Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
100
security advisorysoftware updateSUSESUSE 12 SP5: LibreOffice Moderate Update: CVE-2023-1183 File Issue
* bsc#1209243 * bsc#1212444 * bsc#1215595 * jsc#PED-5199 * jsc#PED-6799 . # Security update for libreoffice Announcement ID: SUSE-SU-2023:4648-1 Rating: moderate References: * bsc#1209243 * bsc#1212444 * bsc#1215595 * jsc#PED-5199 * jsc#PED-6799 * jsc#PED-6800 Cross-References: * CVE-2023-1183 CVSS scores: * CVE-2023-1183 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N * CVE-2023-1183 ( NVD ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves one vulnerability, contains three features and has two security fixes can now be installed. ## Description: This update for fixes the following issues: libreoffice was updated rom 7.5.4.1 to 7.6.2.1 (jsc#PED-6799, jsc#PED-6800): * For the highlights of changes of version 7.6 please consult the official release notes: * https://wiki.documentfoundation.org/ReleaseNotes/7.6 * You can check for each minor release notes here: * https://wiki.documentfoundation.org/Releases/7.6.2/RC1 * https://wiki.documentfoundation.org/Releases/7.6.1/RC2 * https://wiki.documentfoundation.org/Releases/7.6.1/RC1 * https://wiki.documentfoundation.org/Releases/7.6.0/RC3 * https://wiki.documentfoundation.org/Releases/7.6.0/RC2 * https://wiki.documentfoundation.org/Releases/7.6.0/RC1 * Security issues fixed: * CVE-2023-1183, Fixed arbitrary file write in LibreOffice Base (bsc#1212444, bsc#1209243) * Updated bundled dependencies: * boost version update from 1_80_0 to 1_82_0 * curl version update from 8.0.1 to 8.2.1 * icu4c-data version update from 72_1 to 73_2 * icu4c version update from 72_1 to 73_2 * pdfium version update from 5408 to 5778 * poppler version update from 22.12.0 to 23.06.0 * poppler-data version update from 0.4.11to 0.4.12 * skia version from m103-b301ff025004c9cd82816c86c547588e6c24b466 to skia-m111-a31e897fb3dcbc96b2b40999751611d029bf5404 * New bundled dependencies: * graphite2-minimal-1.3.14.tgz * harfbuzz-8.0.0.tar.xz * New build dependencies: * frozen-devel * liborcus-0_18-0 * libixion * mdds-2_1 * New runtime dependencies: * `libreoffice-draw` requires `libreoffice-impress` (bsc#1215595) frozen was implemented: * New Libreoffice package dependency libixion was updated to version 0.18.1: * Updated to 0.18.1: * Fixed a 32-bit Linux build issue as discovered on Debian, due to a clash on two 32-bit unsigned integer types being used with std::variant. * Updated to 0.18.0: * Removed the formula_model_access interface from model_context, and switched to using model_context directly everywhere. * Revised formula_tokens_t type to remove use of std::unique_ptr for each formula_token instance. This should improve memory locality when iterating through an array of formula token values. A similar change has also been made to lexer_tokens_t and lexer_token types. * Added 41 built-in functions * Added support for multi-sheet references in Excel A1 and Excel R1C1 grammers. liborcus was updated to version 0.18.1: * Updated to 0.18.1: * sax parser: * added support for optionally skipping multiple BOM's in the beginning of XML stream. This affects all XML-based file format filters such as xls-xml (aka Excel 2003 XML). * xml-map: * fixed a bug where an XML document consisting of simple single-column records were not properly converted to sheet data * xls-xml: * fixed a bug where the filter would always pass border color even when it was not set * buildsystem: * added new configure switches --without-benchmark and --without-doc-example to optinally skip building of these two directories mdds-2_1 was implemented: * New Libreoffice package dependency ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or"zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4648=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-4648=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch) * libetonyek-devel-doc-0.1.10-10.11.2 * frozen-devel-1.1.1-8.3.3 * mdds-2_1-devel-2.1.1-8.3.3 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libixion-debugsource-0.18.1-21.3.3 * liborcus-debugsource-0.18.1-18.3.3 * liborcus-devel-0.18.1-18.3.3 * liborcus-0_18-0-0.18.1-18.3.3 * libetonyek-devel-0.1.10-10.11.2 * liborcus-0_18-0-debuginfo-0.18.1-18.3.3 * libetonyek-debugsource-0.1.10-10.11.2 * libetonyek-0_1-1-0.1.10-10.11.2 * libixion-0_18-0-debuginfo-0.18.1-21.3.3 * libixion-0_18-0-0.18.1-21.3.3 * libixion-devel-0.18.1-21.3.3 * SUSE Linux Enterprise Software Development Kit 12 SP5 (x86_64) * libreoffice-debugsource-7.6.2.1-48.47.6 * libreoffice-sdk-debuginfo-7.6.2.1-48.47.6 * libreoffice-sdk-7.6.2.1-48.47.6 * libreoffice-debuginfo-7.6.2.1-48.47.6 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * libreoffice-debugsource-7.6.2.1-48.47.6 * libreoffice-draw-debuginfo-7.6.2.1-48.47.6 * libreoffice-librelogo-7.6.2.1-48.47.6 * libreoffice-base-drivers-postgresql-debuginfo-7.6.2.1-48.47.6 * libreoffice-impress-debuginfo-7.6.2.1-48.47.6 * libreoffice-pyuno-7.6.2.1-48.47.6 * libreoffice-writer-extensions-7.6.2.1-48.47.6 * libetonyek-0_1-1-0.1.10-10.11.2 * libixion-0_18-0-0.18.1-21.3.3 * libreoffice-writer-7.6.2.1-48.47.6 * libreoffice-debuginfo-7.6.2.1-48.47.6 * libreoffice-writer-debuginfo-7.6.2.1-48.47.6 * libreoffice-calc-debuginfo-7.6.2.1-48.47.6 * libreoffice-draw-7.6.2.1-48.47.6 * libixion-0_18-0-debuginfo-0.18.1-21.3.3 * libreoffice-calc-extensions-7.6.2.1-48.47.6 * libreoffice-gtk3-7.6.2.1-48.47.6 * liborcus-0_18-0-debuginfo-0.18.1-18.3.3 *libreoffice-base-debuginfo-7.6.2.1-48.47.6 * libreoffice-math-debuginfo-7.6.2.1-48.47.6 * libreoffice-pyuno-debuginfo-7.6.2.1-48.47.6 * libreoffice-gtk3-debuginfo-7.6.2.1-48.47.6 * libreoffice-mailmerge-7.6.2.1-48.47.6 * libetonyek-debugsource-0.1.10-10.11.2 * libreoffice-calc-7.6.2.1-48.47.6 * libreoffice-base-drivers-postgresql-7.6.2.1-48.47.6 * libreoffice-base-7.6.2.1-48.47.6 * libetonyek-0_1-1-debuginfo-0.1.10-10.11.2 * libreoffice-officebean-debuginfo-7.6.2.1-48.47.6 * libreoffice-filters-optional-7.6.2.1-48.47.6 * libreoffice-gnome-debuginfo-7.6.2.1-48.47.6 * libreoffice-impress-7.6.2.1-48.47.6 * libixion-debugsource-0.18.1-21.3.3 * liborcus-debugsource-0.18.1-18.3.3 * libreoffice-officebean-7.6.2.1-48.47.6 * liborcus-0_18-0-0.18.1-18.3.3 * libreoffice-7.6.2.1-48.47.6 * libreoffice-math-7.6.2.1-48.47.6 * libreoffice-gnome-7.6.2.1-48.47.6 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (noarch) * libreoffice-l10n-fi-7.6.2.1-48.47.6 * libreoffice-l10n-da-7.6.2.1-48.47.6 * libreoffice-l10n-zh_CN-7.6.2.1-48.47.6 * libreoffice-l10n-ro-7.6.2.1-48.47.6 * libreoffice-l10n-bg-7.6.2.1-48.47.6 * libreoffice-l10n-de-7.6.2.1-48.47.6 * libreoffice-l10n-sk-7.6.2.1-48.47.6 * libreoffice-l10n-ja-7.6.2.1-48.47.6 * libreoffice-l10n-nn-7.6.2.1-48.47.6 * libreoffice-l10n-zu-7.6.2.1-48.47.6 * libreoffice-icon-themes-7.6.2.1-48.47.6 * libreoffice-l10n-uk-7.6.2.1-48.47.6 * libreoffice-l10n-gu-7.6.2.1-48.47.6 * libreoffice-l10n-zh_TW-7.6.2.1-48.47.6 * libreoffice-l10n-nb-7.6.2.1-48.47.6 * libreoffice-l10n-af-7.6.2.1-48.47.6 * libreoffice-l10n-cs-7.6.2.1-48.47.6 * libreoffice-l10n-hr-7.6.2.1-48.47.6 * libreoffice-l10n-lt-7.6.2.1-48.47.6 * libreoffice-l10n-pl-7.6.2.1-48.47.6 * libreoffice-l10n-it-7.6.2.1-48.47.6 * libreoffice-l10n-ar-7.6.2.1-48.47.6 * libreoffice-l10n-en-7.6.2.1-48.47.6 * libreoffice-l10n-es-7.6.2.1-48.47.6 * libreoffice-l10n-ko-7.6.2.1-48.47.6 * libreoffice-l10n-pt_PT-7.6.2.1-48.47.6 * libreoffice-l10n-fr-7.6.2.1-48.47.6 *libreoffice-l10n-hi-7.6.2.1-48.47.6 * libreoffice-l10n-hu-7.6.2.1-48.47.6 * libreoffice-l10n-sv-7.6.2.1-48.47.6 * libreoffice-l10n-ca-7.6.2.1-48.47.6 * libreoffice-l10n-nl-7.6.2.1-48.47.6 * libreoffice-branding-upstream-7.6.2.1-48.47.6 * libreoffice-l10n-pt_BR-7.6.2.1-48.47.6 * libreoffice-l10n-ru-7.6.2.1-48.47.6 * libreoffice-l10n-xh-7.6.2.1-48.47.6 ## References: * https://www.suse.com/security/cve/CVE-2023-1183.html * https://bugzilla.suse.com/show_bug.cgi?id=1209243 * https://bugzilla.suse.com/show_bug.cgi?id=1212444 * https://bugzilla.suse.com/show_bug.cgi?id=1215595 * * * . Latest LibreOffice update resolves a moderate security issue for SUSE Linux users, enhancing overall performance and stability.. SUSE Update, LibreOffice Security, Software Patch, Linux Advisory. . Severity: Important. LinuxSecurity.com Team
Dec 14, 2023
•Important
SuSE
91
security advisorygentoosoftware updateGentoo GLSA 202305-30: Critical ImageMagick Convert Command Overflow Issue
Multiple vulnerabilities have been discovered in squashfs-tools, the worst of which can result in an arbitrary file write.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202305-29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: squashfs-tools: Multiple Vulnerabilities Date: May 30, 2023 Bugs: #810706, #813654 ID: 202305-29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in squashfs-tools, the worst of which can result in an arbitrary file write. Background ========= Squashfs is a compressed read-only filesystem for Linux. Squashfs is intended for general read-only filesystem use, for archival use (i.e. in cases where a .tar.gz file may be used), and in constrained block device/memory systems (e.g. embedded systems) where low overhead is needed. Affected packages ================ Package Vulnerable Unaffected --------------------- --------------- ---------------- sys-fs/squashfs-tools < 4.5_p20210914 > = 4.5_p20210914 Description ========== Multiple vulnerabilities have been discovered in squashfs-tools. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All squashfs-tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =sys-fs/squashfs-tools-4.5_p20210914" References ========= [ 1 ] CVE-2021-40153 https://nvd.nist.gov/vuln/detail/CVE-2021-40153 [ 2 ] CVE-2021-41072 https://nvd.nist.gov/vuln/detail/CVE-2021-41072 Availability =========== This GLSA and any updatesto it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202305-29 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
May 30, 2023
Gentoo
203
security advisorymoderatedirectory traversalMageia 8: MGASA-2023-0129 Moderate: Stellarium Directory Write Risk
Attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal. (CVE-2023-28371) References: - https://bugs.mageia.org/show_bug.cgi?id=31742 . MGASA-2023-0129 - Updated stellarium packages fix security vulnerability Publication date: 06 Apr 2023 URL: https://advisories.mageia.org/MGASA-2023-0129.html Type: security Affected Mageia releases: 8 CVE: CVE-2023-28371 Attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal. (CVE-2023-28371) References: - https://bugs.mageia.org/show_bug.cgi?id=31742 - https://lists.fedoraproject.org/archives/list/
Apr 06, 2023
Mageia
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!