Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 28 articles for you...
89

Fedora 41: FEDORA-2024-256818da09 moderate: iwd authentication fix

iwd 3.3: Fix issue with handling External Authentication. iwd 3.2: Fix issue with GCC 15 and -std=c23 build errors. Add support for using PMKSA over SAE if available.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-256818da09 2024-12-30 02:11:12.209673+00:00 -------------------------------------------------------------------------------- Name : iwd Product : Fedora 41 Version : 3.3 Release : 1.fc41 URL : https://archive.kernel.org/oldwiki/iwd.wiki.kernel.org/ Summary : Wireless daemon for Linux Description : The daemon and utilities for controlling and configuring the Wi-Fi network hardware. -------------------------------------------------------------------------------- Update Information: iwd 3.3: Fix issue with handling External Authentication. iwd 3.2: Fix issue with GCC 15 and -std=c23 build errors. Add support for using PMKSA over SAE if available. Add support for HighUtilization/StationCount thresholds. Add support for disabling Multicast RX option. ell 0.71: Fix issue with GCC 15 and -std=c23 build errors. ell 0.70: Add support for helper function for safe memcpy. -------------------------------------------------------------------------------- ChangeLog: * Mon Dec 23 2024 Peter Robinson - 3.3-1 - Update to 3.3 * Mon Nov 25 2024 Peter Robinson - 3.2-1 - Update to 3.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2294016 - CVE-2023-52424 iwd: 802.11: SSID Confusion attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2294016 [ 2 ] Bug #2328735 - libell-0.71 is available https://bugzilla.redhat.com/show_bug.cgi?id=2328735 [ 3 ] Bug #2328777 - iwd-3.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2328777 -------------------------------------------------------------------------------- This update can be installed with the "dnf" updateprogram. Use su -c 'dnf upgrade --advisory FEDORA-2024-256818da09' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: . Fedora 41 release: iwd 3.3 resolves connectivity issues and corrects GCC compilation errors for improved performance.. iwd security, Fedora updates, wireless daemon security, build issues, authentication fixes. . LinuxSecurity.com Team

Calendar%202 Dec 30, 2024 Fedora
100

SUSE: 2024:0952-1 Important: Security Patch for wpa_supplicant Auth

* bsc#1219975 Cross-References: * CVE-2023-52160 . # Security update for wpa_supplicant Announcement ID: SUSE-SU-2024:0764-2 Rating: important References: * bsc#1219975 Cross-References: * CVE-2023-52160 CVSS scores: * CVE-2023-52160 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-52160 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise Micro 5.5 An update that solves one vulnerability can now be installed. ## Description: This update for wpa_supplicant fixes the following issues: * CVE-2023-52160: Bypassing WiFi Authentication (bsc#1219975). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-764=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * wpa_supplicant-debuginfo-2.10-150500.3.3.1 * wpa_supplicant-debugsource-2.10-150500.3.3.1 * wpa_supplicant-2.10-150500.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-52160.html * https://bugzilla.suse.com/show_bug.cgi?id=1219975 . SUSE announces a crucial security patch for wpa_supplicant addressing CVE-2023-52160 in SUSE Linux Enterprise Micro 5.5.. wpa_supplicant Update, SUSE Linux Security, Authentication Bypass Fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Aug 19, 2024 Important SuSE
100

SUSE: 2024:2305-1 Important: KRB5 Security Updates for Memory Errors

* bsc#1227186 * bsc#1227187 Cross-References: * CVE-2024-37370 . # Security update for krb5 Announcement ID: SUSE-SU-2024:2305-1 Rating: important References: * bsc#1227186 * bsc#1227187 Cross-References: * CVE-2024-37370 * CVE-2024-37371 CVSS scores: * CVE-2024-37370 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2024-37371 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves two vulnerabilities can now be installed. ## Description: This update for krb5 fixes the following issues: * CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). * CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-2305=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-2305=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-2305=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * krb5-plugin-preauth-otp-1.16.3-150100.3.36.1 * krb5-debugsource-1.16.3-150100.3.36.1 * krb5-plugin-preauth-otp-debuginfo-1.16.3-150100.3.36.1 *krb5-plugin-kdb-ldap-1.16.3-150100.3.36.1 * krb5-plugin-preauth-pkinit-debuginfo-1.16.3-150100.3.36.1 * krb5-plugin-kdb-ldap-debuginfo-1.16.3-150100.3.36.1 * krb5-server-debuginfo-1.16.3-150100.3.36.1 * krb5-client-1.16.3-150100.3.36.1 * krb5-1.16.3-150100.3.36.1 * krb5-plugin-preauth-pkinit-1.16.3-150100.3.36.1 * krb5-client-debuginfo-1.16.3-150100.3.36.1 * krb5-devel-1.16.3-150100.3.36.1 * krb5-server-1.16.3-150100.3.36.1 * krb5-debuginfo-1.16.3-150100.3.36.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * krb5-32bit-debuginfo-1.16.3-150100.3.36.1 * krb5-32bit-1.16.3-150100.3.36.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * krb5-plugin-preauth-otp-1.16.3-150100.3.36.1 * krb5-debugsource-1.16.3-150100.3.36.1 * krb5-plugin-preauth-otp-debuginfo-1.16.3-150100.3.36.1 * krb5-plugin-kdb-ldap-1.16.3-150100.3.36.1 * krb5-plugin-preauth-pkinit-debuginfo-1.16.3-150100.3.36.1 * krb5-plugin-kdb-ldap-debuginfo-1.16.3-150100.3.36.1 * krb5-server-debuginfo-1.16.3-150100.3.36.1 * krb5-client-1.16.3-150100.3.36.1 * krb5-1.16.3-150100.3.36.1 * krb5-plugin-preauth-pkinit-1.16.3-150100.3.36.1 * krb5-client-debuginfo-1.16.3-150100.3.36.1 * krb5-devel-1.16.3-150100.3.36.1 * krb5-server-1.16.3-150100.3.36.1 * krb5-debuginfo-1.16.3-150100.3.36.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * krb5-32bit-debuginfo-1.16.3-150100.3.36.1 * krb5-32bit-1.16.3-150100.3.36.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * krb5-plugin-preauth-otp-1.16.3-150100.3.36.1 * krb5-debugsource-1.16.3-150100.3.36.1 * krb5-plugin-preauth-otp-debuginfo-1.16.3-150100.3.36.1 * krb5-plugin-kdb-ldap-1.16.3-150100.3.36.1 * krb5-plugin-preauth-pkinit-debuginfo-1.16.3-150100.3.36.1 * krb5-plugin-kdb-ldap-debuginfo-1.16.3-150100.3.36.1 * krb5-server-debuginfo-1.16.3-150100.3.36.1 *krb5-client-1.16.3-150100.3.36.1 * krb5-1.16.3-150100.3.36.1 * krb5-plugin-preauth-pkinit-1.16.3-150100.3.36.1 * krb5-client-debuginfo-1.16.3-150100.3.36.1 * krb5-devel-1.16.3-150100.3.36.1 * krb5-server-1.16.3-150100.3.36.1 * krb5-debuginfo-1.16.3-150100.3.36.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * krb5-32bit-debuginfo-1.16.3-150100.3.36.1 * krb5-32bit-1.16.3-150100.3.36.1 ## References: * https://www.suse.com/security/cve/CVE-2024-37370.html * https://www.suse.com/security/cve/CVE-2024-37371.html * https://bugzilla.suse.com/show_bug.cgi?id=1227186 * https://bugzilla.suse.com/show_bug.cgi?id=1227187 . Crucial enhancements for krb5 tackling significant vulnerabilities in SUSE environments. Verify that your deployments are up-to-date.. krb5 patches, SUSE security, authentication vulnerabilities. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 05, 2024 Important SuSE
219

Rocky Linux 9 RLSA-2024:3754 Important: ipa Authentication Fix

Important: ipa security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2024:3754", "synopsis": "Important: ipa security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for ipa.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.\n\nSecurity Fix(es):\n\n* freeipa: delegation rules allow a proxy service to impersonate any user to access another target service (CVE-2024-2698)\n\n* freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force (CVE-2024-3183)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2270353", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2270353", "description": ""}, {"ticket": "2270685", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2270685", "description": ""}], "cves": [{"name": "CVE-2024-2698", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-2698", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2024-3183", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-3183", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}], "references": [], "publishedAt": "2024-06-14T14:00:35.848917Z", "rpms": {"Rocky Linux 9": {"nvras": ["ipa-0:4.11.0-15.el9_4.src.rpm", "ipa-client-0:4.11.0-15.el9_4.aarch64.rpm","ipa-client-0:4.11.0-15.el9_4.ppc64le.rpm", "ipa-client-0:4.11.0-15.el9_4.s390x.rpm", "ipa-client-0:4.11.0-15.el9_4.x86_64.rpm", "ipa-client-common-0:4.11.0-15.el9_4.noarch.rpm", "ipa-client-debuginfo-0:4.11.0-15.el9_4.aarch64.rpm", "ipa-client-debuginfo-0:4.11.0-15.el9_4.ppc64le.rpm", "ipa-client-debuginfo-0:4.11.0-15.el9_4.s390x.rpm", "ipa-client-debuginfo-0:4.11.0-15.el9_4.x86_64.rpm", "ipa-client-epn-0:4.11.0-15.el9_4.aarch64.rpm", "ipa-client-epn-0:4.11.0-15.el9_4.ppc64le.rpm", "ipa-client-epn-0:4.11.0-15.el9_4.s390x.rpm", "ipa-client-epn-0:4.11.0-15.el9_4.x86_64.rpm", "ipa-client-samba-0:4.11.0-15.el9_4.aarch64.rpm", "ipa-client-samba-0:4.11.0-15.el9_4.ppc64le.rpm", "ipa-client-samba-0:4.11.0-15.el9_4.s390x.rpm", "ipa-client-samba-0:4.11.0-15.el9_4.x86_64.rpm", "ipa-common-0:4.11.0-15.el9_4.noarch.rpm", "ipa-selinux-0:4.11.0-15.el9_4.noarch.rpm", "ipa-server-0:4.11.0-15.el9_4.aarch64.rpm", "ipa-server-0:4.11.0-15.el9_4.ppc64le.rpm", "ipa-server-0:4.11.0-15.el9_4.s390x.rpm", "ipa-server-0:4.11.0-15.el9_4.x86_64.rpm", "ipa-server-common-0:4.11.0-15.el9_4.noarch.rpm", "ipa-server-debuginfo-0:4.11.0-15.el9_4.aarch64.rpm", "ipa-server-debuginfo-0:4.11.0-15.el9_4.ppc64le.rpm", "ipa-server-debuginfo-0:4.11.0-15.el9_4.s390x.rpm", "ipa-server-debuginfo-0:4.11.0-15.el9_4.x86_64.rpm", "ipa-server-dns-0:4.11.0-15.el9_4.noarch.rpm", "ipa-server-trust-ad-0:4.11.0-15.el9_4.aarch64.rpm", "ipa-server-trust-ad-0:4.11.0-15.el9_4.ppc64le.rpm", "ipa-server-trust-ad-0:4.11.0-15.el9_4.s390x.rpm", "ipa-server-trust-ad-0:4.11.0-15.el9_4.x86_64.rpm", "ipa-server-trust-ad-debuginfo-0:4.11.0-15.el9_4.aarch64.rpm", "ipa-server-trust-ad-debuginfo-0:4.11.0-15.el9_4.ppc64le.rpm", "ipa-server-trust-ad-debuginfo-0:4.11.0-15.el9_4.s390x.rpm", "ipa-server-trust-ad-debuginfo-0:4.11.0-15.el9_4.x86_64.rpm", "python3-ipaclient-0:4.11.0-15.el9_4.noarch.rpm", "python3-ipalib-0:4.11.0-15.el9_4.noarch.rpm", "python3-ipaserver-0:4.11.0-15.el9_4.noarch.rpm", "python3-ipatests-0:4.11.0-15.el9_4.noarch.rpm"]}}, "rebootSuggested": false,"buildReferences": []}. The latest ipa patch from Rocky Linux tackles security flaws affecting identity verification and user access.. Rocky Linux Security Update, ipa Vulnerability Fix, Identity Management Improvements. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 14, 2024 Important Rocky Linux
202

openSUSE 15.5: SUSE-SU-2023:4506-1 moderate: Java-1_8_0-Openjdk Update

This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u392 (icedtea-3.29.0) October 2023 CPU:. # Security update for java-1_8_0-openjdk Announcement ID: SUSE-SU-2023:4506-1 Rating: moderate References: * bsc#1211968 * bsc#1216374 * bsc#1216379 Cross-References: * CVE-2015-4000 * CVE-2023-22067 * CVE-2023-22081 CVSS scores: * CVE-2015-4000 ( NVD ): 3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22067 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22067 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-22081 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-22081 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Legacy Module 15-SP4 * Legacy Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves three vulnerabilities can now be installed. ##Description: This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u392 (icedtea-3.29.0) October 2023 CPU: * CVE-2023-22067: Fixed IOR deserialization issue in CORBA (bsc#1216379). * CVE-2023-22081: Fixed certificate path validation issue during client authentication (bsc#1216374). * CVE-2015-4000: Fixed Logjam issue in SLES12SP5 (bsc#1211968). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4506=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4506=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4506=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4506=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4506=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4506=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4506=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-4506=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-4506=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4506=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4506=1 *SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4506=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4506=1 ## Package List: * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * SUSE CaaS Platform 4.0 (x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-src-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 *java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-accessibility-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * openSUSE Leap 15.4 (noarch) * java-1_8_0-openjdk-javadoc-1.8.0.392-150000.3.85.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-src-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-accessibility-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * openSUSE Leap 15.5 (noarch) * java-1_8_0-openjdk-javadoc-1.8.0.392-150000.3.85.1 * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) *java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 *java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debugsource-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-demo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-debuginfo-1.8.0.392-150000.3.85.1 * java-1_8_0-openjdk-headless-1.8.0.392-150000.3.85.1 ## References: * https://www.suse.com/security/cve/CVE-2015-4000.html * https://www.suse.com/security/cve/CVE-2023-22067.html * https://www.suse.com/security/cve/CVE-2023-22081.html * https://bugzilla.suse.com/show_bug.cgi?id=1211968 * https://bugzilla.suse.com/show_bug.cgi?id=1216374 * https://bugzilla.suse.com/show_bug.cgi?id=1216379 . Important patch release for java-1_8_0-openjdk addresses various vulnerabilities for openSUSE, featuring jdk8u392.. Java Update, openSUSE Security, OpenJDK Patch. . LinuxSecurity.com Team

Calendar%202 Nov 21, 2023 OpenSUSE
217

Oracle Linux 8 ELSA-2023-4418: Critical mod_auth_openidc Authentication Fix

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2023-4418 https://linux.oracle.com/errata/ELSA-2023-4418.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: cjose-0.6.1-3.module+el8.8.0+21137+b6cedbc2.x86_64.rpm cjose-devel-0.6.1-3.module+el8.8.0+21137+b6cedbc2.x86_64.rpm mod_auth_openidc-2.4.9.4-1.module+el8.7.0+20769+fca4d9d0.x86_64.rpm aarch64: cjose-0.6.1-3.module+el8.8.0+21137+b6cedbc2.aarch64.rpm cjose-devel-0.6.1-3.module+el8.8.0+21137+b6cedbc2.aarch64.rpm mod_auth_openidc-2.4.9.4-1.module+el8.7.0+20769+fca4d9d0.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol8/SRPMS-updates//cjose-0.6.1-3.module+el8.8.0+21137+b6cedbc2.src.rpm https://oss.oracle.com:443/ol8/SRPMS-updates//mod_auth_openidc-2.4.9.4-1.module+el8.7.0+20769+fca4d9d0.src.rpm Related CVEs: CVE-2023-37464 Description of changes: cjose [0.6.1-3] - CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE Resolves: rhbz#2223308 mod_auth_openidc [2.4.9.4-1] - Resolves: rhbz#2025368 - Rebase to new version _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux Advisory ELSA-2023-4455: Significant patch for mod_security addresses essential vulnerability concerns.. Oracle Linux Security, mod_auth_openidc, Authentication Fix. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Aug 10, 2023 Critical Oracle
219

Rocky Linux 8 RLSA-2023:4419 Critical: mod_security Enhancement Update

Important: mod_auth_openidc:2.3 security update . {"type":"TYPE_SECURITY","shortCode":"RL","name":"RLSA-2023:4418","synopsis":"Important: mod_auth_openidc:2.3 security update","severity":"SEVERITY_IMPORTANT","topic":"An update is available for module.mod_auth_openidc, cjose, module.cjose, mod_auth_openidc.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list","description":"The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and\/or OAuth 2.0 Resource Server. \n\nSecurity Fix(es):\n\n* cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE (CVE-2023-37464)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","solution":null,"affectedProducts":["Rocky Linux 8"],"fixes":[{"ticket":"2223295","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2223295","description":""}],"cves":[{"name":"CVE-2023-37464","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-37464","cvss3ScoringVector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:H\/A:N","cvss3BaseScore":"7.5","cwe":"CWE-327"}],"references":[],"publishedAt":"2023-08-08T12:34:39.911838Z","rpms":{"Rocky Linux8":{"nvras":["cjose-0:0.6.1-3.module+el8.8.0+1406+4a7f5371.aarch64.rpm","cjose-0:0.6.1-3.module+el8.8.0+1406+4a7f5371.src.rpm","cjose-debuginfo-0:0.6.1-3.module+el8.8.0+1406+4a7f5371.aarch64.rpm","cjose-debugsource-0:0.6.1-3.module+el8.8.0+1406+4a7f5371.aarch64.rpm","cjose-devel-0:0.6.1-3.module+el8.8.0+1406+4a7f5371.aarch64.rpm","mod_auth_openidc-0:2.4.9.4-1.module+el8.7.0+1061+55d14382.aarch64.rpm","mod_auth_openidc-0:2.4.9.4-1.module+el8.7.0+1061+55d14382.src.rpm","mod_auth_openidc-debuginfo-0:2.4.9.4-1.module+el8.7.0+1061+55d14382.aarch64.rpm","mod_auth_openidc-debugsource-0:2.4.9.4-1.module+el8.7.0+1061+55d14382.aarch64.rpm","cjose-0:0.6.1-3.module+el8.8.0+1406+4a7f5371.x86_64.rpm","cjose-debuginfo-0:0.6.1-3.module+el8.8.0+1406+4a7f5371.x86_64.rpm","cjose-debugsource-0:0.6.1-3.module+el8.8.0+1406+4a7f5371.x86_64.rpm","cjose-devel-0:0.6.1-3.module+el8.8.0+1406+4a7f5371.x86_64.rpm","mod_auth_openidc-0:2.4.9.4-1.module+el8.7.0+1061+55d14382.x86_64.rpm","mod_auth_openidc-debuginfo-0:2.4.9.4-1.module+el8.7.0+1061+55d14382.x86_64.rpm","mod_auth_openidc-debugsource-0:2.4.9.4-1.module+el8.7.0+1061+55d14382.x86_64.rpm"]}},"rebootSuggested":false,"buildReferences":[]} . AlmaLinux 8 reveals significant security patch for mod_auth_openidc tackling encryption vulnerabilities and addressing critical bugs.. mod_auth_openidc Security Update,Rocky Linux Authentication Module,Authentication Fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Aug 08, 2023 Important Rocky Linux
172

Ubuntu 22.10 USN-5825-2: Critical PAM Authentication Fix

USN-5825-1 caused some minor regressions in PAM.. =========================================================================Ubuntu Security Notice USN-5825-2 February 06, 2023 pam regressions ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: USN-5825-1 caused some minor regressions in PAM. Software Description: - pam: Pluggable Authentication Modules Details: USN-5825-1 fixed vulnerabilities in PAM. Unfortunately that update was incomplete and could introduce a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that PAM did not correctly restrict login from an IP address that is not resolvable via DNS. An attacker could possibly use this issue to bypass authentication. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: libpam-modules 1.5.2-2ubuntu1.3 Ubuntu 22.04 LTS: libpam-modules 1.4.0-11ubuntu2.3 Ubuntu 20.04 LTS: libpam-modules 1.3.1-5ubuntu4.6 Ubuntu 18.04 LTS: libpam-modules 1.1.8-3.6ubuntu2.18.04.6 Ubuntu 16.04 ESM: libpam-modules 1.1.8-3.2ubuntu2.3+esm4 Ubuntu 14.04 ESM: libpam-modules 1.1.8-1ubuntu2.2+esm3 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5825-2 https://ubuntu.com/security/notices/USN-5825-1 CVE-2022-28321, https://bugs.launchpad.net/ubuntu/+source/pam/+bug/2006073 Package Information: https://launchpad.net/ubuntu/+source/pam/1.5.2-2ubuntu1.3 https://launchpad.net/ubuntu/+source/pam/1.4.0-11ubuntu2.3 https://launchpad.net/ubuntu/+source/pam/1.3.1-5ubuntu4.6 https://launchpad.net/ubuntu/+source/pam/1.1.8-3.6ubuntu2.18.04.6 . Some setbacks were introduced by USN-5825-2 within PAM. Detailed upgrade instructions available for various Ubuntu versions.. Ubuntu PAM Security Update, Authentication Module Fix, USN-5825-2 Details. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Feb 06, 2023 Critical Ubuntu
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200