1. Server >
  2. Unix Server

ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese
Anzeige

Unix Server


Suchen

Linux/x86 execve(/usr/bin/ncat -lvp 1337 -e /bin/bash) Shellcode

Unix Server vom 12.12.2018 um 05:56 Uhr | Quelle packetstormsecurity.com
95 bytes small Linux/x86 execve(/usr/bin/ncat -lvp 1337 -e /bin/bash) null-free shellcode.
Newsbewertung

Weiterlesen

CUPS Weak Session Cookie Generation

Unix Server vom 12.12.2018 um 05:46 Uhr | Quelle packetstormsecurity.com
CUPS generates session cookies srandom(time(NULL)) and random() on Linux.
Newsbewertung

Weiterlesen

Linux userfaultfd tmpfs File Permission Bypass

Unix Server vom 12.12.2018 um 05:45 Uhr | Quelle packetstormsecurity.com
Linux userfaultfd bypasses tmpfs file permissions.
Newsbewertung

Weiterlesen

Ubuntu Security Notice USN-3844-1

Unix Server vom 12.12.2018 um 05:41 Uhr | Quelle packetstormsecurity.com
Ubuntu Security Notice 3844-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass same-origin restrictions, or execute arbitrary code. Multiple security issues were discovered in WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to open privileged pages, or bypass other security restrictions. Various other issues were also addressed.
Newsbewertung

Weiterlesen

Dynamic Loader Oriented Programming - Wiederganger Proof Of Concept

Unix Server vom 12.12.2018 um 02:16 Uhr | Quelle packetstormsecurity.com
This paper and proof of concept describes the Wiederganger-Attack, a new attack vector that reliably allows to escalate unbounded array access vulnerabilities occurring in specifically allocated memory regions to full code execution on programs running on i386/x86_64 Linux. Wiederganger-attacks abuse determinism in Linux ASLR implementation combined with the fact that (even with protection mechanisms such as relro and glibc's pointer mangling enabled) there exist easy-to-hijack, writable (function) pointers in application memory.
Newsbewertung

Weiterlesen

Ubuntu Security Notice USN-3843-2

Unix Server vom 12.12.2018 um 00:01 Uhr | Quelle packetstormsecurity.com
Ubuntu Security Notice 3843-2 - USN-3843-1 fixed a vulnerability in pixman. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that pixman incorrectly handled the general_composite_rect function. A remote attacker could use this issue to cause pixman to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
Newsbewertung

Weiterlesen

Ubuntu Security Notice USN-3843-1

Unix Server vom 12.12.2018 um 00:01 Uhr | Quelle packetstormsecurity.com
Ubuntu Security Notice 3843-1 - It was discovered that pixman incorrectly handled the general_composite_rect function. A remote attacker could use this issue to cause pixman to crash, resulting in a denial of service, or possibly execute arbitrary code.
Newsbewertung

Weiterlesen

Ubuntu Security Notice USN-3837-2

Unix Server vom 11.12.2018 um 20:15 Uhr | Quelle packetstormsecurity.com
Ubuntu Security Notice 3837-2 - USN-3837-1 fixed vulnerabilities in poppler. A regression was reported regarding the previous update. This update fixes the problem. It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.
Newsbewertung

Weiterlesen

Debian Security Advisory 4353-1

Unix Server vom 11.12.2018 um 20:15 Uhr | Quelle packetstormsecurity.com
Debian Linux Security Advisory 4353-1 - Multiple security issues were found in PHP, a widely-used open source denial of service/information disclosure when parsing malformed images, the Apache module allowed cross-site-scripting via the body of a insufficient input validation which can result in the execution of arbitrary shell commands in the imap_open() function and denial of service in the imap_mail() function.
Newsbewertung

Weiterlesen

Red Hat Security Advisory 2018-3817-01

Unix Server vom 11.12.2018 um 17:24 Uhr | Quelle packetstormsecurity.com
Red Hat Security Advisory 2018-3817-01 - Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat Fuse 6.3 and Red Hat A-MQ 6.3. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. See the download link given in the references section below. Security fix: Issues addressed include a cross site scripting vulnerability.
Newsbewertung

Weiterlesen

Ubuntu Security Notice USN-3842-1

Unix Server vom 11.12.2018 um 02:42 Uhr | Quelle packetstormsecurity.com
Ubuntu Security Notice 3842-1 - Jann Horn discovered that CUPS incorrectly handled session cookie randomness. A remote attacker could possibly use this issue to perform cross-site request forgery attacks.
Newsbewertung

Weiterlesen

Ubuntu Security Notice USN-3841-2

Unix Server vom 11.12.2018 um 02:42 Uhr | Quelle packetstormsecurity.com
Ubuntu Security Notice 3841-2 - USN-3841-1 fixed a vulnerability in lxml. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that lxml incorrectly handled certain HTML files. An attacker could possibly use this issue to conduct cross-site scripting attacks. Various other issues were also addressed.
Newsbewertung

Weiterlesen

Ubuntu Security Notice USN-3841-1

Unix Server vom 11.12.2018 um 02:42 Uhr | Quelle packetstormsecurity.com
Ubuntu Security Notice 3841-1 - It was discovered that lxml incorrectly handled certain HTML files. An attacker could possibly use this issue to conduct cross-site scripting attacks.
Newsbewertung

Weiterlesen

Red Hat Security Advisory 2018-3806-01

Unix Server vom 11.12.2018 um 02:41 Uhr | Quelle packetstormsecurity.com
Red Hat Security Advisory 2018-3806-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Telco Update Service for Red Hat Enterprise Linux 6.6 will be retired as of December 31, 2018, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.6 TUS after December 31, 2018.
Newsbewertung

Weiterlesen

Red Hat Security Advisory 2018-3805-01

Unix Server vom 11.12.2018 um 02:41 Uhr | Quelle packetstormsecurity.com
Red Hat Security Advisory 2018-3805-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.7 will be retired as of December 31, 2018, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.7 EUS after December 31, 2018.
Newsbewertung

Weiterlesen

Red Hat Security Advisory 2018-3800-01

Unix Server vom 11.12.2018 um 02:39 Uhr | Quelle packetstormsecurity.com
Red Hat Security Advisory 2018-3800-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include improper path handling.
Newsbewertung

Weiterlesen

Red Hat Security Advisory 2018-3804-01

Unix Server vom 11.12.2018 um 02:38 Uhr | Quelle packetstormsecurity.com
Red Hat Security Advisory 2018-3804-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 7.3 will be retired as of November 30, 2018, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 7.3 EUS after November 30, 2018.
Newsbewertung

Weiterlesen

Red Hat Security Advisory 2018-3803-01

Unix Server vom 11.12.2018 um 02:38 Uhr | Quelle packetstormsecurity.com
Red Hat Security Advisory 2018-3803-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 71.0.3578.80. Issues addressed include buffer overflow and out of bounds write vulnerabilities.
Newsbewertung

Weiterlesen

Slackware Security Advisory - php Updates

Unix Server vom 11.12.2018 um 02:37 Uhr | Quelle packetstormsecurity.com
Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
Newsbewertung

Weiterlesen

Debian Security Advisory 4352-1

Unix Server vom 11.12.2018 um 02:37 Uhr | Quelle packetstormsecurity.com
Debian Linux Security Advisory 4352-1 - Several vulnerabilities have been discovered in the chromium web browser.
Newsbewertung

Weiterlesen

DSA-4353 php7.0 - security update

Unix Server vom 10.12.2018 um 01:00 Uhr | Quelle debian.org

Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: The EXIF module was susceptible to denial of service/information disclosure when parsing malformed images, the Apache module allowed cross-site-scripting via the body of a "Transfer-Encoding: chunked" request and the IMAP extension performed insufficient input validation which can result in the execution of arbitrary shell commands in the imap_open() function and denial of service in the imap_mail() function.


Newsbewertung

Weiterlesen

Debian Security Advisory 4351-1

Unix Server vom 08.12.2018 um 13:12 Uhr | Quelle packetstormsecurity.com
Debian Linux Security Advisory 4351-1 - It was discovered that PHPMailer, a library to send email from PHP applications, is prone to a PHP object injection vulnerability, potentially allowing a remote attacker to execute arbitrary code.
Newsbewertung

Weiterlesen

CentOS Blog: Updated CentOS Vagrant Images Available (v1811.01)

Unix Server vom 08.12.2018 um 10:45 Uhr | Quelle blog.centos.org

We are pleased to announce new official Vagrant images of CentOS Linux 6.10 and CentOS Linux 7.6.1810 for x86_64. All included packages have been updated to November 30th, 2018.

Known Issues

  1. The VirtualBox Guest Additions are not preinstalled; if you need them for shared folders, please install the vagrant-vbguest plugin and add the following line to your Vagrantfile:
    config.vm.synced_folder ".", "/vagrant", type: "virtualbox"

    We recommend using NFS instead of VirtualBox shared folders if possible; you can also use the vagrant-sshfs plugin, which, unlike NFS, works on all operating systems.

  2. Since the Guest Additions are missing, our images are preconfigured to use rsync for synced folders. Windows users can either use SMB for synced folders, or disable the sync directory by adding the line
    config.vm.synced_folder ".", "/vagrant", disabled: true

    to their Vagrantfile, to prevent errors on "vagrant up".

  3. Installing open-vm-tools is not enough for enabling shared folders with Vagrant’s VMware provider. Please follow the detailed instructions in https://github.com/mvermaes/centos-vmware-tools
  4. Some people reported "could not resolve host" errors when running the centos/7 image for VirtualBox on Windows hosts. We don't have access to any Windows computer, but some people reported that adding the following line to the Vagrantfile fixed the problem:
    vb.customize ["modifyvm", :id, "--natdnshostresolver1", "off"]

Recommended Setup on the Host

Our automatic testing is running on a CentOS Linux 7 host, using Vagrant 1.9.4 with vagrant-libvirt and VirtualBox 5.1.20 (without the Guest Additions) as providers. We strongly recommend using the libvirt provider when stability is required.

Downloads

The official images can be downloaded from Vagrant Cloud. We provide images for HyperV, libvirt-kvm, VirtualBox and VMware.

If you never used our images before:

vagrant box add centos/6 # for CentOS Linux 6, or...
vagrant box add centos/7 # for CentOS Linux 7

Existing users can upgrade their images:

vagrant box update --box centos/6
vagrant box update --box centos/7

Verifying the integrity of the images

The SHA256 checksums of the images are signed with the CentOS 7 Official Signing Key. First, download and verify the checksum file:

$ curl http://cloud.centos.org/centos/7/vagrant/x86_64/images/sha256sum.txt.asc -o sha256sum.txt.asc
$ gpg --verify sha256sum.txt.asc

Once you are sure that the checksums are properly signed by the CentOS Project, you have to include them in your Vagrantfile (Vagrant unfortunately ignores the checksum provided from the command line). Here's the relevant snippet from my own Vagrantfile, using v1803.01 and VirtualBox:

Vagrant.configure(2) do |config|
  config.vm.box = "centos/7"

  config.vm.provider :virtualbox do |virtualbox, override|
    virtualbox.memory = 1024
    override.vm.box_download_checksum_type = "sha256"
    override.vm.box_download_checksum = "b24c912b136d2aa9b7b94fc2689b2001c8d04280cf25983123e45b6a52693fb3"
    override.vm.box_url = "https://cloud.centos.org/centos/7/vagrant/x86_64/images/CentOS-7-x86_64-Vagrant-1803_01.VirtualBox.box"
  end
end

Feedback

If you encounter any unexpected issues with the Vagrant images, feel free to ask on the centos-devel mailing list, or in #centos on Freenode IRC.

Ackowledgements

I would like to warmly thank Brian Stinson, Fabian Arrotin and Thomas Oulevey for their work on the build infrastructure, as well as Patrick Lang from Microsoft for testing and feedback on the Hyper-V images. I would also like to thank the CentOS Project Lead, Karanbir Singh, without whose years of continuous support we wouldn't have had the Vagrant images in their present form.

I would also like to thank the following people (in alphabetical order):

  • Graham Mainwaring, for helping with tests and validations;
  • Michael Vermaes, for testing our official images, as well as for writing the detailed guide to using them with VMware Fusion Pro and VMware Workstation Pro;
  • Kirill Kalachev, for reporting and debugging the host name errors with VirtualBox on Windows hosts.

Newsbewertung

Weiterlesen

CentOS Blog: CentOS Atomic Host 7.1811 Available for Download

Unix Server vom 07.12.2018 um 21:57 Uhr | Quelle blog.centos.org

The CentOS Atomic SIG has released an updated version of CentOS Atomic Host (7.1811), an operating system designed to run Linux containers, built from standard CentOS 7 RPMs, and tracking the component versions included in Red Hat Enterprise Linux Atomic Host.

CentOS Atomic Host includes these core component versions:

  • atomic-1.22.1-26.gitb507039.el7.centos.x86_64
  • cloud-init-18.2-1.el7.centos.1.x86_64
  • podman-0.11.1.1-3.git594495d.el7.centos.x86_64
  • docker-1.13.1-84.git07f3374.el7.centos.x86_64
  • etcd-3.2.22-1.el7.x86_64
  • flannel-0.7.1-4.el7.x86_64
  • kernel-3.10.0-957.1.3.el7.x86_64
  • ostree-2018.5-1.el7.x86_64
  • rpm-ostree-client-2018.5-2.atomic.el7.x86_64

Download CentOS Atomic Host

CentOS Atomic Host is available as a VirtualBox or libvirt-formatted Vagrant box, or as an installable ISO, qcow2 or Amazon Machine image. For links to media, see the CentOS wiki.

Upgrading

If you’re running a previous version of CentOS Atomic Host, you can upgrade to the current image by running the following command:

# atomic host upgrade

Release Cycle

The CentOS Atomic Host image follows the upstream Red Hat Enterprise Linux Atomic Host cadence. After sources are released, they’re rebuilt and included in new images. After the images are tested by the SIG and deemed ready, we announce them.

Getting Involved

CentOS Atomic Host is produced by the CentOS Atomic SIG, based on upstream work from Project Atomic. If you’d like to work on testing images, help with packaging, documentation – join us!

You’ll often find us in #atomic and/or #centos-devel if you have questions. You can also join the atomic-devel mailing list if you’d like to discuss the direction of Project Atomic, its components, or have other questions.

Getting Help

If you run into any problems with the images or components, feel free to ask on the centos-devel mailing list.

Have questions about using Atomic? See the atomic mailing list or find us in the #atomic channel on Freenode.


Newsbewertung

Weiterlesen

Debian Security Advisory 4350-1

Unix Server vom 07.12.2018 um 20:15 Uhr | Quelle packetstormsecurity.com
Debian Linux Security Advisory 4350-1 - It was discovered that incorrect processing of very high UIDs in Policykit, a framework for managing administrative policies and privileges, could result in authentication bypass.
Newsbewertung

Weiterlesen

Debian Security Advisory 4350-1

Unix Server vom 07.12.2018 um 20:15 Uhr | Quelle packetstormsecurity.com
Debian Linux Security Advisory 4350-1 - It was discovered that incorrect processing of very high UIDs in Policykit, a framework for managing administrative policies and privileges, could result in authentication bypass.
Newsbewertung

Weiterlesen

Gentoo Linux Security Advisory 201812-05

Unix Server vom 07.12.2018 um 02:03 Uhr | Quelle packetstormsecurity.com
Gentoo Linux Security Advisory 201812-5 - A vulnerability in EDE could result in privilege escalation. Versions less than 1.07 are affected.
Newsbewertung

Weiterlesen

Ubuntu Security Notice USN-3840-1

Unix Server vom 07.12.2018 um 02:03 Uhr | Quelle packetstormsecurity.com
Ubuntu Security Notice 3840-1 - Samuel Weiser discovered that OpenSSL incorrectly handled DSA signing. An attacker could possibly use this issue to perform a timing side-channel attack and recover private DSA keys. Samuel Weiser discovered that OpenSSL incorrectly handled ECDSA signing. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. Various other issues were also addressed.
Newsbewertung

Weiterlesen

Ubuntu Security Notice USN-3831-2

Unix Server vom 07.12.2018 um 02:03 Uhr | Quelle packetstormsecurity.com
Ubuntu Security Notice 3831-2 - USN-3831-1 fixed vulnerabilities in Ghostscript. Ghostscript 9.26 introduced a regression when used with certain options. This update fixes the problem. It was discovered that Ghostscript contained multiple security issues. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service. Various other issues were also addressed.
Newsbewertung

Weiterlesen

DSA-4351 libphp-phpmailer - security update

Unix Server vom 07.12.2018 um 01:00 Uhr | Quelle debian.org

It was discovered that PHPMailer, a library to send email from PHP applications, is prone to a PHP object injection vulnerability, potentially allowing a remote attacker to execute arbitrary code.


Newsbewertung

Weiterlesen

DSA-4352 chromium-browser - security update

Unix Server vom 07.12.2018 um 01:00 Uhr | Quelle debian.org

Several vulnerabilities have been discovered in the chromium web browser.


Newsbewertung

Weiterlesen

DSA-4352 chromium-browser - security update

Unix Server vom 07.12.2018 um 01:00 Uhr | Quelle debian.org

Several vulnerabilities have been discovered in the chromium web browser.


Newsbewertung

Weiterlesen

Ubuntu Security Notice USN-3839-1

Unix Server vom 06.12.2018 um 19:59 Uhr | Quelle packetstormsecurity.com
Ubuntu Security Notice 3839-1 - It was discovered that WavPack incorrectly handled certain WAV files. An attacker could possibly use this issue to cause a denial of service.
Newsbewertung

Weiterlesen

Red Hat Security Advisory 2018-3795-01

Unix Server vom 06.12.2018 um 19:58 Uhr | Quelle packetstormsecurity.com
Red Hat Security Advisory 2018-3795-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 32.0.0.101. Issues addressed include a code execution vulnerability.
Newsbewertung

Weiterlesen

Slackware Security Advisory - gnutls Updates

Unix Server vom 06.12.2018 um 19:58 Uhr | Quelle packetstormsecurity.com
Slackware Security Advisory - New gnutls packages are available for Slackware 14.2 and -current to fix security issues.
Newsbewertung

Weiterlesen

Seitennavigation

Seite 1 von 77 Seiten (Bei Beitrag 1 - 35)
2.694x Beiträge in dieser Kategorie

Nächste 2 Seite | Letzte Seite
[ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ]