Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 6 articles for you...
100
security advisorySuSEimportantSUSE Linux 15 SP6 Kernel Update Important CVE-2026-31431 Security Flaw
An update that solves one vulnerability can now be installed.. # Security update for the Linux Kernel (Live Patch 22 for SUSE Linux Enterprise 15 SP6) Announcement ID: SUSE-SU-2026:1736-1 Release Date: 2026-05-07T02:35:14Z Rating: important References: * bsc#1263689 Cross-References: * CVE-2026-31431 CVSS scores: * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 6.4.0-150600.23.95 fixes one security issue The following security issue was fixed: * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1737=1 SUSE-SLE- Module-Live-Patching-15-SP4-2026-1736=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1730=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1730=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1736=1SUSE-2026-1737=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_197-default-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_197-default-debuginfo-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_200-default-2-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_50-debugsource-2-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_49-debugsource-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_200-default-debuginfo-2-150400.2.1 * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_95-default-debuginfo-2-150600.2.1 * kernel-livepatch-6_4_0-150600_23_95-default-2-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_22-debugsource-2-150600.2.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_95-default-debuginfo-2-150600.2.1 * kernel-livepatch-6_4_0-150600_23_95-default-2-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_22-debugsource-2-150600.2.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_197-default-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_197-default-debuginfo-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_200-default-2-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_50-debugsource-2-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_49-debugsource-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_200-default-debuginfo-2-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1263689 . SUSE Linux kernel update addresses important security issue CVE-2026-31431 on multiple distributions. Immediate action advised.. SUSE Linux Kernel Update, Critical Security Patch, Kernel Live Patching, CVE-2026-31431. . Severity: Important. LinuxSecurity.com Team
May 07, 2026
•Important
SuSE
100
security advisorySuSEpatchSUSE Linux Micro 6.0 Important Kernel Crypto Issue Vuln 2026-21494-1
An update that solves one vulnerability can now be installed.. # Security update for the Linux Kernel (Live Patch 18 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21494-1 Release Date: 2026-05-05T12:51:00Z Rating: important References: * bsc#1263689 Cross-References: * CVE-2026-31431 CVSS scores: * CVE-2026-31431 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31431 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-41.1 fixes one security issue The following security issue was fixed: * CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-373=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-41-default-2-1.1 * kernel-livepatch-MICRO-6-0_Update_18-debugsource-2-1.1 * kernel-livepatch-6_4_0-41-default-debuginfo-2-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31431.html * https://bugzilla.suse.com/show_bug.cgi?id=1263689 . Critical update for SUSE Linux Micro addresses important crypto issue needing immediate attention and installation. SUSE Linux Micro kernel patch important crypto issue. . Severity: Important. LinuxSecurity.com Team
May 07, 2026
•Important
SuSE
219
security advisorydenial of serviceimportantUbuntu 22 git-ftp Important Security Patch RLSB-2023-5891
Important: git-lfs security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:3928", "synopsis": "Important: git-lfs security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for git-lfs.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.\n\nSecurity Fix(es):\n\n* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)\n\n* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2418462", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "description": ""}, {"ticket": "2434432", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "description": ""}, {"ticket": "2437111", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "description": ""}], "cves": [{"name": "CVE-2025-61726", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-61726", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-770"}, {"name": "CVE-2025-61729", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-61729", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore":"7.5", "cwe": "CWE-1050"}, {"name": "CVE-2025-68121", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-68121", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "cvss3BaseScore": "7.4", "cwe": null}], "references": [], "publishedAt": "2026-03-06T12:03:43.669647Z", "rpms": {"Rocky Linux 9": {"nvras": ["git-lfs-0:3.6.1-7.el9_7.aarch64.rpm", "git-lfs-0:3.6.1-7.el9_7.ppc64le.rpm", "git-lfs-0:3.6.1-7.el9_7.s390x.rpm", "git-lfs-0:3.6.1-7.el9_7.src.rpm", "git-lfs-0:3.6.1-7.el9_7.x86_64.rpm", "git-lfs-debuginfo-0:3.6.1-7.el9_7.aarch64.rpm", "git-lfs-debuginfo-0:3.6.1-7.el9_7.ppc64le.rpm", "git-lfs-debuginfo-0:3.6.1-7.el9_7.s390x.rpm", "git-lfs-debuginfo-0:3.6.1-7.el9_7.x86_64.rpm", "git-lfs-debugsource-0:3.6.1-7.el9_7.aarch64.rpm", "git-lfs-debugsource-0:3.6.1-7.el9_7.ppc64le.rpm", "git-lfs-debugsource-0:3.6.1-7.el9_7.s390x.rpm", "git-lfs-debugsource-0:3.6.1-7.el9_7.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Important git-lfs security update for Rocky Linux 9 helps address various substantial security issues affecting applications.. Rocky Linux Git LFS Update Security. . Severity: Important. LinuxSecurity.com Team
Mar 06, 2026
•Important
Rocky Linux
87
security advisorycriticalcrypto issueDebian Bookworm: Libsodium Critical Crypto Core Integrity Issue DSA-6094-1
It was discovered that the crypto_core_ed25519_is_valid_point() function of the Sodium cryptography library mishandled checks for valid elliptic curve points. For the oldstable distribution (bookworm), this problem has been fixed in version 1.0.18-1+deb12u1.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6094-1
Jan 05, 2026
•Critical
Debian
100
security advisorymoderateSUSESUSE: 2025:1555-1 moderate: go1.22-openssl security issues and fixes
* bsc#1218424 * bsc#1236045 * bsc#1236046 * bsc#1236801 * jsc#SLE-18320 . # Security update for go1.22-openssl Announcement ID: SUSE-SU-2025:1555-1 Release Date: 2025-05-15T05:06:07Z Rating: moderate References: * bsc#1218424 * bsc#1236045 * bsc#1236046 * bsc#1236801 * jsc#SLE-18320 Cross-References: * CVE-2024-45336 * CVE-2024-45341 * CVE-2025-22866 CVSS scores: * CVE-2024-45336 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-45336 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2024-45341 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2024-45341 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2025-22866 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-22866 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-22866 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves three vulnerabilities, contains onefeature and has one security fix can now be installed. ## Description: This update for go1.22-openssl fixes the following issues: Update to version 1.22.12 (bsc#1218424): Security fixes: * CVE-2024-45336: net/http: sensitive headers incorrectly sent after cross- domain redirect (bsc#1236046) * CVE-2024-45341: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints (bsc#1236045) * CVE-2025-22866: crypto/internal/fips140/nistec: p256NegCond is variable time on ppc64le (bsc#1236801) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1555=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1555=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1555=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1555=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1555=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1555=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1555=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1555=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1555=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1555=1 * SUSE LinuxEnterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1555=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-1555=1 ## Package List: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * go1.22-openssl-race-1.22.12-150000.1.12.1 * go1.22-openssl-debuginfo-1.22.12-150000.1.12.1 * go1.22-openssl-doc-1.22.12-150000.1.12.1 * go1.22-openssl-1.22.12-150000.1.12.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * go1.22-openssl-race-1.22.12-150000.1.12.1 * go1.22-openssl-debuginfo-1.22.12-150000.1.12.1 * go1.22-openssl-doc-1.22.12-150000.1.12.1 * go1.22-openssl-1.22.12-150000.1.12.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * go1.22-openssl-race-1.22.12-150000.1.12.1 * go1.22-openssl-debuginfo-1.22.12-150000.1.12.1 * go1.22-openssl-doc-1.22.12-150000.1.12.1 * go1.22-openssl-1.22.12-150000.1.12.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * go1.22-openssl-race-1.22.12-150000.1.12.1 * go1.22-openssl-debuginfo-1.22.12-150000.1.12.1 * go1.22-openssl-doc-1.22.12-150000.1.12.1 * go1.22-openssl-1.22.12-150000.1.12.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * go1.22-openssl-race-1.22.12-150000.1.12.1 * go1.22-openssl-debuginfo-1.22.12-150000.1.12.1 * go1.22-openssl-doc-1.22.12-150000.1.12.1 * go1.22-openssl-1.22.12-150000.1.12.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * go1.22-openssl-race-1.22.12-150000.1.12.1 * go1.22-openssl-debuginfo-1.22.12-150000.1.12.1 * go1.22-openssl-doc-1.22.12-150000.1.12.1 * go1.22-openssl-1.22.12-150000.1.12.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * go1.22-openssl-race-1.22.12-150000.1.12.1 *go1.22-openssl-debuginfo-1.22.12-150000.1.12.1 * go1.22-openssl-doc-1.22.12-150000.1.12.1 * go1.22-openssl-1.22.12-150000.1.12.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * go1.22-openssl-race-1.22.12-150000.1.12.1 * go1.22-openssl-debuginfo-1.22.12-150000.1.12.1 * go1.22-openssl-doc-1.22.12-150000.1.12.1 * go1.22-openssl-1.22.12-150000.1.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * go1.22-openssl-race-1.22.12-150000.1.12.1 * go1.22-openssl-debuginfo-1.22.12-150000.1.12.1 * go1.22-openssl-doc-1.22.12-150000.1.12.1 * go1.22-openssl-1.22.12-150000.1.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * go1.22-openssl-race-1.22.12-150000.1.12.1 * go1.22-openssl-debuginfo-1.22.12-150000.1.12.1 * go1.22-openssl-doc-1.22.12-150000.1.12.1 * go1.22-openssl-1.22.12-150000.1.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * go1.22-openssl-race-1.22.12-150000.1.12.1 * go1.22-openssl-debuginfo-1.22.12-150000.1.12.1 * go1.22-openssl-doc-1.22.12-150000.1.12.1 * go1.22-openssl-1.22.12-150000.1.12.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * go1.22-openssl-race-1.22.12-150000.1.12.1 * go1.22-openssl-debuginfo-1.22.12-150000.1.12.1 * go1.22-openssl-doc-1.22.12-150000.1.12.1 * go1.22-openssl-1.22.12-150000.1.12.1 ## References: * https://www.suse.com/security/cve/CVE-2024-45336.html * https://www.suse.com/security/cve/CVE-2024-45341.html * https://www.suse.com/security/cve/CVE-2025-22866.html * https://bugzilla.suse.com/show_bug.cgi?id=1218424 * https://bugzilla.suse.com/show_bug.cgi?id=1236045 * https://bugzilla.suse.com/show_bug.cgi?id=1236046 * https://bugzilla.suse.com/show_bug.cgi?id=1236801 * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FSLE-18320&page_caps=&user_role= . Safety enhancement for go1.22-openssl resolves issues in SUSEvariants with comprehensive guidance on patching.. SUSE Security Update, go1.22-openssl, Moderate Severity Issues, Linux Security Patch. . LinuxSecurity.com Team
May 15, 2025
SuSE
89
security advisoryfedorasecurity fixFedora 37: FEDORA-2023-cb20f08a4e moderate: gh golang-crypto Fix
Update `gh` to 2.27.0. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-cb20f08a4e 2023-04-20 02:53:04.598539 --------------------------------------------------------------------------------Name : golang-github-cli-crypto Product : Fedora 37 Version : 0 Release : 0.2.20230331git6be313f.fc37 URL : Summary : GitHub's golang-crypto fork required for gh Description : GitHub's golang-crypto fork required for gh. --------------------------------------------------------------------------------Update Information: Update `gh` to 2.27.0 --------------------------------------------------------------------------------ChangeLog: * Mon Apr 3 2023 Mikel Olasagasti Uranga - 0-0.2 - Fix noarch build - Closes rhbz#2183701 * Mon Apr 3 2023 Mikel Olasagasti Uranga - 0-0.1 - Initial package - Closes rhbz#2183701 --------------------------------------------------------------------------------References: [ 1 ] Bug #2175969 - gh codespace ssh fails to connect https://bugzilla.redhat.com/show_bug.cgi?id=2175969 [ 2 ] Bug #2178433 - CVE-2022-41723 gh: golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2178433 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-cb20f08a4e' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list
Apr 20, 2023
Fedora
89
security advisorymoderatefedoraFedora 38: FEDORA-2023-8ee7d4a8e3 Moderate: Go Crypto Issue
go1.20.2 (released 2023-03-07) includes a security fix to the crypto/elliptic package, as well as bug fixes to the compiler, the covdata command, the linker, the runtime, and the crypto/ecdh, crypto/rsa, crypto/x509, os, and syscall packages. See the [Go 1.20.2 milestone on the upstream issue](https://go.dev/doc/devel/release#go1.20.2) tracker for details.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-8ee7d4a8e3 2023-04-04 00:16:16.774824 --------------------------------------------------------------------------------Name : golang Product : Fedora 38 Version : 1.20.2 Release : 1.fc38 URL : https://go.dev Summary : The Go Programming Language Description : The Go Programming Language. --------------------------------------------------------------------------------Update Information: go1.20.2 (released 2023-03-07) includes a security fix to the crypto/elliptic package, as well as bug fixes to the compiler, the covdata command, the linker, the runtime, and the crypto/ecdh, crypto/rsa, crypto/x509, os, and syscall packages. See the [Go 1.20.2 milestone on the upstream issue](https://go.dev/doc/devel/release#go1.20.2) tracker for details. --------------------------------------------------------------------------------ChangeLog: * Thu Mar 23 2023 Bradley G Smith - 1.20.2-1 - Update to go1.20.2 - Resolves: rhbz#2176528, in part --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-8ee7d4a8e3' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Apr 04, 2023
•Important
Fedora
202
security advisoryaccess controlimportantopenSUSE Leap 15.4: 2022:0723-1 Important: Go1.17 Access Control Issue
An update that solves three vulnerabilities and has one errata is now available. . openSUSE Security Update: Security update for go1.17 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0723-1 Rating: important References: #1190649 #1195834 #1195835 #1195838 Cross-References: CVE-2022-23772 CVE-2022-23773 CVE-2022-23806 CVSS scores: CVE-2022-23772 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-23772 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-23773 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-23773 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N CVE-2022-23806 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2022-23806 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for go1.17 fixes the following issues: - CVE-2022-23806: Fixed incorrect returned value in crypto/elliptic IsOnCurve (bsc#1195838). - CVE-2022-23772: Fixed overflow in Rat.SetString in math/big can lead to uncontrolled memory consumption (bsc#1195835). - CVE-2022-23773: Fixed incorrect access control in cmd/go (bsc#1195834). The following non-security bugs were fixed: - go#50978 crypto/elliptic: IsOnCurve returns true for invalid field elements - go#50701 math/big: Rat.SetString may consume large amount of RAM and crash - go#50687 cmd/go: do not treat branches with semantic-version names as releases - go#50942 cmd/asm: "compile: loop" compiler bug? - go#50867 cmd/compile: incorrect useof CMN on arm64 - go#50812 cmd/go: remove bitbucket VCS probing - go#50781 runtime: incorrect frame information in traceback traversal may hang the process. - go#50722 debug/pe: reading debug_info section of PE files that use the DWARF5 form DW_FORM_line_strp causes error - go#50683 cmd/compile: MOVWreg missing sign-extension following a Copy from a floating-point LoadReg - go#50586 net/http/httptest: add fipsonly compliant certificate in for NewTLSServer(), for dev.boringcrypto branch - go#50297 cmd/link: does not set section type of .init_array correctly - go#50246 runtime: intermittent os/exec.Command.Start() Hang on Darwin in Presence of "plugin" Package Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-723=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-723=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): go1.17-1.17.7-1.20.1 go1.17-doc-1.17.7-1.20.1 - openSUSE Leap 15.4 (aarch64 x86_64): go1.17-race-1.17.7-1.20.1 - openSUSE Leap 15.3 (aarch64 i586 ppc64le s390x x86_64): go1.17-1.17.7-1.20.1 go1.17-doc-1.17.7-1.20.1 - openSUSE Leap 15.3 (aarch64 x86_64): go1.17-race-1.17.7-1.20.1 References: https://www.suse.com/security/cve/CVE-2022-23772.html https://www.suse.com/security/cve/CVE-2022-23773.html https://www.suse.com/security/cve/CVE-2022-23806.html https://bugzilla.suse.com/1190649 https://bugzilla.suse.com/1195834 https://bugzilla.suse.com/1195835 https://bugzilla.suse.com/1195838 . openSUSE releases a critical patch for go1.17 tackling various security flaws and enhancing performance.. openSUSE Update, go1.17 Patch, Important Security Fix. . Severity: Important. LinuxSecurity.comTeam
Mar 04, 2022
•Important
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!