Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
172
security advisorymoderatedenial of serviceUbuntu 22.04 LTS: 6373-1 Moderate: gawk Denial of Service
gawk could be made to crash if it received specially crafted input.. ========================================================================== Ubuntu Security Notice USN-6373-1 September 14, 2023 gawk vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) - Ubuntu 14.04 LTS (Available with Ubuntu Pro) Summary: gawk could be made to crash if it received specially crafted input. Software Description: - gawk: GNU awk, a pattern scanning and processing language Details: It was discovered that gawk could be made to read out of bounds when processing certain inputs. If a user or an automated system were tricked into opening a specially crafted input, an attacker could possibly use this issue to cause a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: gawk 1:5.1.0-1ubuntu0.1 Ubuntu 20.04 LTS: gawk 1:5.0.1+dfsg-1ubuntu0.1 Ubuntu 18.04 LTS (Available with Ubuntu Pro): gawk 1:4.1.4+dfsg-1ubuntu0.1~esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): gawk 1:4.1.3+dfsg-0.1ubuntu0.1~esm1 Ubuntu 14.04 LTS (Available with Ubuntu Pro): gawk 1:4.0.1+dfsg-2.1ubuntu2+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6373-1 CVE-2023-4156 Package Information: https://launchpad.net/ubuntu/+source/gawk/1:5.1.0-1ubuntu0.1 https://launchpad.net/ubuntu/+source/gawk/1:5.0.1+dfsg-1ubuntu0.1 . Patch released to resolve gawk instability that may result in denial of service vulnerabilities across various Ubuntu editions.. gawk vulnerability, Ubuntu update, Denial of Service risk. . Severity: Important. LinuxSecurity.com Team
Sep 14, 2023
•Important
Ubuntu
100
security advisorymoderate severitypatchSUSE 5.1 Toolbox Security Update SUSE-CU-2023:2863-1 Moderate Threats
The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2863-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.451 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.451 Severity : moderate Type : security References : 1103893 1112183 1158763 1210740 1213231 1213557 1213673 1214025 1214071 1214290 CVE-2023-4016 CVE-2023-4156 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3440-1 Released: Mon Aug 28 08:57:10 2023 Summary: Security update for gawk Type: security Severity: low References: 1214025,CVE-2023-4156 This update for gawk fixes the following issues: - CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3466-1 Released: Tue Aug 29 07:33:16 2023 Summary: Recommended update for icu Type: recommended Severity: moderate References: 1103893,1112183 This update for icu fixes the following issues: - Japanese era Reiwa (bsc#1112183, bsc#1103893, fate570, fate#325570, fate#325419) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3472-1 Released: Tue Aug 29 10:55:16 2023 Summary: Security update for procps Type: security Severity: low References: 1214290,CVE-2023-4016 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow(bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3487-1 Released: Tue Aug 29 14:28:35 2023 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1214071 This update for lvm2 fixes the following issues: - blkdeactivate calls wrong mountpoint cmd (bsc#1214071) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3515-1 Released: Fri Sep 1 15:54:25 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1158763,1210740,1213231,1213557,1213673 This update for libzypp, zypper fixes the following issues: - Fix occasional isue with downloading very small files (bsc#1213673) - Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231) - Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763) - Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740) - Revised explanation of --force-resolution in man page (bsc#1213557) - Print summary hint if policies were violated due to --force-resolution (bsc#1213557) The following package changes have been done: - gawk-4.2.1-150000.3.3.1 updated - libdevmapper1_03-2.03.05_1.02.163-150200.8.52.1 updated - libicu-suse65_1-65.1-150200.4.8.1 updated - libicu65_1-ledata-65.1-150200.4.8.1 updated - libprocps7-3.3.15-150000.7.34.1 updated - libzypp-17.31.20-150200.75.1 updated - procps-3.3.15-150000.7.34.1 updated - zypper-1.14.63-150200.59.1 updated - container:sles15-image-15.0.0-17.20.177 updated . Debian upgrades for debian/bullseye/11.6/consoles feature critical fixes for essential utilities such as sed and net-tools.. SUSE Container Update, Toolbox Security, Gawk Update, Procps Patch. . LinuxSecurity.com Team
Sep 06, 2023
SuSE
100
security advisorymoderateopensslSUSE: 2023:2858-1 Moderate: Update For Toolbox Container Security
The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2858-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.201 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.201 Severity : moderate Type : security References : 1103893 1112183 1158763 1186606 1194609 1201519 1204844 1208194 1209741 1210702 1210740 1211576 1212434 1213185 1213231 1213517 1213557 1213575 1213673 1213853 1213873 1214025 1214071 1214290 CVE-2023-3817 CVE-2023-4016 CVE-2023-4156 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3397-1 Released: Wed Aug 23 18:35:56 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213517,1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) - Don't pass zero length input to EVP_Cipher because s390x assembler optimized AES cannot handle zero size. (bsc#1213517) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service(bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3440-1 Released: Mon Aug 28 08:57:10 2023 Summary: Security update for gawk Type: security Severity: low References: 1214025,CVE-2023-4156 This update for gawk fixes the following issues: - CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters (bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3466-1 Released: Tue Aug 29 07:33:16 2023 Summary: Recommended update for icu Type: recommended Severity: moderate References: 1103893,1112183 This update for icu fixes the following issues: - Japanese era Reiwa (bsc#1112183, bsc#1103893, fate570, fate#325570, fate#325419) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3472-1 Released: Tue Aug 29 10:55:16 2023 Summary: Security update for procps Type: security Severity: low References: 1214290,CVE-2023-4016 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3486-1 Released: Tue Aug 29 14:25:23 2023 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1214071 This update for lvm2 fixes the following issues: - blkdeactivate calls wrong mountpoint cmd (bsc#1214071) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3514-1 Released: Fri Sep 1 15:48:52 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1158763,1210740,1213231,1213557,1213673 This update for libzypp, zypper fixes the following issues: - Fix occasional isue with downloading very small files (bsc#1213673) - Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231) - Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763) - Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740) - Revised explanation of --force-resolution in man page (bsc#1213557) - Print summary hint if policies were violated due to --force-resolution (bsc#1213557) The following package changes have been done: - gawk-4.2.1-150000.3.3.1 updated - libaudit1-3.0.6-150400.4.13.1 updated - libdevmapper1_03-2.03.05_1.02.163-150400.188.1 updated - libicu-suse65_1-65.1-150200.4.8.1 updated - libicu65_1-ledata-65.1-150200.4.8.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.53.1 updated - libopenssl1_1-1.1.1l-150400.7.53.1 updated - libprocps7-3.3.15-150000.7.34.1 updated - libsystemd0-249.16-150400.8.33.1 updated - libudev1-249.16-150400.8.33.1 updated - libzypp-17.31.20-150400.3.40.1 updated - openssl-1_1-1.1.1l-150400.7.53.1 updated - procps-3.3.15-150000.7.34.1 updated - systemd-249.16-150400.8.33.1 updated - zypper-1.14.63-150400.3.29.1 updated - container:sles15-image-15.0.0-27.14.94 updated . SUSE MicroOSContainer Update Notice for suse/microos/5.3/cli-toolbox provides enhancements for gnutls, sed, and additional packages.. SUSE Container Update, Toolbox Security Patch, Openssl Issues, Systemd Fix. . LinuxSecurity.com Team
Sep 06, 2023
SuSE
89
security advisorysoftware updateFedora CoreFedora Core 4 Gawk Update Resolves Regex Issue Severity: Moderate
Updated package.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2006-128 2006-02-24 ---------------------------------------------------------------------Product : Fedora Core 4 Name : gawk Version : 3.1.4 Release : 5.4 Summary : The GNU version of the awk text processing utility. Description : The gawk packages contains the GNU version of awk, a text processing utility. Awk interprets a special-purpose programming language to do quick and easy text pattern matching and reformatting jobs. Install the gawk package if you need a text processing utility. Gawk is considered to be a standard Linux tool for processing text. ---------------------------------------------------------------------* Fri Feb 24 2006 Karel Zak 3.1.4-5.4 - fix #174551 - regular expressions fail if srand() is used (backport random.c from 3.1.5) ---------------------------------------------------------------------This update can be downloaded from: 71dfa7028e16feec4959781ff8e11a56b3d32afb SRPMS/gawk-3.1.4-5.4.src.rpm c152be64a24bb4df4e20350d6ea27505b9a2d98c ppc/gawk-3.1.4-5.4.ppc.rpm aa41eb7b308ee246e454a3209e14fd40f0eb7be9 ppc/debug/gawk-debuginfo-3.1.4-5.4.ppc.rpm 6250a9d6d6bd21d649b3bb6948552ff8297fdfde x86_64/gawk-3.1.4-5.4.x86_64.rpm 161253b27f80c78c1bddcb92a914a2f07ab7dfd5 x86_64/debug/gawk-debuginfo-3.1.4-5.4.x86_64.rpm c9ecf784e8bbe05d4abc6b881c368782117bd984 i386/gawk-3.1.4-5.4.i386.rpm e91f24af879b0257d0dc2eee4fb174c805eab6b8 i386/debug/gawk-debuginfo-3.1.4-5.4.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at . ----------------------------------------------------------------------- fedora-announce-list mailing list
Feb 24, 2006
Fedora
89
security advisoryupdateFedora CoreFedora Core 4: Gawk Update 5.2 Critical: Text Processing Issues Resolved
Updated package.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-430 2005-06-17 ---------------------------------------------------------------------Product : Fedora Core 4 Name : gawk Version : 3.1.4 Release : 5.2 Summary : The GNU version of the awk text processing utility. Description : The gawk packages contains the GNU version of awk, a text processing utility. Awk interprets a special-purpose programming language to do quick and easy text pattern matching and reformatting jobs. Install the gawk package if you need a text processing utility. Gawk is considered to be a standard Linux tool for processing text. ---------------------------------------------------------------------* Thu Jun 16 2005 Karel Zak 3.1.4-5.2 - improved gawk-3.1.4-locale.patch * Wed Jun 15 2005 Karel Zak 3.1.4-5.1 - fix #160421 - crash when using non-decimal data in command line parameters ---------------------------------------------------------------------This update can be downloaded from: 46fd2e2fe3801a611da3d2dcda67e6cd SRPMS/gawk-3.1.4-5.2.src.rpm 1b22f58a4cbb620a05f5879691a20395 ppc/gawk-3.1.4-5.2.ppc.rpm 76dccd3ab9490235ea0bbf74a5bf0403 ppc/debug/gawk-debuginfo-3.1.4-5.2.ppc.rpm 6a1168efcdbcd14cdf4f05b336046105 x86_64/gawk-3.1.4-5.2.x86_64.rpm d6a54770a792f2dc175e7b6a6bfeeeec x86_64/debug/gawk-debuginfo-3.1.4-5.2.x86_64.rpm 706b102b38e2dc4d162ac8632db3a2ae i386/gawk-3.1.4-5.2.i386.rpm 7b21ea5411b26cd91e2d7dd8c9e1ac00 i386/debug/gawk-debuginfo-3.1.4-5.2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. -----------------------------------------------------------------------fedora-announce-list mailing list
Jun 17, 2005
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!