Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 4 articles for you...
100
security advisorymoderatecurl securitySUSE: 2023:806-1 Moderate: BCI/Dotnet-SDK Security Update
The container bci/dotnet-sdk was updated. The following patches have been included in this update:. SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:806-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-10.9 , bci/dotnet-sdk:7.0.4 , bci/dotnet-sdk:7.0.4-10.9 , bci/dotnet-sdk:latest Container Release : 10.9 Severity : moderate Type : security References : 1209209 1209210 1209211 1209212 1209214 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1582-1 Released: Mon Mar 27 10:31:52 2023 Summary: Security update for curl Type: security Severity: moderate References: 1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). The following package changes have been done: - libcurl4-7.79.1-150400.5.18.1 updated - container:sles15-image-15.0.0-27.14.43 updated . Enhanced security patch announcements and advisory details for BCI/Dotnet SDK released for SUSE clientele.. bci/dotnet-sdk Update, SUSE Container Advisory, Curl Security Fixes. . LinuxSecurity.com Team
Mar 28, 2023
SuSE
100
security advisorycriticalsuseSUSE: 2022:2772-1 Important: Updates for Container Security Issues
The container suse/sle15 was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2772-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.8 , suse/sle15:15.4 , suse/sle15:15.4.27.14.8 Container Release : 27.14.8 Severity : critical Type : security References : 1194047 1203911 1204383 1204386 1204397 1204690 CVE-2021-46848 CVE-2022-32221 CVE-2022-42916 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3781-1 Released: Wed Oct 26 17:50:44 2022 Summary: Security update for container-suseconnect Type: security Severity: moderate References: 1204397 This update of container-suseconnect is a rebuilt of the previous sources against the current security updated go compiler. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3784-1 Released: Wed Oct 26 18:03:28 2022 Summary: Security update for libtasn1 Type: security Severity: critical References: 1204690,CVE-2021-46848 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN(bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) The following package changes have been done: - container-suseconnect-2.3.0-150000.4.19.2 updated - curl-7.79.1-150400.5.9.1 updated - libcurl4-7.79.1-150400.5.9.1 updated - libtasn1-6-4.13-150000.4.8.1 updated - libtasn1-4.13-150000.4.8.1 updated - permissions-20201225-150400.5.16.1 updated . SUSE Container Update Notice: suse/sle15 offers vital security enhancements for a range of elements and fixes.. SUSE Container Update,Critical Security Fixes,SUSE Patches,Curl Security Fix,LibTasn1 Update. . Severity: Critical. LinuxSecurity.com Team
Oct 28, 2022
•Critical
SuSE
100
security advisoryimportantcurl securitySUSE: 2022:2751-1 Important: bci/dotnet-runtime Security Update
The container bci/dotnet-runtime was updated. The following patches have been included in this update:. SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2751-1 Container Tags : bci/dotnet-runtime:3.1 , bci/dotnet-runtime:3.1-48.11 , bci/dotnet-runtime:3.1.30 , bci/dotnet-runtime:3.1.30-48.11 Container Release : 48.11 Severity : important Type : security References : 1194047 1203911 1204383 1204386 CVE-2022-32221 CVE-2022-42916 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) The following package changes have been done: - libcurl4-7.79.1-150400.5.9.1 updated - permissions-20201225-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.7 updated . This release outlines critical fixes for the bci/dotnet-runtime container provided by SUSE, focusing on significant vulnerabilities.. SUSE container update, dotnet-runtimesecurity, important patches. . Severity: Important. LinuxSecurity.com Team
Oct 28, 2022
•Important
SuSE
100
security advisorybuffer overflowimportantSUSE: 2022:2067-1 Important: bci/python Update Addressing Security Issues
The container bci/python was updated. The following patches have been included in this update:. SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2067-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-28.18 Container Release : 28.18 Severity : important Type : security References : 1197178 1198731 1202175 1202593 CVE-2022-35252 CVE-2022-37434 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2947-1 Released: Wed Aug 31 09:16:21 2022 Summary: Security update for zlib Type: security Severity: important References: 1202175,CVE-2022-37434 This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2977-1 Released: Thu Sep 1 12:30:19 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1197178,1198731 This update for util-linux fixes the following issues: - agetty: Resolve tty name even if stdin is specified (bsc#1197178) - libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3003-1 Released: Fri Sep 2 15:01:44 2022 Summary: Security update for curl Type: security Severity: low References: 1202593,CVE-2022-35252 This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service(bsc#1202593). The following package changes have been done: - libuuid1-2.37.2-150400.8.3.1 updated - libsmartcols1-2.37.2-150400.8.3.1 updated - libblkid1-2.37.2-150400.8.3.1 updated - libfdisk1-2.37.2-150400.8.3.1 updated - libz1-1.2.11-150000.3.33.1 updated - libmount1-2.37.2-150400.8.3.1 updated - libcurl4-7.79.1-150400.5.6.1 updated - util-linux-2.37.2-150400.8.3.1 updated - curl-7.79.1-150400.5.6.1 updated - container:sles15-image-15.0.0-27.11.18 updated . Keep informed about the latest SUSE's bci/python container revisions focusing on vital security concerns and critical updates.. Container Security Updates, bci/python Patches, SUSE Advisories. . Severity: Important. LinuxSecurity.com Team
Sep 07, 2022
•Important
SuSE
100
security advisoryimportantpatch informationSUSE: 2022:1422-1 important: bci/dotnet-runtime security issues
The container bci/dotnet-runtime was updated. The following patches have been included in this update:. SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1422-1 Container Tags : bci/dotnet-runtime:3.1 , bci/dotnet-runtime:3.1-15.9 , bci/dotnet-runtime:3.1.26 , bci/dotnet-runtime:3.1.26-15.9 Container Release : 15.9 Severity : important Type : security References : 1185637 1199166 1200550 1200734 1200735 1200736 1200737 1201099 CVE-2022-1292 CVE-2022-2068 CVE-2022-2097 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2305-1 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Type: security Severity: important References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2308-1 Released: Wed Jul 6 14:15:13 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues inc_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.7.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.7.1 updated - libcurl4-7.79.1-150400.5.3.1 updated - container:sles15-image-15.0.0-27.8.3 updated . SUSE Container Update Announcement provides information on updates for bci/dotnet-runtime, highlighting critical security fixes and links to the relevant vulnerability documentation.. bci/dotnet-runtime update, container security, SUSE patch information. . Severity: Important. LinuxSecurity.com Team
Jul 07, 2022
•Important
SuSE
100
security advisoryimportantsecurity patchSUSE: 2022:1074-1 Important: bci/dotnet-runtime Security Advisory
The container bci/dotnet-runtime was updated. The following patches have been included in this update:. SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1074-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-17.7 , bci/dotnet-runtime:6.0.5 , bci/dotnet-runtime:6.0.5-17.7 , bci/dotnet-runtime:latest Container Release : 17.7 Severity : important Type : security References : 1197771 1197794 1198446 1198614 1198723 1198766 1199240 CVE-2022-1304 CVE-2022-22576 CVE-2022-27775 CVE-2022-27776 CVE-2022-29155 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1657-1 Released: Fri May 13 15:39:07 2022 Summary: Security update for curl Type: security Severity: moderate References: 1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776 This update for curl fixes the following issues: - CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766) - CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723) - CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 Thisupdate for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1670-1 Released: Mon May 16 10:06:30 2022 Summary: Security update for openldap2 Type: security Severity: important References: 1199240,CVE-2022-29155 This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1688-1 Released: Mon May 16 14:02:49 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) The following package changes have been done: - libldap-data-2.4.46-150200.14.8.1 updated - libcom_err2-1.43.8-150000.4.33.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - libldap-2_4-2-2.4.46-150200.14.8.1 updated - libcurl4-7.66.0-150200.4.30.1 updated - pam-1.3.0-150000.6.58.3 updated - container:sles15-image-15.0.0-17.14.16 updated . SUSE Container Security Announcement: bci/python-runtime Security Update tackling various vulnerabilities and enhancements.. SUSE Container Security, dotnet-runtime Update, Important Security Advisory. . Severity: Important. LinuxSecurity.com Team
May 18, 2022
•Important
SuSE
100
security advisoryimportantSUSESUSE: 2022:999-1 Important: bci/bci-init Security Update Details
The container bci/bci-init was updated. The following patches have been included in this update:. SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:999-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.14.19 , bci/bci-init:latest Container Release : 14.19 Severity : important Type : security References : 1197771 1197794 1198614 1198723 1198766 CVE-2022-22576 CVE-2022-27775 CVE-2022-27776 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1657-1 Released: Fri May 13 15:39:07 2022 Summary: Security update for curl Type: security Severity: moderate References: 1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776 This update for curl fixes the following issues: - CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766) - CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723) - CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) The following package changes have beendone: - libcurl4-7.66.0-150200.4.30.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - pam-1.3.0-150000.6.58.3 updated - container:sles15-image-15.0.0-17.14.12 updated . SUSE Container Update Notice regarding bci/bci-init encompasses significant enhancements aimed at security vulnerabilities and patch specifications.. SUSE Container, bci-init, security update, important fixes, curl security. . Severity: Important. LinuxSecurity.com Team
May 14, 2022
•Important
SuSE
100
security advisorysecurity fixsuseSUSE: 2021:282-1 Important Security Update for suse/sle15 Container
The container suse/sle15 was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:282-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.17.5.23 Container Release : 17.5.23 Severity : important Type : security References : 1040589 1047218 1099521 1157818 1158812 1158958 1158959 1158960 1159491 1159715 1159847 1159850 1160309 1160438 1160439 1164719 1172091 1172115 1172234 1172236 1172240 1173641 1175448 1175449 1182604 1185540 1185807 1185828 1185958 1186049 1186411 1186447 1186503 1186791 1187154 1187210 1187212 1187292 1188063 1188217 1188218 1188219 1188220 928700 928701 CVE-2015-3414 CVE-2015-3415 CVE-2019-19244 CVE-2019-19317 CVE-2019-19603 CVE-2019-19645 CVE-2019-19646 CVE-2019-19880 CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19926 CVE-2019-19959 CVE-2019-20218 CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-15358 CVE-2020-24370 CVE-2020-24371 CVE-2020-9327 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 CVE-2021-33560 CVE-2021-33910 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2157-1 Released: Thu Jun 24 15:40:14 2021 Summary: Security update for libgcrypt Type: security Severity: important References: 1187212,CVE-2021-33560 This update for libgcrypt fixes the following issues: - CVE-2021-33560: Fixed a side-channel against ElGamal encryption, causedby missing exponent blinding (bsc#1187212). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2173-1 Released: Mon Jun 28 14:59:45 2021 Summary: Recommended update for automake Type: recommended Severity: moderate References: 1040589,1047218,1182604,1185540,1186049 This update for automake fixes the following issues: - Implement generated autoconf makefiles reproducible (bsc#1182604) - Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848) - Avoid bashisms in test-driver script. (bsc#1185540) This update for pcre fixes the following issues: - Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589) This update for brp-check-suse fixes the following issues: - Add fixes to support reproducible builds. (bsc#1186049) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2191-1 Released: Mon Jun 28 18:38:13 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1186791 This update for patterns-microos provides the following fix: - Add zypper-migration-plugin to the default pattern. (bsc#1186791) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2196-1 Released: Tue Jun 29 09:41:39 2021 Summary: Security update for lua53 Type: security Severity: moderate References: 1175448,1175449,CVE-2020-24370,CVE-2020-24371 This update for lua53 fixes the following issues: Update to version 5.3.6: - CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449) - CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448) - Long brackets with a huge number of '=' overflow some internal buffer arithmetic. ----------------------------------------------------------------- Advisory ID:SUSE-RU-2021:2205-1 Released: Wed Jun 30 09:17:41 2021 Summary: Recommended update for openldap2 Type: recommended Severity: important References: 1187210 This update for openldap2 fixes the following issues: - Resolve issues in the idle / connection 'TTL' timeout implementation in OpenLDAP. (bsc#1187210) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2273-1 Released: Thu Jul 8 09:48:48 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1186447,1186503 This update for libzypp, zypper fixes the following issues: - Enhance XML output of repo GPG options - Add optional attributes showing the raw values actually present in the '.repo' file. - Link all executables with -PIE (bsc#1186447) - Ship an empty '/etc/zypp/needreboot' per default (jsc#PM-2645) - Add 'Solvable::isBlacklisted' as superset of retracted and ptf packages (bsc#1186503) - Fix segv if 'ZYPP_FULLOG' is set. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2316-1 Released: Wed Jul 14 13:49:55 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1185807,1185828,1185958,1186411,1187154,1187292 This update for systemd fixes the following issues: - Restore framebuffer devices as possible master of seat. Until simpledrm driver is released, this change is prematured as some graphical chips don't have DRM driver and fallback to framebuffer. (bsc#1187154) - Fixed an issue when '/var/lock/subsys' dropped when the creation of 'filesystem' package took the initialization of the generic paths over. (bsc#1187292) - 'udev' requires systemd in its %post (bsc#1185958) nspawn: turn on higher optimization level in seccomp nspawn: return ENOSYS by default, EPERM for 'known' calls (bsc#1186411) shared/seccomp-util: added functionality to make list of filtred syscalls hared/syscall-list: filter out some obviouslyplatform-specific syscalls shared/seccomp: reduce scope of indexing variables generate-syscall-list: require python3 shared: add @known syscall list meson: add syscall-names-update target shared/seccomp: use _cleanup_ in one more place home: fix homed.conf install location - We need to make sure that the creation of the symlinks is done after updating udev DB so if worker A is preempted by worker B before A updates the DB but after it creates the symlinks, worker B won't manage to overwrite the freshly created symlinks (by A) because A has still yet not registered the symlinks in the DB. (bsc#1185828) - Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2320-1 Released: Wed Jul 14 17:01:06 2021 Summary: Security update for sqlite3 Type: security Severity: important References: 1157818,1158812,1158958,1158959,1158960,1159491,1159715,1159847,1159850,1160309,1160438,1160439,1164719,1172091,1172115,1172234,1172236,1172240,1173641,928700,928701,CVE-2015-3414,CVE-2015-3415,CVE-2019-19244,CVE-2019-19317,CVE-2019-19603,CVE-2019-19645,CVE-2019-19646,CVE-2019-19880,CVE-2019-19923,CVE-2019-19924,CVE-2019-19925,CVE-2019-19926,CVE-2019-19959,CVE-2019-20218,CVE-2020-13434,CVE-2020-13435,CVE-2020-13630,CVE-2020-13631,CVE-2020-13632,CVE-2020-15358,CVE-2020-9327 This update for sqlite3 fixes the following issues: - Update to version 3.36.0 - CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization (bsc#1173641) - CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator (bsc#1164719) - CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439) - CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438) - CVE-2019-19923: improperhandling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference (bsc#1160309) - CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850) - CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847) - CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c (bsc#1159715) - CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference (bsc#1159491) - CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name (bsc#1158960) - CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns (bsc#1158959) - CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements (bsc#1158958) - CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service (bsc#1158812) - CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818) - CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701) - CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700) - CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115) - CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow - CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236) - CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240) - CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite(bsc#1172091) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2399-1 Released: Mon Jul 19 19:06:22 2021 Summary: Recommended update for release packages Type: recommended Severity: moderate References: 1099521 This update for the release packages provides the following fix: - Fix grub menu entries after migration from SLE-12*. (bsc#1099521) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2410-1 Released: Tue Jul 20 14:41:26 2021 Summary: Security update for systemd Type: security Severity: important References: 1188063,CVE-2021-33910 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed a denial of service (stack exhaustion) in systemd (PID 1) (bsc#1188063) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2439-1 Released: Wed Jul 21 13:46:48 2021 Summary: Security update for curl Type: security Severity: moderate References: 1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925 This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) . The latest releases for container ubuntu/focal serve to implement fixes related to critical vulnerabilities and key bug fixes.. Container Update,SUSE Security Patch,Systemd Security Fix,Curl Vulnerability. . Severity: Important. LinuxSecurity.com Team
Aug 07, 2021
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!