Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -6 articles for you...
100
Ls Advisories Suse Esm H240
Price Tag 1security advisoryhigh severitybuffer overflow

SUSE: 2025:0588-1 critical: grub2 buffer overflow and command issues

* bsc#1233606 * bsc#1233608 * bsc#1233609 * bsc#1233610 * bsc#1233612 . # Security update for grub2 Announcement ID: SUSE-SU-2025:0588-1 Release Date: 2025-02-19T07:30:54Z Rating: important References: * bsc#1233606 * bsc#1233608 * bsc#1233609 * bsc#1233610 * bsc#1233612 * bsc#1233613 * bsc#1233614 * bsc#1233615 * bsc#1233616 * bsc#1233617 * bsc#1234958 * bsc#1236316 * bsc#1236317 * bsc#1237002 * bsc#1237006 * bsc#1237008 * bsc#1237009 * bsc#1237010 * bsc#1237011 * bsc#1237012 * bsc#1237013 * bsc#1237014 Cross-References: * CVE-2024-45774 * CVE-2024-45775 * CVE-2024-45776 * CVE-2024-45777 * CVE-2024-45778 * CVE-2024-45779 * CVE-2024-45780 * CVE-2024-45781 * CVE-2024-45782 * CVE-2024-45783 * CVE-2024-56737 * CVE-2025-0622 * CVE-2025-0624 * CVE-2025-0677 * CVE-2025-0678 * CVE-2025-0684 * CVE-2025-0685 * CVE-2025-0686 * CVE-2025-0689 * CVE-2025-0690 * CVE-2025-1118 * CVE-2025-1125 CVSS scores: * CVE-2024-45774 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-45774 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-45775 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-45775 ( NVD ): 5.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H * CVE-2024-45776 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-45776 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-45777 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-45778 ( SUSE ): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L * CVE-2024-45779 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-45780 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-45781 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-45781 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-45782 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H *CVE-2024-45783 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-45783 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-56737 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56737 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-56737 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-0622 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2025-0622 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2025-0624 ( SUSE ): 7.6 CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2025-0677 ( SUSE ): 8.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-0677 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2025-0678 ( SUSE ): 8.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-0678 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2025-0684 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2025-0685 ( SUSE ): 8.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-0685 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2025-0686 ( SUSE ): 8.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-0686 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2025-0689 ( SUSE ): 8.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-0689 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2025-0690 ( SUSE ): 7.3 CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-0690 ( SUSE ): 6.1 CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H * CVE-2025-1118 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-1118 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2025-1125 ( SUSE ): 8.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-1125 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 Module * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 Module An update that solves 22 vulnerabilities can now be installed. ## Description: This update for grub2 fixes the following issues: * CVE-2024-45781: Fixed strcpy overflow in ufs. (bsc#1233617) * CVE-2024-56737: Fixed a heap-based buffer overflow in hfs. (bsc#1234958) * CVE-2024-45782: Fixed strcpy overflow in hfs. (bsc#1233615) * CVE-2024-45780: Fixed an overflow in tar/cpio. (bsc#1233614) * CVE-2024-45783: Fixed a refcount overflow in hfsplus. (bsc#1233616) * CVE-2024-45774: Fixed a heap overflow in JPEG parser. (bsc#1233609) * CVE-2024-45775: Fixed a missing NULL check in extcmd parser. (bsc#1233610) * CVE-2024-45776: Fixed an overflow in .MO file handling. (bsc#1233612) * CVE-2024-45777: Fixed an integer overflow in gettext. (bsc#1233613) * CVE-2024-45778: Fixed bfs filesystem by removing it from lockdown capable modules. (bsc#1233606) * CVE-2024-45779: Fixed a heap overflow in bfs. (bsc#1233608) * CVE-2025-0624: Fixed an out-of-bounds write during the network boot process. (bsc#1236316) * CVE-2025-0622: Fixed a use-after-free when handling hooks during module unload in command/gpg . (bsc#1236317) * CVE-2025-0690:Fixed an integer overflow that may lead to an out-of-bounds write through the read command. (bsc#1237012) * CVE-2025-1118: Fixed an issue where the dump command was not being blocked when grub was in lockdown mode. (bsc#1237013) * CVE-2025-0677: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in ufs. (bsc#1237002) * CVE-2025-0684: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in reiserfs. (bsc#1237008) * CVE-2025-0685: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in jfs. (bsc#1237009) * CVE-2025-0686: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in romfs. (bsc#1237010) * CVE-2025-0689: Fixed a heap-based buffer overflow in udf that may lead to arbitrary code execution. (bsc#1237011) * CVE-2025-1125: Fixed an integer overflow that may lead to an out-of-bounds write in hfs. (bsc#1237014) * CVE-2025-0678: Fixed an integer overflow that may lead to an out-of-bounds write in squash4. (bsc#1237006) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-588=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-588=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2025-588=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-588=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-588=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-588=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patchSUSE-SLE-Micro-5.3-2025-588=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-588=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-588=1 * SUSE Manager Proxy 4.3 Module zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2025-588=1 * SUSE Manager Server 4.3 Module zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2025-588=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-588=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-588=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-588=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * grub2-debuginfo-2.06-150400.11.55.2 * grub2-2.06-150400.11.55.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * grub2-x86_64-efi-2.06-150400.11.55.2 * grub2-systemd-sleep-plugin-2.06-150400.11.55.2 * grub2-powerpc-ieee1275-2.06-150400.11.55.2 * grub2-x86_64-xen-2.06-150400.11.55.2 * grub2-i386-pc-2.06-150400.11.55.2 * grub2-snapper-plugin-2.06-150400.11.55.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * grub2-debugsource-2.06-150400.11.55.2 * SUSE Manager Proxy 4.3 (x86_64) * grub2-debuginfo-2.06-150400.11.55.2 * grub2-debugsource-2.06-150400.11.55.2 * grub2-2.06-150400.11.55.2 * SUSE Manager Proxy 4.3 (noarch) * grub2-x86_64-efi-2.06-150400.11.55.2 * grub2-systemd-sleep-plugin-2.06-150400.11.55.2 * grub2-x86_64-xen-2.06-150400.11.55.2 * grub2-i386-pc-2.06-150400.11.55.2 * grub2-snapper-plugin-2.06-150400.11.55.2 * SUSE Manager Retail Branch Server 4.3 (x86_64) * grub2-debuginfo-2.06-150400.11.55.2 * grub2-debugsource-2.06-150400.11.55.2 *grub2-2.06-150400.11.55.2 * SUSE Manager Retail Branch Server 4.3 (noarch) * grub2-x86_64-efi-2.06-150400.11.55.2 * grub2-systemd-sleep-plugin-2.06-150400.11.55.2 * grub2-x86_64-xen-2.06-150400.11.55.2 * grub2-i386-pc-2.06-150400.11.55.2 * grub2-snapper-plugin-2.06-150400.11.55.2 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * grub2-debuginfo-2.06-150400.11.55.2 * grub2-2.06-150400.11.55.2 * SUSE Manager Server 4.3 (noarch) * grub2-x86_64-efi-2.06-150400.11.55.2 * grub2-systemd-sleep-plugin-2.06-150400.11.55.2 * grub2-powerpc-ieee1275-2.06-150400.11.55.2 * grub2-x86_64-xen-2.06-150400.11.55.2 * grub2-i386-pc-2.06-150400.11.55.2 * grub2-snapper-plugin-2.06-150400.11.55.2 * SUSE Manager Server 4.3 (s390x x86_64) * grub2-debugsource-2.06-150400.11.55.2 * SUSE Manager Server 4.3 (s390x) * grub2-s390x-emu-2.06-150400.11.55.2 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * grub2-debuginfo-2.06-150400.11.55.2 * grub2-2.06-150400.11.55.2 * grub2-branding-upstream-2.06-150400.11.55.2 * openSUSE Leap 15.4 (aarch64 s390x x86_64 i586) * grub2-debugsource-2.06-150400.11.55.2 * openSUSE Leap 15.4 (noarch) * grub2-i386-pc-extras-2.06-150400.11.55.2 * grub2-powerpc-ieee1275-2.06-150400.11.55.2 * grub2-i386-efi-extras-2.06-150400.11.55.2 * grub2-i386-efi-2.06-150400.11.55.2 * grub2-powerpc-ieee1275-extras-2.06-150400.11.55.2 * grub2-x86_64-xen-extras-2.06-150400.11.55.2 * grub2-arm64-efi-debug-2.06-150400.11.55.2 * grub2-systemd-sleep-plugin-2.06-150400.11.55.2 * grub2-x86_64-efi-debug-2.06-150400.11.55.2 * grub2-i386-pc-debug-2.06-150400.11.55.2 * grub2-snapper-plugin-2.06-150400.11.55.2 * grub2-i386-xen-extras-2.06-150400.11.55.2 * grub2-i386-xen-2.06-150400.11.55.2 * grub2-arm64-efi-extras-2.06-150400.11.55.2 * grub2-i386-efi-debug-2.06-150400.11.55.2 * grub2-i386-pc-2.06-150400.11.55.2 * grub2-x86_64-efi-2.06-150400.11.55.2 *grub2-arm64-efi-2.06-150400.11.55.2 * grub2-powerpc-ieee1275-debug-2.06-150400.11.55.2 * grub2-x86_64-xen-2.06-150400.11.55.2 * grub2-x86_64-efi-extras-2.06-150400.11.55.2 * grub2-s390x-emu-extras-2.06-150400.11.55.2 * openSUSE Leap 15.4 (s390x) * grub2-s390x-emu-debug-2.06-150400.11.55.2 * grub2-s390x-emu-2.06-150400.11.55.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * grub2-debuginfo-2.06-150400.11.55.2 * grub2-debugsource-2.06-150400.11.55.2 * grub2-2.06-150400.11.55.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * grub2-x86_64-efi-2.06-150400.11.55.2 * grub2-arm64-efi-2.06-150400.11.55.2 * grub2-x86_64-xen-2.06-150400.11.55.2 * grub2-i386-pc-2.06-150400.11.55.2 * grub2-snapper-plugin-2.06-150400.11.55.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (s390x) * grub2-s390x-emu-2.06-150400.11.55.2 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * grub2-debuginfo-2.06-150400.11.55.2 * grub2-debugsource-2.06-150400.11.55.2 * grub2-2.06-150400.11.55.2 * SUSE Linux Enterprise Micro 5.3 (noarch) * grub2-x86_64-efi-2.06-150400.11.55.2 * grub2-arm64-efi-2.06-150400.11.55.2 * grub2-x86_64-xen-2.06-150400.11.55.2 * grub2-i386-pc-2.06-150400.11.55.2 * grub2-snapper-plugin-2.06-150400.11.55.2 * SUSE Linux Enterprise Micro 5.3 (s390x) * grub2-s390x-emu-2.06-150400.11.55.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * grub2-debuginfo-2.06-150400.11.55.2 * grub2-debugsource-2.06-150400.11.55.2 * grub2-2.06-150400.11.55.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * grub2-x86_64-efi-2.06-150400.11.55.2 * grub2-arm64-efi-2.06-150400.11.55.2 * grub2-x86_64-xen-2.06-150400.11.55.2 * grub2-i386-pc-2.06-150400.11.55.2 * grub2-snapper-plugin-2.06-150400.11.55.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (s390x) * grub2-s390x-emu-2.06-150400.11.55.2 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390xx86_64) * grub2-debuginfo-2.06-150400.11.55.2 * grub2-debugsource-2.06-150400.11.55.2 * grub2-2.06-150400.11.55.2 * SUSE Linux Enterprise Micro 5.4 (noarch) * grub2-x86_64-efi-2.06-150400.11.55.2 * grub2-arm64-efi-2.06-150400.11.55.2 * grub2-x86_64-xen-2.06-150400.11.55.2 * grub2-i386-pc-2.06-150400.11.55.2 * grub2-snapper-plugin-2.06-150400.11.55.2 * SUSE Linux Enterprise Micro 5.4 (s390x) * grub2-s390x-emu-2.06-150400.11.55.2 * SUSE Manager Proxy 4.3 Module (noarch) * grub2-arm64-efi-2.06-150400.11.55.2 * SUSE Manager Server 4.3 Module (noarch) * grub2-powerpc-ieee1275-2.06-150400.11.55.2 * grub2-arm64-efi-2.06-150400.11.55.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * grub2-debuginfo-2.06-150400.11.55.2 * grub2-debugsource-2.06-150400.11.55.2 * grub2-2.06-150400.11.55.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * grub2-x86_64-efi-2.06-150400.11.55.2 * grub2-systemd-sleep-plugin-2.06-150400.11.55.2 * grub2-arm64-efi-2.06-150400.11.55.2 * grub2-x86_64-xen-2.06-150400.11.55.2 * grub2-i386-pc-2.06-150400.11.55.2 * grub2-snapper-plugin-2.06-150400.11.55.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * grub2-debuginfo-2.06-150400.11.55.2 * grub2-debugsource-2.06-150400.11.55.2 * grub2-2.06-150400.11.55.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * grub2-x86_64-efi-2.06-150400.11.55.2 * grub2-systemd-sleep-plugin-2.06-150400.11.55.2 * grub2-arm64-efi-2.06-150400.11.55.2 * grub2-x86_64-xen-2.06-150400.11.55.2 * grub2-i386-pc-2.06-150400.11.55.2 * grub2-snapper-plugin-2.06-150400.11.55.2 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * grub2-debuginfo-2.06-150400.11.55.2 * grub2-2.06-150400.11.55.2 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * grub2-x86_64-efi-2.06-150400.11.55.2 *grub2-systemd-sleep-plugin-2.06-150400.11.55.2 * grub2-powerpc-ieee1275-2.06-150400.11.55.2 * grub2-arm64-efi-2.06-150400.11.55.2 * grub2-x86_64-xen-2.06-150400.11.55.2 * grub2-i386-pc-2.06-150400.11.55.2 * grub2-snapper-plugin-2.06-150400.11.55.2 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 s390x x86_64) * grub2-debugsource-2.06-150400.11.55.2 * SUSE Linux Enterprise Server 15 SP4 LTSS (s390x) * grub2-s390x-emu-2.06-150400.11.55.2 ## References: * https://www.suse.com/security/cve/CVE-2024-45774.html * https://www.suse.com/security/cve/CVE-2024-45775.html * https://www.suse.com/security/cve/CVE-2024-45776.html * https://www.suse.com/security/cve/CVE-2024-45777.html * https://www.suse.com/security/cve/CVE-2024-45778.html * https://www.suse.com/security/cve/CVE-2024-45779.html * https://www.suse.com/security/cve/CVE-2024-45780.html * https://www.suse.com/security/cve/CVE-2024-45781.html * https://www.suse.com/security/cve/CVE-2024-45782.html * https://www.suse.com/security/cve/CVE-2024-45783.html * https://www.suse.com/security/cve/CVE-2024-56737.html * https://www.suse.com/security/cve/CVE-2025-0622.html * https://www.suse.com/security/cve/CVE-2025-0624.html * https://www.suse.com/security/cve/CVE-2025-0677.html * https://www.suse.com/security/cve/CVE-2025-0678.html * https://www.suse.com/security/cve/CVE-2025-0684.html * https://www.suse.com/security/cve/CVE-2025-0685.html * https://www.suse.com/security/cve/CVE-2025-0686.html * https://www.suse.com/security/cve/CVE-2025-0689.html * https://www.suse.com/security/cve/CVE-2025-0690.html * https://www.suse.com/security/cve/CVE-2025-1118.html * https://www.suse.com/security/cve/CVE-2025-1125.html * https://bugzilla.suse.com/show_bug.cgi?id=1233606 * https://bugzilla.suse.com/show_bug.cgi?id=1233608 * https://bugzilla.suse.com/show_bug.cgi?id=1233609 * https://bugzilla.suse.com/show_bug.cgi?id=1233610 * https://bugzilla.suse.com/show_bug.cgi?id=1233612 *https://bugzilla.suse.com/show_bug.cgi?id=1233613 * https://bugzilla.suse.com/show_bug.cgi?id=1233614 * https://bugzilla.suse.com/show_bug.cgi?id=1233615 * https://bugzilla.suse.com/show_bug.cgi?id=1233616 * https://bugzilla.suse.com/show_bug.cgi?id=1233617 * https://bugzilla.suse.com/show_bug.cgi?id=1234958 * https://bugzilla.suse.com/show_bug.cgi?id=1236316 * https://bugzilla.suse.com/show_bug.cgi?id=1236317 * https://bugzilla.suse.com/show_bug.cgi?id=1237002 * https://bugzilla.suse.com/show_bug.cgi?id=1237006 * https://bugzilla.suse.com/show_bug.cgi?id=1237008 * https://bugzilla.suse.com/show_bug.cgi?id=1237009 * https://bugzilla.suse.com/show_bug.cgi?id=1237010 * https://bugzilla.suse.com/show_bug.cgi?id=1237011 * https://bugzilla.suse.com/show_bug.cgi?id=1237012 * https://bugzilla.suse.com/show_bug.cgi?id=1237013 * https://bugzilla.suse.com/show_bug.cgi?id=1237014 . Essential enhancements resolving various concerns in grub2 for SUSE Enterprise. Apply updates swiftly to ensure security.. SUSE, Grub2, Patch Management, Linux Security. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Feb 19, 2025 Critical SuSE
203
Ls Advisories Mageia Esm H240
Price Tag 1security advisorycriticalsoftware update

Mageia 6 MGASA-2019-0058 Critical: Gitolite Rsync Command Handling Issue

In commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P (CVE-2018-20683). . MGASA-2019-0058 - Updated gitolite packages fixes security vulnerability Publication date: 31 Jan 2019 URL: https://advisories.mageia.org/MGASA-2019-0058.html Type: security Affected Mageia releases: 6 CVE: CVE-2018-20683 In commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P (CVE-2018-20683). References: - https://bugs.mageia.org/show_bug.cgi?id=24210 - - https://www.cve.org/CVERecord?id=CVE-2018-20683 SRPMS: - 6/core/gitolite-3.6.11-1.mga6 . MGASA-2019-0058 - Updated gitolite packages fixes security vulnerability Publication date: 31 Jan 20. gitolite, rsync, commands/rsync, enables, mishandles. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jan 31, 2019 Critical Mageia
Banner 1 1028x280 1708121660 1771599717
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryupdateFedora

Fedora 26: php-pear-PHP-CodeSniffer Critical Update for Code Execution Risk

**Version 3.0.1** - This release contains a fix for a **security advisory** related to the improper handling of a shell command - A properly crafted filename would allow for arbitrary code execution when using the --filter=gitmodified command line option - All version 3 users are encouraged to upgrade to this version, especially if you are checking 3rd-party. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-b85d51cc47 2017-06-19 14:32:24.981205 --------------------------------------------------------------------------------Name : php-pear-PHP-CodeSniffer Product : Fedora 26 Version : 3.0.1 Release : 1.fc26 URL : https://pear.php.net/package/PHP_CodeSniffer Summary : PHP coding standards enforcement tool Description : PHP_CodeSniffer provides functionality to verify that code conforms to certain standards, such as PEAR, or user-defined. --------------------------------------------------------------------------------Update Information: **Version 3.0.1** - This release contains a fix for a **security advisory** related to the improper handling of a shell command - A properly crafted filename would allow for arbitrary code execution when using the --filter=gitmodified command line option - All version 3 users are encouraged to upgrade to this version, especially if you are checking 3rd-party code - e.g., you run PHPCS over libraries that you did not write - e.g., you provide a web service that runs PHPCS over user-uploaded files or 3rd-party repositories - e.g., you allow external tool paths to be set by user-defined values - If you are unable to upgrade but you check 3rd-party code, ensure you are not using the Git modified filter - This advisory does not affect PHP_CodeSniffer version 2. - Thanks to Sergei Morozov for the report and patch - Arguments on the command line now override or merge with those specified in a ruleset.xml file in allcases - PHPCS now stops looking for a phpcs.xml file as soon as one is found, favoring the closest one to the current dir - Added missing help text for the --stdin-path CLI option to --help - Re-added missing help text for the --file-list and --bootstrap CLI options to --help - Runner::runPHPCS() and Runner::runPHPCBF() now return an exit code instead of exiting directly (request #1484) - The Squiz standard now enforces short array syntax by default - The autoloader is now working correctly with classes created with class_alias() - The autoloader will now search for files inside all directories in the installed_paths config var - This allows autoloading of files inside included custom coding standards without manually requiring them - You can now specify a namespace for a custom coding standard, used by the autoloader to load non-sniff helper files - Also used by the autoloader to help other standards directly include sniffs for your standard - Set the value to the namespace prefix you are using for sniff files (everything up to \Sniffs\) - e.g., if your namespace format is MyProject\CS\Standard\Sniffs\Category set the namespace to MyProject\CS\Standard - If ommitted, the namespace is assumed to be the same as the directory name containing the ruleset.xml file - The namespace is set in the ruleset tag of the ruleset.xml file - e.g., ruleset name="My Coding Standard" namespace="MyProject\CS\Standard" - Rulesets can now specify custom autoloaders using the new autoload tag - Autloaders are included while the ruleset is being processed and before any custom sniffs are included - Allows for very custom autoloading of helper classes well before the boostrap files are included - The PEAR standard now includes Squiz.Commenting.DocCommentAlignment - It previously broke comments onto multiple lines, but didn't align them - Fixed a problem where excluding a message from a custom standard's own sniff would exclude the whole sniff - This caused some PSR2 errorsto be under-reported - Fixed bug #1442 : T_NULLABLE detection not working for nullable parameters and return type hints in some cases - Fixed bug #1447 : Running the unit tests with a phpunit config file breaks the test suite - Unknown arguments were not being handled correctly, but are now stored in $config-> unknown - Fixed bug #1449 : Generic.Classes.OpeningBraceSameLine doesn't detect comment before opening brace - Thanks to Juliette Reinders Folmer for the patch - Fixed bug #1450 : Coding standard located under an installed_path with the same directory name throws an error - Thanks to Juliette Reinders Folmer for the patch -Fixed bug #1451 : Sniff exclusions/restrictions dont work with custom sniffs unless they use the PHP_CodeSniffer NS - Fixed bug #1454 : Squiz.WhiteSpace.OperatorSpacing is not checking spacing on either side of a short ternary operator - Thanks to Mponos George for the patch - Fixed bug #1495 : Setting an invalid installed path breaks all commands - Fixed bug #1496 : Squiz.Strings.DoubleQuoteUsage not unescaping dollar sign when fixing -Thanks to Micha? Bundyra for the patch - Fixed bug #1501 : Interactive mode is broken - Fixed bug #1504 : PSR2.Namespaces.UseDeclaration hangs fixing use statement with no trailing code --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade php-pear-PHP-CodeSniffer' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email This email address is being protected from spambots. You need JavaScript enabled to view it. . Essential security patch for php-pear-PHP-CodeSniffer in Fedora 26 to mitigate risks of unauthorized code execution.. php Pear Security Fix,Fedora Codesniffer Update,Shell Command Handling,Arbitrary Code Execution. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jun 19, 2017 Critical Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here