Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 2 articles for you...
197
security advisorybuffer overflowdebianDebian 11: DLA-4052-2 moderate: PostgreSQL 13 buffer overflow fix
The fix for CVE-2025-1094 included an error that caused the PQescapeLiteral and PQescapeIdentifier methods to ignore their length parameter, reading until the null terminating byte instead. That could cause unintended characters to be included on the output, . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4052-2
Feb 21, 2025
Debian LTS
89
security advisorysecurity issuelocal privilege escalationFedora 40 Security Advisory: perl-Module-ScanDeps Critical Local Escalation
1.37 - fix parsing of "use if ..." Fixes errors in PAR::Packer test t/90-rt59710.t - add test for _parse_libs() 1.36. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-8adf4a4b24 2024-11-28 02:44:05.515391+00:00 -------------------------------------------------------------------------------- Name : perl-Module-ScanDeps Product : Fedora 40 Version : 1.37 Release : 1.fc40 URL : https://metacpan.org/dist/Module-ScanDeps Summary : Recursively scan Perl code for dependencies Description : This module scans potential modules used by perl programs and returns a hash reference. Its keys are the module names as they appear in %INC (e.g. Test/More.pm). The values are hash references. -------------------------------------------------------------------------------- Update Information: 1.37 - fix parsing of "use if ..." Fixes errors in PAR::Packer test t/90-rt59710.t - add test for _parse_libs() 1.36 - Fix CVE-2024-10224: Unsanitized input leads to LPE - use three-argument open() - replace 'eval "..."' constructs Note: this version was not released on CPAN because of Coordinated Release Date for CVE - README: add "Source Repository" and "Contact" info switch "Please submit bug reports to ..." to GitHub issues - add preload rule for MooX::HandlesVia cf. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 20 2024 Jitka Plesnikova - 1.37-1 - 1.37 bump (rhbz#2327393); Fix CVE-2024-10224 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2327529 - CVE-2024-10224 perl-Module-ScanDeps: local privilege escalation via unsanitized input [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2327529 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c'dnf upgrade --advisory FEDORA-2024-8adf4a4b24' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Nov 28, 2024
•Critical
Fedora
203
security advisorygolangerror fixMageia 9: MGASA-2024-0217 moderate: golang zip handling issue
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors. (CVE-2024-24789) . MGASA-2024-0217 - Updated golang packages fix security vulnerabilities Publication date: 14 Jun 2024 URL: https://advisories.mageia.org/MGASA-2024-0217.html Type: security Affected Mageia releases: 9 CVE: CVE-2024-24789, CVE-2024-24790 The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors. (CVE-2024-24789) The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. (CVE-2024-24790) References: - https://bugs.mageia.org/show_bug.cgi?id=33269 - https://www.openwall.com/lists/oss-security/2024/06/04/1 - https://www.cve.org/CVERecord?id=CVE-2024-24789 - https://www.cve.org/CVERecord?id=CVE-2024-24790 SRPMS: - 9/core/golang-1.21.11-1.mga9 . Mageia's MGASA-2024-0218 addresses vulnerabilities in golang packages related to improper zip file management, enhancing overall security.. Golang Security, Mageia Updates, Zip File Handling. . LinuxSecurity.com Team
Jun 14, 2024
Mageia
100
security advisorysecurity updatehigh severitySUSE 15-SP2 Important QEMU Security Update: Critical Buffer Overflow Fix
An update that solves 5 vulnerabilities and has one errata is now available. . SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3594-1 Rating: important References: #1175144 #1182282 #1192115 #1198035 #1198037 #1198038 Cross-References: CVE-2021-3409 CVE-2021-4206 CVE-2021-4207 CVE-2022-0216 CVE-2022-35414 CVSS scores: CVE-2021-3409 (NVD) : 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2021-3409 (SUSE): 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2021-4206 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-4206 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-4207 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-4207 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-0216 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-0216 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-35414 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2022-35414 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 openSUSE Leap 15.3 openSUSE Leap15.4 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: This update for qemu fixes the following issues: - CVE-2021-3409: Fixed an incomplete fix for CVE-2020-17380 and CVE-2020-25085 in sdhi controller. (bsc#1182282) - CVE-2021-4206: Fixed an integer overflow in cursor_alloc which can lead to heap buffer overflow. (bsc#1198035) - CVE-2021-4207: Fixed a double fetch in qxl_cursor ehich can lead to heap buffer overflow. (bsc#1198037) - CVE-2022-0216: Fixed a use after free issue found in hw/scsi/lsi53c895a.c. (bsc#1198038) - CVE-2022-35414: Fixed an uninitialized read during address translation that leads to a crash. (bsc#1201367) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3594=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3594=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3594=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3594=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3594=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3594=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3594=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3594=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patchSUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3594=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3594=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3594=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): qemu-s390-4.2.1-150200.69.1 qemu-s390-debuginfo-4.2.1-150200.69.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): qemu-s390-4.2.1-150200.69.1 qemu-s390-debuginfo-4.2.1-150200.69.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): qemu-4.2.1-150200.69.1 qemu-block-curl-4.2.1-150200.69.1 qemu-block-curl-debuginfo-4.2.1-150200.69.1 qemu-block-iscsi-4.2.1-150200.69.1 qemu-block-iscsi-debuginfo-4.2.1-150200.69.1 qemu-block-rbd-4.2.1-150200.69.1 qemu-block-rbd-debuginfo-4.2.1-150200.69.1 qemu-block-ssh-4.2.1-150200.69.1 qemu-block-ssh-debuginfo-4.2.1-150200.69.1 qemu-debuginfo-4.2.1-150200.69.1 qemu-debugsource-4.2.1-150200.69.1 qemu-guest-agent-4.2.1-150200.69.1 qemu-guest-agent-debuginfo-4.2.1-150200.69.1 qemu-lang-4.2.1-150200.69.1 qemu-tools-4.2.1-150200.69.1 qemu-tools-debuginfo-4.2.1-150200.69.1 qemu-ui-spice-app-4.2.1-150200.69.1 qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1 - SUSE Manager Server 4.1 (s390x x86_64): qemu-kvm-4.2.1-150200.69.1 - SUSE Manager Server 4.1 (ppc64le): qemu-ppc-4.2.1-150200.69.1 qemu-ppc-debuginfo-4.2.1-150200.69.1 - SUSE Manager Server 4.1 (noarch): qemu-ipxe-1.0.0+-150200.69.1 qemu-microvm-4.2.1-150200.69.1 qemu-seabios-1.12.1+-150200.69.1 qemu-sgabios-8-150200.69.1 qemu-vgabios-1.12.1+-150200.69.1 - SUSE Manager Server 4.1 (x86_64): qemu-audio-alsa-4.2.1-150200.69.1 qemu-audio-alsa-debuginfo-4.2.1-150200.69.1 qemu-audio-pa-4.2.1-150200.69.1 qemu-audio-pa-debuginfo-4.2.1-150200.69.1 qemu-ui-curses-4.2.1-150200.69.1 qemu-ui-curses-debuginfo-4.2.1-150200.69.1 qemu-ui-gtk-4.2.1-150200.69.1 qemu-ui-gtk-debuginfo-4.2.1-150200.69.1 qemu-x86-4.2.1-150200.69.1 qemu-x86-debuginfo-4.2.1-150200.69.1 - SUSE Manager Server 4.1 (s390x): qemu-s390-4.2.1-150200.69.1 qemu-s390-debuginfo-4.2.1-150200.69.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): qemu-4.2.1-150200.69.1 qemu-audio-alsa-4.2.1-150200.69.1 qemu-audio-alsa-debuginfo-4.2.1-150200.69.1 qemu-audio-pa-4.2.1-150200.69.1 qemu-audio-pa-debuginfo-4.2.1-150200.69.1 qemu-block-curl-4.2.1-150200.69.1 qemu-block-curl-debuginfo-4.2.1-150200.69.1 qemu-block-iscsi-4.2.1-150200.69.1 qemu-block-iscsi-debuginfo-4.2.1-150200.69.1 qemu-block-rbd-4.2.1-150200.69.1 qemu-block-rbd-debuginfo-4.2.1-150200.69.1 qemu-block-ssh-4.2.1-150200.69.1 qemu-block-ssh-debuginfo-4.2.1-150200.69.1 qemu-debuginfo-4.2.1-150200.69.1 qemu-debugsource-4.2.1-150200.69.1 qemu-guest-agent-4.2.1-150200.69.1 qemu-guest-agent-debuginfo-4.2.1-150200.69.1 qemu-kvm-4.2.1-150200.69.1 qemu-lang-4.2.1-150200.69.1 qemu-tools-4.2.1-150200.69.1 qemu-tools-debuginfo-4.2.1-150200.69.1 qemu-ui-curses-4.2.1-150200.69.1 qemu-ui-curses-debuginfo-4.2.1-150200.69.1 qemu-ui-gtk-4.2.1-150200.69.1 qemu-ui-gtk-debuginfo-4.2.1-150200.69.1 qemu-ui-spice-app-4.2.1-150200.69.1 qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1 qemu-x86-4.2.1-150200.69.1 qemu-x86-debuginfo-4.2.1-150200.69.1 - SUSE Manager Retail Branch Server 4.1 (noarch): qemu-ipxe-1.0.0+-150200.69.1 qemu-microvm-4.2.1-150200.69.1 qemu-seabios-1.12.1+-150200.69.1 qemu-sgabios-8-150200.69.1 qemu-vgabios-1.12.1+-150200.69.1 - SUSE Manager Proxy 4.1 (noarch): qemu-ipxe-1.0.0+-150200.69.1 qemu-microvm-4.2.1-150200.69.1 qemu-seabios-1.12.1+-150200.69.1 qemu-sgabios-8-150200.69.1 qemu-vgabios-1.12.1+-150200.69.1 - SUSE Manager Proxy 4.1 (x86_64): qemu-4.2.1-150200.69.1 qemu-audio-alsa-4.2.1-150200.69.1 qemu-audio-alsa-debuginfo-4.2.1-150200.69.1 qemu-audio-pa-4.2.1-150200.69.1 qemu-audio-pa-debuginfo-4.2.1-150200.69.1 qemu-block-curl-4.2.1-150200.69.1 qemu-block-curl-debuginfo-4.2.1-150200.69.1 qemu-block-iscsi-4.2.1-150200.69.1 qemu-block-iscsi-debuginfo-4.2.1-150200.69.1 qemu-block-rbd-4.2.1-150200.69.1 qemu-block-rbd-debuginfo-4.2.1-150200.69.1 qemu-block-ssh-4.2.1-150200.69.1 qemu-block-ssh-debuginfo-4.2.1-150200.69.1 qemu-debuginfo-4.2.1-150200.69.1 qemu-debugsource-4.2.1-150200.69.1 qemu-guest-agent-4.2.1-150200.69.1 qemu-guest-agent-debuginfo-4.2.1-150200.69.1 qemu-kvm-4.2.1-150200.69.1 qemu-lang-4.2.1-150200.69.1 qemu-tools-4.2.1-150200.69.1 qemu-tools-debuginfo-4.2.1-150200.69.1 qemu-ui-curses-4.2.1-150200.69.1 qemu-ui-curses-debuginfo-4.2.1-150200.69.1 qemu-ui-gtk-4.2.1-150200.69.1 qemu-ui-gtk-debuginfo-4.2.1-150200.69.1 qemu-ui-spice-app-4.2.1-150200.69.1 qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1 qemu-x86-4.2.1-150200.69.1 qemu-x86-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): qemu-4.2.1-150200.69.1 qemu-block-curl-4.2.1-150200.69.1 qemu-block-curl-debuginfo-4.2.1-150200.69.1 qemu-block-iscsi-4.2.1-150200.69.1 qemu-block-iscsi-debuginfo-4.2.1-150200.69.1 qemu-block-rbd-4.2.1-150200.69.1 qemu-block-rbd-debuginfo-4.2.1-150200.69.1 qemu-block-ssh-4.2.1-150200.69.1 qemu-block-ssh-debuginfo-4.2.1-150200.69.1 qemu-debuginfo-4.2.1-150200.69.1 qemu-debugsource-4.2.1-150200.69.1 qemu-guest-agent-4.2.1-150200.69.1 qemu-guest-agent-debuginfo-4.2.1-150200.69.1 qemu-lang-4.2.1-150200.69.1 qemu-tools-4.2.1-150200.69.1 qemu-tools-debuginfo-4.2.1-150200.69.1 qemu-ui-spice-app-4.2.1-150200.69.1 qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le): qemu-ppc-4.2.1-150200.69.1 qemu-ppc-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): qemu-ipxe-1.0.0+-150200.69.1 qemu-microvm-4.2.1-150200.69.1 qemu-seabios-1.12.1+-150200.69.1 qemu-sgabios-8-150200.69.1 qemu-vgabios-1.12.1+-150200.69.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): qemu-audio-alsa-4.2.1-150200.69.1 qemu-audio-alsa-debuginfo-4.2.1-150200.69.1 qemu-audio-pa-4.2.1-150200.69.1 qemu-audio-pa-debuginfo-4.2.1-150200.69.1 qemu-kvm-4.2.1-150200.69.1 qemu-ui-curses-4.2.1-150200.69.1 qemu-ui-curses-debuginfo-4.2.1-150200.69.1 qemu-ui-gtk-4.2.1-150200.69.1 qemu-ui-gtk-debuginfo-4.2.1-150200.69.1 qemu-x86-4.2.1-150200.69.1 qemu-x86-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): qemu-4.2.1-150200.69.1 qemu-block-curl-4.2.1-150200.69.1 qemu-block-curl-debuginfo-4.2.1-150200.69.1 qemu-block-iscsi-4.2.1-150200.69.1 qemu-block-iscsi-debuginfo-4.2.1-150200.69.1 qemu-block-rbd-4.2.1-150200.69.1 qemu-block-rbd-debuginfo-4.2.1-150200.69.1 qemu-block-ssh-4.2.1-150200.69.1 qemu-block-ssh-debuginfo-4.2.1-150200.69.1 qemu-debuginfo-4.2.1-150200.69.1 qemu-debugsource-4.2.1-150200.69.1 qemu-guest-agent-4.2.1-150200.69.1 qemu-guest-agent-debuginfo-4.2.1-150200.69.1 qemu-lang-4.2.1-150200.69.1 qemu-tools-4.2.1-150200.69.1 qemu-tools-debuginfo-4.2.1-150200.69.1 qemu-ui-spice-app-4.2.1-150200.69.1 qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (s390x x86_64): qemu-kvm-4.2.1-150200.69.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (ppc64le): qemu-ppc-4.2.1-150200.69.1 qemu-ppc-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64): qemu-arm-4.2.1-150200.69.1 qemu-arm-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): qemu-audio-alsa-4.2.1-150200.69.1 qemu-audio-alsa-debuginfo-4.2.1-150200.69.1 qemu-audio-pa-4.2.1-150200.69.1 qemu-audio-pa-debuginfo-4.2.1-150200.69.1 qemu-ui-curses-4.2.1-150200.69.1 qemu-ui-curses-debuginfo-4.2.1-150200.69.1 qemu-ui-gtk-4.2.1-150200.69.1 qemu-ui-gtk-debuginfo-4.2.1-150200.69.1 qemu-x86-4.2.1-150200.69.1 qemu-x86-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): qemu-ipxe-1.0.0+-150200.69.1 qemu-microvm-4.2.1-150200.69.1 qemu-seabios-1.12.1+-150200.69.1 qemu-sgabios-8-150200.69.1 qemu-vgabios-1.12.1+-150200.69.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (s390x): qemu-s390-4.2.1-150200.69.1 qemu-s390-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): qemu-4.2.1-150200.69.1 qemu-audio-alsa-4.2.1-150200.69.1 qemu-audio-alsa-debuginfo-4.2.1-150200.69.1 qemu-audio-pa-4.2.1-150200.69.1 qemu-audio-pa-debuginfo-4.2.1-150200.69.1 qemu-block-curl-4.2.1-150200.69.1 qemu-block-curl-debuginfo-4.2.1-150200.69.1 qemu-block-iscsi-4.2.1-150200.69.1 qemu-block-iscsi-debuginfo-4.2.1-150200.69.1 qemu-block-rbd-4.2.1-150200.69.1 qemu-block-rbd-debuginfo-4.2.1-150200.69.1 qemu-block-ssh-4.2.1-150200.69.1 qemu-block-ssh-debuginfo-4.2.1-150200.69.1 qemu-debuginfo-4.2.1-150200.69.1 qemu-debugsource-4.2.1-150200.69.1 qemu-guest-agent-4.2.1-150200.69.1 qemu-guest-agent-debuginfo-4.2.1-150200.69.1 qemu-kvm-4.2.1-150200.69.1 qemu-lang-4.2.1-150200.69.1 qemu-tools-4.2.1-150200.69.1 qemu-tools-debuginfo-4.2.1-150200.69.1 qemu-ui-curses-4.2.1-150200.69.1 qemu-ui-curses-debuginfo-4.2.1-150200.69.1 qemu-ui-gtk-4.2.1-150200.69.1 qemu-ui-gtk-debuginfo-4.2.1-150200.69.1 qemu-ui-spice-app-4.2.1-150200.69.1 qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1 qemu-x86-4.2.1-150200.69.1 qemu-x86-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): qemu-ipxe-1.0.0+-150200.69.1 qemu-microvm-4.2.1-150200.69.1 qemu-seabios-1.12.1+-150200.69.1 qemu-sgabios-8-150200.69.1 qemu-vgabios-1.12.1+-150200.69.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): qemu-4.2.1-150200.69.1 qemu-block-curl-4.2.1-150200.69.1 qemu-block-curl-debuginfo-4.2.1-150200.69.1 qemu-block-iscsi-4.2.1-150200.69.1 qemu-block-iscsi-debuginfo-4.2.1-150200.69.1 qemu-block-rbd-4.2.1-150200.69.1 qemu-block-rbd-debuginfo-4.2.1-150200.69.1 qemu-block-ssh-4.2.1-150200.69.1 qemu-block-ssh-debuginfo-4.2.1-150200.69.1 qemu-debuginfo-4.2.1-150200.69.1 qemu-debugsource-4.2.1-150200.69.1 qemu-guest-agent-4.2.1-150200.69.1 qemu-guest-agent-debuginfo-4.2.1-150200.69.1 qemu-lang-4.2.1-150200.69.1 qemu-tools-4.2.1-150200.69.1 qemu-tools-debuginfo-4.2.1-150200.69.1 qemu-ui-spice-app-4.2.1-150200.69.1 qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64): qemu-arm-4.2.1-150200.69.1 qemu-arm-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): qemu-ipxe-1.0.0+-150200.69.1 qemu-microvm-4.2.1-150200.69.1 qemu-seabios-1.12.1+-150200.69.1 qemu-sgabios-8-150200.69.1 qemu-vgabios-1.12.1+-150200.69.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): qemu-audio-alsa-4.2.1-150200.69.1 qemu-audio-alsa-debuginfo-4.2.1-150200.69.1 qemu-audio-pa-4.2.1-150200.69.1 qemu-audio-pa-debuginfo-4.2.1-150200.69.1 qemu-kvm-4.2.1-150200.69.1 qemu-ui-curses-4.2.1-150200.69.1 qemu-ui-curses-debuginfo-4.2.1-150200.69.1 qemu-ui-gtk-4.2.1-150200.69.1 qemu-ui-gtk-debuginfo-4.2.1-150200.69.1 qemu-x86-4.2.1-150200.69.1 qemu-x86-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): qemu-4.2.1-150200.69.1 qemu-block-curl-4.2.1-150200.69.1 qemu-block-curl-debuginfo-4.2.1-150200.69.1 qemu-block-iscsi-4.2.1-150200.69.1 qemu-block-iscsi-debuginfo-4.2.1-150200.69.1 qemu-block-rbd-4.2.1-150200.69.1 qemu-block-rbd-debuginfo-4.2.1-150200.69.1 qemu-block-ssh-4.2.1-150200.69.1 qemu-block-ssh-debuginfo-4.2.1-150200.69.1 qemu-debuginfo-4.2.1-150200.69.1 qemu-debugsource-4.2.1-150200.69.1 qemu-guest-agent-4.2.1-150200.69.1 qemu-guest-agent-debuginfo-4.2.1-150200.69.1 qemu-lang-4.2.1-150200.69.1 qemu-tools-4.2.1-150200.69.1 qemu-tools-debuginfo-4.2.1-150200.69.1 qemu-ui-spice-app-4.2.1-150200.69.1 qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64): qemu-arm-4.2.1-150200.69.1 qemu-arm-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): qemu-ipxe-1.0.0+-150200.69.1 qemu-microvm-4.2.1-150200.69.1 qemu-seabios-1.12.1+-150200.69.1 qemu-sgabios-8-150200.69.1 qemu-vgabios-1.12.1+-150200.69.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): qemu-audio-alsa-4.2.1-150200.69.1 qemu-audio-alsa-debuginfo-4.2.1-150200.69.1 qemu-audio-pa-4.2.1-150200.69.1 qemu-audio-pa-debuginfo-4.2.1-150200.69.1 qemu-kvm-4.2.1-150200.69.1 qemu-ui-curses-4.2.1-150200.69.1 qemu-ui-curses-debuginfo-4.2.1-150200.69.1 qemu-ui-gtk-4.2.1-150200.69.1 qemu-ui-gtk-debuginfo-4.2.1-150200.69.1 qemu-x86-4.2.1-150200.69.1 qemu-x86-debuginfo-4.2.1-150200.69.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): qemu-4.2.1-150200.69.1 qemu-block-curl-4.2.1-150200.69.1 qemu-block-curl-debuginfo-4.2.1-150200.69.1 qemu-block-iscsi-4.2.1-150200.69.1 qemu-block-iscsi-debuginfo-4.2.1-150200.69.1 qemu-block-rbd-4.2.1-150200.69.1 qemu-block-rbd-debuginfo-4.2.1-150200.69.1 qemu-block-ssh-4.2.1-150200.69.1 qemu-block-ssh-debuginfo-4.2.1-150200.69.1 qemu-debuginfo-4.2.1-150200.69.1 qemu-debugsource-4.2.1-150200.69.1 qemu-guest-agent-4.2.1-150200.69.1 qemu-guest-agent-debuginfo-4.2.1-150200.69.1 qemu-lang-4.2.1-150200.69.1 qemu-tools-4.2.1-150200.69.1 qemu-tools-debuginfo-4.2.1-150200.69.1 qemu-ui-spice-app-4.2.1-150200.69.1 qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1 - SUSE Enterprise Storage 7 (aarch64): qemu-arm-4.2.1-150200.69.1 qemu-arm-debuginfo-4.2.1-150200.69.1 - SUSE Enterprise Storage 7 (x86_64): qemu-audio-alsa-4.2.1-150200.69.1 qemu-audio-alsa-debuginfo-4.2.1-150200.69.1 qemu-audio-pa-4.2.1-150200.69.1 qemu-audio-pa-debuginfo-4.2.1-150200.69.1 qemu-kvm-4.2.1-150200.69.1 qemu-ui-curses-4.2.1-150200.69.1 qemu-ui-curses-debuginfo-4.2.1-150200.69.1 qemu-ui-gtk-4.2.1-150200.69.1 qemu-ui-gtk-debuginfo-4.2.1-150200.69.1 qemu-x86-4.2.1-150200.69.1 qemu-x86-debuginfo-4.2.1-150200.69.1 - SUSE Enterprise Storage 7 (noarch): qemu-ipxe-1.0.0+-150200.69.1 qemu-microvm-4.2.1-150200.69.1 qemu-seabios-1.12.1+-150200.69.1 qemu-sgabios-8-150200.69.1 qemu-vgabios-1.12.1+-150200.69.1 References: https://www.suse.com/security/cve/CVE-2021-3409.html https://www.suse.com/security/cve/CVE-2021-4206.html https://www.suse.com/security/cve/CVE-2021-4207.html https://www.suse.com/security/cve/CVE-2022-0216.html https://www.suse.com/security/cve/CVE-2022-35414.html https://bugzilla.suse.com/1175144 https://bugzilla.suse.com/1182282 https://bugzilla.suse.com/1192115 https://bugzilla.suse.com/1198035 https://bugzilla.suse.com/1198037 https://bugzilla.suse.com/1198038 . Canonical reveals an urgent patch for KVM tackling multiple key vulnerabilities, strengthening security measures.. SUSE Update, QEMU Security Fix, Important Patch, Linux Security. . Severity: Important. LinuxSecurity.com Team
Oct 17, 2022
•Important
SuSE
89
security advisorysoftware updateFedoraFedora 36 FEDORA-2022-e56085ba31 Critical: pcre2 Out-Of-Bounds Read Fix
Rebase to version 10.40. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-e56085ba31 2022-05-12 20:24:55.994298 --------------------------------------------------------------------------------Name : pcre2 Product : Fedora 36 Version : 10.40 Release : 1.fc36 URL : / Summary : Perl-compatible regular expression library Description : PCRE2 is a re-working of the original PCRE (Perl-compatible regular expression) library to provide an entirely new API. PCRE2 is written in C, and it has its own API. There are three sets of functions, one for the 8-bit library, which processes strings of bytes, one for the 16-bit library, which processes strings of 16-bit values, and one for the 32-bit library, which processes strings of 32-bit values. There are no C++ wrappers. This package provides support for strings in 8-bit and UTF-8 encodings. Install pcre2-utf16 or pcre2-utf32 packages for the other ones. The distribution does contain a set of C wrapper functions for the 8-bit library that are based on the POSIX regular expression API (see the pcre2posix man page). These can be found in a library called libpcre2posix. Note that this just provides a POSIX calling interface to PCRE2; the regular expressions themselves still follow Perl syntax and semantics. The POSIX API is restricted, and does not give full access to all of PCRE2's facilities. --------------------------------------------------------------------------------Update Information: Rebase to version 10.40 --------------------------------------------------------------------------------ChangeLog: * Mon Apr 25 2022 Lukas Javorsky - 10.40-1 - Rebase to the 10.40 - Resolves multiple Out-of-bounds read errors --------------------------------------------------------------------------------References: [ 1 ] Bug #2075955 - pcre2-10.40 is available https://bugzilla.redhat.com/show_bug.cgi?id=2075955 [ 2 ] Bug #2077986 -CVE-2022-1587 pcre2: Out-of-bounds read in get_recurse_data_length in pcre2_jit_compile.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2077986 [ 3 ] Bug #2077987 - CVE-2022-1586 pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2077987 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-e56085ba31' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 12, 2022
•Critical
Fedora
200
security advisorymoderatehttpdModerate Alert: Proxy Cache Poisoning Vulnerability in Scientific Linux SL6
It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy ca [More...]. Synopsis: Moderate: httpd security and bug fix update Advisory ID: SLSA-2017:1721-1 Issue Date: 2017-07-11 CVE Numbers: CVE-2016-8743 -- Security Fix(es): * It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those charactersdifferently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743) Note: The fix for the CVE-2016-8743 issue causes httpd to return "400 Bad Request" error to HTTP clients which do not strictly follow HTTP protocol specification. A newly introduced configuration directive "HttpProtocolOptions Unsafe" can be used to re-enable the old less strict parsing. However, such setting also re-introduces the CVE-2016-8743 issue. Note: Administrators of Red Hat Satellite 5 and Red Hat Satellite Proxy 5 systems should consult Red Hat Knowledgebase article 3013361 linked to in the Reference section before installing this update. Bug Fix(es): * Previously, httpd was unable to correctly check a boundary of an array, and in rare cases it attempted to access an element of an array that was out of bounds. Consequently, httpd terminated unexpectedly with a segmentation fault at proxy_util.c. With this update, bounds checking has been fixed, and httpd no longer crashes. -- SL6 x86_64 httpd-2.2.15-60.el6_9.4.x86_64.rpm httpd-debuginfo-2.2.15-60.el6_9.4.x86_64.rpm httpd-tools-2.2.15-60.el6_9.4.x86_64.rpm httpd-debuginfo-2.2.15-60.el6_9.4.i686.rpm httpd-devel-2.2.15-60.el6_9.4.i686.rpm httpd-devel-2.2.15-60.el6_9.4.x86_64.rpm mod_ssl-2.2.15-60.el6_9.4.x86_64.rpm i386 httpd-2.2.15-60.el6_9.4.i686.rpm httpd-debuginfo-2.2.15-60.el6_9.4.i686.rpm httpd-tools-2.2.15-60.el6_9.4.i686.rpm httpd-devel-2.2.15-60.el6_9.4.i686.rpm mod_ssl-2.2.15-60.el6_9.4.i686.rpm noarch httpd-manual-2.2.15-60.el6_9.4.noarch.rpm - Scientific Linux Development Team . Recent patch for nginx released to resolve configuration vulnerabilities, addressing HTTP header handling and averting potential DoS attacks on CentOS.. httpd security update, proxy cache issues, Scientific Linux security. . LinuxSecurity.com Team
Jul 11, 2017
Scientific Linux
100
security advisoryDoSremote attackSUSE: 2016:3169-1 Important: Kernel Live Patch 0 Mitigates DoS
An update that solves two vulnerabilities and has one An update that solves two vulnerabilities and has one An update that solves two vulnerabilities and has one errata is now available. errata is now available.. SUSE Security Update: Security update for Linux Kernel Live Patch 0 for SLE 12 SP2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:3169-1 Rating: important References: #1008284 #1012183 #1012759 Cross-References: CVE-2016-8655 CVE-2016-9555 Affected Products: SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 4.4.21-69 fixes several issues. The following security bugs were fixed: - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012759). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bsc#1012183). - A stability issue in the btrfs module was fixed (bsc#1008284) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1834=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Live Patching 12 (x86_64): kgraft-patch-4_4_21-69-default-2-5.1 References: https://www.suse.com/security/cve/CVE-2016-8655.html https://www.suse.com/security/cve/CVE-2016-9555.html https://bugzilla.suse.com/1008284 https://bugzilla.suse.com/1012183 https://bugzilla.suse.com/1012759 . SUSE Security Patch: Kernel Live Update 0 for SLE 12 SP2 resolves vital kernel vulnerabilities and enhances system performance.. Kernel Live Patching, SUSE Security Update, SLE 12 SP2, Kernel Patch, Remote Attack. . Severity: Important. LinuxSecurity.com Team
Dec 16, 2016
•Important
SuSE
87
security advisorycode executiondebianDebian: DSA-3733-1 Critical: Apt Code Execution Due To InRelease Error
Jann Horn of Google Project Zero discovered that APT, the high level package manager, does not properly handle errors when validating signatures on InRelease files. An attacker able to man-in-the-middle HTTP requests to an apt repository that uses InRelease files . - ------------------------------------------------------------------------- Debian Security Advisory DSA-3733-1
Dec 13, 2016
•Critical
Debian
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!