[go: up one dir, main page]
|
|
Subscribe / Log in / New account

Search results

Query:
Filters:
Content typeCategories
 LWN Feature article
 Guest article
 News item
 Email item
 Security alert
 Security vulnerability
 Kernel patch
 Comment		  Announcements
 Briefs
 Commerce
 Development
 Distributions
 Front
 Kernel
 Legal
 Letters
 Press
 Security
Order by: relevance date

Search results

Oracle security update to curl
([Security] Posted Nov 13, 2020 14:04 UTC (Fri) by jake )

CVE-2019-5482][Orabug: 
30568724]
- Security Fixes [OraBug: 28939992]
- CVE-2016-8615 cookie injection for other servers 
( https://curl.haxx.se/docs/CVE-2016-8615.html )
- CVE-2016-8616 case insensitive password comparison 
( https://curl.haxx.se/docs/CVE-2016-8616.html )
- CVE-2016-8617 OOB write via unchecked multiplication 
( https://curl.haxx.se/docs/CVE-2016-8617.html )
- CVE-2016-8618 double-free in curl_maprintf 
( https://curl.haxx.se/docs/CVE-2016-8618.html )
- CVE-2016-8619 double-free in krb5 code 
( https://curl.haxx.se/docs/CVE-2016-8619.html )
- CVE-2016-8621 curl_getdate read out of bounds 
( https://curl.haxx.se/docs/CVE-2016-8621.html )
- CVE-2016-8622 URL unescape heap overflow via integer truncation 
( https://curl.haxx.se/docs/CVE-2016-8622.html )
- CVE-2016-8623 Use-after-free via shared cookies 
( https://curl.haxx.se/docs/CVE-2016-8623.html )
- CVE-2016-8624 invalid URL parsing with # 
( https://curl.haxx.se/docs/CVE-2016-8624.html )
- Drop 1001-tftp-Alloc-maximum-blksize-and-use-default-unless-OA.patch

[7.29.0-59.el7_9.1]
- avoid overwriting a local file with -J (CVE-2020

Oracle security update to curl
([Security] Posted Nov 12, 2020 14:18 UTC (Thu) by jake )

CVE-2019-5482][Orabug: 
30568724]
- Security Fixes [OraBug: 28939992]
- CVE-2016-8615 cookie injection for other servers 
( https://curl.haxx.se/docs/CVE-2016-8615.html )
- CVE-2016-8616 case insensitive password comparison 
( https://curl.haxx.se/docs/CVE-2016-8616.html )
- CVE-2016-8617 OOB write via unchecked multiplication 
( https://curl.haxx.se/docs/CVE-2016-8617.html )
- CVE-2016-8618 double-free in curl_maprintf 
( https://curl.haxx.se/docs/CVE-2016-8618.html )
- CVE-2016-8619 double-free in krb5 code 
( https://curl.haxx.se/docs/CVE-2016-8619.html )
- CVE-2016-8621 curl_getdate read out of bounds 
( https://curl.haxx.se/docs/CVE-2016-8621.html )
- CVE-2016-8622 URL unescape heap overflow via integer truncation 
( https://curl.haxx.se/docs/CVE-2016-8622.html )
- CVE-2016-8623 Use-after-free via shared cookies 
( https://curl.haxx.se/docs/CVE-2016-8623.html )
- CVE-2016-8624 invalid URL parsing with # 
( https://curl.haxx.se/docs/CVE-2016-8624.html )
- Drop 1001-tftp-Alloc-maximum-blksize-and-use-default-unless-OA.patch

[7.29.0-59.el7_9.1]
- avoid overwriting a local file with -J (CVE-2020

Red Hat security update to bind
([Security] Posted Nov 4, 2020 15:39 UTC (Wed) by ris )

-2020:4500-01
Product:           Red Hat Enterprise Linux
Advisory URL:       https://access.redhat.com/errata/RHSA-2020:4500 
Issue date:        2020-11-03
CVE Names:         CVE-2020-8619 CVE-2020-8622 CVE-2020-8623 
                   CVE-2020-8624 
=====================================================================

1. Summary:

An update for bind is now available for Red Hat Enterprise Linux 8.

Red Hat Product

openSUSE security update to bind
([Security] Posted Oct 20, 2020 14:54 UTC (Tue) by ris )

CVE-2017-3136 CVE-2018-5741 CVE-2019-6477
                    CVE-2020-8616 CVE-2020-8617 CVE-2020-8618
                    CVE-2020-8619 CVE-2020-8620 CVE-2020-8621
                    CVE-2020-8622 CVE-2020-8623 CVE-2020-8624
                   
Affected Products:
                    openSUSE Leap 15.1
______________________________________________________________________________

   An update that solves 12 vulnerabilities and has 8 fixes

openSUSE security update to bind
([Security] Posted Oct 20, 2020 14:54 UTC (Tue) by ris )

CVE-2017-3136 CVE-2018-5741 CVE-2019-6477
                    CVE-2020-8616 CVE-2020-8617 CVE-2020-8618
                    CVE-2020-8619 CVE-2020-8620 CVE-2020-8621
                    CVE-2020-8622 CVE-2020-8623 CVE-2020-8624
                   
Affected Products:
                    openSUSE Leap 15.2
______________________________________________________________________________

   An update that solves 12 vulnerabilities and has 8 fixes

SUSE security update to bind
([Security] Posted Oct 14, 2020 14:55 UTC (Wed) by ris )

CVE-2017-3136 CVE-2018-5741 CVE-2019-6477
                    CVE-2020-8616 CVE-2020-8617 CVE-2020-8618
                    CVE-2020-8619 CVE-2020-8620 CVE-2020-8621
                    CVE-2020-8622 CVE-2020-8623 CVE-2020-8624
                   
Affected Products:
                    SUSE Linux Enterprise Server for SAP 15
                    SUSE Linux Enterprise Server 15-LTSS

Red Hat security update to webkitgtk4
([Security] Posted Sep 30, 2020 15:03 UTC (Wed) by ris )

CVE-2019-8601 
                   CVE-2019-8607 CVE-2019-8608 CVE-2019-8609 
                   CVE-2019-8610 CVE-2019-8611 CVE-2019-8615 
                   CVE-2019-8619 CVE-2019-8622 CVE-2019-8623 
                   CVE-2019-8625 CVE-2019-8644 CVE-2019-8649 
                   CVE-2019-8658 CVE-2019-8666 CVE-2019-8669 
                   CVE-2019-8671 CVE-2019-8672 CVE-2019-8673 
                   CVE-2019-8674 CVE-2019-8676 CVE-2019-8677 
                   CVE-2019-8678 CVE-2019-8679 CVE-2019-8680 
                   CVE-2019-8681 CVE-2019-8683 CVE-2019-8684 
                   CVE-2019-8686 CVE-2019-8687 CVE-2019-8688 
                   CVE-2019-8689 CVE-2019-8690 CVE-2019-8707 
                   CVE-2019-8710 CVE-2019-8719 CVE-2019-8720 
                   CVE-2019-8726 CVE-2019-8733 CVE-2019-8735 
                   CVE-2019-8743 CVE-2019-8763 CVE-2019-8764 
                   CVE-2019-8765 CVE-2019-8766 CVE-2019-8768 
                   CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 
                   CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 
                   CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 
                   CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 
                   CVE-2019-8820 CVE-2019-8821 CVE-2019-8822 
                   CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 
                   CVE-2019-8846 CVE-2019-11070 CVE-2020

Debian security update to bind9
([Security] Posted Aug 28, 2020 18:04 UTC (Fri) by jake )

CVE ID         : CVE-2020-8619 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624
Debian Bug     : 966497

Several vulnerabilities were discovered in BIND, a DNS server
implementation.

CVE-2020-8619

    It was discovered that an asterisk character in an empty non-
    terminal can cause an assertion failure, resulting in denial

Arch Linux security update to bind
([Security] Posted Jul 1, 2020 14:58 UTC (Wed) by ris )

CVE-ID  : CVE-2020-8618 CVE-2020-8619
Package : bind
Type    : denial of service
Remote  : Yes
Link    :  https://security.archlinux.org/AVG-1191 

Summary
=======

The package bind before version 9.16.4-1 is vulnerable to denial of
service.

Resolution
==========

Upgrade to 9.16.4-1.

# pacman -Syu "bind>=9.16.4-1"

The problems have

Ubuntu security update to bind9
([Security] Posted Jun 18, 2020 12:33 UTC (Thu) by jake )

CVE-2020-8619)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  bind9                           1:9.16.1-0ubuntu2.2

In general, a standard system update will make all the necessary changes.

References:
   https://usn.ubuntu.com/4399-1 
  CVE-2020-8618, CVE-2020-8619

Package

Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds