Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 18 articles for you...
100
security advisorymoderateSuSESUSE: Docker Moderate Access Flaw CVE-2025-54388 Advisory 2025:02914-1
* bsc#1246556 * bsc#1247367 Cross-References: * CVE-2025-54388 . # Security update for docker Announcement ID: SUSE-SU-2025:02914-1 Release Date: 2025-08-19T12:56:06Z Rating: moderate References: * bsc#1246556 * bsc#1247367 Cross-References: * CVE-2025-54388 CVSS scores: * CVE-2025-54388 ( SUSE ): 5.1 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2025-54388 ( SUSE ): 5.2 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2025-54388 ( NVD ): 5.1 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * Basesystem Module 15-SP7 * Containers Module 15-SP6 * Containers Module 15-SP7 * openSUSE Leap 15.6 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE LinuxEnterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for docker fixes the following issues: * Update to Docker 28.3.3-ce. * CVE-2025-54388: Fixed a bug where firewalld when reloaded can make published container ports accessible from remote hosts. (bsc#1247367) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-2914=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-2914=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-2914=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-2914=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-2914=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2025-2914=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-2914=1 * Containers Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2025-2914=1 * Containers Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2025-2914=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-2914=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-2914=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-2914=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2914=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2914=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-2914=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-2914=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2914=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-2914=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-2914=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2914=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-2914=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2025-2914=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-2914=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-2914=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * docker-28.3.3_ce-150000.230.1 * docker-debuginfo-28.3.3_ce-150000.230.1 * openSUSE Leap 15.6 (noarch) * docker-bash-completion-28.3.3_ce-150000.230.1 * docker-rootless-extras-28.3.3_ce-150000.230.1 * docker-zsh-completion-28.3.3_ce-150000.230.1 * docker-fish-completion-28.3.3_ce-150000.230.1 * SUSE Linux Enterprise Micro for Rancher5.3 (aarch64 s390x x86_64) * docker-28.3.3_ce-150000.230.1 * docker-debuginfo-28.3.3_ce-150000.230.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * docker-28.3.3_ce-150000.230.1 * docker-debuginfo-28.3.3_ce-150000.230.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * docker-28.3.3_ce-150000.230.1 * docker-debuginfo-28.3.3_ce-150000.230.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * docker-28.3.3_ce-150000.230.1 * docker-debuginfo-28.3.3_ce-150000.230.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * docker-28.3.3_ce-150000.230.1 * docker-debuginfo-28.3.3_ce-150000.230.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * docker-28.3.3_ce-150000.230.1 * docker-debuginfo-28.3.3_ce-150000.230.1 * Containers Module 15-SP6 (aarch64 ppc64le s390x x86_64) * docker-28.3.3_ce-150000.230.1 * docker-debuginfo-28.3.3_ce-150000.230.1 * Containers Module 15-SP6 (noarch) * docker-bash-completion-28.3.3_ce-150000.230.1 * docker-zsh-completion-28.3.3_ce-150000.230.1 * docker-rootless-extras-28.3.3_ce-150000.230.1 * Containers Module 15-SP7 (noarch) * docker-bash-completion-28.3.3_ce-150000.230.1 * docker-zsh-completion-28.3.3_ce-150000.230.1 * docker-rootless-extras-28.3.3_ce-150000.230.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * docker-28.3.3_ce-150000.230.1 * docker-debuginfo-28.3.3_ce-150000.230.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * docker-bash-completion-28.3.3_ce-150000.230.1 * docker-fish-completion-28.3.3_ce-150000.230.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * docker-28.3.3_ce-150000.230.1 * docker-debuginfo-28.3.3_ce-150000.230.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * docker-bash-completion-28.3.3_ce-150000.230.1 *docker-rootless-extras-28.3.3_ce-150000.230.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * docker-28.3.3_ce-150000.230.1 * docker-debuginfo-28.3.3_ce-150000.230.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * docker-bash-completion-28.3.3_ce-150000.230.1 * docker-rootless-extras-28.3.3_ce-150000.230.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * docker-28.3.3_ce-150000.230.1 * docker-debuginfo-28.3.3_ce-150000.230.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * docker-bash-completion-28.3.3_ce-150000.230.1 * docker-rootless-extras-28.3.3_ce-150000.230.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * docker-28.3.3_ce-150000.230.1 * docker-debuginfo-28.3.3_ce-150000.230.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * docker-bash-completion-28.3.3_ce-150000.230.1 * docker-rootless-extras-28.3.3_ce-150000.230.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * docker-28.3.3_ce-150000.230.1 * docker-debuginfo-28.3.3_ce-150000.230.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (noarch) * docker-bash-completion-28.3.3_ce-150000.230.1 * docker-fish-completion-28.3.3_ce-150000.230.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * docker-28.3.3_ce-150000.230.1 * docker-debuginfo-28.3.3_ce-150000.230.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * docker-bash-completion-28.3.3_ce-150000.230.1 * docker-rootless-extras-28.3.3_ce-150000.230.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * docker-28.3.3_ce-150000.230.1 * docker-debuginfo-28.3.3_ce-150000.230.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * docker-bash-completion-28.3.3_ce-150000.230.1 * docker-rootless-extras-28.3.3_ce-150000.230.1 * SUSELinux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * docker-28.3.3_ce-150000.230.1 * docker-debuginfo-28.3.3_ce-150000.230.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * docker-bash-completion-28.3.3_ce-150000.230.1 * docker-fish-completion-28.3.3_ce-150000.230.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * docker-28.3.3_ce-150000.230.1 * docker-debuginfo-28.3.3_ce-150000.230.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * docker-bash-completion-28.3.3_ce-150000.230.1 * docker-rootless-extras-28.3.3_ce-150000.230.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * docker-28.3.3_ce-150000.230.1 * docker-debuginfo-28.3.3_ce-150000.230.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * docker-bash-completion-28.3.3_ce-150000.230.1 * docker-rootless-extras-28.3.3_ce-150000.230.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * docker-28.3.3_ce-150000.230.1 * docker-debuginfo-28.3.3_ce-150000.230.1 * SUSE Enterprise Storage 7.1 (noarch) * docker-bash-completion-28.3.3_ce-150000.230.1 * docker-fish-completion-28.3.3_ce-150000.230.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * docker-28.3.3_ce-150000.230.1 * docker-debuginfo-28.3.3_ce-150000.230.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * docker-28.3.3_ce-150000.230.1 * docker-debuginfo-28.3.3_ce-150000.230.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * docker-28.3.3_ce-150000.230.1 * docker-debuginfo-28.3.3_ce-150000.230.1 ## References: * https://www.suse.com/security/cve/CVE-2025-54388.html * https://bugzilla.suse.com/show_bug.cgi?id=1246556 * https://bugzilla.suse.com/show_bug.cgi?id=1247367 . Important revision for Docker tackles medium-level access vulnerabilities in SUSE distributions to enhance security measures.. SUSE Docker Security AccessUpdate. . LinuxSecurity.com Team
Aug 19, 2025
SuSE
89
security advisoryFedoramemory corruptionFedora 36: 2022-2af658b090 Critical Memory Corruption in Subversion
This update includes the latest stable release of _Apache Subversion_, version **1.14.2**. This update addresses two security issues, `CVE-2021-28544` and `CVE-2022-24070`. For more information see https://subversion.apache.org/security/CVE-2022-24070-advisory.txt and https://subversion.apache.org/security/CVE-2021-28544-advisory.txt ### Client-. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-2af658b090 2022-07-15 01:15:23.604948 --------------------------------------------------------------------------------Name : subversion Product : Fedora 36 Version : 1.14.2 Release : 5.fc36 URL : https://subversion.apache.org/ Summary : A Modern Concurrent Version Control System Description : Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subversion is intended to be a compelling replacement for CVS. --------------------------------------------------------------------------------Update Information: This update includes the latest stable release of _Apache Subversion_, version **1.14.2**. This update addresses two security issues, `CVE-2021-28544` and `CVE-2022-24070`. For more information see https://subversion.apache.org/security/CVE-2022-24070-advisory.txt and https://subversion.apache.org/security/CVE-2021-28544-advisory.txt ### Client-side bugfixes: * Don't show unreadable copyfrom paths in 'svn log -v' * Fix -r option documentation for some svnadmin subcommands * Fix error message encoding when system() call fails * Fix assertion failure in conflict resolver ### Client-side improvements and bugfixes: * Support multiple working copy formats (1.8-onward, 1.15) ### Server-side bugfixes: * Fix use-after-free of object-pools when running inhttpd (issue [SVN-4880](https://issues.apache.org/jira/browse/SVN-4880)) --------------------------------------------------------------------------------ChangeLog: * Tue Jul 5 2022 Joe Orton - 1.14.2-5 - disable libmagic during test runs * Tue Jul 5 2022 Joe Orton - 1.14.2-4 - update for new Java arches and bump to JDK 17 (#2103909) * Mon Jun 13 2022 Python Maint - 1.14.2-3 - Rebuilt for Python 3.11 * Tue May 31 2022 Jitka Plesnikova - 1.14.2-2 - Perl 5.36 rebuild * Wed May 4 2022 Joe Orton - 1.14.2-1 - update to 1.14.2 (#2073852, CVE-2021-28544, CVE-2022-24070) --------------------------------------------------------------------------------References: [ 1 ] Bug #2074772 - CVE-2022-24070 subversion: Subversion's mod_dav_svn is vulnerable to memory corruption https://bugzilla.redhat.com/show_bug.cgi?id=2074772 [ 2 ] Bug #2074780 - CVE-2021-28544 subversion: SVN authz protected copyfrom paths regression https://bugzilla.redhat.com/show_bug.cgi?id=2074780 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-2af658b090' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jul 14, 2022
•Critical
Fedora
202
security advisoryaccess flawimportant updateopenSUSE: 2021:1255-1 Important Nextcloud Security Update
An update that fixes four vulnerabilities is now available. . openSUSE Security Update: Security update for nextcloud ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:1255-1 Rating: important References: #1190291 Cross-References: CVE-2021-32766 CVE-2021-32800 CVE-2021-32801 CVE-2021-32802 CVSS scores: CVE-2021-32800 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2021-32801 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-32802 (NVD) : 9.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L Affected Products: openSUSE Backports SLE-15-SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for nextcloud fixes the following issues: Update to 20.0.12 Fix boo#1190291 - CVE-2021-32766 (CWE-209): Generation of Error Message Containing Sensitive Information - CVE-2021-32800 (CWE-306): Missing Authentication for Critical Function - CVE-2021-32801 (CWE-532): Insertion of Sensitive Information into Log File - CVE-2021-32802 (CWE-829): Inclusion of Functionality from Untrusted Control Sphere Changes - Bump vue-router from 3.4.3 to 3.4.9 (server#27224) - Bump v-click-outside from 3.1.1 to 3.1.2 (server#27232) - Bump url-search-params-polyfill from 8.1.0 to 8.1.1 (server#27236) - Bump debounce from 1.2.0 to 1.2.1 (server#27646) - Bump vue and vue-template-compiler (server#27701) - Design fixes to app-settings button (server#27745) - Reset checksum when writing files to object store (server#27754) - Run s3 tests again (server#27804) - Fix in locking cache check (server#27829) - Bump dompurify from 2.2.8 to 2.2.9 (server#27836) - Make search popup usable on mobile, too (server#27858) - Cache images on browser(server#27863) - Fix dark theme on public link shares (server#27895) - Make user status usable on mobile (server#27897) - Do not escape display name in dashboard welcome text (server#27913) - Bump moment-timezone from 0.5.31 to 0.5.33 (server#27924) - Fix newfileMenu on public page (server#27941) - Fix svg icons disapearing in app navigation when text overflows (server#27955) - Bump bootstrap from 4.5.2 to 4.5.3 (server#27965) - Show registered breadcrumb detail views in breadcrumb menu (server#27970) - Fix regression in file sidebar (server#27976) - Bump exports-loader from 1.1.0 to 1.1.1 (server#27984) - Bump @nextcloud/capabilities from 1.0.2 to 1.0.4 (server#27985) - Bump @nextcloud/vue-dashboard from 1.0.0 to 1.0.1 (server#27988) - Improve notcreatable permissions hint (server#28006) - Update CRL due to revoked twofactor_nextcloud_notification.crt (server#28018) - Bump sass-loader from 10.0.2 to 10.0.5 (server#28032) - Increase footer height for longer menus (server#28045) - Mask password for Redis and RedisCluster on connection failure (server#28054) - Fix missing theming for login button (server#28065) - Fix overlapping of elements in certain views (server#28072) - Disable HEIC image preview provider for performance concerns (server#28081) - Improve provider check (server#28087) - Sanitize more functions from the encryption app (server#28091) - Hide download button for public preview of audio files (server#28096) - L10n: HTTP in capital letters (server#28107) - Fix dark theme in file exists dialog (server#28111) - Let memory limit set in tests fit the used amount (server#28125) - User management - Add icon to user groups (server#28172) - Bump marked from 1.1.1 to 1.1.2 (server#28187) - Fix variable override in file view (server#28191) - Bump regenerator-runtime from 0.13.7 to 0.13.9 (server#28207) - Bump url-loader from 4.1.0 to 4.1.1 (server#28208) - Fix Files breadcrumbs being hidden evenif there is enough space (server#28224) - Dont apply jail search filter is on the root (server#28241) - Check that php was compiled with argon2 support or that the php-sodium extensions is installed (server#28289) - Fix preference name when generating notifications (activity#603) - Fix monochrome icon detection for correct dark mode invert (activity#607) - Fix "Enable notification emails" (activity#613) - Show add, del and restored files within by and self filter (activity#616) - Link from app-navigation-settings to personal settings (activity#625) - Fix pdfviewer design (files_pdfviewer#446) - Include version number in firstrunwizard (firstrunwizard#570) - Use notification main link if no parameter has a link (notifications#1040) - Bump sass-loader from 10.1.0 to 10.1.1 (text#1360) - Bump @babel/plugin-transform-runtime from 7.13.9 to 7.13.15 (text#1548) - Bump @babel/preset-env from 7.13.9 to 7.13.15 (text#1550) - Bump vue-loader from 15.9.6 to 15.9.7 (text#1592) - Unify error responses and add logging where appropriate (text#1719) - Disable header timeout on mobile (viewer#978) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2021-1255=1 Package List: - openSUSE Backports SLE-15-SP3 (noarch): nextcloud-20.0.12-bp153.2.6.1 nextcloud-apache-20.0.12-bp153.2.6.1 References: https://www.suse.com/security/cve/CVE-2021-32766.html https://www.suse.com/security/cve/CVE-2021-32800.html https://www.suse.com/security/cve/CVE-2021-32801.html https://www.suse.com/security/cve/CVE-2021-32802.html https://bugzilla.suse.com/1190291 . The latest patch addresses various vulnerabilities in Nextcloud on openSUSE, improving overall security while rectifying essential access problems..Nextcloud Security, openSUSE Update, Software Fix. . Severity: Important. LinuxSecurity.com Team
Sep 14, 2021
•Important
OpenSUSE
87
security advisorycriticaldebianDebian: DSA-4930-1 Urgent: python-django Security Vulnerability
Improper pathname handling in ruby-rack-cors, a middleware that makes Rack-based apps CORS compatible, may result in access to private resources. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-4918-1
May 18, 2021
•Critical
Debian
98
security advisoryRed Hatbug fixRed Hat OCS 3.11.z Update: RHSA-2020:4143-01 Moderate Security Flaw
Updated OpenShift Container Storage packages fixing various security issues and other bugs are now available for Red Hat OpenShift Container Storage with 3.11.z Async update. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: OCS 3.11.z async security, bug fix, and enhancement update Advisory ID: RHSA-2020:4143-01 Product: Red Hat Gluster Storage Advisory URL: https://access.redhat.com/errata/RHSA-2020:4143 Issue date: 2020-09-30 CVE Names: CVE-2020-10762 CVE-2020-10763 ==================================================================== 1. Summary: Updated OpenShift Container Storage packages fixing various security issues and other bugs are now available for Red Hat OpenShift Container Storage with 3.11.z Async update. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Gluster Storage Server 3.5 on RHEL-7 - x86_64 Red Hat Storage Native Client for Red Hat Enterprise Linux 7 - x86_64 3. Description: Red Hat OpenShift Container Storage(OCS) is a provider of agnostic persistent storage for OpenShift Container Platform either in-house or in a hybrid cloud. As a Red Hat storage solution, OCS is completely integrated with OpenShift Container Platform for deployment, management, and monitoring. Security Fix(es): * gluster-block: information disclosure through world-readable gluster-block log files (CVE-2020-10762) * heketi: gluster-block volume password details available in logs (CVE-2020-10763) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, andother related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Earlier, the tcmu-runner did not give details about the file operations stuck at the backend glusterfs block hosting volume. With this change, the tcmu-runner is now able to log details about the file operations stuck at the backend glusterfs block hosting volume and this will help identify the root cause of the input/output errors easily. (BZ#1850361) * Earlier, there was no log rotation with gluster-block logs. With this release, log rotation is possible for gluster-block and tcmu-runner relevant logs. (BZ#1850365) * Earlier, heketi did not track all the changes made to volumes as part of device remove operation. With this release, heketi’s device remove operation is fully tracked and is based on a series of brick evict operations making the operation more reliable. (BZ#1850072) * An access flaw CVE-2020-13867 was found in targetcli due to which the files under ‘/etc/target’ and '/etc/target/backup' directory were widely accessible. With this release, the access flaw is fixed as a workaround in gluster-block to protect these files from any potential attacks for accessing sensitive information, until the flaw is resolved and made available in targetcli.(BZ#1850077) All Red Hat OpenShift Container Storage users are advised to upgrade to these updated packages. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1845067 - CVE-2020-10762 gluster-block: information disclosure through world-readable gluster-block log files 1845387 - CVE-2020-10763 heketi: gluster-block volume password details available in logs 1850072 - Improve the reliability of device remove 1850077 - targetcli: weak permissions config files 1850361 - tcmu-runner: Log timed out commands 1855178 - brickEvict/deviceRemove is not working when node is unreachable 6. PackageList: Red Hat Gluster Storage Server 3.5 on RHEL-7: Source: gluster-block-0.2.1-36.2.el7rhgs.src.rpm heketi-9.0.0-9.5.el7rhgs.src.rpm tcmu-runner-1.2.0-32.2.el7rhgs.src.rpm x86_64: gluster-block-0.2.1-36.2.el7rhgs.x86_64.rpm gluster-block-debuginfo-0.2.1-36.2.el7rhgs.x86_64.rpm heketi-9.0.0-9.5.el7rhgs.x86_64.rpm heketi-client-9.0.0-9.5.el7rhgs.x86_64.rpm libtcmu-1.2.0-32.2.el7rhgs.x86_64.rpm libtcmu-devel-1.2.0-32.2.el7rhgs.x86_64.rpm python-heketi-9.0.0-9.5.el7rhgs.x86_64.rpm tcmu-runner-1.2.0-32.2.el7rhgs.x86_64.rpm tcmu-runner-debuginfo-1.2.0-32.2.el7rhgs.x86_64.rpm Red Hat Storage Native Client for Red Hat Enterprise Linux 7: Source: heketi-9.0.0-9.5.el7rhgs.src.rpm x86_64: heketi-client-9.0.0-9.5.el7rhgs.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-10762 https://access.redhat.com/security/cve/CVE-2020-10763 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX3Shu9zjgjWX9erEAQglrw//X5tdsUOsOzZHeq807sm8mdNk12bTcPvM hM2goQzcIMs7XlUkUvdg3wRmfbAyZuveHtNN3O+vg+hgNAc33FGq+JeZ5RdV+ivb KwaNHtjxrOafa8WsG8li8xtEm4uU5v/6kV5hu1OJ7wmrwaD6UXHjkmE8Qlyob7Bc jYBZncQkk74e/r8YsGMe4prboSobd6uLDox8/HJc59Hj7GM+j+sUv6g6N9SLk/YJ WM3N62+uPYzzrb65mwx4d6PLkV6hVQZdmogandjjmaFRTay+kRFITtloSJJnFm6V bYcYwtFWIcaUn0w8iP42zPAgF1W3OpGQzkJKjBJcU8N74sotDEEF/+ysE9PmumrV h69mPjWg5gVovMooRn1sOcr4ehOUxdN2/SRD8cy3mEBs0bb1lKV6H21XwpaNvFM4 68iKJfczV3wM9T57gebfmEGssRZj2mNSrRscuykup7esRnzkVSJudmNw1ihe9F1G 63m0S7XntIoMvH+1eYgngLiE/i//f0Iace4DC8WOPM5Q9DcDEIgzW/7Xmgu6gwL6 VssQdgQQcU/VaWxTvuEj4GheJVf+N4+j1rwx4/YtOfjtGZrl6SHg2a0xyMB3moHn V98eMNjCYg3Sk8WkUvXxAiKo9D3FY6ZMISwLQxiKkRWQhb91e6CO+XFJhWpfJKwy JCqa3TI5yDY=fsTt -----END PGPSIGNATURE----- -- RHSA-announce mailing list
Sep 30, 2020
Red Hat
203
security advisoryaccess flawconfidentiality issueMageia: 2020-0326 Moderate: Targetcli Access Flaw Confidentiality Risk
An access flaw was found in targetcli, where the /etc/target and underneath backup directory/files were world-readable. This flaw allows a local attacker to access potentially sensitive information such as authentication credentials from the /etc/target/saveconfig.json and backup files. The highest threat from this vulnerability is to confidentiality (CVE-2020-13867). . MGASA-2020-0326 - Updated targetcli packages fix security vulnerability Publication date: 18 Aug 2020 URL: https://advisories.mageia.org/MGASA-2020-0326.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-13867 An access flaw was found in targetcli, where the /etc/target and underneath backup directory/files were world-readable. This flaw allows a local attacker to access potentially sensitive information such as authentication credentials from the /etc/target/saveconfig.json and backup files. The highest threat from this vulnerability is to confidentiality (CVE-2020-13867). References: - https://bugs.mageia.org/show_bug.cgi?id=27041 - https://lists.fedoraproject.org/archives/list/
Aug 18, 2020
Mageia
89
security advisoryFedoraaccess flawFedora 24 Update: 2017-b154ff2892 Moderate Mercurial Access Flaw
Fixes CVE-2017-9462.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-b154ff2892 2017-06-26 19:07:17.381365 --------------------------------------------------------------------------------Name : mercurial Product : Fedora 24 Version : 3.7.3 Release : 2.fc24 URL : Summary : Mercurial -- a distributed SCM Description : Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Quick start: https://wiki.mercurial-scm.org/QuickStart Tutorial: Extensions: --------------------------------------------------------------------------------Update Information: Fixes CVE-2017-9462. --------------------------------------------------------------------------------References: [ 1 ] Bug #1459485 - CVE-2017-9462 mercurial: Python debugger accessible to authorized users [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1459485 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade mercurial' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Jun 26, 2017
•Important
Fedora
98
security advisorymoderateaccess flawRed Hat: RHSA-2017:1243-01 Moderate: OpenStack Heat Access Flaw
An update for openstack-heat is now available for Red Hat OpenStack Platform 10.0 (Newton). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-heat security, bug fix, and enhancement update Advisory ID: RHSA-2017:1243-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2017:1243 Issue date: 2017-05-17 CVE Names: CVE-2017-2621 ==================================================================== 1. Summary: An update for openstack-heat is now available for Red Hat OpenStack Platform 10.0 (Newton). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 10.0 - noarch 3. Description: OpenStack Orchestration (heat) is a template-driven engine used to specify and deploy configurations for Compute, Storage, and OpenStack Networking. The service can be used to automate post-deployment actions, which in turn allows automated provisioning of infrastructure, services, and applications. Additionally, Orchestration can be integrated with Telemetry alarms to implement auto-scaling for certain infrastructure resources. The following packages have been upgraded to a later upstream version: openstack-heat (7.0.2). (BZ#1431258) Security Fix(es): * An access-control flaw was found in the OpenStack Orchestration (heat) service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to accesssensitive information. (CVE-2017-2621) Red Hat would like to thank Hans Feldt (Ericsson) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1420990 - CVE-2017-2621 openstack-heat: /var/log/heat/ is world readable 1424578 - Heat doesn't inject personality files on rebuild 1424886 - Password written in clear text in heat-api.log with DEBUG mode [openstack-10] 1428632 - OpenStack Heat may fail to connect keystone admin API in multi-region environment 1428877 - [UPDATES] ERROR: The "pre-update" hook is not defined on SoftwareDeployment "UpdateDeployment" 1431258 - Rebase openstack-heat to stable/newton hash 6533b3d 6. Package List: Red Hat OpenStack Platform 10.0: Source: openstack-heat-7.0.2-4.el7ost.src.rpm noarch: openstack-heat-api-7.0.2-4.el7ost.noarch.rpm openstack-heat-api-cfn-7.0.2-4.el7ost.noarch.rpm openstack-heat-api-cloudwatch-7.0.2-4.el7ost.noarch.rpm openstack-heat-common-7.0.2-4.el7ost.noarch.rpm openstack-heat-engine-7.0.2-4.el7ost.noarch.rpm python-heat-tests-7.0.2-4.el7ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2017-2621 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFZHKz9XlSAg2UNWIIRArzmAJ9flM4PpDUWlQOTSWm2ZAnxvUhd6QCbBHUI HPtae1lWdPMBctXSqEb3KeE=/Pcs -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
May 17, 2017
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!