Confirmed Researcher credits: Marcelo Coelho Solution status: Fixed by Vendor Fixed version: 2.3.6 Vendor notificatio: 2019-03-11 Solution date: 2019-04-23

Open-Xchange Security Advisory 2019-04-30 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-3223 (Bug ID) Vulnerability type: CWE-617 Vulnerable version: 2.3.0 - 2.3.5.2 Vulnerable component: submission-login Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.6 Vendor notification: 2019-03-11 Solution date: 2019-04-23 Public disclosure: 2019-04-30 CVE

Dear subscribers, we have been made aware of critical vulnerability in Dovecot and Pigeonhole. --- Open-Xchange Security Advisory 2019-08-14 ? Product: Dovecot Vendor: OX Software GmbH ? Internal reference: DOV-3278 Vulnerability type: Improper input validation (CWE-20) Vulnerable version: All versions prior to 2.3.7.2 and 2.2.36.4 Vulnerable component: IMAP and ManageSieve protocol parsers

Open-Xchange Security Advisory 2019-04-30 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-3212 (Bug ID) Vulnerability type: CWE-476 Vulnerable version: 2.3.0 - 2.3.5.2 Vulnerable component: submission-login Report confidence: Confirmed Researcher credits: Marcelo Coelho Solution status: Fixed by Vendor Fixed version: 2.3.6 Vendor notificatio: 2019-03-11 Solution date: 2019-04-23

Open-Xchange Security Advisory 2019-04-30 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-3223 (Bug ID) Vulnerability type: CWE-617 Vulnerable version: 2.3.0 - 2.3.5.2 Vulnerable component: submission-login Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.6 Vendor notification: 2019-03-11 Solution date: 2019-04-23 Public disclosure: 2019-04-30 CVE

Open-Xchange Security Advisory 2019-12-13 ? Product: Dovecot IMAP/POP3 Server Vendor: OX Software GmbH ? Internal reference: DOV-3719 Vulnerability type: NULL Pointer Dereference (CWE-476) Vulnerable version: 2.3.9 Vulnerable component: push notification driver Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.9.1 Researcher credits: Frederik Schwan, Michael

Open-Xchange Security Advisory 2019-12-13 ? Product: Dovecot IMAP/POP3 Server Vendor: OX Software GmbH ? Internal reference: DOV-3719 Vulnerability type: NULL Pointer Dereference (CWE-476) Vulnerable version: 2.3.9 Vulnerable component: push notification driver Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.9.1 Researcher credits: Frederik Schwan, Michael

Dear subscribers, we're sharing our latest advisory with you and would like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs (open-xchange, dovecot, powerdns) at HackerOne. You can find binary packages at https://repo.dovecot.org/ Yours sincerely, Aki Tuomi Open-Xchange Oy Open-Xchange Security Advisory 2019-04-18

Dear subscribers, we're sharing our latest advisory with you and would like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs (open-xchange, dovecot, powerdns) at HackerOne. You can find binary packages at https://repo.dovecot.org/ Yours sincerely, Aki Tuomi Open-Xchange Oy Open-Xchange Security Advisory 2019-04-18

Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-2964 (Bug ID) Vulnerability type: CWE-120 Vulnerable version: 2.0.14 - 2.3.5 Vulnerable component: fts, pop3-uidl-plugin Report confidence: Confirmed Researcher credits: Found in internal testing Solution status: Fixed by Vendor Fixed version: 2.3.5.1, 2.2.36.3 Vendor notification: 2019-02-05 Solution date: 2019-03-21 Public

Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-2964 (Bug ID) Vulnerability type: CWE-120 Vulnerable version: 2.0.14 - 2.3.5 Vulnerable component: fts, pop3-uidl-plugin Report confidence: Confirmed Researcher credits: Found in internal testing Solution status: Fixed by Vendor Fixed version: 2.3.5.1, 2.2.36.3 Vendor notification: 2019-02-05 Solution date: 2019-03-21 Public

Processing commands for control at bugs.debian.org: > retitle 770230 xen: CVE-2014-5146 CVE-2014-5149 CVE-2014-8594 CVE-2014-8595 CVE-2014-9030 Bug #770230 [src:xen] CVE-2014-5146 CVE-2014-5149 CVE-2014-8594 CVE-2014-8595 Changed Bug title to 'xen: CVE-2014-5146 CVE-2014-5149 CVE-2014-8594 CVE-2014-8595 CVE-2014-9030' from 'CVE-2014-5146 CVE-2014-5149 CVE-2014-8594

Source: xen Version: 4.17.0+46-gaaf74a532c-1 Severity: grave Tags: security upstream X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org> Hi, The following vulnerabilities were published for xen. CVE-2022-42331[0]: | x86: speculative vulnerability in 32bit SYSCALL path Due to an | oversight in the very original Spectre/Meltdown security work | (XSA-254),