Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 0 articles for you...
89
security advisorysecurity updatefedoraFedora 44 php-zumba-json-serializer Security Advisory 2026-ce5f5c292d
Version 3.2.4 Fix serialization of parent class private properties by @Copilot in #71 Fix fatal error when serializing objects with uninitialized typed properties by @Copilot in #68 Version 3.2.3. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-ce5f5c292d 2026-03-07 00:17:58.502071+00:00 -------------------------------------------------------------------------------- Name : php-zumba-json-serializer Product : Fedora 44 Version : 3.2.4 Release : 1.fc44 URL : https://github.com/zumba/json-serializer Summary : Serialize PHP variables Description : This is a library to serialize PHP variables in JSON format. It is similar of the serialize() function in PHP, but the output is a string JSON encoded. You can also unserialize the JSON generated by this tool and have you PHP content back. Autoloader: /usr/share/php/Zumba/JsonSerializer/autoload.php -------------------------------------------------------------------------------- Update Information: Version 3.2.4 Fix serialization of parent class private properties by @Copilot in #71 Fix fatal error when serializing objects with uninitialized typed properties by @Copilot in #68 Version 3.2.3 [Security] Added method to restrict which classes can be unserialized. Security Advisory GHSA-v7m3-fpcr-h7m2 -------------------------------------------------------------------------------- ChangeLog: * Tue Feb 24 2026 Remi Collet - 3.2.4-1 - update to 3.2.4 * Thu Feb 19 2026 Remi Collet - 3.2.3-1 - update to 3.2.3 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-ce5f5c292d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key.More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Mar 07, 2026
Fedora
100
security advisorymoderateupdateSUSE: 2025:20365-1 moderate: s390-tools update for CVE-2025-3416
* bsc#1242622 Cross-References: * CVE-2025-3416 . # Security update for s390-tools Announcement ID: SUSE-SU-2025:20365-1 Release Date: 2025-05-23T07:59:47Z Rating: moderate References: * bsc#1242622 Cross-References: * CVE-2025-3416 CVSS scores: * CVE-2025-3416 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-3416 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-3416 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for s390-tools fixes the following issues: * Revendored vendor.tar.zst (CVE-2025-3416: Fixed use-after-free in Md::fetch and Cipher::fetch in rust-openssl crate (bsc#1242622) * Added the new IBM z17 (9175) processor type The package is built with the new 4096bit RSA secure boot signing key. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-116=1 ## Package List: * SUSE Linux Micro 6.1 (s390x) * libekmfweb1-debuginfo-2.31.0-slfo.1.1_2.1 * libkmipclient1-debuginfo-2.31.0-slfo.1.1_2.1 * libkmipclient1-2.31.0-slfo.1.1_2.1 * s390-tools-2.31.0-slfo.1.1_2.1 * s390-tools-debugsource-2.31.0-slfo.1.1_2.1 * s390-tools-debuginfo-2.31.0-slfo.1.1_2.1 * libekmfweb1-2.31.0-slfo.1.1_2.1 * SUSE Linux Micro 6.1 (noarch) * s390-tools-genprotimg-data-2.31.0-slfo.1.1_2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-3416.html * https://bugzilla.suse.com/show_bug.cgi?id=1242622 . Patch released for s390-tools addresses key vulnerabilities, particularly CVE-2025-3425, impacting SUSE Linux Micro.. SUSE Security Update, s390-tools Patch, Linux Micro Update, CVE-2025-3416 Fix, IBM z17Processor. . LinuxSecurity.com Team
Jun 02, 2025
SuSE
100
security advisorysoftware updateimportantSUSE: 2024:1861-1 Important: Python3-Sqlparse Denial-of-Service Fix
* bsc#1223603 Cross-References: * CVE-2024-4340 . # Security update for python3-sqlparse Announcement ID: SUSE-SU-2024:1861-1 Rating: important References: * bsc#1223603 Cross-References: * CVE-2024-4340 CVSS scores: * CVE-2024-4340 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * Basesystem Module 15-SP6 * openSUSE Leap 15.3 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python3-sqlparse fixes the following issues: * CVE-2024-4340: Fixed RecursionError catch to avoid a denial-of-service issue (bsc#1223603). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaSTonline_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-1861=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-1861=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-1861=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-1861=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-1861=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1861=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1861=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1861=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-1861=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1861=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-1861=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1861=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-1861=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2024-1861=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-1861=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-1861=1 ## Package List: * openSUSE Leap 15.3 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * openSUSE Leap 15.5(noarch) * python3-sqlparse-0.4.2-150300.12.1 * Basesystem Module 15-SP5 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * Basesystem Module 15-SP6 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * SUSE Manager Proxy 4.3 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * SUSE Manager Retail Branch Server 4.3 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * SUSE Manager Server 4.3 (noarch) * python3-sqlparse-0.4.2-150300.12.1 * SUSE Enterprise Storage 7.1 (noarch) * python3-sqlparse-0.4.2-150300.12.1 ## References: * https://www.suse.com/security/cve/CVE-2024-4340.html * https://bugzilla.suse.com/show_bug.cgi?id=1223603 . Critical advisory for python3-sqlparse addresses denial-of-service flaw. Update now!. python3 sqlparse update, SUSE security advisory, denials of service, software patch. . Severity: Important. LinuxSecurity.com Team
Aug 19, 2024
•Important
SuSE
217
security advisorysecurity updatecritical patchOracle Linux 8 ELSA-2022-7089 Critical Libksba Security Update
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2022-7089 https://linux.oracle.com/errata/ELSA-2022-7089.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: libksba-1.3.5-8.el8_6.i686.rpm libksba-1.3.5-8.el8_6.x86_64.rpm libksba-devel-1.3.5-8.el8_6.i686.rpm libksba-devel-1.3.5-8.el8_6.x86_64.rpm aarch64: libksba-1.3.5-8.el8_6.aarch64.rpm libksba-devel-1.3.5-8.el8_6.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol8/SRPMS-updates/libksba-1.3.5-8.el8_6.src.rpm Related CVEs: CVE-2022-3515 Description of changes: [1.3.5-8] - Fix for CVE-2022-3515 (#2135702) _______________________________________________ El-errata mailing list
Oct 25, 2022
•Critical
Oracle
100
security advisoryupdateimportantSUSE Linux Enterprise 12-SP2: 2022:2077-1 Important Kernel Fix
An update that solves 29 vulnerabilities and has two fixes is now available. . SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2077-1 Rating: important References: #1055710 #1065729 #1084513 #1087082 #1126703 #1158266 #1173265 #1182171 #1183646 #1183723 #1187055 #1191647 #1196426 #1197343 #1198031 #1198032 #1198516 #1198577 #1198660 #1198687 #1198742 #1199012 #1199063 #1199426 #1199505 #1199507 #1199605 #1199650 #1200143 #1200144 #1200249 Cross-References: CVE-2017-13695 CVE-2018-20784 CVE-2018-7755 CVE-2019-19377 CVE-2020-10769 CVE-2021-20292 CVE-2021-20321 CVE-2021-28688 CVE-2021-33061 CVE-2021-38208 CVE-2022-1011 CVE-2022-1184 CVE-2022-1353 CVE-2022-1419 CVE-2022-1516 CVE-2022-1652 CVE-2022-1729 CVE-2022-1734 CVE-2022-1974 CVE-2022-1975 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-21499 CVE-2022-28388 CVE-2022-28390 CVE-2022-30594 CVSS scores: CVE-2017-13695 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2017-13695 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2018-20784 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-20784 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-7755 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2018-7755 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2019-19377 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-19377 (SUSE): 7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-10769 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-10769 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-20292 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-20292 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-20321 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-20321 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28688 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28688 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-33061 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33061 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-38208 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-38208 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1184 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1353 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-1353 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2022-1419 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1419 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-1516 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1516 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1652 (NVD) : 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1729 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVE-2022-1734 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1974 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-1975 (SUSE): 4.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-21127 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21180 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21499 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H CVE-2022-21499 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-28388 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28388 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-28390 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves 29 vulnerabilities and has two fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 kernel was updated. The following security bugs were fixed: - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel (bnc#1198031). - CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel (bnc#1198032). - CVE-2018-20784: Fixed a denial of service (infinite loop in update_blocked_averages) by mishandled leaf cfs_rq in kernel/sched/fair.c (bnc#1126703). - CVE-2018-7755: Fixed an issue in the fd_locked_ioctl function in drivers/block/floppy.c. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR (bnc#1084513). - CVE-2020-10769: Fixed a buffer over-read flaw in the IPsec Cryptographic algorithm's module. This flaw allowed a local attacker with user privileges to cause a denial of service. (bnc#1173265) - CVE-2021-28688: Fixed XSA-365 that includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains (bnc#1183646). - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transientwhich can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux kernel by simulating nfc device from user-space. (bsc#1200143) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144) - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266) - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2017-13695: Fixed a bug that caused a stack dump allowing local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted ACPI table. (bnc#1055710) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-21499: Reinforce the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb. (bsc#1199426) - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticateduser to potentially enable denial of service via local access (bnc#1196426). - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012). - CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647). - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055). - CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c. (bnc#1198516) - CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723). - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343) The following non-security bugs were fixed: - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - powerpc/pseries: extract host bridge from pci_bus prior to bus removal (bsc#1182171 ltc#190900 bsc#1198660 ltc#197803). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729 bsc#1198660 ltc#197803). - x86/speculation: Fix redundant MDS mitigation message (bsc#1199650). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patchSUSE-SLE-SERVER-12-SP2-BCL-2022-2077=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): kernel-default-4.4.121-92.175.2 kernel-default-base-4.4.121-92.175.2 kernel-default-base-debuginfo-4.4.121-92.175.2 kernel-default-debuginfo-4.4.121-92.175.2 kernel-default-debugsource-4.4.121-92.175.2 kernel-default-devel-4.4.121-92.175.2 kernel-syms-4.4.121-92.175.2 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): kernel-devel-4.4.121-92.175.2 kernel-macros-4.4.121-92.175.2 kernel-source-4.4.121-92.175.2 References: https://www.suse.com/security/cve/CVE-2017-13695.html https://www.suse.com/security/cve/CVE-2018-20784.html https://www.suse.com/security/cve/CVE-2018-7755.html https://www.suse.com/security/cve/CVE-2019-19377.html https://www.suse.com/security/cve/CVE-2020-10769.html https://www.suse.com/security/cve/CVE-2021-20292.html https://www.suse.com/security/cve/CVE-2021-20321.html https://www.suse.com/security/cve/CVE-2021-28688.html https://www.suse.com/security/cve/CVE-2021-33061.html https://www.suse.com/security/cve/CVE-2021-38208.html https://www.suse.com/security/cve/CVE-2022-1011.html https://www.suse.com/security/cve/CVE-2022-1184.html https://www.suse.com/security/cve/CVE-2022-1353.html https://www.suse.com/security/cve/CVE-2022-1419.html https://www.suse.com/security/cve/CVE-2022-1516.html https://www.suse.com/security/cve/CVE-2022-1652.html https://www.suse.com/security/cve/CVE-2022-1729.html https://www.suse.com/security/cve/CVE-2022-1734.html https://www.suse.com/security/cve/CVE-2022-1974.html https://www.suse.com/security/cve/CVE-2022-1975.html https://www.suse.com/security/cve/CVE-2022-21123.html https://www.suse.com/security/cve/CVE-2022-21125.html https://www.suse.com/security/cve/CVE-2022-21127.html https://www.suse.com/security/cve/CVE-2022-21166.html https://www.suse.com/security/cve/CVE-2022-21180.html https://www.suse.com/security/cve/CVE-2022-21499.html https://www.suse.com/security/cve/CVE-2022-28388.html https://www.suse.com/security/cve/CVE-2022-28390.html https://www.suse.com/security/cve/CVE-2022-30594.html https://bugzilla.suse.com/1055710 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1084513 https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1126703 https://bugzilla.suse.com/1158266 https://bugzilla.suse.com/1173265 https://bugzilla.suse.com/1182171 https://bugzilla.suse.com/1183646 https://bugzilla.suse.com/1183723 https://bugzilla.suse.com/1187055 https://bugzilla.suse.com/1191647 https://bugzilla.suse.com/1196426 https://bugzilla.suse.com/1197343 https://bugzilla.suse.com/1198031 https://bugzilla.suse.com/1198032 https://bugzilla.suse.com/1198516 https://bugzilla.suse.com/1198577 https://bugzilla.suse.com/1198660 https://bugzilla.suse.com/1198687 https://bugzilla.suse.com/1198742 https://bugzilla.suse.com/1199012 https://bugzilla.suse.com/1199063 https://bugzilla.suse.com/1199426 https://bugzilla.suse.com/1199505 https://bugzilla.suse.com/1199507 https://bugzilla.suse.com/1199605 https://bugzilla.suse.com/1199650 https://bugzilla.suse.com/1200143 https://bugzilla.suse.com/1200144 https://bugzilla.suse.com/1200249 . SUSE Security Patch for the Linux Kernel: Notification SUSE-SU-2022:2078-1 reinforces security by addressing multiple vulnerabilities.. SUSE Linux Kernel Security Update, Linux Kernel Patches, Linux Security Fixes. . Severity: Important. LinuxSecurity.com Team
Jun 14, 2022
•Important
SuSE
100
security advisorysoftware updatepatchSUSE: 2020:3003-1 Low Severity: Mercurial Security Vulnerability Resolved
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for mercurial ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3003-1 Rating: low References: #1133035 Cross-References: CVE-2019-3902 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for mercurial fixes the following issues: Security issue fixed: - CVE-2019-3902: Fixed incorrect patch-checking with symlinks and subrepos (bsc#1133035). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-3003=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): mercurial-2.8.2-15.18.4 mercurial-debuginfo-2.8.2-15.18.4 mercurial-debugsource-2.8.2-15.18.4 References: https://www.suse.com/security/cve/CVE-2019-3902.html https://bugzilla.suse.com/1133035 . SUSE Security Patch for mercurial: addresses a security concern with a minimal severity score. Follow the provided guidance for the update.. SUSE Security Update, Mercurial Patch, Low Severity Fix, Software Security Advisory. . Severity: Low. LinuxSecurity.com Team
Oct 22, 2020
•Low
SuSE
100
security advisorySUSE Linux Enterprisephp7SUSE Linux Enterprise 15-SP1: 2020:2455-1 Moderate: php7 Threat Fix
An update that solves one vulnerability and has two fixes is now available. . SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2455-1 Rating: moderate References: #1173786 #1174010 #1175223 Cross-References: CVE-2020-7068 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for php7 fixes the following issues: - CVE-2020-7068: Use of freed hash key in the phar_parse_zipfile function (bsc#1175223). - Do not install outdated README.SUSE (bsc#1174010). - Added tmpfiles.d for php-fpm to provide a base for a socket (bsc#1173786). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP1: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP1-2020-2455=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-2455=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.2.5-4.61.1 apache2-mod_php7-debuginfo-7.2.5-4.61.1 php7-7.2.5-4.61.1 php7-bcmath-7.2.5-4.61.1 php7-bcmath-debuginfo-7.2.5-4.61.1 php7-bz2-7.2.5-4.61.1 php7-bz2-debuginfo-7.2.5-4.61.1 php7-calendar-7.2.5-4.61.1 php7-calendar-debuginfo-7.2.5-4.61.1 php7-ctype-7.2.5-4.61.1 php7-ctype-debuginfo-7.2.5-4.61.1 php7-curl-7.2.5-4.61.1 php7-curl-debuginfo-7.2.5-4.61.1 php7-dba-7.2.5-4.61.1 php7-dba-debuginfo-7.2.5-4.61.1 php7-debuginfo-7.2.5-4.61.1 php7-debugsource-7.2.5-4.61.1 php7-devel-7.2.5-4.61.1 php7-dom-7.2.5-4.61.1 php7-dom-debuginfo-7.2.5-4.61.1 php7-enchant-7.2.5-4.61.1 php7-enchant-debuginfo-7.2.5-4.61.1 php7-exif-7.2.5-4.61.1 php7-exif-debuginfo-7.2.5-4.61.1 php7-fastcgi-7.2.5-4.61.1 php7-fastcgi-debuginfo-7.2.5-4.61.1 php7-fileinfo-7.2.5-4.61.1 php7-fileinfo-debuginfo-7.2.5-4.61.1 php7-fpm-7.2.5-4.61.1 php7-fpm-debuginfo-7.2.5-4.61.1 php7-ftp-7.2.5-4.61.1 php7-ftp-debuginfo-7.2.5-4.61.1 php7-gd-7.2.5-4.61.1 php7-gd-debuginfo-7.2.5-4.61.1 php7-gettext-7.2.5-4.61.1 php7-gettext-debuginfo-7.2.5-4.61.1 php7-gmp-7.2.5-4.61.1 php7-gmp-debuginfo-7.2.5-4.61.1 php7-iconv-7.2.5-4.61.1 php7-iconv-debuginfo-7.2.5-4.61.1 php7-intl-7.2.5-4.61.1 php7-intl-debuginfo-7.2.5-4.61.1 php7-json-7.2.5-4.61.1 php7-json-debuginfo-7.2.5-4.61.1 php7-ldap-7.2.5-4.61.1 php7-ldap-debuginfo-7.2.5-4.61.1 php7-mbstring-7.2.5-4.61.1 php7-mbstring-debuginfo-7.2.5-4.61.1 php7-mysql-7.2.5-4.61.1 php7-mysql-debuginfo-7.2.5-4.61.1 php7-odbc-7.2.5-4.61.1 php7-odbc-debuginfo-7.2.5-4.61.1 php7-opcache-7.2.5-4.61.1 php7-opcache-debuginfo-7.2.5-4.61.1 php7-openssl-7.2.5-4.61.1 php7-openssl-debuginfo-7.2.5-4.61.1 php7-pcntl-7.2.5-4.61.1 php7-pcntl-debuginfo-7.2.5-4.61.1 php7-pdo-7.2.5-4.61.1 php7-pdo-debuginfo-7.2.5-4.61.1 php7-pgsql-7.2.5-4.61.1 php7-pgsql-debuginfo-7.2.5-4.61.1 php7-phar-7.2.5-4.61.1 php7-phar-debuginfo-7.2.5-4.61.1 php7-posix-7.2.5-4.61.1 php7-posix-debuginfo-7.2.5-4.61.1 php7-readline-7.2.5-4.61.1 php7-readline-debuginfo-7.2.5-4.61.1 php7-shmop-7.2.5-4.61.1 php7-shmop-debuginfo-7.2.5-4.61.1 php7-snmp-7.2.5-4.61.1 php7-snmp-debuginfo-7.2.5-4.61.1 php7-soap-7.2.5-4.61.1 php7-soap-debuginfo-7.2.5-4.61.1 php7-sockets-7.2.5-4.61.1 php7-sockets-debuginfo-7.2.5-4.61.1 php7-sodium-7.2.5-4.61.1 php7-sodium-debuginfo-7.2.5-4.61.1 php7-sqlite-7.2.5-4.61.1 php7-sqlite-debuginfo-7.2.5-4.61.1 php7-sysvmsg-7.2.5-4.61.1 php7-sysvmsg-debuginfo-7.2.5-4.61.1 php7-sysvsem-7.2.5-4.61.1 php7-sysvsem-debuginfo-7.2.5-4.61.1 php7-sysvshm-7.2.5-4.61.1 php7-sysvshm-debuginfo-7.2.5-4.61.1 php7-tidy-7.2.5-4.61.1 php7-tidy-debuginfo-7.2.5-4.61.1 php7-tokenizer-7.2.5-4.61.1 php7-tokenizer-debuginfo-7.2.5-4.61.1 php7-wddx-7.2.5-4.61.1 php7-wddx-debuginfo-7.2.5-4.61.1 php7-xmlreader-7.2.5-4.61.1 php7-xmlreader-debuginfo-7.2.5-4.61.1 php7-xmlrpc-7.2.5-4.61.1 php7-xmlrpc-debuginfo-7.2.5-4.61.1 php7-xmlwriter-7.2.5-4.61.1 php7-xmlwriter-debuginfo-7.2.5-4.61.1 php7-xsl-7.2.5-4.61.1 php7-xsl-debuginfo-7.2.5-4.61.1 php7-zip-7.2.5-4.61.1 php7-zip-debuginfo-7.2.5-4.61.1 php7-zlib-7.2.5-4.61.1 php7-zlib-debuginfo-7.2.5-4.61.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP1 (noarch): php7-pear-7.2.5-4.61.1 php7-pear-Archive_Tar-7.2.5-4.61.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (aarch64 ppc64le s390x x86_64): php7-debuginfo-7.2.5-4.61.1 php7-debugsource-7.2.5-4.61.1 php7-embed-7.2.5-4.61.1 php7-embed-debuginfo-7.2.5-4.61.1 References: https://www.suse.com/security/cve/CVE-2020-7068.html https://bugzilla.suse.com/1173786 https://bugzilla.suse.com/1174010 https://bugzilla.suse.com/1175223 _______________________________________________ sle-security-updates mailing list
Sep 02, 2020
SuSE
89
security advisoryupdatecriticalFedora 30: FEDORA-2019-83c570c2eb Critical: Thunderbird Client Update
- New upstream version (60.8.0). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-83c570c2eb 2019-07-13 01:06:05.995909 --------------------------------------------------------------------------------Name : thunderbird Product : Fedora 30 Version : 60.8.0 Release : 1.fc30 URL : https://wiki.mozilla.org/Thunderbird:Home_Page Summary : Mozilla Thunderbird mail/newsgroup client Description : Mozilla Thunderbird is a standalone mail and newsgroup client. --------------------------------------------------------------------------------Update Information: - New upstream version (60.8.0) --------------------------------------------------------------------------------ChangeLog: * Wed Jul 10 2019 Martin Stransky - 60.8.0-1 - Update to 60.8.0 * Fri Jun 21 2019 Jan Horak - 60.7.2-2 - Update to 60.7.2 build 2 * Thu Jun 20 2019 Jan Horak - 60.7.2-1 - Update to 60.7.2 * Tue Jun 18 2019 Jan Horak - 60.7.1-1 - Update to 60.7.1 * Mon May 20 2019 Martin Stransky - 60.7.0-1 - Update to 60.7.0 * Wed May 15 2019 Martin Stransky - 60.6.1-5 - Fixed startup crashes (rhbz#1709373, rhbz#1685276, rhbz#1708611) * Fri Apr 12 2019 Martin Stransky - 60.6.1-4 - Addef fix for mozbz#1508378 * Wed Apr 3 2019 Martin Stransky - 60.6.1-3 - Added fixes for mozbz#1526243, mozbz#1540145, mozbz#526293 * Tue Mar 26 2019 Martin Stransky - 60.6.1-2 - Added rawhide build fix --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-83c570c2eb' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jul 12, 2019
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!