Explore top 10 tips to secure your open-source projects now. Read More
×An update that solves one vulnerability can now be installed.. # Security update for the Linux Kernel RT (Live Patch 8 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21652-1 Release Date: 2026-05-14T06:30:06Z Rating: important References: * bsc#1264459 Cross-References: * CVE-2026-43284 CVSS scores: * CVE-2026-43284 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-31.1 fixes one security issue The following security issue was fixed: * CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags (bsc#1264459). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-403=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_8-debugsource-17-1.2 * kernel-livepatch-6_4_0-31-rt-17-1.2 * kernel-livepatch-6_4_0-31-rt-debuginfo-17-1.2 ## References: * https://www.suse.com/security/cve/CVE-2026-43284.html * https://bugzilla.suse.com/show_bug.cgi?id=1264459 . SUSE Linux Micro 6.0 Update addresses important xfrm encryption issue via Live Patch.. SUSE Linux Micro, Kernel RT Update, Security Update, xfrm Issue. . Severity: Important. LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # Security update for opensc Announcement ID: SUSE-SU-2025:02754-1 Release Date: 2025-08-12T07:35:15Z Rating: moderate References: * bsc#1219386 Cross-References: * CVE-2023-5992 CVSS scores: * CVE-2023-5992 ( SUSE ): 4.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2023-5992 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N * CVE-2023-5992 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-5992 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * Basesystem Module 15-SP6 * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for opensc fixes the following issues: * CVE-2023-5992: Fixed side-channel leaks while stripping encryption PKCS#1 padding (bsc#1219386). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-2754=1 openSUSE-SLE-15.6-2025-2754=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-2754=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-2754=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * opensc-debugsource-0.22.0-150600.11.6.1 * opensc-debuginfo-0.22.0-150600.11.6.1 * opensc-0.22.0-150600.11.6.1 *openSUSE Leap 15.6 (x86_64) * opensc-32bit-debuginfo-0.22.0-150600.11.6.1 * opensc-32bit-0.22.0-150600.11.6.1 * openSUSE Leap 15.6 (aarch64_ilp32) * opensc-64bit-0.22.0-150600.11.6.1 * opensc-64bit-debuginfo-0.22.0-150600.11.6.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * opensc-debugsource-0.22.0-150600.11.6.1 * opensc-debuginfo-0.22.0-150600.11.6.1 * opensc-0.22.0-150600.11.6.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * opensc-debugsource-0.22.0-150600.11.6.1 * opensc-debuginfo-0.22.0-150600.11.6.1 * opensc-0.22.0-150600.11.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5992.html * https://bugzilla.suse.com/show_bug.cgi?id=1219386 . Essential patch released for openSUSE mitigating CVE-2023-5992 concerning side-channel information exposure in opensc software tools.. opensuse security advisories,CVE 2023-5992,method of threat mitigation,moderate security issue,opensc application fix. . LinuxSecurity.com Team
* bsc#1219386 Cross-References: * CVE-2023-5992 . # Security update for opensc Announcement ID: SUSE-SU-2024:1402-2 Rating: moderate References: * bsc#1219386 Cross-References: * CVE-2023-5992 CVSS scores: * CVE-2023-5992 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N * CVE-2023-5992 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise Micro 5.5 An update that solves one vulnerability can now be installed. ## Description: This update for opensc fixes the following issues: * CVE-2023-5992: Fixed side-channel leaks while stripping encryption PKCS#1 padding (bsc#1219386) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-1402=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * opensc-0.22.0-150400.3.9.1 * opensc-debugsource-0.22.0-150400.3.9.1 * opensc-debuginfo-0.22.0-150400.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5992.html * https://bugzilla.suse.com/show_bug.cgi?id=1219386 . Important notice regarding opensc to address a moderate risk related to encryption padding vulnerabilities. Update immediately to ensure ongoing protection.. opensc update, SUSE security patch, encryption fix. . LinuxSecurity.com Team
Important: go-toolset:rhel8 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2024:1472", "synopsis": "Important: go-toolset:rhel8 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for module.golang, go-toolset, delve, module.go-toolset, module.delve, golang.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. \n\nSecurity Fix(es):\n\n* golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2262921", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2262921", "description": ""}], "cves": [{"name": "CVE-2024-1394", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-1394", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}], "references": [], "publishedAt": "2024-03-27T04:34:32.999941Z", "rpms": {"Rocky Linux 8": {"nvras": ["delve-0:1.20.2-1.module+el8.9.0+1392+c9f6376a.src.rpm", "delve-0:1.20.2-1.module+el8.9.0+1392+c9f6376a.x86_64.rpm", "delve-debuginfo-0:1.20.2-1.module+el8.9.0+1392+c9f6376a.x86_64.rpm", "delve-debugsource-0:1.20.2-1.module+el8.9.0+1392+c9f6376a.x86_64.rpm", "golang-0:1.20.12-3.module+el8.9.0+1764+12d15796.aarch64.rpm", "golang-0:1.20.12-3.module+el8.9.0+1764+12d15796.src.rpm", "golang-0:1.20.12-3.module+el8.9.0+1764+12d15796.x86_64.rpm", "golang-bin-0:1.20.12-3.module+el8.9.0+1764+12d15796.aarch64.rpm", "golang-bin-0:1.20.12-3.module+el8.9.0+1764+12d15796.x86_64.rpm","golang-docs-0:1.20.12-3.module+el8.9.0+1764+12d15796.noarch.rpm", "golang-misc-0:1.20.12-3.module+el8.9.0+1764+12d15796.noarch.rpm", "golang-src-0:1.20.12-3.module+el8.9.0+1764+12d15796.noarch.rpm", "golang-tests-0:1.20.12-3.module+el8.9.0+1764+12d15796.noarch.rpm", "go-toolset-0:1.20.12-1.module+el8.9.0+1725+0ed4fa7f.aarch64.rpm", "go-toolset-0:1.20.12-1.module+el8.9.0+1725+0ed4fa7f.src.rpm", "go-toolset-0:1.20.12-1.module+el8.9.0+1725+0ed4fa7f.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Crucial go-toolset enhancement for Rocky Linux 8 tackles memory leak vulnerabilities in RSA payload encryption processes.. Go Toolset Update, Rocky Linux Advisory, Memory Leak Fix. . Severity: Important. LinuxSecurity.com Team
AES-SIV implementation ignores empty associated data entries. (CVE-2023-2975) Excessive time spent checking DH keys and parameters. (CVE-2023-3446) . MGASA-2023-0253 - Updated openssl packages fix security vulnerability Publication date: 11 Sep 2023 URL: https://advisories.mageia.org/MGASA-2023-0253.html Type: security Affected Mageia releases: 8, 9 CVE: CVE-2023-2975, CVE-2023-3446, CVE-2023-3817 AES-SIV implementation ignores empty associated data entries. (CVE-2023-2975) Excessive time spent checking DH keys and parameters. (CVE-2023-3446) Excessive time spent checking DH q parameter value. (CVE-2023-3817) References: - https://bugs.mageia.org/show_bug.cgi?id=32112 - https://openssl-library.org/news/secadv/20230714.txt - https://openssl-library.org/news/secadv/20230719.txt - https://openssl-library.org/news/secadv/20230731.txt - https://www.cve.org/CVERecord?id=CVE-2023-2975 - https://www.cve.org/CVERecord?id=CVE-2023-3446 - https://www.cve.org/CVERecord?id=CVE-2023-3817 SRPMS: - 8/core/openssl-1.1.1v-1.mga8 - 9/core/openssl-3.0.10-1.mga9 . The latest version of OpenSSL packages available for Mageia mitigates serious security flaws identified in CVEs released on September 11, 2023.. OpenSSL Update, Mageia Security, Encryption Issues. . LinuxSecurity.com Team
- Update moby-engine to 24.0.5 - Security fix for CVE-2021-41803 - Security fix for CVE-2023-28842 - Security fix for CVE-2023-28841 - Security fix for CVE-2023-28840 - Security fix for CVE-2023-0845 - Security fix for CVE-2023-26054 - Security fix for CVE-2022-3064 - Security fix for CVE-2022-40716 - Security fix for CVE-2023-25173 ---- Update moby-engine to. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-cf3551046d 2023-09-05 00:46:10.109475 -------------------------------------------------------------------------------- Name : moby-engine Product : Fedora 37 Version : 24.0.5 Release : 1.fc37 URL : https://www.docker.com Summary : The open-source application container engine Description : Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance and everything in between - and they don't require you to use a particular language, framework or packaging system. That makes them great building blocks for deploying and scaling web apps, databases, and backend services without depending on a particular stack or provider. -------------------------------------------------------------------------------- Update Information: - Update moby-engine to 24.0.5 - Security fix for CVE-2021-41803 - Security fix for CVE-2023-28842 - Security fix for CVE-2023-28841 - Security fix for CVE-2023-28840 - Security fix for CVE-2023-0845 - Security fix for CVE-2023-26054 - Security fix for CVE-2022-3064 - Security fix for CVE-2022-40716 - Security fix for CVE-2023-25173 ---- Update moby-engine to 23.0.4 -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 23 2023 LuK1337 - 24.0.5-1 - Update moby-engine to 24.0.5 * Thu Jul 20 2023 Fedora ReleaseEngineering - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2156860 - CVE-2022-40716 consul: Consul Service Mesh Intention Bypass with Malicious Certificate Signing Request https://bugzilla.redhat.com/show_bug.cgi?id=2156860 [ 2 ] Bug #2163037 - CVE-2022-3064 go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents https://bugzilla.redhat.com/show_bug.cgi?id=2163037 [ 3 ] Bug #2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly https://bugzilla.redhat.com/show_bug.cgi?id=2174485 [ 4 ] Bug #2176447 - CVE-2023-26054 buildkit: Data disclosure in provenance attestation describing a build https://bugzilla.redhat.com/show_bug.cgi?id=2176447 [ 5 ] Bug #2177595 - CVE-2023-0845 hashicorp/consul: Consul Server Panic when Ingress and API Gateways Configured with Peering Connections https://bugzilla.redhat.com/show_bug.cgi?id=2177595 [ 6 ] Bug #2184683 - CVE-2023-28840 moby: Encrypted overlay network may be unauthenticated https://bugzilla.redhat.com/show_bug.cgi?id=2184683 [ 7 ] Bug #2184685 - CVE-2023-28841 moby: Encrypted overlay network traffic may be unencrypted https://bugzilla.redhat.com/show_bug.cgi?id=2184685 [ 8 ] Bug #2184688 - CVE-2023-28842 moby: Encrypted overlay network with a single endpoint is unauthenticated https://bugzilla.redhat.com/show_bug.cgi?id=2184688 [ 9 ] Bug #2189788 - CVE-2021-41803 consul: Consul Auto-Config JWT Authorization Missing Input Validation https://bugzilla.redhat.com/show_bug.cgi?id=2189788 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-cf3551046d' at the command line. For more information, refer to the dnf documentation availableat https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Important: mod_auth_openidc:2.3 security update . {"type":"TYPE_SECURITY","shortCode":"RL","name":"RLSA-2023:4418","synopsis":"Important: mod_auth_openidc:2.3 security update","severity":"SEVERITY_IMPORTANT","topic":"An update is available for module.mod_auth_openidc, cjose, module.cjose, mod_auth_openidc.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list","description":"The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and\/or OAuth 2.0 Resource Server. \n\nSecurity Fix(es):\n\n* cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE (CVE-2023-37464)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","solution":null,"affectedProducts":["Rocky Linux 8"],"fixes":[{"ticket":"2223295","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2223295","description":""}],"cves":[{"name":"CVE-2023-37464","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-37464","cvss3ScoringVector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:H\/A:N","cvss3BaseScore":"7.5","cwe":"CWE-327"}],"references":[],"publishedAt":"2023-08-08T12:34:39.911838Z","rpms":{"Rocky Linux8":{"nvras":["cjose-0:0.6.1-3.module+el8.8.0+1406+4a7f5371.aarch64.rpm","cjose-0:0.6.1-3.module+el8.8.0+1406+4a7f5371.src.rpm","cjose-debuginfo-0:0.6.1-3.module+el8.8.0+1406+4a7f5371.aarch64.rpm","cjose-debugsource-0:0.6.1-3.module+el8.8.0+1406+4a7f5371.aarch64.rpm","cjose-devel-0:0.6.1-3.module+el8.8.0+1406+4a7f5371.aarch64.rpm","mod_auth_openidc-0:2.4.9.4-1.module+el8.7.0+1061+55d14382.aarch64.rpm","mod_auth_openidc-0:2.4.9.4-1.module+el8.7.0+1061+55d14382.src.rpm","mod_auth_openidc-debuginfo-0:2.4.9.4-1.module+el8.7.0+1061+55d14382.aarch64.rpm","mod_auth_openidc-debugsource-0:2.4.9.4-1.module+el8.7.0+1061+55d14382.aarch64.rpm","cjose-0:0.6.1-3.module+el8.8.0+1406+4a7f5371.x86_64.rpm","cjose-debuginfo-0:0.6.1-3.module+el8.8.0+1406+4a7f5371.x86_64.rpm","cjose-debugsource-0:0.6.1-3.module+el8.8.0+1406+4a7f5371.x86_64.rpm","cjose-devel-0:0.6.1-3.module+el8.8.0+1406+4a7f5371.x86_64.rpm","mod_auth_openidc-0:2.4.9.4-1.module+el8.7.0+1061+55d14382.x86_64.rpm","mod_auth_openidc-debuginfo-0:2.4.9.4-1.module+el8.7.0+1061+55d14382.x86_64.rpm","mod_auth_openidc-debugsource-0:2.4.9.4-1.module+el8.7.0+1061+55d14382.x86_64.rpm"]}},"rebootSuggested":false,"buildReferences":[]} . AlmaLinux 8 reveals significant security patch for mod_auth_openidc tackling encryption vulnerabilities and addressing critical bugs.. mod_auth_openidc Security Update,Rocky Linux Authentication Module,Authentication Fix. . Severity: Important. LinuxSecurity.com Team
New gnutls packages are available for Slackware 15.0 and -current to fix a security issue. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] gnutls (SSA:2023-041-01) New gnutls packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/gnutls-3.7.9-i586-1_slack15.0.txz: Upgraded. libgnutls: Fix a Bleichenbacher oracle in the TLS RSA key exchange. Reported by Hubert Kario (#1050). Fix developed by Alexander Sosedkin. [GNUTLS-SA-2020-07-14, CVSS: medium] [CVE-2023-0361] For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-0361 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 15.0: Updated package for Slackware x86_64 15.0: Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 15.0 package: f0bb05675f86daacb3237b3c556feb23 gnutls-3.7.9-i586-1_slack15.0.txz Slackware x86_64 15.0 package: 961c775b882edf5a7c38e153900c02d1 gnutls-3.7.9-x86_64-1_slack15.0.txz Slackware -current package: ce3a1923420762c2fe874f4b3582b7a0 n/gnutls-3.7.9-i586-1.txz Slackware x86_64 -current package: e3c7d9a173ad43f3ccca8834546e4351 n/gnutls-3.7.9-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg gnutls-3.7.9-i586-1_slack15.0.txz +-----+ . Updated gnutls versions released for Slackware to mitigate a medium-risk TLS vulnerability and improve encryption reliability.. gnutls security, Slackware update, TLS encryption, security package upgrade, open source security. . Severity:Medium. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.