Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 5 articles for you...
89
security advisoryupdateFedoraFedora 42: rust-url 2.5.4 upgrade advisory with bugfixes
Update uv to 0.6.14, with various bugfixes and new features. Update rust-idna to 1.0.3 (fixing RUSTSEC-2024-0421), rust-url to 2.5.4, rust- adblock to 0.9.6, and rust-cookie_store to 0.21.1; adjust some reverse dependencies of rust-idna. Initial packages for many dependencies. Update rust-ron to 0.9.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-04847cb65d 2025-04-20 04:20:54.268638+00:00 -------------------------------------------------------------------------------- Name : rust-url Product : Fedora 42 Version : 2.5.4 Release : 1.fc42 URL : https://crates.io/crates/url Summary : URL library for Rust, based on the WHATWG URL Standard Description : URL library for Rust, based on the WHATWG URL Standard. -------------------------------------------------------------------------------- Update Information: Update uv to 0.6.14, with various bugfixes and new features. Update rust-idna to 1.0.3 (fixing RUSTSEC-2024-0421), rust-url to 2.5.4, rust- adblock to 0.9.6, and rust-cookie_store to 0.21.1; adjust some reverse dependencies of rust-idna. Initial packages for many dependencies. Update rust-ron to 0.9. Update rust-zip to 2.6.1, fixing GHSA-94vh-gphv-8pm8. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 9 2025 Benjamin A. Beasley - 2.5.4-1 - Update to version 2.5.4; Fixes RHBZ#2323618 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2277901 - rust-adblock-0.9.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=2277901 [ 2 ] Bug #2291175 - rust-idna-1.0.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2291175 [ 3 ] Bug #2323618 - rust-url-2.5.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2323618 [ 4 ] Bug #2324926 - rust-cookie_store-0.21.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2324926 [ 5 ] Bug #2352783 - rust-zip-2.6.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2352783 [ 6 ] Bug #2358015 - Review Request: rust-write16 - UTF-16 analog of the Write trait https://bugzilla.redhat.com/show_bug.cgi?id=2358015 [ 7 ] Bug #2358018 - Review Request: rust-utf16_iter - Iterator by char over potentially-invalid UTF-16 in &[u16] https://bugzilla.redhat.com/show_bug.cgi?id=2358018 [ 8 ] Bug #2358020 - Review Request: rust-icu_locid - API for managing Unicode Language and Locale Identifiers https://bugzilla.redhat.com/show_bug.cgi?id=2358020 [ 9 ] Bug #2358105 - Review Request: rust-icu_provider_macros - Proc macros for ICU data providers https://bugzilla.redhat.com/show_bug.cgi?id=2358105 [ 10 ] Bug #2358290 - Review Request: rust-icu_provider - Trait and struct definitions for the ICU data provider https://bugzilla.redhat.com/show_bug.cgi?id=2358290 [ 11 ] Bug #2358292 - Review Request: rust-icu_locid_transform_data - Data for the icu_locid_transform crate https://bugzilla.redhat.com/show_bug.cgi?id=2358292 [ 12 ] Bug #2358507 - Review Request: rust-icu_locid_transform - API for Unicode Language and Locale Identifiers canonicalization https://bugzilla.redhat.com/show_bug.cgi?id=2358507 [ 13 ] Bug #2358521 - Review Request: rust-icu_properties_data - Data for the icu_properties crate https://bugzilla.redhat.com/show_bug.cgi?id=2358521 [ 14 ] Bug #2358522 - Review Request: rust-icu_normalizer_data - Data for the icu_normalizer crate https://bugzilla.redhat.com/show_bug.cgi?id=2358522 [ 15 ] Bug #2358527 - Review Request: rust-icu_properties - Definitions for Unicode properties https://bugzilla.redhat.com/show_bug.cgi?id=2358527 [ 16 ] Bug #2358606 - Review Request: rust-icu_normalizer - API for normalizing text into Unicode Normalization Forms https://bugzilla.redhat.com/show_bug.cgi?id=2358606 [17 ] Bug #2358642 - Review Request: rust-idna_adapter - Back end adapter for idna https://bugzilla.redhat.com/show_bug.cgi?id=2358642 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-04847cb65d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Apr 20, 2025
•Critical
Fedora
100
security advisoryimportantauditSUSE: 2023:3603-1 Important Security Update for bci/openjdk-devel
The container bci/openjdk-devel was updated. The following patches have been included in this update:. SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3603-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-12.46 , bci/openjdk-devel:latest Container Release : 12.46 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1216123 1216174 1216378 CVE-2023-4039 CVE-2023-44487 CVE-2023-45853 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 withvariable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the samebuild. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). The following package changes have been done: - libz1-1.2.13-150500.4.3.1 updated - libnghttp2-14-1.40.0-150200.12.1 updated - libgcc_s1-13.2.1+git7813-150000.1.3.3 updated - libstdc++6-13.2.1+git7813-150000.1.3.3 updated - container:bci-openjdk-17-15.5.17-12.23 updated . SUSE releases bci/openjdk-devel to mitigate vulnerabilities. Significant enhancements involve llvm and libpng for improved performance.. SUSE Container Update, bci/openjdk-devel, gcc13 update, zlib security fix. . Severity: Important. LinuxSecurity.com Team
Oct 28, 2023
•Important
SuSE
100
security advisoryauditpatch updateSUSE: 2023:2965-1 Critical: Container-Security Patch Details
The container rancher/elemental-operator was updated. The following patches have been included in this update:. SUSE Container Update Advisory: rancher/elemental-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2964-1 Container Tags : rancher/elemental-operator:1.3.4 , rancher/elemental-operator:1.3.4-2.5 , rancher/elemental-operator:latest Container Release : 2.5 Severity : moderate Type : security References : 1201519 1204844 1210004 1211418 1211419 CVE-2023-2602 CVE-2023-2603 ----------------------------------------------------------------- The container rancher/elemental-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2765-1 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Createsymbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) The following package changes have been done: - crypto-policies-20210917.c9d86d1-150400.1.7 updated - libsemanage1-3.1-150400.1.65 removed - libsepol1-3.1-150400.1.70 removed . SUSE Software Security Announcement: updates for rancher/elemental-manager address several critical vulnerabilities.. Rancher Elemental Operator Update, Container Security Patch, SUSE Security Fix, libcap Update, Audit Recommendations. . LinuxSecurity.com Team
Sep 14, 2023
SuSE
100
security advisorymoderatesecurity updateSUSE: 2023:2778-1 Moderate: bci/openjdk-devel Security Update
The container bci/openjdk-devel was updated. The following patches have been included in this update:. SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2778-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-8.82 Container Release : 8.82 Severity : moderate Type : security References : 1186606 1194609 1201519 1204844 1208194 1209741 1210419 1210702 1211576 1212434 1213185 1213575 1213873 CVE-2023-2004 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3461-1 Released: Mon Aug 28 17:25:09 2023 Summary: Security update for freetype2 Type: security Severity: moderate References: 1210419,CVE-2023-2004 This update for freetype2 fixes the following issues: - CVE-2023-2004: Fixed integer overflow in tt_hvadvance_adjust (bsc#1210419). The following package changes have been done: - libudev1-249.16-150400.8.33.1 updated - libaudit1-3.0.6-150400.4.13.1 updated - libsystemd0-249.16-150400.8.33.1 updated - libfreetype6-2.10.4-150000.4.15.1 updated - container:bci-openjdk-11-15.5.11-9.39 updated . SUSE Container Update Advisory ID SUSE-CU-2023:2780-1 provides critical security patches and recommended enhancements for bci/openjdk-advanced.. bci/openjdk-devel, security update, patch details. . LinuxSecurity.com Team
Aug 31, 2023
SuSE
89
security advisoryFedoraXSSFedora 34: 2021-e3017c538a Moderate: Open Redirect and XSS Risks
- Resolves: rhbz#1985153 - mod_auth_openidc-2.4.9 is available - Resolves: rhbz#1986103 - CVE-2021-32786 mod_auth_openidc: open redirect in oidc_validate_redirect_url() - Resolves: rhbz#1986396 - CVE-2021-32791 mod_auth_openidc: hardcoded static IV and AAD with a reused key in AES GCM encryption - Resolves:. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-e3017c538a 2021-08-08 01:03:26.618585 --------------------------------------------------------------------------------Name : mod_auth_openidc Product : Fedora 34 Version : 2.4.9 Release : 1.fc34 URL : https://github.com/OpenIDC/mod_auth_openidc Summary : OpenID Connect auth module for Apache HTTP Server Description : This module enables an Apache 2.x web server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. --------------------------------------------------------------------------------Update Information: - Resolves: rhbz#1985153 - mod_auth_openidc-2.4.9 is available - Resolves: rhbz#1986103 - CVE-2021-32786 mod_auth_openidc: open redirect in oidc_validate_redirect_url() - Resolves: rhbz#1986396 - CVE-2021-32791 mod_auth_openidc: hardcoded static IV and AAD with a reused key in AES GCM encryption - Resolves: rhbz#1986398 - CVE-2021-32792 mod_auth_openidc: XSS when using OIDCPreservePost On --------------------------------------------------------------------------------ChangeLog: * Fri Jul 30 2021 Jakub Hrozek - 2.4.9-1 - Resolves: rhbz#1985153 - mod_auth_openidc-2.4.9 is available - Resolves: rhbz#1986103 - CVE-2021-32786 mod_auth_openidc: open redirect in oidc_validate_redirect_url() - Resolves: rhbz#1986396 - CVE-2021-32791 mod_auth_openidc: hardcoded static IV and AAD with a reused key in AES GCM encryption - Resolves:rhbz#1986398 - CVE-2021-32792 mod_auth_openidc: XSS when using OIDCPreservePost On * Thu Jul 22 2021 Fedora Release Engineering - 2.4.8.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1985153 - mod_auth_openidc-2.4.9 is available https://bugzilla.redhat.com/show_bug.cgi?id=1985153 [ 2 ] Bug #1986103 - CVE-2021-32786 mod_auth_openidc: open redirect in oidc_validate_redirect_url() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1986103 [ 3 ] Bug #1986396 - CVE-2021-32791 mod_auth_openidc: hardcoded static IV and AAD with a reused key in AES GCM encryption [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1986396 [ 4 ] Bug #1986398 - CVE-2021-32792 mod_auth_openidc: XSS when using OIDCPreservePost On [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1986398 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-e3017c538a' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Aug 07, 2021
•Important
Fedora
100
security advisorymoderatesecurity issueSUSE: 2019:0563-1 Moderate: Audit Log Escape Sequence Issue
An update that solves one vulnerability and has three fixes is now available. . SUSE Security Update: Security update for audit ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0563-1 Rating: moderate References: #1042781 #1085003 #1125535 #941922 Cross-References: CVE-2015-5186 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Desktop 12-SP4 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for audit fixes the following issues: Audit on SUSE Linux Enterprise 12 SP4 was updated to 2.8.1 to bring new features and bugfixes. (bsc#1125535 FATE#326346) * Many features were added to auparse_normalize * cli option added to auditd and audispd for setting config dir * In auditd, restore the umask after creating a log file * Option added to auditd for skipping email verification The full changelog can be found here: https://people.redhat.com/sgrubb/audit/ChangeLog - Change openldap dependency to client only (bsc#1085003) Minor security issue fixed: - CVE-2015-5186: Audit: log terminal emulator escape sequences handling (bsc#941922) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP4: zypper in -t patch SUSE-SLE-SDK-12-SP4-2019-563=1 - SUSE Linux Enterprise Server 12-SP4: zypper in -t patch SUSE-SLE-SERVER-12-SP4-2019-563=1 - SUSE Linux Enterprise Desktop 12-SP4: zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2019-563=1 Package List: - SUSE LinuxEnterprise Software Development Kit 12-SP4 (aarch64 ppc64le s390x x86_64): audit-debugsource-2.8.1-10.3.2 audit-devel-2.8.1-10.3.2 - SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64): audit-2.8.1-10.3.2 audit-audispd-plugins-2.8.1-10.3.2 audit-audispd-plugins-debuginfo-2.8.1-10.3.2 audit-debuginfo-2.8.1-10.3.2 audit-debugsource-2.8.1-10.3.2 audit-secondary-debugsource-2.8.1-10.3.2 libaudit1-2.8.1-10.3.2 libaudit1-debuginfo-2.8.1-10.3.2 libauparse0-2.8.1-10.3.2 libauparse0-debuginfo-2.8.1-10.3.2 python2-audit-2.8.1-10.3.2 python2-audit-debuginfo-2.8.1-10.3.2 python3-audit-2.8.1-10.3.2 python3-audit-debuginfo-2.8.1-10.3.2 - SUSE Linux Enterprise Server 12-SP4 (s390x x86_64): libaudit1-32bit-2.8.1-10.3.2 libaudit1-debuginfo-32bit-2.8.1-10.3.2 - SUSE Linux Enterprise Desktop 12-SP4 (x86_64): audit-2.8.1-10.3.2 audit-debuginfo-2.8.1-10.3.2 audit-debugsource-2.8.1-10.3.2 audit-secondary-debugsource-2.8.1-10.3.2 libaudit1-2.8.1-10.3.2 libaudit1-32bit-2.8.1-10.3.2 libaudit1-debuginfo-2.8.1-10.3.2 libaudit1-debuginfo-32bit-2.8.1-10.3.2 libauparse0-2.8.1-10.3.2 libauparse0-debuginfo-2.8.1-10.3.2 References: https://www.suse.com/security/cve/CVE-2015-5186.html https://bugzilla.suse.com/1042781 https://bugzilla.suse.com/1085003 https://bugzilla.suse.com/1125535 https://bugzilla.suse.com/941922 _______________________________________________ sle-security-updates mailing list
Mar 06, 2019
SuSE
89
security advisorysecurity updateinformation leakFedora 22 FEDORA-2015-13526: Audit Tools Security Issue Fix
This update fixes CVE-2015-5186. The issue is that ausearch/report did not escape terminal emulator sequences when interpreting untrusted data.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-13526 2015-08-14 23:23:21 -------------------------------------------------------------------------------- Name : audit Product : Fedora 22 Version : 2.4.4 Release : 1.fc22 URL : https://people.redhat.com/sgrubb/audit/ Summary : User space tools for 2.6 kernel auditing Description : The audit package contains the user space utilities for storing and searching the audit records generate by the audit subsystem in the Linux 2.6 kernel. -------------------------------------------------------------------------------- Update Information: This update fixes CVE-2015-5186. The issue is that ausearch/report did not escape terminal emulator sequences when interpreting untrusted data. -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 13 2015 Steve Grubb 2.4.4-1 - New upstream bugfix release - Fixes CVE-2015-5186 Audit: log terminal emulator escape sequences handling * Thu Jul 16 2015 Steve Grubb 2.4.3-1 - New upstream bugfix release - Adds python3 support * Wed Jun 17 2015 Fedora Release Engineering - 2.4.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update audit' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailinglist
Aug 19, 2015
•Important
Fedora
89
security advisoryfedoracriticalFedora 21: 2015-13471 Critical: Audit Terminal Escape Repair
This update fixes CVE-2015-5186. The issue is that ausearch/report did not escape terminal emulator sequences when interpreting untrusted data.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-13471 2015-08-14 23:17:39 -------------------------------------------------------------------------------- Name : audit Product : Fedora 21 Version : 2.4.4 Release : 1.fc21 URL : https://people.redhat.com/sgrubb/audit/ Summary : User space tools for 2.6 kernel auditing Description : The audit package contains the user space utilities for storing and searching the audit records generate by the audit subsystem in the Linux 2.6 kernel. -------------------------------------------------------------------------------- Update Information: This update fixes CVE-2015-5186. The issue is that ausearch/report did not escape terminal emulator sequences when interpreting untrusted data. -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 13 2015 Steve Grubb 2.4.4-1 - New upstream bugfix release - Fixes CVE-2015-5186 Audit: log terminal emulator escape sequences handling * Thu Jul 16 2015 Steve Grubb 2.4.3-1 - New upstream bugfix release - Adds python3 support * Wed Jun 17 2015 Fedora Release Engineering - 2.4.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild * Tue Apr 28 2015 Steve Grubb 2.4.2-1 - New upstream bugfix release * Sat Feb 21 2015 Till Maas - 2.4.1-2 - Rebuilt for Fedora 23 Change https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update audit' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by theFedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Aug 19, 2015
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!