Alerts This Week
Warning Icon 1 659
Alerts This Week
Warning Icon 1 659

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 7 articles for you...
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisorymoderatesecurity issue

openSUSE 15.6 Python-Authlib Moderate CVE-2025-68158 ATO Risk 2026-0828-1

An update that solves one vulnerability can now be installed.. # Security update for python-Authlib Announcement ID: SUSE-SU-2026:0828-1 Release Date: 2026-03-05T15:17:02Z Rating: moderate References: * bsc#1256414 Cross-References: * CVE-2025-68158 CVSS scores: * CVE-2025-68158 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-68158 ( SUSE ): 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N * CVE-2025-68158 ( NVD ): 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N * CVE-2025-68158 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * Python 3 Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for python-Authlib fixes the following issues: * CVE-2025-68158: Fixed 1-click account takeover in applications that use the Authlib library (bsc#1256414) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-828=1 openSUSE-SLE-15.6-2026-828=1 * Python 3 Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-828=1 ## Package List: * openSUSE Leap 15.6 (noarch) * python311-Authlib-1.3.1-150600.3.14.1 * Python 3 Module 15-SP7 (noarch) * python311-Authlib-1.3.1-150600.3.14.1 ## References: * https://www.suse.com/security/cve/CVE-2025-68158.html * https://bugzilla.suse.com/show_bug.cgi?id=1256414 . An important update for python-Authlib on openSUSE addresses a moderate security issue that can lead to account takeover.. openSUSE python-Authlib security update moderate. . LinuxSecurity.com Team

Calendar 2 Mar 05, 2026 OpenSUSE
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorymoderateOpenSUSE

Debian's Python-Authlib Security Improvement for CVE-2025-68190

An update that solves one vulnerability can now be installed.. # Security update for python-Authlib Announcement ID: SUSE-SU-2026:0828-1 Release Date: 2026-03-05T15:17:02Z Rating: moderate References: * bsc#1256414 Cross-References: * CVE-2025-68158 CVSS scores: * CVE-2025-68158 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-68158 ( SUSE ): 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N * CVE-2025-68158 ( NVD ): 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N * CVE-2025-68158 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * Python 3 Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for python-Authlib fixes the following issues: * CVE-2025-68158: Fixed 1-click account takeover in applications that use the Authlib library (bsc#1256414) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-828=1 openSUSE-SLE-15.6-2026-828=1 * Python 3 Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-828=1 ## Package List: * openSUSE Leap 15.6 (noarch) * python311-Authlib-1.3.1-150600.3.14.1 * Python 3 Module 15-SP7 (noarch) * python311-Authlib-1.3.1-150600.3.14.1 ## References: * https://www.suse.com/security/cve/CVE-2025-68158.html * https://bugzilla.suse.com/show_bug.cgi?id=1256414 . Update for python-Authlib addresses security flaw CVE-2025-68158 in openSUSE, fixing account takeover issue.. python-Authlib update, openSUSE patch, CVE-2025-68158, SUSE security advisory. . LinuxSecurity.com Team

Calendar 2 Mar 05, 2026 SuSE
Banner 4 1028x280 1708121825 1771600306
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorysoftware updateimportant

SUSE Linux Micro 6.0: 2025:20003-1 important: util-linux account takeover

* bsc#1218609 * bsc#1220117 * bsc#1221831 * bsc#1223605 * bsc#1225598 . # Security update for util-linux Announcement ID: SUSE-SU-2025:20003-1 Release Date: 2025-02-03T08:46:06Z Rating: important References: * bsc#1218609 * bsc#1220117 * bsc#1221831 * bsc#1223605 * bsc#1225598 Cross-References: * CVE-2024-28085 CVSS scores: * CVE-2024-28085 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N * CVE-2024-28085 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability and has four fixes can now be installed. ## Description: This update for util-linux fixes the following issues: Security issue fixed: * CVE-2024-28085: Properly neutralize escape sequences in wall to avoid potential account takeover. (bsc#1221831) Non-security issues fixed: * Fix hang of lscpu -e (bsc#1225598) * lscpu: Add more ARM cores (bsc#1223605) * Document that chcpu -g is not supported on IBM z/VM (bsc#1218609) * Processes not cleaned up after failed SSH session are using up 100% CPU (bsc#1220117) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-117=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * util-linux-systemd-debuginfo-2.39.3-3.1 * libblkid1-debuginfo-2.39.3-3.1 * libuuid1-2.39.3-3.1 * util-linux-debuginfo-2.39.3-3.1 * libuuid1-debuginfo-2.39.3-3.1 * util-linux-debugsource-2.39.3-3.1 * libsmartcols1-2.39.3-3.1 * util-linux-systemd-debugsource-2.39.3-3.1 * util-linux-systemd-2.39.3-3.1 * libfdisk1-debuginfo-2.39.3-3.1 * libmount1-debuginfo-2.39.3-3.1 * libmount1-2.39.3-3.1 * util-linux-2.39.3-3.1 * libfdisk1-2.39.3-3.1 * libblkid1-2.39.3-3.1 *libsmartcols1-debuginfo-2.39.3-3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-28085.html * https://bugzilla.suse.com/show_bug.cgi?id=1218609 * https://bugzilla.suse.com/show_bug.cgi?id=1220117 * https://bugzilla.suse.com/show_bug.cgi?id=1221831 * https://bugzilla.suse.com/show_bug.cgi?id=1223605 * https://bugzilla.suse.com/show_bug.cgi?id=1225598 . Crucial SUSE patch resolves a vulnerability related to account hacking in util-linux, enhancing both security and performance.. SUSE Linux, util-linux, account takeover, security update, software patch. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jun 04, 2025 Important SuSE
100
Ls Advisories Suse Esm H240
Price Tag 1security advisoryimportantutil-linux

SUSE: 2025:20003-1 important: util-linux security fix against takeover

* bsc#1218609 * bsc#1220117 * bsc#1221831 * bsc#1223605 * bsc#1225598 . # Security update for util-linux Announcement ID: SUSE-SU-2025:20003-1 Release Date: 2025-02-03T08:46:06Z Rating: important References: * bsc#1218609 * bsc#1220117 * bsc#1221831 * bsc#1223605 * bsc#1225598 Cross-References: * CVE-2024-28085 CVSS scores: * CVE-2024-28085 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N * CVE-2024-28085 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability and has four fixes can now be installed. ## Description: This update for util-linux fixes the following issues: Security issue fixed: * CVE-2024-28085: Properly neutralize escape sequences in wall to avoid potential account takeover. (bsc#1221831) Non-security issues fixed: * Fix hang of lscpu -e (bsc#1225598) * lscpu: Add more ARM cores (bsc#1223605) * Document that chcpu -g is not supported on IBM z/VM (bsc#1218609) * Processes not cleaned up after failed SSH session are using up 100% CPU (bsc#1220117) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-117=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * libfdisk1-debuginfo-2.39.3-3.1 * util-linux-systemd-debugsource-2.39.3-3.1 * libblkid1-2.39.3-3.1 * util-linux-debuginfo-2.39.3-3.1 * util-linux-systemd-debuginfo-2.39.3-3.1 * libblkid1-debuginfo-2.39.3-3.1 * libsmartcols1-debuginfo-2.39.3-3.1 * libuuid1-2.39.3-3.1 * util-linux-debugsource-2.39.3-3.1 * libfdisk1-2.39.3-3.1 * libuuid1-debuginfo-2.39.3-3.1 * util-linux-2.39.3-3.1 * libmount1-2.39.3-3.1 * libsmartcols1-2.39.3-3.1 * util-linux-systemd-2.39.3-3.1 *libmount1-debuginfo-2.39.3-3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-28085.html * https://bugzilla.suse.com/show_bug.cgi?id=1218609 * https://bugzilla.suse.com/show_bug.cgi?id=1220117 * https://bugzilla.suse.com/show_bug.cgi?id=1221831 * https://bugzilla.suse.com/show_bug.cgi?id=1223605 * https://bugzilla.suse.com/show_bug.cgi?id=1225598 . Delve into the SUSE 2025:20003-1 advisory for critical enhancements regarding util-linux, which targets a remedy for vulnerabilities linked to account exploitation.. SUSE Update, util-linux advisory, important security fix, account takeover, system patch. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jun 04, 2025 Important SuSE
Banner 4 1028x280 1708121825 1771600306
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorysecurity issueimportant

SUSE: 2025:20003-1 important: util-linux account takeover risk

* bsc#1218609 * bsc#1220117 * bsc#1221831 * bsc#1223605 * bsc#1225598 . # Security update for util-linux Announcement ID: SUSE-SU-2025:20003-1 Release Date: 2025-02-03T08:46:06Z Rating: important References: * bsc#1218609 * bsc#1220117 * bsc#1221831 * bsc#1223605 * bsc#1225598 Cross-References: * CVE-2024-28085 CVSS scores: * CVE-2024-28085 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N * CVE-2024-28085 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability and has four fixes can now be installed. ## Description: This update for util-linux fixes the following issues: Security issue fixed: * CVE-2024-28085: Properly neutralize escape sequences in wall to avoid potential account takeover. (bsc#1221831) Non-security issues fixed: * Fix hang of lscpu -e (bsc#1225598) * lscpu: Add more ARM cores (bsc#1223605) * Document that chcpu -g is not supported on IBM z/VM (bsc#1218609) * Processes not cleaned up after failed SSH session are using up 100% CPU (bsc#1220117) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-117=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * util-linux-systemd-debuginfo-2.39.3-3.1 * libblkid1-debuginfo-2.39.3-3.1 * libuuid1-2.39.3-3.1 * util-linux-debuginfo-2.39.3-3.1 * libuuid1-debuginfo-2.39.3-3.1 * util-linux-debugsource-2.39.3-3.1 * libsmartcols1-2.39.3-3.1 * util-linux-systemd-debugsource-2.39.3-3.1 * util-linux-systemd-2.39.3-3.1 * libfdisk1-debuginfo-2.39.3-3.1 * libmount1-debuginfo-2.39.3-3.1 * libmount1-2.39.3-3.1 * util-linux-2.39.3-3.1 * libfdisk1-2.39.3-3.1 * libblkid1-2.39.3-3.1 *libsmartcols1-debuginfo-2.39.3-3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-28085.html * https://bugzilla.suse.com/show_bug.cgi?id=1218609 * https://bugzilla.suse.com/show_bug.cgi?id=1220117 * https://bugzilla.suse.com/show_bug.cgi?id=1221831 * https://bugzilla.suse.com/show_bug.cgi?id=1223605 * https://bugzilla.suse.com/show_bug.cgi?id=1225598 . Critical SUSE security patch for util-linux addresses a vulnerability that could allow account takeover along with various non-security related bugs.. SUSE Linux Micro, util-linux, security update, account takeover, patching. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jun 04, 2025 Important SuSE
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorysecurity fiximportant

SUSE: 2024:1943-1 Important: Util-Linux Account Takeover Fix

* bsc#1218609 * bsc#1220117 * bsc#1221831 * bsc#1223605 . # Security update for util-linux Announcement ID: SUSE-SU-2024:1943-1 Rating: important References: * bsc#1218609 * bsc#1220117 * bsc#1221831 * bsc#1223605 Cross-References: * CVE-2024-28085 CVSS scores: * CVE-2024-28085 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * Server Applications Module 15-SP6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability and has three security fixes can now be installed. ## Description: This update for util-linux fixes the following issues: * CVE-2024-28085: Properly neutralize escape sequences in wall to avoid potential account takeover. (bsc#1221831) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-1943=1 SUSE-2024-1943=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-1943=1 * Server Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2024-1943=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libblkid-devel-2.39.3-150600.4.3.1 * libfdisk1-2.39.3-150600.4.3.1 * python-libmount-debugsource-2.39.3-150600.4.3.1 * libsmartcols1-debuginfo-2.39.3-150600.4.3.1 * util-linux-2.39.3-150600.4.3.1 * libuuid-devel-static-2.39.3-150600.4.3.1 * libfdisk-devel-static-2.39.3-150600.4.3.1 * uuidd-debuginfo-2.39.3-150600.4.3.1 * libuuid1-debuginfo-2.39.3-150600.4.3.1 * libblkid1-debuginfo-2.39.3-150600.4.3.1 *python3-libmount-2.39.3-150600.4.3.1 * libblkid-devel-static-2.39.3-150600.4.3.1 * util-linux-tty-tools-2.39.3-150600.4.3.1 * libmount-devel-static-2.39.3-150600.4.3.1 * libfdisk-devel-2.39.3-150600.4.3.1 * python3-libmount-debuginfo-2.39.3-150600.4.3.1 * util-linux-systemd-2.39.3-150600.4.3.1 * libuuid1-2.39.3-150600.4.3.1 * util-linux-debuginfo-2.39.3-150600.4.3.1 * libuuid-devel-2.39.3-150600.4.3.1 * libfdisk1-debuginfo-2.39.3-150600.4.3.1 * uuidd-2.39.3-150600.4.3.1 * libmount-devel-2.39.3-150600.4.3.1 * libblkid1-2.39.3-150600.4.3.1 * libsmartcols-devel-2.39.3-150600.4.3.1 * libmount1-2.39.3-150600.4.3.1 * util-linux-tty-tools-debuginfo-2.39.3-150600.4.3.1 * libsmartcols1-2.39.3-150600.4.3.1 * util-linux-debugsource-2.39.3-150600.4.3.1 * util-linux-systemd-debuginfo-2.39.3-150600.4.3.1 * util-linux-systemd-debugsource-2.39.3-150600.4.3.1 * libsmartcols-devel-static-2.39.3-150600.4.3.1 * libmount1-debuginfo-2.39.3-150600.4.3.1 * openSUSE Leap 15.6 (x86_64) * libsmartcols1-32bit-debuginfo-2.39.3-150600.4.3.1 * libsmartcols1-32bit-2.39.3-150600.4.3.1 * libmount1-32bit-2.39.3-150600.4.3.1 * libfdisk-devel-32bit-2.39.3-150600.4.3.1 * libuuid1-32bit-2.39.3-150600.4.3.1 * libmount-devel-32bit-2.39.3-150600.4.3.1 * libmount1-32bit-debuginfo-2.39.3-150600.4.3.1 * libsmartcols-devel-32bit-2.39.3-150600.4.3.1 * libuuid1-32bit-debuginfo-2.39.3-150600.4.3.1 * libblkid1-32bit-debuginfo-2.39.3-150600.4.3.1 * libuuid-devel-32bit-2.39.3-150600.4.3.1 * libblkid-devel-32bit-2.39.3-150600.4.3.1 * libfdisk1-32bit-debuginfo-2.39.3-150600.4.3.1 * libblkid1-32bit-2.39.3-150600.4.3.1 * libfdisk1-32bit-2.39.3-150600.4.3.1 * openSUSE Leap 15.6 (noarch) * util-linux-lang-2.39.3-150600.4.3.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libsmartcols1-64bit-debuginfo-2.39.3-150600.4.3.1 * libfdisk1-64bit-debuginfo-2.39.3-150600.4.3.1 * libmount1-64bit-2.39.3-150600.4.3.1 *libsmartcols-devel-64bit-2.39.3-150600.4.3.1 * libblkid1-64bit-debuginfo-2.39.3-150600.4.3.1 * libmount1-64bit-debuginfo-2.39.3-150600.4.3.1 * libmount-devel-64bit-2.39.3-150600.4.3.1 * libuuid1-64bit-2.39.3-150600.4.3.1 * libblkid1-64bit-2.39.3-150600.4.3.1 * libfdisk1-64bit-2.39.3-150600.4.3.1 * libsmartcols1-64bit-2.39.3-150600.4.3.1 * libuuid1-64bit-debuginfo-2.39.3-150600.4.3.1 * libuuid-devel-64bit-2.39.3-150600.4.3.1 * libblkid-devel-64bit-2.39.3-150600.4.3.1 * libfdisk-devel-64bit-2.39.3-150600.4.3.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libblkid-devel-2.39.3-150600.4.3.1 * libfdisk1-2.39.3-150600.4.3.1 * libsmartcols1-debuginfo-2.39.3-150600.4.3.1 * util-linux-2.39.3-150600.4.3.1 * libuuid-devel-static-2.39.3-150600.4.3.1 * libuuid1-debuginfo-2.39.3-150600.4.3.1 * libblkid1-debuginfo-2.39.3-150600.4.3.1 * libblkid-devel-static-2.39.3-150600.4.3.1 * util-linux-tty-tools-2.39.3-150600.4.3.1 * libfdisk-devel-2.39.3-150600.4.3.1 * util-linux-systemd-2.39.3-150600.4.3.1 * libuuid1-2.39.3-150600.4.3.1 * util-linux-debuginfo-2.39.3-150600.4.3.1 * libuuid-devel-2.39.3-150600.4.3.1 * libfdisk1-debuginfo-2.39.3-150600.4.3.1 * libmount-devel-2.39.3-150600.4.3.1 * libblkid1-2.39.3-150600.4.3.1 * libsmartcols-devel-2.39.3-150600.4.3.1 * libmount1-2.39.3-150600.4.3.1 * util-linux-tty-tools-debuginfo-2.39.3-150600.4.3.1 * libsmartcols1-2.39.3-150600.4.3.1 * util-linux-debugsource-2.39.3-150600.4.3.1 * util-linux-systemd-debuginfo-2.39.3-150600.4.3.1 * util-linux-systemd-debugsource-2.39.3-150600.4.3.1 * libmount1-debuginfo-2.39.3-150600.4.3.1 * Basesystem Module 15-SP6 (noarch) * util-linux-lang-2.39.3-150600.4.3.1 * Basesystem Module 15-SP6 (x86_64) * libmount1-32bit-2.39.3-150600.4.3.1 * libuuid1-32bit-2.39.3-150600.4.3.1 * libuuid1-32bit-debuginfo-2.39.3-150600.4.3.1 * libblkid1-32bit-debuginfo-2.39.3-150600.4.3.1 *libmount1-32bit-debuginfo-2.39.3-150600.4.3.1 * libblkid1-32bit-2.39.3-150600.4.3.1 * Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * uuidd-debuginfo-2.39.3-150600.4.3.1 * util-linux-systemd-debugsource-2.39.3-150600.4.3.1 * util-linux-systemd-debuginfo-2.39.3-150600.4.3.1 * uuidd-2.39.3-150600.4.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-28085.html * https://bugzilla.suse.com/show_bug.cgi?id=1218609 * https://bugzilla.suse.com/show_bug.cgi?id=1220117 * https://bugzilla.suse.com/show_bug.cgi?id=1221831 * https://bugzilla.suse.com/show_bug.cgi?id=1223605 . SUSE-SU-2024:1944-1 patch for net-tools addresses severe vulnerabilities and enhances the overall security posture of the system.. util-linux updates, SUSE security patches, Linux system security, important security advisories, account takeover prevention. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jun 10, 2024 Important SuSE
Banner 4 1028x280 1708121825 1771600306
219
Ls Advisories Rockylinux Esm H240
Price Tag 1security advisorysecurity issuecritical

Rocky Linux 9 RLSA-2023:4030 Critical: Grafana Account Takeover

Critical: grafana security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2023:4030", "synopsis": "Critical: grafana security update", "severity": "SEVERITY_CRITICAL", "topic": "An update is available for grafana.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. \n\nSecurity Fix(es):\n\n* grafana: account takeover possible when using Azure AD OAuth (CVE-2023-3128)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2213626", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2213626", "description": ""}], "cves": [{"name": "CVE-2023-3128", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2023-3128", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}], "references": [], "publishedAt": "2023-07-19T17:53:40.018347Z", "rpms": {"Rocky Linux 9": {"nvras": ["grafana-0:9.0.9-3.el9_2.aarch64.rpm", "grafana-0:9.0.9-3.el9_2.ppc64le.rpm", "grafana-0:9.0.9-3.el9_2.s390x.rpm", "grafana-0:9.0.9-3.el9_2.src.rpm", "grafana-0:9.0.9-3.el9_2.x86_64.rpm", "grafana-debuginfo-0:9.0.9-3.el9_2.aarch64.rpm", "grafana-debuginfo-0:9.0.9-3.el9_2.ppc64le.rpm", "grafana-debuginfo-0:9.0.9-3.el9_2.s390x.rpm", "grafana-debuginfo-0:9.0.9-3.el9_2.x86_64.rpm", "grafana-debugsource-0:9.0.9-3.el9_2.aarch64.rpm", "grafana-debugsource-0:9.0.9-3.el9_2.ppc64le.rpm", "grafana-debugsource-0:9.0.9-3.el9_2.s390x.rpm", "grafana-debugsource-0:9.0.9-3.el9_2.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Important Grafana security patch released for Rocky Linux 9to address vulnerabilities related to Azure AD OAuth that may lead to unauthorized account access.. Rocky Linux Security,Grafana Update,Critical Security Patch,Account Takeover Risk. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jul 19, 2023 Critical Rocky Linux
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorysecurity issueupdate

Critical Grafana Update: Account Takeover Risk in RHEL 9 RHSA-2023-4030-01

An update for grafana is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Critical: grafana security update Advisory ID: RHSA-2023:4030-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:4030 Issue date: 2023-07-12 CVE Names: CVE-2023-3128 ==================================================================== 1. Summary: An update for grafana is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 3. Description: Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): * grafana: account takeover possible when using Azure AD OAuth (CVE-2023-3128) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2213626 - CVE-2023-3128 grafana: account takeover possible when using Azure AD OAuth 6. Package List: Red Hat Enterprise Linux AppStream (v.9): Source: grafana-9.0.9-3.el9_2.src.rpm aarch64: grafana-9.0.9-3.el9_2.aarch64.rpm grafana-debuginfo-9.0.9-3.el9_2.aarch64.rpm grafana-debugsource-9.0.9-3.el9_2.aarch64.rpm ppc64le: grafana-9.0.9-3.el9_2.ppc64le.rpm grafana-debuginfo-9.0.9-3.el9_2.ppc64le.rpm grafana-debugsource-9.0.9-3.el9_2.ppc64le.rpm s390x: grafana-9.0.9-3.el9_2.s390x.rpm grafana-debuginfo-9.0.9-3.el9_2.s390x.rpm grafana-debugsource-9.0.9-3.el9_2.s390x.rpm x86_64: grafana-9.0.9-3.el9_2.x86_64.rpm grafana-debuginfo-9.0.9-3.el9_2.x86_64.rpm grafana-debugsource-9.0.9-3.el9_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2023-3128 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJkrlhbAAoJENzjgjWX9erEmqgP/08o++LnXE6gFFVoTMV8mv0X aQ2K/92nc/40QClKKSPU6Emj1nq7+hI8TsROWUwuAnoSVUIUqJpRbjXp8VjeKVJA v/OaPshsU2xkPy1IsxXgrMu0qftOt0yrkAiE8LRLdTi36WSrk1pR1DYhnXBpKVNv 6HdwSKdz/9lnCe4EMyimWIvYACsC6HkVR1pJ3ZvI9oN4MLCXvkxw64vKg4paQV63 DizfK894MZxUyoUNkV5poNr+N7JhmhDBLyTxM1LqJlbDPRo6zXQEGNuseDDNU5O9 gMEZ57ZS54DeweT6yvlomyQpoTMp8TuhBrI+hOol5SDQV+Z8k8QF1z0kVDrx4i63 U2gy1yKt0hTel9MXJ7M2MPLkleTxJxD0ZnWGhfun3ztkbA3EWnryv7739KfhyrAP DoeSIuT2lHZC+TJyF3hHbYli2JfDQRlgLSiQSN6xtnOl6yW7qvyPQuyu2pCSRiWw 4w8ADz1yYymTLihqhy0KxU9F4avjDzhkF9aRVxzrAp9lesS0q9ntZ8PulXfXRNVX VLJXFFHesy5I3hdL+TVDTyet5tZoDeYvvPHtCD4v6LS2wfMgTVCowphvDtoaDsm1 aDFB7oIxce7q5YcKXJ+cb+mgy8HcZ5ilSCX1wy9agIq+mfRrvrfNYkAeLobPvh93 M8arPhJhM7BKoFliAakK =fiNF -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Essential Grafana patch released for Red Hat Enterprise Linux 9, mitigating account compromise vulnerabilities linked to Azure AD OAuth..Grafana Update, Red Hat Enterprise Linux, Security Advisory, Critical Update, Account Takeover. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jul 12, 2023 Critical Red Hat
Banner 4 1028x280 1708121825 1771600306
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here