Alerts This Week
Warning Icon 1 664
Alerts This Week
Warning Icon 1 664

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -1 articles for you...
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisorymoderatesecurity update

openSUSE Tumbleweed: 2025:14821-1 moderate: Ruby3.4-RubyGem gRPC

An update that solves one vulnerability can now be installed.. # ruby3.4-rubygem-grpc-1.70.1-1.1 on GA media Announcement ID: openSUSE-SU-2025:14821-1 Rating: moderate Cross-References: * CVE-2023-0286 CVSS scores: * CVE-2023-0286 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the ruby3.4-rubygem-grpc-1.70.1-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * ruby3.4-rubygem-grpc 1.70.1-1.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0286.html . An advisory has been released for openSUSE Tumbleweed regarding updates to the ruby3.4-rubygem-grpc package, highlighting a moderate concern for stability.. openSUSE, RubyGem, security advisory, update, moderate fix. . LinuxSecurity.com Team

Calendar 2 Feb 19, 2025 OpenSUSE
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisorymoderatedata corruption

openSUSE 15.5: SUSE-SU-2024:4436-1 moderate: grpc security fixes

An update that solves two vulnerabilities can now be installed.. # Security update for grpc Announcement ID: SUSE-SU-2024:4436-1 Release Date: 2024-12-30T13:23:26Z Rating: moderate References: * bsc#1228919 * bsc#1233821 Cross-References: * CVE-2024-11407 * CVE-2024-7246 CVSS scores: * CVE-2024-11407 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:X/RE:L/U:Green * CVE-2024-11407 ( SUSE ): 5.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H * CVE-2024-11407 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:X/RE:L/U:Green * CVE-2024-7246 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L * CVE-2024-7246 ( SUSE ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for grpc fixes the following issues: * CVE-2024-7246: HPACK table poisoning by gRPC clients communicating with a HTTP/2 proxy. (bsc#1228919) * CVE-2024-11407: data corruption on servers with transmit zero copy enabled. (bsc#1233821) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-4436=1 openSUSE-SLE-15.5-2024-4436=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-4436=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2024-4436=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * grpc-devel-1.60.0-150500.11.8.1 * libupb37-1.60.0-150500.11.8.1 * libgrpc++1_60-1.60.0-150500.11.8.1 * libgrpc++1_60-debuginfo-1.60.0-150500.11.8.1 * libgrpc37-debuginfo-1.60.0-150500.11.8.1 * libgrpc1_60-1.60.0-150500.11.8.1 * upb-devel-1.60.0-150500.11.8.1 * libgrpc1_60-debuginfo-1.60.0-150500.11.8.1 * libupb37-debuginfo-1.60.0-150500.11.8.1 * grpc-devel-debuginfo-1.60.0-150500.11.8.1 * grpc-debuginfo-1.60.0-150500.11.8.1 * libgrpc37-1.60.0-150500.11.8.1 * grpc-debugsource-1.60.0-150500.11.8.1 * openSUSE Leap 15.5 (noarch) * grpc-source-1.60.0-150500.11.8.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * grpc-devel-1.60.0-150500.11.8.1 * libupb37-1.60.0-150500.11.8.1 * libgrpc++1_60-1.60.0-150500.11.8.1 * libgrpc++1_60-debuginfo-1.60.0-150500.11.8.1 * libgrpc37-debuginfo-1.60.0-150500.11.8.1 * libgrpc1_60-1.60.0-150500.11.8.1 * libgrpc1_60-debuginfo-1.60.0-150500.11.8.1 * libupb37-debuginfo-1.60.0-150500.11.8.1 * grpc-debuginfo-1.60.0-150500.11.8.1 * libgrpc37-1.60.0-150500.11.8.1 * grpc-debugsource-1.60.0-150500.11.8.1 * Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libupb37-1.60.0-150500.11.8.1 * libgrpc37-debuginfo-1.60.0-150500.11.8.1 * libgrpc1_60-1.60.0-150500.11.8.1 * libgrpc1_60-debuginfo-1.60.0-150500.11.8.1 * libupb37-debuginfo-1.60.0-150500.11.8.1 * grpc-debuginfo-1.60.0-150500.11.8.1 * libgrpc37-1.60.0-150500.11.8.1 * grpc-debugsource-1.60.0-150500.11.8.1 ## References: * https://www.suse.com/security/cve/CVE-2024-11407.html * https://www.suse.com/security/cve/CVE-2024-7246.html * https://bugzilla.suse.com/show_bug.cgi?id=1228919 * https://bugzilla.suse.com/show_bug.cgi?id=1233821 . Red Hat issued a patch notice for istio, addressing key vulnerabilities related to malformed requests and unexpected traffic injection risks.. grpc security update, openSUSE updates, SUSE security advisory. . LinuxSecurity.com Team

Calendar 2 Dec 30, 2024 OpenSUSE
Banner 2 1028x280 1708121730 1 1771599631
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorymoderatethreat

SUSE 15 SP5: 2024:4436-1 moderate: grpc HPACK poisoning and data corruption

* bsc#1228919 * bsc#1233821 Cross-References: * CVE-2024-11407 . # Security update for grpc Announcement ID: SUSE-SU-2024:4436-1 Release Date: 2024-12-30T13:23:26Z Rating: moderate References: * bsc#1228919 * bsc#1233821 Cross-References: * CVE-2024-11407 * CVE-2024-7246 CVSS scores: * CVE-2024-11407 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:X/RE:L/U:Green * CVE-2024-11407 ( SUSE ): 5.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H * CVE-2024-11407 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:X/RE:L/U:Green * CVE-2024-7246 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L * CVE-2024-7246 ( SUSE ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for grpc fixes the following issues: * CVE-2024-7246: HPACK table poisoning by gRPC clients communicating with a HTTP/2 proxy. (bsc#1228919) * CVE-2024-11407: data corruption on servers with transmit zero copy enabled. (bsc#1233821) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-4436=1 openSUSE-SLE-15.5-2024-4436=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-4436=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2024-4436=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * grpc-devel-1.60.0-150500.11.8.1 * libupb37-1.60.0-150500.11.8.1 * libgrpc++1_60-1.60.0-150500.11.8.1 * libgrpc++1_60-debuginfo-1.60.0-150500.11.8.1 * libgrpc37-debuginfo-1.60.0-150500.11.8.1 * libgrpc1_60-1.60.0-150500.11.8.1 * upb-devel-1.60.0-150500.11.8.1 * libgrpc1_60-debuginfo-1.60.0-150500.11.8.1 * libupb37-debuginfo-1.60.0-150500.11.8.1 * grpc-devel-debuginfo-1.60.0-150500.11.8.1 * grpc-debuginfo-1.60.0-150500.11.8.1 * libgrpc37-1.60.0-150500.11.8.1 * grpc-debugsource-1.60.0-150500.11.8.1 * openSUSE Leap 15.5 (noarch) * grpc-source-1.60.0-150500.11.8.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * grpc-devel-1.60.0-150500.11.8.1 * libupb37-1.60.0-150500.11.8.1 * libgrpc++1_60-1.60.0-150500.11.8.1 * libgrpc++1_60-debuginfo-1.60.0-150500.11.8.1 * libgrpc37-debuginfo-1.60.0-150500.11.8.1 * libgrpc1_60-1.60.0-150500.11.8.1 * libgrpc1_60-debuginfo-1.60.0-150500.11.8.1 * libupb37-debuginfo-1.60.0-150500.11.8.1 * grpc-debuginfo-1.60.0-150500.11.8.1 * libgrpc37-1.60.0-150500.11.8.1 * grpc-debugsource-1.60.0-150500.11.8.1 * Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libupb37-1.60.0-150500.11.8.1 * libgrpc37-debuginfo-1.60.0-150500.11.8.1 * libgrpc1_60-1.60.0-150500.11.8.1 * libgrpc1_60-debuginfo-1.60.0-150500.11.8.1 * libupb37-debuginfo-1.60.0-150500.11.8.1 * grpc-debuginfo-1.60.0-150500.11.8.1 * libgrpc37-1.60.0-150500.11.8.1 * grpc-debugsource-1.60.0-150500.11.8.1 ## References: * https://www.suse.com/security/cve/CVE-2024-11407.html * https://www.suse.com/security/cve/CVE-2024-7246.html * https://bugzilla.suse.com/show_bug.cgi?id=1228919 * https://bugzilla.suse.com/show_bug.cgi?id=1233821 . Recent gRPC security enhancements for SUSE tackle data integrity issues and HPACK vulnerabilities. Apply suggested updates immediately.. grpc Security Update, SUSE Patch, Data Corruption Fix, HPACK Poisoning. . LinuxSecurity.com Team

Calendar 2 Dec 30, 2024 SuSE
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisorymoderatedata corruption

openSUSE Leap 15.4: SUSE-SU-2024:4400-1 moderate: grpc data corruption

An update that solves two vulnerabilities can now be installed.. # Security update for grpc Announcement ID: SUSE-SU-2024:4400-1 Release Date: 2024-12-20T15:27:39Z Rating: moderate References: * bsc#1228919 * bsc#1233821 Cross-References: * CVE-2024-11407 * CVE-2024-7246 CVSS scores: * CVE-2024-11407 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:X/RE:L/U:Green * CVE-2024-11407 ( SUSE ): 5.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H * CVE-2024-11407 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:X/RE:L/U:Green * CVE-2024-7246 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L * CVE-2024-7246 ( SUSE ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L Affected Products: * openSUSE Leap 15.4 * Public Cloud Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for grpc fixes the following issues: * CVE-2024-7246: HPACK table poisoning by gRPC clients communicating with a HTTP/2 proxy. (bsc#1228919) * CVE-2024-11407: data corruption on servers with transmit zero copy enabled. (bsc#1233821) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-4400=1 * Public Cloud Module 15-SP4 zypper in -t patchSUSE-SLE-Module-Public-Cloud-15-SP4-2024-4400=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * grpc-devel-debuginfo-1.60.0-150400.8.8.1 * upb-devel-1.60.0-150400.8.8.1 * grpc-devel-1.60.0-150400.8.8.1 * libgrpc1_60-debuginfo-1.60.0-150400.8.8.1 * libgrpc37-1.60.0-150400.8.8.1 * libupb37-1.60.0-150400.8.8.1 * libgrpc++1_60-1.60.0-150400.8.8.1 * grpc-debugsource-1.60.0-150400.8.8.1 * grpc-debuginfo-1.60.0-150400.8.8.1 * libupb37-debuginfo-1.60.0-150400.8.8.1 * libgrpc1_60-1.60.0-150400.8.8.1 * libgrpc37-debuginfo-1.60.0-150400.8.8.1 * libgrpc++1_60-debuginfo-1.60.0-150400.8.8.1 * openSUSE Leap 15.4 (noarch) * grpc-source-1.60.0-150400.8.8.1 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * grpc-debugsource-1.60.0-150400.8.8.1 * grpc-debuginfo-1.60.0-150400.8.8.1 ## References: * https://www.suse.com/security/cve/CVE-2024-11407.html * https://www.suse.com/security/cve/CVE-2024-7246.html * https://bugzilla.suse.com/show_bug.cgi?id=1228919 * https://bugzilla.suse.com/show_bug.cgi?id=1233821 . The update from SUSE focuses on improvements to grpc, rectifying issues related to data corruption and vulnerabilities linked to HPACK table poisoning that were identified in 2024.. grpc patching, SUSE advisory, openSUSE security, moderate vulnerabilities, grpc vulnerabilities. . LinuxSecurity.com Team

Calendar 2 Dec 20, 2024 OpenSUSE
Banner 2 1028x280 1708121730 1 1771599631
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorymoderatepatch

openSUSE 15.4: SUSE-SU-2024:4400-1 moderate: grpc data issues

* bsc#1228919 * bsc#1233821 Cross-References: * CVE-2024-11407 . # Security update for grpc Announcement ID: SUSE-SU-2024:4400-1 Release Date: 2024-12-20T15:27:39Z Rating: moderate References: * bsc#1228919 * bsc#1233821 Cross-References: * CVE-2024-11407 * CVE-2024-7246 CVSS scores: * CVE-2024-11407 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:X/RE:L/U:Green * CVE-2024-11407 ( SUSE ): 5.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H * CVE-2024-11407 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:X/RE:L/U:Green * CVE-2024-7246 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L * CVE-2024-7246 ( SUSE ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L Affected Products: * openSUSE Leap 15.4 * Public Cloud Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for grpc fixes the following issues: * CVE-2024-7246: HPACK table poisoning by gRPC clients communicating with a HTTP/2 proxy. (bsc#1228919) * CVE-2024-11407: data corruption on servers with transmit zero copy enabled. (bsc#1233821) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-4400=1 * Public Cloud Module 15-SP4 zypper in -t patchSUSE-SLE-Module-Public-Cloud-15-SP4-2024-4400=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * grpc-devel-debuginfo-1.60.0-150400.8.8.1 * upb-devel-1.60.0-150400.8.8.1 * grpc-devel-1.60.0-150400.8.8.1 * libgrpc1_60-debuginfo-1.60.0-150400.8.8.1 * libgrpc37-1.60.0-150400.8.8.1 * libupb37-1.60.0-150400.8.8.1 * libgrpc++1_60-1.60.0-150400.8.8.1 * grpc-debugsource-1.60.0-150400.8.8.1 * grpc-debuginfo-1.60.0-150400.8.8.1 * libupb37-debuginfo-1.60.0-150400.8.8.1 * libgrpc1_60-1.60.0-150400.8.8.1 * libgrpc37-debuginfo-1.60.0-150400.8.8.1 * libgrpc++1_60-debuginfo-1.60.0-150400.8.8.1 * openSUSE Leap 15.4 (noarch) * grpc-source-1.60.0-150400.8.8.1 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * grpc-debugsource-1.60.0-150400.8.8.1 * grpc-debuginfo-1.60.0-150400.8.8.1 ## References: * https://www.suse.com/security/cve/CVE-2024-11407.html * https://www.suse.com/security/cve/CVE-2024-7246.html * https://bugzilla.suse.com/show_bug.cgi?id=1228919 * https://bugzilla.suse.com/show_bug.cgi?id=1233821 . To address gRPC vulnerabilities in openSUSE, identify affected components, update to secure versions, and implement best practices for enhanced security. grpc security, openSUSE update, vulnerability assessment, patch management, security advisory. . LinuxSecurity.com Team

Calendar 2 Dec 20, 2024 SuSE
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisorymoderate threatdata corruption

openSUSE Leap 15.6: 2024:4401-1 moderate: grpc issues fixed

An update that solves two vulnerabilities can now be installed.. # Security update for grpc Announcement ID: SUSE-SU-2024:4401-1 Release Date: 2024-12-20T15:28:10Z Rating: moderate References: * bsc#1228919 * bsc#1233821 Cross-References: * CVE-2024-11407 * CVE-2024-7246 CVSS scores: * CVE-2024-11407 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:X/RE:L/U:Green * CVE-2024-11407 ( SUSE ): 5.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H * CVE-2024-11407 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:X/RE:L/U:Green * CVE-2024-7246 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L * CVE-2024-7246 ( SUSE ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for grpc fixes the following issues: * CVE-2024-7246: HPACK table poisoning by gRPC clients communicating with a HTTP/2 proxy. (bsc#1228919) * CVE-2024-11407: data corruption on servers with transmit zero copy enabled. (bsc#1233821) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-4401=1 openSUSE-SLE-15.6-2024-4401=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-4401=1 ## Package List: *openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libgrpc37-debuginfo-1.60.0-150600.15.3.1 * grpc-debugsource-1.60.0-150600.15.3.1 * libgrpc++1_60-debuginfo-1.60.0-150600.15.3.1 * libgrpc1_60-debuginfo-1.60.0-150600.15.3.1 * grpc-devel-1.60.0-150600.15.3.1 * libgrpc37-1.60.0-150600.15.3.1 * libupb37-debuginfo-1.60.0-150600.15.3.1 * grpc-debuginfo-1.60.0-150600.15.3.1 * grpc-devel-debuginfo-1.60.0-150600.15.3.1 * libgrpc1_60-1.60.0-150600.15.3.1 * libupb37-1.60.0-150600.15.3.1 * upb-devel-1.60.0-150600.15.3.1 * libgrpc++1_60-1.60.0-150600.15.3.1 * openSUSE Leap 15.6 (noarch) * grpc-source-1.60.0-150600.15.3.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libgrpc37-debuginfo-1.60.0-150600.15.3.1 * grpc-debugsource-1.60.0-150600.15.3.1 * libgrpc++1_60-debuginfo-1.60.0-150600.15.3.1 * libgrpc1_60-debuginfo-1.60.0-150600.15.3.1 * grpc-devel-1.60.0-150600.15.3.1 * libgrpc37-1.60.0-150600.15.3.1 * libupb37-debuginfo-1.60.0-150600.15.3.1 * grpc-debuginfo-1.60.0-150600.15.3.1 * grpc-devel-debuginfo-1.60.0-150600.15.3.1 * libgrpc1_60-1.60.0-150600.15.3.1 * libupb37-1.60.0-150600.15.3.1 * libgrpc++1_60-1.60.0-150600.15.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-11407.html * https://www.suse.com/security/cve/CVE-2024-7246.html * https://bugzilla.suse.com/show_bug.cgi?id=1228919 * https://bugzilla.suse.com/show_bug.cgi?id=1233821 . This patch resolves critical vulnerabilities related to grpc on Fedora and CentOS environments.. grpc security update, openSUSE patch, SUSE Linux update, grpc vulnerabilities, network security advisory. . LinuxSecurity.com Team

Calendar 2 Dec 20, 2024 OpenSUSE
Banner 2 1028x280 1708121730 1 1771599631
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorymoderatedata corruption

SUSE: 2024:4401-1 moderate: grpc data corruption and HPACK issues

* bsc#1228919 * bsc#1233821 Cross-References: * CVE-2024-11407 . # Security update for grpc Announcement ID: SUSE-SU-2024:4401-1 Release Date: 2024-12-20T15:28:10Z Rating: moderate References: * bsc#1228919 * bsc#1233821 Cross-References: * CVE-2024-11407 * CVE-2024-7246 CVSS scores: * CVE-2024-11407 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:X/RE:L/U:Green * CVE-2024-11407 ( SUSE ): 5.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H * CVE-2024-11407 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:X/RE:L/U:Green * CVE-2024-7246 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L * CVE-2024-7246 ( SUSE ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for grpc fixes the following issues: * CVE-2024-7246: HPACK table poisoning by gRPC clients communicating with a HTTP/2 proxy. (bsc#1228919) * CVE-2024-11407: data corruption on servers with transmit zero copy enabled. (bsc#1233821) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-4401=1 openSUSE-SLE-15.6-2024-4401=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-4401=1 ## Package List: *openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libgrpc37-debuginfo-1.60.0-150600.15.3.1 * grpc-debugsource-1.60.0-150600.15.3.1 * libgrpc++1_60-debuginfo-1.60.0-150600.15.3.1 * libgrpc1_60-debuginfo-1.60.0-150600.15.3.1 * grpc-devel-1.60.0-150600.15.3.1 * libgrpc37-1.60.0-150600.15.3.1 * libupb37-debuginfo-1.60.0-150600.15.3.1 * grpc-debuginfo-1.60.0-150600.15.3.1 * grpc-devel-debuginfo-1.60.0-150600.15.3.1 * libgrpc1_60-1.60.0-150600.15.3.1 * libupb37-1.60.0-150600.15.3.1 * upb-devel-1.60.0-150600.15.3.1 * libgrpc++1_60-1.60.0-150600.15.3.1 * openSUSE Leap 15.6 (noarch) * grpc-source-1.60.0-150600.15.3.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libgrpc37-debuginfo-1.60.0-150600.15.3.1 * grpc-debugsource-1.60.0-150600.15.3.1 * libgrpc++1_60-debuginfo-1.60.0-150600.15.3.1 * libgrpc1_60-debuginfo-1.60.0-150600.15.3.1 * grpc-devel-1.60.0-150600.15.3.1 * libgrpc37-1.60.0-150600.15.3.1 * libupb37-debuginfo-1.60.0-150600.15.3.1 * grpc-debuginfo-1.60.0-150600.15.3.1 * grpc-devel-debuginfo-1.60.0-150600.15.3.1 * libgrpc1_60-1.60.0-150600.15.3.1 * libupb37-1.60.0-150600.15.3.1 * libgrpc++1_60-1.60.0-150600.15.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-11407.html * https://www.suse.com/security/cve/CVE-2024-7246.html * https://bugzilla.suse.com/show_bug.cgi?id=1228919 * https://bugzilla.suse.com/show_bug.cgi?id=1233821 . Update on gRPC address vulnerabilities and HPACK table compromise problems in SUSE Linux offerings. Check the details for further insight.. SUSE grpc Security Update, grpc Data Corruption Fix, SUSE Security Advisory, HPACK Poisoning Protection. . LinuxSecurity.com Team

Calendar 2 Dec 20, 2024 SuSE
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorysecurity updateimportant

SUSE: 2023:2854-1 Important: grpc, protobuf Security Update

The container suse/sle15 was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2854-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.811 Container Release : 6.2.811 Severity : important Type : security References : 1099269 1133277 1144068 1158763 1162343 1177127 1178168 1182066 1184753 1194530 1197726 1198331 1199282 1203681 1204256 1210740 1213231 1213557 1213673 CVE-2018-1000518 CVE-2020-25659 CVE-2020-36242 CVE-2021-22569 CVE-2021-22570 CVE-2022-1941 CVE-2022-3171 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2783-1 Released: Tue Jul 4 21:54:25 2023 Summary: Security update for grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-psutil, python-pytest-asyncio, python-requests, python-websocket-client, python-websockets Type: security Severity: important References: 1099269,1133277,1144068,1162343,1177127,1178168,1182066,1184753,1194530,1197726,1198331,1199282,1203681,1204256,CVE-2018-1000518,CVE-2020-25659,CVE-2020-36242,CVE-2021-22569,CVE-2021-22570,CVE-2022-1941,CVE-2022-3171 This update for grpc, protobuf, python-Deprecated, python-PyGithub, python-aiocontextvars, python-avro, python-bcrypt, python-cryptography, python-cryptography-vectors,python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-psutil, python-pytest-asyncio, python-requests, python-websocket-client, python-websockets fixes the following issues: grpc: - Update in SLE-15 (bsc#1197726, bsc#1144068) protobuf: - Fix a potential DoS issue in protobuf-cpp and protobuf-python, CVE-2022-1941, bsc#1203681 - Fix a potential DoS issue when parsing with binary data in protobuf-java, CVE-2022-3171, bsc#1204256 - Fix potential Denial of Service in protobuf-java in the parsing procedure for binary data, CVE-2021-22569, bsc#1194530 - Add missing dependency of python subpackages on python-six (bsc#1177127) - Updated to version 3.9.2 (bsc#1162343) * Remove OSReadLittle* due to alignment requirements. * Don't use unions and instead use memcpy for the type swaps. - Disable LTO (bsc#1133277) python-aiocontextvars: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-avro: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-cryptography: - update to 3.3.2 (bsc#1182066, CVE-2020-36242, bsc#1198331) * SECURITY ISSUE: Fixed a bug where certain sequences of update() calls when symmetrically encrypting very large payloads (> 2GB) could result in an integer overflow, leading to buffer overflows. CVE-2020-36242 python-cryptography-vectors: - update to 3.2 (bsc#1178168, CVE-2020-25659): * CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant time, to protect against Bleichenbacher vulnerabilities. Due to limitations imposed by our API, we cannot completely mitigate this vulnerability. * Support for OpenSSL 1.0.2 has been removed. * Added basic support for PKCS7 signing (including SMIME) via PKCS7SignatureBuilder. - update to 3.3.2 (bsc#1198331) python-Deprecated: - Includein SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - update to 1.2.13: python-google-api-core: - Update to 1.14.2 python-googleapis-common-protos: - Update to 1.6.0 python-grpcio-gcp: - Initial spec for v0.2.2 python-humanfriendly: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Update to 10.0 python-jsondiff: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Update to version 1.3.0 python-knack: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Update to version 0.9.0 python-opencensus: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Disable Python2 build - Update to 0.8.0 python-opencensus-context: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-opencensus-ext-threading: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Initial build version 0.1.2 python-opentelemetry-api: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Version update to 1.5.0 python-psutil: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - update to 5.9.1 - remove the dependency on net-tools, since it conflicts with busybox-hostnmame which is default on MicroOS. (bsc#1184753) - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-PyGithub: - Update to 1.43.5: python-pytest-asyncio: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Initial release of python-pytest-asyncio 0.8.0 python-requests: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-websocket-client: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Update to version 1.3.2 python-websockets: - Include in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - update to 9.1: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3513-1 Released: Fri Sep 1 15:47:41 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1158763,1210740,1213231,1213557,1213673 This update forlibzypp, zypper fixes the following issues: - Fix occasional isue with downloading very small files (bsc#1213673) - Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231) - Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763) - Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740) - Revised explanation of --force-resolution in man page (bsc#1213557) - Print summary hint if policies were violated due to --force-resolution (bsc#1213557) The following package changes have been done: - libprotobuf-lite20-3.9.2-150100.8.3.3 added - libzypp-17.31.20-150100.3.117.1 updated - zypper-1.14.63-150100.3.84.1 updated - libprotobuf-lite15-3.5.0-5.5.1 removed . SUSE Container Update Notice SUSE-CU-2023:2855-1 enhances security by applying crucial updates for libxml2 and openssl.. SUSE Container Update,suse/sle15 security,suse patches,grpc protobuf security. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Sep 05, 2023 Important SuSE
Banner 2 1028x280 1708121730 1 1771599631
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here