Alerts This Week
Warning Icon 1 609
Alerts This Week
Warning Icon 1 609

Stay Secure with the Latest Linux Advisories

Fedora Large Esm H800
Fedora

Fedora 44 Transmission 4.1.2 Important Clickjacking Fix CVE-2026-38978

Calendar White Jun 05, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 44 libre 4.8.1 Critical Update Details for Real-Time Communication

Calendar White Jun 05, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 44 NextCloud Update Denial of Service JSON Tampering 2026-30881a5be7

Calendar White Jun 05, 2026
Important
Fedora Large Esm H800
Fedora

Fedora 44 python-starlette Security Fix for CVE-2026-48710

Calendar White Jun 05, 2026
Critical
Fedora Large Esm H900
Fedora

Fedora 44 perl-Cpanel-JSON-XS Moderate Denial of Service CVE-2026-9516

Calendar White Jun 05, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 44 rubygem-yard High Path Traversal Fix Vuln 2026-acefc1fe48

Calendar White Jun 05, 2026
high
Fedora Large Esm H800
Fedora

Fedora 44 Rust Sequoia Sop Low-Severity Fix Advisory 2026-5c5f4f40a4

Calendar White Jun 05, 2026
Low
Fedora Large Esm H900
Fedora

Fedora 44 rust-sequoia-sq Low Threat Security Advisory 2026-5c5f4f40a4

Calendar White Jun 05, 2026
Low
Fedora Large Esm H900
Fedora

Fedora 44 rust-sequoia-wot Low Severity Security Fix 2026-5c5f4f40a4

Calendar White Jun 05, 2026
Low
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 3 articles for you...
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisoryimportantpatch update

openSUSE Leap Micro 5.2: Important Update for AES OCB Issue

An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:2328-1 Rating: important References: #1201099 Cross-References: CVE-2022-2097 CVSS scores: CVE-2022-2097 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-2097 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-2328=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.51.1 libopenssl1_1-1.1.1d-150200.11.51.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.51.1 libopenssl1_1-hmac-1.1.1d-150200.11.51.1 openssl-1_1-1.1.1d-150200.11.51.1 openssl-1_1-debuginfo-1.1.1d-150200.11.51.1 openssl-1_1-debugsource-1.1.1d-150200.11.51.1 References: https://www.suse.com/security/cve/CVE-2022-2097.html https://bugzilla.suse.com/1201099 . A vital patch is now available for openSUSE to fix a major vulnerability in openssl-1_1. To learn more about current threats and updates, refer to the official documentation. openSUSE Security Update, OpenSSL Fixes, Important Issues, AES OCB Threat. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Sep 01, 2022 Important OpenSUSE
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorydenial of serviceimportant

SUSE SLE15: 2022:1449-1 Important: Curl And OpenSSL Security Update

The container suse/sle15 was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1449-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.17.20 , suse/sle15:15.3 , suse/sle15:15.3.17.17.20 Container Release : 17.17.20 Severity : important Type : security References : 1200735 1200737 1201099 CVE-2022-2097 CVE-2022-32206 CVE-2022-32208 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2327-1 Released: Thu Jul 7 15:06:13 2022 Summary: Security update for curl Type: security Severity: important References: 1200735,1200737,CVE-2022-32206,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2328-1 Released: Thu Jul 7 15:07:35 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201099,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). The following package changes have been done: - libcurl4-7.66.0-150200.4.36.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.51.1 updated - libopenssl1_1-1.1.1d-150200.11.51.1 updated - openssl-1_1-1.1.1d-150200.11.51.1 updated . SUSE Container Patch Notice for suse/sle15 featuring essential security enhancements for curl and openssl, with necessary fixes implemented.. SUSE Container Update,SUSE Security Advisory,Curl Security Patches,OpenSSL Fixes. .Severity: Important. LinuxSecurity.com Team

Calendar 2 Jul 08, 2022 Important SuSE
Banner 2 1028x280 1708121730 1 1771599631
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryFedoracritical update

Fedora 34: 2022-A4BCA77F88 Critical: Libreswan Encryption Issue

Resolves: CVE-2022-23094. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-a4bca77f88 2022-01-20 08:31:04.549624 --------------------------------------------------------------------------------Name : libreswan Product : Fedora 34 Version : 4.6 Release : 1.fc34 URL : https://libreswan.org/ Summary : Internet Key Exchange (IKEv1 and IKEv2) implementation for IPsec Description : Libreswan is a free implementation of IPsec & IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted net is encrypted by the ipsec gateway machine and decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network or VPN. This package contains the daemons and userland tools for setting up Libreswan. Libreswan also supports IKEv2 (RFC7296) and Secure Labeling Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04 --------------------------------------------------------------------------------Update Information: Resolves: CVE-2022-23094 --------------------------------------------------------------------------------ChangeLog: * Wed Jan 12 2022 Paul Wouters - 4.6-1 - Resolves: CVE-2022-23094 - Resolves: rhbz#2039604 libreswan-4.6 is available - Add gpg key and signature check for build --------------------------------------------------------------------------------References: [ 1 ] Bug #2039604 - libreswan-4.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=2039604 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-a4bca77f88' at the command line. For more information,refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . The latest update for Fedora 34 addresses CVE-2022-23094 in libreswan, introducing essential enhancements to encryption protocols.. Libreswan Update,Fedora 34 Security,IPsec VPN,Encryption Improvements. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jan 20, 2022 Critical Fedora
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisoryPostgreSQLSSL issue

openSUSE Leap 15.3: 2021:3759-1 Important SSL Issues in PostgreSQL14

An update that fixes two vulnerabilities is now available. . openSUSE Security Update: Security update for postgresql14 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:3759-1 Rating: important References: #1191782 #1192516 Cross-References: CVE-2021-23214 CVE-2021-23222 CVSS scores: CVE-2021-23214 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-23222 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for postgresql14 fixes the following issues: - CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516). - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516). - Let rpmlint ignore shlib-policy-name-error (boo#1191782). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-3759=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libecpg6-14.1-5.6.1 libecpg6-debuginfo-14.1-5.6.1 libpq5-14.1-5.6.1 libpq5-debuginfo-14.1-5.6.1 postgresql14-14.1-5.6.1 postgresql14-contrib-14.1-5.6.1 postgresql14-contrib-debuginfo-14.1-5.6.1 postgresql14-debuginfo-14.1-5.6.1 postgresql14-debugsource-14.1-5.6.1 postgresql14-devel-14.1-5.6.1 postgresql14-devel-debuginfo-14.1-5.6.1 postgresql14-devel-mini-14.1-5.6.1 postgresql14-devel-mini-debuginfo-14.1-5.6.1 postgresql14-llvmjit-14.1-5.6.1 postgresql14-llvmjit-debuginfo-14.1-5.6.1 postgresql14-plperl-14.1-5.6.1 postgresql14-plperl-debuginfo-14.1-5.6.1 postgresql14-plpython-14.1-5.6.1 postgresql14-plpython-debuginfo-14.1-5.6.1 postgresql14-pltcl-14.1-5.6.1 postgresql14-pltcl-debuginfo-14.1-5.6.1 postgresql14-server-14.1-5.6.1 postgresql14-server-debuginfo-14.1-5.6.1 postgresql14-server-devel-14.1-5.6.1 postgresql14-server-devel-debuginfo-14.1-5.6.1 postgresql14-test-14.1-5.6.1 - openSUSE Leap 15.3 (x86_64): libecpg6-32bit-14.1-5.6.1 libecpg6-32bit-debuginfo-14.1-5.6.1 libpq5-32bit-14.1-5.6.1 libpq5-32bit-debuginfo-14.1-5.6.1 - openSUSE Leap 15.3 (noarch): postgresql14-docs-14.1-5.6.1 References: https://www.suse.com/security/cve/CVE-2021-23214.html https://www.suse.com/security/cve/CVE-2021-23222.html https://bugzilla.suse.com/1191782 https://bugzilla.suse.com/1192516 . A critical security patch for postgresql14 on openSUSE addresses several vulnerabilities, improving both data protection and system reliability.. PostgreSQL Update, OpenSUSE Patches, Security Measures. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Nov 22, 2021 Important OpenSUSE
Banner 2 1028x280 1708121730 1 1771599631
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorysoftware updatemoderate impact

RHEL 8: RHSA-2021-4409-03 Moderate libgcrypt Side-Channel Fix

An update for libgcrypt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: libgcrypt security and bug fix update Advisory ID: RHSA-2021:4409-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4409 Issue date: 2021-11-09 CVE Names: CVE-2021-33560 ==================================================================== 1. Summary: An update for libgcrypt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. Security Fix(es): * libgcrypt: mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm (CVE-2021-33560) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1970096 - CVE-2021-33560 libgcrypt: mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm 1976137 - Enable hardware optimizations in FIPS mode 6. Package List: Red Hat Enterprise Linux BaseOS (v. 8): Source: libgcrypt-1.8.5-6.el8.src.rpm aarch64: libgcrypt-1.8.5-6.el8.aarch64.rpm libgcrypt-debuginfo-1.8.5-6.el8.aarch64.rpm libgcrypt-debugsource-1.8.5-6.el8.aarch64.rpm libgcrypt-devel-1.8.5-6.el8.aarch64.rpm libgcrypt-devel-debuginfo-1.8.5-6.el8.aarch64.rpm ppc64le: libgcrypt-1.8.5-6.el8.ppc64le.rpm libgcrypt-debuginfo-1.8.5-6.el8.ppc64le.rpm libgcrypt-debugsource-1.8.5-6.el8.ppc64le.rpm libgcrypt-devel-1.8.5-6.el8.ppc64le.rpm libgcrypt-devel-debuginfo-1.8.5-6.el8.ppc64le.rpm s390x: libgcrypt-1.8.5-6.el8.s390x.rpm libgcrypt-debuginfo-1.8.5-6.el8.s390x.rpm libgcrypt-debugsource-1.8.5-6.el8.s390x.rpm libgcrypt-devel-1.8.5-6.el8.s390x.rpm libgcrypt-devel-debuginfo-1.8.5-6.el8.s390x.rpm x86_64: libgcrypt-1.8.5-6.el8.i686.rpm libgcrypt-1.8.5-6.el8.x86_64.rpm libgcrypt-debuginfo-1.8.5-6.el8.i686.rpm libgcrypt-debuginfo-1.8.5-6.el8.x86_64.rpm libgcrypt-debugsource-1.8.5-6.el8.i686.rpm libgcrypt-debugsource-1.8.5-6.el8.x86_64.rpm libgcrypt-devel-1.8.5-6.el8.i686.rpm libgcrypt-devel-1.8.5-6.el8.x86_64.rpm libgcrypt-devel-debuginfo-1.8.5-6.el8.i686.rpm libgcrypt-devel-debuginfo-1.8.5-6.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-33560 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/8.5_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGPSIGNATURE----- Version: GnuPG v1 iQIVAwUBYYrc7dzjgjWX9erEAQjhNw//RiJ7fkdY/H3C+UpkC4DWmYu18qSY/x9B topoqO8ID7x7Nnj8K+pXqBGA9TyHjhtGC+vxjHtXBWgbM1yIR1bIVcSWvalsiiMZ gEGsv/MNWbjvC0qDMxpYTBy1+Sa5qv3yV+D1XHU1rEDF9huPu/maQikyy7O/y5vl MWAyIee6LLZf+mebVN6VwGAH8puAvc7GA1Aobrwh5bjNKoVVesT46Wj2+oLV/tKW PNuINOjFL7ujNhpmzlYEitcsuDOdFJnr+XsEmPZcnNB80D/jlEJd6KNe7fZnrEVP YFQIFMz1VsEbPLGhRDJAnUQlCimq7viO9p6XTMLOZQ0TeeIrvu6owRMskI6qXHgb +3JUAU8kePQXrdf3ROhShd3o6jLEA7qjlIWTCdb6Id1TrPurbcd+hOofvFb+MGNi oreK3cH87/0Gja5C4t9eKUcuiM2mu6XCklJ0FeWN1xeOpp5+rHY2zKPQZ2RQ2EQE ZScqE1JHiVZ7sHzDWmmtqBnk3B8LbjMfWg3dHBcTNy2fn5DHy7uHP/2jlVACRbe+ EONHSy1V1r3BV2JzrEu69EPp0lPZRbjm4CgLZ6/qwwmrpVNV0A3UBEVeVsmxkpM4 pqmVkwdqxTkEq8VUA3GQRjP8n/Fjm6D0MK+BwEVOmbPPY3V00BsPnL/4ZCdhWcVt bIa6gK7va4U=Ldxd -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . A revision for libgcrypt tackles a moderate vulnerability in CentOS Stream 8, bolstering cryptographic integrity.. libgcrypt update, Red Hat security, product security fix, encryption issues, enterprise Linux advisory. . LinuxSecurity.com Team

Calendar 2 Nov 09, 2021 Red Hat
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorymoderatefedora

Fedora 34: 2021-85c9774673 Moderate: Plasma Vault Fix for CVE-2021-28117

KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-85c9774673 2021-03-20 00:16:30.596946 --------------------------------------------------------------------------------Name : plasma-vault Product : Fedora 34 Version : 5.21.3 Release : 1.fc34 URL : Summary : Plasma Vault offers strong encryption features in a user-friendly way Description : Plasma Vault allows to lock and encrypt sets of documents and hide them from prying eyes even when the user is logged in. --------------------------------------------------------------------------------Update Information: KDE Plasma 5.21.3 release. ---- Fix for CVE-2021-28117 --------------------------------------------------------------------------------ChangeLog: * Tue Mar 16 2021 Jan Grulich - 5.21.3-1 - 5.21.3 --------------------------------------------------------------------------------References: [ 1 ] Bug #1937887 - CVE-2021-28117 plasma-discover: missing URI scheme validation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1937887 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-85c9774673' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . Delve into the latest Fedora 34 release, which incorporates the plasma-vault update, addressing CVE-2021-28117 while introducing advanced encryption capabilities.. Fedora Update, Plasma Encryption, Security Patch, Document Locking. . LinuxSecurity.com Team

Calendar 2 Mar 19, 2021 Fedora
Banner 2 1028x280 1708121730 1 1771599631
203
Ls Advisories Mageia Esm H240
Price Tag 1security advisorymoderatemoderate severity

Mageia 7 MGASA-2021-0103 Moderate: Wi-Fi Internal Errors

Updated nonfree firmwares fixees various issues, adds new / improved hardware support and fixes atleast the following security issue: An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to . MGASA-2021-0103 - Updated nonfree firmware packages fix security vulnerability Publication date: 04 Mar 2021 URL: https://advisories.mageia.org/MGASA-2021-0103.html Type: security Affected Mageia releases: 7 CVE: CVE-2019-15126 Updated nonfree firmwares fixees various issues, adds new / improved hardware support and fixes atleast the following security issue: An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic (CVE-2019-15126). Full list of updates: * kernel-firmware-nonfree: - add firmware for Lontium LT9611UXC DSI to HDMI bridge - brcm: Add NVRAM for Vamrs 96boards Rock960 - brcm: make AP6212 in bananpi m2 plus/zero work - brcm: Link RPi4's WiFi firmware with DMI machine name - brcm: Update Raspberry Pi 3B+/4B NVRAM for downstream changes - brcm: remove old brcm firmwares that have newer cypress variants (CVE-2019-15126) - cypress: Link the new cypress firmware to the old brcm files (CVE-2019-15126) - i915: Add GuC firmware v49.0.1 for all platforms - i915: Add GuC v49.0.1 for DG1 - i915: Add HuC v7.7.1 for DG1 - i915: Add DMC v2.01 for ADL-S - mediatek: update MT8173 VPU firmware to v1.1.6 - mediatek: add firmware for MT7921 - Mellanox: Add new mlxsw_spectrum firmware xx.2008.2304 - QCA : Updated firmware files for WCN3991 - qcom: add firmware files for Adreno a650 - qcom: Add SM8250 Audio DSP firmware - qcom: Add SM8250 Compute DSP firmware - qcom: Add venus firmware files for VPU-1.0 * iwlwifi-firmware: - Updatefirmware for Intel Bluetooth 9260, 9560 to 22.20.0.3 - Update firmware for Intel Bluetooth AX200, AX201, AX210 to 22.30.0.4 * rtlwifi-firmware: - rtl_bt: Update RTL8821C BT(USB I/F) FW to 0x829a_7644 - rtl_bt: Update RTL8822C BT(USB I/F) FW to 0x099a_7253 - rtl_bt: Update RTL8822C BT(UART I/F) FW to 0x059A_25CB - rtl_bt: Add firmware and config files for RTL8852A BT USB chip - rtw88: RTL8821C: Update firmware to v24.8 (for rfe type 2 support) - rtw88: RTL8822C: Update normal firmware to v9.9.5 (performance fixes) - rtw89: 8852a: add firmware v0.9.12.2 * radeon-firmware: - amdgpu: add initial firmware for green sardine References: - https://bugs.mageia.org/show_bug.cgi?id=28475 - https://www.cve.org/CVERecord?id=CVE-2019-15126 SRPMS: - 7/nonfree/kernel-firmware-nonfree-20210223-1.mga7.nonfree - 7/nonfree/radeon-firmware-20210211-1.mga7.nonfree . Explore the newest Mageia security bulletin focused on severe Wi-Fi encryption vulnerabilities alongside essential firmware enhancements.. Mageia Firmware Update, Wi-Fi Security Fix, Internal Errors. . LinuxSecurity.com Team

Calendar 2 Mar 04, 2021 Mageia
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorysoftware updatekernel patch

SUSE 15 Important: Kernel Live Patch 2020:3441-1 Severe: Type Confusion

An update that fixes three vulnerabilities is now available. . SUSE Security Update: Security update for the Linux Kernel (Live Patch 19 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3441-1 Rating: important References: #1177513 #1177729 #1178003 Cross-References: CVE-2020-0430 CVE-2020-12351 CVE-2020-25645 Affected Products: SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-150_55 fixes several issues. The following security issues were fixed: - CVE-2020-0430: Fixed an OOB read in skb_headlen of /include/linux/skbuff.h (bsc#1176723, bsc#1178003). - CVE-2020-12351: Fixed a type confusion while processing AMP packets aka "BleedingTooth" aka "BadKarma" (bsc#1177724, bsc#1177729, bsc#1178397). - CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted (bnc#1177513). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2020-3435=1 SUSE-SLE-Module-Live-Patching-15-2020-3437=1 SUSE-SLE-Module-Live-Patching-15-2020-3438=1 SUSE-SLE-Module-Live-Patching-15-2020-3439=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2020-3441=1 SUSE-SLE-Live-Patching-12-SP4-2020-3442=1 SUSE-SLE-Live-Patching-12-SP4-2020-3444=1 SUSE-SLE-Live-Patching-12-SP4-2020-3446=1 SUSE-SLE-Live-Patching-12-SP4-2020-3447=1SUSE-SLE-Live-Patching-12-SP4-2020-3448=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_47-default-8-2.2 kernel-livepatch-4_12_14-150_47-default-debuginfo-8-2.2 kernel-livepatch-4_12_14-150_52-default-4-2.2 kernel-livepatch-4_12_14-150_52-default-debuginfo-4-2.2 kernel-livepatch-4_12_14-150_55-default-4-2.1 kernel-livepatch-4_12_14-150_55-default-debuginfo-4-2.1 kernel-livepatch-4_12_14-150_58-default-3-2.1 kernel-livepatch-4_12_14-150_58-default-debuginfo-3-2.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_51-default-6-2.2 kgraft-patch-4_12_14-95_54-default-4-2.2 kgraft-patch-4_12_14-95_57-default-4-2.1 kgraft-patch-4_12_14-95_60-default-3-2.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64): kgraft-patch-4_12_14-95_45-default-8-2.2 kgraft-patch-4_12_14-95_48-default-7-2.2 References: https://www.suse.com/security/cve/CVE-2020-0430.html https://www.suse.com/security/cve/CVE-2020-12351.html https://www.suse.com/security/cve/CVE-2020-25645.html https://bugzilla.suse.com/1177513 https://bugzilla.suse.com/1177729 https://bugzilla.suse.com/1178003 . Important SUSE Kernel Security Update for Live Patching fixing critical issues, including type confusion and IPsec flaws.. Kernel Patch, SUSE Live Patching, Security Update, System Fix. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Nov 19, 2020 Important SuSE
Banner 2 1028x280 1708121730 1 1771599631
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here