Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
100
security advisoryimportantsuseUBUNTU: 2023:4578-1 Critical Security Patch for ubuntu/focal
The container suse/sle15 was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2386-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.316 Container Release : 9.5.316 Severity : important Type : security References : 1089497 1206346 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2918-1 Released: Thu Jul 20 12:00:17 2023 Summary: Recommended update for gpgme Type: recommended Severity: moderate References: 1089497 This update for gpgme fixes the following issues: gpgme: - Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497) libassuan: - Version upgrade to 2.5.5 in LTSS to address gpgme new requirements ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2923-1 Released: Thu Jul 20 19:34:50 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1206346 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.32.1 updated - libassuan0-2.5.5-150000.4.5.2 updated . SUSE Container Refresh Notice for suse/sle15, focusing on critical security vulnerabilities and software improvements.. SUSE Update, Container Security, SUSE Patch Management. . Severity: Important. LinuxSecurity.com Team
Jul 22, 2023
•Important
SuSE
100
security advisorymoderatesuseSUSE: 2023:2383-1 Moderate Update for Curl and Gpgme Security Patches
The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2383-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.71 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.71 Severity : moderate Type : security References : 1089497 1213237 CVE-2023-32001 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2891-1 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Type: security Severity: moderate References: 1213237,CVE-2023-32001 This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2918-1 Released: Thu Jul 20 12:00:17 2023 Summary: Recommended update for gpgme Type: recommended Severity: moderate References: 1089497 This update for gpgme fixes the following issues: gpgme: - Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497) libassuan: - Version upgrade to 2.5.5 in LTSS to address gpgme new requirements The following package changes have been done: - glibc-2.31-150300.52.2 updated - libassuan0-2.5.5-150000.4.5.2 updated - libcurl4-8.0.1-150400.5.26.1 updated - perl-base-5.26.1-150300.17.14.1 updated - container:sles15-image-15.0.0-27.14.84 updated . Recent security patches applied to the SUSE Container toolbox, addressing vulnerabilities related to curl and gpgme.. SUSE Container Update, Toolbox Security, Curl Fix. .LinuxSecurity.com Team
Jul 22, 2023
SuSE
98
security advisorymoderatesecurity updateRedHat OpenShift 4.2.33: RHSA-2020-2027 Moderate: GPGME Use-After-Free
An update for openshift-clients is now available for Red Hat OpenShift Container Platform 4.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Container Platform 4.2.33 openshift-clients security update Advisory ID: RHSA-2020:2027-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2020:2027 Issue date: 2020-05-13 CVE Names: CVE-2020-8945 ==================================================================== 1. Summary: An update for openshift-clients is now available for Red Hat OpenShift Container Platform 4.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Container Platform 4.2 - s390x, x86_64 3. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): * proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For OpenShift Container Platform 4.2 see the following documentation, which will be updated shortly for release 4.2.33, for important instructions on how to upgrade your cluster and fully apply this asynchronouserrata update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.2/html/release_notes/ocp-4-2-release-notes Details on how to access this content are available at - -cli.html. 5. Bugs fixed (https://bugzilla.redhat.com/): 1795838 - CVE-2020-8945 proglottis/gpgme: Use-after-free in GPGME bindings during container image pull 6. Package List: Red Hat OpenShift Container Platform 4.2: Source: openshift-clients-4.2.32-202005020632.git.1.1b0fab9.el8.src.rpm s390x: openshift-clients-4.2.32-202005020632.git.1.1b0fab9.el8.s390x.rpm x86_64: openshift-clients-4.2.32-202005020632.git.1.1b0fab9.el8.x86_64.rpm openshift-clients-redistributable-4.2.32-202005020632.git.1.1b0fab9.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-8945 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXrvWttzjgjWX9erEAQgUbhAAoKmZx9M2MEixqB9hUGmniILX0OnNxvnI dsoqod0jMPM4+v1Dey2RApSMTeEcFrFdcauNt13sLajs7cuO9OyGGm7hruNOVVdZ AFMx6TIDqYjay4FsbszmaqmziEqFW4QDwvi6VdaVqv4XbCiA8Vx4b0BrBz0qRGPq hgxf6NxvdFGt7Cze65KC0aphqhGQFhvKPQ83zR3ldiI6WwvG1qvK7qTmFtelqVfx f/ESrbUHNp8qM31PqkCfg4CIeC4qduaRMLld0htGBAOPlWkbtw+7yc3gE7T2Dzko Qx+3KfZdH64lVO8k6ZBtLYdD25woYcNUetforDTnjBVZvF/t7TLmqMow52dud2KD ssO/vheO+MCJAU/9is/D3vb5TqsWyu6cQcUnUjAC2awbHhqUDwOPGcjbuCF1wcQg /ynDJJYI7FUYqIT+IHbyxxmI3Spw6Jsgt4Z9ezu/Wm+MGj6kIBhywyKZYjPICiTW 1B6OvG0YU5sZ5W/YHk1/mEbAYSKlqHWLifUjriQuNYKbXycI75oaRAq2A5KiCSFY eXb9xcBNYCe9qkaogaE4TOcJQQgLIdI32L+sYVm0SnTo2j/V8X617rWByn0oIMDS UDOpu0oMc3hJraGSPwyf6KFVAR39/EL8k7fNjkOXd7ZQjT6qgDxg5s/hhiAqSmJ3 /wgWZITc09g=N/1D -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 13, 2020
Red Hat
87
security advisorydenial of servicebuffer overflowDebian: DSA-3005-1 Critical: GPGME Buffer Overflow Denial of Service
Tomas Trnka discovered a heap-based buffer overflow within the gpgsm status handler of GPGME, a library designed to make access to GnuPG easier for applications. An attacker could use this issue to cause an application using GPGME to crash (denial of service) or possibly to . - ------------------------------------------------------------------------- Debian Security Advisory DSA-3005-1
Aug 14, 2014
•Critical
Debian
172
security advisorydenial of servicearbitrary codeUbuntu 14.04 LTS: USN-2307-1 Severe: GPGME Code Execution Risk
GPGME could be made to crash or run programs as your login if it processed a specially crafted certificate.. =========================================================================Ubuntu Security Notice USN-2307-1 August 06, 2014 gpgme1.0 vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: GPGME could be made to crash or run programs as your login if it processed a specially crafted certificate. Software Description: - gpgme1.0: GPGME - GnuPG Made Easy (library) Details: Tomáš Trnka discovered that GPGME incorrectly handled certain certificate line lengths. An attacker could use this issue to cause applications using GPGME to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: libgpgme11 1.4.3-0.1ubuntu5.1 Ubuntu 12.04 LTS: libgpgme11 1.2.0-1.4ubuntu2.1 Ubuntu 10.04 LTS: libgpgme11 1.2.0-1.2ubuntu1.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-2307-1 CVE-2014-3564 Package Information: https://launchpad.net/ubuntu/+source/gpgme1.0/1.4.3-0.1ubuntu5.1 https://launchpad.net/ubuntu/+source/gpgme1.0/1.2.0-1.4ubuntu2.1 https://launchpad.net/ubuntu/+source/gpgme1.0/1.2.0-1.2ubuntu1.1 . Serious GPGME vulnerability enables unauthorized code execution through malicious certificates. Ensure your Ubuntu installations are updated immediately.. GPGME Vulnerability, Ubuntu Patch, Security Fix, Software Update. . Severity: Critical. LinuxSecurity.com Team
Aug 06, 2014
•Critical
Ubuntu
172
security advisorybuffer overflowubuntuUbuntu 6.06 LTS: USN-432-2 Moderate: GnuPG2 Injection Attack
USN-432-1 fixed a vulnerability in GnuPG. This update provides the corresponding updates for GnuPG2 and the GPGME library. Original advisory details: Gerardo Richarte from Core Security Technologies discovered that when gnupg is used without --status-fd, there is no way to distinguish initial unsigned messages from a following signed message. An attacker could inject an unsigned message, which could fool the user into thinking the message was entirely signed by the original sender. . =========================================================== Ubuntu Security Notice USN-432-2 March 13, 2007 gnupg2, gpgme1.0 vulnerability CVE-2007-1263 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libgpgme11 1.1.0-1ubuntu0.1 Ubuntu 6.10: gnupg2 1.9.21-0ubuntu5.3 libgpgme11 1.1.2-2ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: USN-432-1 fixed a vulnerability in GnuPG. This update provides the corresponding updates for GnuPG2 and the GPGME library. Original advisory details: Gerardo Richarte from Core Security Technologies discovered that when gnupg is used without --status-fd, there is no way to distinguish initial unsigned messages from a following signed message. An attacker could inject an unsigned message, which could fool the user into thinking the message was entirely signed by the original sender. Updated packages for Ubuntu 6.06 LTS: Source archives: Size/MD5: 35741 47d6ee190ee0522b45b96dfea1aec369 Size/MD5: 659 536b60523f53fe45e9a715fee633fb8e Size/MD5: 862122 dc180e1c2b3b13cf3b16b9586e8509ac amd64 architecture (Athlon64, Opteron, EM64T Xeon) Size/MD5: 343394 ca1cd44964639c3b1ab517d71f02be7c Size/MD5: 185096 686c695bf758bdb35eb0277596b5d967 i386 architecture (x86 compatible Intel/AMD) Size/MD5: 316162 787bcf93b93d4d846c4278caee3f298a Size/MD5: 164356 a3e2c02f67687ed53c80023159a08513 powerpc architecture (Apple Macintosh G3/G4/G5) Size/MD5: 329614 079a0ad9f7775de82b21bc8cd8b7e96b Size/MD5: 178434 1430154f3bda638d607d3d00c9da736c sparc architecture (Sun SPARC/UltraSPARC) Size/MD5: 316166 687a5a1e91979f26cf0453315e10aa85 Size/MD5: 169754 90558aac05b3f71c98dcf5e089dfa37b Updated packages for Ubuntu 6.10: Source archives: Size/MD5: 40536 57bef9fd8e37b8d1f0c09c7cb6a1b4b6 Size/MD5: 839 3830cb1f96959bebba4560bf56cfb865 Size/MD5: 2290952 5a609db8ecc661fb299c0dccd84ad503 Size/MD5: 582785 ffc28a1ddf242c1434054c611b3e56e7 Size/MD5: 744 59ff64cec62d3259528e4dcb314115b0 Size/MD5: 881432 c712ca39c3553573f15cd01e6edb8b68 amd64 architecture (Athlon64, Opteron, EM64T Xeon) Size/MD5: 193872 094402a2b5d64a699a9b8da5f47891f1 Size/MD5: 787500 8198d070a8589a47f9b0c6893b101d89 Size/MD5: 333136 deb90b54b5d8ff98e2f8f3f8a96c4896 Size/MD5: 349736 8b6ba64e232718d85b20e01152d5e0b6 Size/MD5: 188434 7f594bfa7c5a223fbc48dcd5063239f4 i386 architecture (x86 compatible Intel/AMD) Size/MD5: 176266 4e191490d03c78bb16ae76ffdcc1f4ce Size/MD5: 738282 f26ac977c08ecc691c5428367b4b1196 Size/MD5: 304926 124b1f54edc4902ddc9656fb6d56e2eb Size/MD5: 329932 fc9e1af3ae706db0bc106607f6f8c0d3 Size/MD5: 174936 c1f8f21e0adf999ea3098b3aaab4882e powerpc architecture (Apple Macintosh G3/G4/G5) Size/MD5: 1907462da9f0306a14651ece00b85d41700391 Size/MD5: 774174 fa48b523bc15d9e3590ff0739bceafb4 Size/MD5: 324472 ef82785a6bdaea9009669d3024f6b0b4 Size/MD5: 335252 ec105374c75dccf66afcfe154d34387f Size/MD5: 182786 915534115d51065f3cfebc2b02b637e7 sparc architecture (Sun SPARC/UltraSPARC) Size/MD5: 174274 73230ada924427a5d5fc230b7d625b64 Size/MD5: 726564 3b0f3eb59acd4157913885ba1461567e Size/MD5: 297776 8c76049329431405229dce046656b6b6 Size/MD5: 323808 8668135508773a2f41fde93153d786ff Size/MD5: 174140 9d305501f27c38e624b95788f6945736 . The latest Ubuntu patches resolve vulnerabilities in GnuPG2 and GPGME, effectively blocking unauthorized unsigned message injections.. GnuPG2 Update, GPGME Attack, Ubuntu Security Patch. . LinuxSecurity.com Team
Mar 13, 2007
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!