Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
89
security advisorycriticalFedoraFedora 41: glibc 2025-e489437b3d critical: string clobber DoS
This update contains the following bug fixes and enhancements: * String function register clobbers specific to POWER10 machines (CVE-2025-5702, CVE-2025-5745). * Crashes in TLS management when auditors are used (rhbz#2330213) * Optimizations for x86-64 CPUs. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-e489437b3d 2025-06-25 01:42:08.365150+00:00 -------------------------------------------------------------------------------- Name : glibc Product : Fedora 41 Version : 2.40 Release : 26.fc41 URL : http://www.gnu.org/software/glibc/ Summary : The GNU libc libraries Description : The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. -------------------------------------------------------------------------------- Update Information: This update contains the following bug fixes and enhancements: * String function register clobbers specific to POWER10 machines (CVE-2025-5702, CVE-2025-5745). * Crashes in TLS management when auditors are used (rhbz#2330213) * Optimizations for x86-64 CPUs * Optimizations for AArch64 CPUs -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 21 2025 Florian Weimer - 2.40-26 - Remove glibc-rh1889892-*.patch, now backported upstream. - Auto-sync with upstream branch release/2.40/master, commit dbc83657e290bdad3245259be80fb84cbe10304c: - ppc64le: Revert "powerpc: Optimized strcmp for power10" (CVE-2025-5702) - ppc64le: Revert "powerpc : Add optimized memchr for POWER10" (Bug 33059) - ppc64le: Revert "powerpc: Fixperformance issues of strcmp power10" (CVE-2025-5702) - ppc64le: Revert "powerpc: Optimized strncmp for power10" (CVE-2025-5745) - elf: Keep using minimal malloc after early DTV resize (bug 32412) - libio: Fix a deadlock after fork in popen - x86: Detect Intel Diamond Rapids - x86: Handle unknown Intel processor with default tuning - x86: Add ARL/PTL/CWF model detection support - x86: Optimize xstate size calculation - x86: Use `Avoid_Non_Temporal_Memset` to control non-temporal path - x86: Use separate variable for TLSDESC XSAVE/XSAVEC state size (bug 32810) - x86: Skip XSAVE state size reset if ISA level requires XSAVE - x86_64: Add atanh with FMA - x86_64: Add sinh with FMA - x86_64: Add tanh with FMA - nptl: clear the whole rseq area before registration - math: Improve layout of exp/exp10 data - AArch64: Use prefer_sve_ifuncs for SVE memset - AArch64: Add SVE memset - math: Improve layout of expf data - AArch64: Remove zva_128 from memset - AArch64: Optimize memset - AArch64: Improve generic strlen - AArch64: Improve codegen for SVE powf - AArch64: Improve codegen for SVE pow - AArch64: Improve codegen for SVE erfcf - Aarch64: Improve codegen in SVE exp and users, and update expf_inline - Aarch64: Improve codegen in SVE asinh - AArch64: Improve codegen in SVE expm1f and users - AArch64: Improve codegen for SVE log1pf users - AArch64: Improve codegen for SVE logs - AArch64: Improve codegen in SVE tans - AArch64: Improve codegen in AdvSIMD asinh - AArch64: Improve codegen of AdvSIMD expf family - AArch64: Improve codegen of AdvSIMD atan(2)(f) - AArch64: Improve codegen of AdvSIMD logf function family - AArch64: Improve codegen in users of ADVSIMD log1p helper - AArch64: Improve codegen in AdvSIMD logs - AArch64: Improve codegen in AdvSIMD pow - AArch64: Remove SVE erf and erfc tables - AArch64: Small optimisation in AdvSIMD erf and erfc - AArch64: Simplify rounding-multiply pattern in several AdvSIMD routines - AArch64: Improve codegen in users of ADVSIMD expm1fhelper - AArch64: Improve codegen in users of AdvSIMD log1pf helper - AArch64: Improve codegen in SVE F32 logs - AArch64: Improve codegen in SVE expf & related routines - aarch64: Avoid redundant MOVs in AdvSIMD F32 logs - math: Add optimization barrier to ensure a1 + u.d is not reused [BZ #30664] -------------------------------------------------------------------------------- References: [ 1 ] Bug #2330213 - ld.so calls realloc on a DTV which wasn't allocated with malloc https://bugzilla.redhat.com/show_bug.cgi?id=2330213 [ 2 ] Bug #2370506 - CVE-2025-5702 glibc: From CVEorg collector [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2370506 [ 3 ] Bug #2370511 - CVE-2025-5745 glibc: From CVEorg collector [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2370511 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-e489437b3d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jun 25, 2025
•Critical
Fedora
100
security advisorymoderatebuffer overflowSUSE: 2023:900-1 Moderate: glibc Buffer Overflow in bci/bci-busybox
The container bci/bci-busybox was updated. The following patches have been included in this update:. SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:900-1 Container Tags : bci/bci-busybox:15.4 , bci/bci-busybox:15.4.15.3 , bci/bci-busybox:latest Container Release : 15.3 Severity : moderate Type : security References : 1207571 1207957 1207975 1208358 CVE-2023-0687 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated . The container bci/bci-nginx has received security patches in response to CVE-2023-0723, including enhancements for the openssl library and various vulnerabilities.. glibc Buffer Overflow, SUSE Security Update, Container Security Patches. . LinuxSecurity.com Team
Apr 02, 2023
SuSE
100
security advisorysecurity updatesecurity issueSUSE 15 Important Security Update: SUSE-CU-2021:86-1 Multiple Threats
The container suse/sle15 was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:86-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.425 Container Release : 6.2.425 Severity : important Type : security References : 1050625 1078466 1146705 1172442 1174016 1175519 1176201 1177238 1177275 1177427 1177583 1178386 1178775 1178910 1178966 1179083 1179222 1179694 1179721 1179816 1179847 1179909 1180020 1180038 1180077 1180083 1180596 1180663 1180721 1181011 1181328 1181358 1181505 1181622 1181831 1182117 1182279 1182328 1182331 1182333 1182362 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182629 1183094 1183370 1183371 1183456 1183457 CVE-2017-9271 CVE-2019-25013 CVE-2020-11080 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2021-20231 CVE-2021-20232 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3326 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing,resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch-> bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:753-1 Released: Tue Mar 9 17:09:57 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:890-1 Released: Fri Mar 19 15:51:41 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update forglib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' > = 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:931-1 Released: Wed Mar 24 12:10:41 2021 Summary: Security update for nghttp2 Type: security Severity: important References: 1172442,1181358,CVE-2020-11080 This update for nghttp2 fixes the following issues: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS(bsc#1181358) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:934-1 Released: Wed Mar 24 12:18:21 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:956-1 Released: Thu Mar 25 19:19:04 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179816,1179847,1179909,1180077,1180663,1180721,1181328,1181622,1182629,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.43: - doc: give more details about creating versioned package locks (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) - Fix source-download commands help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fixinstall summary to write nothing if there's nothing todo (bsc#1180077) - Prefer /run over /var/run. Update libzypp to 17.25.8: - Try to provide a mounted /proc in --root installs (bsc#1181328) Some systemd tools require /proc to be mounted and fail if it's not there. - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names (bsc#1179847) This allows to use the RH and SUSE patch categrory names synonymously: (recommended = bugfix) and (optional = feature = enhancement). - Add missing includes for GCC 11 compatibility. - Fix %posttrans script execution (fixes #265) The scripts are execuable. No need to call them through 'sh -c'. - Commit: Fix rpmdb compat symlink in case rpm got removed. - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location ob the rpmdatabase to use. - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#1179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) . Essential security patch for SUSE container suse/sle15, targeting significant concerns and multiple security flaws.. SUSE ContainerUpdate,SUSE SLE 15,Security Fixes,Patch Management. . Severity: Important. LinuxSecurity.com Team
Mar 30, 2021
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!