Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 18 articles for you...
219
security advisorysecurity issueupdateRocky Linux 8 RLSA-2025:1232 critical: kernel-rt security issue
Important: kernel-rt security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2025:1230", "synopsis": "Important: kernel-rt security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for kernel-rt.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (CVE-2024-53104)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2329817", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2329817", "description": ""}], "cves": [{"name": "CVE-2024-53104", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-53104", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}], "references": [], "publishedAt": "2025-02-26T19:10:03.077436Z", "rpms": {"Rocky Linux 8": {"nvras": ["kernel-rt-0:4.18.0-553.40.1.rt7.381.el8_10.src.rpm", "kernel-rt-0:4.18.0-553.40.1.rt7.381.el8_10.x86_64.rpm", "kernel-rt-core-0:4.18.0-553.40.1.rt7.381.el8_10.x86_64.rpm", "kernel-rt-debug-0:4.18.0-553.40.1.rt7.381.el8_10.x86_64.rpm", "kernel-rt-debug-core-0:4.18.0-553.40.1.rt7.381.el8_10.x86_64.rpm", "kernel-rt-debug-debuginfo-0:4.18.0-553.40.1.rt7.381.el8_10.x86_64.rpm", "kernel-rt-debug-devel-0:4.18.0-553.40.1.rt7.381.el8_10.x86_64.rpm", "kernel-rt-debuginfo-0:4.18.0-553.40.1.rt7.381.el8_10.x86_64.rpm", "kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.40.1.rt7.381.el8_10.x86_64.rpm","kernel-rt-debug-kvm-0:4.18.0-553.40.1.rt7.381.el8_10.x86_64.rpm", "kernel-rt-debug-modules-0:4.18.0-553.40.1.rt7.381.el8_10.x86_64.rpm", "kernel-rt-debug-modules-extra-0:4.18.0-553.40.1.rt7.381.el8_10.x86_64.rpm", "kernel-rt-devel-0:4.18.0-553.40.1.rt7.381.el8_10.x86_64.rpm", "kernel-rt-kvm-0:4.18.0-553.40.1.rt7.381.el8_10.x86_64.rpm", "kernel-rt-modules-0:4.18.0-553.40.1.rt7.381.el8_10.x86_64.rpm", "kernel-rt-modules-extra-0:4.18.0-553.40.1.rt7.381.el8_10.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Immediate kernel safety update issued for Rocky Linux 8, addressing major vulnerabilities. Essential for all deployments.. Kernel-Rt Update, Rocky Linux Security, Linux Kernel Patch. . Severity: Important. LinuxSecurity.com Team
Feb 26, 2025
•Important
Rocky Linux
89
security advisoryFedoracritical alertFedora 41: Critical Security Advisory for TLS Session Bypass Issue
Changes with nginx 1.26.3 05 Feb 2025 *) Security: insufficient check in virtual servers handling with TLSv1.3 SNI allowed to reuse SSL sessions in a different virtual server, to bypass client SSL certificates verification (CVE-2025-23419). *) Bugfix: in the ngx_http_mp4_module.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-66ebd291f8 2025-02-15 02:35:33.711202+00:00 -------------------------------------------------------------------------------- Name : nginx-mod-vts Product : Fedora 41 Version : 0.2.3 Release : 3.fc41 URL : https://github.com/vozlt/nginx-module-vts Summary : Nginx virtual host traffic status module Description : Nginx virtual host traffic status module. -------------------------------------------------------------------------------- Update Information: Changes with nginx 1.26.3 05 Feb 2025 *) Security: insufficient check in virtual servers handling with TLSv1.3 SNI allowed to reuse SSL sessions in a different virtual server, to bypass client SSL certificates verification (CVE-2025-23419). *) Bugfix: in the ngx_http_mp4_module. Thanks to Nils Bars. *) Workaround: "gzip filter failed to use preallocated memory" alerts appeared in logs when using zlib-ng. *) Bugfix: nginx could not build libatomic library using the library sources if the --with-libatomic=DIR option was used. *) Bugfix: nginx now ignores QUIC version negotiation packets from clients. *) Bugfix: nginx could not be built on Solaris 10 and earlier with the ngx_http_v3_module. *) Bugfixes in HTTP/3. -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 6 2025 Felix Kaechele - 0.2.3-3 - Rebuild for nginx 1.26.3 * Fri Jan 17 2025 Fedora Release Engineering - 0.2.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Thu Jan 2 2025 Mikel Olasagasti Uranga - 0.2.3-1 - Updateto 0.2.3 rhbz#2335121 * Mon Sep 2 2024 Miroslav Suchý - 0.2.2-11 - convert license to SPDX * Mon Aug 26 2024 Felix Kaechele - 0.2.2-10 - Rebuild for nginx 1.26.2... again. -------------------------------------------------------------------------------- References: [ 1 ] Bug #2277663 - please switch to using systemd-sysusers to create the nginx user https://bugzilla.redhat.com/show_bug.cgi?id=2277663 [ 2 ] Bug #2344198 - CVE-2025-23419 nginx: TLS Session Resumption Vulnerability [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2344198 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-66ebd291f8' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- . Fedora's nginx-module-update enhances security by fixing vulnerabilities associated with TLS session validation. Find out more.. nginx Mod VTS Update,Fedora 41 Security,TLS Session Issue,Bugfix Details. . Severity: Critical. LinuxSecurity.com Team
Feb 15, 2025
•Critical
Fedora
100
security advisorysecurity issuekernel updateSUSE 15 SP5: 2024:3632-1 critical: Linux Kernel RT Live Patch 14
* bsc#1223363 * bsc#1223683 * bsc#1225013 * bsc#1225099 * bsc#1225312 . # Security update for the Linux Kernel RT (Live Patch 14 for SLE 15 SP5) Announcement ID: SUSE-SU-2024:3632-1 Release Date: 2024-10-15T09:03:56Z Rating: important References: * bsc#1223363 * bsc#1223683 * bsc#1225013 * bsc#1225099 * bsc#1225312 * bsc#1225739 * bsc#1226325 * bsc#1228573 * bsc#1228786 Cross-References: * CVE-2023-52846 * CVE-2024-26828 * CVE-2024-26923 * CVE-2024-27398 * CVE-2024-35861 * CVE-2024-36899 * CVE-2024-36964 * CVE-2024-40954 * CVE-2024-41059 CVSS scores: * CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves nine vulnerabilities can now be installed. ## Description: This update for the Linux Kernel5.14.21-150500_13_52 fixes several issues. The following security issues were fixed: * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225099). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3632=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-3632=1 ## Package List: * openSUSE Leap 15.5 (x86_64) * kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo-5-150500.11.8.1 * kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource-5-150500.11.8.1 * kernel-livepatch-5_14_21-150500_13_52-rt-5-150500.11.8.1 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo-5-150500.11.8.1 * kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource-5-150500.11.8.1 * kernel-livepatch-5_14_21-150500_13_52-rt-5-150500.11.8.1 ## References: * https://www.suse.com/security/cve/CVE-2023-52846.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26923.html *https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225099 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 . An essential security patch for Linux Kernel RT Live Patch 14 addresses multiple vulnerabilities in SUSE environments and strengthens overall system security.. Linux Kernel Security, SUSE Patch Update, RT Live Patching Security. . Severity: Important. LinuxSecurity.com Team
Oct 15, 2024
•Important
SuSE
172
security advisorydenial of servicesoftware updateUbuntu 23.10 USN-6586-1 critical: FreeImage denial of service
Several security issues were fixed in FreeImage.. ========================================================================== Ubuntu Security Notice USN-6586-1 January 16, 2024 freeimage vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 23.04 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) - Ubuntu 14.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in FreeImage. Software Description: - freeimage: Support library for graphics image formats Details: It was discovered that FreeImage incorrectly handled certain memory operations. If a user were tricked into opening a crafted TIFF file, a remote attacker could use this issue to cause a heap buffer overflow, resulting in a denial of service attack. This issue only affected Ubuntu 16.04 LTS and Ubuntu 20.04 LTS. (CVE-2019-12211) It was discovered that FreeImage incorrectly processed images under certain circumstances. If a user were tricked into opening a crafted TIFF file, a remote attacker could possibly use this issue to cause a stack exhaustion condition, resulting in a denial of service attack. This issue only affected Ubuntu 16.04 LTS and Ubuntu 20.04 LTS. (CVE-2019-12213) It was discovered that FreeImage incorrectly processed certain images. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2020-21427, CVE-2020-21428) It was discovered that FreeImage incorrectly processed certain images. If a user or automated system were tricked into opening a specially crafted PFM file, an attacker could possibly use this issue to cause a denial of service. (CVE-2020-22524) Update instructions: The problem can be correctedby updating your system to the following package versions: Ubuntu 23.10: libfreeimage3 3.18.0+ds2-9.1ubuntu0.1 libfreeimageplus3 3.18.0+ds2-9.1ubuntu0.1 Ubuntu 23.04: libfreeimage3 3.18.0+ds2-9ubuntu0.1 libfreeimageplus3 3.18.0+ds2-9ubuntu0.1 Ubuntu 22.04 LTS: libfreeimage3 3.18.0+ds2-6ubuntu5.1 libfreeimageplus3 3.18.0+ds2-6ubuntu5.1 Ubuntu 20.04 LTS: libfreeimage3 3.18.0+ds2-1ubuntu3.1 libfreeimageplus3 3.18.0+ds2-1ubuntu3.1 Ubuntu 18.04 LTS (Available with Ubuntu Pro): libfreeimage3 3.17.0+ds1-5+deb9u1ubuntu0.1~esm1 libfreeimageplus3 3.17.0+ds1-5+deb9u1ubuntu0.1~esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): libfreeimage3 3.17.0+ds1-2ubuntu0.1+esm1 libfreeimageplus3 3.17.0+ds1-2ubuntu0.1+esm1 Ubuntu 14.04 LTS (Available with Ubuntu Pro): libfreeimage3 3.15.4-3ubuntu0.1+esm3 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6586-1 CVE-2019-12211, CVE-2019-12213, CVE-2020-21427, CVE-2020-21428, CVE-2020-22524 Package Information: https://launchpad.net/ubuntu/+source/freeimage/3.18.0+ds2-9.1ubuntu0.1 https://launchpad.net/ubuntu/+source/freeimage/3.18.0+ds2-9ubuntu0.1 https://launchpad.net/ubuntu/+source/freeimage/3.18.0+ds2-6ubuntu5.1 https://launchpad.net/ubuntu/+source/freeimage/3.18.0+ds2-1ubuntu3.1 . Latest security patches for FreeImage have been deployed on various Ubuntu releases, minimizing the potential for remote attacks and service interruptions.. FreeImage Update, Ubuntu Vulnerability Management, Denial of Service Issues. . Severity: Critical.LinuxSecurity.com Team
Jan 16, 2024
•Critical
Ubuntu
100
security advisorycritical alertimportant updatesSUSE: 2023:1234-5 Critical: bci/dotnet-core Security Update
The container bci/dotnet-aspnet was updated. The following patches have been included in this update:. SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1124-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-18.11 , bci/dotnet-aspnet:6.0.5 , bci/dotnet-aspnet:6.0.5-18.11 , bci/dotnet-aspnet:latest Container Release : 18.11 Severity : important Type : security References : 1196490 1199132 CVE-2022-23308 CVE-2022-29824 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1750-1 Released: Thu May 19 15:28:20 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490). - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). The following package changes have been done: - libxml2-2-2.9.7-150000.3.46.1 updated - container:sles15-image-15.0.0-17.17.1 updated . Crucial security patches for bci/dotnet-aspnet feature enhancements for libxml2 that counter significant vulnerabilities. Keep up to date!. Container Security, SUSE Advisory, libxml2 Issues. . Severity: Important. LinuxSecurity.com Team
May 22, 2022
•Important
SuSE
89
security advisoryFedoracritical alertFedora 36: Critical Update for golang-github-gohugoio-testmodbuilder Fix
Rebuild for CVE-2022-27191 ---- Fix FTBFS Close: rhbz#2045471. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-08ae2dd481 2022-05-07 04:08:14.315797 --------------------------------------------------------------------------------Name : golang-github-gohugoio-testmodbuilder Product : Fedora 36 Version : 0 Release : 0.9.20201030git72e1e0c.fc36 URL : https://github.com/gohugoio/testmodBuilder Summary : Some helper scripts used for Hugo testing Description : Some helper scripts used for Hugo testing. --------------------------------------------------------------------------------Update Information: Rebuild for CVE-2022-27191 ---- Fix FTBFS Close: rhbz#2045471 --------------------------------------------------------------------------------ChangeLog: * Sat Apr 16 2022 Fabio Alessandro Locati - 0-0.9 - Rebuilt for CVE-2022-27191 --------------------------------------------------------------------------------References: [ 1 ] Bug #2045471 - golang-github-appc-goaci: FTBFS in Fedora rawhide/f36 https://bugzilla.redhat.com/show_bug.cgi?id=2045471 [ 2 ] Bug #2074262 - CVE-2022-27191 golang-x-crypto: golang: crash in a golang.org/x/crypto/ssh server [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2074262 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-08ae2dd481' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailinglist --
May 07, 2022
•Critical
Fedora
98
security advisorysecurity updateRed Hat Enterprise LinuxRed Hat Enterprise Linux 8.2 RHSA-2021:1239-01 Important DPDK Segfault Fix
An update for dpdk is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: dpdk security update Advisory ID: RHSA-2021:1239-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1239 Issue date: 2021-04-19 CVE Names: CVE-2020-10725 ==================================================================== 1. Summary: An update for dpdk is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, noarch, ppc64le, x86_64 3. Description: The dpdk packages provide the Data Plane Development Kit, which is a set of libraries and drivers for fast packet processing in the user space. Security Fix(es): * dpdk: librte_vhost Malicious guest could cause segfault by sending invalid Virtio descriptor (CVE-2020-10725) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1828894 - CVE-2020-10725 dpdk: librte_vhost Malicious guest could cause segfault by sending invalid Virtiodescriptor 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.2): Source: dpdk-19.11-5.el8_2.src.rpm aarch64: dpdk-19.11-5.el8_2.aarch64.rpm dpdk-debuginfo-19.11-5.el8_2.aarch64.rpm dpdk-debugsource-19.11-5.el8_2.aarch64.rpm dpdk-devel-19.11-5.el8_2.aarch64.rpm dpdk-devel-debuginfo-19.11-5.el8_2.aarch64.rpm dpdk-tools-19.11-5.el8_2.aarch64.rpm noarch: dpdk-doc-19.11-5.el8_2.noarch.rpm ppc64le: dpdk-19.11-5.el8_2.ppc64le.rpm dpdk-debuginfo-19.11-5.el8_2.ppc64le.rpm dpdk-debugsource-19.11-5.el8_2.ppc64le.rpm dpdk-devel-19.11-5.el8_2.ppc64le.rpm dpdk-devel-debuginfo-19.11-5.el8_2.ppc64le.rpm dpdk-tools-19.11-5.el8_2.ppc64le.rpm x86_64: dpdk-19.11-5.el8_2.x86_64.rpm dpdk-debuginfo-19.11-5.el8_2.x86_64.rpm dpdk-debugsource-19.11-5.el8_2.x86_64.rpm dpdk-devel-19.11-5.el8_2.x86_64.rpm dpdk-devel-debuginfo-19.11-5.el8_2.x86_64.rpm dpdk-tools-19.11-5.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2020-10725 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYH1fAtzjgjWX9erEAQgdCQ//Tcy0GQPnjycMa/QUNb9Sr65WEF3sKnmU 1YZuHpwDqfTkxau8hcBXPUqOCnzv5OTc8mA4pcbIgHMUYVRLRUfo5Qg4yehfyrDz dmzfPRyUm7Lzz/LJPU92tWzN7A+rcc2/JwBgEQQ+03q+ggrALepI1Vi/UqmwAsDK 2LfHiplnRUOzbXXY5SOPuJbpsOrKdTRpKcR/Iu9gUz8nSFD62+zSl93rVCLyl0Uj vBTUv0s5gyYkwIRY0FWIpz8eWseYimHFRv7g0xdv1Pe+ZzWmi9z7jvb8n6yuQEAt j1xO6youm+pYXcagqGGX4wF7uWwtEJyr2O2HHwWtSgzBqs3su7ulcaWH9iDZ4G5o 2Xx6E+E0HYr8zF3VSQhYPslpfYqSuYhP+e9wiHGVn13xUry1R+M+cW5Cz/fCW2il SAADkIz2xz1hnXiISm88cv3iNOyOtEbWq1nFhyIYZsPqGUZXFweYwwo6VoiOxrnT KuMpyQrUhoCcXLpFf9ALrqCBtOgB4a98TWo9JPqKNgSLJot+UlssVkWFXjdFbkgV D28jeZYsVdIPQ4wnRFICk12hJTcuyz3VCcKiHbQwEBJVRsVYBLbncCtvieSQfX4I Saaf2U20jP5lctIDfwkrJVPdKFi0mkt+p2pJ/Foj2OlV+L6i+OFIyC6cXl07IQSM 8M4guhLm4U8=2WOs -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 19, 2021
•Important
Red Hat
89
security advisoryfedoracriticalFedora 34: FEDORA-2021-ecb24e0b9d Critical: Squid 4.14 Input Validation
- Version update to 4.14 - CVE-2020-25097 fix. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-ecb24e0b9d 2021-04-06 00:14:52.001709 --------------------------------------------------------------------------------Name : squid Product : Fedora 34 Version : 4.14 Release : 1.fc34 URL : http://www.squid-cache.org Summary : The Squid proxy caching server Description : Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. --------------------------------------------------------------------------------Update Information: - Version update to 4.14 - CVE-2020-25097 fix --------------------------------------------------------------------------------ChangeLog: * Wed Mar 31 2021 Lubos Uhliarik - 7:4.14-1 - new version 4.14 - Resolves: #1939927 - CVE-2020-25097 squid: improper input validation may allow a trusted client to perform HTTP Request Smuggling --------------------------------------------------------------------------------References: [ 1 ] Bug #1939927 - CVE-2020-25097 squid: improper input validation may allow a trusted client to perform HTTP Request Smuggling [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1939927 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-ecb24e0b9d' at the command line. For moreinformation, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Apr 05, 2021
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!