Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
89
security advisoryupdateFedoraFedora 41: 2025-cd87acc644 critical: Update uv and Rust Dependencies
Update uv to 0.6.14, with various bugfixes and new features. Update rust-idna to 1.0.3 (fixing RUSTSEC-2024-0421), rust-url to 2.5.4, rust- adblock to 0.9.6, and rust-cookie_store to 0.21.1; adjust some reverse dependencies of rust-idna. Initial packages for many dependencies. Update rust-ron to 0.9.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-cd87acc644 2025-04-21 16:44:59.680841+00:00 -------------------------------------------------------------------------------- Name : uv Product : Fedora 41 Version : 0.6.14 Release : 3.fc41 URL : https://github.com/astral-sh/uv Summary : An extremely fast Python package installer and resolver, written in Rust Description : An extremely fast Python package installer and resolver, written in Rust. Designed as a drop-in replacement for common pip and pip-tools workflows. Highlights: ⢠âï¸ Drop-in replacement for common pip, pip-tools, and virtualenv commands. ⢠â¡ï¸ 10-100x faster than pip and pip-tools (pip-compile and pip-sync). ⢠ð¾ Disk-space efficient, with a global cache for dependency deduplication. ⢠ð Installable via curl, pip, pipx, etc. uv is a static binary that can be installed without Rust or Python. ⢠𧪠Tested at-scale against the top 10,000 PyPI packages. ⢠ð¥ï¸ Support for macOS, Linux, and Windows. ⢠𧰠Advanced features such as dependency version overrides and alternative resolution strategies. ⢠âï¸ Best-in-class error messages with a conflict-tracking resolver. ⢠ð¤ Support for a wide range of advanced pip features, including editable installs, Git dependencies, direct URL dependencies, local dependencies, constraints, source distributions, HTML and JSON indexes, and more. -------------------------------------------------------------------------------- Update Information: Update uv to 0.6.14, withvarious bugfixes and new features. Update rust-idna to 1.0.3 (fixing RUSTSEC-2024-0421), rust-url to 2.5.4, rust- adblock to 0.9.6, and rust-cookie_store to 0.21.1; adjust some reverse dependencies of rust-idna. Initial packages for many dependencies. Update rust-ron to 0.9. Update rust-zip to 2.6.1, fixing GHSA-94vh-gphv-8pm8. -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 11 2025 Benjamin A. Beasley - 0.6.14-3 - Patch bundled pubgrub/version-ranges fork for ron 0.9.0 final * Fri Apr 11 2025 Benjamin A. Beasley - 0.6.14-2 - Rebuilt with rust-idna 1.x * Thu Apr 10 2025 Benjamin A. Beasley - 0.6.14-1 - Update to 0.6.14 (close RHBZ#2358763) * Tue Apr 8 2025 Benjamin A. Beasley - 0.6.13-1 - Update to 0.6.13 (close RHBZ#2358064) * Fri Apr 4 2025 Benjamin A. Beasley - 0.6.12-2 - Update License expression * Fri Apr 4 2025 Benjamin A. Beasley - 0.6.12-1 - Update to 0.6.12 (close RHBZ#2354987) * Fri Apr 4 2025 Benjamin A. Beasley - 0.6.11-1 - Update to 0.6.11 * Thu Apr 3 2025 Benjamin A. Beasley - 0.6.10-1 - Update to 0.6.10 * Sat Mar 22 2025 Benjamin A. Beasley - 0.6.9-2 - Stop patching the forked async-zip for zip 0.6; use zip 2 * Fri Mar 21 2025 Benjamin A. Beasley - 0.6.9-1 - Update to 0.6.9 (close RHBZ#2353965) * Wed Mar 19 2025 Benjamin A. Beasley - 0.6.8-1 - Update to 0.6.8 (close RHBZ#2353281) * Tue Mar 18 2025 Benjamin A. Beasley - 0.6.7-1 - Update to 0.6.7 (close RHBZ#2353121) * Wed Mar 12 2025 Benjamin A. Beasley - 0.6.6-1 - Update to 0.6.6 (close RHBZ#2351456) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2277901 - rust-adblock-0.9.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=2277901 [ 2 ] Bug #2291175 - rust-idna-1.0.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2291175 [ 3 ] Bug #2323618 - rust-url-2.5.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2323618 [ 4 ] Bug #2324926 -rust-cookie_store-0.21.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2324926 [ 5 ] Bug #2352783 - rust-zip-2.6.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2352783 [ 6 ] Bug #2358015 - Review Request: rust-write16 - UTF-16 analog of the Write trait https://bugzilla.redhat.com/show_bug.cgi?id=2358015 [ 7 ] Bug #2358018 - Review Request: rust-utf16_iter - Iterator by char over potentially-invalid UTF-16 in &[u16] https://bugzilla.redhat.com/show_bug.cgi?id=2358018 [ 8 ] Bug #2358020 - Review Request: rust-icu_locid - API for managing Unicode Language and Locale Identifiers https://bugzilla.redhat.com/show_bug.cgi?id=2358020 [ 9 ] Bug #2358105 - Review Request: rust-icu_provider_macros - Proc macros for ICU data providers https://bugzilla.redhat.com/show_bug.cgi?id=2358105 [ 10 ] Bug #2358290 - Review Request: rust-icu_provider - Trait and struct definitions for the ICU data provider https://bugzilla.redhat.com/show_bug.cgi?id=2358290 [ 11 ] Bug #2358292 - Review Request: rust-icu_locid_transform_data - Data for the icu_locid_transform crate https://bugzilla.redhat.com/show_bug.cgi?id=2358292 [ 12 ] Bug #2358507 - Review Request: rust-icu_locid_transform - API for Unicode Language and Locale Identifiers canonicalization https://bugzilla.redhat.com/show_bug.cgi?id=2358507 [ 13 ] Bug #2358521 - Review Request: rust-icu_properties_data - Data for the icu_properties crate https://bugzilla.redhat.com/show_bug.cgi?id=2358521 [ 14 ] Bug #2358522 - Review Request: rust-icu_normalizer_data - Data for the icu_normalizer crate https://bugzilla.redhat.com/show_bug.cgi?id=2358522 [ 15 ] Bug #2358527 - Review Request: rust-icu_properties - Definitions for Unicode properties https://bugzilla.redhat.com/show_bug.cgi?id=2358527 [ 16 ] Bug #2358606 - Review Request: rust-icu_normalizer - API for normalizing text into Unicode Normalization Forms https://bugzilla.redhat.com/show_bug.cgi?id=2358606 [ 17 ] Bug #2358642 - Review Request: rust-idna_adapter - Back end adapter for idna https://bugzilla.redhat.com/show_bug.cgi?id=2358642 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-cd87acc644' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- . Upgrade uv to the 0.6.14 release for Fedora 41, fixing bugs and enhancing functionalities in various Rust packages.. Fedora Update, Rust Packages, UV Installer, Software Management, Dependency Management. . Severity: Critical. LinuxSecurity.com Team
Apr 21, 2025
•Critical
Fedora
89
security advisoryfedoracriticalFedora 37: FEDORA-2022-fb088df94c Critical: Git Command Injection Fix
Upstream update including security & bug fixes as well as feature enhancements. From the upstream [release notes](https://raw.githubusercontent.com/git/git/v2.38.1/Documentation/RelNotes/2.30.6.txt): CVE-2022-39253 -------------- When relying on the `--local` clone optimization, Git dereferences symbolic links in the source repository before creating hardlinks (or copies) of the dereferenced link in the. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-fb088df94c 2022-11-10 22:04:44.631899 --------------------------------------------------------------------------------Name : git Product : Fedora 37 Version : 2.38.1 Release : 1.fc37 URL : https://git-scm.com/ Summary : Fast Version Control System Description : Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, including tools for integrating with other SCMs, install the git-all meta-package. --------------------------------------------------------------------------------Update Information: Upstream update including security & bug fixes as well as feature enhancements. From the upstream [release notes](https://raw.githubusercontent.com/git/git/v2.38.1/Documentation/RelNotes/2.30.6.txt): CVE-2022-39253 -------------- When relying on the `--local` clone optimization, Git dereferences symbolic links in the source repository before creating hardlinks (or copies) of the dereferenced link in the destination repository. This can lead to surprising behavior where arbitrary files are present in a repository's `$GIT_DIR` when cloning from a malicious repository. Git will no longer dereference symbolic links via the `--local` clone mechanism, and will instead refuse to clone repositories thathave symbolic links present in the `$GIT_DIR/objects` directory. Additionally, the value of `protocol.file.allow` is changed to be "user" by default. CVE-2022-39260 -------------- An overly-long command string given to `git shell` can result in overflow in `split_cmdline()`, leading to arbitrary heap writes and remote code execution when `git shell` is exposed and the directory `$HOME/git-shell-commands` exists. `git shell` is taught to refuse interactive commands that are longer than 4MiB in size. `split_cmdline()` is hardened to reject inputs larger than 2GiB. Credits ------- Credit for finding CVE-2022-39253 goes to Cory Snider of Mirantis. The fix was authored by Taylor Blau, with help from Johannes Schindelin. Credit for finding CVE-2022-39260 goes to Kevin Backhouse of GitHub. The fix was authored by Kevin Backhouse, Jeff King, and Taylor Blau. --------------------------------------------------------------------------------ChangeLog: * Tue Oct 18 2022 Todd Zullinger - 2.38.1-1 - update to 2.38.1 (CVE-2022-39253, CVE-2022-39260) * Mon Oct 3 2022 Todd Zullinger - 2.38.0-1 - update to 2.38.0 * Wed Sep 28 2022 Todd Zullinger - 2.38.0-0.2.rc2 - update to 2.38.0-rc2 * Wed Sep 21 2022 Todd Zullinger - 2.38.0-0.1.rc1 - update to 2.38.0-rc1 - git-subtree sub-package is noarch * Fri Sep 16 2022 Todd Zullinger - 2.38.0-0.0.rc0 - update to 2.38.0-rc0 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-fb088df94c' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Nov 10, 2022
•Critical
Fedora
98
security advisoryRed Hatmoderate severityUbuntu: USN-2022-1234-1 Important: Kubernetes Security Patch
Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes a bug fixes, security patches and new feature enhancements. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Advanced Cluster Security 3.68 security and enhancement update Advisory ID: RHSA-2022:0431-01 Product: RHACS Advisory URL: https://access.redhat.com/errata/RHSA-2022:0431 Issue date: 2022-02-03 CVE Names: CVE-2021-3712 CVE-2021-29923 CVE-2021-42574 ==================================================================== 1. Summary: Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes a bug fixes, security patches and new feature enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: New features 1. Vulnerability triage workflows - RHACS 3.68 includes the ability to triage vulnerabilities in a variety of ways to support your vulnerability management process. See Managing vulnerabilities for more information. 2. Report scheduling for vulnerabilities - RHACS 3.68 includes the ability to schedule reports for vulnerabilities helping you to send scheduled communications to key stakeholders to assist in the vulnerability management process. See Reporting vulnerabilities to teams for more information. 3. Use AWS ECR AssumeRoles - AWS AssumeRoles allows you to define roles with specific permissions and then granting users access to those roles. {product-title} 3.68 includes the ability to use AWS ECR AssumeRoles to configureroles and grant various levels of access to users. For more details, see Using assumerole with Amazon ECR. Important bug fixes 1. Previously, searching for CVE’s with a specific severity did not returned any results. This issue has been fixed. 2. Previously, when configuring the Manage Watches feature, if you added more than 12 images to the watch list, the image list would not display properly. This issue has been fixed. 3. Previously, when the RHACS Operator accessed the central-htpasswd secret, it would create a false positive policy violation for the OpenShift: Advanced Cluster Security Central Admin Secret Accessed default policy. This issue has been fixed. Security update 1. In earlier versions of RHACS, the write permission for the APIToken resource allowed users to create API tokens for any role, including the admin role. This issue has been fixed. 2. The scanner image has been updated to patch CVE-2021-29923. * golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923) Important system changes 1. RHACS 3.68 includes updates for the Log4Shell vulnerability detection policy. With this update this policy also detects CVE-2021-45046 and it includes the updated remediation based on the latest guidance by the Apache Logging security team. 2. When you upgrade to RHACS 3.68, roles that include write access on the Images resource will have write permissions for both VulnerabilityManagementRequests and VulnerabilityManagementApprovals resource. Red Hat recommends updating the roles to only include the least amount of resources required for each role. 3. If you have installed RHACS using Helm, this update disabled the cluster configuration options in the {product-title-short} portal. You can continue to use Helm configuration files. 4. RHACS 3.68 sends notifications for every runtime policy violation rather than sending notifications only the first encountered violation. This is the default behavior. 5. Tags of the scanner, scanner-db, andcollector images, including the collector-slim variant, are now identical to the main image tag. 6. Red Has changed the image names for collector-slim. -slim is no longer part of the image tag. 7. The roxctl CLI includes a new --image-defaults option for the roxctl helm output and roxctl central generate commands. It allows selecting the default registry from which container images are taken for deploying central and scanner. 8. Red Hat has deprecated the --rhacs option for the roxctl helm output command. Use --rhacs-image-defaults option instead. 9. By default, the roxctl helm output command now uses the images from registry.redhat.io rather than stackrox.io. 3. Solution: To take advantage of the new features, bug fixes and security patches issued in 3.68 you are advised to upgrade to patch release 3.68.0. 4. Bugs fixed (https://bugzilla.redhat.com/): 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): RHACS-110 - Release RHACS 3.68.0 RHACS-94 - stackrox.io is still default image source in output of "roxctl central generate" 6. References: https://access.redhat.com/security/cve/CVE-2021-3712 https://access.redhat.com/security/cve/CVE-2021-29923 https://access.redhat.com/security/cve/CVE-2021-42574 https://access.redhat.com/security/updates/classification#moderate 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYfwPNtzjgjWX9erEAQh2/Q/7BQtG1eujhb+cs4AlqkoQHZ8bqYr+gRkr FUb5IJHESWOOourFzP2u4Ihs+nnFycJPQ0uUd8RUJrCXBTU/EneykhP8DxYrx0HT 2/Rkmv1SJuq+uIUx4Bvc9ieSeHRcAAHZb9Tpnj9MUci732mW0OhUOebxEtvA307z M4nS+XPcqIZhwYZwP37u+wemh8Fu5Xwi1NQ5iqQUQtht9HjIWX0Uzl7fGRQ/QfbW Ye1wakssfVVc+DPBCNMRy1bM9YAo0wRIFgCCORNcxXqSn5zHE6PeOQXA57K65fUI JKwRz3vih9TE3gzwCMVSoMtWhHDQD0lqa6cqvkkbmrFoS66zSAmuORsWGK7GB1nP X8xbBWy1TulLwN/73sBKnQ1jMdk1k2sVr4AvBvdVrS/y2MTMTBi44co99Jy85n5O 9IkW/Dv7AmYkHnTVjZzKP5DST3xsyeCAyVOm144ztAZsW7Vw+6V9XE+xW7TUF6q/ hZoaLQbSIJPfz2+uXwbieGiNh7bummg1mGWa7aed2I+0dd6h6Ko9iQQhxl37Qu/X X/BkQRGoRLHXfGxmPTTtw6xhgGtKQ3Yk+4ExQF9Npz9mBNgaAvyHHKQUBm8Q19y9 WpHaSMjJcFpKn7zylGml+IS0AxHxm0q7pYy41obuGSTpnAT9GcJsgVIIKVivvGgY eH69S/bKdsk=9PYz -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Feb 03, 2022
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!