Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 13 articles for you...
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedorasecurity fix

Fedora 43 python-dotenv Important Arbitrary Overwrite Fix CVE-2026-28684

Update to 1.2.2, security fix for CVE-2026-28684.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-20312e36a8 2026-05-21 01:26:51.960437+00:00 -------------------------------------------------------------------------------- Name : python-dotenv Product : Fedora 43 Version : 1.2.2 Release : 1.fc43 URL : https://github.com/theskumar/python-dotenv Summary : Read key-value pairs from a .env file and set them as environment variables Description : Reads the key/value pairs from a .env file and can add them to environment variables. -------------------------------------------------------------------------------- Update Information: Update to 1.2.2, security fix for CVE-2026-28684. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 30 2026 Benjamin A. Beasley - 1.2.2-1 - Update to 1.2.2 (close RHBZ#2443673) * Sat Jan 17 2026 Fedora Release Engineering - 1.1.0-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Tue Oct 28 2025 Miro Hron\u010dok - 1.1.0-6 - Remove unused build dependency on pytest-cov (redux) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2374518 - python-dotenv-1.2.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2374518 [ 2 ] Bug #2443673 - python-dotenv-1.2.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2443673 [ 3 ] Bug #2460552 - CVE-2026-28684 python-dotenv: python-dotenv: Arbitrary file overwrite via symbolic link following [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2460552 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-20312e36a8' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Update for Fedora 43 python-dotenv addressing CVE-2026-28684 security flaw improves system integrity.. Fedora Update, python-dotenv Security, CVE-2026-28684, environment variable, security fix. . Severity: Important. LinuxSecurity.com Team

Calendar 2 May 21, 2026 Important Fedora
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedoraupdate

Fedora 44 python-dotenv 1.2.2 Security Advisory CVE-2026-28684

Update to 1.2.2, security fix for CVE-2026-28684.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-79e64d2daa 2026-05-21 00:54:04.884665+00:00 -------------------------------------------------------------------------------- Name : python-dotenv Product : Fedora 44 Version : 1.2.2 Release : 1.fc44 URL : https://github.com/theskumar/python-dotenv Summary : Read key-value pairs from a .env file and set them as environment variables Description : Reads the key/value pairs from a .env file and can add them to environment variables. -------------------------------------------------------------------------------- Update Information: Update to 1.2.2, security fix for CVE-2026-28684. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 30 2026 Benjamin A. Beasley - 1.2.2-1 - Update to 1.2.2 (close RHBZ#2443673) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2374518 - python-dotenv-1.2.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2374518 [ 2 ] Bug #2443673 - python-dotenv-1.2.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2443673 [ 3 ] Bug #2460549 - CVE-2026-28684 python-dotenv: python-dotenv: Arbitrary file overwrite via symbolic link following [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2460549 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-79e64d2daa' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Arbitrary file overwrite issue fixed in python-dotenv 1.2.2 for Fedora 44. Update your system to ensure security compliance.. Fedora python dotenv security update CVE-2026-28684. . Severity: Important. LinuxSecurity.com Team

Calendar 2 May 21, 2026 Important Fedora
Banner 3 1028x280 1708121785 1771599793
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorymoderateSuSE

SUSE Linux Micro 6.0 Sed Moderate Toctou Arbitrary Overwrite 2026-21413-1

An update that solves one vulnerability can now be installed.. # Security update for sed Announcement ID: SUSE-SU-2026:21413-1 Release Date: 2026-04-27T17:24:57Z Rating: moderate References: * bsc#1262144 Cross-References: * CVE-2026-5958 CVSS scores: * CVE-2026-5958 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N * CVE-2026-5958 ( SUSE ): 6.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N * CVE-2026-5958 ( NVD ): 2.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for sed fixes the following issue: * CVE-2026-5958: TOCTOU race allows write of user-controlled content to unintended files and can lead to arbitrary file overwrite (bsc#1262144). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-688=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * sed-debuginfo-4.9-3.1 * sed-4.9-3.1 * sed-debugsource-4.9-3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-5958.html * https://bugzilla.suse.com/show_bug.cgi?id=1262144 . Update fixes sed security risk allowing arbitrary file overwrite. Installation methods included for safety.. SUSE Linux, sed security, file overwrite, security update. . LinuxSecurity.com Team

Calendar 2 Apr 30, 2026 SuSE
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisorymoderatearbitrary overwrite

openSUSE 15.3 Sed Moderate TOCTOU Race Advisory SUSE-2026-1659-1

An update that solves one vulnerability can now be installed.. # Security update for sed Announcement ID: SUSE-SU-2026:1659-1 Release Date: 2026-04-29T11:09:24Z Rating: moderate References: * bsc#1262144 Cross-References: * CVE-2026-5958 CVSS scores: * CVE-2026-5958 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N * CVE-2026-5958 ( SUSE ): 6.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N * CVE-2026-5958 ( NVD ): 2.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves one vulnerability can now be installed. ## Description: This update for sed fixes the following issues: * CVE-2026-5958: TOCTOU race allows write of user-controlled content to unintended files and can lead to arbitrary file overwrite (bsc#1262144). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-1659=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1659=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1659=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1659=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1659=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patchSUSE-SLE-Micro-5.5-2026-1659=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1659=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1659=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * sed-debugsource-4.4-150300.13.6.1 * sed-debuginfo-4.4-150300.13.6.1 * sed-4.4-150300.13.6.1 * openSUSE Leap 15.3 (noarch) * sed-lang-4.4-150300.13.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * sed-debugsource-4.4-150300.13.6.1 * sed-debuginfo-4.4-150300.13.6.1 * sed-4.4-150300.13.6.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * sed-debugsource-4.4-150300.13.6.1 * sed-debuginfo-4.4-150300.13.6.1 * sed-4.4-150300.13.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * sed-debugsource-4.4-150300.13.6.1 * sed-debuginfo-4.4-150300.13.6.1 * sed-4.4-150300.13.6.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * sed-debugsource-4.4-150300.13.6.1 * sed-debuginfo-4.4-150300.13.6.1 * sed-4.4-150300.13.6.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * sed-debugsource-4.4-150300.13.6.1 * sed-debuginfo-4.4-150300.13.6.1 * sed-4.4-150300.13.6.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * sed-debugsource-4.4-150300.13.6.1 * sed-debuginfo-4.4-150300.13.6.1 * sed-4.4-150300.13.6.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * sed-debugsource-4.4-150300.13.6.1 * sed-debuginfo-4.4-150300.13.6.1 * sed-4.4-150300.13.6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-5958.html * https://bugzilla.suse.com/show_bug.cgi?id=1262144 . An update for openSUSE addressing a moderate issue in sed that can allow arbitrary file overwrite.. openSUSE Patch Sed Security Update. . LinuxSecurity.com Team

Calendar 2 Apr 29, 2026 OpenSUSE
Banner 3 1028x280 1708121785 1771599793
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorymoderateDoS

openSUSE 15.3 SUSE-SU-2026-1659-1 sed Moderate DoS CVE-2026-5958

An update that solves one vulnerability can now be installed.. # Security update for sed Announcement ID: SUSE-SU-2026:1659-1 Release Date: 2026-04-29T11:09:24Z Rating: moderate References: * bsc#1262144 Cross-References: * CVE-2026-5958 CVSS scores: * CVE-2026-5958 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N * CVE-2026-5958 ( SUSE ): 6.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N * CVE-2026-5958 ( NVD ): 2.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves one vulnerability can now be installed. ## Description: This update for sed fixes the following issues: * CVE-2026-5958: TOCTOU race allows write of user-controlled content to unintended files and can lead to arbitrary file overwrite (bsc#1262144). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-1659=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1659=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1659=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1659=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1659=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patchSUSE-SLE-Micro-5.5-2026-1659=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1659=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1659=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * sed-debugsource-4.4-150300.13.6.1 * sed-debuginfo-4.4-150300.13.6.1 * sed-4.4-150300.13.6.1 * openSUSE Leap 15.3 (noarch) * sed-lang-4.4-150300.13.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * sed-debugsource-4.4-150300.13.6.1 * sed-debuginfo-4.4-150300.13.6.1 * sed-4.4-150300.13.6.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * sed-debugsource-4.4-150300.13.6.1 * sed-debuginfo-4.4-150300.13.6.1 * sed-4.4-150300.13.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * sed-debugsource-4.4-150300.13.6.1 * sed-debuginfo-4.4-150300.13.6.1 * sed-4.4-150300.13.6.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * sed-debugsource-4.4-150300.13.6.1 * sed-debuginfo-4.4-150300.13.6.1 * sed-4.4-150300.13.6.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * sed-debugsource-4.4-150300.13.6.1 * sed-debuginfo-4.4-150300.13.6.1 * sed-4.4-150300.13.6.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * sed-debugsource-4.4-150300.13.6.1 * sed-debuginfo-4.4-150300.13.6.1 * sed-4.4-150300.13.6.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * sed-debugsource-4.4-150300.13.6.1 * sed-debuginfo-4.4-150300.13.6.1 * sed-4.4-150300.13.6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-5958.html * https://bugzilla.suse.com/show_bug.cgi?id=1262144 . Critical security update for sed on openSUSE 15.3 resolves a moderate threat to system integrity. Update now!. openSUSE sed security update patch. . LinuxSecurity.com Team

Calendar 2 Apr 29, 2026 SuSE
100
Ls Advisories Suse Esm H240
Price Tag 1security advisoryupdateimportant

SUSE: 2025:0122-2 important: rsync security updates and fixes

* bsc#1234101 * bsc#1234102 * bsc#1234103 * bsc#1234104 . # Security update for rsync Announcement ID: SUSE-SU-2025:0122-2 Release Date: 2025-01-15T14:55:54Z Rating: important References: * bsc#1234101 * bsc#1234102 * bsc#1234103 * bsc#1234104 Cross-References: * CVE-2024-12085 * CVE-2024-12086 * CVE-2024-12087 * CVE-2024-12088 CVSS scores: * CVE-2024-12085 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-12085 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2024-12085 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-12086 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-12086 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2024-12086 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N * CVE-2024-12087 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-12087 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-12087 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2024-12088 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2024-12088 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2024-12088 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.5 * SUSE Linux Enterprise Desktop 15 SP4 LTSS * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSELinux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves four vulnerabilities can now be installed. ## Description: This update for rsync fixes the following issues: NOTE: This update was retracted as one of the fixes was broken. A new update will be issued. * CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. (bsc#1234101) * CVE-2024-12086: leak of a client machine's file contents through the processing of checksum data. (bsc#1234102) * CVE-2024-12087: arbitrary file overwrite possible on clients when symlink syncing is enabled. (bsc#1234103) * CVE-2024-12088: bypass of the --safe-links flag may allow the placement of unsafe symlinks in a client. (bsc#1234104) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2025-122=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-122=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-122=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2025-122=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-122=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patchSUSE-SLE-Product-SLES_SAP-15-SP4-2025-122=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-122=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2025-122=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-122=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-122=1 * openSUSE Leap Micro 5.5 zypper in -t patch openSUSE-Leap-Micro-5.5-2025-122=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2025-122=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-122=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-122=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-122=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-122=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2025-122=1 ## Package List: * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * rsync-3.2.3-150400.3.12.1 * rsync-debuginfo-3.2.3-150400.3.12.1 * rsync-debugsource-3.2.3-150400.3.12.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * rsync-3.2.3-150400.3.12.1 * rsync-debuginfo-3.2.3-150400.3.12.1 * rsync-debugsource-3.2.3-150400.3.12.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * rsync-3.2.3-150400.3.12.1 * rsync-debuginfo-3.2.3-150400.3.12.1 * rsync-debugsource-3.2.3-150400.3.12.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS (x86_64) * rsync-3.2.3-150400.3.12.1 * rsync-debuginfo-3.2.3-150400.3.12.1 * rsync-debugsource-3.2.3-150400.3.12.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * rsync-3.2.3-150400.3.12.1 * rsync-debuginfo-3.2.3-150400.3.12.1 *rsync-debugsource-3.2.3-150400.3.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * rsync-3.2.3-150400.3.12.1 * rsync-debuginfo-3.2.3-150400.3.12.1 * rsync-debugsource-3.2.3-150400.3.12.1 * SUSE Manager Proxy 4.3 (x86_64) * rsync-3.2.3-150400.3.12.1 * rsync-debuginfo-3.2.3-150400.3.12.1 * rsync-debugsource-3.2.3-150400.3.12.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * rsync-3.2.3-150400.3.12.1 * rsync-debuginfo-3.2.3-150400.3.12.1 * rsync-debugsource-3.2.3-150400.3.12.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * rsync-3.2.3-150400.3.12.1 * rsync-debuginfo-3.2.3-150400.3.12.1 * rsync-debugsource-3.2.3-150400.3.12.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * rsync-3.2.3-150400.3.12.1 * rsync-debuginfo-3.2.3-150400.3.12.1 * rsync-debugsource-3.2.3-150400.3.12.1 * openSUSE Leap Micro 5.5 (aarch64 s390x x86_64) * rsync-3.2.3-150400.3.12.1 * rsync-debuginfo-3.2.3-150400.3.12.1 * rsync-debugsource-3.2.3-150400.3.12.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * rsync-3.2.3-150400.3.12.1 * rsync-debuginfo-3.2.3-150400.3.12.1 * rsync-debugsource-3.2.3-150400.3.12.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * rsync-3.2.3-150400.3.12.1 * rsync-debuginfo-3.2.3-150400.3.12.1 * rsync-debugsource-3.2.3-150400.3.12.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * rsync-3.2.3-150400.3.12.1 * rsync-debuginfo-3.2.3-150400.3.12.1 * rsync-debugsource-3.2.3-150400.3.12.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * rsync-3.2.3-150400.3.12.1 * rsync-debuginfo-3.2.3-150400.3.12.1 * rsync-debugsource-3.2.3-150400.3.12.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * rsync-3.2.3-150400.3.12.1 * rsync-debuginfo-3.2.3-150400.3.12.1 * rsync-debugsource-3.2.3-150400.3.12.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * rsync-3.2.3-150400.3.12.1 * rsync-debuginfo-3.2.3-150400.3.12.1 * rsync-debugsource-3.2.3-150400.3.12.1 ## References: * https://www.suse.com/security/cve/CVE-2024-12085.html * https://www.suse.com/security/cve/CVE-2024-12086.html * https://www.suse.com/security/cve/CVE-2024-12087.html * https://www.suse.com/security/cve/CVE-2024-12088.html * https://bugzilla.suse.com/show_bug.cgi?id=1234101 * https://bugzilla.suse.com/show_bug.cgi?id=1234102 * https://bugzilla.suse.com/show_bug.cgi?id=1234103 * https://bugzilla.suse.com/show_bug.cgi?id=1234104 . Critical vulnerability patches for rsync on SUSE systems resolve various concerns and include guidelines for deployment.. SUSE, rsync, update instruction, data safety, important fixes. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jan 15, 2025 Important SuSE
Banner 3 1028x280 1708121785 1771599793
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorymoderate severityarbitrary overwrite

SUSE: 2024:4294-1 moderate: socat update for arbitrary file overwrite

* bsc#1225462 Cross-References: * CVE-2024-54661 . # Security update for socat Announcement ID: SUSE-SU-2024:4294-1 Release Date: 2024-12-11T13:06:43Z Rating: moderate References: * bsc#1225462 Cross-References: * CVE-2024-54661 CVSS scores: * CVE-2024-54661 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2024-54661 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for socat fixes the following issues: * CVE-2024-54661: Fixed arbitrary file overwrite via predictable /tmp directory (bsc#1225462) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2024-4294=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * socat-debugsource-1.7.2.4-4.3.1 * socat-1.7.2.4-4.3.1 * socat-debuginfo-1.7.2.4-4.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-54661.html * https://bugzilla.suse.com/show_bug.cgi?id=1225462 . Important enhancement for socat addresses significant challenges. Adhere to setup guidelines for openSUSE platforms now.. socat security update, suse linux server, socat patch release. . LinuxSecurity.com Team

Calendar 2 Dec 11, 2024 SuSE
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorymoderatesuse

SUSE: 2024:4295-1 moderate: socat arbitrary file overwrite

* bsc#1225462 Cross-References: * CVE-2024-54661 . # Security update for socat Announcement ID: SUSE-SU-2024:4295-1 Release Date: 2024-12-11T14:41:01Z Rating: moderate References: * bsc#1225462 Cross-References: * CVE-2024-54661 CVSS scores: * CVE-2024-54661 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2024-54661 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for socat fixes the following issues: * CVE-2024-54661: Fixed arbitrary file overwrite via predictable /tmp directory in socat readline.sh (bsc#1225462) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-4295=1 openSUSE-SLE-15.6-2024-4295=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-4295=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * socat-extra-1.8.0.0-150600.20.6.1 * socat-1.8.0.0-150600.20.6.1 * socat-debugsource-1.8.0.0-150600.20.6.1 * socat-debuginfo-1.8.0.0-150600.20.6.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * socat-1.8.0.0-150600.20.6.1 * socat-debugsource-1.8.0.0-150600.20.6.1 * socat-debuginfo-1.8.0.0-150600.20.6.1 ## References: * https://www.suse.com/security/cve/CVE-2024-54661.html * https://bugzilla.suse.com/show_bug.cgi?id=1225462 . Debian patches for dpkg address potential privilege escalation vulnerabilities. Upgrade immediately to protect your environment!. socat,SUSE, arbitrary overwrite, security fix, software updates. . LinuxSecurity.com Team

Calendar 2 Dec 11, 2024 SuSE
Banner 3 1028x280 1708121785 1771599793
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here