Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 3 articles for you...
100
security advisorysecurity updatemoderate severityopenSUSE 15.6: SUSE-SU-2025:0357-1 moderate: etcd security update
* bsc#1095184 * bsc#1183703 Affected Products: * openSUSE Leap 15.6 . # Security update for etcd Announcement ID: SUSE-SU-2025:0357-1 Release Date: 2025-02-04T14:22:02Z Rating: moderate References: * bsc#1095184 * bsc#1183703 Affected Products: * openSUSE Leap 15.6 An update that has two security fixes can now be installed. ## Description: This update for etcd fixes the following issues: Security Update to version 3.5.18: * Ensure all goroutines created by StartEtcd to exit before closing the errc * mvcc: restore tombstone index if it's first revision * Bump go toolchain to 1.22.11 * Avoid deadlock in etcd.Close when stopping during bootstrapping * etcdutl/etcdutl: use datadir package to build wal/snapdir * Remove duplicated
Feb 06, 2025
SuSE
217
security advisoryimportant updateNetworkManagerOracle Linux 7 ELSA-2024-8357 Critical: NetworkManager-libreswan Config Fix
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-8357 http://linux.oracle.com/errata/ELSA-2024-8357.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: aarch64: NetworkManager-libreswan-1.2.4-2.0.1.el7.aarch64.rpm NetworkManager-libreswan-gnome-1.2.4-2.0.1.el7.aarch64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates//NetworkManager-libreswan-1.2.4-2.0.1.el7.src.rpm Related CVEs: CVE-2024-9050 Description of changes: [1.2.4-2.0.1] - Fix improper escaping of Libreswan configuration [CVE-2024-9050][Orabug: 37206712] _______________________________________________ El-errata mailing list
Nov 11, 2024
•Critical
Oracle
217
security advisorynetwork securityupdateOracle Linux 7: ELSA-2024-8357 critical: NetworkManager-libreswan fix
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-8357 http://linux.oracle.com/errata/ELSA-2024-8357.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: NetworkManager-libreswan-1.2.4-2.0.1.el7.x86_64.rpm NetworkManager-libreswan-gnome-1.2.4-2.0.1.el7.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates//NetworkManager-libreswan-1.2.4-2.0.1.el7.src.rpm Related CVEs: CVE-2024-9050 Description of changes: [1.2.4-2.0.1] - Fix improper escaping of Libreswan configuration [CVE-2024-9050][Orabug: 37206712] _______________________________________________ El-errata mailing list
Nov 11, 2024
•Critical
Oracle
219
security advisoryaccess controlimportant updateRocky Linux 8 RLSA-2024:1751 Important Access Control Issue in Unbound
Important: unbound security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2024:1751", "synopsis": "Important: unbound security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for unbound.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.\n\nSecurity Fix(es):\n\n* A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. The default combination of the \"control-use-cert: no\" option with either explicit or implicit use of an IP address in the \"control-interface\" option could allow improper access. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged local process to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.\n\nTo mitigate the vulnerability, a new file \"/etc/unbound/conf.d/remote-control.conf\" has been added and included in the main unbound configuration file, \"unbound.conf\". The file contains two directives that should limit access to unbound.conf:\n\n control-interface: \"/run/unbound/control\"\n control-use-cert: \"yes\"\n\nFor details about these directives, run \"man unbound.conf\".\n\nUpdating to the version of unbound provided by this advisory should, in most cases, address the vulnerability. To verify that your configuration is not vulnerable, use the \"unbound-control status | grep control\" command. If the output contains \"control(ssl)\" or \"control(namedpipe)\", your configuration is not vulnerable. If the command output returns only \"control\", the configuration isvulnerable because it does not enforce access only to the unbound group members. To fix your configuration, add the line \"include: /etc/unbound/conf.d/remote-control.conf\" to the end of the file \"/etc/unbound/unbound.conf\". If you use a custom \"/etc/unbound/conf.d/remote-control.conf\" file, add the new directives to this file. (CVE-2024-1488)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2264183", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2264183", "description": ""}], "cves": [{"name": "CVE-2024-1488", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-1488", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}], "references": [], "publishedAt": "2024-05-06T13:04:21.002456Z", "rpms": {"Rocky Linux 8": {"nvras": ["python3-unbound-0:1.16.2-5.el8_9.6.aarch64.rpm", "python3-unbound-0:1.16.2-5.el8_9.6.x86_64.rpm", "python3-unbound-debuginfo-0:1.16.2-5.el8_9.6.aarch64.rpm", "python3-unbound-debuginfo-0:1.16.2-5.el8_9.6.x86_64.rpm", "unbound-0:1.16.2-5.el8_9.6.aarch64.rpm", "unbound-0:1.16.2-5.el8_9.6.src.rpm", "unbound-0:1.16.2-5.el8_9.6.x86_64.rpm", "unbound-debuginfo-0:1.16.2-5.el8_9.6.aarch64.rpm", "unbound-debuginfo-0:1.16.2-5.el8_9.6.i686.rpm", "unbound-debuginfo-0:1.16.2-5.el8_9.6.x86_64.rpm", "unbound-debugsource-0:1.16.2-5.el8_9.6.aarch64.rpm", "unbound-debugsource-0:1.16.2-5.el8_9.6.i686.rpm", "unbound-debugsource-0:1.16.2-5.el8_9.6.x86_64.rpm", "unbound-devel-0:1.16.2-5.el8_9.6.aarch64.rpm", "unbound-devel-0:1.16.2-5.el8_9.6.i686.rpm", "unbound-devel-0:1.16.2-5.el8_9.6.x86_64.rpm", "unbound-libs-0:1.16.2-5.el8_9.6.aarch64.rpm", "unbound-libs-0:1.16.2-5.el8_9.6.i686.rpm", "unbound-libs-0:1.16.2-5.el8_9.6.x86_64.rpm", "unbound-libs-debuginfo-0:1.16.2-5.el8_9.6.aarch64.rpm","unbound-libs-debuginfo-0:1.16.2-5.el8_9.6.i686.rpm", "unbound-libs-debuginfo-0:1.16.2-5.el8_9.6.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Essential Unbound upgrade for Rocky Linux 8 rectifying severe access vulnerabilities aimed at enhancing DNS resolver setups.. unbound Update, Rocky Linux Advisory, DNS Security, Access Control Fix, Important Update. . Severity: Important. LinuxSecurity.com Team
May 06, 2024
•Important
Rocky Linux
89
security advisoryFedoramoderate severityFedora 30: FEDORA-2019-7b1733dc68 Moderate: Dbus-Broker Configuration Fix
Fix an assert when configuration reload fails.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-7b1733dc68 2019-04-27 21:22:10.073892 --------------------------------------------------------------------------------Name : dbus-broker Product : Fedora 30 Version : 20 Release : 4.fc30 URL : https://github.com/bus1/dbus-broker Summary : Linux D-Bus Message Broker Description : dbus-broker is an implementation of a message bus as defined by the D-Bus specification. Its aim is to provide high performance and reliability, while keeping compatibility to the D-Bus reference implementation. It is exclusively written for Linux systems, and makes use of many modern features provided by recent Linux kernel releases. --------------------------------------------------------------------------------Update Information: Fix an assert when configuration reload fails. --------------------------------------------------------------------------------ChangeLog: * Wed Apr 17 2019 Tom Gundersen - 20-4 - Fix assert due to failing reload #1700514 --------------------------------------------------------------------------------References: [ 1 ] Bug #1700514 - [abrt] dbus-broker: service_activate(): dbus-broker-launch killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1700514 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-7b1733dc68' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Apr 27, 2019
Fedora
197
security advisorysecurity issueDebianDebian 8 Jessie DLA-1685-1 High: Drupal7 PEAR Library Security Update
Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details. Also a possible . Package : drupal7 Version : 7.32-1+deb8u15 CVE ID : CVE-2019-6338 Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details. Also a possible regression caused by CVE-2019-6339 is fixed. For Debian 8 "Jessie", this problem has been fixed in version 7.32-1+deb8u15. We recommend that you upgrade your drupal7 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Security alert: Drupal core patch for PEAR Archive_Tar library impacts settings. Urgently update Drupal 7.. Drupal7 Security Update, Debian LTS, PEAR Library. . Severity: Important. LinuxSecurity.com Team
Feb 20, 2019
•Important
Debian LTS
100
security advisorymoderateDenial of ServiceSUSE: 2018:2699-1 Moderate: Tomcat Denial Of Service And Security Fixes
An update that solves four vulnerabilities and has two fixes is now available. . SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2699-1 Rating: moderate References: #1067720 #1093697 #1095472 #1102379 #1102400 #1102410 Cross-References: CVE-2018-1336 CVE-2018-8014 CVE-2018-8034 CVE-2018-8037 Affected Products: SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that solves four vulnerabilities and has two fixes is now available. Description: This update for tomcat to 8.0.53 fixes the following issues: Security issue fixed: - CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with supplementary characters could have lead to an infinite loop in the decoder causing a Denial of Service (bsc#1102400). - CVE-2018-8034: The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default (bsc#1102379). - CVE-2018-8037: If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could have resulted in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request was completed by the application and timed out by the container at the same time. This could also have resulted in a user seeing a response intended for another user (bsc#1102410). - CVE-2018-8014: Fix insecure default CORS filter settings (bsc#1093697). Bug fixes: - bsc#1067720: Avoid overwriting of customer's configuration during update. - bsc#1095472: Add Obsoletes for tomcat6 packages. Patch Instructions: Toinstall this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1890=1 Package List: - SUSE Linux Enterprise Server 12-SP3 (noarch): tomcat-8.0.53-29.13.1 tomcat-admin-webapps-8.0.53-29.13.1 tomcat-docs-webapp-8.0.53-29.13.1 tomcat-el-3_0-api-8.0.53-29.13.1 tomcat-javadoc-8.0.53-29.13.1 tomcat-jsp-2_3-api-8.0.53-29.13.1 tomcat-lib-8.0.53-29.13.1 tomcat-servlet-3_1-api-8.0.53-29.13.1 tomcat-webapps-8.0.53-29.13.1 References: https://www.suse.com/security/cve/CVE-2018-1336.html https://www.suse.com/security/cve/CVE-2018-8014.html https://www.suse.com/security/cve/CVE-2018-8034.html https://www.suse.com/security/cve/CVE-2018-8037.html https://bugzilla.suse.com/1067720 https://bugzilla.suse.com/1093697 https://bugzilla.suse.com/1095472 https://bugzilla.suse.com/1102379 https://bugzilla.suse.com/1102400 https://bugzilla.suse.com/1102410 _______________________________________________ sle-security-updates mailing list
Sep 13, 2018
SuSE
89
security advisorysecurity issueupdateFedora: 2017-2aa4d11993 Critical: OpenVPN Legacy Config Fix Details
Maintenance release with several minor upstream bugfixes and a security fix related to legacy configurations deploying the deprecated `key-method 1` configuration option ([CVE-2017-12166]()) From this update of, OpenVPN will use the lz4 compression library from Fedora. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-2aa4d11993 2017-11-01 15:19:51.799784 --------------------------------------------------------------------------------Name : openvpn Product : Fedora 25 Version : 2.4.4 Release : 1.fc25 URL : Summary : A full-featured SSL VPN solution Description : OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for compression. --------------------------------------------------------------------------------Update Information: Maintenance release with several minor upstream bugfixes and a security fix related to legacy configurations deploying the deprecated `key-method 1` configuration option ([CVE-2017-12166](openvpn/wiki/CVE-2017-12166)) From this update of, OpenVPN will use the lz4 compression library from Fedora instead of the upstream bundled library. --------------------------------------------------------------------------------References: [ 1 ] Bug #1497109 - CVE-2017-12166 openvpn: Incorrect bounds check in read_key() with 'key-method 1' https://bugzilla.redhat.com/show_bug.cgi?id=1497109 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade openvpn' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signedwith the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Nov 01, 2017
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!