Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
100
security advisorymoderatedenial of serviceSUSE 2026 Product Composer Moderate Fix Denial of Service CVE-2024-22038
An update that solves one vulnerability can now be installed.. # Security update for build, product-composer Announcement ID: SUSE-SU-2026:21518-1 Release Date: 2026-05-05T06:52:08Z Rating: moderate References: * bsc#1230469 Cross-References: * CVE-2024-22038 CVSS scores: * CVE-2024-22038 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-22038 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H * CVE-2024-22038 ( NVD ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-22038 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 * SUSE Linux Micro Extras 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for build, product-composer fixes the following issues: Changes in build: * Support a new "IgnoreRebuild" config. * build-recipe-kiwi: * Add support for oci containers * Avoid needlessly compressing container images * Detect container images based on build result file name * Fix queryrecipe to use the summary and the description from the main package * config: Add slfo-main build configuration * drop the inner quotes, not needed on bash 4 and breaks on bash 3 * build: in the ccache case, after test -e also accept -L * container: * Add microdnf package manager support * Add experimental support for the container-timestamp build option * sbom: * allow to create v1 intoto data * spdx: connect OPERATING-SYSTEM package to the root package * Transfer product vcs and disturl * Support --cms-nocerts and --cms-keyid in the signdummy * Support chroot builds inside of containers * runservice tool, allow to specify the modes. Can be used on plain git source now also * Support --mtime option for cpio creation * generate_sbom: *Support also unzck compressed repomd files * Fail when given --product directory is missing * support zstd compressed repomd data * build-vm-lxc: support lxc > = 5 * vc: Hide an annoying error message when not using NIS * added leap-16.0 and leap-16.1 build configs. (not named sl16.0 anymore, but using same string as the git branch) * Implement cmssign support in signdummy * pbuild: mark git assets with a fixed commit as immutable * mkosi * check if old parameters are supported before passing them * support old bash version * Do not crash on small files that start with the PE magic * Harden export_debian_orig_from_git (CVE-2024-22038, boo#1230469) Changes in product-composer: update to version 0.9.6: * Speed-up reading of rpm headers * Flush output lines to get get correct timestamps in OBS update to version 0.9.5: * Be a bit more verbose to track used times per step in OBS * Fix a crash when doing version compare with an epoch update to version 0.9.4: * Give an error when trying to add updateinfo meta data without all binary revisions. * Hand over vcs and disturl data to generate_sbom. (We require a recent build package therefore) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.2 zypper in -t patch SUSE-SLE-Micro-Extras-6.2-678=1 ## Package List: * SUSE Linux Micro Extras 6.2 (noarch) * build-mkbaselibs-20260415-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2024-22038.html * https://bugzilla.suse.com/show_bug.cgi?id=1230469 . This update addresses one moderate vulnerability in SUSE's product-composer, enhancing overall system stability.. SUSE update, product-composer security, build vulnerabilities, Linux security patch. . LinuxSecurity.com Team
May 11, 2026
SuSE
202
security advisorymoderateupdateopenSUSE Tumbleweed Security Update openSUSE-SU-2027-20245-4 Medium Risk
An update that solves one vulnerability can now be installed.. # build-20260202-2.1 on GA media Announcement ID: openSUSE-SU-2026:10183-1 Rating: moderate Cross-References: * CVE-2024-22038 CVSS scores: * CVE-2024-22038 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H * CVE-2024-22038 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the build-20260202-2.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * build 20260202-2.1 * build-initvm-i586 20260202-2.1 * build-initvm-x86_64 20260202-2.1 * build-mkbaselibs 20260202-2.1 * build-mkdrpms 20260202-2.1 ## References: * https://www.suse.com/security/cve/CVE-2024-22038.html . An update is available for openSUSE Tumbleweed to address a moderate severity security issue. Install now.. openSUSE update, moderate security fix, CVE 2024, build application, security advisory. . LinuxSecurity.com Team
Feb 13, 2026
OpenSUSE
89
security advisoryFedorapackage updateFedora 36: 2022:37aef44d1e Moderate: Multiple Golang Issues Mitigated
Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- enable s390x build (rhbz#1971028). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-37aef44d1e 2022-07-30 01:52:05.591856 --------------------------------------------------------------------------------Name : golang-gopkg-src-d-git-4 Product : Fedora 36 Version : 4.13.1 Release : 9.fc36 URL : https://github.com/src-d/go-git Summary : A highly extensible git implementation in pure go Description : A highly extensible git implementation in pure go. --------------------------------------------------------------------------------Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- enable s390x build (rhbz#1971028) --------------------------------------------------------------------------------ChangeLog: * Tue Jul 19 2022 Maxwell G - 4.13.1-9 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-37aef44d1e' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jul 29, 2022
Fedora
89
security advisorycriticalFedoraFedora 36: 2022-37aef44d1e Critical: Golang-Github-Rickb777-Date Rebuild
Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- enable s390x build (rhbz#1971028). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-37aef44d1e 2022-07-30 01:52:05.591856 --------------------------------------------------------------------------------Name : golang-github-rickb777-date Product : Fedora 36 Version : 1.19.1 Release : 3.fc36 URL : https://github.com/rickb777/date Summary : A Go package for working with dates Description : A Go package for working with dates. --------------------------------------------------------------------------------Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- enable s390x build (rhbz#1971028) --------------------------------------------------------------------------------ChangeLog: * Tue Jul 19 2022 Maxwell G 1.19.1-3 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-37aef44d1e' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list--
Jul 29, 2022
•Critical
Fedora
89
security advisoryupdateFedoraFedora 36 golang-github-nicksnyder-i18n-2 Update for Multiple CVEs
Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- enable s390x build (rhbz#1971028). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-37aef44d1e 2022-07-30 01:52:05.591856 --------------------------------------------------------------------------------Name : golang-github-nicksnyder-i18n-2 Product : Fedora 36 Version : 2.1.2 Release : 6.fc36 URL : https://github.com/nicksnyder/go-i18n Summary : Translate your Go program into multiple languages Description : go-i18n is a Go package and a command that helps you translate Go programs into multiple languages. - Supports pluralized strings for all 200+ languages in the Unicode Common Locale Data Repository (CLDR). - Code and tests are automatically generated from CLDR data. - Supports strings with named variables using text/template syntax. - Supports message files of any format (e.g. JSON, TOML, YAML, etc.). - Documented and tested! --------------------------------------------------------------------------------Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- enable s390x build (rhbz#1971028) --------------------------------------------------------------------------------ChangeLog: * Tue Jul 19 2022 Maxwell G - 2.1.2-6 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-37aef44d1e' at the command line. For moreinformation, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jul 29, 2022
•Critical
Fedora
89
security advisoryfedoracriticalFedora 36: 2022-37aef44d1e Critical Golang Multibase Update
Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- enable s390x build (rhbz#1971028). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-37aef44d1e 2022-07-30 01:52:05.591856 --------------------------------------------------------------------------------Name : golang-github-multiformats-multibase Product : Fedora 36 Version : 0.0.3 Release : 3.20220213gitf067816.fc36 URL : https://github.com/multiformats/go-multibase Summary : Implementation of multibase parser in go Description : Implementation of multibase parser in go. --------------------------------------------------------------------------------Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- enable s390x build (rhbz#1971028) --------------------------------------------------------------------------------ChangeLog: * Tue Jul 19 2022 Maxwell G 0.0.3-3 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-37aef44d1e' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jul 29, 2022
•Critical
Fedora
89
security advisoryupdateFedoraFedora 31 Community-MySQL Update: Important Security Fixes Released
Update built with the new CMake settings Number of files which should have been owned by the testsuite subpackage are now owned by it Started building MeCab plugin. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-d5b2e71a17 2020-09-11 15:13:54.929672 --------------------------------------------------------------------------------Name : community-mysql Product : Fedora 31 Version : 8.0.21 Release : 11.fc31 URL : https://www.mysql.com/ Summary : MySQL client programs and shared libraries Description : MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. --------------------------------------------------------------------------------Update Information: Update built with the new CMake settings Number of files which should have been owned by the testsuite subpackage are now owned by it Started building MeCab plugin --------------------------------------------------------------------------------ChangeLog: * Tue Aug 25 2020 Michal Schorm - 8.0.21-11 - Start building the MeCab plugin * Mon Aug 24 2020 Michal Schorm - 8.0.21-10 - Fix the filelist. A number of shared libraries in the plugindir are part of the testsuite and thus should reside in *-test subpackage It will be best to keep the file list explicit to avoid this in the future * Tue Aug 18 2020 Michal Schorm - 8.0.21-9 - I encounter the ARM memory exaustion in the end Looks like it is only issue on some machines * Tue Aug 18 2020 Michal Schorm - 8.0.21-8 - I haven't encounter the ARM memory exaustion on Fedora build infrastructure Let's enable it and see how it will work * Mon Aug 17 2020 Lars Tangvald - 8.0.21-7 - Use upstream patch to enable LTO - Skip LTO on ARM due to out of memoryissue * Thu Aug 13 2020 Michal Schorm - 8.0.21-6 - Do a proper out-of-source CMake builds - Force the CMake change regarding the in-source builds also to F31 and F32 - Use CMake macros instead of cmake & make direct commands - %cmake macro covers the %{set_build_flags}, so they are not needed - Remove ancient obsoletes * Wed Aug 12 2020 Honza Horak - 8.0.21-5 - Check that we have correct versions in bundled(*) Provides - Remove re2 dependency that is not needed any more * Thu Aug 6 2020 Jeff Law - 8.0.21-4 - Disable LTO * Sat Aug 1 2020 Fedora Release Engineering - 8.0.21-3 - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Mon Jul 27 2020 Fedora Release Engineering - 8.0.21-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1867680 - CVE-2020-14539 CVE-2020-14540 CVE-2020-14547 CVE-2020-14550 CVE-2020-14553 CVE-2020-14559 CVE-2020-14568 CVE-2020-14575 CVE-2020-14576 CVE-2020-14586 CVE-2020-14597 CVE-2020-14614 CVE-2020-14619 ... mysql:8.0/community-mysql: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1867680 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-d5b2e71a17' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Sep 11, 2020
•Important
Fedora
202
security advisorymoderatepatch instructionopenSUSE Leap 15.0: openSUSE-SU-2019:0232-1 Moderate: Build Update
An update that solves one vulnerability and has one errata is now available.. openSUSE Security Update: Security update for build ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:0232-1 Rating: moderate References: #1069904 #1122895 Cross-References: CVE-2017-14804 Affected Products: openSUSE Leap 15.0 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for build version 20190128 fixes the following issues: Security issue fixed: - CVE-2017-14804: Improve file name check extractbuild (bsc#1069904) Non-security issue fixed: - Add initial SLE 15 SP1 config (bsc#1122895) This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.0: zypper in -t patch openSUSE-2019-232=1 Package List: - openSUSE Leap 15.0 (noarch): build-20190128-lp150.2.3.1 build-initvm-i586-20190128-lp150.2.3.1 build-initvm-x86_64-20190128-lp150.2.3.1 build-mkbaselibs-20190128-lp150.2.3.1 build-mkdrpms-20190128-lp150.2.3.1 References: https://www.suse.com/security/cve/CVE-2017-14804.html https://bugzilla.suse.com/1069904 https://bugzilla.suse.com/1122895 -- . openSUSE Security Update: Security update for build ________________________________________________. update, solves, vulnerability, errata, opensuse, security, updat. . LinuxSecurity.com Team
Feb 22, 2019
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!