Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 59 articles for you...
100

SUSE Linux Micro 6.0 Kernel RT Critical xfrm Security Advisory 2026-21652-1

An update that solves one vulnerability can now be installed.. # Security update for the Linux Kernel RT (Live Patch 8 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21652-1 Release Date: 2026-05-14T06:30:06Z Rating: important References: * bsc#1264459 Cross-References: * CVE-2026-43284 CVSS scores: * CVE-2026-43284 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43284 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-31.1 fixes one security issue The following security issue was fixed: * CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags (bsc#1264459). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-403=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_8-debugsource-17-1.2 * kernel-livepatch-6_4_0-31-rt-17-1.2 * kernel-livepatch-6_4_0-31-rt-debuginfo-17-1.2 ## References: * https://www.suse.com/security/cve/CVE-2026-43284.html * https://bugzilla.suse.com/show_bug.cgi?id=1264459 . SUSE Linux Micro 6.0 Update addresses important xfrm encryption issue via Live Patch.. SUSE Linux Micro, Kernel RT Update, Security Update, xfrm Issue. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 19, 2026 Important SuSE
202

openSUSE 15.6: Security Advisory SUSE-2025:02754-1 for opensc CVE-2023-5992

An update that solves one vulnerability can now be installed.. # Security update for opensc Announcement ID: SUSE-SU-2025:02754-1 Release Date: 2025-08-12T07:35:15Z Rating: moderate References: * bsc#1219386 Cross-References: * CVE-2023-5992 CVSS scores: * CVE-2023-5992 ( SUSE ): 4.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2023-5992 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N * CVE-2023-5992 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-5992 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * Basesystem Module 15-SP6 * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for opensc fixes the following issues: * CVE-2023-5992: Fixed side-channel leaks while stripping encryption PKCS#1 padding (bsc#1219386). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-2754=1 openSUSE-SLE-15.6-2025-2754=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-2754=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-2754=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * opensc-debugsource-0.22.0-150600.11.6.1 * opensc-debuginfo-0.22.0-150600.11.6.1 * opensc-0.22.0-150600.11.6.1 *openSUSE Leap 15.6 (x86_64) * opensc-32bit-debuginfo-0.22.0-150600.11.6.1 * opensc-32bit-0.22.0-150600.11.6.1 * openSUSE Leap 15.6 (aarch64_ilp32) * opensc-64bit-0.22.0-150600.11.6.1 * opensc-64bit-debuginfo-0.22.0-150600.11.6.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * opensc-debugsource-0.22.0-150600.11.6.1 * opensc-debuginfo-0.22.0-150600.11.6.1 * opensc-0.22.0-150600.11.6.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * opensc-debugsource-0.22.0-150600.11.6.1 * opensc-debuginfo-0.22.0-150600.11.6.1 * opensc-0.22.0-150600.11.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5992.html * https://bugzilla.suse.com/show_bug.cgi?id=1219386 . Essential patch released for openSUSE mitigating CVE-2023-5992 concerning side-channel information exposure in opensc software tools.. opensuse security advisories,CVE 2023-5992,method of threat mitigation,moderate security issue,opensc application fix. . LinuxSecurity.com Team

Calendar%202 Aug 12, 2025 OpenSUSE
100

SUSE: 2024:1402-2 Moderate: OpenSC Side-Channel Leak Mitigation

* bsc#1219386 Cross-References: * CVE-2023-5992 . # Security update for opensc Announcement ID: SUSE-SU-2024:1402-2 Rating: moderate References: * bsc#1219386 Cross-References: * CVE-2023-5992 CVSS scores: * CVE-2023-5992 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N * CVE-2023-5992 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise Micro 5.5 An update that solves one vulnerability can now be installed. ## Description: This update for opensc fixes the following issues: * CVE-2023-5992: Fixed side-channel leaks while stripping encryption PKCS#1 padding (bsc#1219386) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-1402=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * opensc-0.22.0-150400.3.9.1 * opensc-debugsource-0.22.0-150400.3.9.1 * opensc-debuginfo-0.22.0-150400.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5992.html * https://bugzilla.suse.com/show_bug.cgi?id=1219386 . Important notice regarding opensc to address a moderate risk related to encryption padding vulnerabilities. Update immediately to ensure ongoing protection.. opensc update, SUSE security patch, encryption fix. . LinuxSecurity.com Team

Calendar%202 Aug 01, 2024 SuSE
219

Rocky Linux 8 RLSA-2024:1472 Important Go Toolset Memory Leak Fix

Important: go-toolset:rhel8 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2024:1472", "synopsis": "Important: go-toolset:rhel8 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for module.golang, go-toolset, delve, module.go-toolset, module.delve, golang.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. \n\nSecurity Fix(es):\n\n* golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2262921", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2262921", "description": ""}], "cves": [{"name": "CVE-2024-1394", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-1394", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}], "references": [], "publishedAt": "2024-03-27T04:34:32.999941Z", "rpms": {"Rocky Linux 8": {"nvras": ["delve-0:1.20.2-1.module+el8.9.0+1392+c9f6376a.src.rpm", "delve-0:1.20.2-1.module+el8.9.0+1392+c9f6376a.x86_64.rpm", "delve-debuginfo-0:1.20.2-1.module+el8.9.0+1392+c9f6376a.x86_64.rpm", "delve-debugsource-0:1.20.2-1.module+el8.9.0+1392+c9f6376a.x86_64.rpm", "golang-0:1.20.12-3.module+el8.9.0+1764+12d15796.aarch64.rpm", "golang-0:1.20.12-3.module+el8.9.0+1764+12d15796.src.rpm", "golang-0:1.20.12-3.module+el8.9.0+1764+12d15796.x86_64.rpm", "golang-bin-0:1.20.12-3.module+el8.9.0+1764+12d15796.aarch64.rpm", "golang-bin-0:1.20.12-3.module+el8.9.0+1764+12d15796.x86_64.rpm","golang-docs-0:1.20.12-3.module+el8.9.0+1764+12d15796.noarch.rpm", "golang-misc-0:1.20.12-3.module+el8.9.0+1764+12d15796.noarch.rpm", "golang-src-0:1.20.12-3.module+el8.9.0+1764+12d15796.noarch.rpm", "golang-tests-0:1.20.12-3.module+el8.9.0+1764+12d15796.noarch.rpm", "go-toolset-0:1.20.12-1.module+el8.9.0+1725+0ed4fa7f.aarch64.rpm", "go-toolset-0:1.20.12-1.module+el8.9.0+1725+0ed4fa7f.src.rpm", "go-toolset-0:1.20.12-1.module+el8.9.0+1725+0ed4fa7f.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Crucial go-toolset enhancement for Rocky Linux 8 tackles memory leak vulnerabilities in RSA payload encryption processes.. Go Toolset Update, Rocky Linux Advisory, Memory Leak Fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Mar 27, 2024 Important Rocky Linux
203

Mageia 8 & 9: MGASA-2023-0253 Moderate: OpenSSL Excessive Check Issues

AES-SIV implementation ignores empty associated data entries. (CVE-2023-2975) Excessive time spent checking DH keys and parameters. (CVE-2023-3446) . MGASA-2023-0253 - Updated openssl packages fix security vulnerability Publication date: 11 Sep 2023 URL: https://advisories.mageia.org/MGASA-2023-0253.html Type: security Affected Mageia releases: 8, 9 CVE: CVE-2023-2975, CVE-2023-3446, CVE-2023-3817 AES-SIV implementation ignores empty associated data entries. (CVE-2023-2975) Excessive time spent checking DH keys and parameters. (CVE-2023-3446) Excessive time spent checking DH q parameter value. (CVE-2023-3817) References: - https://bugs.mageia.org/show_bug.cgi?id=32112 - https://openssl-library.org/news/secadv/20230714.txt - https://openssl-library.org/news/secadv/20230719.txt - https://openssl-library.org/news/secadv/20230731.txt - https://www.cve.org/CVERecord?id=CVE-2023-2975 - https://www.cve.org/CVERecord?id=CVE-2023-3446 - https://www.cve.org/CVERecord?id=CVE-2023-3817 SRPMS: - 8/core/openssl-1.1.1v-1.mga8 - 9/core/openssl-3.0.10-1.mga9 . The latest version of OpenSSL packages available for Mageia mitigates serious security flaws identified in CVEs released on September 11, 2023.. OpenSSL Update, Mageia Security, Encryption Issues. . LinuxSecurity.com Team

Calendar%202 Sep 11, 2023 Mageia
89

Fedora 37: FEDORA-2023-cf3551046d Critical: Moby-Engine Security Fixes

- Update moby-engine to 24.0.5 - Security fix for CVE-2021-41803 - Security fix for CVE-2023-28842 - Security fix for CVE-2023-28841 - Security fix for CVE-2023-28840 - Security fix for CVE-2023-0845 - Security fix for CVE-2023-26054 - Security fix for CVE-2022-3064 - Security fix for CVE-2022-40716 - Security fix for CVE-2023-25173 ---- Update moby-engine to. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-cf3551046d 2023-09-05 00:46:10.109475 -------------------------------------------------------------------------------- Name : moby-engine Product : Fedora 37 Version : 24.0.5 Release : 1.fc37 URL : https://www.docker.com Summary : The open-source application container engine Description : Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance and everything in between - and they don't require you to use a particular language, framework or packaging system. That makes them great building blocks for deploying and scaling web apps, databases, and backend services without depending on a particular stack or provider. -------------------------------------------------------------------------------- Update Information: - Update moby-engine to 24.0.5 - Security fix for CVE-2021-41803 - Security fix for CVE-2023-28842 - Security fix for CVE-2023-28841 - Security fix for CVE-2023-28840 - Security fix for CVE-2023-0845 - Security fix for CVE-2023-26054 - Security fix for CVE-2022-3064 - Security fix for CVE-2022-40716 - Security fix for CVE-2023-25173 ---- Update moby-engine to 23.0.4 -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 23 2023 LuK1337 - 24.0.5-1 - Update moby-engine to 24.0.5 * Thu Jul 20 2023 Fedora ReleaseEngineering - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2156860 - CVE-2022-40716 consul: Consul Service Mesh Intention Bypass with Malicious Certificate Signing Request https://bugzilla.redhat.com/show_bug.cgi?id=2156860 [ 2 ] Bug #2163037 - CVE-2022-3064 go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents https://bugzilla.redhat.com/show_bug.cgi?id=2163037 [ 3 ] Bug #2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly https://bugzilla.redhat.com/show_bug.cgi?id=2174485 [ 4 ] Bug #2176447 - CVE-2023-26054 buildkit: Data disclosure in provenance attestation describing a build https://bugzilla.redhat.com/show_bug.cgi?id=2176447 [ 5 ] Bug #2177595 - CVE-2023-0845 hashicorp/consul: Consul Server Panic when Ingress and API Gateways Configured with Peering Connections https://bugzilla.redhat.com/show_bug.cgi?id=2177595 [ 6 ] Bug #2184683 - CVE-2023-28840 moby: Encrypted overlay network may be unauthenticated https://bugzilla.redhat.com/show_bug.cgi?id=2184683 [ 7 ] Bug #2184685 - CVE-2023-28841 moby: Encrypted overlay network traffic may be unencrypted https://bugzilla.redhat.com/show_bug.cgi?id=2184685 [ 8 ] Bug #2184688 - CVE-2023-28842 moby: Encrypted overlay network with a single endpoint is unauthenticated https://bugzilla.redhat.com/show_bug.cgi?id=2184688 [ 9 ] Bug #2189788 - CVE-2021-41803 consul: Consul Auto-Config JWT Authorization Missing Input Validation https://bugzilla.redhat.com/show_bug.cgi?id=2189788 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-cf3551046d' at the command line. For more information, refer to the dnf documentation availableat https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Enhancements for moby-framework feature several crucial security patches addressing networking and encryption protocols within containerized environments.. Fedora 37 Updates, Moby Engine Security, Docker Container Fixes, Critical Security Patches. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Sep 05, 2023 Critical Fedora
219

Rocky Linux 8 RLSA-2023:4419 Critical: mod_security Enhancement Update

Important: mod_auth_openidc:2.3 security update . {"type":"TYPE_SECURITY","shortCode":"RL","name":"RLSA-2023:4418","synopsis":"Important: mod_auth_openidc:2.3 security update","severity":"SEVERITY_IMPORTANT","topic":"An update is available for module.mod_auth_openidc, cjose, module.cjose, mod_auth_openidc.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list","description":"The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and\/or OAuth 2.0 Resource Server. \n\nSecurity Fix(es):\n\n* cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE (CVE-2023-37464)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","solution":null,"affectedProducts":["Rocky Linux 8"],"fixes":[{"ticket":"2223295","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2223295","description":""}],"cves":[{"name":"CVE-2023-37464","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-37464","cvss3ScoringVector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:H\/A:N","cvss3BaseScore":"7.5","cwe":"CWE-327"}],"references":[],"publishedAt":"2023-08-08T12:34:39.911838Z","rpms":{"Rocky Linux8":{"nvras":["cjose-0:0.6.1-3.module+el8.8.0+1406+4a7f5371.aarch64.rpm","cjose-0:0.6.1-3.module+el8.8.0+1406+4a7f5371.src.rpm","cjose-debuginfo-0:0.6.1-3.module+el8.8.0+1406+4a7f5371.aarch64.rpm","cjose-debugsource-0:0.6.1-3.module+el8.8.0+1406+4a7f5371.aarch64.rpm","cjose-devel-0:0.6.1-3.module+el8.8.0+1406+4a7f5371.aarch64.rpm","mod_auth_openidc-0:2.4.9.4-1.module+el8.7.0+1061+55d14382.aarch64.rpm","mod_auth_openidc-0:2.4.9.4-1.module+el8.7.0+1061+55d14382.src.rpm","mod_auth_openidc-debuginfo-0:2.4.9.4-1.module+el8.7.0+1061+55d14382.aarch64.rpm","mod_auth_openidc-debugsource-0:2.4.9.4-1.module+el8.7.0+1061+55d14382.aarch64.rpm","cjose-0:0.6.1-3.module+el8.8.0+1406+4a7f5371.x86_64.rpm","cjose-debuginfo-0:0.6.1-3.module+el8.8.0+1406+4a7f5371.x86_64.rpm","cjose-debugsource-0:0.6.1-3.module+el8.8.0+1406+4a7f5371.x86_64.rpm","cjose-devel-0:0.6.1-3.module+el8.8.0+1406+4a7f5371.x86_64.rpm","mod_auth_openidc-0:2.4.9.4-1.module+el8.7.0+1061+55d14382.x86_64.rpm","mod_auth_openidc-debuginfo-0:2.4.9.4-1.module+el8.7.0+1061+55d14382.x86_64.rpm","mod_auth_openidc-debugsource-0:2.4.9.4-1.module+el8.7.0+1061+55d14382.x86_64.rpm"]}},"rebootSuggested":false,"buildReferences":[]} . AlmaLinux 8 reveals significant security patch for mod_auth_openidc tackling encryption vulnerabilities and addressing critical bugs.. mod_auth_openidc Security Update,Rocky Linux Authentication Module,Authentication Fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Aug 08, 2023 Important Rocky Linux
99

Slackware 15.0: 2023-041-01 Medium: Gnutls TLS Oracle Fix

New gnutls packages are available for Slackware 15.0 and -current to fix a security issue. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] gnutls (SSA:2023-041-01) New gnutls packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/gnutls-3.7.9-i586-1_slack15.0.txz: Upgraded. libgnutls: Fix a Bleichenbacher oracle in the TLS RSA key exchange. Reported by Hubert Kario (#1050). Fix developed by Alexander Sosedkin. [GNUTLS-SA-2020-07-14, CVSS: medium] [CVE-2023-0361] For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-0361 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 15.0: Updated package for Slackware x86_64 15.0: Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 15.0 package: f0bb05675f86daacb3237b3c556feb23 gnutls-3.7.9-i586-1_slack15.0.txz Slackware x86_64 15.0 package: 961c775b882edf5a7c38e153900c02d1 gnutls-3.7.9-x86_64-1_slack15.0.txz Slackware -current package: ce3a1923420762c2fe874f4b3582b7a0 n/gnutls-3.7.9-i586-1.txz Slackware x86_64 -current package: e3c7d9a173ad43f3ccca8834546e4351 n/gnutls-3.7.9-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg gnutls-3.7.9-i586-1_slack15.0.txz +-----+ . Updated gnutls versions released for Slackware to mitigate a medium-risk TLS vulnerability and improve encryption reliability.. gnutls security, Slackware update, TLS encryption, security package upgrade, open source security. . Severity:Medium. LinuxSecurity.com Team

Calendar%202 Feb 10, 2023 Medium Slackware
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200