Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 2 articles for you...
100
security advisorymoderateupdateSUSE: 2025:0019-1 moderate: sysstat integer overflows fix
* bsc#1202473 * bsc#1205224 * bsc#1211507 Cross-References: . # Security update for sysstat Announcement ID: SUSE-SU-2025:0019-1 Release Date: 2025-01-06T10:39:17Z Rating: moderate References: * bsc#1202473 * bsc#1205224 * bsc#1211507 Cross-References: * CVE-2022-39377 * CVE-2023-33204 CVSS scores: * CVE-2022-39377 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H * CVE-2022-39377 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-33204 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H * CVE-2023-33204 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * openSUSE Leap Micro 5.5 * Server Applications Module 15-SP6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for sysstat fixes the following issues: * CVE-2023-33204: Fixed a multiplication integer overflow in check_overflow in common.c (bsc#1211507) * CVE-2022-39377: Fixed arithmetic overflow in allocate_structures() (bsc#1205224) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.5 zypper in -t patch openSUSE-Leap-Micro-5.5-2025-19=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-19=1 * SUSELinux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-19=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-19=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-19=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-19=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2025-19=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-19=1 * Server Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-19=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2025-19=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-19=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-19=1 ## Package List: * openSUSE Leap Micro 5.5 (aarch64 s390x x86_64) * sysstat-debuginfo-12.0.2-150000.3.37.1 * sysstat-debugsource-12.0.2-150000.3.37.1 * sysstat-12.0.2-150000.3.37.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * sysstat-isag-12.0.2-150000.3.37.1 * sysstat-debuginfo-12.0.2-150000.3.37.1 * sysstat-debugsource-12.0.2-150000.3.37.1 * sysstat-12.0.2-150000.3.37.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * sysstat-debuginfo-12.0.2-150000.3.37.1 * sysstat-debugsource-12.0.2-150000.3.37.1 * sysstat-12.0.2-150000.3.37.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * sysstat-debuginfo-12.0.2-150000.3.37.1 * sysstat-debugsource-12.0.2-150000.3.37.1 * sysstat-12.0.2-150000.3.37.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * sysstat-debuginfo-12.0.2-150000.3.37.1 * sysstat-debugsource-12.0.2-150000.3.37.1 * sysstat-12.0.2-150000.3.37.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) *sysstat-debuginfo-12.0.2-150000.3.37.1 * sysstat-debugsource-12.0.2-150000.3.37.1 * sysstat-12.0.2-150000.3.37.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * sysstat-debuginfo-12.0.2-150000.3.37.1 * sysstat-debugsource-12.0.2-150000.3.37.1 * sysstat-12.0.2-150000.3.37.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * sysstat-debuginfo-12.0.2-150000.3.37.1 * sysstat-debugsource-12.0.2-150000.3.37.1 * sysstat-12.0.2-150000.3.37.1 * Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * sysstat-isag-12.0.2-150000.3.37.1 * sysstat-debuginfo-12.0.2-150000.3.37.1 * sysstat-debugsource-12.0.2-150000.3.37.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * sysstat-debuginfo-12.0.2-150000.3.37.1 * sysstat-debugsource-12.0.2-150000.3.37.1 * sysstat-12.0.2-150000.3.37.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * sysstat-debuginfo-12.0.2-150000.3.37.1 * sysstat-debugsource-12.0.2-150000.3.37.1 * sysstat-12.0.2-150000.3.37.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * sysstat-debuginfo-12.0.2-150000.3.37.1 * sysstat-debugsource-12.0.2-150000.3.37.1 * sysstat-12.0.2-150000.3.37.1 ## References: * https://www.suse.com/security/cve/CVE-2022-39377.html * https://www.suse.com/security/cve/CVE-2023-33204.html * https://bugzilla.suse.com/show_bug.cgi?id=1202473 * https://bugzilla.suse.com/show_bug.cgi?id=1205224 * https://bugzilla.suse.com/show_bug.cgi?id=1211507 . SUSE's latest sysstat security notice addresses significant vulnerabilities, enhancing overall stability and efficiency. Discover further details here.. sysstat security update, SUSE Linux enhancements, moderate security advisory. . LinuxSecurity.com Team
Jan 06, 2025
SuSE
202
security advisorymoderateupdateopenSUSE: 2025:0019-1 moderate: sysstat security update
An update that solves two vulnerabilities and has one security fix can now be installed.. # Security update for sysstat Announcement ID: SUSE-SU-2025:0019-1 Release Date: 2025-01-06T10:39:17Z Rating: moderate References: * bsc#1202473 * bsc#1205224 * bsc#1211507 Cross-References: * CVE-2022-39377 * CVE-2023-33204 CVSS scores: * CVE-2022-39377 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H * CVE-2022-39377 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-33204 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H * CVE-2023-33204 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * openSUSE Leap Micro 5.5 * Server Applications Module 15-SP6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for sysstat fixes the following issues: * CVE-2023-33204: Fixed a multiplication integer overflow in check_overflow in common.c (bsc#1211507) * CVE-2022-39377: Fixed arithmetic overflow in allocate_structures() (bsc#1205224) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.5 zypper in -t patch openSUSE-Leap-Micro-5.5-2025-19=1 * openSUSE Leap 15.6 zypper in -t patchopenSUSE-SLE-15.6-2025-19=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-19=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-19=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-19=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-19=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2025-19=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-19=1 * Server Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-19=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2025-19=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-19=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-19=1 ## Package List: * openSUSE Leap Micro 5.5 (aarch64 s390x x86_64) * sysstat-debuginfo-12.0.2-150000.3.37.1 * sysstat-debugsource-12.0.2-150000.3.37.1 * sysstat-12.0.2-150000.3.37.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * sysstat-isag-12.0.2-150000.3.37.1 * sysstat-debuginfo-12.0.2-150000.3.37.1 * sysstat-debugsource-12.0.2-150000.3.37.1 * sysstat-12.0.2-150000.3.37.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * sysstat-debuginfo-12.0.2-150000.3.37.1 * sysstat-debugsource-12.0.2-150000.3.37.1 * sysstat-12.0.2-150000.3.37.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * sysstat-debuginfo-12.0.2-150000.3.37.1 * sysstat-debugsource-12.0.2-150000.3.37.1 * sysstat-12.0.2-150000.3.37.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * sysstat-debuginfo-12.0.2-150000.3.37.1 * sysstat-debugsource-12.0.2-150000.3.37.1 * sysstat-12.0.2-150000.3.37.1 * SUSE Linux EnterpriseMicro 5.4 (aarch64 s390x x86_64) * sysstat-debuginfo-12.0.2-150000.3.37.1 * sysstat-debugsource-12.0.2-150000.3.37.1 * sysstat-12.0.2-150000.3.37.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * sysstat-debuginfo-12.0.2-150000.3.37.1 * sysstat-debugsource-12.0.2-150000.3.37.1 * sysstat-12.0.2-150000.3.37.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * sysstat-debuginfo-12.0.2-150000.3.37.1 * sysstat-debugsource-12.0.2-150000.3.37.1 * sysstat-12.0.2-150000.3.37.1 * Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * sysstat-isag-12.0.2-150000.3.37.1 * sysstat-debuginfo-12.0.2-150000.3.37.1 * sysstat-debugsource-12.0.2-150000.3.37.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * sysstat-debuginfo-12.0.2-150000.3.37.1 * sysstat-debugsource-12.0.2-150000.3.37.1 * sysstat-12.0.2-150000.3.37.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * sysstat-debuginfo-12.0.2-150000.3.37.1 * sysstat-debugsource-12.0.2-150000.3.37.1 * sysstat-12.0.2-150000.3.37.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * sysstat-debuginfo-12.0.2-150000.3.37.1 * sysstat-debugsource-12.0.2-150000.3.37.1 * sysstat-12.0.2-150000.3.37.1 ## References: * https://www.suse.com/security/cve/CVE-2022-39377.html * https://www.suse.com/security/cve/CVE-2023-33204.html * https://bugzilla.suse.com/show_bug.cgi?id=1202473 * https://bugzilla.suse.com/show_bug.cgi?id=1205224 * https://bugzilla.suse.com/show_bug.cgi?id=1211507 . Important sysstat upgrade for openSUSE addresses various vulnerabilities. Keep your systems protected by applying this update.. OpenSUSE Sysstat Security Patch, Integer Overflow Update, Arithmetic Overflow Fix. . LinuxSecurity.com Team
Jan 06, 2025
OpenSUSE
100
security advisorymoderatesysstatSUSE 12 SP5: SUSE-SU-2025:0012-1 moderate: sysstat arithmetic overflow
* bsc#1205224 * bsc#1211507 Cross-References: * CVE-2022-39377 . # Security update for sysstat Announcement ID: SUSE-SU-2025:0012-1 Release Date: 2025-01-03T16:51:05Z Rating: moderate References: * bsc#1205224 * bsc#1211507 Cross-References: * CVE-2022-39377 * CVE-2023-33204 CVSS scores: * CVE-2022-39377 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H * CVE-2022-39377 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-33204 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H * CVE-2023-33204 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for sysstat fixes the following issues: * CVE-2023-33204: Fixed a multiplication integer overflow in check_overflow in common.c (bsc#1211507) * CVE-2022-39377: Fixed arithmetic overflow in allocate_structures() (bsc#1205224) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-12=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * sysstat-debugsource-12.0.2-20.23.1 * sysstat-12.0.2-20.23.1 * sysstat-debuginfo-12.0.2-20.23.1 * sysstat-isag-12.0.2-20.23.1 ## References: * https://www.suse.com/security/cve/CVE-2022-39377.html * https://www.suse.com/security/cve/CVE-2023-33204.html * https://bugzilla.suse.com/show_bug.cgi?id=1205224 * https://bugzilla.suse.com/show_bug.cgi?id=1211507 . The latest release of sysstat resolves urgentvulnerabilities, notably addressing arithmetic overflow concerns found in SUSE Enterprise Server.. sysstat security update, SUSE advisory, arithmetic overflow fix, critical threats. . LinuxSecurity.com Team
Jan 03, 2025
SuSE
100
security advisorysecurity issueimportantSUSE: 2024:3524-1 important: frr arithmetic overflow threat mitigation
* bsc#1230866 Cross-References: * CVE-2017-15865 . # Security update for frr Announcement ID: SUSE-SU-2024:3524-1 Release Date: 2024-10-04T13:18:52Z Rating: important References: * bsc#1230866 Cross-References: * CVE-2017-15865 CVSS scores: * CVE-2017-15865 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2017-15865 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2017-15865 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for frr fixes the following issue: * Arithmetic overflow when parsing attribute of update packet due to regression introduced by the fix for CVE-2017-15865. (bsc#1230866) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-3524=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-3524=1 * SUSE Linux Enterprise HighPerformance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-3524=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-3524=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-3524=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3524=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-3524=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-3524=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-3524=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2024-3524=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-3524=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-3524=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * libfrrospfapiclient0-7.4-150300.4.32.1 * libfrrgrpc_pb0-7.4-150300.4.32.1 * libfrrospfapiclient0-debuginfo-7.4-150300.4.32.1 * libfrrzmq0-7.4-150300.4.32.1 * libfrr_pb0-7.4-150300.4.32.1 * libmlag_pb0-debuginfo-7.4-150300.4.32.1 * libfrr_pb0-debuginfo-7.4-150300.4.32.1 * libfrrcares0-debuginfo-7.4-150300.4.32.1 * libfrrfpm_pb0-7.4-150300.4.32.1 * libfrrsnmp0-debuginfo-7.4-150300.4.32.1 * libfrrgrpc_pb0-debuginfo-7.4-150300.4.32.1 * frr-debugsource-7.4-150300.4.32.1 * libfrrzmq0-debuginfo-7.4-150300.4.32.1 * libfrr0-7.4-150300.4.32.1 * libfrrfpm_pb0-debuginfo-7.4-150300.4.32.1 * libfrrcares0-7.4-150300.4.32.1 * libfrr0-debuginfo-7.4-150300.4.32.1 * libmlag_pb0-7.4-150300.4.32.1 *frr-devel-7.4-150300.4.32.1 * frr-debuginfo-7.4-150300.4.32.1 * libfrrsnmp0-7.4-150300.4.32.1 * frr-7.4-150300.4.32.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libfrrospfapiclient0-7.4-150300.4.32.1 * libfrrgrpc_pb0-7.4-150300.4.32.1 * libfrrospfapiclient0-debuginfo-7.4-150300.4.32.1 * libfrrzmq0-7.4-150300.4.32.1 * libfrr_pb0-7.4-150300.4.32.1 * libmlag_pb0-debuginfo-7.4-150300.4.32.1 * libfrr_pb0-debuginfo-7.4-150300.4.32.1 * libfrrcares0-debuginfo-7.4-150300.4.32.1 * libfrrfpm_pb0-7.4-150300.4.32.1 * libfrrsnmp0-debuginfo-7.4-150300.4.32.1 * frr-7.4-150300.4.32.1 * libfrrgrpc_pb0-debuginfo-7.4-150300.4.32.1 * frr-debugsource-7.4-150300.4.32.1 * libfrrzmq0-debuginfo-7.4-150300.4.32.1 * libfrr0-7.4-150300.4.32.1 * libfrrcares0-7.4-150300.4.32.1 * libfrr0-debuginfo-7.4-150300.4.32.1 * libmlag_pb0-7.4-150300.4.32.1 * frr-devel-7.4-150300.4.32.1 * frr-debuginfo-7.4-150300.4.32.1 * libfrrsnmp0-7.4-150300.4.32.1 * libfrrfpm_pb0-debuginfo-7.4-150300.4.32.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libfrrospfapiclient0-7.4-150300.4.32.1 * libfrrgrpc_pb0-7.4-150300.4.32.1 * libfrrospfapiclient0-debuginfo-7.4-150300.4.32.1 * libfrrzmq0-7.4-150300.4.32.1 * libfrr_pb0-7.4-150300.4.32.1 * libmlag_pb0-debuginfo-7.4-150300.4.32.1 * libfrr_pb0-debuginfo-7.4-150300.4.32.1 * libfrrcares0-debuginfo-7.4-150300.4.32.1 * libfrrfpm_pb0-7.4-150300.4.32.1 * libfrrsnmp0-debuginfo-7.4-150300.4.32.1 * frr-7.4-150300.4.32.1 * libfrrgrpc_pb0-debuginfo-7.4-150300.4.32.1 * frr-debugsource-7.4-150300.4.32.1 * libfrrzmq0-debuginfo-7.4-150300.4.32.1 * libfrr0-7.4-150300.4.32.1 * libfrrcares0-7.4-150300.4.32.1 * libfrr0-debuginfo-7.4-150300.4.32.1 * libmlag_pb0-7.4-150300.4.32.1 * frr-devel-7.4-150300.4.32.1 * frr-debuginfo-7.4-150300.4.32.1 * libfrrsnmp0-7.4-150300.4.32.1 * libfrrfpm_pb0-debuginfo-7.4-150300.4.32.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libfrrospfapiclient0-7.4-150300.4.32.1 * libfrrgrpc_pb0-7.4-150300.4.32.1 * libfrrospfapiclient0-debuginfo-7.4-150300.4.32.1 * libfrrzmq0-7.4-150300.4.32.1 * libfrr_pb0-7.4-150300.4.32.1 * libmlag_pb0-debuginfo-7.4-150300.4.32.1 * libfrr_pb0-debuginfo-7.4-150300.4.32.1 * libfrrcares0-debuginfo-7.4-150300.4.32.1 * libfrrfpm_pb0-7.4-150300.4.32.1 * libfrrsnmp0-debuginfo-7.4-150300.4.32.1 * frr-7.4-150300.4.32.1 * libfrrgrpc_pb0-debuginfo-7.4-150300.4.32.1 * frr-debugsource-7.4-150300.4.32.1 * libfrrzmq0-debuginfo-7.4-150300.4.32.1 * libfrr0-7.4-150300.4.32.1 * libfrrcares0-7.4-150300.4.32.1 * libfrr0-debuginfo-7.4-150300.4.32.1 * libmlag_pb0-7.4-150300.4.32.1 * frr-devel-7.4-150300.4.32.1 * frr-debuginfo-7.4-150300.4.32.1 * libfrrsnmp0-7.4-150300.4.32.1 * libfrrfpm_pb0-debuginfo-7.4-150300.4.32.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libfrrospfapiclient0-7.4-150300.4.32.1 * libfrrgrpc_pb0-7.4-150300.4.32.1 * libfrrospfapiclient0-debuginfo-7.4-150300.4.32.1 * libfrrzmq0-7.4-150300.4.32.1 * libfrr_pb0-7.4-150300.4.32.1 * libmlag_pb0-debuginfo-7.4-150300.4.32.1 * libfrr_pb0-debuginfo-7.4-150300.4.32.1 * libfrrcares0-debuginfo-7.4-150300.4.32.1 * libfrrfpm_pb0-7.4-150300.4.32.1 * libfrrsnmp0-debuginfo-7.4-150300.4.32.1 * frr-7.4-150300.4.32.1 * libfrrgrpc_pb0-debuginfo-7.4-150300.4.32.1 * frr-debugsource-7.4-150300.4.32.1 * libfrrzmq0-debuginfo-7.4-150300.4.32.1 * libfrr0-7.4-150300.4.32.1 * libfrrcares0-7.4-150300.4.32.1 * libfrr0-debuginfo-7.4-150300.4.32.1 * libmlag_pb0-7.4-150300.4.32.1 * frr-devel-7.4-150300.4.32.1 * frr-debuginfo-7.4-150300.4.32.1 * libfrrsnmp0-7.4-150300.4.32.1 * libfrrfpm_pb0-debuginfo-7.4-150300.4.32.1 * SUSE Linux Enterprise Server 15SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) * libfrrospfapiclient0-7.4-150300.4.32.1 * libfrrgrpc_pb0-7.4-150300.4.32.1 * libfrrospfapiclient0-debuginfo-7.4-150300.4.32.1 * libfrrzmq0-7.4-150300.4.32.1 * libfrr_pb0-7.4-150300.4.32.1 * libmlag_pb0-debuginfo-7.4-150300.4.32.1 * libfrr_pb0-debuginfo-7.4-150300.4.32.1 * libfrrcares0-debuginfo-7.4-150300.4.32.1 * libfrrfpm_pb0-7.4-150300.4.32.1 * libfrrsnmp0-debuginfo-7.4-150300.4.32.1 * frr-7.4-150300.4.32.1 * libfrrgrpc_pb0-debuginfo-7.4-150300.4.32.1 * frr-debugsource-7.4-150300.4.32.1 * libfrrzmq0-debuginfo-7.4-150300.4.32.1 * libfrr0-7.4-150300.4.32.1 * libfrrcares0-7.4-150300.4.32.1 * libfrr0-debuginfo-7.4-150300.4.32.1 * libmlag_pb0-7.4-150300.4.32.1 * frr-devel-7.4-150300.4.32.1 * frr-debuginfo-7.4-150300.4.32.1 * libfrrsnmp0-7.4-150300.4.32.1 * libfrrfpm_pb0-debuginfo-7.4-150300.4.32.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libfrrospfapiclient0-7.4-150300.4.32.1 * libfrrgrpc_pb0-7.4-150300.4.32.1 * libfrrospfapiclient0-debuginfo-7.4-150300.4.32.1 * libfrrzmq0-7.4-150300.4.32.1 * libfrr_pb0-7.4-150300.4.32.1 * libmlag_pb0-debuginfo-7.4-150300.4.32.1 * libfrr_pb0-debuginfo-7.4-150300.4.32.1 * libfrrcares0-debuginfo-7.4-150300.4.32.1 * libfrrfpm_pb0-7.4-150300.4.32.1 * libfrrsnmp0-debuginfo-7.4-150300.4.32.1 * frr-7.4-150300.4.32.1 * libfrrgrpc_pb0-debuginfo-7.4-150300.4.32.1 * frr-debugsource-7.4-150300.4.32.1 * libfrrzmq0-debuginfo-7.4-150300.4.32.1 * libfrr0-7.4-150300.4.32.1 * libfrrcares0-7.4-150300.4.32.1 * libfrr0-debuginfo-7.4-150300.4.32.1 * libmlag_pb0-7.4-150300.4.32.1 * frr-devel-7.4-150300.4.32.1 * frr-debuginfo-7.4-150300.4.32.1 * libfrrsnmp0-7.4-150300.4.32.1 * libfrrfpm_pb0-debuginfo-7.4-150300.4.32.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libfrrospfapiclient0-7.4-150300.4.32.1 * libfrrgrpc_pb0-7.4-150300.4.32.1 * libfrrospfapiclient0-debuginfo-7.4-150300.4.32.1 * libfrrzmq0-7.4-150300.4.32.1 * libfrr_pb0-7.4-150300.4.32.1 * libmlag_pb0-debuginfo-7.4-150300.4.32.1 * libfrr_pb0-debuginfo-7.4-150300.4.32.1 * libfrrcares0-debuginfo-7.4-150300.4.32.1 * libfrrfpm_pb0-7.4-150300.4.32.1 * libfrrsnmp0-debuginfo-7.4-150300.4.32.1 * frr-7.4-150300.4.32.1 * libfrrgrpc_pb0-debuginfo-7.4-150300.4.32.1 * frr-debugsource-7.4-150300.4.32.1 * libfrrzmq0-debuginfo-7.4-150300.4.32.1 * libfrr0-7.4-150300.4.32.1 * libfrrcares0-7.4-150300.4.32.1 * libfrr0-debuginfo-7.4-150300.4.32.1 * libmlag_pb0-7.4-150300.4.32.1 * frr-devel-7.4-150300.4.32.1 * frr-debuginfo-7.4-150300.4.32.1 * libfrrsnmp0-7.4-150300.4.32.1 * libfrrfpm_pb0-debuginfo-7.4-150300.4.32.1 * SUSE Manager Proxy 4.3 (x86_64) * libfrrospfapiclient0-7.4-150300.4.32.1 * libfrrgrpc_pb0-7.4-150300.4.32.1 * libfrrospfapiclient0-debuginfo-7.4-150300.4.32.1 * libfrrzmq0-7.4-150300.4.32.1 * libfrr_pb0-7.4-150300.4.32.1 * libmlag_pb0-debuginfo-7.4-150300.4.32.1 * libfrr_pb0-debuginfo-7.4-150300.4.32.1 * libfrrcares0-debuginfo-7.4-150300.4.32.1 * libfrrfpm_pb0-7.4-150300.4.32.1 * libfrrsnmp0-debuginfo-7.4-150300.4.32.1 * frr-7.4-150300.4.32.1 * libfrrgrpc_pb0-debuginfo-7.4-150300.4.32.1 * frr-debugsource-7.4-150300.4.32.1 * libfrrzmq0-debuginfo-7.4-150300.4.32.1 * libfrr0-7.4-150300.4.32.1 * libfrrcares0-7.4-150300.4.32.1 * libfrr0-debuginfo-7.4-150300.4.32.1 * libmlag_pb0-7.4-150300.4.32.1 * frr-devel-7.4-150300.4.32.1 * frr-debuginfo-7.4-150300.4.32.1 * libfrrsnmp0-7.4-150300.4.32.1 * libfrrfpm_pb0-debuginfo-7.4-150300.4.32.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * libfrrospfapiclient0-7.4-150300.4.32.1 * libfrrgrpc_pb0-7.4-150300.4.32.1 * libfrrospfapiclient0-debuginfo-7.4-150300.4.32.1 * libfrrzmq0-7.4-150300.4.32.1 * libfrr_pb0-7.4-150300.4.32.1 *libmlag_pb0-debuginfo-7.4-150300.4.32.1 * libfrr_pb0-debuginfo-7.4-150300.4.32.1 * libfrrcares0-debuginfo-7.4-150300.4.32.1 * libfrrfpm_pb0-7.4-150300.4.32.1 * libfrrsnmp0-debuginfo-7.4-150300.4.32.1 * frr-7.4-150300.4.32.1 * libfrrgrpc_pb0-debuginfo-7.4-150300.4.32.1 * frr-debugsource-7.4-150300.4.32.1 * libfrrzmq0-debuginfo-7.4-150300.4.32.1 * libfrr0-7.4-150300.4.32.1 * libfrrcares0-7.4-150300.4.32.1 * libfrr0-debuginfo-7.4-150300.4.32.1 * libmlag_pb0-7.4-150300.4.32.1 * frr-devel-7.4-150300.4.32.1 * frr-debuginfo-7.4-150300.4.32.1 * libfrrsnmp0-7.4-150300.4.32.1 * libfrrfpm_pb0-debuginfo-7.4-150300.4.32.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * libfrrospfapiclient0-7.4-150300.4.32.1 * libfrrgrpc_pb0-7.4-150300.4.32.1 * libfrrospfapiclient0-debuginfo-7.4-150300.4.32.1 * libfrrzmq0-7.4-150300.4.32.1 * libfrr_pb0-7.4-150300.4.32.1 * libmlag_pb0-debuginfo-7.4-150300.4.32.1 * libfrr_pb0-debuginfo-7.4-150300.4.32.1 * libfrrcares0-debuginfo-7.4-150300.4.32.1 * libfrrfpm_pb0-7.4-150300.4.32.1 * libfrrsnmp0-debuginfo-7.4-150300.4.32.1 * frr-7.4-150300.4.32.1 * libfrrgrpc_pb0-debuginfo-7.4-150300.4.32.1 * frr-debugsource-7.4-150300.4.32.1 * libfrrzmq0-debuginfo-7.4-150300.4.32.1 * libfrr0-7.4-150300.4.32.1 * libfrrcares0-7.4-150300.4.32.1 * libfrr0-debuginfo-7.4-150300.4.32.1 * libmlag_pb0-7.4-150300.4.32.1 * frr-devel-7.4-150300.4.32.1 * frr-debuginfo-7.4-150300.4.32.1 * libfrrsnmp0-7.4-150300.4.32.1 * libfrrfpm_pb0-debuginfo-7.4-150300.4.32.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libfrrospfapiclient0-7.4-150300.4.32.1 * libfrrgrpc_pb0-7.4-150300.4.32.1 * libfrrospfapiclient0-debuginfo-7.4-150300.4.32.1 * libfrrzmq0-7.4-150300.4.32.1 * libfrr_pb0-7.4-150300.4.32.1 * libmlag_pb0-debuginfo-7.4-150300.4.32.1 * libfrr_pb0-debuginfo-7.4-150300.4.32.1 * libfrrcares0-debuginfo-7.4-150300.4.32.1 *libfrrfpm_pb0-7.4-150300.4.32.1 * libfrrsnmp0-debuginfo-7.4-150300.4.32.1 * frr-7.4-150300.4.32.1 * libfrrgrpc_pb0-debuginfo-7.4-150300.4.32.1 * frr-debugsource-7.4-150300.4.32.1 * libfrrzmq0-debuginfo-7.4-150300.4.32.1 * libfrr0-7.4-150300.4.32.1 * libfrrcares0-7.4-150300.4.32.1 * libfrr0-debuginfo-7.4-150300.4.32.1 * libmlag_pb0-7.4-150300.4.32.1 * frr-devel-7.4-150300.4.32.1 * frr-debuginfo-7.4-150300.4.32.1 * libfrrsnmp0-7.4-150300.4.32.1 * libfrrfpm_pb0-debuginfo-7.4-150300.4.32.1 ## References: * https://www.suse.com/security/cve/CVE-2017-15865.html * https://bugzilla.suse.com/show_bug.cgi?id=1230866 . Critical security enhancement available for frr in SUSE addressing integer overflow flaw CVE-2017-15865. Here are the installation instructions.. frr Security Update, arithmetic overflow, SUSE Patch. . Severity: Important. LinuxSecurity.com Team
Oct 04, 2024
•Important
SuSE
172
security advisorydenial of serviceUbuntuUbuntu 23.10 USN-6471-1 Moderate: Libsndfile Denial Of Service Risk
libsndfile could be made to crash if it received specially crafted input.. ========================================================================== Ubuntu Security Notice USN-6471-1 November 02, 2023 libsndfile vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 23.04 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) - Ubuntu 14.04 LTS (Available with Ubuntu Pro) Summary: libsndfile could be made to crash if it received specially crafted input. Software Description: - libsndfile: Library for reading/writing audio files Details: It was discovered that libsndfile contained multiple arithmetic overflows. If a user or automated system were tricked into processing a specially crafted audio file, an attacker could possibly use this issue to cause a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: libsndfile1 1.2.2-1ubuntu0.23.10.1 sndfile-programs 1.2.2-1ubuntu0.23.10.1 Ubuntu 23.04: libsndfile1 1.2.0-1ubuntu0.1 sndfile-programs 1.2.0-1ubuntu0.1 Ubuntu 22.04 LTS: libsndfile1 1.0.31-2ubuntu0.1 sndfile-programs 1.0.31-2ubuntu0.1 Ubuntu 20.04 LTS: libsndfile1 1.0.28-7ubuntu0.2 sndfile-programs 1.0.28-7ubuntu0.2 Ubuntu 18.04 LTS (Available with Ubuntu Pro): libsndfile1 1.0.28-4ubuntu0.18.04.2+esm1 sndfile-programs 1.0.28-4ubuntu0.18.04.2+esm1 Ubuntu 16.04 LTS(Available with Ubuntu Pro): libsndfile1 1.0.25-10ubuntu0.16.04.3+esm3 sndfile-programs 1.0.25-10ubuntu0.16.04.3+esm3 Ubuntu 14.04 LTS (Available with Ubuntu Pro): libsndfile1 1.0.25-7ubuntu2.2+esm3 sndfile-programs 1.0.25-7ubuntu2.2+esm3 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6471-1 CVE-2022-33065 Package Information: https://launchpad.net/ubuntu/+source/libsndfile/1.2.2-1ubuntu0.23.10.1 https://launchpad.net/ubuntu/+source/libsndfile/1.2.0-1ubuntu0.1 https://launchpad.net/ubuntu/+source/libsndfile/1.0.31-2ubuntu0.1 https://launchpad.net/ubuntu/+source/libsndfile/1.0.28-7ubuntu0.2 . Ubuntu Security Notice USN-6472-1 addresses a libpng vulnerability caused by unexpected data. An update is strongly recommended.. libsndfile update, Ubuntu security, denial of service. . LinuxSecurity.com Team
Nov 02, 2023
Ubuntu
172
security advisorydenial of serviceUbuntuUbuntu 23.10 USN-6452-1 Critical: Vulnerabilities in Vim Software
Several security issues were fixed in Vim.. ========================================================================== Ubuntu Security Notice USN-6452-1 October 25, 2023 vim vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 23.04 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) - Ubuntu 14.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in Vim. Software Description: - vim: Vi IMproved - enhanced vi editor Details: It was discovered that Vim could be made to divide by zero. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04. (CVE-2023-3896) It was discovered that Vim did not properly manage memory. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2023-4733, CVE-2023-4750) It was discovered that Vim contained an arithmetic overflow. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-4734) It was discovered that Vim could be made to write out of bounds. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2023-4735, CVE-2023-5344) It was discovered that Vim could be made to write out of bounds. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 23.04 and Ubuntu 23.10. (CVE-2023-4738) It was discovered that Vim could be made to write out of bounds. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,and Ubuntu 23.04. (CVE-2023-4751) It was discovered that Vim did not properly manage memory. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-4752, CVE-2023-5535) It was discovered that Vim could be made to write out of bounds. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-4781) It was discovered that Vim could be made to dereference invalid memory. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-5441) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: vim 2:9.0.1672-1ubuntu2.1 vim-athena 2:9.0.1672-1ubuntu2.1 vim-gtk3 2:9.0.1672-1ubuntu2.1 vim-nox 2:9.0.1672-1ubuntu2.1 vim-tiny 2:9.0.1672-1ubuntu2.1 xxd 2:9.0.1672-1ubuntu2.1 Ubuntu 23.04: vim 2:9.0.1000-4ubuntu3.2 vim-athena 2:9.0.1000-4ubuntu3.2 vim-gtk3 2:9.0.1000-4ubuntu3.2 vim-nox 2:9.0.1000-4ubuntu3.2 vim-tiny 2:9.0.1000-4ubuntu3.2 xxd 2:9.0.1000-4ubuntu3.2 Ubuntu 22.04 LTS: vim 2:8.2.3995-1ubuntu2.13 vim-athena 2:8.2.3995-1ubuntu2.13 vim-gtk 2:8.2.3995-1ubuntu2.13 vim-gtk3 2:8.2.3995-1ubuntu2.13 vim-nox 2:8.2.3995-1ubuntu2.13 vim-tiny 2:8.2.3995-1ubuntu2.13 xxd 2:8.2.3995-1ubuntu2.13 Ubuntu 20.04 LTS: vim 2:8.1.2269-1ubuntu5.20 vim-athena 2:8.1.2269-1ubuntu5.20 vim-gtk 2:8.1.2269-1ubuntu5.20 vim-gtk3 2:8.1.2269-1ubuntu5.20 vim-nox 2:8.1.2269-1ubuntu5.20 vim-tiny 2:8.1.2269-1ubuntu5.20 xxd 2:8.1.2269-1ubuntu5.20 Ubuntu 18.04 LTS (Available with Ubuntu Pro): vim 2:8.0.1453-1ubuntu1.13+esm6 vim-athena 2:8.0.1453-1ubuntu1.13+esm6 vim-gtk 2:8.0.1453-1ubuntu1.13+esm6 vim-gtk3 2:8.0.1453-1ubuntu1.13+esm6 vim-nox 2:8.0.1453-1ubuntu1.13+esm6 vim-tiny 2:8.0.1453-1ubuntu1.13+esm6 xxd 2:8.0.1453-1ubuntu1.13+esm6 Ubuntu 16.04 LTS (Available with Ubuntu Pro): vim 2:7.4.1689-3ubuntu1.5+esm20 vim-athena 2:7.4.1689-3ubuntu1.5+esm20 vim-gtk 2:7.4.1689-3ubuntu1.5+esm20 vim-gtk3 2:7.4.1689-3ubuntu1.5+esm20 vim-nox 2:7.4.1689-3ubuntu1.5+esm20 vim-tiny 2:7.4.1689-3ubuntu1.5+esm20 Ubuntu 14.04 LTS (Available with Ubuntu Pro): vim 2:7.4.052-1ubuntu3.1+esm14 vim-athena 2:7.4.052-1ubuntu3.1+esm14 vim-gtk 2:7.4.052-1ubuntu3.1+esm14 vim-nox 2:7.4.052-1ubuntu3.1+esm14 vim-tiny 2:7.4.052-1ubuntu3.1+esm14 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6452-1 CVE-2023-3896, CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4738, CVE-2023-4750, CVE-2023-4751, CVE-2023-4752, CVE-2023-4781, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535 Package Information: https://launchpad.net/ubuntu/+source/vim/2:9.0.1672-1ubuntu2.1 https://launchpad.net/ubuntu/+source/vim/2:9.0.1000-4ubuntu3.2 https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.13 https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.20 . Several security vulnerabilities in Vim have been resolved on Ubuntu. Please update immediately to mitigate risk of exploitation and enhance your system's protection.. Ubuntu Security Notice, Vim Issues, Software Update, Security Fix. . Severity: Critical. LinuxSecurity.com Team
Oct 25, 2023
•Critical
Ubuntu
89
security advisorycriticalFedoraFedora 37: FEDORA-2023-4706cef256 Critical: Sysstat Arithmetic Overflow
Security fix for CVE-2023-33204. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-4706cef256 2023-07-20 05:17:50.037082 --------------------------------------------------------------------------------Name : sysstat Product : Fedora 37 Version : 12.6.2 Release : 2.fc37 URL : Summary : Collection of performance monitoring tools for Linux Description : The sysstat package contains the sar, sadf, mpstat, iostat, tapestat, pidstat, cifsiostat and sa tools for Linux. The sar command collects and reports system activity information. The information collected by sar can be saved in a file in a binary format for future inspection. The statistics reported by sar concern I/O transfer rates, paging activity, process-related activities, interrupts, network activity, memory and swap space utilization, CPU utilization, kernel activities and TTY statistics, among others. Both UP and SMP machines are fully supported. The sadf command may be used to display data collected by sar in various formats (CSV, PCP, XML, etc.). The iostat command reports CPU utilization and I/O statistics for disks. The tapestat command reports statistics for tapes connected to the system. The mpstat command reports global and per-processor statistics. The pidstat command reports statistics for Linux tasks (processes). The cifsiostat command reports I/O statistics for CIFS file systems. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2023-33204 --------------------------------------------------------------------------------ChangeLog: * Fri Jul 7 2023 psimovec - 12.6.2-2 - fix the arithmetic overflow in allocate_structures() that is still possible on some 32 bit systems (CVE-2023-33204) --------------------------------------------------------------------------------References: [ 1 ] Bug #2208270 - CVE-2023-33204 sysstat: check_overflow()function can work incorrectly that lead to an overflow https://bugzilla.redhat.com/show_bug.cgi?id=2208270 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-4706cef256' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jul 20, 2023
•Critical
Fedora
98
security advisoryRed Hat Enterprise Linuxmoderate severityRed Hat Enterprise Linux 8 RHSA-2023-2800-01 Moderate Sysstat Overflow
An update for sysstat is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: sysstat security and bug fix update Advisory ID: RHSA-2023:2800-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2800 Issue date: 2023-05-16 CVE Names: CVE-2022-39377 ==================================================================== 1. Summary: An update for sysstat is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The sysstat packages provide the sar and iostat commands. These commands enable system monitoring of disk, network, and other I/O activity. Security Fix(es): * sysstat: arithmetic overflow in allocate_structures() on 32 bit systems (CVE-2022-39377) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2141207 - CVE-2022-39377 sysstat: arithmetic overflow in allocate_structures() on 32 bit systems 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: sysstat-11.7.3-9.el8.src.rpm aarch64: sysstat-11.7.3-9.el8.aarch64.rpm sysstat-debuginfo-11.7.3-9.el8.aarch64.rpm sysstat-debugsource-11.7.3-9.el8.aarch64.rpm ppc64le: sysstat-11.7.3-9.el8.ppc64le.rpm sysstat-debuginfo-11.7.3-9.el8.ppc64le.rpm sysstat-debugsource-11.7.3-9.el8.ppc64le.rpm s390x: sysstat-11.7.3-9.el8.s390x.rpm sysstat-debuginfo-11.7.3-9.el8.s390x.rpm sysstat-debugsource-11.7.3-9.el8.s390x.rpm x86_64: sysstat-11.7.3-9.el8.x86_64.rpm sysstat-debuginfo-11.7.3-9.el8.x86_64.rpm sysstat-debugsource-11.7.3-9.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-39377 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBZGNwHtzjgjWX9erEAQgmXw//UXWwAR8s5DNEaPpZF6Nqq5puXYNU9hoi Sqg4+xBDJPSJwqepsn408wS1+t7JcQ5FyR+fV0ZgnRBuvxdHuiAcf2I/J8+c+bJV eacRPglkcTtimixE84CbHEvw+uftSjwHOXhv2mb6XcGL/p/izoWc+5CUYweJoNUv hjziDopPU/LMEZxM9KNEQrn9E6A1FrHvnCNgfPYAyKlsNZ3FVhYQPULp00PaaNhN kBZJEMryMRNzg+7obQOznN6+KlVHwZLMOezld7Det/RsHpvoC5jeceC+oGtp7Gdm IzlHEvUh7iWoYNfU6EQM9pm2k03JiNdGp5G8oCBLmEvXQfhHudHCTeGf8qUHnN4U lacpOdy3VrxyPXjAyegP6aBOrLDfvHn1RwKOp2lu06zBX60hN61f9P02MHoEMNW7 UdT1yVxsoqIi78K+2wKQLwf/izOOdttjYZfoPM6rrTVL8gZ/UmV6CwM9lVy+wiso 9DY8J252PhnMVTMXvSZkN8kIRew7J8jc1TZIowIjJnMAProCK1T6toECAED+72Kx WFzaoRVFc4Mh+o59V6V8bzviD53Z0gRcLU9o5K9TNxIkD++ptglV8VGvLx99+e54 LjTgjh5Qdz3iauUc7Zsd5ivwc+3vwcN5e+pEe7edEHH+37CI2SkmstaEQm0csZdK D6fg0m18V3U=Nf0r -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 16, 2023
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!