Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 515
Alerts This Week
Warning Icon 1 515

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 235 articles for you...
89

Fedora 44 docker-buildx 0.34.0 CVE-2026-39984 Fix Improper Validation

Update to release v0.34.0 Resolves: rhbz#2467576 Resolves CVE-2026-39984: rhbz#2458930 Upstream new features and fixes. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-7f8de90b74 2026-05-23 00:56:16.173313+00:00 -------------------------------------------------------------------------------- Name : docker-buildx Product : Fedora 44 Version : 0.34.0 Release : 1.fc44 URL : https://github.com/docker/buildx Summary : Docker CLI plugin for extended build capabilities with BuildKit Description : Docker CLI plugin for extended build capabilities with BuildKit. -------------------------------------------------------------------------------- Update Information: Update to release v0.34.0 Resolves: rhbz#2467576 Resolves CVE-2026-39984: rhbz#2458930 Upstream new features and fixes -------------------------------------------------------------------------------- ChangeLog: * Wed May 13 2026 Bradley G Smith - 0.34.0-1 - Update to release v0.34.0 - Resolves: rhbz#2467576 - Resolves CVE-2026-39984: rhbz#2458930 - Upstream new features and fixes * Thu Apr 2 2026 Bradley G Smith - 0.33.0-2 - Update to new spec file - Regenerate spec file using go2rpm - Use gocheck2. Current v0.33.0 release will sometimes fail during check phase with an https related test. No obvious pattern related to architecture. gocheck2 will allow for test to be skipped if needed -------------------------------------------------------------------------------- References: [ 1 ] Bug #2458930 - CVE-2026-39984 docker-buildx: improper certificate validation in verifier [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2458930 [ 2 ] Bug #2467576 - docker-buildx-0.34.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2467576 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su-c 'dnf upgrade --advisory FEDORA-2026-7f8de90b74' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Update to Fedora 44 docker-buildx v0.34.0 resolves CVE-2026-39984 with new features and security fixes.. Fedora 44 security update, docker-buildx CVE-2026-39984, container security update. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 23, 2026 Important Fedora
100

SUSE Podman Important Threats Security Update 2026-21291-1

An update that solves five vulnerabilities can now be installed.. # Security update for podman Announcement ID: SUSE-SU-2026:21291-1 Release Date: 2026-04-23T12:24:25Z Rating: important References: * bsc#1252376 * bsc#1253542 * bsc#1253993 Cross-References: * CVE-2025-31133 * CVE-2025-47913 * CVE-2025-47914 * CVE-2025-52565 * CVE-2025-52881 CVSS scores: * CVE-2025-31133 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-31133 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-31133 ( NVD ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-31133 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2025-47913 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-47913 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-47913 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-47914 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-47914 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-47914 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-52565 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-52565 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-52565 ( NVD ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-52565 ( NVD ): 7.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H * CVE-2025-52881 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-52881 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H *CVE-2025-52881 ( NVD ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-52881 ( NVD ): 7.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves five vulnerabilities can now be installed. ## Description: This update for podman fixes the following issues: * CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: Container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files (bsc#1252376). * CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253542). * CVE-2025-47914: golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read (bsc#1253993). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-506=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * podmansh-5.4.2-slfo.1.1_4.1 * podman-debuginfo-5.4.2-slfo.1.1_4.1 * podman-5.4.2-slfo.1.1_4.1 * podman-remote-5.4.2-slfo.1.1_4.1 * podman-remote-debuginfo-5.4.2-slfo.1.1_4.1 * SUSE Linux Micro 6.1 (noarch) * podman-docker-5.4.2-slfo.1.1_4.1 ## References: * https://www.suse.com/security/cve/CVE-2025-31133.html * https://www.suse.com/security/cve/CVE-2025-47913.html * https://www.suse.com/security/cve/CVE-2025-47914.html * https://www.suse.com/security/cve/CVE-2025-52565.html * https://www.suse.com/security/cve/CVE-2025-52881.html * https://bugzilla.suse.com/show_bug.cgi?id=1252376 * https://bugzilla.suse.com/show_bug.cgi?id=1253542 *https://bugzilla.suse.com/show_bug.cgi?id=1253993 . An important update for SUSE enhancing podman security against five key exploits effectively.. SUSE podman vulnerabilities important update threats patches. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Apr 27, 2026 Important SuSE
100

SUSE Kubevirt Important Update Fixes DoS Issues 2026-0479-1

An update that solves two vulnerabilities and has one security fix can now be installed.. # Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t Announcement ID: SUSE-SU-2026:0479-1 Release Date: 2026-02-12T15:34:12Z Rating: important References: * bsc#1253189 * bsc#1257128 * bsc#1257422 Cross-References: * CVE-2024-45310 * CVE-2025-64435 CVSS scores: * CVE-2024-45310 ( SUSE ): 3.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N * CVE-2024-45310 ( NVD ): 3.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N * CVE-2024-45310 ( NVD ): 3.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N * CVE-2025-64435 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-64435 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-64435 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Containers Module 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for kubevirt, virt-api-container, virt-controller-container, virt- exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator- container, virt-pr-helper-container, virt-synchronization-controller-container fixes the following issues: Update to version 1.7.0. (bsc#1257128) Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.7.0 * CVE-2025-64435: Fixes logic flaw in the virt-controller can lead to incorrect status updates and potentially causing a DoS (bsc#1253189 ) * CVE-2024-45310: Fixes kubevirt vendored github.com/opencontainers/runc/libcontainer/utils: runc can betricked into creating empty files/directories on host bsc#1257422 * Upstream now uses stateless firmware for CoCo VMs. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Containers Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-479=1 ## Package List: * Containers Module 15-SP7 (aarch64 x86_64) * kubevirt-virtctl-1.7.0-150700.3.16.2 * kubevirt-virtctl-debuginfo-1.7.0-150700.3.16.2 * kubevirt-manifests-1.7.0-150700.3.16.2 ## References: * https://www.suse.com/security/cve/CVE-2024-45310.html * https://www.suse.com/security/cve/CVE-2025-64435.html * https://bugzilla.suse.com/show_bug.cgi?id=1253189 * https://bugzilla.suse.com/show_bug.cgi?id=1257128 * https://bugzilla.suse.com/show_bug.cgi?id=1257422 . An important security update for kubevirt addresses two flaws that could enhance system stability and security.. Kubevirt Update, SUSE Security, Container Vulnerabilities. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Feb 12, 2026 Important SuSE
203

Mageia 9: 2025-0176 Critical: cifs-utils Namespace Issue Fix

cifs.upcall makes an upcall to the wrong namespace in containerized environments. (CVE-2025-2312) References: - https://bugs.mageia.org/show_bug.cgi?id=34315 . MGASA-2025-0176 - Updated cifs-utils packages fix security vulnerability Publication date: 05 Jun 2025 URL: https://advisories.mageia.org/MGASA-2025-0176.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-2312 cifs.upcall makes an upcall to the wrong namespace in containerized environments. (CVE-2025-2312) References: - https://bugs.mageia.org/show_bug.cgi?id=34315 - https://ubuntu.com/security/notices/USN-7536-1 - https://www.cve.org/CVERecord?id=CVE-2025-2312 SRPMS: - 9/core/cifs-utils-7.0-1.1.mga9 . The CIFS-utils upgrade for Mageia 9 addresses a namespace problem impacting container environments with a critical severity level.. CIFS-utils, Mageia security, container security, namespace issue, vulnerability fix. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 05, 2025 Critical Mageia
89

Fedora 40: 2025-76012a9a99 critical: multiple container issues

Update to 1.17.3 Fixes CVE-2024-0134 or GHSA-7jm9-xpwx-v999 Fixes CVE-2024-0135 or GHSA-9v84-cc9j-pxr6, CVE-2024-0136 or GHSA- vcfp-63cx-4h59, and CVE-2024-0137 or GHSA-frhw-w3wm-6cw4. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-76012a9a99 2025-02-09 01:30:07.778474+00:00 -------------------------------------------------------------------------------- Name : golang-github-nvidia-container-toolkit Product : Fedora 40 Version : 1.17.3 Release : 1.fc40 URL : https://github.com/NVIDIA/nvidia-container-toolkit Summary : Build and run containers leveraging NVIDIA GPUs Description : The NVIDIA Container Toolkit allows users to build and run NVIDIA GPU accelerated containers. The toolkit includes a container runtime library and utilities to automatically configure containers to leverage NVIDIA GPUs. -------------------------------------------------------------------------------- Update Information: Update to 1.17.3 Fixes CVE-2024-0134 or GHSA-7jm9-xpwx-v999 Fixes CVE-2024-0135 or GHSA-9v84-cc9j-pxr6, CVE-2024-0136 or GHSA- vcfp-63cx-4h59, and CVE-2024-0137 or GHSA-frhw-w3wm-6cw4 -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 29 2025 Debarshi Ray - 1.17.3-1 - Update to 1.17.3 * Wed Jan 29 2025 Debarshi Ray - 1.17.2-1 - Update to 1.17.2 * Tue Jan 28 2025 Debarshi Ray - 1.17.1-1 - Update to 1.17.1 * Fri Jan 24 2025 Debarshi Ray - 1.17.0-1 - Update to 1.17.0 * Fri Jan 24 2025 Debarshi Ray - 1.16.2-2 - Synchronize linker flags with upstream -------------------------------------------------------------------------------- References: [ 1 ] Bug #2324082 - CVE-2024-0134 golang-github-nvidia-container-toolkit: specially-crafted container image can lead to the creation of unauthorized files on the host [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2324082 [ 2 ] Bug #2342483 - CVE-2024-0135golang-github-nvidia-container-toolkit: Improper Isolation or Compartmentalization in NVIDIA Container Toolkit [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2342483 [ 3 ] Bug #2342487 - CVE-2024-0137 golang-github-nvidia-container-toolkit: Improper Isolation or Compartmentalization in NVIDIA Container Toolkit [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2342487 [ 4 ] Bug #2342491 - CVE-2024-0136 golang-github-nvidia-container-toolkit: Improper Isolation or Compartmentalization in NVIDIA Container Toolkit [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2342491 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-76012a9a99' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: . The upgrade to Fedora 40's NVIDIA toolkit version 1.17.3 resolves various security vulnerabilities and improves overall container safety.. Fedora 40, NVIDIA toolkit, security patches, container vulnerabilities. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Feb 09, 2025 Critical Fedora
202

SUSE-SU-2025-0215-1 provides a moderate kubevirt update for Leap 15.6

An update that contains one feature and has one security fix can now be installed.. # Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t Announcement ID: SUSE-SU-2025:0215-1 Release Date: 2025-01-22T02:52:54Z Rating: moderate References: * bsc#1232762 * jsc#PED-10545 Affected Products: * Containers Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that contains one feature and has one security fix can now be installed. ## Description: This update for kubevirt, virt-api-container, virt-controller-container, virt- exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator- container, virt-pr-helper-container fixes the following issues: Update to version 1.4.0 * Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.4.0 * Enable aarch64 build for SLE and mark it as techpreview (jsc#PED-10545) * Drop packages: iptables, lsscsi, and socat * Fix ovmf firmware path for SEV(ES) VMs (bsc#1232762) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-215=1 openSUSE-SLE-15.6-2025-215=1 * Containers Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Containers-15-SP6-2025-215=1 ## Package List: * openSUSE Leap 15.6 (aarch64 x86_64) * kubevirt-virt-controller-1.4.0-150600.5.12.1 * kubevirt-container-disk-1.4.0-150600.5.12.1 * kubevirt-virt-exportproxy-debuginfo-1.4.0-150600.5.12.1 * kubevirt-virt-handler-debuginfo-1.4.0-150600.5.12.1 *kubevirt-virt-operator-debuginfo-1.4.0-150600.5.12.1 * kubevirt-virt-exportproxy-1.4.0-150600.5.12.1 * kubevirt-virt-launcher-1.4.0-150600.5.12.1 * kubevirt-virt-api-1.4.0-150600.5.12.1 * kubevirt-virt-controller-debuginfo-1.4.0-150600.5.12.1 * kubevirt-virt-launcher-debuginfo-1.4.0-150600.5.12.1 * obs-service-kubevirt_containers_meta-1.4.0-150600.5.12.1 * kubevirt-tests-debuginfo-1.4.0-150600.5.12.1 * kubevirt-virtctl-1.4.0-150600.5.12.1 * kubevirt-virtctl-debuginfo-1.4.0-150600.5.12.1 * kubevirt-pr-helper-conf-1.4.0-150600.5.12.1 * kubevirt-virt-api-debuginfo-1.4.0-150600.5.12.1 * kubevirt-virt-operator-1.4.0-150600.5.12.1 * kubevirt-tests-1.4.0-150600.5.12.1 * kubevirt-virt-exportserver-debuginfo-1.4.0-150600.5.12.1 * kubevirt-virt-exportserver-1.4.0-150600.5.12.1 * kubevirt-virt-handler-1.4.0-150600.5.12.1 * kubevirt-manifests-1.4.0-150600.5.12.1 * kubevirt-container-disk-debuginfo-1.4.0-150600.5.12.1 * Containers Module 15-SP6 (aarch64 x86_64) * kubevirt-manifests-1.4.0-150600.5.12.1 * kubevirt-virtctl-1.4.0-150600.5.12.1 * kubevirt-virtctl-debuginfo-1.4.0-150600.5.12.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1232762 * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FPED-10545&page_caps=&user_role= . An upgrade to kubevirt and its related containers improves resilience and addresses significant vulnerabilities.. kubevirt security update, openSUSE container update, software resilience. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jan 22, 2025 moderate OpenSUSE
202

SUSE-SU-2025-0216-1 - Moderate Security Update for openSUSE Leap 15.5 CDI

An update that can now be installed.. # Security update for cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont Announcement ID: SUSE-SU-2025:0216-1 Release Date: 2025-01-22T02:53:22Z Rating: moderate References: Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that can now be installed. ## Description: This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller- container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy- container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: * Install nbdkit-server to avoid pulling unneeded dependencies * rebuild against current GO ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2025-216=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2025-216=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-216=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-216=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-216=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patchSUSE-SLE-Product-SLES_SAP-15-SP5-2025-216=1 ## Package List: * openSUSE Leap 15.5 (x86_64) * containerized-data-importer-controller-debuginfo-1.59.0-150500.6.21.1 * containerized-data-importer-operator-debuginfo-1.59.0-150500.6.21.1 * containerized-data-importer-cloner-1.59.0-150500.6.21.1 * containerized-data-importer-manifests-1.59.0-150500.6.21.1 * containerized-data-importer-uploadserver-1.59.0-150500.6.21.1 * containerized-data-importer-importer-1.59.0-150500.6.21.1 * containerized-data-importer-operator-1.59.0-150500.6.21.1 * containerized-data-importer-api-debuginfo-1.59.0-150500.6.21.1 * containerized-data-importer-uploadserver-debuginfo-1.59.0-150500.6.21.1 * containerized-data-importer-importer-debuginfo-1.59.0-150500.6.21.1 * containerized-data-importer-uploadproxy-debuginfo-1.59.0-150500.6.21.1 * obs-service-cdi_containers_meta-1.59.0-150500.6.21.1 * containerized-data-importer-controller-1.59.0-150500.6.21.1 * containerized-data-importer-uploadproxy-1.59.0-150500.6.21.1 * containerized-data-importer-api-1.59.0-150500.6.21.1 * containerized-data-importer-cloner-debuginfo-1.59.0-150500.6.21.1 * SUSE Linux Enterprise Micro 5.5 (x86_64) * containerized-data-importer-manifests-1.59.0-150500.6.21.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64) * containerized-data-importer-manifests-1.59.0-150500.6.21.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64) * containerized-data-importer-manifests-1.59.0-150500.6.21.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64) * containerized-data-importer-manifests-1.59.0-150500.6.21.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * containerized-data-importer-manifests-1.59.0-150500.6.21.1 . Download the most recent security patch for openSUSE that resolves vulnerabilities in cdi-containers. Critical for maintaining system stability.. openSUSE Update, CDI Container Security, Linux Patch Management,Container Vulnerability Fix. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jan 22, 2025 moderate OpenSUSE
203

Mageia 9 MGASA-2025-0004: Critical runc Filesystem Issue Fixed

runc 1.1.13 and earlier as well as 1.2.0-rc2 and earlier can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers and exploiting a race with os.MkdirAll. While this can be used to create empty files, existing files **will not** be truncated. An attacker must have the ability to start . MGASA-2025-0004 - Updated opencontainers-runc packages fix security vulnerability Publication date: 10 Jan 2025 URL: https://advisories.mageia.org/MGASA-2025-0004.html Type: security Affected Mageia releases: 9 CVE: CVE-2024-45310 runc 1.1.13 and earlier as well as 1.2.0-rc2 and earlier can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers and exploiting a race with os.MkdirAll. While this can be used to create empty files, existing files **will not** be truncated. An attacker must have the ability to start containers using some kind of custom volume configuration. Containers using user namespaces are still affected, but the scope of places an attacker can create inodes can be significantly reduced. Sufficiently strict LSM policies (SELinux/Apparmor) can also in principle block this attack -- we suspect the industry standard SELinux policy may restrict this attack's scope but the exact scope of protection hasn't been analysed. This is exploitable using runc directly as well as through Docker and Kubernetes. References: - https://bugs.mageia.org/show_bug.cgi?id=33519 - https://www.openwall.com/lists/oss-security/2024/09/03/1 - https://www.cve.org/CVERecord?id=CVE-2024-45310 SRPMS: - 9/core/opencontainers-runc-1.1.14-1.mga9 . New patches for opencontainers-runc packages have been issued to mitigate severe filesystem security vulnerabilities in Mageia.. opencontainers-runc security, Mageia security updates, container filesystem issue, software vulnerabilities. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jan 10, 2025 Critical Mageia
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200