Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 2 articles for you...
100
security advisorySuSEimportantSUSE: Critical Authentication Vulnerability Race Condition CVE-2025-38089
* bsc#1245509 * bsc#1247315 Cross-References: * CVE-2025-38089 . # Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP7) Announcement ID: SUSE-SU-2025:03572-1 Release Date: 2025-10-12T13:33:30Z Rating: important References: * bsc#1245509 * bsc#1247315 Cross-References: * CVE-2025-38089 * CVE-2025-38477 CVSS scores: * CVE-2025-38089 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38089 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38477 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38477 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 6.4.0-150700_53_3 fixes several issues. The following security issues were fixed: * CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247315). * CVE-2025-38089: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error (bsc#1245509). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-3572=1 SUSE-2025-3573=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-3572=1 SUSE-SLE- Module-Live-Patching-15-SP6-2025-3573=1 * SUSE Linux EnterpriseLive Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2025-3574=1 ## Package List: * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_50-default-debuginfo-6-150600.2.1 * kernel-livepatch-6_4_0-150600_23_47-default-debuginfo-7-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_11-debugsource-6-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_10-debugsource-7-150600.2.1 * kernel-livepatch-6_4_0-150600_23_50-default-6-150600.2.1 * kernel-livepatch-6_4_0-150600_23_47-default-7-150600.2.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_50-default-debuginfo-6-150600.2.1 * kernel-livepatch-6_4_0-150600_23_47-default-debuginfo-7-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_11-debugsource-6-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_10-debugsource-7-150600.2.1 * kernel-livepatch-6_4_0-150600_23_50-default-6-150600.2.1 * kernel-livepatch-6_4_0-150600_23_47-default-7-150600.2.1 * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150700_53_3-default-debuginfo-5-150700.2.1 * kernel-livepatch-SLE15-SP7_Update_1-debugsource-5-150700.2.1 * kernel-livepatch-6_4_0-150700_53_3-default-5-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38089.html * https://www.suse.com/security/cve/CVE-2025-38477.html * https://bugzilla.suse.com/show_bug.cgi?id=1245509 * https://bugzilla.suse.com/show_bug.cgi?id=1247315 . SUSE Kernel security update addressing race condition and authentication errors in multiple SLE 15 versions.. SUSE Kernel Update, Security Advisory, Live Patching, Authentication Error, Race Condition. . Severity: Important. LinuxSecurity.com Team
Oct 13, 2025
•Important
SuSE
203
security advisoryprivilege escalationsecurity fixMageia 8: MGASA-2022-0296 Critical: Dovecot Auth Component Issue
An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead to an unintended security configuration and can permit privilege . MGASA-2022-0296 - Updated dovecot packages fix security vulnerability Publication date: 25 Aug 2022 URL: https://advisories.mageia.org/MGASA-2022-0296.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-30550 An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead to an unintended security configuration and can permit privilege escalation in certain configurations. The documentation does not advise against the use of passdb definitions that have the same driver and args settings. One such configuration would be where an administrator wishes to use the same PAM configuration or passwd file for both normal and master users but use the username_filter setting to restrict which of the usersis able to be a master user. (CVE-2022-30550) References: - https://bugs.mageia.org/show_bug.cgi?id=30618 - https://dovecot.org/pipermail/dovecot-news/2022-July/000477.html - https://ubuntu.com/security/notices/USN-5509-1 - - https://lists.fedoraproject.org/archives/list/
Aug 25, 2022
•Critical
Mageia
98
security advisoryRed Hatred hatRed Hat OpenShift 4.5: RHSA-2021:0313-01 Important Auth Issues
Red Hat OpenShift Container Platform release 4.5.31 is now available with updates to packages and images that fix several bugs. This release also includes a security update for Red Hat OpenShift Container Platform 4.5.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: OpenShift Container Platform 4.5.31 bug fix and security update Advisory ID: RHSA-2021:0313-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:0313 Issue date: 2021-02-09 CVE Names: CVE-2020-14382 CVE-2021-20198 ==================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.5.31 is now available with updates to packages and images that fix several bugs. This release also includes a security update for Red Hat OpenShift Container Platform 4.5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.5.31. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHBA-2021:0314 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.redhat.com/en/documentation/openshift_container_platform/4.5/html/release_notes/ocp-4-5-release-notes You may download the oc tool and use it to inspectrelease image metadata as follows: (For x86_64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.5.31-x86_64 The image digest is sha256:27951dd757d472bf913daaffa548b865e87968831ca6f42c1f6946f7dcf0564e (For s390x architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.5.31-s390x The image digest is sha256:4ee2c785e4a3b1cb0716e84d649a1489d7a72f6735ffd7a3a933218609cb58ec (For ppc64le architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.5.31-ppc64le The image digest is sha256:8469f7f1f98d595f503c7ebc1df2f3c2755012441d4d21684914db45193a55ef All OpenShift Container Platform 4.5 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor. Security Fix(es): * openshift/installer: Bootstrap nodes allow anonymous authentication on kubelet port 10250 (CVE-2021-20198) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For OpenShift Container Platform 4.5 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.5/html/release_notes/ocp-4-5-release-notes Details on how to access this content are available at - -cli.html. 4. Bugs fixed (https://bugzilla.redhat.com/): 1880333 - [release 4.5] machine-config-operator: Fix bug in reflector not recovering from "Too large resource version" 1882694 - [4.5] PIN OVS version for OVN-Kubernetes 1895202 - Helm chart fails to install using developerconsole because of TLS certificate error 1905106 - (release-4.5) Collect spec config for clusteroperator resources 1919848 - Placeholder bug for OCP 4.5.z rpm release 1920764 - CVE-2021-20198 openshift/installer: Bootstrap nodes allow anonymous authentication on kubelet port 10250 1921252 - with sharded ingresscontrollers, all shards reload when any endpoint changes 5. References: https://access.redhat.com/security/cve/CVE-2020-14382 https://access.redhat.com/security/cve/CVE-2021-20198 https://access.redhat.com/security/updates/classification#important 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYCKTz9zjgjWX9erEAQiz0RAApBxS7Ml5xWuBMKrm+Ntux7Jn0ybjvyGR F2GCtQV1XrZ7HFPGUF7mT4IsQc/tt6JPi6A48L9/r4cs6+6Lr30LYAeSP7pyZtcA w5lbN/Q/y3VPVCCbJQOCg47w4S3SJmCCV51np0uFfa1V+shh75x4k2+ej1TQBku5 GRyaEfTZOcFfGUOPID5/SwoMHu43BKzf3XXuSY/JPLuRI2M0bm9GHrHvhKkC87nF 9uocCGNZBgJKTNJFsyZEBZnw9/rOXmt4OgqJ7lcrbSnrDraopCEqZcAZfXj7T+Th 1urGpxmh0VZTRfoYMnZLpY88WLVtpRvXo7vgAhjicXPcINNNLTfm5fILbwpbs+Qb zqarWzzt8ToTMphDFmNkvrREfwd4MQRobMUYrq+dC6RDRJA6HM5K5UA/wSRuTc9J kgNdVQI+waMcH4bWo+VcdBCxF8nijuOA6LQaWGcxaJ280a0ZzM5wgUP5bvctUn7t nrjYgUchWA8bwA1ydeEGBdnU4CQ8XmZVslAURi42SGf0JLsESq0+qV2LERjbW8RY WmzvaWi2jET3vhZSysgeICzZMfcGwRw8BaUZ9Drr30jn80l3RSVh/5bUT1qXAZnz GasGJhl7fc8ubaMYCjz5txOMF+b9Rcj8yKzTa5QBtIlnuF2bU/AL9DbL2BT7lz3R zg7YwconLzc=YI/B -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Feb 09, 2021
•Important
Red Hat
202
security advisorymoderateauth issueopenSUSE: 2020:1861-1 Moderate Security Issue in gnome-settings-daemon
An update that solves one vulnerability and has one errata is now available.. openSUSE Security Update: Security update for gnome-settings-daemon, gnome-shell ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:1861-1 Rating: moderate References: #1172760 #1175155 Cross-References: CVE-2020-17489 Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for gnome-settings-daemon, gnome-shell fixes the following issues: gnome-settings-daemon: - Add support for recent UCM related changes in ALSA and PulseAudio. (jsc#SLE-16518) - Don't warn when a default source or sink is missing and the PulseAudio daemon is restarting. (jsc#SLE-16518) - Don't warn about starting/stopping services which don't exist. (bsc#1172760). gnome-shell: - Add support for recent UCM related changes in ALSA and PulseAudio. (jsc#SLE-16518) - CVE-2020-17489: reset auth prompt on vt switch before fade in in loginDialog (bsc#1175155). This update was imported from the SUSE:SLE-15-SP2:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2020-1861=1 Package List: - openSUSE Leap 15.2 (noarch): gnome-settings-daemon-lang-3.34.2+0-lp152.3.3.1 gnome-shell-lang-3.34.5-lp152.2.9.1 - openSUSE Leap 15.2 (x86_64): gnome-settings-daemon-3.34.2+0-lp152.3.3.1 gnome-settings-daemon-debuginfo-3.34.2+0-lp152.3.3.1 gnome-settings-daemon-debugsource-3.34.2+0-lp152.3.3.1 gnome-settings-daemon-devel-3.34.2+0-lp152.3.3.1 gnome-shell-3.34.5-lp152.2.9.1 gnome-shell-calendar-3.34.5-lp152.2.9.1 gnome-shell-calendar-debuginfo-3.34.5-lp152.2.9.1 gnome-shell-debuginfo-3.34.5-lp152.2.9.1 gnome-shell-debugsource-3.34.5-lp152.2.9.1 gnome-shell-devel-3.34.5-lp152.2.9.1 References: https://www.suse.com/security/cve/CVE-2020-17489.html https://bugzilla.suse.com/1172760 https://bugzilla.suse.com/1175155 -- . The latest openSUSE update for gnome-settings-daemon and gnome-shell fixes vulnerabilities identified as CVE-2020-17489, boosting system security and stability.. openSUSE, gnome-settings-daemon, gnome-shell. . LinuxSecurity.com Team
Nov 07, 2020
OpenSUSE
100
security advisorysecurity issueimportantSUSE: 2019:2035-2 Critical Update: polkit Authentication Caching Flaw
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for polkit ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2035-2 Rating: important References: #1121826 Cross-References: CVE-2019-6133 Affected Products: SUSE Enterprise Storage 5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for polkit fixes the following issues: Security issue fixed: - CVE-2019-6133: Fixed improper caching of auth decisions, which could bypass uid checking in the interactive backend (bsc#1121826). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2019-2035=1 Package List: - SUSE Enterprise Storage 5 (aarch64): libpolkit0-0.113-5.18.1 libpolkit0-debuginfo-0.113-5.18.1 polkit-0.113-5.18.1 polkit-debuginfo-0.113-5.18.1 polkit-debugsource-0.113-5.18.1 typelib-1_0-Polkit-1_0-0.113-5.18.1 References: https://www.suse.com/security/cve/CVE-2019-6133.html https://bugzilla.suse.com/1121826 _______________________________________________ sle-security-updates mailing list
Aug 16, 2019
•Important
SuSE
203
security advisorycriticalopensshMageia 6 MGASA-2018-0363: OpenSSH User Enumeration Threat
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c (CVE-2018-15473). . MGASA-2018-0363 - Updated openssh packages fix security vulnerability Publication date: 31 Aug 2018 URL: https://advisories.mageia.org/MGASA-2018-0363.html Type: security Affected Mageia releases: 6 CVE: CVE-2018-15473 OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c (CVE-2018-15473). References: - https://bugs.mageia.org/show_bug.cgi?id=23452 - https://openwall.com/lists/oss-security/2018/08/15/5 - https://sekurak.pl/openssh-users-enumeration-cve-2018-15473/ - https://www.cve.org/CVERecord?id=CVE-2018-15473 SRPMS: - 6/core/openssh-7.5p1-2.2.mga6 . MGASA-2018-0363 - Updated openssh packages fix security vulnerability Publication date: 31 Aug 2018 . openssh, through, prone, enumeration, vulnerability, delaying, bailout. . Severity: Critical. LinuxSecurity.com Team
Aug 31, 2018
•Critical
Mageia
100
security advisorybuffer overflowsambaSUSE 15: 2018:2318-1 Important: Samba Buffer Overflow Issue
An update that fixes 5 vulnerabilities is now available. . SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2318-1 Rating: important References: #1095048 #1095056 #1095057 #1103411 #1103414 Cross-References: CVE-2018-10858 CVE-2018-10918 CVE-2018-10919 CVE-2018-1139 CVE-2018-1140 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for samba fixes the following issues: The following security vulnerabilities were fixed: - CVE-2018-1139: Disable NTLMv1 auth if smb.conf doesn't allow it; (bsc#1095048) - CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query with escapes crashes; (bsc#1095056) - CVE-2018-10919: Confidential attribute disclosure via substring search; (bsc#1095057) - CVE-2018-10858: smbc_urlencode helper function is a subject to buffer overflow; (bsc#1103411) - CVE-2018-10918: Fix NULL ptr dereference in DsCrackNames on a user without a SPN; (bsc#1103414) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1555=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2018-1555=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.7.8+git.86.94b6d10f7dd-4.15.1 libdcerpc-binding0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 libdcerpc-devel-4.7.8+git.86.94b6d10f7dd-4.15.1 libdcerpc-samr-devel-4.7.8+git.86.94b6d10f7dd-4.15.1 libdcerpc-samr0-4.7.8+git.86.94b6d10f7dd-4.15.1 libdcerpc-samr0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 libdcerpc0-4.7.8+git.86.94b6d10f7dd-4.15.1 libdcerpc0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 libndr-devel-4.7.8+git.86.94b6d10f7dd-4.15.1 libndr-krb5pac-devel-4.7.8+git.86.94b6d10f7dd-4.15.1 libndr-krb5pac0-4.7.8+git.86.94b6d10f7dd-4.15.1 libndr-krb5pac0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 libndr-nbt-devel-4.7.8+git.86.94b6d10f7dd-4.15.1 libndr-nbt0-4.7.8+git.86.94b6d10f7dd-4.15.1 libndr-nbt0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 libndr-standard-devel-4.7.8+git.86.94b6d10f7dd-4.15.1 libndr-standard0-4.7.8+git.86.94b6d10f7dd-4.15.1 libndr-standard0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 libndr0-4.7.8+git.86.94b6d10f7dd-4.15.1 libndr0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 libnetapi-devel-4.7.8+git.86.94b6d10f7dd-4.15.1 libnetapi0-4.7.8+git.86.94b6d10f7dd-4.15.1 libnetapi0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 libsamba-credentials-devel-4.7.8+git.86.94b6d10f7dd-4.15.1 libsamba-credentials0-4.7.8+git.86.94b6d10f7dd-4.15.1 libsamba-credentials0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 libsamba-errors-devel-4.7.8+git.86.94b6d10f7dd-4.15.1 libsamba-errors0-4.7.8+git.86.94b6d10f7dd-4.15.1 libsamba-errors0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 libsamba-hostconfig-devel-4.7.8+git.86.94b6d10f7dd-4.15.1 libsamba-hostconfig0-4.7.8+git.86.94b6d10f7dd-4.15.1 libsamba-hostconfig0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 libsamba-passdb-devel-4.7.8+git.86.94b6d10f7dd-4.15.1 libsamba-passdb0-4.7.8+git.86.94b6d10f7dd-4.15.1 libsamba-passdb0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 libsamba-policy-devel-4.7.8+git.86.94b6d10f7dd-4.15.1 libsamba-policy0-4.7.8+git.86.94b6d10f7dd-4.15.1 libsamba-util-devel-4.7.8+git.86.94b6d10f7dd-4.15.1 libsamba-util0-4.7.8+git.86.94b6d10f7dd-4.15.1 libsamba-util0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 libsamdb-devel-4.7.8+git.86.94b6d10f7dd-4.15.1 libsamdb0-4.7.8+git.86.94b6d10f7dd-4.15.1 libsamdb0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 libsmbclient-devel-4.7.8+git.86.94b6d10f7dd-4.15.1 libsmbclient0-4.7.8+git.86.94b6d10f7dd-4.15.1 libsmbclient0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 libsmbconf-devel-4.7.8+git.86.94b6d10f7dd-4.15.1 libsmbconf0-4.7.8+git.86.94b6d10f7dd-4.15.1 libsmbconf0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 libsmbldap-devel-4.7.8+git.86.94b6d10f7dd-4.15.1 libsmbldap2-4.7.8+git.86.94b6d10f7dd-4.15.1 libsmbldap2-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 libtevent-util-devel-4.7.8+git.86.94b6d10f7dd-4.15.1 libtevent-util0-4.7.8+git.86.94b6d10f7dd-4.15.1 libtevent-util0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 libwbclient-devel-4.7.8+git.86.94b6d10f7dd-4.15.1 libwbclient0-4.7.8+git.86.94b6d10f7dd-4.15.1 libwbclient0-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 samba-4.7.8+git.86.94b6d10f7dd-4.15.1 samba-client-4.7.8+git.86.94b6d10f7dd-4.15.1 samba-client-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 samba-core-devel-4.7.8+git.86.94b6d10f7dd-4.15.1 samba-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 samba-debugsource-4.7.8+git.86.94b6d10f7dd-4.15.1 samba-libs-4.7.8+git.86.94b6d10f7dd-4.15.1 samba-libs-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 samba-winbind-4.7.8+git.86.94b6d10f7dd-4.15.1 samba-winbind-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ctdb-4.7.8+git.86.94b6d10f7dd-4.15.1 ctdb-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 samba-debuginfo-4.7.8+git.86.94b6d10f7dd-4.15.1 samba-debugsource-4.7.8+git.86.94b6d10f7dd-4.15.1 References: https://www.suse.com/security/cve/CVE-2018-10858.html https://www.suse.com/security/cve/CVE-2018-10918.html https://www.suse.com/security/cve/CVE-2018-10919.html https://www.suse.com/security/cve/CVE-2018-1139.html https://www.suse.com/security/cve/CVE-2018-1140.html https://bugzilla.suse.com/1095048 https://bugzilla.suse.com/1095056 https://bugzilla.suse.com/1095057 https://bugzilla.suse.com/1103411 https://bugzilla.suse.com/1103414 . Crucial SUSE Security Patch for Samba tackling several vulnerabilities and offering essential update guidelines.. SUSE Security, Samba Patch, System Security Update, Linux vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Aug 14, 2018
•Important
SuSE
98
security advisorymoderatered hatRed Hat: RHSA-2015:0430-01 Moderate: Virt-Who Auth Fix and Enhancements
An updated virt-who package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 7. [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Moderate: virt-who security, bug fix, and enhancement update Advisory ID: RHSA-2015:0430-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2015:0430.html Issue date: 2015-03-05 CVE Names: CVE-2014-0189 ==================================================================== 1. Summary: An updated virt-who package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch 3. Description: The virt-who package provides an agent that collects information about virtual guests present in the system and reports them to the subscription manager. It was discovered that the /etc/sysconfig/virt-who configuration file, which may contain hypervisor authentication credentials, was world-readable. A local user could use this flaw to obtain authentication credentials from this file. (CVE-2014-0189) Red Hat would like to thank Sal Castiglione for reporting this issue. The virt-who package has been upgraded to upstream version 0.11, which provides a number of bug fixes and enhancements over the previous version. The most notable bug fixes and enhancements include: * Support for remote libvirt. * A fix for using encrypted passwords. * Bug fixes and enhancements that increase thestability of virt-who. (BZ#1122489) This update also fixes the following bugs: * Prior to this update, the virt-who agent failed to read the list of virtual guests provided by the VDSM daemon. As a consequence, when in VDSM mode, the virt-who agent was not able to send updates about virtual guests to Subscription Asset Manager (SAM) and Red Hat Satellite. With this update, the agent reads the list of guests when in VDSM mode correctly and reports to SAM and Satellite as expected. (BZ#1153405) * Previously, virt-who used incorrect information when connecting to Red Hat Satellite 5. Consequently, virt-who could not connect to Red Hat Satellite 5 servers. The incorrect parameter has been corrected, and virt-who can now successfully connect to Red Hat Satellite 5. (BZ#1158859) * Prior to this update, virt-who did not decode the hexadecimal representation of a password before decrypting it. As a consequence, the decrypted password did not match the original password, and attempts to connect using the password failed. virt-who has been updated to decode the encrypted password and, as a result, virt-who now handles storing credentials using encrypted passwords as expected. (BZ#1161607) In addition, this update adds the following enhancement: * With this update, virt-who is able to read the list of guests from a remote libvirt hypervisor. (BZ#1127965) Users of virt-who are advised to upgrade to this updated package, which corrects these issues and adds these enhancements. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1065421 - Remove dependency on 'libvirt' RPM 1076290 - virt-who creat a null system in SAM server in esx mode 1082981 - Faild to add Hyper-V 2012 to SAM as virt-who communication with Hyper-V failed 1086517 - virt-who failed when testing against Satellite 5.6 due to missing folder/var/lib/virt-who in RHEL 7 1088732 - CVE-2014-0189 virt-who: plaintext hypervisor passwords in world-readable /etc/sysconfig/virt-who configuration file 1098448 - virt-who dies when the system is being unregistered 1122489 - virt-who rebase 1127965 - [RFE] Please add libvirt parameter for using Red Hat Enterprise Linux for Virtual Datacenter in kvm environments. 1153405 - virt-who can't work in the VDSM mode 1158759 - Wrong permission for configuration file /etc/sysconfig/virt-who on rhel7.1 1158803 - Can't display the running mode in the virt-who log 1158859 - virt-who uses wrong server when connecting to satellite 1159187 - "/etc/virt-who.d" hasn't been created by default. 1161434 - Take over one minute to stop/restart virt-who service in ESX mode. 1161607 - virt-who not able to decrypt encrypted password 1162049 - syslog.target depenancy 1163021 - Failed to send host/guest associate to SAM when virt-who run at esx mode 1168111 - [VDSM mode]Failed to send host/guest associate to SAM when there is a vm in the host 1168122 - virt-who incorrectly says that VM is from 'None' hypervisor 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: virt-who-0.11-5.el7.src.rpm noarch: virt-who-0.11-5.el7.noarch.rpm Red Hat Enterprise Linux Server (v. 7): Source: virt-who-0.11-5.el7.src.rpm noarch: virt-who-0.11-5.el7.noarch.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: virt-who-0.11-5.el7.src.rpm noarch: virt-who-0.11-5.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2014-0189 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2015 Red Hat, Inc. . The revised virt-who tool boosts security through important patches and enhancements for Red HatEnterprise Linux, significantly enhancing system reliability.. Red Hat Enterprise Linux, Virt-Who Security, Authentication Fix, Package Updates, System Stability. . LinuxSecurity.com Team
Mar 05, 2015
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!