Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
100
security advisoryimportantcurl updateSUSE: 2023:3208-1 Important: bci/golang Security Update
The container bci/golang was updated. The following patches have been included in this update:. SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3208-1 Container Tags : bci/golang:1.21 , bci/golang:1.21-1.3.5 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.3.5 Container Release : 3.5 Severity : important Type : security References : 1200962 1206080 1206556 1208037 1208038 1208040 1208409 1209642 1210297 1210733 1211829 1212819 1212910 1213458 1214565 1214567 1214579 1214580 1214604 1214611 1214619 1214620 1214623 1214624 1214625 1215026 CVE-2020-19726 CVE-2021-32256 CVE-2022-35205 CVE-2022-35206 CVE-2022-4285 CVE-2022-44840 CVE-2022-45703 CVE-2022-47673 CVE-2022-47695 CVE-2022-47696 CVE-2022-48063 CVE-2022-48064 CVE-2022-48065 CVE-2023-0687 CVE-2023-1579 CVE-2023-1972 CVE-2023-2222 CVE-2023-25585 CVE-2023-25587 CVE-2023-25588 CVE-2023-38039 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3814-1 Released: Wed Sep 27 18:08:17 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1211829,1212819,1212910 This update for glibc fixes the following issues: - nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415) - Restore lookup of IPv4 mapped addresses in files database (bsc#1212819, BZ #25457) - elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688) - elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676) - ld.so: Always use MAP_COPY to map the first segment (BZ #30452) -add GB18030-2022 charmap (jsc#PED-4908, BZ #30243) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3823-1 Released: Wed Sep 27 18:42:38 2023 Summary: Security update for curl Type: security Severity: important References: 1215026,CVE-2023-38039 This update for curl fixes the following issues: - CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3825-1 Released: Wed Sep 27 18:48:53 2023 Summary: Security update for binutils Type: security Severity: important References: 1200962,1206080,1206556,1208037,1208038,1208040,1208409,1209642,1210297,1210733,1213458,1214565,1214567,1214579,1214580,1214604,1214611,1214619,1214620,1214623,1214624,1214625,CVE-2020-19726,CVE-2021-32256,CVE-2022-35205,CVE-2022-35206,CVE-2022-4285,CVE-2022-44840,CVE-2022-45703,CVE-2022-47673,CVE-2022-47695,CVE-2022-47696,CVE-2022-48063,CVE-2022-48064,CVE-2022-48065,CVE-2023-0687,CVE-2023-1579,CVE-2023-1972,CVE-2023-2222,CVE-2023-25585,CVE-2023-25587,CVE-2023-25588 This update for binutils fixes the following issues: Update to version 2.41 [jsc#PED-5778]: * The MIPS port now supports the Sony Interactive Entertainment Allegrex processor, used with the PlayStation Portable, which implements the MIPS II ISA along with a single-precision FPU and a few implementation-specific integer instructions. * Objdump's --private option can now be used on PE format files to display the fields in the file header and section headers. * New versioned release of libsframe: libsframe.so.1. This release introduces versioned symbols with version node name LIBSFRAME_1.0. This release also updates the ABI in an incompatible way: this includes removal of sframe_get_funcdesc_with_addr API, change in the behavior of sframe_fre_get_ra_offset and sframe_fre_get_fp_offset APIs. * SFrame Version 2 is now the default (and only) format versionsupported by gas, ld, readelf and objdump. * Add command-line option, --strip-section-headers, to objcopy and strip to remove ELF section header from ELF file. * The RISC-V port now supports the following new standard extensions: - Zicond (conditional zero instructions) - Zfa (additional floating-point instructions) - Zvbb, Zvbc, Zvkg, Zvkned, Zvknh[ab], Zvksed, Zvksh, Zvkn, Zvknc, Zvkng, Zvks, Zvksc, Zvkg, Zvkt (vector crypto instructions) * The RISC-V port now supports the following vendor-defined extensions: - XVentanaCondOps * Add support for Intel FRED, LKGS and AMX-COMPLEX instructions. * A new .insn directive is recognized by x86 gas. * Add SME2 support to the AArch64 port. * The linker now accepts a command line option of --remap-inputs = to relace any input file that matches with . In addition the option --remap-inputs-file= can be used to specify a file containing any number of these remapping directives. * The linker command line option --print-map-locals can be used to include local symbols in a linker map. (ELF targets only). * For most ELF based targets, if the --enable-linker-version option is used then the version of the linker will be inserted as a string into the .comment section. * The linker script syntax has a new command for output sections: ASCIZ 'string' This will insert a zero-terminated string at the current location. * Add command-line option, -z nosectionheader, to omit ELF section header. - Contains fixes for these non-CVEs (not security bugs per upstreams SECURITY.md): * bsc#1209642 aka CVE-2023-1579 aka PR29988 * bsc#1210297 aka CVE-2023-1972 aka PR30285 * bsc#1210733 aka CVE-2023-2222 aka PR29936 * bsc#1213458 aka CVE-2021-32256 aka PR105039 (gcc) * bsc#1214565 aka CVE-2020-19726 aka PR26240 * bsc#1214567 aka CVE-2022-35206 aka PR29290 * bsc#1214579 aka CVE-2022-35205 aka PR29289 * bsc#1214580 aka CVE-2022-44840 aka PR29732 * bsc#1214604 aka CVE-2022-45703 aka PR29799 * bsc#1214611 aka CVE-2022-48065 aka PR29925 *bsc#1214619 aka CVE-2022-48064 aka PR29922 * bsc#1214620 aka CVE-2022-48063 aka PR29924 * bsc#1214623 aka CVE-2022-47696 aka PR29677 * bsc#1214624 aka CVE-2022-47695 aka PR29846 * bsc#1214625 aka CVE-2022-47673 aka PR29876 - This only existed only for a very short while in SLE-15, as the main variant in devel:gcc subsumed this in binutils-revert-rela.diff. Hence: - Document fixed CVEs: * bsc#1208037 aka CVE-2023-25588 aka PR29677 * bsc#1208038 aka CVE-2023-25587 aka PR29846 * bsc#1208040 aka CVE-2023-25585 aka PR29892 * bsc#1208409 aka CVE-2023-0687 aka PR29444 - Enable bpf-none cross target and add bpf-none to the multitarget set of supported targets. - Disable packed-relative-relocs for old codestreams. They generate buggy relocations when binutils-revert-rela.diff is active. [bsc#1206556] - Disable ZSTD debug section compress by default. - Enable zstd compression algorithm (instead of zlib) for debug info sections by default. - Pack libgprofng only for supported platforms. - Move libgprofng-related libraries to the proper locations (packages). - Add --without=bootstrap for skipping of bootstrap (faster testing of the package). - Remove broken arm32-avoid-copyreloc.patch to fix [gcc#108515] Update to version 2.40: * Objdump has a new command line option --show-all-symbols which will make it display all symbols that match a given address when disassembling. (Normally only the first symbol that matches an address is shown). * Add --enable-colored-disassembly configure time option to enable colored disassembly output by default, if the output device is a terminal. Note, this configure option is disabled by default. * DCO signed contributions are now accepted. * objcopy --decompress-debug-sections now supports zstd compressed debug sections. The new option --compress-debug-sections=zstd compresses debug sections with zstd. * addr2line and objdump --dwarf now support zstd compressed debug sections. * The dlltool program now accepts --deterministic-libraries and --non-deterministic-libraries as command line options to control whether or not it generates deterministic output libraries. If neither of these options are used the default is whatever was set when the binutils were configured. * readelf and objdump now have a newly added option --sframe which dumps the SFrame section. * Add support for Intel RAO-INT instructions. * Add support for Intel AVX-NE-CONVERT instructions. * Add support for Intel MSRLIST instructions. * Add support for Intel WRMSRNS instructions. * Add support for Intel CMPccXADD instructions. * Add support for Intel AVX-VNNI-INT8 instructions. * Add support for Intel AVX-IFMA instructions. * Add support for Intel PREFETCHI instructions. * Add support for Intel AMX-FP16 instructions. * gas now supports --compress-debug-sections=zstd to compress debug sections with zstd. * Add --enable-default-compressed-debug-sections-algorithm={zlib,zstd} that selects the default compression algorithm for --enable-compressed-debug-sections. * Add support for various T-Head extensions (XTheadBa, XTheadBb, XTheadBs, XTheadCmo, XTheadCondMov, XTheadFMemIdx, XTheadFmv, XTheadInt, XTheadMemIdx, XTheadMemPair, XTheadMac, and XTheadSync) from version 2.0 of the T-Head ISA manual, which are implemented in the Allwinner D1. * Add support for the RISC-V Zawrs extension, version 1.0-rc4. * Add support for Cortex-X1C for Arm. * New command line option --gsframe to generate SFrame unwind information on x86_64 and aarch64 targets. * The linker has a new command line option to suppress the generation of any warning or error messages. This can be useful when there is a need to create a known non-working binary. The option is -w or --no-warnings. * ld now supports zstd compressed debug sections. The new option --compress-debug-sections=zstd compresses debug sections with zstd. * Add --enable-default-compressed-debug-sections-algorithm={zlib,zstd} that selects the default compression algorithm for --enable-compressed-debug-sections. * Remove supportfor -z bndplt (MPX prefix instructions). - Includes fixes for these CVEs: * bsc#1206080 aka CVE-2022-4285 aka PR29699 - Enable by default: --enable-colored-disassembly. - fix build on x86_64_vX platforms The following package changes have been done: - glibc-2.31-150300.58.1 updated - libcurl4-8.0.1-150400.5.29.1 updated - libctf-nobfd0-2.41-150100.7.46.1 updated - libctf0-2.41-150100.7.46.1 updated - binutils-2.41-150100.7.46.1 updated - glibc-devel-2.31-150300.58.1 updated - container:sles15-image-15.0.0-36.5.37 updated . Keep informed about the latest SUSE bci/golang security notices which outline recent updates and resolutions for significant vulnerabilities.. SUSE Update,bci/golang Security,Container Security,Software Update. . Severity: Important. LinuxSecurity.com Team
Sep 29, 2023
•Important
SuSE
98
security advisoryRed Hatsoftware patchRHSA-2021-4036-01: Moderate Unicode Vulnerability in Binutils on RHEL 7.4
An update for binutils is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: binutils security update Advisory ID: RHSA-2021:4036-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4036 Issue date: 2021-11-01 CVE Names: CVE-2021-42574 ==================================================================== 1. Summary: An update for binutils is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.4) - x86_64 3. Description: The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Security Fix(es): * Developer environment: Unicode's bidirectional (BiDi) override characterscan cause trojan source attacks (CVE-2021-42574) The following changes were introduced in binutils in order to facilitate detection of BiDi Unicode characters: Tools which display names or strings (readelf, strings, nm, objdump) have a new command line option --unicode / -U which controls how Unicode characters are handled. Using "--unicode=default" will treat them as normal for the tool. This is the default behaviour when --unicode option is notused. Using "--unicode=locale" will display them according to the current locale. Using "--unicode=hex" will display them as hex byte values. Using "--unicode=escape" will display them as Unicode escape sequences. Using "--unicode=highlight" will display them as Unicode escape sequences highlighted in red, if supported by the output device. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2005819 - CVE-2021-42574 Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.4): Source: binutils-2.25.1-32.base.el7_4.5.src.rpm x86_64: binutils-2.25.1-32.base.el7_4.5.x86_64.rpm binutils-debuginfo-2.25.1-32.base.el7_4.5.i686.rpm binutils-debuginfo-2.25.1-32.base.el7_4.5.x86_64.rpm binutils-devel-2.25.1-32.base.el7_4.5.i686.rpm binutils-devel-2.25.1-32.base.el7_4.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-42574 https://access.redhat.com/security/updates/classification#moderate https://access.redhat.com/security/vulnerabilities/RHSB-2021-007 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYX+a/tzjgjWX9erEAQhVGBAAmfFkQVq5fyx9NbrME//Vrqr7elHgyDk/ 1tsacqNAxIXXZIQqBzROnqjhFfdFru6+/3iMmIw3Bfl/R33jEhm8xUO0nQoQQ3vQ XTHxNhRtKqPlsmuj8zwmTK1VfLeNaMMNkVtXTZUjQctO5MZHCBayy585b/c294bX lSomlfzmiZ20TECdE4L6yNRukoAvsecrD3V63heNJxjdlnnGUFIFVE79V5JDVmd3 U1KOutsVaXthbWvSkh4XcmOyXvW3WZ4lF2OV9YOY6qK3du98+4wOecPrZkqgdmyP Fg+YnCKogz+dAWdn2XFREl5eFeNBUZmHcz7KVx3U/HDeMKnSBiW4KodToU+nXzCu OwfCtk+UDR6k0GDUlzKBnYXOBjd/jXJa9vZeNUzYJu5V7zSVUFp7qCP7HfWoaR1G Y4fJiio8M0wbDieKihwx6pexsSo9mE3tb9V377uRFqrscwWeB4vurKYPBNEWcAiB ThbD4Ni5SiC1FvBmPw4FdQmvzXiBeojh0mfk1PiFxAjYH+CBTWO4TPSP0yarVmvw bPPKBSf8K9X1LUEw1ULzabAzReKoKwQMsIhNrbL1t0XYFxL7uLM60lDqZlWGtH+u wXsBQ+W/AkM9TN7AfucCXgLjYQqiLc4YQGarY10GisCHH+uEXOOKQBVTJCjZxMry R1FRQXDUWrY=9ZN/ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 01, 2021
Red Hat
98
security advisorydenial of servicesecurity fixRed Hat Enterprise Linux 8: RHSA-2020:4465-01 Low Severity Binutils DoS
An update for binutils is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: binutils security update Advisory ID: RHSA-2020:4465-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4465 Issue date: 2020-11-03 CVE Names: CVE-2019-17450 ==================================================================== 1. Summary: An update for binutils is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Security Fix(es): * binutils: denial of service via crafted ELF file (CVE-2019-17450) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. 4.Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1678323 - binutils fails to compile with -fsanitize=address 1771677 - CVE-2019-17450 binutils: denial of service via crafted ELF file 1807308 - objcopy can not embed data to shared library, and --set-section-flags donot work with "share" flag. 1869401 - Backport "x86: don't mistakenly scale non-8-bit displacements" 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): aarch64: binutils-debuginfo-2.30-79.el8.aarch64.rpm binutils-debugsource-2.30-79.el8.aarch64.rpm binutils-devel-2.30-79.el8.aarch64.rpm ppc64le: binutils-debuginfo-2.30-79.el8.ppc64le.rpm binutils-debugsource-2.30-79.el8.ppc64le.rpm binutils-devel-2.30-79.el8.ppc64le.rpm s390x: binutils-debuginfo-2.30-79.el8.s390x.rpm binutils-debugsource-2.30-79.el8.s390x.rpm binutils-devel-2.30-79.el8.s390x.rpm x86_64: binutils-debuginfo-2.30-79.el8.i686.rpm binutils-debuginfo-2.30-79.el8.x86_64.rpm binutils-debugsource-2.30-79.el8.i686.rpm binutils-debugsource-2.30-79.el8.x86_64.rpm binutils-devel-2.30-79.el8.i686.rpm binutils-devel-2.30-79.el8.x86_64.rpm Red Hat Enterprise Linux BaseOS (v. 8): Source: binutils-2.30-79.el8.src.rpm aarch64: binutils-2.30-79.el8.aarch64.rpm binutils-debuginfo-2.30-79.el8.aarch64.rpm binutils-debugsource-2.30-79.el8.aarch64.rpm ppc64le: binutils-2.30-79.el8.ppc64le.rpm binutils-debuginfo-2.30-79.el8.ppc64le.rpm binutils-debugsource-2.30-79.el8.ppc64le.rpm s390x: binutils-2.30-79.el8.s390x.rpm binutils-debuginfo-2.30-79.el8.s390x.rpm binutils-debugsource-2.30-79.el8.s390x.rpm x86_64: binutils-2.30-79.el8.x86_64.rpm binutils-debuginfo-2.30-79.el8.x86_64.rpm binutils-debugsource-2.30-79.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2019-17450 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX6I1dNzjgjWX9erEAQhZZg/+MJhzfsZosoYyXGNkVjxp0o60NFODnndw HGP/LNhVGfnonf8ftsKi8xCbH5kMQSTL4tz5iZuDxx0xAp/WLXnubRo0TueTZBnQ s4aJNA2jC2fNWKyfqE8FkoLFz5wFwzF1qxrOrvK5SDH5j9WezFDb68g2QVJ8gl0G sNBolwGgrgRYLOG9q3rmd6Yo56d230uIYLpeDPHhMyqYAQ+w+jcWqVClKGLdaEbX dBN3zUwUuRq5UAyF4BgS2P4E/RxMhYiwte55p/HqL1XdiBJmxNta1/zLYhEjAduQ Bj+k8XJBcmREoSa9nOhq4kXUgs4LpxAH37EsS3/j/7Gt9LQkSE46uJwCJMmS0Dcm dZwacz3uU1u9o8PIXnABrZ7LH8KpuW6kBS44yoPPQ1q1+Sklmhs7MdCKU1ubRGhh QpS/lj0lpjmKgl6N24KkGJeQ+qx8HjLM1S55EXZ9+E3+plfUTQwmV3quxQDX4kO/ rmC8xh9TmNBWVt7iETiONJOIGPhI9dc8rFm8ooxtwTolll+Nw5zwxDbh5Oqr2Yxc fG7tYK0FUVW83zAKPnjAENpC7rL9+J3Q5v2xFc5HaQDAviuqKxQ4XrFgjnz6bqr6 gcRbRzOMEjqVfhzTJaQd3++Nhv9c7OTJhEgMn0zTBCYm1hgYH1PJ2RmIcyxRJkCZ ntjkm+IZk50=inzL -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 04, 2020
•Low
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!