Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 90 articles for you...
100

SUSE: 2025:0179-1 Important: Kernel Live Patch 4 critical issues

* bsc#1225819 * bsc#1233712 Cross-References: * CVE-2023-52752 . # Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6) Announcement ID: SUSE-SU-2025:0179-1 Release Date: 2025-01-17T19:33:43Z Rating: important References: * bsc#1225819 * bsc#1233712 Cross-References: * CVE-2023-52752 * CVE-2024-50264 CVSS scores: * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50264 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50264 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50264 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 6.4.0-150600_23_22 fixes several issues. The following security issues were fixed: * CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-> trans (bsc#1233712). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-179=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-179=1 ## Package List: * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_4-debugsource-3-150600.13.6.1 * kernel-livepatch-6_4_0-150600_23_22-default-3-150600.13.6.1 *kernel-livepatch-6_4_0-150600_23_22-default-debuginfo-3-150600.13.6.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_4-debugsource-3-150600.13.6.1 * kernel-livepatch-6_4_0-150600_23_22-default-3-150600.13.6.1 * kernel-livepatch-6_4_0-150600_23_22-default-debuginfo-3-150600.13.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-52752.html * https://www.suse.com/security/cve/CVE-2024-50264.html * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1233712 . Explore vital security enhancements for the Linux Kernel, addressing critical vulnerabilities through important updates and patching strategies.. Linux Kernel Security, Live Patching, SUSE Kernel Updates. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jan 17, 2025 Important SuSE
100

SUSE: 2024:2205-1 Important: Kernel Live Patch Critical Issues

* bsc#1218259 * bsc#1223059 Cross-References: * CVE-2023-6931 . # Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP5) Announcement ID: SUSE-SU-2024:2205-1 Rating: important References: * bsc#1218259 * bsc#1223059 Cross-References: * CVE-2023-6931 * CVE-2024-26852 CVSS scores: * CVE-2023-6931 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6931 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_39 fixes several issues. The following security issues were fixed: * CVE-2023-6931: Fixed an out of bounds write in the Performance Events subsystem when adding a new event (bsc#1218259). * CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223059). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-2205=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-2205=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_39-default-debuginfo-8-150500.2.1 * kernel-livepatch-5_14_21-150500_55_39-default-8-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_8-debugsource-8-150500.2.1 * openSUSE Leap 15.5 (ppc64le s390xx86_64) * kernel-livepatch-5_14_21-150500_55_39-default-debuginfo-8-150500.2.1 * kernel-livepatch-5_14_21-150500_55_39-default-8-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_8-debugsource-8-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-6931.html * https://www.suse.com/security/cve/CVE-2024-26852.html * https://bugzilla.suse.com/show_bug.cgi?id=1218259 * https://bugzilla.suse.com/show_bug.cgi?id=1223059 . Significant news on Linux Kernel Live Patch 8 resolves urgent vulnerabilities in SLE 15 SP5 and openSUSE Leap 15.5.. Linux Kernel Update, Security Patch, SUSE Linux Update. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 25, 2024 Important SuSE
100

SUSE: 2024:1312-1 Important: Linux Kernel Live Patch 18 Critical DoS Threat

* bsc#1218613 * bsc#1219078 * bsc#1219296 * bsc#1219432 . # Security update for the Linux Kernel (Live Patch 18 for SLE 15 SP4) Announcement ID: SUSE-SU-2024:1312-1 Rating: important References: * bsc#1218613 * bsc#1219078 * bsc#1219296 * bsc#1219432 Cross-References: * CVE-2023-42753 * CVE-2023-52340 * CVE-2024-0565 * CVE-2024-1085 CVSS scores: * CVE-2023-42753 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-42753 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52340 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-0565 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-0565 ( NVD ): 7.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2024-1085 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-1085 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_88 fixes several issues. The following security issues were fixed: * CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1219078). * CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1218613). * CVE-2024-1085: Fixed nf_tables use-after-free vulnerability in the nft_setelem_catchall_deactivate() function (bsc#1219432). * CVE-2023-52340: Fixed ICMPv6 “Packet TooBig” packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219296). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-1312=1 SUSE-2024-1313=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-1312=1 SUSE-SLE- Module-Live-Patching-15-SP4-2024-1313=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_18-debugsource-7-150400.2.1 * kernel-livepatch-5_14_21-150400_24_63-default-debuginfo-12-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_12-debugsource-12-150400.2.1 * kernel-livepatch-5_14_21-150400_24_88-default-7-150400.2.1 * kernel-livepatch-5_14_21-150400_24_63-default-12-150400.2.1 * kernel-livepatch-5_14_21-150400_24_88-default-debuginfo-7-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_18-debugsource-7-150400.2.1 * kernel-livepatch-5_14_21-150400_24_63-default-debuginfo-12-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_12-debugsource-12-150400.2.1 * kernel-livepatch-5_14_21-150400_24_88-default-7-150400.2.1 * kernel-livepatch-5_14_21-150400_24_63-default-12-150400.2.1 * kernel-livepatch-5_14_21-150400_24_88-default-debuginfo-7-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-42753.html * https://www.suse.com/security/cve/CVE-2023-52340.html * https://www.suse.com/security/cve/CVE-2024-0565.html * https://www.suse.com/security/cve/CVE-2024-1085.html * https://bugzilla.suse.com/show_bug.cgi?id=1218613 * https://bugzilla.suse.com/show_bug.cgi?id=1219078 * https://bugzilla.suse.com/show_bug.cgi?id=1219296 * https://bugzilla.suse.com/show_bug.cgi?id=1219432 . SUSE issues a security notice for Linux Kernel livepatch tackling severe vulnerabilities along with installation instructions.. Kernel Patch, Security Updates, SUSE Linux, Live Patching, Security Issues. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Apr 16, 2024 Important SuSE
100

SUSE: 2024:0986-1 Important Live Patch Fixes Critical Flaws

* bsc#1215887 * bsc#1216898 * bsc#1218487 * bsc#1218610 . # Security update for the Linux Kernel RT (Live Patch 6 for SLE 15 SP5) Announcement ID: SUSE-SU-2024:0986-1 Rating: important References: * bsc#1215887 * bsc#1216898 * bsc#1218487 * bsc#1218610 Cross-References: * CVE-2023-39191 * CVE-2023-46813 * CVE-2023-51779 * CVE-2023-6531 CVSS scores: * CVE-2023-39191 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-39191 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-46813 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-46813 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-51779 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6531 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6531 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_13_21 fixes several issues. The following security issues were fixed: * CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218487). * CVE-2023-46813: Fixed a local privilege escalation with user-space programs that have access to MMIO regions (bsc#1216898). * CVE-2023-39191: Fixed a lack of validation of dynamic pointers within user- supplied eBPF programs that may have allowed an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code.(bsc#1215863) * CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218610). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-987=1 SUSE-2024-986=1 SUSE-2024-990=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-990=1 SUSE-SLE- Module-Live-Patching-15-SP5-2024-987=1 SUSE-SLE-Module-Live- Patching-15-SP5-2024-986=1 ## Package List: * openSUSE Leap 15.5 (x86_64) * kernel-livepatch-5_14_21-150500_13_21-rt-5-150500.2.2 * kernel-livepatch-SLE15-SP5-RT_Update_6-debugsource-5-150500.2.2 * kernel-livepatch-5_14_21-150500_13_11-rt-7-150500.2.2 * kernel-livepatch-5_14_21-150500_13_18-rt-6-150500.2.2 * kernel-livepatch-SLE15-SP5-RT_Update_3-debugsource-7-150500.2.2 * kernel-livepatch-5_14_21-150500_13_21-rt-debuginfo-5-150500.2.2 * kernel-livepatch-5_14_21-150500_13_18-rt-debuginfo-6-150500.2.2 * kernel-livepatch-SLE15-SP5-RT_Update_5-debugsource-6-150500.2.2 * kernel-livepatch-5_14_21-150500_13_11-rt-debuginfo-7-150500.2.2 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-5_14_21-150500_13_21-rt-5-150500.2.2 * kernel-livepatch-SLE15-SP5-RT_Update_6-debugsource-5-150500.2.2 * kernel-livepatch-5_14_21-150500_13_11-rt-7-150500.2.2 * kernel-livepatch-5_14_21-150500_13_18-rt-6-150500.2.2 * kernel-livepatch-SLE15-SP5-RT_Update_3-debugsource-7-150500.2.2 * kernel-livepatch-5_14_21-150500_13_21-rt-debuginfo-5-150500.2.2 * kernel-livepatch-5_14_21-150500_13_18-rt-debuginfo-6-150500.2.2 * kernel-livepatch-SLE15-SP5-RT_Update_5-debugsource-6-150500.2.2 * kernel-livepatch-5_14_21-150500_13_11-rt-debuginfo-7-150500.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-39191.html *https://www.suse.com/security/cve/CVE-2023-46813.html * https://www.suse.com/security/cve/CVE-2023-51779.html * https://www.suse.com/security/cve/CVE-2023-6531.html * https://bugzilla.suse.com/show_bug.cgi?id=1215887 * https://bugzilla.suse.com/show_bug.cgi?id=1216898 * https://bugzilla.suse.com/show_bug.cgi?id=1218487 * https://bugzilla.suse.com/show_bug.cgi?id=1218610 . Latest security patch for SUSE Linux Kernel RT tackles severe vulnerabilities such as potential use-after-free exploits and privilege escalation risks.. SUSE Linux Kernel Patch, Critical Security Fix, Live Patching, Kernel Updates. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Mar 26, 2024 Important SuSE
89

Fedora 39: 2024-04877592b7 Critical Update on Rust-Vhost-User-Backend

Update rust-vmm components and their consumers to address CVE-2023-50711. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-04877592b7 2024-02-10 01:24:59.648730 -------------------------------------------------------------------------------- Name : rust-vhost-user-backend Product : Fedora 39 Version : 0.13.1 Release : 2.fc39 URL : Summary : Framework to build vhost-user backend service daemon Description : A framework to build vhost-user backend service daemon. -------------------------------------------------------------------------------- Update Information: Update rust-vmm components and their consumers to address CVE-2023-50711 -------------------------------------------------------------------------------- ChangeLog: * Sat Jan 27 2024 Fedora Release Engineering - 0.13.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Tue Jan 23 2024 Sergio Lopez - 0.13.1-1 - Update to version 0.13.1; Fixes RHBZ#2248536 * Thu Jan 11 2024 Sergio Lopez - 0.12.0-1 - Update to version 0.12.0; Fixes RHBZ#2248536 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-04877592b7' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Enhance rust-vmm modules for Fedora 39 to mitigate severe vulnerabilities efficiently.. Fedora 39,rust-vhost-user-backend,security update,rust-vmm components,critical flaw. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Feb 10, 2024 Critical Fedora
203

Mageia 9: MGASA-2024-0033 Critical: Kernel Out-of-Bounds Flaw

Upstream version 6.6.14 with many bugfixes and at least the following security fixes: An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. . MGASA-2024-0033 - Updated kernel packages fix security vulnerabilities and other bugs Publication date: 09 Feb 2024 URL: https://advisories.mageia.org/MGASA-2024-0033.html Type: security Affected Mageia releases: 9 CVE: CVE-2023-6610, CVE-2023-46838 Upstream version 6.6.14 with many bugfixes and at least the following security fixes: An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. (CVE-2023-6610) An unprivileged guest can cause Denial of Service (DoS) of the host by sending network packets to the backend, causing the backend to crash. Data corruption or privilege escalation have not been ruled out. https://xenbits.xen.org/xsa/advisory-448.html (CVE-2023-46838) References: - https://bugs.mageia.org/show_bug.cgi?id=32786 - https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6 - https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.1 - https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.2 - https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.3 - https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.4 - https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.5 - https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.6 - https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.7 - https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8 - https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.9 - https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.10 - https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.11 - https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.12 -https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.13 - https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.14 - https://xenbits.xen.org/xsa/advisory-448.html - https://www.cve.org/CVERecord?id=CVE-2023-6610 - https://www.cve.org/CVERecord?id=CVE-2023-46838 SRPMS: - 9/core/kernel-6.6.14-2.mga9 - 9/core/kmod-xtables-addons-3.24-54.mga9 - 9/core/kmod-virtualbox-7.0.14-42.mga9 - 9/core/gnome-applets-3.46.0-3.1.mga9 - 9/core/mate-applets-1.26.1-1.1.mga9 . Revised system firmware enhances safety protocols and boosts overall reliability; local faults and denial of service threats addressed.. Kernel Security Update, Mageia Fixed Issues, Linux Kernel Threat. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Feb 09, 2024 Critical Mageia
89

Fedora 38: 2024-583e4098b9 critical: zbar buffer overflow issue

0.23.93, fixes for two CVEs. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-583e4098b9 2024-01-18 01:24:42.646391 -------------------------------------------------------------------------------- Name : zbar Product : Fedora 38 Version : 0.23.93 Release : 1.fc38 URL : Summary : Bar code reader Description : ZBar Bar Code Reader is an open source software suite for reading bar codes from various sources, such as video streams, image files and raw intensity sensors. It supports EAN-13/UPC-A, UPC-E, EAN-8, Code 128, Code 93, Code 39, Codabar, Interleaved 2 of 5, QR Code and SQ Code. -------------------------------------------------------------------------------- Update Information: 0.23.93, fixes for two CVEs -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 9 2024 Gwyn Ciesla - 0.23.93-1 - 0.23.93 * Fri Jan 5 2024 Florian Weimer - 0.23.90-12 - Add missing Py_SIZE to py311.patch * Sat Jul 22 2023 Fedora Release Engineering - 0.23.90-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Fri Jul 7 2023 Michael J Gruber - 0.23.90-10 - Fix FTBFS with python 3.12 (rhbz#2220630) * Thu Jun 15 2023 Python Maint - 0.23.90-9 - Rebuilt for Python 3.12 * Wed Mar 1 2023 Gwyn Ciesla - 0.23.90-8 - migrated to SPDX license -------------------------------------------------------------------------------- References: [ 1 ] Bug #2235860 - CVE-2023-40890 zbar: stack overflow caused malicious qr code may lead to information diusclosure or arbitrary code execution. [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2235860 [ 2 ] Bug #2235863 - CVE-2023-40889 zbar: buffer overflow via crafted qr code [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2235863 [ 3 ] Bug #2257396 - Affect by CVE-2023-40889 https://bugzilla.redhat.com/show_bug.cgi?id=2257396 [ 4 ] Bug #2257428 - zbar-0.23.93 is available https://bugzilla.redhat.com/show_bug.cgi?id=2257428 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-583e4098b9' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Crucial updates released for the zbar barcode scanner address two significant security flaws. Users of Fedora 38 are urged to promptly apply these updates.. Fedora 38, zbar, security patch, severe flaw, buffer overflow. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jan 18, 2024 Critical Fedora
203

Mageia 9 MGASA-2023-0456 critical: xrdp buffer overflow vulnerability

The updated packages fix a security vulnerability Access to the font glyphs in xrdp_painter.c is not bounds-checked. Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows . MGASA-2023-0334 - Updated xrdp packages fix security vulnerability Publication date: 01 Dec 2023 URL: https://advisories.mageia.org/MGASA-2023-0334.html Type: security Affected Mageia releases: 9 CVE: CVE-2023-42822 The updated packages fix a security vulnerability Access to the font glyphs in xrdp_painter.c is not bounds-checked. Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows an out-of-bounds read within a potentially privileged process. On non-Debian platforms, xrdp tends to run as root. Potentially an out-of-bounds write can follow the out-of-bounds read. There is no denial-of-service impact, providing xrdp is running in forking mode. (CVE-2023-42822) References: - https://bugs.mageia.org/show_bug.cgi?id=32575 - https://lwn.net/Articles/952920/ - https://www.cve.org/CVERecord?id=CVE-2023-42822 SRPMS: - 9/core/xrdp-0.9.23.1-1.mga9 . Revised xrdp software in Mageia 9 addresses a significant security flaw that permits out-of-bounds access, affecting operational processes.. xrdp security update,Mageia 9 advisory,out-of-bounds read exploit. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Dec 01, 2023 Critical Mageia
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200