Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 17 articles for you...
100

SUSE Linux Micro 6.2 Important Update 2026-20550-1 Denial of Service

An update that solves three vulnerabilities can now be installed.. # Security update for containerized-data-importer Announcement ID: SUSE-SU-2026:20550-1 Release Date: 2026-02-26T16:03:48Z Rating: important References: * bsc#1235204 * bsc#1235365 * bsc#1239205 Cross-References: * CVE-2024-28180 * CVE-2024-45338 * CVE-2025-22868 CVSS scores: * CVE-2024-28180 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-28180 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-28180 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-45338 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-45338 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45338 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-22868 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-22868 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-22868 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves three vulnerabilities can now be installed. ## Description: This update for containerized-data-importer fixes the following issues: Update to version 1.64.0. Security issues fixed: * CVE-2024-28180: improper handling of highly compressed data (bsc#1235204). * CVE-2024-45338: denial of service due to non-linear parsing of case- insensitive content (bsc#1235365). * CVE-2025-22868: unexpected memory consumption during token parsing in golang.org/x/oauth2 (bsc#1239205). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-317=1 ## Package List: * SUSE Linux Micro6.2 (x86_64) * containerized-data-importer-manifests-1.64.0-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2024-28180.html * https://www.suse.com/security/cve/CVE-2024-45338.html * https://www.suse.com/security/cve/CVE-2025-22868.html * https://bugzilla.suse.com/show_bug.cgi?id=1235204 * https://bugzilla.suse.com/show_bug.cgi?id=1235365 * https://bugzilla.suse.com/show_bug.cgi?id=1239205 . Critical update addresses three security issues in containerized-data-importer for SUSE Linux Micro 6.2.. SUSE Linux Micro, containerized-data-importer, security update, data handling. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Mar 05, 2026 Important SuSE
202

Critical Memory Vulnerability in openSUSE Leap 17 0 Data Importer DoS Risk

An update that solves 3 vulnerabilities and has 3 bug fixes can now be installed.. openSUSE security update: security update for containerized-data-importer ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20279-1 Rating: important References: * bsc#1235204 * bsc#1235365 * bsc#1239205 Cross-References: * CVE-2024-28180 * CVE-2024-45338 * CVE-2025-22868 CVSS scores: * CVE-2024-28180 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-28180 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-45338 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45338 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-22868 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-22868 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 3 vulnerabilities and has 3 bug fixes can now be installed. Description: This update for containerized-data-importer fixes the following issues: Update to version 1.64.0. Security issues fixed: - CVE-2024-28180: improper handling of highly compressed data (bsc#1235204). - CVE-2024-45338: denial of service due to non-linear parsing of case-insensitive content (bsc#1235365). - CVE-2025-22868: unexpected memory consumption during token parsing in golang.org/x/oauth2 (bsc#1239205). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-317=1 Package List: - openSUSE Leap 16.0: containerized-data-importer-api-1.64.0-160000.1.1 containerized-data-importer-cloner-1.64.0-160000.1.1 containerized-data-importer-controller-1.64.0-160000.1.1 containerized-data-importer-importer-1.64.0-160000.1.1 containerized-data-importer-manifests-1.64.0-160000.1.1 containerized-data-importer-operator-1.64.0-160000.1.1 containerized-data-importer-uploadproxy-1.64.0-160000.1.1 containerized-data-importer-uploadserver-1.64.0-160000.1.1 obs-service-cdi_containers_meta-1.64.0-160000.1.1 References: * https://www.suse.com/security/cve/CVE-2024-28180.html * https://www.suse.com/security/cve/CVE-2024-45338.html * https://www.suse.com/security/cve/CVE-2025-22868.html . Solve three key vulnerabilities in openSUSE with containerized-data-importer update to enhance system performance and security.. openSUSE containerized-data-importer security patch. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Feb 28, 2026 Important OpenSUSE
100

SUSE: kernel-livepatch Important Fix for CVE-2025-38500, 38616

* bsc#1248672 * bsc#1249537 Cross-References: * CVE-2025-38500 . # Security update for kernel-livepatch-MICRO-6-0_Update_9 Announcement ID: SUSE-SU-2025:21098-1 Release Date: 2025-11-28T08:19:30Z Rating: important References: * bsc#1248672 * bsc#1249537 Cross-References: * CVE-2025-38500 * CVE-2025-38616 CVSS scores: * CVE-2025-38500 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38500 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38500 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38616 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2025-38616 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0_Update_9 fixes the following issues: * CVE-2025-38500: xfrm: interface: fix use-after-free after changing collect_md xfrm interface (bsc#1248672) * CVE-2025-38616: tls: handle data disappearing from under the TLS ULP (bsc#1249537) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-224=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-6_4_0-31-default-9-1.2 * kernel-livepatch-6_4_0-31-default-debuginfo-9-1.2 * kernel-livepatch-MICRO-6-0_Update_9-debugsource-9-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-38500.html * https://www.suse.com/security/cve/CVE-2025-38616.html * https://bugzilla.suse.com/show_bug.cgi?id=1248672 * https://bugzilla.suse.com/show_bug.cgi?id=1249537 . The security update addresses important vulnerabilities in SUSE's kernel-livepatch for Linux Micro6.0 products.. SUSE Security Update, kernel-livepatch MICRO, important security fixes. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Dec 09, 2025 Important SuSE
100

SUSE: Key Kernel Livepatch Updates for Issues CVE-2025-38500 CVE-2025-38616

* bsc#1248672 * bsc#1249537 Cross-References: * CVE-2025-38500 . # Security update for kernel-livepatch-MICRO-6-0-RT_Update_11 Announcement ID: SUSE-SU-2025:21103-1 Release Date: 2025-11-28T08:21:31Z Rating: important References: * bsc#1248672 * bsc#1249537 Cross-References: * CVE-2025-38500 * CVE-2025-38616 CVSS scores: * CVE-2025-38500 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38500 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38500 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38616 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2025-38616 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0-RT_Update_11 fixes the following issues: * CVE-2025-38500: xfrm: interface: fix use-after-free after changing collect_md xfrm interface (bsc#1248672) * CVE-2025-38616: tls: handle data disappearing from under the TLS ULP (bsc#1249537) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-216=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_11-debugsource-4-1.1 * kernel-livepatch-6_4_0-35-rt-4-1.1 * kernel-livepatch-6_4_0-35-rt-debuginfo-4-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38500.html * https://www.suse.com/security/cve/CVE-2025-38616.html * https://bugzilla.suse.com/show_bug.cgi?id=1248672 * https://bugzilla.suse.com/show_bug.cgi?id=1249537 . Security update for kernel-livepatch-MICRO-6-0 resolving two important issues, ensuring stability andprotection.. kernel live patch,SUSE Linux Micro,security updates,data handling. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Dec 09, 2025 Important SuSE
89

Fedora 39: FEDORA-2024-a8a4ce2864 Critical: Compressed Data Handling Issue

release v1.11.0 release v1.10.1 release v1.10.0. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-a8a4ce2864 2024-03-31 01:12:46.078654 -------------------------------------------------------------------------------- Name : prometheus-podman-exporter Product : Fedora 39 Version : 1.11.0 Release : 1.fc39 URL : https://github.com/containers/prometheus-podman-exporter Summary : Prometheus exporter for podman environment Description : Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information. -------------------------------------------------------------------------------- Update Information: release v1.11.0 release v1.10.1 release v1.10.0 -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 22 2024 Navid Yaghoobi - 1.11.0-1 - release v1.11.0 * Sun Mar 17 2024 Navid Yaghoobi - 1.10.1-1 - release v1.10.1 * Sat Mar 16 2024 Navid Yaghoobi - 1.10.0-1 - release v1.10.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2268896 - CVE-2024-28180 prometheus-podman-exporter: jose-go: improper handling of highly compressed data [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2268896 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-a8a4ce2864' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . The latest update for the prometheus-podman-exporter in Fedora 39 addresses a problem associated with the management of compressed data. Discover more details!. Prometheus Exporter,Fedora 39,Software Update,Podman,Security Advisory. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Mar 31, 2024 Critical Fedora
89

Fedora 39: 2024-22f1e313dd Critical: Podman-TUI Improper Data Management

podman-tui release v1.0.0 Security fix for [CVE-2024-28180]. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-22f1e313dd 2024-03-30 01:08:11.513494 -------------------------------------------------------------------------------- Name : podman-tui Product : Fedora 39 Version : 1.0.0 Release : 1.fc39 URL : https://github.com/containers/podman-tui Summary : Podman Terminal User Interface Description : podman-tui is a terminal user interface for Podman v4. podman-tui is using podman.socket service to communicate with podman environment and SSH to connect to remote podman machines. -------------------------------------------------------------------------------- Update Information: podman-tui release v1.0.0 Security fix for [CVE-2024-28180] -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 21 2024 Navid Yaghoobi - 1.0.0-1 - release v1.0.0 * Sat Mar 16 2024 Navid Yaghoobi - 0.18.0-1 - release v0.18.0 * Sun Feb 11 2024 Maxwell G - 0.17.0-2 - Rebuild for golang 1.22.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2268848 - CVE-2024-28176 podman-tui: go-jose: resource exhaustion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2268848 [ 2 ] Bug #2268895 - CVE-2024-28180 podman-tui: jose-go: improper handling of highly compressed data [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2268895 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-22f1e313dd' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used bythe Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Container-UI v1.0.0 for Ubuntu 22.04 comes with updates mitigating vulnerabilities related to memory overflow and input validation problems.. Podman TUI, Fedora 39 Update, Security Fix. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Mar 30, 2024 Critical Fedora
89

Fedora 40: 2024-560a7aca85 Critical: Apptainer Resource Issues

Update to upstream 1.3.0, and security fixes for CVE-2024-28176 and CVE-2024-28180. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-560a7aca85 2024-03-23 00:20:56.401412 -------------------------------------------------------------------------------- Name : apptainer Product : Fedora 40 Version : 1.3.0 Release : 1.fc40 URL : https://apptainer.org Summary : Application and environment virtualization formerly known as Singularity Description : Apptainer provides functionality to make portable containers that can be used across host environments. -------------------------------------------------------------------------------- Update Information: Update to upstream 1.3.0, and security fixes for CVE-2024-28176 and CVE-2024-28180 -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 13 2024 Dave Dykstra - 1.3.0 - Update to upstream 1.3.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2268820 - CVE-2024-28176 jose: resource exhaustion https://bugzilla.redhat.com/show_bug.cgi?id=2268820 [ 2 ] Bug #2268854 - CVE-2024-28180 jose-go: improper handling of highly compressed data https://bugzilla.redhat.com/show_bug.cgi?id=2268854 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-560a7aca85' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . The recent Fedora 40 update for Apptainer version 1.3.0 tackles significant security vulnerabilities associated with resource overconsumption and data handling practices.. Fedora, Apptainer, Security Fix, Resource Exhaustion, Data Handling. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Mar 23, 2024 Critical Fedora
202

openSUSE Leap 15.5: 2024:0812-1 Important: Go1.22 Security Update

This update for go1.22 fixes the following issues: Upgrade go to version 1.22.1 CVE-2023-45289: net/http, net/http/cookiejar: incorrect forwarding of. # Security update for go1.22 Announcement ID: SUSE-SU-2024:0812-1 Rating: important References: * bsc#1218424 * bsc#1219988 * bsc#1220999 * bsc#1221000 * bsc#1221001 * bsc#1221002 * bsc#1221003 Cross-References: * CVE-2023-45289 * CVE-2023-45290 * CVE-2024-24783 * CVE-2024-24784 * CVE-2024-24785 CVSS scores: * CVE-2023-45289 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-45290 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-24783 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-24784 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2024-24785 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * Development Tools Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves five vulnerabilities and has two security fixes can now be installed. ## Description: This update for go1.22 fixes the following issues: * Upgrade go to version 1.22.1 * CVE-2023-45289: net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (bsc#1221000) * CVE-2023-45290: net/http: memory exhaustion in Request.ParseMultipartForm (bsc#1221001) * CVE-2024-24783: crypto/x509: Verify panics on certificates with an unknown public key algorithm (bsc#1220999) * CVE-2024-24784: net/mail: comments in display names are incorrectly handled (bsc#1221002) * CVE-2024-24785: html/template: errors returned from MarshalJSON methods may break template escaping (bsc#1221003) ## Patch Instructions: To install thisSUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-812=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-812=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * go1.22-1.22.1-150000.1.9.1 * go1.22-doc-1.22.1-150000.1.9.1 * go1.22-race-1.22.1-150000.1.9.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * go1.22-1.22.1-150000.1.9.1 * go1.22-doc-1.22.1-150000.1.9.1 * go1.22-race-1.22.1-150000.1.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45289.html * https://www.suse.com/security/cve/CVE-2023-45290.html * https://www.suse.com/security/cve/CVE-2024-24783.html * https://www.suse.com/security/cve/CVE-2024-24784.html * https://www.suse.com/security/cve/CVE-2024-24785.html * https://bugzilla.suse.com/show_bug.cgi?id=1218424 * https://bugzilla.suse.com/show_bug.cgi?id=1219988 * https://bugzilla.suse.com/show_bug.cgi?id=1220999 * https://bugzilla.suse.com/show_bug.cgi?id=1221000 * https://bugzilla.suse.com/show_bug.cgi?id=1221001 * https://bugzilla.suse.com/show_bug.cgi?id=1221002 * https://bugzilla.suse.com/show_bug.cgi?id=1221003 . A significant announcement for openSUSE go1.22 resolves various problems and introduces security enhancements related to the management of confidential information.. openSUSE Update, go1.22 Security, Software Fix, Go Upgrade. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Mar 08, 2024 Important OpenSUSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200