Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 6 articles for you...
202
security advisorymoderatefirewallopenSUSE Tumbleweed Ignition 2.26 Moderate Issue CVE-2026-33186
An update that solves one vulnerability can now be installed.. # ignition-2.26.0-3.1 on GA media Announcement ID: openSUSE-SU-2026:10474-1 Rating: moderate Cross-References: * CVE-2026-33186 CVSS scores: * CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the ignition-2.26.0-3.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * ignition 2.26.0-3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33186.html . This advisory addresses an important security fix for Ignition 2.26.0 with a moderate severity threat impacting openSUSE Tumbleweed.. openSUSE Ignition security fix, moderate severity issues, system access vulnerabilities. . LinuxSecurity.com Team
Apr 02, 2026
OpenSUSE
87
security advisoryimportantfirewallDebian: Critical Firewall Unauthorized Config Alteration DSA-6095-1
Matthias Gerstner discovered two vulnerabilities in the Foomuuri firewall generator, which could result in tampering of the firewall configuration by unauthorised users. For the stable distribution (trixie), these problems have been fixed in version 0.27-2+deb13u1.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6095-1
Jan 07, 2026
•Important
Debian
100
security advisorymoderateupdateSUSE: Docker Critical Security Patch 2025:20743-2 CVE-2025-54389
* bsc#1247367 * bsc#1247594 * jsc#PED-12534 * jsc#PED-8905 . # Security update for docker Announcement ID: SUSE-SU-2025:20743-1 Release Date: 2025-09-10T16:10:30Z Rating: moderate References: * bsc#1247367 * bsc#1247594 * jsc#PED-12534 * jsc#PED-8905 Cross-References: * CVE-2025-54388 CVSS scores: * CVE-2025-54388 ( SUSE ): 5.1 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2025-54388 ( SUSE ): 5.2 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2025-54388 ( NVD ): 5.1 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-54388 ( NVD ): 4.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability, contains two features and has one fix can now be installed. ## Description: This update for docker fixes the following issues: Update to docker-buildx v0.28.0. See upstream changelog: Update to Docker 28.4.0-ce. See upstream changelog: * Update warnings and errors related to "docker buildx ..." so that they reference our openSUSE docker-buildx packages. * Enable building docker-buildx for SLE15 systems with SUSEConnect secret injection enabled.jsc#PED-12534jsc#PED-8905 bsc#1247594 As docker-buildx does not support our SUSEConnect secret injection (and some users depend "docker build" working transparently), patch the docker CLI so that "docker build" will no longer automatically call "docker buildx build", effectively making DOCKER_BUILDKIT=0 the default configuration. Users can manually use "docker buildx ..." commands or set DOCKER_BUILDKIT=1 in order to opt-in to using docker-buildx. Users can silence the "docker build" warning by setting DOCKER_BUILDKIT=0 explicitly. In order to inject SCC credentials with docker-buildx, users should use RUN --mount=type=secret,id=SCCcredentials zypper-n ... in their Dockerfiles, and docker buildx build --secret id=SCCcredentials,src=/etc/zypp/credentials.d/SCCcredentials,type=file . when doing their builds. Update to Docker 28.3.3-ce. See upstream changelog online at Security issue fixed: * CVE-2025-54388: firewalld reload can make published container ports accessible from remote hosts (bsc#1247367) Update to docker-buildx v0.26.1. Upstream changelog: Update to docker-buildx v0.26.0. Upstream changelog: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-257=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * docker-buildx-0.28.0-slfo.1.1_6.1 * docker-debuginfo-28.4.0_ce-slfo.1.1_6.1 * docker-28.4.0_ce-slfo.1.1_6.1 * docker-buildx-debuginfo-0.28.0-slfo.1.1_6.1 ## References: * https://www.suse.com/security/cve/CVE-2025-54388.html * https://bugzilla.suse.com/show_bug.cgi?id=1247367 * https://bugzilla.suse.com/show_bug.cgi?id=1247594 * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FPED-12534&page_caps=&user_role= * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FPED-8905&page_caps=&user_role= . Moderate security update for Docker on SUSE addressing CVE-2025-54388 and more significant issues promptly.. Docker update, SUSE security, firewalld issue, security patch, Docker vulnerabilities. . LinuxSecurity.com Team
Sep 26, 2025
SuSE
202
security advisoryimportantkernelopenSUSE 15.4: SUSE-SU-2025:02111-1 important: kernel security issues
An update that solves six vulnerabilities can now be installed.. # Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP4) Announcement ID: SUSE-SU-2025:02111-1 Release Date: 2025-06-25T16:03:47Z Rating: important References: * bsc#1232908 * bsc#1232929 * bsc#1233680 * bsc#1233708 * bsc#1235062 * bsc#1235231 Cross-References: * CVE-2024-50125 * CVE-2024-50127 * CVE-2024-50279 * CVE-2024-50301 * CVE-2024-56601 * CVE-2024-56605 CVSS scores: * CVE-2024-50125 ( SUSE ): 7.5 CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-50125 ( SUSE ): 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50125 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50125 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50127 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-50127 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50127 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50127 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50279 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-50279 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-50301 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-50301 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-56601 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56601 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56601 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56601 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56605 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56605 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56605 ( NVD ): 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56605 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves six vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_136 fixes several issues. The following security issues were fixed: * CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235231). * CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233708). * CVE-2024-50301: security/keys: fix slab-out-of-bounds in key_task_permission (bsc#1233680). * CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232908). * CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235062). * CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232929). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-2111=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2025-2111=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_136-default-debuginfo-10-150400.2.1 * kernel-livepatch-5_14_21-150400_24_136-default-10-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_32-debugsource-10-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_136-default-debuginfo-10-150400.2.1 * kernel-livepatch-5_14_21-150400_24_136-default-10-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_32-debugsource-10-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2024-50125.html * https://www.suse.com/security/cve/CVE-2024-50127.html * https://www.suse.com/security/cve/CVE-2024-50279.html * https://www.suse.com/security/cve/CVE-2024-50301.html * https://www.suse.com/security/cve/CVE-2024-56601.html * https://www.suse.com/security/cve/CVE-2024-56605.html * https://bugzilla.suse.com/show_bug.cgi?id=1232908 * https://bugzilla.suse.com/show_bug.cgi?id=1232929 * https://bugzilla.suse.com/show_bug.cgi?id=1233680 * https://bugzilla.suse.com/show_bug.cgi?id=1233708 * https://bugzilla.suse.com/show_bug.cgi?id=1235062 * https://bugzilla.suse.com/show_bug.cgi?id=1235231 . Important security patch for the Fedora kernel to mitigate several risks, vital for maintaining system safety.. openSUSE Kernel Patch, Linux Kernel Security, System Threat Management, Suse Updates. . Severity: Important. LinuxSecurity.com Team
Jun 25, 2025
•Important
OpenSUSE
172
security advisorythreatUbuntuUbuntu 22.04 LTS USN-7289-3 Critical: Linux Kernel Security Issues
Several security issues were fixed in the Linux kernel.. ========================================================================== Ubuntu Security Notice USN-7289-3 February 25, 2025 linux-ibm vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-ibm: Linux kernel for IBM cloud systems Details: Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - x86 architecture; - Block layer subsystem; - ACPI drivers; - GPU drivers; - HID subsystem; - I2C subsystem; - IIO ADC drivers; - IIO subsystem; - InfiniBand drivers; - IOMMU subsystem; - IRQ chip drivers; - Multiple devices driver; - Media drivers; - Network drivers; - STMicroelectronics network drivers; - Parport drivers; - Pin controllers subsystem; - Direct Digital Synthesis drivers; - TCM subsystem; - TTY drivers; - USB Dual Role (OTG-ready) Controller drivers; - USB Serial drivers; - USB Type-C support driver; - USB Type-C Connector System Software Interface driver; - BTRFS file system; - File systems infrastructure; - Network file system (NFS) client; - NILFS2 file system; - NTFS3 file system; - SMB network file system; - User-space API (UAPI); - io_uring subsystem; - BPF subsystem; - Timer substystem drivers; - Tracing infrastructure; - Closures library; - Memory management; - Amateur Radio drivers; - Bluetooth subsystem; - Networking core; - IPv4 networking; - MAC80211 subsystem; - Multipath TCP; - Netfilter; - Network traffic control; - SCTP protocol; - XFRM subsystem; - Key management; - FireWire sound drivers; - HD-audio driver; - QCOM ASoC drivers; - STMicroelectronics SoCdrivers; - KVM core; (CVE-2024-50117, CVE-2024-50230, CVE-2024-50131, CVE-2024-50128, CVE-2024-50142, CVE-2024-50141, CVE-2024-50267, CVE-2024-41066, CVE-2024-50236, CVE-2024-50205, CVE-2024-50202, CVE-2024-50209, CVE-2024-50148, CVE-2024-50171, CVE-2024-50074, CVE-2024-50268, CVE-2024-50265, CVE-2024-50160, CVE-2024-50143, CVE-2024-50296, CVE-2024-50101, CVE-2024-50103, CVE-2024-39497, CVE-2024-50151, CVE-2024-50127, CVE-2024-50150, CVE-2024-50229, CVE-2024-50115, CVE-2024-50058, CVE-2024-50292, CVE-2024-50010, CVE-2024-50247, CVE-2024-50110, CVE-2024-53088, CVE-2024-50116, CVE-2024-26718, CVE-2024-53097, CVE-2024-50192, CVE-2024-50234, CVE-2024-41080, CVE-2024-42291, CVE-2024-50195, CVE-2024-40965, CVE-2024-50278, CVE-2024-50290, CVE-2024-50162, CVE-2024-53066, CVE-2024-50085, CVE-2024-50099, CVE-2024-50237, CVE-2024-50156, CVE-2024-50185, CVE-2024-50273, CVE-2024-50302, CVE-2024-50249, CVE-2024-50208, CVE-2024-50232, CVE-2024-50287, CVE-2024-50262, CVE-2024-50194, CVE-2024-40953, CVE-2024-50083, CVE-2024-50082, CVE-2024-53063, CVE-2024-50086, CVE-2024-50193, CVE-2024-50282, CVE-2024-50201, CVE-2024-50134, CVE-2024-53061, CVE-2024-50299, CVE-2024-50279, CVE-2024-50198, CVE-2024-53104, CVE-2024-50244, CVE-2024-50167, CVE-2024-53052, CVE-2024-50196, CVE-2024-50182, CVE-2024-35887, CVE-2024-53042, CVE-2023-52913, CVE-2024-53055, CVE-2024-50301, CVE-2024-42252, CVE-2024-50259, CVE-2024-50218, CVE-2024-50168, CVE-2024-50245, CVE-2024-50163, CVE-2024-50036, CVE-2024-50154, CVE-2024-53059, CVE-2024-50257, CVE-2024-53101, CVE-2024-50295, CVE-2024-50269, CVE-2024-53058, CVE-2024-50072, CVE-2024-50251, CVE-2024-50153, CVE-2024-50233, CVE-2024-50199) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS linux-image-5.15.0-1070-ibm 5.15.0-1070.73 linux-image-ibm 5.15.0.1070.66 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change thekernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7289-3 https://ubuntu.com/security/notices/USN-7289-2 https://ubuntu.com/security/notices/USN-7289-1 CVE-2023-52913, CVE-2024-26718, CVE-2024-35887, CVE-2024-39497, CVE-2024-40953, CVE-2024-40965, CVE-2024-41066, CVE-2024-41080, CVE-2024-42252, CVE-2024-42291, CVE-2024-50010, CVE-2024-50036, CVE-2024-50058, CVE-2024-50072, CVE-2024-50074, CVE-2024-50082, CVE-2024-50083, CVE-2024-50085, CVE-2024-50086, CVE-2024-50099, CVE-2024-50101, CVE-2024-50103, CVE-2024-50110, CVE-2024-50115, CVE-2024-50116, CVE-2024-50117, CVE-2024-50127, CVE-2024-50128, CVE-2024-50131, CVE-2024-50134, CVE-2024-50141, CVE-2024-50142, CVE-2024-50143, CVE-2024-50148, CVE-2024-50150, CVE-2024-50151, CVE-2024-50153, CVE-2024-50154, CVE-2024-50156, CVE-2024-50160, CVE-2024-50162, CVE-2024-50163, CVE-2024-50167, CVE-2024-50168, CVE-2024-50171, CVE-2024-50182, CVE-2024-50185, CVE-2024-50192, CVE-2024-50193, CVE-2024-50194, CVE-2024-50195, CVE-2024-50196, CVE-2024-50198, CVE-2024-50199, CVE-2024-50201, CVE-2024-50202, CVE-2024-50205, CVE-2024-50208, CVE-2024-50209, CVE-2024-50218, CVE-2024-50229, CVE-2024-50230, CVE-2024-50232, CVE-2024-50233, CVE-2024-50234, CVE-2024-50236, CVE-2024-50237, CVE-2024-50244, CVE-2024-50245, CVE-2024-50247, CVE-2024-50249, CVE-2024-50251, CVE-2024-50257, CVE-2024-50259, CVE-2024-50262, CVE-2024-50265, CVE-2024-50267, CVE-2024-50268, CVE-2024-50269, CVE-2024-50273, CVE-2024-50278, CVE-2024-50279, CVE-2024-50282, CVE-2024-50287, CVE-2024-50290, CVE-2024-50292,CVE-2024-50295, CVE-2024-50296, CVE-2024-50299, CVE-2024-50301, CVE-2024-50302, CVE-2024-53042, CVE-2024-53052, CVE-2024-53055, CVE-2024-53058, CVE-2024-53059, CVE-2024-53061, CVE-2024-53063, CVE-2024-53066, CVE-2024-53088, CVE-2024-53097, CVE-2024-53101, CVE-2024-53104 Package Information: https://launchpad.net/ubuntu/+source/linux-ibm/5.15.0-1070.73 . Recent patches addressing numerous vulnerabilities in the Linux kernel for Ubuntu 22.04 LTS on IBM hardware have been released. This update is essential for maintaining system security.. Linux Kernel Fixes, Ubuntu 22.04 LTS, Linux-IBM Security. . Severity: Critical. LinuxSecurity.com Team
Feb 25, 2025
•Critical
Ubuntu
197
security advisoryXSSDebianDebian 8: DLA-2196-1 Moderate: Pound Request Smuggling Threat
An issue has been found in pound, A request smuggling vulnerability was discovered in pound, a everse proxy, load balancer and HTTPS front-end for Web servers, that may allow . Package : pound Version : 2.6-6+deb8u2 CVE ID : CVE-2016-10711 An issue has been found in pound, A request smuggling vulnerability was discovered in pound, a everse proxy, load balancer and HTTPS front-end for Web servers, that may allow attackers to send a specially crafted http request to a web server or reverse proxy while pound may see a different set of requests. This facilitates several possible exploitations, such as partial cache poisoning, bypassing firewall protection and XSS. For Debian 8 "Jessie", this problem has been fixed in version 2.6-6+deb8u2. We recommend that you upgrade your pound packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . A serious security vulnerability in the Pound web server affects Debian LTS users, risking unauthorized access and data leakage through request smuggling. Debian LTS, pound security, request smuggling, exploit mitigation, web server security. . LinuxSecurity.com Team
Apr 30, 2020
Debian LTS
98
security advisorymoderatesecurity issueRed Hat Enterprise Linux 7 RHSA-2016:2597-02 Moderate Firewalld Bug Fix
An update for firewalld is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: firewalld security, bug fix, and enhancement update Advisory ID: RHSA-2016:2597-02 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:2597.html Issue date: 2016-11-03 CVE Names: CVE-2016-5410 ==================================================================== 1. Summary: An update for firewalld is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch Red Hat Enterprise Linux Client Optional (v. 7) - noarch Red Hat Enterprise Linux ComputeNode (v. 7) - noarch Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Enterprise Linux Server Optional (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch 3. Description: firewalld is a firewall service daemon that provides a dynamic customizable firewall with a D-Bus interface. The following packages have been upgraded to a newer upstream version: firewalld (0.4.3.2). (BZ#1302802) Security Fix(es): * A flaw was found in the way firewalld allowed certain firewall configurations to be modified by unauthenticated users. Anylocally logged in user could use this flaw to tamper or change firewall settings. (CVE-2016-5410) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1066037 - firewall-config should allow unspecifying zone binding for interface 1136801 - a rule added into IN_ _allow chain with 'permanent direct' interface doesn't exist after reload 1147500 - RFE: add command to firewall-cmd showing details of a service 1147951 - firewall-cmd should support a default logging option. 1219717 - Add radius TCP to policy. 1220196 - Firewalld missing policies for imap and smtps 1220467 - Option '--quiet' is needed in firewall-offline-cmd command line. 1237242 - Error: RT_TO_PERM_FAILED: zone 'dmz' : ZONE_CONFLICT when doing --runtime-to-permanent 1273296 - [ALL_LANG][firewalld] Translation incomplete 1273888 - Firewalld DefaultZone change breaking on --reload 1281416 - Headless firewall-config over ssh. firewall-config missing dependencies 1285769 - Fails to start without ip6t_rpfilter module 1292926 - firewalld --new-service & malformed xml ?? 1296573 - xsd specification nor service daemon checks whether tags are specified more than once if they must not 1301573 - firewalld reporting errors in logs for failed iptables commands 1302802 - Rebase to the new upstream and new release 1303026 - firewalld - mistake in renders ports remain closed, silently. 1305434 - Firewalld hangs with a NIS configuration 1313023 - command "systemctl reload firewalld" stops firewalld 1313845 - Backport After=dbus.service 1325335 - [RFE] allow negation of icmp-blocks zone configuration field 1326130 - firewalld stops traffic from/to 127.0.0.1 when masquerading is enabled in default zone 1326462 - rich rule with destination and no elementgive error 1347530 - Add port for corosync-qnetd to high-availability service 1349903 - FirewallD fails to parse direct rules with a lot of destination addresses 1357050 - exit codes don't match error messages in firewall-cmd 1360135 - CVE-2016-5410 firewalld: Firewall configuration can be modified by any logged in user 1360894 - Print errors and warnings to stderr 1365198 - firewall-cmd ipset --add-entries-from-file broken 1367038 - firewall-cmd crashes if /run/dbus/system_bus_socket does not exist 1368949 - Trying to get the description for a firewalld zone from command line throws error and prints traceback information. 1371116 - Load helper modules in FirewallZoneTransaction 1373260 - An error in the permanent direct rules will make all other direct rules using a table other than the filter table not applicable. 1374799 - exclude firewallctl from firewalld v0.4.3.2 update 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: firewalld-0.4.3.2-8.el7.src.rpm noarch: firewall-config-0.4.3.2-8.el7.noarch.rpm firewalld-0.4.3.2-8.el7.noarch.rpm firewalld-filesystem-0.4.3.2-8.el7.noarch.rpm python-firewall-0.4.3.2-8.el7.noarch.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: firewall-applet-0.4.3.2-8.el7.noarch.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: firewalld-0.4.3.2-8.el7.src.rpm noarch: firewalld-0.4.3.2-8.el7.noarch.rpm firewalld-filesystem-0.4.3.2-8.el7.noarch.rpm python-firewall-0.4.3.2-8.el7.noarch.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: firewall-applet-0.4.3.2-8.el7.noarch.rpm firewall-config-0.4.3.2-8.el7.noarch.rpm Red Hat Enterprise Linux Server (v. 7): Source: firewalld-0.4.3.2-8.el7.src.rpm noarch: firewall-config-0.4.3.2-8.el7.noarch.rpm firewalld-0.4.3.2-8.el7.noarch.rpm firewalld-filesystem-0.4.3.2-8.el7.noarch.rpm python-firewall-0.4.3.2-8.el7.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: firewall-applet-0.4.3.2-8.el7.noarch.rpm Red Hat Enterprise Linux Workstation (v.7): Source: firewalld-0.4.3.2-8.el7.src.rpm noarch: firewall-config-0.4.3.2-8.el7.noarch.rpm firewalld-0.4.3.2-8.el7.noarch.rpm firewalld-filesystem-0.4.3.2-8.el7.noarch.rpm python-firewall-0.4.3.2-8.el7.noarch.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: firewall-applet-0.4.3.2-8.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2016-5410 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/Red_Hat_Enterprise_Linux/7/html/7.3_Release_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYGvz+XlSAg2UNWIIRAnYNAKC+tOJpkB9nwgqe+K/AaoZBzPX3RQCeM8De T81FpcV1vTa45DoiZC5wdUk=+0pl -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Nov 03, 2016
Red Hat
172
security advisorydenial of servicecriticalUbuntu 15.10 USN-2867-1 Critical: Libvirt Denial Of Service Issues
Several security issues were fixed in libvirt.. =========================================================================Ubuntu Security Notice USN-2867-1 January 12, 2016 libvirt vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.10 - Ubuntu 15.04 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in libvirt. Software Description: - libvirt: Libvirt virtualization toolkit Details: It was discovered that libvirt incorrectly handled the firewall rules on bridge networks when the daemon was restarted. This could result in an unintended firewall configuration. This issue only applied to Ubuntu 12.04 LTS. (CVE-2011-4600) Peter Krempa discovered that libvirt incorrectly handled locking when certain ACL checks failed. A local attacker could use this issue to cause libvirt to stop responding, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS. (CVE-2014-8136) Luyao Huang discovered that libvirt incorrectly handled VNC passwords in shapshot and image files. A remote authenticated user could use this issue to possibly obtain VNC passwords. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-0236) Han Han discovered that libvirt incorrectly handled volume creation failure when used with NFS. A remote authenticated user could use this issue to cause libvirt to crash, resulting in a denial of service. This issue only applied to Ubuntu 15.10. (CVE-2015-5247) Ossi Herrala and Joonas Kuorilehto discovered that libvirt incorrectly performed storage pool name validation. A remote authenticated user could use this issue to bypass ACLs and gain access to unintended files. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.04 and Ubuntu 15.10. (CVE-2015-5313) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.10: libvirt-bin 1.2.16-2ubuntu11.15.10.2 libvirt0 1.2.16-2ubuntu11.15.10.2 Ubuntu 15.04: libvirt-bin 1.2.12-0ubuntu14.4 libvirt0 1.2.12-0ubuntu14.4 Ubuntu 14.04 LTS: libvirt-bin 1.2.2-0ubuntu13.1.16 libvirt0 1.2.2-0ubuntu13.1.16 Ubuntu 12.04 LTS: libvirt-bin 0.9.8-2ubuntu17.23 libvirt0 0.9.8-2ubuntu17.23 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-2867-1 CVE-2011-4600, CVE-2014-8136, CVE-2015-0236, CVE-2015-5247, CVE-2015-5313 Package Information: https://launchpad.net/ubuntu/+source/libvirt/1.2.16-2ubuntu11.15.10.2 https://launchpad.net/ubuntu/+source/libvirt/1.2.12-0ubuntu14.4 https://launchpad.net/ubuntu/+source/libvirt/1.2.2-0ubuntu13.1.16 https://launchpad.net/ubuntu/+source/libvirt/0.9.8-2ubuntu17.23 . Several libvirt vulnerabilities addressed in Ubuntu 15.10 through USN-2867-1, encompassing potential denial of service and access privilege concerns.. libvirt security, Ubuntu 15.10, system update, access control issues. . Severity: Critical. LinuxSecurity.com Team
Jan 12, 2016
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!