Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
202
security advisorycriticalimportantSUSE: 2024:4246-1 important: Linux Kernel live patch updates for SLE 15 SP3
An update that solves 12 vulnerabilities can now be installed.. # Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP3) Announcement ID: SUSE-SU-2024:4246-1 Release Date: 2024-12-06T14:03:50Z Rating: important References: * bsc#1223683 * bsc#1225309 * bsc#1225310 * bsc#1225311 * bsc#1225312 * bsc#1225733 * bsc#1225819 * bsc#1226325 * bsc#1227471 * bsc#1227651 * bsc#1228573 * bsc#1229553 Cross-References: * CVE-2021-47291 * CVE-2021-47598 * CVE-2023-52752 * CVE-2024-26923 * CVE-2024-35861 * CVE-2024-35862 * CVE-2024-35864 * CVE-2024-35950 * CVE-2024-36904 * CVE-2024-36964 * CVE-2024-41059 * CVE-2024-43861 CVSS scores: * CVE-2021-47291 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35950 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36904 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-43861 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43861 ( NVD ): 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves 12 vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_164 fixes several issues. The following security issues were fixed: * CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225733). * CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229553). * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions (bsc#1227651). * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-35950: drm/client: Fully protect modes with dev-> mode_config.mutex (bsc#1225310). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise LivePatching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2024-4246=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-4246=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_164-default-5-150300.7.6.1 * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_164-default-5-150300.7.6.1 * kernel-livepatch-5_3_18-150300_59_164-default-debuginfo-5-150300.7.6.1 * kernel-livepatch-SLE15-SP3_Update_45-debugsource-5-150300.7.6.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_164-preempt-5-150300.7.6.1 * kernel-livepatch-5_3_18-150300_59_164-preempt-debuginfo-5-150300.7.6.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47291.html * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://www.suse.com/security/cve/CVE-2024-35950.html * https://www.suse.com/security/cve/CVE-2024-36904.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://www.suse.com/security/cve/CVE-2024-43861.html * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225310 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225733 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 * https://bugzilla.suse.com/show_bug.cgi?id=1227651 *https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1229553 . This notice pertains to a security enhancement for the Linux Kernel that tackles significant vulnerabilities within Fedora and RHEL.. SUSE Kernel Live Patch,SLES Security Update,openSUSE Advisory,Kernel Security Update. . Severity: Important. LinuxSecurity.com Team
Dec 06, 2024
•Important
OpenSUSE
202
security advisorysecurity updateupdateopenSUSE Leap 15.2: 2020:2315-1 Important MozillaFirefox Security Update
An update that fixes 12 vulnerabilities is now available. . openSUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:2315-1 Rating: important References: #1178824 Cross-References: CVE-2020-15999 CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26966 CVE-2020-26968 Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.5.0 ESR (bsc#1178824) * CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code * CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls * CVE-2020-26953: Fullscreen could be enabled without displaying the security UI * CVE-2020-26956: XSS through paste (manual and clipboard API) * CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions * CVE-2020-26959: Use-after-free in WebRequestService * CVE-2020-26960: Potential use-after-free in uses of nsTArray * CVE-2020-15999: Heap buffer overflow in freetype * CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses * CVE-2020-26965: Software keyboards may have remembered typed passwords * CVE-2020-26966: Single-word search queries were also broadcast to local network * CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 This update was imported from the SUSE:SLE-15:Update updateproject. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2020-2315=1 Package List: - openSUSE Leap 15.2 (x86_64): MozillaFirefox-78.5.0-lp152.2.33.1 MozillaFirefox-branding-upstream-78.5.0-lp152.2.33.1 MozillaFirefox-buildsymbols-78.5.0-lp152.2.33.1 MozillaFirefox-debuginfo-78.5.0-lp152.2.33.1 MozillaFirefox-debugsource-78.5.0-lp152.2.33.1 MozillaFirefox-devel-78.5.0-lp152.2.33.1 MozillaFirefox-translations-common-78.5.0-lp152.2.33.1 MozillaFirefox-translations-other-78.5.0-lp152.2.33.1 References: https://www.suse.com/security/cve/CVE-2020-15999.html https://www.suse.com/security/cve/CVE-2020-16012.html https://www.suse.com/security/cve/CVE-2020-26951.html https://www.suse.com/security/cve/CVE-2020-26953.html https://www.suse.com/security/cve/CVE-2020-26956.html https://www.suse.com/security/cve/CVE-2020-26958.html https://www.suse.com/security/cve/CVE-2020-26959.html https://www.suse.com/security/cve/CVE-2020-26960.html https://www.suse.com/security/cve/CVE-2020-26961.html https://www.suse.com/security/cve/CVE-2020-26965.html https://www.suse.com/security/cve/CVE-2020-26966.html https://www.suse.com/security/cve/CVE-2020-26968.html https://bugzilla.suse.com/1178824 _______________________________________________ openSUSE Security Announce mailing list --
Dec 22, 2020
•Important
OpenSUSE
202
security advisorycriticalDoSopenSUSE Leap 42.1: 2016:1329-1 Important: Ntp DoS Issues
An update that fixes 12 vulnerabilities is now available. An update that fixes 12 vulnerabilities is now available. An update that fixes 12 vulnerabilities is now available.. openSUSE Security Update: Security update for ntp ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:1329-1 Rating: important References: #957226 #977446 #977450 #977451 #977452 #977455 #977457 #977458 #977459 #977461 #977464 Cross-References: CVE-2015-7704 CVE-2015-7705 CVE-2015-7974 CVE-2016-1547 CVE-2016-1548 CVE-2016-1549 CVE-2016-1550 CVE-2016-1551 CVE-2016-2516 CVE-2016-2517 CVE-2016-2518 CVE-2016-2519 Affected Products: openSUSE Leap 42.1 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: This update for ntp to 4.2.8p7 fixes the following issues: * CVE-2016-1547, bsc#977459: Validate crypto-NAKs, AKA: CRYPTO-NAK DoS. * CVE-2016-1548, bsc#977461: Interleave-pivot * CVE-2016-1549, bsc#977451: Sybil vulnerability: ephemeral association attack. * CVE-2016-1550, bsc#977464: Improve NTP security against buffer comparison timing attacks. * CVE-2016-1551, bsc#977450: Refclock impersonation vulnerability * CVE-2016-2516, bsc#977452: Duplicate IPs on unconfig directives will cause an assertion botch in ntpd. * CVE-2016-2517, bsc#977455: remote configuration trustedkey/ requestkey/controlkey values are not properly validated. * CVE-2016-2518, bsc#977457: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC. * CVE-2016-2519, bsc#977458: ctl_getitem() return value not always checked. * This update also improves the fixes for: CVE-2015-7704, CVE-2015-7705, CVE-2015-7974 Bugs fixed: - Restrict the parser in the startup script to the first occurrance of "keys" and "controlkey" in ntp.conf (bsc#957226). This update was imported from the SUSE:SLE-12-SP1:Update update project. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-599=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (i586 x86_64): ntp-4.2.8p7-21.1 ntp-debuginfo-4.2.8p7-21.1 ntp-debugsource-4.2.8p7-21.1 ntp-doc-4.2.8p7-21.1 References: https://www.suse.com/security/cve/CVE-2015-7704.html https://www.suse.com/security/cve/CVE-2015-7705.html https://www.suse.com/security/cve/CVE-2015-7974.html https://www.suse.com/security/cve/CVE-2016-1547.html https://www.suse.com/security/cve/CVE-2016-1548.html https://www.suse.com/security/cve/CVE-2016-1549.html https://www.suse.com/security/cve/CVE-2016-1550.html https://www.suse.com/security/cve/CVE-2016-1551.html https://www.suse.com/security/cve/CVE-2016-2516.html https://www.suse.com/security/cve/CVE-2016-2517.html https://www.suse.com/security/cve/CVE-2016-2518.html https://www.suse.com/security/cve/CVE-2016-2519.html https://bugzilla.suse.com/show_bug.cgi?id=957226 https://bugzilla.suse.com/show_bug.cgi?id=977446 https://bugzilla.suse.com/show_bug.cgi?id=977450 https://bugzilla.suse.com/show_bug.cgi?id=977451 https://bugzilla.suse.com/show_bug.cgi?id=977452 https://bugzilla.suse.com/show_bug.cgi?id=977455 https://bugzilla.suse.com/show_bug.cgi?id=977457 https://bugzilla.suse.com/show_bug.cgi?id=977458 https://bugzilla.suse.com/show_bug.cgi?id=977459 https://bugzilla.suse.com/show_bug.cgi?id=977461 https://bugzilla.suse.com/show_bug.cgi?id=977464 . A significant advisory for Fedora has been issued, targeting 10 security flaws within the kernel, thereby improving overall system protection and performance. Take actionimmediately!. openSUSE, ntp update, security fixes, system stability. . Severity: Important. LinuxSecurity.com Team
May 18, 2016
•Important
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!