Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
202
security advisorymoderateupdateopenSUSE: 2019:2654-1 Moderate Security Fix for Calamares Update
An update that solves one vulnerability and has one errata is now available.. openSUSE Security Update: Security update for calamares ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:2654-1 Rating: moderate References: #1140256 #1152377 Cross-References: CVE-2019-13178 Affected Products: openSUSE Backports SLE-15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for calamares fixes the following issues: - Launch with "pkexec calamares" in openSUSE Tumbleweed, but launch with "xdg-su -c calamares" in openSUSE Leap 15. Update to Calamares 3.2.15: - "displaymanager" module now treats "sysconfig" as a regular entry in the "displaymanagers" list, and the "sysconfigSetup" key is used as a shorthand to force only that entry in the list. - "machineid" module has been re-written in C++ and extended with a new configuration key to generate urandom pool data. - "unpackfs" now supports a special "sourcefs" value of file for copying single files (optionally with renaming) or directory trees to the target system. - "unpackfs" now support an "exclude" and "excludeFile" setting for excluding particular files or patters from unpacking. Update to Calamares 3.2.14: - "locale" module no longer recognizes the legacy GeoIP configuration. This has been deprecated since Calamares 3.2.8 and is now removed. - "packagechooser" module can now be custom-labeled in the overall progress (left-hand column). - "displaymanager" module now recognizes KDE Plasma 5.17. - "displaymanager" module now can handle Wayland sessions and can detect sessions from their .desktop files. - "unpackfs" now has special handling for sourcefs setting “file”. Update to Calamares 3.2.13. More about upstreamchanges: https://calamares.io/calamares-3.2.13-is-out/ and https://calamares.io/calamares-3.2.12-is-out/ Update to Calamares 3.2.11: - Fix race condition in modules/luksbootkeyfile/main.py (boo#1140256, CVE-2019-13178) - more about upstream changes in 3.2 versions can be found in https://calamares.io/ and https://github.com/calamares/calamares/releases This update was imported from the openSUSE:Leap:15.0:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15: zypper in -t patch openSUSE-2019-2654=1 Package List: - openSUSE Backports SLE-15 (noarch): calamares-branding-upstream-3.2.15-bp150.2.6.1 - openSUSE Backports SLE-15 (x86_64): calamares-3.2.15-bp150.2.6.1 calamares-webview-3.2.15-bp150.2.6.1 References: https://www.suse.com/security/cve/CVE-2019-13178.html https://bugzilla.suse.com/1140256 https://bugzilla.suse.com/1152377 -- . Important patch issued for calamares, rectifying a specific security flaw along with guidance for implementing the remedy.. Calamares Update, OpenSUSE Security, Update Instructions, Patch Details. . LinuxSecurity.com Team
Dec 09, 2019
OpenSUSE
202
security advisorymoderatesoftware updateopenSUSE: 2020:2732-1 Important: Calamares Security Patch
An update that solves one vulnerability and has one errata is now available.. openSUSE Security Update: Security update for calamares ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:2655-1 Rating: moderate References: #1140256 #1152377 Cross-References: CVE-2019-13178 Affected Products: openSUSE Backports SLE-15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for calamares fixes the following issues: - Launch with "pkexec calamares" in openSUSE Tumbleweed, but launch with "xdg-su -c calamares" in openSUSE Leap 15. Update to Calamares 3.2.15: - "displaymanager" module now treats "sysconfig" as a regular entry in the "displaymanagers" list, and the "sysconfigSetup" key is used as a shorthand to force only that entry in the list. - "machineid" module has been re-written in C++ and extended with a new configuration key to generate urandom pool data. - "unpackfs" now supports a special "sourcefs" value of file for copying single files (optionally with renaming) or directory trees to the target system. - "unpackfs" now support an "exclude" and "excludeFile" setting for excluding particular files or patters from unpacking. Update to Calamares 3.2.14: - "locale" module no longer recognizes the legacy GeoIP configuration. This has been deprecated since Calamares 3.2.8 and is now removed. - "packagechooser" module can now be custom-labeled in the overall progress (left-hand column). - "displaymanager" module now recognizes KDE Plasma 5.17. - "displaymanager" module now can handle Wayland sessions and can detect sessions from their .desktop files. - "unpackfs" now has special handling for sourcefs setting “file”. Update to Calamares 3.2.13. More about upstreamchanges: https://calamares.io/calamares-3.2.13-is-out/ and https://calamares.io/calamares-3.2.12-is-out/ Update to Calamares 3.2.11: - Fix race condition in modules/luksbootkeyfile/main.py (boo#1140256, CVE-2019-13178) - more about upstream changes in 3.2 versions can be found in https://calamares.io/ and https://github.com/calamares/calamares/releases This update was imported from the openSUSE:Leap:15.1:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP1: zypper in -t patch openSUSE-2019-2655=1 Package List: - openSUSE Backports SLE-15-SP1 (aarch64 x86_64): calamares-3.2.15-bp151.4.3.1 calamares-webview-3.2.15-bp151.4.3.1 - openSUSE Backports SLE-15-SP1 (noarch): calamares-branding-upstream-3.2.15-bp151.4.3.1 References: https://www.suse.com/security/cve/CVE-2019-13178.html https://bugzilla.suse.com/1140256 https://bugzilla.suse.com/1152377 -- . This enhancement introduces a crucial patch for Calamares in the openSUSE environment, reinforcing both the integrity and security measures of the system.. openSUSE, security update, calamares, software enhancements. . Severity: Important. LinuxSecurity.com Team
Dec 09, 2019
•Important
OpenSUSE
202
security advisorymoderatesoftware updateopenSUSE: 2019:2628-1 Moderate: Calamares Security Patch Details
An update that solves one vulnerability and has one errata is now available.. openSUSE Security Update: Security update for calamares ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:2628-1 Rating: moderate References: #1140256 #1152377 Cross-References: CVE-2019-13178 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for calamares fixes the following issues: - Launch with "pkexec calamares" in openSUSE Tumbleweed, but launch with "xdg-su -c calamares" in openSUSE Leap 15. Update to Calamares 3.2.15: - "displaymanager" module now treats "sysconfig" as a regular entry in the "displaymanagers" list, and the "sysconfigSetup" key is used as a shorthand to force only that entry in the list. - "machineid" module has been re-written in C++ and extended with a new configuration key to generate urandom pool data. - "unpackfs" now supports a special "sourcefs" value of file for copying single files (optionally with renaming) or directory trees to the target system. - "unpackfs" now support an "exclude" and "excludeFile" setting for excluding particular files or patters from unpacking. Update to Calamares 3.2.14: - "locale" module no longer recognizes the legacy GeoIP configuration. This has been deprecated since Calamares 3.2.8 and is now removed. - "packagechooser" module can now be custom-labeled in the overall progress (left-hand column). - "displaymanager" module now recognizes KDE Plasma 5.17. - "displaymanager" module now can handle Wayland sessions and can detect sessions from their .desktop files. - "unpackfs" now has special handling for sourcefs setting “file”. Update to Calamares3.2.13. More about upstream changes: https://calamares.io/calamares-3.2.13-is-out/ and https://calamares.io/calamares-3.2.12-is-out/ Update to Calamares 3.2.11: - Fix race condition in modules/luksbootkeyfile/main.py (boo#1140256, CVE-2019-13178) - more about upstream changes in 3.2 versions can be found in https://calamares.io/ and https://github.com/calamares/calamares/releases Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2019-2628=1 - openSUSE Leap 15.0: zypper in -t patch openSUSE-2019-2628=1 Package List: - openSUSE Leap 15.1 (x86_64): calamares-3.2.15-lp151.4.3.3 calamares-debuginfo-3.2.15-lp151.4.3.3 calamares-debugsource-3.2.15-lp151.4.3.3 calamares-webview-3.2.15-lp151.4.3.3 calamares-webview-debuginfo-3.2.15-lp151.4.3.3 - openSUSE Leap 15.1 (noarch): calamares-branding-upstream-3.2.15-lp151.4.3.3 - openSUSE Leap 15.0 (x86_64): calamares-3.2.15-lp150.7.2 calamares-debuginfo-3.2.15-lp150.7.2 calamares-debugsource-3.2.15-lp150.7.2 calamares-webview-3.2.15-lp150.7.2 calamares-webview-debuginfo-3.2.15-lp150.7.2 - openSUSE Leap 15.0 (noarch): calamares-branding-upstream-3.2.15-lp150.7.2 References: https://www.suse.com/security/cve/CVE-2019-13178.html https://bugzilla.suse.com/1140256 https://bugzilla.suse.com/1152377 -- . openSUSE Launches Security Patch for Calamares, Addressing a Moderate Concern and Enhancing Essential Features.. Calamares Update, openSUSE Patch, Software Security Fix, Linux Update. . LinuxSecurity.com Team
Dec 03, 2019
OpenSUSE
89
security advisorycriticalsoftware updateFedora 27: 2018-22776e8ca9 Critical: Calamares YAML-CPP Patch
Rebuild for yaml-cpp 0.6.0 to address CVE-2017-5950.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-22776e8ca9 2018-10-10 21:52:54.736240 --------------------------------------------------------------------------------Name : calamares Product : Fedora 27 Version : 3.1.8 Release : 2.fc27.1 URL : https://calamares.io/ Summary : Installer from a live CD/DVD/USB to disk Description : Calamares is a distribution-independent installer framework, designed to install from a live CD/DVD/USB environment to a hard disk. It includes a graphical installation program based on Qt 5. This package includes the Calamares framework and the required configuration files to produce a working replacement for Anaconda's liveinst. --------------------------------------------------------------------------------Update Information: Rebuild for yaml-cpp 0.6.0 to address CVE-2017-5950. --------------------------------------------------------------------------------ChangeLog: * Mon Oct 1 2018 Richard Shaw - 3.1.8-2.1 - Rebuild for yaml-cpp 0.6 due to CVE-2017-5950. * Sun Dec 3 2017 Mattia Verga - 3.1.8-2 - Rebuild for libkpmcore soname bump in F27 and F26 branches * Tue Nov 14 2017 Kevin Kofler - 3.1.8-1 - Update to 3.1.8 (bugfix release) - Rebase default-settings patch - Update fallback PRODUCTURL and SUPPORTURL * Wed Oct 25 2017 Kevin Kofler - 3.1.7-1 - Update to 3.1.7 * Sun Oct 22 2017 Kevin Kofler - 3.1.6-2 - Update grub2-efi* package names for 32-bit UEFI support (F27+) (#1505151) * Sat Oct 14 2017 Kevin Kofler - 3.1.6-1 - Update to 3.1.6 * Sun Oct 1 2017 Mattia Verga - 3.1.5-2 - Rebuild for libkpmcore soname bump * Wed Sep 27 2017 Kevin Kofler - 3.1.5-1 - Update to 3.1.5 - Rebase default-settings and kdesu patches - Drop "-DWITH_CRASHREPORTER:BOOL=OFF", upstream removed the crash reporter - Install calamares-python.mo, delete unusedcalamares-dummypythonqt.mo --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-22776e8ca9' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Oct 10, 2018
•Critical
Fedora
89
security advisoryfedoracritical fixFedora 24 Critical: Calamares Keyfile Issue In Initramfs
A security update that fixes Calamares bug CAL-405: When installing with a LUKS-encrypted `/` partition, Calamares was always creating a keyfile to decode `/` and storing it in the initramfs. It did that even with an unencrypted separate `/boot` partition. As a result, the keyfile would be stored in cleartext on the `/boot`. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-5c7e9b8778 2016-12-01 14:01:53.390915 -------------------------------------------------------------------------------- Name : calamares Product : Fedora 24 Version : 2.4.4 Release : 5.fc24 URL : https://calamares.io/ Summary : Installer from a live CD/DVD/USB to disk Description : Calamares is a distribution-independent installer framework, designed to install from a live CD/DVD/USB environment to a hard disk. It includes a graphical installation program based on Qt 5. This package includes the Calamares framework and the required configuration files to produce a working replacement for Anaconda's liveinst. -------------------------------------------------------------------------------- Update Information: A security update that fixes Calamares bug CAL-405: When installing with a LUKS-encrypted `/` partition, Calamares was always creating a keyfile to decode `/` and storing it in the initramfs. It did that even with an unencrypted separate `/boot` partition. As a result, the keyfile would be stored in cleartext on the `/boot` partition, and it was possible to unlock the `/` partition without ever entering a passphrase. This completely defeated the security of LUKS. Please note that this only affects manual partitioning. The automatic partitioning never leaves `/boot` unencrypted (and it is, in fact, recommended to also always encrypt `/boot` when doing manual partitioning). This update fixes the `dracutlukscfg` module to not add the keyfile to `install_items` in the `dracut` configuration (so that `dracut` will not include it ontothe initramfs) if `/boot` is separate and unencrypted. -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade calamares' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Dec 01, 2016
•Critical
Fedora
89
security advisoryfedoracritical updateFedora 25: CAL-405 Critical Keyfile Exposure Fix in Calamares
A security update that fixes Calamares bug CAL-405: When installing with a LUKS-encrypted `/` partition, Calamares was always creating a keyfile to decode `/` and storing it in the initramfs. It did that even with an unencrypted separate `/boot` partition. As a result, the keyfile would be stored in cleartext on the `/boot`. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-561a937494 2016-12-01 14:02:42.299707 -------------------------------------------------------------------------------- Name : calamares Product : Fedora 25 Version : 2.4.4 Release : 5.fc25 URL : https://calamares.io/ Summary : Installer from a live CD/DVD/USB to disk Description : Calamares is a distribution-independent installer framework, designed to install from a live CD/DVD/USB environment to a hard disk. It includes a graphical installation program based on Qt 5. This package includes the Calamares framework and the required configuration files to produce a working replacement for Anaconda's liveinst. -------------------------------------------------------------------------------- Update Information: A security update that fixes Calamares bug CAL-405: When installing with a LUKS-encrypted `/` partition, Calamares was always creating a keyfile to decode `/` and storing it in the initramfs. It did that even with an unencrypted separate `/boot` partition. As a result, the keyfile would be stored in cleartext on the `/boot` partition, and it was possible to unlock the `/` partition without ever entering a passphrase. This completely defeated the security of LUKS. Please note that this only affects manual partitioning. The automatic partitioning never leaves `/boot` unencrypted (and it is, in fact, recommended to also always encrypt `/boot` when doing manual partitioning). This update fixes the `dracutlukscfg` module to not add the keyfile to `install_items` in the `dracut` configuration (so that `dracut` will not include it ontothe initramfs) if `/boot` is separate and unencrypted. -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade calamares' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Dec 01, 2016
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!