Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
100
security advisorySuSEimportantSUSE Multi-Linux Manager 4.3 Security Update 2026-1031-1 CVE-2024-29371
An update that solves one vulnerability, contains two features and has 51 security fixes can now be installed.. # Maintenance update for Multi-Linux Manager 4.3: Server, Proxy and Retail Announcement ID: SUSE-SU-2026:1031-1 Release Date: 2026-03-25T10:19:43Z Rating: important References: * bsc#1213308 * bsc#1214568 * bsc#1214569 * bsc#1216711 * bsc#1217755 * bsc#1220899 * bsc#1221950 * bsc#1223368 * bsc#1227577 * bsc#1227579 * bsc#1228577 * bsc#1230876 * bsc#1232125 * bsc#1233496 * bsc#1236066 * bsc#1236799 * bsc#1237536 * bsc#1238481 * bsc#1239636 * bsc#1240565 * bsc#1241013 * bsc#1243241 * bsc#1243679 * bsc#1243768 * bsc#1243808 * bsc#1243876 * bsc#1243881 * bsc#1244177 * bsc#1244542 * bsc#1244648 * bsc#1244724 * bsc#1245241 * bsc#1245307 * bsc#1245405 * bsc#1245766 * bsc#1246421 * bsc#1246981 * bsc#1247038 * bsc#1248741 * bsc#1248804 * bsc#1249502 * bsc#1251864 * bsc#1251995 * bsc#1252937 * bsc#1253024 * bsc#1253068 * bsc#1253158 * bsc#1253322 * bsc#1253501 * bsc#1253773 * bsc#1255298 * bsc#1257538 * jsc#MSQA-1046 * jsc#SUMA-406 Cross-References: * CVE-2024-29371 CVSS scores: * CVE-2024-29371 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-29371 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-29371 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 * SUSE Linux Enterprise Desktop 15 SP1 * SUSE Linux Enterprise Desktop 15 SP2 * SUSE Linux Enterprise Desktop 15 SP3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 * SUSE Linux Enterprise High Performance Computing 15 SP1 *SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.0 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP1 * SUSE Linux Enterprise Real Time 15 SP2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Manager Client Tools for SLE 15 * SUSE Manager Client Tools for SLE Micro 5 An update that solves one vulnerability, contains two features and has 51 security fixes can now be installed. ## Recommended update 4.3.17 for Multi-Linux Manager Proxy and Retail Branch Server LTS ### Description: This update fixes the following issues: mgr-cfg: * Version 4.3.7-0 * Non-customer-facing optimization and update mgr-custom-info: * Version 4.3.4-0 * Non-customer-facingoptimization and update mgr-daemon: * Version 4.3.13-0 * Update translation strings mgr-osad: * Version 4.3.8-0 * Non-customer-facing optimization and update mgr-push: * Version 4.3.7-0 * Non-customer-facing optimization and update rhnlib: * Version 4.3.8-0 * Use more secure defusedxml parser (bsc#1227577) spacecmd: * Version 4.3.32-0 * Make caching code Py 2.7 compatible * Python 2.7 cannot re-raise exceptions * Make spacecmd to work with Python 3.12 and higher * Call print statements properly in Python 3 * Convert cached IDs to int (bsc#1251995) * Use JSON instead of pickle for spacecmd cache (bsc#1227579) spacewalk-backend: * Version 4.3.35-0 * Prevent authentication issues with traditional stack (bsc#1253068) * Fix parameter error when syncing product repositories in ISS v1 (bsc#1244724) * Fix fetching the mirrorlist with a ca bundle which include only the intermediate CAs. This is the case for RHUI CA bundles (bsc#1243241). * Use more secure defusedxml parser (bsc#1227577) spacewalk-certs-tools: * Version 4.3.27-0 * Non-customer-facing optimization and update spacewalk-client-tools: * Version 4.3.24-0 * Update translation strings spacewalk-proxy: * Version 4.3.21-0 * Non-customer-facing optimization and update spacewalk-proxy-docs: * Version 4.3.2-0 * Non-customer-facing optimization and update spacewalk-proxy-html: * Version 4.3.4-0 * Non-customer-facing optimization and update spacewalk-proxy-installer: * Version 4.3.13-0 * Configure squid replacement policy properly before cache dir (bsc#1253773) spacewalk-setup-jabberd: * Version 4.3.2-0 * Non-customer-facing optimization and update spacewalk-ssl-cert-check: * Version 4.3.4-0 * Non-customer-facing optimization and update spacewalk-web: * Version 4.3.48-0 * Fix broken CVE links in CVE audit page. * Fix bug: confirmation message missing when assigning channel to minion (bsc#1236799) * Fix URL to salt formular documentation(bsc#1248741) supportutils-plugin-susemanager-client: * Version 4.3.6-0 * Non-customer-facing optimization and update suseRegisterInfo: * Version 4.3.4-0 * Non-customer-facing optimization and update uyuni-base: * Version 4.3.3-0 * Non-customer-facing optimization and update uyuni-proxy-systemd-services: * Version 4.3.19-0 * Updated for SUSE Manager 4.3.17 How to apply this update: 1. Log in as root user to the SUSE Multi-Linux Manager Proxy or Retail Branch Server LTS. 2. Stop the proxy service: `spacewalk-proxy stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-proxy start` ## Security update 4.3.17 for Multi-Linux Manager Server LTS ### Description: This update fixes the following issues: cobbler: * Fix "test_grubimage_run" on Uyuni and SUSE Multi-Linux Manager test containers inter-server-sync: * Version 0.3.10-0 * Write log to a rotated file without rsyslog and logrotate * Recreate cobbler entries on the import (bsc#1220899) * remove support for 4.2 file based pillars * use correct hostname detection for 5.x servers (bsc#1253322) * Version 0.3.9-0 * Do not export autogenerated identity column (bsc##1244648) * Version 0.3.8-0 * Rename suseproductsccrepository to susechanneltemplate (bsc#1244648) * Allow skipping changelog export (bsc#1245307) * Add options to specify xmlRpcPassword via file path or stdin jose4j: * CVE-2024-29371: Safeguard against excessive resource utilization by restricting the size of data during JWE payload decompression (bsc#1255298) liberate-formula: * Version 0.1.1 * fix installation for liberty 7 (bsc#1246981) * Change reinstall parameter default value to false mgr-osad: * Version 4.3.8-0 * Non-customer-facing optimization and update mgr-push: * Version 4.3.7-0 * Non-customer-facing optimization and update perl-Satcon: * Version 4.3.3-0 * Non-customer-facing optimization and update prometheus-exporters-formula: *Version 1.4.2 * Allow only node exporter on transactional systems (bsc#1244542) prometheus-formula: * Version 0.9.0 * Check for supported distributions (bsc#1243876) * Fix checking Prometheus package version rhnlib: * Version 4.3.8-0 * Use more secure defusedxml parser (bsc#1227577) spacecmd: * Version 4.3.32-0 * Make caching code Py 2.7 compatible * Python 2.7 cannot re-raise exceptions * Make spacecmd to work with Python 3.12 and higher * Call print statements properly in Python 3 * Convert cached IDs to int (bsc#1251995) * Use JSON instead of pickle for spacecmd cache (bsc#1227579) spacewalk: * Version 4.3.7-0 * Non-customer-facing optimization and update spacewalk-admin: * Version 4.3.15-0 * Correctly handles http proxy empty passwords (bsc#1249502) spacewalk-backend: * Version 4.3.35-0 * Prevent authentication issues with traditional stack (bsc#1253068) * Fix parameter error when syncing product repositories in ISS v1 (bsc#1244724) * Fix fetching the mirrorlist with a ca bundle which include only the intermediate CAs. This is the case for RHUI CA bundles (bsc#1243241). * Use more secure defusedxml parser (bsc#1227577) spacewalk-branding: * Version 4.3.6-0 * Non-customer-facing optimization and update spacewalk-certs-tools: * Version 4.3.27-0 * Non-customer-facing optimization and update spacewalk-client-tools: * Version 4.3.24-0 * Update translation strings spacewalk-config: * Version 4.3.17-0 * Non-customer-facing optimization and update spacewalk-java: * Version 4.3.90-0 * Fix reposync crashing at metadata generation (bsc#1257538) * Version 4.3.89-0 * Delay highstate during bootstrap to run it after the initial minimal state (bsc#1240565) * add proxy option to provisionSystem API (bsc#1232125) * Fix dnf updateinfo showing wrong severity for security updates (bsc#1252937) * Display correct advisory link by using an errata advisory map (bsc#1243808) * Improve hibernate object creation for ServerPath(bsc#1243881) * Prevent printing user input in traceback logs and mails (bsc#1239636) * Send CPU architecture specific data to SCC (jsc#SUMA-406) * Fix broken CVE links in CVE audit page. * Fix http proxy verification (bsc#1253501) * Fix: Broken URL in API docs (bsc#1244177) * Correctly handles http proxy empty passwords (bsc#1249502) * Ensure null safety when converting from proxy paths to host names (bsc#1237536) * Use the correct identifier to map the salt migration result * Succeed liberate product migration also when reinstall packages is disabled (bsc#1248804) * Prioritize beacon data for regular minion reboot status (bsc#1245405) spacewalk-reports: * Version 4.3.6-0 * Non-customer-facing optimization and update spacewalk-search: * Version 4.3.12-0 * Non-customer-facing optimization and update spacewalk-setup: * Version 4.3.20-0 * Non-customer-facing optimization and update spacewalk-setup-jabberd: * Version 4.3.2-0 * Non-customer-facing optimization and update spacewalk-utils: * Version 4.3.25-0 * Non-customer-facing optimization and update spacewalk-web: * Version 4.3.48-0 * Fix broken CVE links in CVE audit page. * Fix bug: confirmation message missing when assigning channel to minion (bsc#1236799) * Fix URL to salt formular documentation (bsc#1248741) supportutils-plugin-susemanager: * Version 4.3.16-0 * Non-customer-facing optimization and update suseRegisterInfo: * Version 4.3.4-0 * Non-customer-facing optimization and update susemanager: * Version 4.3.43-0 * Added missing bootrap repository definition for OES 24.4 (bsc#1241013) susemanager-docs_en: * Removed CIS from list of supported OpenSCAP profiles * Fixed the incorrect path in Administration Guide (bsc#1221950) * Corrected the reactivation key varaible name (bsc#1253158) * Improved CLM procedure in Adminstration Guide (bsc#1230876) * Added commands to server migration procedures in Installation and Upgrade Guide (bsc#1214569) * Clarifiedrequirement for PAYG in Installation and Upgrade Guide (bsc#1236066) * Added information for proxy migration to Installation and Upgrade Guide (bsc#1214568) * Added reference to dry run documentation (bsc#1223368) * Added information about requesting access to PTFs (bsc#1213308) * Added lang support for new shared header to html outputs * Added shared header styles for documentation.suse.com * Removed Ubuntu 20.04 from the list supported clients in Client Configuration Guide (bsc#1238481) * Fixed output box with grep command in LTS section in Installation and Upgrade Guide (bsc#1247038) * Added procedure to reregister client behind a proxy after renaming the server (bsc#1245766) * Fixed the admonition in Client Configuration Guide (bsc#1233496) * Reorganised files for better visibility of differences between AutoYaST and Kickstart profiles (bsc#1217755) * Fixed command for public cloud module in Installation and Upgrade Guide (bsc#1216711) * Removed obsolete command from Administration Guide (bsc#1228577) * Renamed parameter in Specialized Guides (bsc#1245241) susemanager-schema: * Version 4.3.30-0 * Store CPU architecture specific data (jsc#SUMA-406) * Creation of table suseErrataAdvisoryMap and added errata-advisory-map-sync taskomatic job fixing bug (bsc#1243808) susemanager-sls: * Version 4.3.53-0 * Automatically deploy IBM GPG keys to SUSE minions (bsc#1246421) * Succeed liberate product migration also when reinstall packages is disabled (bsc#1248804) * Adjust sls files for python311-kiwi (bsc#1251864)(bsc#1253024) * Collect CPU architecture specific data on hardware profile update (jsc#SUMA-406) susemanager-tftpsync: * Version 4.3.5-0 * Use TLS in sync_post_tftpd_proxies (bsc#1243679) * Refuse files with shell characters (bsc#1243768) uyuni-base: * Version 4.3.3-0 * Non-customer-facing optimization and update How to apply this update: 1. Log in as root user to the SUSE Multi-Linux Manager Server LTS. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` ## Recommended update for uyuni-proxy-systemd-services ### Description: This update fixes the following issues: uyuni-proxy-systemd-services: * Version 4.3.19-0 * Update for SUSE Manager 4.3.17 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for SLE 15 zypper in -t patch SUSE-SLE-Manager-Tools-15-2026-1031=1 * SUSE Manager Client Tools for SLE Micro 5 zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2026-1031=1 ## Package List: * SUSE Manager Client Tools for SLE 15 (noarch) * uyuni-proxy-systemd-services-4.3.19-150000.1.40.2 * SUSE Manager Client Tools for SLE Micro 5 (noarch) * uyuni-proxy-systemd-services-4.3.19-150000.1.40.2 ## References: * https://www.suse.com/security/cve/CVE-2024-29371.html * https://bugzilla.suse.com/show_bug.cgi?id=1213308 * https://bugzilla.suse.com/show_bug.cgi?id=1214568 * https://bugzilla.suse.com/show_bug.cgi?id=1214569 * https://bugzilla.suse.com/show_bug.cgi?id=1216711 * https://bugzilla.suse.com/show_bug.cgi?id=1217755 * https://bugzilla.suse.com/show_bug.cgi?id=1220899 * https://bugzilla.suse.com/show_bug.cgi?id=1221950 * https://bugzilla.suse.com/show_bug.cgi?id=1223368 * https://bugzilla.suse.com/show_bug.cgi?id=1227577 * https://bugzilla.suse.com/show_bug.cgi?id=1227579 * https://bugzilla.suse.com/show_bug.cgi?id=1228577 * https://bugzilla.suse.com/show_bug.cgi?id=1230876 * https://bugzilla.suse.com/show_bug.cgi?id=1232125 * https://bugzilla.suse.com/show_bug.cgi?id=1233496 * https://bugzilla.suse.com/show_bug.cgi?id=1236066 * https://bugzilla.suse.com/show_bug.cgi?id=1236799 *https://bugzilla.suse.com/show_bug.cgi?id=1237536 * https://bugzilla.suse.com/show_bug.cgi?id=1238481 * https://bugzilla.suse.com/show_bug.cgi?id=1239636 * https://bugzilla.suse.com/show_bug.cgi?id=1240565 * https://bugzilla.suse.com/show_bug.cgi?id=1241013 * https://bugzilla.suse.com/show_bug.cgi?id=1243241 * https://bugzilla.suse.com/show_bug.cgi?id=1243679 * https://bugzilla.suse.com/show_bug.cgi?id=1243768 * https://bugzilla.suse.com/show_bug.cgi?id=1243808 * https://bugzilla.suse.com/show_bug.cgi?id=1243876 * https://bugzilla.suse.com/show_bug.cgi?id=1243881 * https://bugzilla.suse.com/show_bug.cgi?id=1244177 * https://bugzilla.suse.com/show_bug.cgi?id=1244542 * https://bugzilla.suse.com/show_bug.cgi?id=1244648 * https://bugzilla.suse.com/show_bug.cgi?id=1244724 * https://bugzilla.suse.com/show_bug.cgi?id=1245241 * https://bugzilla.suse.com/show_bug.cgi?id=1245307 * https://bugzilla.suse.com/show_bug.cgi?id=1245405 * https://bugzilla.suse.com/show_bug.cgi?id=1245766 * https://bugzilla.suse.com/show_bug.cgi?id=1246421 * https://bugzilla.suse.com/show_bug.cgi?id=1246981 * https://bugzilla.suse.com/show_bug.cgi?id=1247038 * https://bugzilla.suse.com/show_bug.cgi?id=1248741 * https://bugzilla.suse.com/show_bug.cgi?id=1248804 * https://bugzilla.suse.com/show_bug.cgi?id=1249502 * https://bugzilla.suse.com/show_bug.cgi?id=1251864 * https://bugzilla.suse.com/show_bug.cgi?id=1251995 * https://bugzilla.suse.com/show_bug.cgi?id=1252937 * https://bugzilla.suse.com/show_bug.cgi?id=1253024 * https://bugzilla.suse.com/show_bug.cgi?id=1253068 * https://bugzilla.suse.com/show_bug.cgi?id=1253158 * https://bugzilla.suse.com/show_bug.cgi?id=1253322 * https://bugzilla.suse.com/show_bug.cgi?id=1253501 * https://bugzilla.suse.com/show_bug.cgi?id=1253773 * https://bugzilla.suse.com/show_bug.cgi?id=1255298 * https://bugzilla.suse.com/show_bug.cgi?id=1257538 * https://jira.suse.com/browse/MSQA-1046 * https://jira.suse.com/browse/SUMA-406 . Important updatefor SUSE Multi-Linux Manager 4.3 with vulnerability fixes and optimizations to enhance security and functionality.. SUSE Multi-Linux Manager security fixes, important update, Linux vulnerability, patch instructions, SUSE security. . Severity: Important. LinuxSecurity.com Team
Mar 25, 2026
•Important
SuSE
219
security advisoryimportantbackdoorSecurity Vulnerabilities Discovered in Ubuntu Server 22.04 RLSA-2026-5678
Important: udisks2 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:3476", "synopsis": "Important: udisks2 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for udisks2.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The Udisks project provides a daemon, tools, and libraries to access and manipulate disks, storage devices, and technologies.\n\nSecurity Fix(es):\n\n* udisks: Missing Authorization Check Allows Unprivileged Users to Back Up LUKS Headers via udisks D-Bus API (CVE-2026-26104)\n\n* udisks: Missing Authorization Check Allows Unprivileged Users to Restore LUKS Headers via udisks D-Bus API (CVE-2026-26103)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2433719", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2433719", "description": ""}, {"ticket": "2433717", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2433717", "description": ""}], "cves": [{"name": "CVE-2026-26103", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-26103", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "cvss3BaseScore": "7.1", "cwe": "CWE-862"}, {"name": "CVE-2026-26104", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-26104", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss3BaseScore": "5.5", "cwe": "CWE-862"}], "references": [], "publishedAt": "2026-03-05T09:12:24.748134Z", "rpms": {"Rocky Linux 10": {"nvras": ["udisks2-lvm2-debuginfo-0:2.10.90-6.el10_1.1.x86_64.rpm","udisks2-lsm-0:2.10.90-6.el10_1.1.s390x.rpm", "udisks2-iscsi-0:2.10.90-6.el10_1.1.ppc64le.rpm", "udisks2-lvm2-debuginfo-0:2.10.90-6.el10_1.1.aarch64.rpm", "udisks2-0:2.10.90-6.el10_1.1.s390x.rpm", "libudisks2-debuginfo-0:2.10.90-6.el10_1.1.s390x.rpm", "libudisks2-devel-0:2.10.90-6.el10_1.1.ppc64le.rpm", "libudisks2-devel-0:2.10.90-6.el10_1.1.aarch64.rpm", "udisks2-debuginfo-0:2.10.90-6.el10_1.1.ppc64le.rpm", "libudisks2-devel-0:2.10.90-6.el10_1.1.s390x.rpm", "udisks2-lvm2-debuginfo-0:2.10.90-6.el10_1.1.ppc64le.rpm", "udisks2-debugsource-0:2.10.90-6.el10_1.1.s390x.rpm", "udisks2-iscsi-debuginfo-0:2.10.90-6.el10_1.1.aarch64.rpm", "udisks2-lsm-0:2.10.90-6.el10_1.1.ppc64le.rpm", "udisks2-0:2.10.90-6.el10_1.1.x86_64.rpm", "udisks2-debuginfo-0:2.10.90-6.el10_1.1.x86_64.rpm", "udisks2-0:2.10.90-6.el10_1.1.ppc64le.rpm", "udisks2-lsm-debuginfo-0:2.10.90-6.el10_1.1.s390x.rpm", "udisks2-iscsi-0:2.10.90-6.el10_1.1.x86_64.rpm", "udisks2-lsm-0:2.10.90-6.el10_1.1.x86_64.rpm", "udisks2-debugsource-0:2.10.90-6.el10_1.1.x86_64.rpm", "libudisks2-debuginfo-0:2.10.90-6.el10_1.1.x86_64.rpm", "udisks2-iscsi-debuginfo-0:2.10.90-6.el10_1.1.x86_64.rpm", "udisks2-lvm2-debuginfo-0:2.10.90-6.el10_1.1.s390x.rpm", "libudisks2-0:2.10.90-6.el10_1.1.ppc64le.rpm", "udisks2-debuginfo-0:2.10.90-6.el10_1.1.s390x.rpm", "libudisks2-devel-0:2.10.90-6.el10_1.1.x86_64.rpm", "udisks2-iscsi-0:2.10.90-6.el10_1.1.aarch64.rpm", "udisks2-0:2.10.90-6.el10_1.1.src.rpm", "udisks2-iscsi-0:2.10.90-6.el10_1.1.s390x.rpm", "udisks2-lvm2-0:2.10.90-6.el10_1.1.aarch64.rpm", "libudisks2-0:2.10.90-6.el10_1.1.aarch64.rpm", "udisks2-lsm-debuginfo-0:2.10.90-6.el10_1.1.aarch64.rpm", "libudisks2-debuginfo-0:2.10.90-6.el10_1.1.ppc64le.rpm", "udisks2-lvm2-0:2.10.90-6.el10_1.1.x86_64.rpm", "udisks2-lsm-debuginfo-0:2.10.90-6.el10_1.1.x86_64.rpm", "udisks2-lsm-0:2.10.90-6.el10_1.1.aarch64.rpm", "libudisks2-0:2.10.90-6.el10_1.1.s390x.rpm", "udisks2-lvm2-0:2.10.90-6.el10_1.1.s390x.rpm", "udisks2-iscsi-debuginfo-0:2.10.90-6.el10_1.1.s390x.rpm","udisks2-iscsi-debuginfo-0:2.10.90-6.el10_1.1.ppc64le.rpm", "libudisks2-debuginfo-0:2.10.90-6.el10_1.1.aarch64.rpm", "udisks2-lvm2-0:2.10.90-6.el10_1.1.ppc64le.rpm", "udisks2-0:2.10.90-6.el10_1.1.aarch64.rpm", "udisks2-lsm-debuginfo-0:2.10.90-6.el10_1.1.ppc64le.rpm", "libudisks2-0:2.10.90-6.el10_1.1.x86_64.rpm", "udisks2-debuginfo-0:2.10.90-6.el10_1.1.aarch64.rpm", "udisks2-debugsource-0:2.10.90-6.el10_1.1.ppc64le.rpm", "udisks2-debugsource-0:2.10.90-6.el10_1.1.aarch64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Critical udisks2 security update for Rocky Linux 10 addressing authorization issues. Ensure system integrity and protect data.. Rocky Linux, udisks2, security, important update, backdoor. . Severity: Important. LinuxSecurity.com Team
Mar 05, 2026
•Important
Rocky Linux
91
security advisoryGentoohigh severityGentoo: GLSA-202403-04 Critical: Backdoor In XZ Utils Remote Access
A backdoor has been discovered in XZ utils that could lead to remote compromise of systems.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202403-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: XZ utils: Backdoor in release tarballs Date: March 29, 2024 Bugs: #928134 ID: 202403-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A backdoor has been discovered in XZ utils that could lead to remote compromise of systems. Background ========== XZ Utils is free general-purpose data compression software with a high compression ratio. Affected packages ================= Package Vulnerable Unaffected ----------------- ------------ ------------ app-arch/xz-utils > = 5.6.0 < 5.6.0 Description =========== A backdoor has been discovered in XZ utils. Please review the CVE identifier referenced below for details. Impact ====== Our current understanding of the backdoor is that is does not affect Gentoo systems, because 1. the backdoor only appears to be included on specific systems and Gentoo does not qualify; 2. the backdoor as it is currently understood targets OpenSSH patched to work with systemd-notify support. Gentoo does not support or include these patches; Analysis is still ongoing, however, and additional vectors may still be identified. For this reason we are still issuing this advisory as if that will be the case. Workaround ========== There is no known workaround at this time. Resolution ========== All XZ utils users should downgrade to the latest version before the backdoor was introduced: # emerge --sync # emerge --ask --oneshot --verbose "
Mar 29, 2024
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!