Explore top 10 tips to secure your open-source projects now. Read More
×
iwd 3.3: Fix issue with handling External Authentication. iwd 3.2: Fix issue with GCC 15 and -std=c23 build errors. Add support for using PMKSA over SAE if available.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-256818da09 2024-12-30 02:11:12.209673+00:00 -------------------------------------------------------------------------------- Name : iwd Product : Fedora 41 Version : 3.3 Release : 1.fc41 URL : https://archive.kernel.org/oldwiki/iwd.wiki.kernel.org/ Summary : Wireless daemon for Linux Description : The daemon and utilities for controlling and configuring the Wi-Fi network hardware. -------------------------------------------------------------------------------- Update Information: iwd 3.3: Fix issue with handling External Authentication. iwd 3.2: Fix issue with GCC 15 and -std=c23 build errors. Add support for using PMKSA over SAE if available. Add support for HighUtilization/StationCount thresholds. Add support for disabling Multicast RX option. ell 0.71: Fix issue with GCC 15 and -std=c23 build errors. ell 0.70: Add support for helper function for safe memcpy. -------------------------------------------------------------------------------- ChangeLog: * Mon Dec 23 2024 Peter Robinson - 3.3-1 - Update to 3.3 * Mon Nov 25 2024 Peter Robinson - 3.2-1 - Update to 3.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2294016 - CVE-2023-52424 iwd: 802.11: SSID Confusion attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2294016 [ 2 ] Bug #2328735 - libell-0.71 is available https://bugzilla.redhat.com/show_bug.cgi?id=2328735 [ 3 ] Bug #2328777 - iwd-3.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2328777 -------------------------------------------------------------------------------- This update can be installed with the "dnf" updateprogram. Use su -c 'dnf upgrade --advisory FEDORA-2024-256818da09' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
* bsc#1219975 Cross-References: * CVE-2023-52160 . # Security update for wpa_supplicant Announcement ID: SUSE-SU-2024:0764-2 Rating: important References: * bsc#1219975 Cross-References: * CVE-2023-52160 CVSS scores: * CVE-2023-52160 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-52160 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise Micro 5.5 An update that solves one vulnerability can now be installed. ## Description: This update for wpa_supplicant fixes the following issues: * CVE-2023-52160: Bypassing WiFi Authentication (bsc#1219975). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-764=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * wpa_supplicant-debuginfo-2.10-150500.3.3.1 * wpa_supplicant-debugsource-2.10-150500.3.3.1 * wpa_supplicant-2.10-150500.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-52160.html * https://bugzilla.suse.com/show_bug.cgi?id=1219975 . SUSE announces a crucial security patch for wpa_supplicant addressing CVE-2023-52160 in SUSE Linux Enterprise Micro 5.5.. wpa_supplicant Update, SUSE Linux Security, Authentication Bypass Fix. . Severity: Important. LinuxSecurity.com Team
* bsc#1227186 * bsc#1227187 Cross-References: * CVE-2024-37370 . # Security update for krb5 Announcement ID: SUSE-SU-2024:2305-1 Rating: important References: * bsc#1227186 * bsc#1227187 Cross-References: * CVE-2024-37370 * CVE-2024-37371 CVSS scores: * CVE-2024-37370 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2024-37371 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves two vulnerabilities can now be installed. ## Description: This update for krb5 fixes the following issues: * CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). * CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-2305=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-2305=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-2305=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * krb5-plugin-preauth-otp-1.16.3-150100.3.36.1 * krb5-debugsource-1.16.3-150100.3.36.1 * krb5-plugin-preauth-otp-debuginfo-1.16.3-150100.3.36.1 *krb5-plugin-kdb-ldap-1.16.3-150100.3.36.1 * krb5-plugin-preauth-pkinit-debuginfo-1.16.3-150100.3.36.1 * krb5-plugin-kdb-ldap-debuginfo-1.16.3-150100.3.36.1 * krb5-server-debuginfo-1.16.3-150100.3.36.1 * krb5-client-1.16.3-150100.3.36.1 * krb5-1.16.3-150100.3.36.1 * krb5-plugin-preauth-pkinit-1.16.3-150100.3.36.1 * krb5-client-debuginfo-1.16.3-150100.3.36.1 * krb5-devel-1.16.3-150100.3.36.1 * krb5-server-1.16.3-150100.3.36.1 * krb5-debuginfo-1.16.3-150100.3.36.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * krb5-32bit-debuginfo-1.16.3-150100.3.36.1 * krb5-32bit-1.16.3-150100.3.36.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * krb5-plugin-preauth-otp-1.16.3-150100.3.36.1 * krb5-debugsource-1.16.3-150100.3.36.1 * krb5-plugin-preauth-otp-debuginfo-1.16.3-150100.3.36.1 * krb5-plugin-kdb-ldap-1.16.3-150100.3.36.1 * krb5-plugin-preauth-pkinit-debuginfo-1.16.3-150100.3.36.1 * krb5-plugin-kdb-ldap-debuginfo-1.16.3-150100.3.36.1 * krb5-server-debuginfo-1.16.3-150100.3.36.1 * krb5-client-1.16.3-150100.3.36.1 * krb5-1.16.3-150100.3.36.1 * krb5-plugin-preauth-pkinit-1.16.3-150100.3.36.1 * krb5-client-debuginfo-1.16.3-150100.3.36.1 * krb5-devel-1.16.3-150100.3.36.1 * krb5-server-1.16.3-150100.3.36.1 * krb5-debuginfo-1.16.3-150100.3.36.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * krb5-32bit-debuginfo-1.16.3-150100.3.36.1 * krb5-32bit-1.16.3-150100.3.36.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * krb5-plugin-preauth-otp-1.16.3-150100.3.36.1 * krb5-debugsource-1.16.3-150100.3.36.1 * krb5-plugin-preauth-otp-debuginfo-1.16.3-150100.3.36.1 * krb5-plugin-kdb-ldap-1.16.3-150100.3.36.1 * krb5-plugin-preauth-pkinit-debuginfo-1.16.3-150100.3.36.1 * krb5-plugin-kdb-ldap-debuginfo-1.16.3-150100.3.36.1 * krb5-server-debuginfo-1.16.3-150100.3.36.1 *krb5-client-1.16.3-150100.3.36.1 * krb5-1.16.3-150100.3.36.1 * krb5-plugin-preauth-pkinit-1.16.3-150100.3.36.1 * krb5-client-debuginfo-1.16.3-150100.3.36.1 * krb5-devel-1.16.3-150100.3.36.1 * krb5-server-1.16.3-150100.3.36.1 * krb5-debuginfo-1.16.3-150100.3.36.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * krb5-32bit-debuginfo-1.16.3-150100.3.36.1 * krb5-32bit-1.16.3-150100.3.36.1 ## References: * https://www.suse.com/security/cve/CVE-2024-37370.html * https://www.suse.com/security/cve/CVE-2024-37371.html * https://bugzilla.suse.com/show_bug.cgi?id=1227186 * https://bugzilla.suse.com/show_bug.cgi?id=1227187 . Crucial enhancements for krb5 tackling significant vulnerabilities in SUSE environments. Verify that your deployments are up-to-date.. krb5 patches, SUSE security, authentication vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Important: ipa security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2024:3754", "synopsis": "Important: ipa security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for ipa.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.\n\nSecurity Fix(es):\n\n* freeipa: delegation rules allow a proxy service to impersonate any user to access another target service (CVE-2024-2698)\n\n* freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force (CVE-2024-3183)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2270353", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2270353", "description": ""}, {"ticket": "2270685", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2270685", "description": ""}], "cves": [{"name": "CVE-2024-2698", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-2698", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2024-3183", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-3183", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}], "references": [], "publishedAt": "2024-06-14T14:00:35.848917Z", "rpms": {"Rocky Linux 9": {"nvras": ["ipa-0:4.11.0-15.el9_4.src.rpm", "ipa-client-0:4.11.0-15.el9_4.aarch64.rpm","ipa-client-0:4.11.0-15.el9_4.ppc64le.rpm", "ipa-client-0:4.11.0-15.el9_4.s390x.rpm", "ipa-client-0:4.11.0-15.el9_4.x86_64.rpm", "ipa-client-common-0:4.11.0-15.el9_4.noarch.rpm", "ipa-client-debuginfo-0:4.11.0-15.el9_4.aarch64.rpm", "ipa-client-debuginfo-0:4.11.0-15.el9_4.ppc64le.rpm", "ipa-client-debuginfo-0:4.11.0-15.el9_4.s390x.rpm", "ipa-client-debuginfo-0:4.11.0-15.el9_4.x86_64.rpm", "ipa-client-epn-0:4.11.0-15.el9_4.aarch64.rpm", "ipa-client-epn-0:4.11.0-15.el9_4.ppc64le.rpm", "ipa-client-epn-0:4.11.0-15.el9_4.s390x.rpm", "ipa-client-epn-0:4.11.0-15.el9_4.x86_64.rpm", "ipa-client-samba-0:4.11.0-15.el9_4.aarch64.rpm", "ipa-client-samba-0:4.11.0-15.el9_4.ppc64le.rpm", "ipa-client-samba-0:4.11.0-15.el9_4.s390x.rpm", "ipa-client-samba-0:4.11.0-15.el9_4.x86_64.rpm", "ipa-common-0:4.11.0-15.el9_4.noarch.rpm", "ipa-selinux-0:4.11.0-15.el9_4.noarch.rpm", "ipa-server-0:4.11.0-15.el9_4.aarch64.rpm", "ipa-server-0:4.11.0-15.el9_4.ppc64le.rpm", "ipa-server-0:4.11.0-15.el9_4.s390x.rpm", "ipa-server-0:4.11.0-15.el9_4.x86_64.rpm", "ipa-server-common-0:4.11.0-15.el9_4.noarch.rpm", "ipa-server-debuginfo-0:4.11.0-15.el9_4.aarch64.rpm", "ipa-server-debuginfo-0:4.11.0-15.el9_4.ppc64le.rpm", "ipa-server-debuginfo-0:4.11.0-15.el9_4.s390x.rpm", "ipa-server-debuginfo-0:4.11.0-15.el9_4.x86_64.rpm", "ipa-server-dns-0:4.11.0-15.el9_4.noarch.rpm", "ipa-server-trust-ad-0:4.11.0-15.el9_4.aarch64.rpm", "ipa-server-trust-ad-0:4.11.0-15.el9_4.ppc64le.rpm", "ipa-server-trust-ad-0:4.11.0-15.el9_4.s390x.rpm", "ipa-server-trust-ad-0:4.11.0-15.el9_4.x86_64.rpm", "ipa-server-trust-ad-debuginfo-0:4.11.0-15.el9_4.aarch64.rpm", "ipa-server-trust-ad-debuginfo-0:4.11.0-15.el9_4.ppc64le.rpm", "ipa-server-trust-ad-debuginfo-0:4.11.0-15.el9_4.s390x.rpm", "ipa-server-trust-ad-debuginfo-0:4.11.0-15.el9_4.x86_64.rpm", "python3-ipaclient-0:4.11.0-15.el9_4.noarch.rpm", "python3-ipalib-0:4.11.0-15.el9_4.noarch.rpm", "python3-ipaserver-0:4.11.0-15.el9_4.noarch.rpm", "python3-ipatests-0:4.11.0-15.el9_4.noarch.rpm"]}}, "rebootSuggested": false,"buildReferences": []}. The latest ipa patch from Rocky Linux tackles security flaws affecting identity verification and user access.. Rocky Linux Security Update, ipa Vulnerability Fix, Identity Management Improvements. . Severity: Important. LinuxSecurity.com Team
This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u392 (icedtea-3.29.0) October 2023 CPU:. # Security update for java-1_8_0-openjdk Announcement ID: SUSE-SU-2023:4506-1 Rating: moderate References: * bsc#1211968 * bsc#1216374 * bsc#1216379 Cross-References: * CVE-2015-4000 * CVE-2023-22067 * CVE-2023-22081 CVSS scores: * CVE-2015-4000 ( NVD ): 3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22067 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22067 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22081 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-22081 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Legacy Module 15-SP4 * Legacy Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves three vulnerabilities can now be installed. ##Description: This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u392 (icedtea-3.29.0) October 2023 CPU: * CVE-2023-22067: Fixed IOR deserialization issue in CORBA (bsc#1216379). * CVE-2023-22081: Fixed certificate path validation issue during client authentication (bsc#1216374). * CVE-2015-4000: Fixed Logjam issue in SLES12SP5 (bsc#1211968). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4506=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4506=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4506=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4506=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4506=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4506=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4506=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-4506=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-4506=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4506=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4506=1 *SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4506=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4506=1 ## Package List: * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * SUSE CaaS Platform 4.0 (x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-src-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 *java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-accessibility-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * openSUSE Leap 15.4 (noarch) * java-1_8_0-openjdk-javadoc-1.8.0.392-150000.3.85.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-src-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-accessibility-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * openSUSE Leap 15.5 (noarch) * java-1_8_0-openjdk-javadoc-1.8.0.392-150000.3.85.1 * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) *java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 *java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 ## References: * https://www.suse.com/security/cve/CVE-2015-4000.html * https://www.suse.com/security/cve/CVE-2023-22067.html * https://www.suse.com/security/cve/CVE-2023-22081.html * https://bugzilla.suse.com/show_bug.cgi?id=1211968 * https://bugzilla.suse.com/show_bug.cgi?id=1216374 * https://bugzilla.suse.com/show_bug.cgi?id=1216379 . Important patch release for java-1_8_0-openjdk addresses various vulnerabilities for openSUSE, featuring jdk8u392.. Java Update, openSUSE Security, OpenJDK Patch. . LinuxSecurity.com Team
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2023-4418 https://linux.oracle.com/errata/ELSA-2023-4418.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: cjose-0.6.1-3.module+el8.8.0+21137+b6cedbc2.x86_64.rpm cjose-devel-0.6.1-3.module+el8.8.0+21137+b6cedbc2.x86_64.rpm mod_auth_openidc-2.4.9.4-1.module+el8.7.0+20769+fca4d9d0.x86_64.rpm aarch64: cjose-0.6.1-3.module+el8.8.0+21137+b6cedbc2.aarch64.rpm cjose-devel-0.6.1-3.module+el8.8.0+21137+b6cedbc2.aarch64.rpm mod_auth_openidc-2.4.9.4-1.module+el8.7.0+20769+fca4d9d0.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol8/SRPMS-updates//cjose-0.6.1-3.module+el8.8.0+21137+b6cedbc2.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//mod_auth_openidc-2.4.9.4-1.module+el8.7.0+20769+fca4d9d0.src.rpm Related CVEs: CVE-2023-37464 Description of changes: cjose [0.6.1-3] - CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE Resolves: rhbz#2223308 mod_auth_openidc [2.4.9.4-1] - Resolves: rhbz#2025368 - Rebase to new version _______________________________________________ El-errata mailing list
Important: mod_auth_openidc:2.3 security update . {"type":"TYPE_SECURITY","shortCode":"RL","name":"RLSA-2023:4418","synopsis":"Important: mod_auth_openidc:2.3 security update","severity":"SEVERITY_IMPORTANT","topic":"An update is available for module.mod_auth_openidc, cjose, module.cjose, mod_auth_openidc.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list","description":"The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and\/or OAuth 2.0 Resource Server. \n\nSecurity Fix(es):\n\n* cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE (CVE-2023-37464)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","solution":null,"affectedProducts":["Rocky Linux 8"],"fixes":[{"ticket":"2223295","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2223295","description":""}],"cves":[{"name":"CVE-2023-37464","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-37464","cvss3ScoringVector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:H\/A:N","cvss3BaseScore":"7.5","cwe":"CWE-327"}],"references":[],"publishedAt":"2023-08-08T12:34:39.911838Z","rpms":{"Rocky Linux8":{"nvras":["cjose-0:0.6.1-3.module+el8.8.0+1406+4a7f5371.aarch64.rpm","cjose-0:0.6.1-3.module+el8.8.0+1406+4a7f5371.src.rpm","cjose-debuginfo-0:0.6.1-3.module+el8.8.0+1406+4a7f5371.aarch64.rpm","cjose-debugsource-0:0.6.1-3.module+el8.8.0+1406+4a7f5371.aarch64.rpm","cjose-devel-0:0.6.1-3.module+el8.8.0+1406+4a7f5371.aarch64.rpm","mod_auth_openidc-0:2.4.9.4-1.module+el8.7.0+1061+55d14382.aarch64.rpm","mod_auth_openidc-0:2.4.9.4-1.module+el8.7.0+1061+55d14382.src.rpm","mod_auth_openidc-debuginfo-0:2.4.9.4-1.module+el8.7.0+1061+55d14382.aarch64.rpm","mod_auth_openidc-debugsource-0:2.4.9.4-1.module+el8.7.0+1061+55d14382.aarch64.rpm","cjose-0:0.6.1-3.module+el8.8.0+1406+4a7f5371.x86_64.rpm","cjose-debuginfo-0:0.6.1-3.module+el8.8.0+1406+4a7f5371.x86_64.rpm","cjose-debugsource-0:0.6.1-3.module+el8.8.0+1406+4a7f5371.x86_64.rpm","cjose-devel-0:0.6.1-3.module+el8.8.0+1406+4a7f5371.x86_64.rpm","mod_auth_openidc-0:2.4.9.4-1.module+el8.7.0+1061+55d14382.x86_64.rpm","mod_auth_openidc-debuginfo-0:2.4.9.4-1.module+el8.7.0+1061+55d14382.x86_64.rpm","mod_auth_openidc-debugsource-0:2.4.9.4-1.module+el8.7.0+1061+55d14382.x86_64.rpm"]}},"rebootSuggested":false,"buildReferences":[]} . AlmaLinux 8 reveals significant security patch for mod_auth_openidc tackling encryption vulnerabilities and addressing critical bugs.. mod_auth_openidc Security Update,Rocky Linux Authentication Module,Authentication Fix. . Severity: Important. LinuxSecurity.com Team
USN-5825-1 caused some minor regressions in PAM.. =========================================================================Ubuntu Security Notice USN-5825-2 February 06, 2023 pam regressions ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: USN-5825-1 caused some minor regressions in PAM. Software Description: - pam: Pluggable Authentication Modules Details: USN-5825-1 fixed vulnerabilities in PAM. Unfortunately that update was incomplete and could introduce a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that PAM did not correctly restrict login from an IP address that is not resolvable via DNS. An attacker could possibly use this issue to bypass authentication. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: libpam-modules 1.5.2-2ubuntu1.3 Ubuntu 22.04 LTS: libpam-modules 1.4.0-11ubuntu2.3 Ubuntu 20.04 LTS: libpam-modules 1.3.1-5ubuntu4.6 Ubuntu 18.04 LTS: libpam-modules 1.1.8-3.6ubuntu2.18.04.6 Ubuntu 16.04 ESM: libpam-modules 1.1.8-3.2ubuntu2.3+esm4 Ubuntu 14.04 ESM: libpam-modules 1.1.8-1ubuntu2.2+esm3 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5825-2 https://ubuntu.com/security/notices/USN-5825-1 CVE-2022-28321, https://bugs.launchpad.net/ubuntu/+source/pam/+bug/2006073 Package Information: https://launchpad.net/ubuntu/+source/pam/1.5.2-2ubuntu1.3 https://launchpad.net/ubuntu/+source/pam/1.4.0-11ubuntu2.3 https://launchpad.net/ubuntu/+source/pam/1.3.1-5ubuntu4.6 https://launchpad.net/ubuntu/+source/pam/1.1.8-3.6ubuntu2.18.04.6 . Some setbacks were introduced by USN-5825-2 within PAM. Detailed upgrade instructions available for various Ubuntu versions.. Ubuntu PAM Security Update, Authentication Module Fix, USN-5825-2 Details. . Severity: Critical. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.