Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
100
security advisorypatchimportantSUSE: 2023:1486-2 Critical Security Patch for cdi-operator
The container suse/sles/15.5/cdi-operator was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sles/15.5/cdi-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1486-1 Container Tags : suse/sles/15.5/cdi-operator:1.55.0 , suse/sles/15.5/cdi-operator:1.55.0-150500.4.2 , suse/sles/15.5/cdi-operator:1.55.0.17.214 Container Release : 17.214 Severity : important Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - libz1-1.2.13-150500.1.19 updated - libuuid1-2.37.4-150500.7.13 updated - libsmartcols1-2.37.4-150500.7.13 updated -libblkid1-2.37.4-150500.7.13 updated - libgcrypt20-1.9.4-150500.10.17 updated - libgcrypt20-hmac-1.9.4-150500.10.17 updated - libfdisk1-2.37.4-150500.7.13 updated - libopenssl1_1-1.1.1l-150500.15.2 updated - libopenssl1_1-hmac-1.1.1l-150500.15.2 updated - libmount1-2.37.4-150500.7.13 updated - krb5-1.20.1-150500.1.2 updated - login_defs-4.8.1-150400.10.6.1 updated - sles-release-15.5-150500.42.1 updated - shadow-4.8.1-150400.10.6.1 updated - util-linux-2.37.4-150500.7.13 updated - timezone-2023c-150000.75.23.1 updated - containerized-data-importer-operator-1.55.0-150500.4.2 updated - container:sles15-image-15.0.0-34.31 updated . Critical patches released for suse/sles/15.5/cdi-manager and associated components resolving multiple vulnerabilities.. SUSE Update, CDI Operator, Container Update. . Severity: Important. LinuxSecurity.com Team
May 09, 2023
•Important
SuSE
100
security advisorymoderatesecurity updateSUSE: 2023:946-1 Moderate: cdi-operator Security Advisory
The container suse/sles/15.5/cdi-operator was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sles/15.5/cdi-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:946-1 Container Tags : suse/sles/15.5/cdi-operator:1.55.0 , suse/sles/15.5/cdi-operator:1.55.0-150500.3.16 , suse/sles/15.5/cdi-operator:1.55.0.17.186 Container Release : 17.186 Severity : moderate Type : security References : 1203537 1207571 1207957 1207975 1208358 1209209 1209210 1209211 1209212 1209214 1209533 CVE-2022-4899 CVE-2023-0687 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, checkout https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1582-1 Released: Mon Mar 27 10:31:52 2023 Summary: Security update for curl Type: security Severity: moderate References: 1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1662-1 Released: Wed Mar 29 10:36:23 2023 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1203537 This update for patterns-base fixes the following issues: - change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1688-1 Released: Wed Mar 29 18:19:10 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - libzstd1-1.5.0-150400.3.3.1 updated - libz1-1.2.13-150500.1.16 updated - libuuid1-2.37.4-150500.7.10 updated - libsmartcols1-2.37.4-150500.7.10 updated - libblkid1-2.37.4-150500.7.10 updated - libgcrypt20-1.9.4-150500.10.14 updated - libgcrypt20-hmac-1.9.4-150500.10.14 updated - libfdisk1-2.37.4-150500.7.10 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libopenssl1_1-1.1.1l-150500.13.5 updated - libopenssl1_1-hmac-1.1.1l-150500.13.5 updated - libmount1-2.37.4-150500.7.10 updated - patterns-base-fips-20200124-150400.20.4.1 updated - libcurl4-7.79.1-150400.5.18.1 updated - sles-release-15.5-150500.37.4 updated - util-linux-2.37.4-150500.7.10 updated - containerized-data-importer-operator-1.55.0-150500.3.16 updated - container:sles15-image-15.0.0-34.15 updated . SUSE Container Maintenance Notice for suse/sles/15.5/cdi-operator encompasses vital security enhancements for users.. SUSE Security Update, CDI Operator, Container Security, Container Patch, SUSE Advisory. . LinuxSecurity.com Team
Apr 05, 2023
SuSE
100
security advisorysecurity updateimportantSUSE SLES 15.4: 2022:2266-1 Important CDI Operator Security Update
The container suse/sles/15.4/cdi-operator was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sles/15.4/cdi-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2266-1 Container Tags : suse/sles/15.4/cdi-operator:1.43.0 , suse/sles/15.4/cdi-operator:1.43.0-150400.2.4 , suse/sles/15.4/cdi-operator:1.43.0.16.25 Container Release : 16.25 Severity : important Type : security References : 1197178 1198731 1198752 1200800 1202175 1202310 1202593 CVE-2022-35252 CVE-2022-37434 ----------------------------------------------------------------- The container suse/sles/15.4/cdi-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2947-1 Released: Wed Aug 31 09:16:21 2022 Summary: Security update for zlib Type: security Severity: important References: 1202175,CVE-2022-37434 This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2977-1 Released: Thu Sep 1 12:30:19 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1197178,1198731 This update for util-linux fixes the following issues: - agetty: Resolve tty name even if stdin is specified (bsc#1197178) - libmount: When moving a mount point,update all sub mount entries in utab (bsc#1198731) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3003-1 Released: Fri Sep 2 15:01:44 2022 Summary: Security update for curl Type: security Severity: low References: 1202593,CVE-2022-35252 This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service (bsc#1202593). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3127-1 Released: Wed Sep 7 04:36:10 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1198752,1200800 This update for libtirpc fixes the following issues: - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) - Fix memory leak in params.r_addr assignement (bsc#1198752) The following package changes have been done: - libtirpc-netconfig-1.2.6-150300.3.11.1 updated - libuuid1-2.37.2-150400.8.3.1 updated - libsmartcols1-2.37.2-150400.8.3.1 updated - libblkid1-2.37.2-150400.8.3.1 updated - libfdisk1-2.37.2-150400.8.3.1 updated - libz1-1.2.11-150000.3.33.1 updated - libmount1-2.37.2-150400.8.3.1 updated - libtirpc3-1.2.6-150300.3.11.1 updated - sles-release-15.5-150500.10.2 updated - libcurl4-7.79.1-150400.5.6.1 updated - util-linux-2.37.2-150400.8.3.1 updated - timezone-2022a-150000.75.10.1 updated - container:sles15-image-15.0.0-31.13 updated . SUSE Container Update Notification: suse/sles/15.4/cdi-operator features critical enhancements. Significant security fixes have been integrated.. SUSE Container Update,cdi Operator Security Update,sles 15.4 Updates,Security Patch. . Severity: Important. LinuxSecurity.com Team
Sep 16, 2022
•Important
SuSE
100
security advisorysecurity issuekernel updateSUSE: 2022:836-1 Critical: cdi operator Kernel Update for Security
The container suse/sles/15.4/cdi-operator was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sles/15.4/cdi-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:835-1 Container Tags : suse/sles/15.4/cdi-operator:1.43.0 , suse/sles/15.4/cdi-operator:1.43.0-150400.1.25 , suse/sles/15.4/cdi-operator:1.43.0.12.6 Container Release : 12.6 Severity : important Type : security References : 1194883 1196093 1197024 1197459 1198062 CVE-2018-25032 CVE-2022-1271 ----------------------------------------------------------------- The container suse/sles/15.4/cdi-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_basefixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) The following package changes have been done: - libssh-config-0.9.6-150400.1.2 updated - libzstd1-1.5.0-150400.1.58 updated - libuuid1-2.37.2-150400.6.12 updated - libsmartcols1-2.37.2-150400.6.12 updated - libsepol1-3.1-150400.1.54 updated - libeconf0-0.4.4+git20220104.962774f-150400.1.26 updated - libcom_err2-1.46.4-150400.1.66 updated - libbz2-1-1.0.8-150400.1.105 updated - libblkid1-2.37.2-150400.6.12 updated - libaudit1-3.0.6-150400.1.35 updated - libgcrypt20-1.9.4-150400.4.1 updated - libgcrypt20-hmac-1.9.4-150400.4.1 updated - libfdisk1-2.37.2-150400.6.12 updated - libz1-1.2.11-150000.3.30.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libopenssl1_1-1.1.1l-150400.4.7 updated - libopenssl1_1-hmac-1.1.1l-150400.4.7 updated - libelf1-0.185-150400.3.22 updated - libselinux1-3.1-150400.1.54 updated - libxml2-2-2.9.12-150400.3.1 updated - libsystemd0-249.11-150400.5.4 updated - libreadline7-7.0-150400.25.10 updated - libdw1-0.185-150400.3.22 updated - libsemanage1-3.1-150400.1.51 updated - libmount1-2.37.2-150400.6.12 updated - krb5-1.19.2-150400.1.6 updated - bash-4.4-150400.25.10 updated - bash-sh-4.4-150400.25.10 updated - libssh4-0.9.6-150400.1.2 updated - login_defs-4.8.1-150400.8.42 updated - cpio-2.13-150400.1.84 updated - sles-release-15.4-150400.51.3 updated - rpm-config-SUSE-1-150400.12.25 updated -permissions-20201225-150400.2.1 updated - pam-1.3.0-150000.6.55.3 updated - shadow-4.8.1-150400.8.42 updated - sysuser-shadow-3.1-150400.1.19 updated - system-group-hardware-20170617-150400.22.17 updated - util-linux-2.37.2-150400.6.12 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - containerized-data-importer-operator-1.43.0-150400.1.25 updated - container:sles15-image-15.0.0-24.46 updated - rpm-ndb-4.14.3-150400.41.6 removed . The SUSE Container Advisory Review details essential fixes incorporated in a high-priority kernel upgrade for the cdi-handler container image.. SUSE Update, Container Security, CDI-Operator, Kernel Patch, Security Enhancements. . Severity: Important. LinuxSecurity.com Team
Apr 29, 2022
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!