Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 56 articles for you...
203

Mageia 9: 2025-0186 moderate: MariaDB crash and DOS risks

MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2 - CVE-2023-52969. MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through . MGASA-2025-0186 - Updated mariadb packages fix security vulnerabilities Publication date: 11 Jun 2025 URL: https://advisories.mageia.org/MGASA-2025-0186.html Type: security Affected Mageia releases: 9 CVE: CVE-2023-52969, CVE-2023-52970, CVE-2023-52971, CVE-2025-30693, CVE-2025-30722 MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2 - CVE-2023-52969. MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where - CVE-2023-52970. MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan - CVE-2023-52971. Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H) - CVE-2025-30693. Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Client accessible data as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N) - CVE-2025-30722 References: - https://bugs.mageia.org/show_bug.cgi?id=34342 - https://mariadb.com/docs/release-notes/community-server/11.4/11.4.7 - https://mariadb.com/docs/release-notes/community-server/11.4/11.4.6 - https://ubuntu.com/security/notices/USN-7548-1 - https://www.cve.org/CVERecord?id=CVE-2023-52969 - https://www.cve.org/CVERecord?id=CVE-2023-52970 - https://www.cve.org/CVERecord?id=CVE-2023-52971 - https://www.cve.org/CVERecord?id=CVE-2025-30693 - https://www.cve.org/CVERecord?id=CVE-2025-30722 SRPMS: - 9/core/mariadb-11.4.7-1.mga9 . The recent MariaDB enhancements within Mageia tackle a range of security flaws, bolstering system robustness and protecting data accuracy for its community.. MariaDB Security, Mageia Update, DOS Prevention, Crash Protection. . LinuxSecurity.com Team

Calendar%202 Jun 11, 2025 Mageia
89

Fedora 42: FEDORA-2025-d2d34aad4c critical: dnsdist DoS issue

Updated to 1.9.10, this fixes CVE-2025-30193: Denial of service via crafted TCP exchange. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-d2d34aad4c 2025-05-30 01:14:13.237061+00:00 -------------------------------------------------------------------------------- Name : dnsdist Product : Fedora 42 Version : 1.9.10 Release : 1.fc42 URL : https://www.dnsdist.org/index.html Summary : Highly DNS-, DoS- and abuse-aware loadbalancer Description : dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its goal in life is to route traffic to the best server, delivering top performance to legitimate users while shunting or blocking abusive traffic. -------------------------------------------------------------------------------- Update Information: Updated to 1.9.10, this fixes CVE-2025-30193: Denial of service via crafted TCP exchange -------------------------------------------------------------------------------- ChangeLog: * Wed May 21 2025 Sander Hoentjen - 1.9.10-1 - Update to 1.9.10 - fixes #2367441 - fixes #2367560, #2367561, #2367562, #2367460 (CVE-2025-30193) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2367441 - dnsdist-1.9.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=2367441 [ 2 ] Bug #2367560 - CVE-2025-30193 dnsdist: Denial of service via crafted TCP exchange [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2367560 [ 3 ] Bug #2367561 - CVE-2025-30193 dnsdist: Denial of service via crafted TCP exchange [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2367561 [ 4 ] Bug #2367562 - CVE-2025-30193 dnsdist: Denial of service via crafted TCP exchange [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2367562 -------------------------------------------------------------------------------- This update can be installed with the "dnf"update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-d2d34aad4c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Resolves a security vulnerability in dnsdist affecting Fedora 42 through an upgrade to version 1.9.10.. dnsdist update, fedora advisory, DoS mitigation, load balancer security. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 30, 2025 Critical Fedora
100

SUSE 12 SP5: 2025-0394-1 important: tomcat RCE & DoS issues

* bsc#1234663 * bsc#1234664 Cross-References: * CVE-2024-50379 . # Security update for tomcat Announcement ID: SUSE-SU-2025:0394-1 Release Date: 2025-02-10T07:34:45Z Rating: important References: * bsc#1234663 * bsc#1234664 Cross-References: * CVE-2024-50379 * CVE-2024-54677 CVSS scores: * CVE-2024-50379 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-50379 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50379 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-54677 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-54677 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-54677 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for tomcat fixes the following issues: * CVE-2024-50379: Fixed remote code execution (RCE) due to TOCTOU issue in JSP compilation (bsc#1234663). * CVE-2024-54677: Fixed denial-of-service (DoS) attack in examples web application (bsc#1234664). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-394=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-394=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) *tomcat-javadoc-9.0.36-3.136.1 * tomcat-servlet-4_0-api-9.0.36-3.136.1 * tomcat-jsp-2_3-api-9.0.36-3.136.1 * tomcat-el-3_0-api-9.0.36-3.136.1 * tomcat-docs-webapp-9.0.36-3.136.1 * tomcat-admin-webapps-9.0.36-3.136.1 * tomcat-lib-9.0.36-3.136.1 * tomcat-webapps-9.0.36-3.136.1 * tomcat-9.0.36-3.136.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * tomcat-javadoc-9.0.36-3.136.1 * tomcat-servlet-4_0-api-9.0.36-3.136.1 * tomcat-jsp-2_3-api-9.0.36-3.136.1 * tomcat-el-3_0-api-9.0.36-3.136.1 * tomcat-docs-webapp-9.0.36-3.136.1 * tomcat-admin-webapps-9.0.36-3.136.1 * tomcat-lib-9.0.36-3.136.1 * tomcat-webapps-9.0.36-3.136.1 * tomcat-9.0.36-3.136.1 ## References: * https://www.suse.com/security/cve/CVE-2024-50379.html * https://www.suse.com/security/cve/CVE-2024-54677.html * https://bugzilla.suse.com/show_bug.cgi?id=1234663 * https://bugzilla.suse.com/show_bug.cgi?id=1234664 . SUSE announces critical updates for Tomcat, tackling vulnerabilities related to remote code execution and denial-of-service concerns, including comprehensive fix insights.. tomcat security, software update, remote execution, DoS attack, SUSE advisory. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Feb 10, 2025 Important SuSE
197

Debian 11: DLA-4006-1 critical: python-django DoS Advisory

It was discovered that there was a potential Denial of Service (DoS) vulnerability, in Django, a popular Python-based web development framework. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4006-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Chris Lamb December 31, 2024 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : python-django Version : 2:2.2.28-1~deb11u3 CVE ID : CVE-2024-53907 It was discovered that there was a potential Denial of Service (DoS) vulnerability, in Django, a popular Python-based web development framework. The strip_tags() method and striptags template filter were subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities. For Debian 11 bullseye, this problem has been fixed in version 2:2.2.28-1~deb11u3. We recommend that you upgrade your python-django packages. For the detailed security status of python-django please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/python-django Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Debian LTS Advisory DLA-4007-1 resolves a critical vulnerability in python-flask. It is recommended to update to version 1:1.1.2-1~deb11u4 immediately.. DoS Vulnerability, python-django, Debian security advisory. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Dec 31, 2024 Critical Debian LTS
87

Debian DSA-5697-1 Critical: Chromium Arbitrary Code and DOS Threat

A security issue was discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. Google is aware that an exploit for CVE-2024-5274 exists in the wild. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-5697-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Andres Salomon May 24, 2024 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium CVE ID : CVE-2024-5274 A security issue was discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. Google is aware that an exploit for CVE-2024-5274 exists in the wild. For the stable distribution (bookworm), this problem has been fixed in version 125.0.6422.112-1~deb12u1. We recommend that you upgrade your chromium packages. For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/chromium Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . The Mozilla Security Bulletin regarding Firefox flaws provides essential patch details and update guidance for secure browsing practices.. Chromium Security Update, Debian Advisory, Arbitrary Code Threats. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 24, 2024 Critical Debian
219

Rocky Linux 8 RLSA-2024:1510 critical: Node.js DoS attacks update

Important: nodejs:18 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2024:1510", "synopsis": "Important: nodejs:18 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for nodejs-nodemon, module.nodejs, nodejs, module.nodejs-nodemon, module.nodejs-packaging, nodejs-packaging.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Node.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language.\n\nSecurity Fix(es):\n\n* nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (CVE-2024-22019)\n\n* nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin) (CVE-2023-46809)\n\n* nodejs: code injection and privilege escalation through Linux capabilities (CVE-2024-21892)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2264569", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2264569", "description": ""}, {"ticket": "2264574", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2264574", "description": ""}, {"ticket": "2264582", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2264582", "description": ""}], "cves": [{"name": "CVE-2023-46809", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2023-46809", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2024-21892", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-21892", "cvss3ScoringVector": "UNKNOWN","cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}, {"name": "CVE-2024-22019", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-22019", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}], "references": [], "publishedAt": "2024-03-27T04:34:32.999941Z", "rpms": {"Rocky Linux 8": {"nvras": ["nodejs-1:18.19.1-1.module+el8.9.0+1768+6b454dc0.aarch64.rpm", "nodejs-1:18.19.1-1.module+el8.9.0+1768+6b454dc0.src.rpm", "nodejs-1:18.19.1-1.module+el8.9.0+1768+6b454dc0.x86_64.rpm", "nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+1768+6b454dc0.aarch64.rpm", "nodejs-debuginfo-1:18.19.1-1.module+el8.9.0+1768+6b454dc0.x86_64.rpm", "nodejs-debugsource-1:18.19.1-1.module+el8.9.0+1768+6b454dc0.aarch64.rpm", "nodejs-debugsource-1:18.19.1-1.module+el8.9.0+1768+6b454dc0.x86_64.rpm", "nodejs-devel-1:18.19.1-1.module+el8.9.0+1768+6b454dc0.aarch64.rpm", "nodejs-devel-1:18.19.1-1.module+el8.9.0+1768+6b454dc0.x86_64.rpm", "nodejs-docs-1:18.19.1-1.module+el8.9.0+1768+6b454dc0.noarch.rpm", "nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+1768+6b454dc0.aarch64.rpm", "nodejs-full-i18n-1:18.19.1-1.module+el8.9.0+1768+6b454dc0.x86_64.rpm", "nodejs-nodemon-0:3.0.1-1.module+el8.8.0+1459+02651ab6.noarch.rpm", "nodejs-nodemon-0:3.0.1-1.module+el8.8.0+1459+02651ab6.src.rpm", "nodejs-packaging-0:2021.06-4.module+el8.7.0+1072+5b168780.noarch.rpm", "nodejs-packaging-0:2021.06-4.module+el8.7.0+1072+5b168780.src.rpm", "nodejs-packaging-bundler-0:2021.06-4.module+el8.7.0+1072+5b168780.noarch.rpm", "npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+1768+6b454dc0.aarch64.rpm", "npm-1:10.2.4-1.18.19.1.1.module+el8.9.0+1768+6b454dc0.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. The latest Node.js 18 upgrade for Rocky Linux tackles significant security vulnerabilities that could impact system performance and integrity.. Nodejs Security Update, Rocky Linux Advisory, DoS Risks, Code Injection Mitigation. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Mar 27, 2024 Important Rocky Linux
100

SUSE: 2024:0732-1 Important: Nodejs14 DoS and SSRF Fixes for Users

* bsc#1219993 * bsc#1219997 * bsc#1220014 * bsc#1220053 . # Security update for nodejs14 Announcement ID: SUSE-SU-2024:0732-1 Rating: important References: * bsc#1219993 * bsc#1219997 * bsc#1220014 * bsc#1220053 Cross-References: * CVE-2023-46809 * CVE-2024-22019 * CVE-2024-22025 * CVE-2024-24806 CVSS scores: * CVE-2023-46809 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2024-22019 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-24806 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-24806 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves four vulnerabilities can now be installed. ## Description: This update for nodejs14 fixes the following issues: Security issues fixed: * CVE-2023-46809: Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) (bsc#1219997). * CVE-2024-22019: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (bsc#1219993). * CVE-2024-22025: Denial of Service by resource exhaustion in fetch() brotli decoding (bsc#1220014). * CVE-2024-24806: fix improper domain lookup that potentially leads to SSRF attacks (bsc#1219724). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methodslike YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-732=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-732=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-732=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-732=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-732=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-732=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-732=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * nodejs14-debuginfo-14.21.3-150200.15.55.1 * nodejs14-devel-14.21.3-150200.15.55.1 * nodejs14-14.21.3-150200.15.55.1 * nodejs14-debugsource-14.21.3-150200.15.55.1 * npm14-14.21.3-150200.15.55.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * nodejs14-docs-14.21.3-150200.15.55.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * nodejs14-debuginfo-14.21.3-150200.15.55.1 * nodejs14-devel-14.21.3-150200.15.55.1 * nodejs14-14.21.3-150200.15.55.1 * nodejs14-debugsource-14.21.3-150200.15.55.1 * npm14-14.21.3-150200.15.55.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * nodejs14-docs-14.21.3-150200.15.55.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * nodejs14-debuginfo-14.21.3-150200.15.55.1 * nodejs14-devel-14.21.3-150200.15.55.1 *nodejs14-14.21.3-150200.15.55.1 * nodejs14-debugsource-14.21.3-150200.15.55.1 * npm14-14.21.3-150200.15.55.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * nodejs14-docs-14.21.3-150200.15.55.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * nodejs14-debuginfo-14.21.3-150200.15.55.1 * nodejs14-devel-14.21.3-150200.15.55.1 * nodejs14-14.21.3-150200.15.55.1 * nodejs14-debugsource-14.21.3-150200.15.55.1 * npm14-14.21.3-150200.15.55.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * nodejs14-docs-14.21.3-150200.15.55.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * nodejs14-debuginfo-14.21.3-150200.15.55.1 * nodejs14-devel-14.21.3-150200.15.55.1 * nodejs14-14.21.3-150200.15.55.1 * nodejs14-debugsource-14.21.3-150200.15.55.1 * npm14-14.21.3-150200.15.55.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * nodejs14-docs-14.21.3-150200.15.55.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * nodejs14-debuginfo-14.21.3-150200.15.55.1 * nodejs14-devel-14.21.3-150200.15.55.1 * nodejs14-14.21.3-150200.15.55.1 * nodejs14-debugsource-14.21.3-150200.15.55.1 * npm14-14.21.3-150200.15.55.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * nodejs14-docs-14.21.3-150200.15.55.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * nodejs14-debuginfo-14.21.3-150200.15.55.1 * nodejs14-devel-14.21.3-150200.15.55.1 * nodejs14-14.21.3-150200.15.55.1 * nodejs14-debugsource-14.21.3-150200.15.55.1 * npm14-14.21.3-150200.15.55.1 * SUSE Enterprise Storage 7.1 (noarch) * nodejs14-docs-14.21.3-150200.15.55.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46809.html * https://www.suse.com/security/cve/CVE-2024-22019.html * https://www.suse.com/security/cve/CVE-2024-22025.html * https://www.suse.com/security/cve/CVE-2024-24806.html *https://bugzilla.suse.com/show_bug.cgi?id=1219993 * https://bugzilla.suse.com/show_bug.cgi?id=1219997 * https://bugzilla.suse.com/show_bug.cgi?id=1220014 * https://bugzilla.suse.com/show_bug.cgi?id=1220053 . Tackling key challenges in nodejs14 on SUSE; features essential updates and remediation techniques for users.. Nodejs14 Update, SUSE Security Advisory, DoS Attack Fix, SSRF Vulnerability. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Feb 29, 2024 Important SuSE
172

Ubuntu 23.10 USN-6574-1 Critical: Go Code Injection and DoS Threats

Several security issues were fixed in Go.. ========================================================================== Ubuntu Security Notice USN-6574-1 January 11, 2024 Go vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 23.04 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in Go. Software Description: - golang-1.20: Go programming language compiler - golang-1.21: Go programming language compiler Details: Takeshi Kaneko discovered that Go did not properly handle comments and special tags in the script context of html/template module. An attacker could possibly use this issue to inject Javascript code and perform a cross site scripting attack. This issue only affected Go 1.20 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.04. (CVE-2023-39318, CVE-2023-39319) It was discovered that Go did not properly validate the "//go:cgo_" directives during compilation. An attacker could possibly use this issue to inject arbitrary code during compile time. (CVE-2023-39323) It was discovered that Go did not limit the number of simultaneously executing handler goroutines in the net/http module. An attacker could possibly use this issue to cause a panic resulting into a denial of service. (CVE-2023-39325, CVE-2023-44487) It was discovered that the Go net/http module did not properly validate the chunk extensions reading from a request or response body. An attacker could possibly use this issue to read sensitive information. (CVE-2023-39326) It was discovered that Go did not properly validate the insecure "git://" protocol when using go get to fetch a module with the ".git" suffix. An attacker could possibly use this issue to bypass secure protocol checks. (CVE-2023-45285) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: golang-1.20 1.20.8-1ubuntu0.23.10.1 golang-1.20-go 1.20.8-1ubuntu0.23.10.1 golang-1.20-src 1.20.8-1ubuntu0.23.10.1 golang-1.21 1.21.1-1ubuntu0.23.10.1 golang-1.21-go 1.21.1-1ubuntu0.23.10.1 golang-1.21-src 1.21.1-1ubuntu0.23.10.1 Ubuntu 23.04: golang-1.20 1.20.3-1ubuntu0.2 golang-1.20-go 1.20.3-1ubuntu0.2 golang-1.20-src 1.20.3-1ubuntu0.2 golang-1.21 1.21.1-1~ubuntu23.04.2 golang-1.21-go 1.21.1-1~ubuntu23.04.2 golang-1.21-src 1.21.1-1~ubuntu23.04.2 Ubuntu 22.04 LTS: golang-1.20 1.20.3-1ubuntu0.1~22.04.1 golang-1.20-go 1.20.3-1ubuntu0.1~22.04.1 golang-1.20-src 1.20.3-1ubuntu0.1~22.04.1 golang-1.21 1.21.1-1~ubuntu22.04.2 golang-1.21-go 1.21.1-1~ubuntu22.04.2 golang-1.21-src 1.21.1-1~ubuntu22.04.2 Ubuntu 20.04 LTS: golang-1.20 1.20.3-1ubuntu0.1~20.04.1 golang-1.20-go 1.20.3-1ubuntu0.1~20.04.1 golang-1.20-src 1.20.3-1ubuntu0.1~20.04.1 golang-1.21 1.21.1-1~ubuntu20.04.2 golang-1.21-go 1.21.1-1~ubuntu20.04.2 golang-1.21-src 1.21.1-1~ubuntu20.04.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6574-1 CVE-2023-39318, CVE-2023-39319, CVE-2023-39323, CVE-2023-39325, CVE-2023-39326, CVE-2023-44487, CVE-2023-45285 Package Information: https://launchpad.net/ubuntu/+source/golang-1.20/1.20.8-1ubuntu0.23.10.1 https://launchpad.net/ubuntu/+source/golang-1.21/1.21.1-1ubuntu0.23.10.1 https://launchpad.net/ubuntu/+source/golang-1.21/1.21.1-1~ubuntu23.04.2 https://launchpad.net/ubuntu/+source/golang-1.20/1.20.3-1ubuntu0.1~22.04.1 https://launchpad.net/ubuntu/+source/golang-1.21/1.21.1-1~ubuntu22.04.2 https://launchpad.net/ubuntu/+source/golang-1.20/1.20.3-1ubuntu0.1~20.04.1 https://launchpad.net/ubuntu/+source/golang-1.21/1.21.1-1~ubuntu20.04.2 . Multiple Ubuntu variants have released critical updates addressing Go-related security flaws. Ensure you update now for enhanced protection.. Ubuntu Security Notice, Go Programming, Code Injection, DoS Attack, Software Updates. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jan 11, 2024 Critical Ubuntu
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200