Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
100
security advisorygnutlsimportant issueSUSE Linux Micro 6.0: 2025:20017-1 important: gnutls certtool crash
* bsc#1221242 * bsc#1221746 * bsc#1221747 Cross-References: . # Security update for gnutls Announcement ID: SUSE-SU-2025:20017-1 Release Date: 2025-02-03T08:48:39Z Rating: important References: * bsc#1221242 * bsc#1221746 * bsc#1221747 Cross-References: * CVE-2024-28834 * CVE-2024-28835 CVSS scores: * CVE-2024-28834 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-28834 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-28835 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2024-28835 ( NVD ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities and has one fix can now be installed. ## Description: This update for gnutls fixes the following issues: * CVE-2024-28835: certtool crash when verifying a certificate chain (bsc#1221747) * CVE-2024-28834: Fixed side-channel in the deterministic ECDSA (bsc#1221746) * jitterentropy: Release the memory of the entropy collector when using jitterentropy with phtreads as there is also a pre-initialization done in the main thread. (bsc#1221242) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-25=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * gnutls-debugsource-3.8.3-2.1 * libgnutls30-debuginfo-3.8.3-2.1 * gnutls-debuginfo-3.8.3-2.1 * libgnutls30-3.8.3-2.1 * gnutls-3.8.3-2.1 ## References: * https://www.suse.com/security/cve/CVE-2024-28834.html * https://www.suse.com/security/cve/CVE-2024-28835.html * https://bugzilla.suse.com/show_bug.cgi?id=1221242 * https://bugzilla.suse.com/show_bug.cgi?id=1221746 * https://bugzilla.suse.com/show_bug.cgi?id=1221747 . Uncover the crucial SUSE upgradethat addresses gnutls vulnerabilities and boosts overall system reliability and safety.. SUSE Linux Micro, gnutls update, security patch, important vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Jun 04, 2025
•Important
SuSE
203
security advisoryman in the middlecertificate chainMageia 7: 2020:0018 Critical: JSS Certificate Chain Trust Flaw
Updated jss packages fix security vulnerability: A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS CryptoManager, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly . MGASA-2020-0018 - Updated jss packages fix security vulnerability Publication date: 05 Jan 2020 URL: https://advisories.mageia.org/MGASA-2020-0018.html Type: security Affected Mageia releases: 7 CVE: CVE-2019-14823 Updated jss packages fix security vulnerability: A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS CryptoManager, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle (CVE-2019-14823). References: - https://bugs.mageia.org/show_bug.cgi?id=25958 - https://lists.fedoraproject.org/archives/list/
Jan 05, 2020
•Critical
Mageia
197
security advisorydebianfirefoxDebian 8: DLA-1780-1 Critical: Firefox ESR Certificate Issue Fix
Firefox 60.6.2 ESR repairs a certificate chain issue that caused extensions to be disabled in the past few days. More information, and details of known remaining issues, can be found at https://www.firefox.com/en-US/firefox/60.6.2/releasenotes/?redirect_source=mozilla-org and . Package : firefox-esr Version : 60.6.2esr-1~deb8u1 Debian Bug : 928415 928449 928509 Firefox 60.6.2 ESR repairs a certificate chain issue that caused extensions to be disabled in the past few days. More information, and details of known remaining issues, can be found at https://www.firefox.com/en-US/firefox/60.6.2/releasenotes/?redirect_source=mozilla-org and Installing this update will re-enable any extensions that were disabled due to this issue. Extensions installed from Debian packages were not affected. For Debian 8 "Jessie", this problem has been fixed in version 60.6.2esr-1~deb8u1. We recommend that you upgrade your firefox-esr packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Firefox ESR 60.6.2 resolves a certificate chain problem that hinders extension functionality. Users on Debian 8 are advised to upgrade.. Firefox ESR, Debian Security, Certificate Issue, Update Recommendation. . Severity: Critical. LinuxSecurity.com Team
May 06, 2019
•Critical
Debian LTS
89
security advisorymoderateFedoraFedora 34: 2023-0145 High: NTP Certificate Vulnerability Widespread
This update fixes CVE-2009-0021: NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2009-0544 2009-01-14 23:38:30 --------------------------------------------------------------------------------Name : ntp Product : Fedora 10 Version : 4.2.4p6 Release : 1.fc10 URL : http://www.ntp.org Summary : The NTP daemon and utilities Description : The Network Time Protocol (NTP) is used to synchronize a computer's time with another reference time source. This package includes ntpd (a daemon which continuously adjusts system time) and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl package and the ntpdate program is in the ntpdate package. --------------------------------------------------------------------------------Update Information: This update fixes CVE-2009-0021: NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077. --------------------------------------------------------------------------------ChangeLog: * Mon Jan 12 2009 Miroslav Lichvar 4.2.4p6-1 - update to 4.2.4p6 (CVE-2009-0021) --------------------------------------------------------------------------------References: [ 1 ] Bug #476807 - CVE-2009-0021 ntp incorrectly checks for malformed signatures https://bugzilla.redhat.com/show_bug.cgi?id=476807 --------------------------------------------------------------------------------This update can be installed with the "yum" update program. Use su -c 'yum update ntp' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailing list
Jan 26, 2009
Fedora
99
security advisorysecurity fixslackwareDebian: 2023-510-04 Urgent: OpenSSL Vulnerability Exploit
New gnutls packages are available for Slackware 12.0, 12.1, and -current to correctly fix the certificate chain verification issue that the upgrade to gnutls-2.6.1 attempted to fix. Without this upgrade, processing a certificate chain containing only one self-signed certificate may cause GnuTLS linked . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] gnutls (SSA:2008-320-01) New gnutls packages are available for Slackware 12.0, 12.1, and -current to correctly fix the certificate chain verification issue that the upgrade to gnutls-2.6.1 attempted to fix. Without this upgrade, processing a certificate chain containing only one self-signed certificate may cause GnuTLS linked programs to crash. Here are the details from the Slackware 12.1 ChangeLog: +--------------------------+ patches/packages/gnutls-2.6.2-i486-1_slack12.1.tgz: Upgraded to gnutls-2.6.2. The security fix in gnutls-2.6.1 had a flaw in cases where the certificate chain contained only one self-signed certificate. This update fixes the issue. +--------------------------+ Where to find the new packages: +-----------------------------+ HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com. Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating additional FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 12.0: Updated package for Slackware 12.1: Updated package for Slackware -current: MD5 signatures: +-------------+ Slackware 12.0 package: da23cbc35ceafc3de50c1d32e235a1f0 gnutls-2.6.2-i486-1_slack12.0.tgz Slackware 12.1 package: f712d39374134e84629e2c2539f6c75f gnutls-2.6.2-i486-1_slack12.1.tgz Slackware -current package: 7a838bc68ee6c9690a524658e0c3aefa gnutls-2.6.2-i486-1.tgz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg gnutls-2.6.2-i486-1_slack12.1.tgz +-----+ . A patch for GnuTLS in Slackware addresses problems with certificate chain validation. Resolves crashes linked to self-signed certs.. GnuTLS, Slackware Update, Certificate Issue, Self-Signed Security. . Severity: Important. LinuxSecurity.com Team
Nov 16, 2008
•Important
Slackware
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!