Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
202
security advisorylow severitypythonopenSUSE: 2025:0981-1 low: python311 Advisory Security Update
An update that solves one vulnerability and has one security fix can now be installed.. # Security update for python311 Announcement ID: SUSE-SU-2025:0981-1 Release Date: 2025-03-21T14:16:50Z Rating: low References: * bsc#1238450 * bsc#1239210 Cross-References: * CVE-2025-1795 CVSS scores: * CVE-2025-1795 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-1795 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2025-1795 ( NVD ): 2.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.4 * Public Cloud Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for python311 fixes the following issues: * CVE-2025-1795: Fixed mishandling of comma during folding and unicode- encoding of email headers (bsc#1238450). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2025-981=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-981=1 ## Package List: * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python311-3.11.11-150400.9.49.1 * libpython3_11-1_0-3.11.11-150400.9.49.1 * python311-base-3.11.11-150400.9.49.1 * openSUSE Leap15.4 (aarch64 ppc64le s390x x86_64 i586) * python311-tk-3.11.11-150400.9.49.1 * python311-doc-3.11.11-150400.9.49.1 * python311-debuginfo-3.11.11-150400.9.49.1 * python311-idle-3.11.11-150400.9.49.1 * python311-testsuite-3.11.11-150400.9.49.1 * python311-curses-3.11.11-150400.9.49.1 * python311-tk-debuginfo-3.11.11-150400.9.49.1 * python311-3.11.11-150400.9.49.1 * libpython3_11-1_0-debuginfo-3.11.11-150400.9.49.1 * python311-base-debuginfo-3.11.11-150400.9.49.1 * python311-base-3.11.11-150400.9.49.1 * python311-testsuite-debuginfo-3.11.11-150400.9.49.1 * python311-core-debugsource-3.11.11-150400.9.49.1 * python311-doc-devhelp-3.11.11-150400.9.49.1 * python311-tools-3.11.11-150400.9.49.1 * python311-curses-debuginfo-3.11.11-150400.9.49.1 * python311-debugsource-3.11.11-150400.9.49.1 * python311-dbm-debuginfo-3.11.11-150400.9.49.1 * python311-dbm-3.11.11-150400.9.49.1 * python311-devel-3.11.11-150400.9.49.1 * libpython3_11-1_0-3.11.11-150400.9.49.1 * openSUSE Leap 15.4 (x86_64) * libpython3_11-1_0-32bit-debuginfo-3.11.11-150400.9.49.1 * python311-base-32bit-3.11.11-150400.9.49.1 * libpython3_11-1_0-32bit-3.11.11-150400.9.49.1 * python311-base-32bit-debuginfo-3.11.11-150400.9.49.1 * python311-32bit-debuginfo-3.11.11-150400.9.49.1 * python311-32bit-3.11.11-150400.9.49.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libpython3_11-1_0-64bit-debuginfo-3.11.11-150400.9.49.1 * python311-64bit-3.11.11-150400.9.49.1 * python311-64bit-debuginfo-3.11.11-150400.9.49.1 * libpython3_11-1_0-64bit-3.11.11-150400.9.49.1 * python311-base-64bit-debuginfo-3.11.11-150400.9.49.1 * python311-base-64bit-3.11.11-150400.9.49.1 ## References: * https://www.suse.com/security/cve/CVE-2025-1795.html * https://bugzilla.suse.com/show_bug.cgi?id=1238450 * https://bugzilla.suse.com/show_bug.cgi?id=1239210 . Update for python311 tackling mishandling of email headers, low severity fix from openSUSE. Apply thepatch.. security, update, python311, announcement, suse-su-2025, 0981-1, release, 2025-03-21t14. . Severity: Low. LinuxSecurity.com Team
Mar 21, 2025
•Low
OpenSUSE
100
security advisoryupdatelow severitySUSE: 2025:0883-1 Low Severity: Python312 Email Header Correction
* bsc#1238450 * bsc#1239210 Cross-References: * CVE-2025-1795 . # Security update for python312 Announcement ID: SUSE-SU-2025:0883-1 Release Date: 2025-03-17T15:21:49Z Rating: low References: * bsc#1238450 * bsc#1239210 Cross-References: * CVE-2025-1795 CVSS scores: * CVE-2025-1795 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-1795 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2025-1795 ( NVD ): 2.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.6 * Python 3 Module 15-SP6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for python312 fixes the following issues: * CVE-2025-1795: Fixed mishandling of comma during folding and unicode- encoding of email headers (bsc#1238450). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-883=1 openSUSE-SLE-15.6-2025-883=1 * Python 3 Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2025-883=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * python312-testsuite-3.12.9-150600.3.21.1 * python312-idle-3.12.9-150600.3.21.1 * python312-testsuite-debuginfo-3.12.9-150600.3.21.1 * python312-curses-debuginfo-3.12.9-150600.3.21.1 * python312-debuginfo-3.12.9-150600.3.21.1 *python312-3.12.9-150600.3.21.1 * python312-base-debuginfo-3.12.9-150600.3.21.1 * python312-doc-devhelp-3.12.9-150600.3.21.1 * python312-dbm-3.12.9-150600.3.21.1 * libpython3_12-1_0-debuginfo-3.12.9-150600.3.21.1 * python312-debugsource-3.12.9-150600.3.21.1 * python312-core-debugsource-3.12.9-150600.3.21.1 * python312-devel-3.12.9-150600.3.21.1 * python312-tk-3.12.9-150600.3.21.1 * python312-dbm-debuginfo-3.12.9-150600.3.21.1 * python312-base-3.12.9-150600.3.21.1 * python312-tools-3.12.9-150600.3.21.1 * python312-tk-debuginfo-3.12.9-150600.3.21.1 * python312-curses-3.12.9-150600.3.21.1 * libpython3_12-1_0-3.12.9-150600.3.21.1 * python312-doc-3.12.9-150600.3.21.1 * openSUSE Leap 15.6 (x86_64) * python312-32bit-debuginfo-3.12.9-150600.3.21.1 * libpython3_12-1_0-32bit-debuginfo-3.12.9-150600.3.21.1 * python312-base-32bit-3.12.9-150600.3.21.1 * libpython3_12-1_0-32bit-3.12.9-150600.3.21.1 * python312-base-32bit-debuginfo-3.12.9-150600.3.21.1 * python312-32bit-3.12.9-150600.3.21.1 * openSUSE Leap 15.6 (aarch64_ilp32) * python312-64bit-debuginfo-3.12.9-150600.3.21.1 * python312-64bit-3.12.9-150600.3.21.1 * libpython3_12-1_0-64bit-3.12.9-150600.3.21.1 * libpython3_12-1_0-64bit-debuginfo-3.12.9-150600.3.21.1 * python312-base-64bit-debuginfo-3.12.9-150600.3.21.1 * python312-base-64bit-3.12.9-150600.3.21.1 * Python 3 Module 15-SP6 (aarch64 ppc64le s390x x86_64) * python312-core-debugsource-3.12.9-150600.3.21.1 * python312-devel-3.12.9-150600.3.21.1 * python312-curses-debuginfo-3.12.9-150600.3.21.1 * python312-base-3.12.9-150600.3.21.1 * python312-debuginfo-3.12.9-150600.3.21.1 * python312-tools-3.12.9-150600.3.21.1 * python312-3.12.9-150600.3.21.1 * python312-tk-debuginfo-3.12.9-150600.3.21.1 * python312-idle-3.12.9-150600.3.21.1 * python312-tk-3.12.9-150600.3.21.1 * python312-debugsource-3.12.9-150600.3.21.1 * python312-dbm-debuginfo-3.12.9-150600.3.21.1 *python312-base-debuginfo-3.12.9-150600.3.21.1 * python312-curses-3.12.9-150600.3.21.1 * python312-dbm-3.12.9-150600.3.21.1 * libpython3_12-1_0-debuginfo-3.12.9-150600.3.21.1 * libpython3_12-1_0-3.12.9-150600.3.21.1 ## References: * https://www.suse.com/security/cve/CVE-2025-1795.html * https://bugzilla.suse.com/show_bug.cgi?id=1238450 * https://bugzilla.suse.com/show_bug.cgi?id=1239210 . This notice outlines a security patch for python312, targeting CVE-2025-1795 to enhance the processing of email headers.. python312 security update, SUSE advisory, low severity fix, email header management. . Severity: Low. LinuxSecurity.com Team
Mar 17, 2025
•Low
SuSE
89
security advisoryFedoraemail securityFedora 40: FEDORA-2024-e23e8a3f1e Medium: Dovecot CPU Usage
CVE-2024-23184: A large number of address headers in email resulted in excessive CPU usage. CVE-2024-23185: Abnormally large email headers are now truncated or discarded, with a limit of 10MB on a single header and 50MB for all the headers of all the parts of an email.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-e23e8a3f1e 2024-08-28 02:35:34.688486 -------------------------------------------------------------------------------- Name : dovecot Product : Fedora 40 Version : 2.3.21.1 Release : 1.fc40 URL : https://dovecot.org/ Summary : Secure imap and pop3 server Description : Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages. -------------------------------------------------------------------------------- Update Information: CVE-2024-23184: A large number of address headers in email resulted in excessive CPU usage. CVE-2024-23185: Abnormally large email headers are now truncated or discarded, with a limit of 10MB on a single header and 50MB for all the headers of all the parts of an email. -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 19 2024 Michal Hlavinka - 1:2.3.21.1-1 - updated to 2.3.21.1(2304907) * Wed Jul 17 2024 Fedora Release Engineering - 1:2.3.21-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Tue Jun 18 2024 Michal Hlavinka - 1:2.3.21-8 - fix sieve crash when there are two missing optional scripts - Do not use deprecated OpenSSL v3 ENGINE API - Drop dependency on libstemmer on RHEL * Tue Mar 26 2024 Michal Hlavinka - 1:2.3.21-7 - drop i686 build as perhttps://fedoraproject.org/wiki/Changes/EncourageI686LeafRemoval -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-e23e8a3f1e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Aug 28, 2024
•Medium
Fedora
89
security advisorysecurity updateFedoraFedora 39 Dovecot Update: Excessive CPU Usage and Header Limits
CVE-2024-23184: A large number of address headers in email resulted in excessive CPU usage. CVE-2024-23185: Abnormally large email headers are now truncated or discarded, with a limit of 10MB on a single header and 50MB for all the headers of all the parts of an email.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-ba5bb9f63a 2024-08-28 02:20:34.962027 -------------------------------------------------------------------------------- Name : dovecot Product : Fedora 39 Version : 2.3.21.1 Release : 1.fc39 URL : https://dovecot.org/ Summary : Secure imap and pop3 server Description : Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages. -------------------------------------------------------------------------------- Update Information: CVE-2024-23184: A large number of address headers in email resulted in excessive CPU usage. CVE-2024-23185: Abnormally large email headers are now truncated or discarded, with a limit of 10MB on a single header and 50MB for all the headers of all the parts of an email. -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 19 2024 Michal Hlavinka - 1:2.3.21.1-1 - updated to 2.3.21.1(2304907) * Wed Jul 17 2024 Fedora Release Engineering - 1:2.3.21-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Tue Jun 18 2024 Michal Hlavinka - 1:2.3.21-8 - fix sieve crash when there are two missing optional scripts - Do not use deprecated OpenSSL v3 ENGINE API - Drop dependency on libstemmer on RHEL * Tue Mar 26 2024 Michal Hlavinka - 1:2.3.21-7 - drop i686 build as per https://fedoraproject.org/wiki/Changes/EncourageI686LeafRemoval * Wed Jan 31 2024 Pete Walter -1:2.3.21-6 - Rebuild for ICU 74 * Wed Jan 24 2024 Fedora Release Engineering - 1:2.3.21-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Fri Jan 19 2024 Fedora Release Engineering - 1:2.3.21-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-ba5bb9f63a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Aug 28, 2024
•Important
Fedora
99
security advisorysecurity issueSlackwareSlackware 15.0: SSA:2024-227-01 Critical: Dovecot CPU Issue
New dovecot packages are available for Slackware 15.0 and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] dovecot (SSA:2024-227-01) New dovecot packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/dovecot-2.3.21.1-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: A large number of address headers in email resulted in excessive CPU usage. Abnormally large email headers are now truncated or discarded, with a limit of 10MB on a single header and 50MB for all the headers of all the parts of an email. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-23184 https://www.cve.org/CVERecord?id=CVE-2024-23185 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/dovecot-2.3.21.1-i586-1_slack15.0.txz Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/dovecot-2.3.21.1-x86_64-1_slack15.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/dovecot-2.3.21.1-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/dovecot-2.3.21.1-x86_64-1.txz MD5 signatures: +-------------+ Slackware 15.0 package: d794276c3fd3027c6359588acd4194b4 dovecot-2.3.21.1-i586-1_slack15.0.txz Slackware x86_64 15.0 package: 234a9dd6ab876a5a042f0e0e023c30d7 dovecot-2.3.21.1-x86_64-1_slack15.0.txz Slackware -current package: 7d07927ffafb070680e2c6a8a3ad337b n/dovecot-2.3.21.1-i686-1.txz Slackware x86_64 -current package: c47edd47c6911715760cc7e65e8d1753 n/dovecot-2.3.21.1-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg dovecot-2.3.21.1-i586-1_slack15.0.txz Then restart Dovecot if you are using it: # sh /etc/rc.d/rc.dovecot restart +-----+ . The updated Dovecot distributions for Slackware version 15.0 and -current address CPU performance problems linked to overly lengthy email headers.. Dovecot Packages, Slackware Security, CPU Usage Fix, Email Header Truncation. . Severity: Critical. LinuxSecurity.com Team
Aug 14, 2024
•Critical
Slackware
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!