Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 15 articles for you...
100
security advisoryserverimportantSUSE: 2024:2897-1 Important: gtk2 Library Injection Risk
* bsc#1228120 Cross-References: * CVE-2024-6655 . # Security update for gtk2 Announcement ID: SUSE-SU-2024:2897-1 Rating: important References: * bsc#1228120 Cross-References: * CVE-2024-6655 CVSS scores: * CVE-2024-6655 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for gtk2 fixes the following issues: * CVE-2024-6655: Fixed library injection from current working directory (bsc#1228120). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-2897=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-2897=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-2897=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-2897=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-2897=1 * SUSE LinuxEnterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-2897=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-2897=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * gtk2-data-2.24.32+67-150200.4.3.1 * gtk2-lang-2.24.32+67-150200.4.3.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * typelib-1_0-Gtk-2_0-2.24.32+67-150200.4.3.1 * gtk2-tools-debuginfo-2.24.32+67-150200.4.3.1 * gtk2-debugsource-2.24.32+67-150200.4.3.1 * gtk2-devel-2.24.32+67-150200.4.3.1 * gtk2-tools-2.24.32+67-150200.4.3.1 * gtk2-devel-debuginfo-2.24.32+67-150200.4.3.1 * libgtk-2_0-0-debuginfo-2.24.32+67-150200.4.3.1 * libgtk-2_0-0-2.24.32+67-150200.4.3.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libgtk-2_0-0-32bit-2.24.32+67-150200.4.3.1 * gtk2-tools-32bit-2.24.32+67-150200.4.3.1 * gtk2-tools-32bit-debuginfo-2.24.32+67-150200.4.3.1 * libgtk-2_0-0-32bit-debuginfo-2.24.32+67-150200.4.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * gtk2-data-2.24.32+67-150200.4.3.1 * gtk2-lang-2.24.32+67-150200.4.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * typelib-1_0-Gtk-2_0-2.24.32+67-150200.4.3.1 * gtk2-tools-debuginfo-2.24.32+67-150200.4.3.1 * gtk2-debugsource-2.24.32+67-150200.4.3.1 * gtk2-devel-2.24.32+67-150200.4.3.1 * gtk2-tools-2.24.32+67-150200.4.3.1 * gtk2-devel-debuginfo-2.24.32+67-150200.4.3.1 * libgtk-2_0-0-debuginfo-2.24.32+67-150200.4.3.1 * libgtk-2_0-0-2.24.32+67-150200.4.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libgtk-2_0-0-32bit-2.24.32+67-150200.4.3.1 * gtk2-tools-32bit-2.24.32+67-150200.4.3.1 * gtk2-tools-32bit-debuginfo-2.24.32+67-150200.4.3.1 *libgtk-2_0-0-32bit-debuginfo-2.24.32+67-150200.4.3.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * gtk2-data-2.24.32+67-150200.4.3.1 * gtk2-lang-2.24.32+67-150200.4.3.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * typelib-1_0-Gtk-2_0-2.24.32+67-150200.4.3.1 * gtk2-tools-debuginfo-2.24.32+67-150200.4.3.1 * gtk2-debugsource-2.24.32+67-150200.4.3.1 * gtk2-devel-2.24.32+67-150200.4.3.1 * gtk2-tools-2.24.32+67-150200.4.3.1 * gtk2-devel-debuginfo-2.24.32+67-150200.4.3.1 * libgtk-2_0-0-debuginfo-2.24.32+67-150200.4.3.1 * libgtk-2_0-0-2.24.32+67-150200.4.3.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libgtk-2_0-0-32bit-2.24.32+67-150200.4.3.1 * gtk2-tools-32bit-2.24.32+67-150200.4.3.1 * gtk2-tools-32bit-debuginfo-2.24.32+67-150200.4.3.1 * libgtk-2_0-0-32bit-debuginfo-2.24.32+67-150200.4.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * gtk2-data-2.24.32+67-150200.4.3.1 * gtk2-lang-2.24.32+67-150200.4.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * typelib-1_0-Gtk-2_0-2.24.32+67-150200.4.3.1 * gtk2-tools-debuginfo-2.24.32+67-150200.4.3.1 * gtk2-debugsource-2.24.32+67-150200.4.3.1 * gtk2-devel-2.24.32+67-150200.4.3.1 * gtk2-tools-2.24.32+67-150200.4.3.1 * gtk2-devel-debuginfo-2.24.32+67-150200.4.3.1 * libgtk-2_0-0-debuginfo-2.24.32+67-150200.4.3.1 * libgtk-2_0-0-2.24.32+67-150200.4.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libgtk-2_0-0-32bit-2.24.32+67-150200.4.3.1 * gtk2-tools-32bit-2.24.32+67-150200.4.3.1 * gtk2-tools-32bit-debuginfo-2.24.32+67-150200.4.3.1 * libgtk-2_0-0-32bit-debuginfo-2.24.32+67-150200.4.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * gtk2-data-2.24.32+67-150200.4.3.1 * gtk2-lang-2.24.32+67-150200.4.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) *typelib-1_0-Gtk-2_0-2.24.32+67-150200.4.3.1 * gtk2-tools-debuginfo-2.24.32+67-150200.4.3.1 * gtk2-debugsource-2.24.32+67-150200.4.3.1 * gtk2-devel-2.24.32+67-150200.4.3.1 * gtk2-tools-2.24.32+67-150200.4.3.1 * gtk2-devel-debuginfo-2.24.32+67-150200.4.3.1 * libgtk-2_0-0-debuginfo-2.24.32+67-150200.4.3.1 * libgtk-2_0-0-2.24.32+67-150200.4.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libgtk-2_0-0-32bit-2.24.32+67-150200.4.3.1 * gtk2-tools-32bit-2.24.32+67-150200.4.3.1 * gtk2-tools-32bit-debuginfo-2.24.32+67-150200.4.3.1 * libgtk-2_0-0-32bit-debuginfo-2.24.32+67-150200.4.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * gtk2-data-2.24.32+67-150200.4.3.1 * gtk2-lang-2.24.32+67-150200.4.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * typelib-1_0-Gtk-2_0-2.24.32+67-150200.4.3.1 * gtk2-tools-debuginfo-2.24.32+67-150200.4.3.1 * gtk2-debugsource-2.24.32+67-150200.4.3.1 * gtk2-devel-2.24.32+67-150200.4.3.1 * gtk2-tools-2.24.32+67-150200.4.3.1 * gtk2-devel-debuginfo-2.24.32+67-150200.4.3.1 * libgtk-2_0-0-debuginfo-2.24.32+67-150200.4.3.1 * libgtk-2_0-0-2.24.32+67-150200.4.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libgtk-2_0-0-32bit-2.24.32+67-150200.4.3.1 * gtk2-tools-32bit-2.24.32+67-150200.4.3.1 * gtk2-tools-32bit-debuginfo-2.24.32+67-150200.4.3.1 * libgtk-2_0-0-32bit-debuginfo-2.24.32+67-150200.4.3.1 * SUSE Enterprise Storage 7.1 (noarch) * gtk2-data-2.24.32+67-150200.4.3.1 * gtk2-lang-2.24.32+67-150200.4.3.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * typelib-1_0-Gtk-2_0-2.24.32+67-150200.4.3.1 * gtk2-tools-debuginfo-2.24.32+67-150200.4.3.1 * gtk2-debugsource-2.24.32+67-150200.4.3.1 * gtk2-devel-2.24.32+67-150200.4.3.1 * gtk2-tools-2.24.32+67-150200.4.3.1 * gtk2-devel-debuginfo-2.24.32+67-150200.4.3.1 * libgtk-2_0-0-debuginfo-2.24.32+67-150200.4.3.1 * libgtk-2_0-0-2.24.32+67-150200.4.3.1 * SUSE Enterprise Storage 7.1 (x86_64) * libgtk-2_0-0-32bit-2.24.32+67-150200.4.3.1 * gtk2-tools-32bit-2.24.32+67-150200.4.3.1 * gtk2-tools-32bit-debuginfo-2.24.32+67-150200.4.3.1 * libgtk-2_0-0-32bit-debuginfo-2.24.32+67-150200.4.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-6655.html * https://bugzilla.suse.com/show_bug.cgi?id=1228120 . Ubuntu publishes crucial security patch for libpng addressing memory corruption vulnerability, CVE-2024-8888, in multiple versions.. SUSE Security Update, gtk2 Injection Risk, Linux Enterprise Updates, High Performance Computing Security. . Severity: Important. LinuxSecurity.com Team
Aug 13, 2024
•Important
SuSE
100
security advisorysoftware updateimportantSUSE: 2024:2660-1 Important: Gtk2 Security Injection Issue
* bsc#1228120 Cross-References: * CVE-2024-6655 . # Security update for gtk2 Announcement ID: SUSE-SU-2024:2660-1 Rating: important References: * bsc#1228120 Cross-References: * CVE-2024-6655 CVSS scores: * CVE-2024-6655 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.5 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for gtk2 fixes the following issues: * CVE-2024-6655: Fixed library injection from current working directory (bsc#1228120) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-2660=1 * openSUSE Leap Micro 5.5 zypper in -t patch openSUSE-Leap-Micro-5.5-2024-2660=1 * openSUSE Leap 15.5 zypper in-t patch openSUSE-SLE-15.5-2024-2660=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-2660=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-2660=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-2660=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-2660=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-2660=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-2660=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2024-2660=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-2660=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-2660=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-2660=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2660=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-2660=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-2660=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2024-2660=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-2660=1 ## Package List: * openSUSE Leap 15.4 (noarch) * gtk2-lang-2.24.33-150400.4.3.1 * gtk2-branding-upstream-2.24.33-150400.4.3.1 * gtk2-data-2.24.33-150400.4.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * gtk2-immodule-xim-debuginfo-2.24.33-150400.4.3.1 *gtk2-immodule-vietnamese-2.24.33-150400.4.3.1 * gtk2-tools-2.24.33-150400.4.3.1 * gtk2-immodule-tigrigna-debuginfo-2.24.33-150400.4.3.1 * gtk2-immodule-thai-debuginfo-2.24.33-150400.4.3.1 * gtk2-immodule-thai-2.24.33-150400.4.3.1 * gtk2-devel-2.24.33-150400.4.3.1 * typelib-1_0-Gtk-2_0-2.24.33-150400.4.3.1 * gtk2-immodule-multipress-debuginfo-2.24.33-150400.4.3.1 * gtk2-immodule-inuktitut-2.24.33-150400.4.3.1 * gtk2-immodule-tigrigna-2.24.33-150400.4.3.1 * gtk2-immodule-amharic-2.24.33-150400.4.3.1 * gtk2-immodule-inuktitut-debuginfo-2.24.33-150400.4.3.1 * libgtk-2_0-0-2.24.33-150400.4.3.1 * gtk2-immodule-amharic-debuginfo-2.24.33-150400.4.3.1 * gtk2-tools-debuginfo-2.24.33-150400.4.3.1 * gtk2-devel-debuginfo-2.24.33-150400.4.3.1 * gtk2-immodule-multipress-2.24.33-150400.4.3.1 * gtk2-debugsource-2.24.33-150400.4.3.1 * gtk2-immodule-xim-2.24.33-150400.4.3.1 * libgtk-2_0-0-debuginfo-2.24.33-150400.4.3.1 * gtk2-immodule-vietnamese-debuginfo-2.24.33-150400.4.3.1 * openSUSE Leap 15.4 (x86_64) * gtk2-immodule-inuktitut-32bit-2.24.33-150400.4.3.1 * gtk2-immodule-amharic-32bit-debuginfo-2.24.33-150400.4.3.1 * gtk2-immodule-vietnamese-32bit-debuginfo-2.24.33-150400.4.3.1 * gtk2-tools-32bit-debuginfo-2.24.33-150400.4.3.1 * gtk2-immodule-amharic-32bit-2.24.33-150400.4.3.1 * libgtk-2_0-0-32bit-debuginfo-2.24.33-150400.4.3.1 * gtk2-tools-32bit-2.24.33-150400.4.3.1 * gtk2-immodule-inuktitut-32bit-debuginfo-2.24.33-150400.4.3.1 * gtk2-devel-32bit-2.24.33-150400.4.3.1 * gtk2-immodule-thai-32bit-2.24.33-150400.4.3.1 * gtk2-immodule-xim-32bit-debuginfo-2.24.33-150400.4.3.1 * gtk2-immodule-tigrigna-32bit-debuginfo-2.24.33-150400.4.3.1 * gtk2-immodule-tigrigna-32bit-2.24.33-150400.4.3.1 * gtk2-immodule-vietnamese-32bit-2.24.33-150400.4.3.1 * libgtk-2_0-0-32bit-2.24.33-150400.4.3.1 * gtk2-devel-32bit-debuginfo-2.24.33-150400.4.3.1 * gtk2-immodule-xim-32bit-2.24.33-150400.4.3.1 *gtk2-immodule-multipress-32bit-debuginfo-2.24.33-150400.4.3.1 * gtk2-immodule-multipress-32bit-2.24.33-150400.4.3.1 * gtk2-immodule-thai-32bit-debuginfo-2.24.33-150400.4.3.1 * openSUSE Leap 15.4 (aarch64_ilp32) * gtk2-immodule-multipress-64bit-2.24.33-150400.4.3.1 * gtk2-immodule-tigrigna-64bit-2.24.33-150400.4.3.1 * gtk2-immodule-amharic-64bit-2.24.33-150400.4.3.1 * gtk2-immodule-inuktitut-64bit-debuginfo-2.24.33-150400.4.3.1 * gtk2-immodule-tigrigna-64bit-debuginfo-2.24.33-150400.4.3.1 * gtk2-immodule-vietnamese-64bit-2.24.33-150400.4.3.1 * gtk2-immodule-vietnamese-64bit-debuginfo-2.24.33-150400.4.3.1 * gtk2-immodule-xim-64bit-debuginfo-2.24.33-150400.4.3.1 * gtk2-immodule-thai-64bit-debuginfo-2.24.33-150400.4.3.1 * gtk2-immodule-thai-64bit-2.24.33-150400.4.3.1 * gtk2-tools-64bit-2.24.33-150400.4.3.1 * libgtk-2_0-0-64bit-2.24.33-150400.4.3.1 * gtk2-immodule-inuktitut-64bit-2.24.33-150400.4.3.1 * gtk2-immodule-amharic-64bit-debuginfo-2.24.33-150400.4.3.1 * gtk2-immodule-xim-64bit-2.24.33-150400.4.3.1 * libgtk-2_0-0-64bit-debuginfo-2.24.33-150400.4.3.1 * gtk2-devel-64bit-debuginfo-2.24.33-150400.4.3.1 * gtk2-tools-64bit-debuginfo-2.24.33-150400.4.3.1 * gtk2-immodule-multipress-64bit-debuginfo-2.24.33-150400.4.3.1 * gtk2-devel-64bit-2.24.33-150400.4.3.1 * openSUSE Leap Micro 5.5 (aarch64 s390x x86_64) * libgtk-2_0-0-2.24.33-150400.4.3.1 * gtk2-tools-2.24.33-150400.4.3.1 * gtk2-debugsource-2.24.33-150400.4.3.1 * libgtk-2_0-0-debuginfo-2.24.33-150400.4.3.1 * gtk2-tools-debuginfo-2.24.33-150400.4.3.1 * openSUSE Leap 15.5 (noarch) * gtk2-lang-2.24.33-150400.4.3.1 * gtk2-branding-upstream-2.24.33-150400.4.3.1 * gtk2-data-2.24.33-150400.4.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * gtk2-immodule-xim-debuginfo-2.24.33-150400.4.3.1 * gtk2-immodule-vietnamese-2.24.33-150400.4.3.1 * gtk2-tools-2.24.33-150400.4.3.1 *gtk2-immodule-tigrigna-debuginfo-2.24.33-150400.4.3.1 * gtk2-immodule-thai-debuginfo-2.24.33-150400.4.3.1 * gtk2-immodule-thai-2.24.33-150400.4.3.1 * gtk2-devel-2.24.33-150400.4.3.1 * typelib-1_0-Gtk-2_0-2.24.33-150400.4.3.1 * gtk2-immodule-multipress-debuginfo-2.24.33-150400.4.3.1 * gtk2-immodule-inuktitut-2.24.33-150400.4.3.1 * gtk2-immodule-tigrigna-2.24.33-150400.4.3.1 * gtk2-immodule-amharic-2.24.33-150400.4.3.1 * gtk2-immodule-inuktitut-debuginfo-2.24.33-150400.4.3.1 * libgtk-2_0-0-2.24.33-150400.4.3.1 * gtk2-immodule-amharic-debuginfo-2.24.33-150400.4.3.1 * gtk2-tools-debuginfo-2.24.33-150400.4.3.1 * gtk2-devel-debuginfo-2.24.33-150400.4.3.1 * gtk2-immodule-multipress-2.24.33-150400.4.3.1 * gtk2-debugsource-2.24.33-150400.4.3.1 * gtk2-immodule-xim-2.24.33-150400.4.3.1 * libgtk-2_0-0-debuginfo-2.24.33-150400.4.3.1 * gtk2-immodule-vietnamese-debuginfo-2.24.33-150400.4.3.1 * openSUSE Leap 15.5 (x86_64) * gtk2-immodule-inuktitut-32bit-2.24.33-150400.4.3.1 * gtk2-immodule-amharic-32bit-debuginfo-2.24.33-150400.4.3.1 * gtk2-immodule-vietnamese-32bit-debuginfo-2.24.33-150400.4.3.1 * gtk2-tools-32bit-debuginfo-2.24.33-150400.4.3.1 * gtk2-immodule-amharic-32bit-2.24.33-150400.4.3.1 * libgtk-2_0-0-32bit-debuginfo-2.24.33-150400.4.3.1 * gtk2-tools-32bit-2.24.33-150400.4.3.1 * gtk2-immodule-inuktitut-32bit-debuginfo-2.24.33-150400.4.3.1 * gtk2-devel-32bit-2.24.33-150400.4.3.1 * gtk2-immodule-thai-32bit-2.24.33-150400.4.3.1 * gtk2-immodule-xim-32bit-debuginfo-2.24.33-150400.4.3.1 * gtk2-immodule-tigrigna-32bit-debuginfo-2.24.33-150400.4.3.1 * gtk2-immodule-tigrigna-32bit-2.24.33-150400.4.3.1 * gtk2-immodule-vietnamese-32bit-2.24.33-150400.4.3.1 * libgtk-2_0-0-32bit-2.24.33-150400.4.3.1 * gtk2-devel-32bit-debuginfo-2.24.33-150400.4.3.1 * gtk2-immodule-xim-32bit-2.24.33-150400.4.3.1 * gtk2-immodule-multipress-32bit-debuginfo-2.24.33-150400.4.3.1 *gtk2-immodule-multipress-32bit-2.24.33-150400.4.3.1 * gtk2-immodule-thai-32bit-debuginfo-2.24.33-150400.4.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libgtk-2_0-0-2.24.33-150400.4.3.1 * gtk2-tools-2.24.33-150400.4.3.1 * gtk2-debugsource-2.24.33-150400.4.3.1 * libgtk-2_0-0-debuginfo-2.24.33-150400.4.3.1 * gtk2-tools-debuginfo-2.24.33-150400.4.3.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libgtk-2_0-0-2.24.33-150400.4.3.1 * gtk2-tools-2.24.33-150400.4.3.1 * gtk2-debugsource-2.24.33-150400.4.3.1 * libgtk-2_0-0-debuginfo-2.24.33-150400.4.3.1 * gtk2-tools-debuginfo-2.24.33-150400.4.3.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libgtk-2_0-0-2.24.33-150400.4.3.1 * gtk2-tools-2.24.33-150400.4.3.1 * gtk2-debugsource-2.24.33-150400.4.3.1 * libgtk-2_0-0-debuginfo-2.24.33-150400.4.3.1 * gtk2-tools-debuginfo-2.24.33-150400.4.3.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libgtk-2_0-0-2.24.33-150400.4.3.1 * gtk2-tools-2.24.33-150400.4.3.1 * gtk2-debugsource-2.24.33-150400.4.3.1 * libgtk-2_0-0-debuginfo-2.24.33-150400.4.3.1 * gtk2-tools-debuginfo-2.24.33-150400.4.3.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libgtk-2_0-0-2.24.33-150400.4.3.1 * gtk2-tools-2.24.33-150400.4.3.1 * gtk2-debugsource-2.24.33-150400.4.3.1 * libgtk-2_0-0-debuginfo-2.24.33-150400.4.3.1 * gtk2-tools-debuginfo-2.24.33-150400.4.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libgtk-2_0-0-2.24.33-150400.4.3.1 * gtk2-tools-2.24.33-150400.4.3.1 * gtk2-devel-debuginfo-2.24.33-150400.4.3.1 * gtk2-devel-2.24.33-150400.4.3.1 * typelib-1_0-Gtk-2_0-2.24.33-150400.4.3.1 * gtk2-debugsource-2.24.33-150400.4.3.1 * libgtk-2_0-0-debuginfo-2.24.33-150400.4.3.1 * gtk2-tools-debuginfo-2.24.33-150400.4.3.1 * Basesystem Module 15-SP5 (noarch) * gtk2-lang-2.24.33-150400.4.3.1 * DesktopApplications Module 15-SP5 (noarch) * gtk2-data-2.24.33-150400.4.3.1 * Desktop Applications Module 15-SP5 (x86_64) * gtk2-tools-32bit-debuginfo-2.24.33-150400.4.3.1 * libgtk-2_0-0-32bit-debuginfo-2.24.33-150400.4.3.1 * gtk2-tools-32bit-2.24.33-150400.4.3.1 * gtk2-debugsource-2.24.33-150400.4.3.1 * libgtk-2_0-0-32bit-2.24.33-150400.4.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * gtk2-lang-2.24.33-150400.4.3.1 * gtk2-data-2.24.33-150400.4.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libgtk-2_0-0-2.24.33-150400.4.3.1 * gtk2-tools-2.24.33-150400.4.3.1 * gtk2-devel-debuginfo-2.24.33-150400.4.3.1 * gtk2-devel-2.24.33-150400.4.3.1 * typelib-1_0-Gtk-2_0-2.24.33-150400.4.3.1 * gtk2-debugsource-2.24.33-150400.4.3.1 * libgtk-2_0-0-debuginfo-2.24.33-150400.4.3.1 * gtk2-tools-debuginfo-2.24.33-150400.4.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) * libgtk-2_0-0-32bit-debuginfo-2.24.33-150400.4.3.1 * gtk2-tools-32bit-2.24.33-150400.4.3.1 * libgtk-2_0-0-32bit-2.24.33-150400.4.3.1 * gtk2-tools-32bit-debuginfo-2.24.33-150400.4.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * gtk2-lang-2.24.33-150400.4.3.1 * gtk2-data-2.24.33-150400.4.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libgtk-2_0-0-2.24.33-150400.4.3.1 * gtk2-tools-2.24.33-150400.4.3.1 * gtk2-devel-debuginfo-2.24.33-150400.4.3.1 * gtk2-devel-2.24.33-150400.4.3.1 * typelib-1_0-Gtk-2_0-2.24.33-150400.4.3.1 * gtk2-debugsource-2.24.33-150400.4.3.1 * libgtk-2_0-0-debuginfo-2.24.33-150400.4.3.1 * gtk2-tools-debuginfo-2.24.33-150400.4.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * libgtk-2_0-0-32bit-debuginfo-2.24.33-150400.4.3.1 * gtk2-tools-32bit-2.24.33-150400.4.3.1 * libgtk-2_0-0-32bit-2.24.33-150400.4.3.1 *gtk2-tools-32bit-debuginfo-2.24.33-150400.4.3.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch) * gtk2-lang-2.24.33-150400.4.3.1 * gtk2-data-2.24.33-150400.4.3.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * gtk2-tools-32bit-debuginfo-2.24.33-150400.4.3.1 * libgtk-2_0-0-32bit-debuginfo-2.24.33-150400.4.3.1 * libgtk-2_0-0-2.24.33-150400.4.3.1 * gtk2-tools-2.24.33-150400.4.3.1 * gtk2-tools-32bit-2.24.33-150400.4.3.1 * gtk2-devel-debuginfo-2.24.33-150400.4.3.1 * gtk2-devel-2.24.33-150400.4.3.1 * typelib-1_0-Gtk-2_0-2.24.33-150400.4.3.1 * gtk2-debugsource-2.24.33-150400.4.3.1 * libgtk-2_0-0-32bit-2.24.33-150400.4.3.1 * libgtk-2_0-0-debuginfo-2.24.33-150400.4.3.1 * gtk2-tools-debuginfo-2.24.33-150400.4.3.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch) * gtk2-lang-2.24.33-150400.4.3.1 * gtk2-data-2.24.33-150400.4.3.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) * libgtk-2_0-0-2.24.33-150400.4.3.1 * gtk2-tools-2.24.33-150400.4.3.1 * gtk2-devel-debuginfo-2.24.33-150400.4.3.1 * gtk2-devel-2.24.33-150400.4.3.1 * typelib-1_0-Gtk-2_0-2.24.33-150400.4.3.1 * gtk2-debugsource-2.24.33-150400.4.3.1 * libgtk-2_0-0-debuginfo-2.24.33-150400.4.3.1 * gtk2-tools-debuginfo-2.24.33-150400.4.3.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (x86_64) * libgtk-2_0-0-32bit-debuginfo-2.24.33-150400.4.3.1 * gtk2-tools-32bit-2.24.33-150400.4.3.1 * libgtk-2_0-0-32bit-2.24.33-150400.4.3.1 * gtk2-tools-32bit-debuginfo-2.24.33-150400.4.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * gtk2-lang-2.24.33-150400.4.3.1 * gtk2-data-2.24.33-150400.4.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libgtk-2_0-0-2.24.33-150400.4.3.1 * gtk2-tools-2.24.33-150400.4.3.1 * gtk2-devel-debuginfo-2.24.33-150400.4.3.1 * gtk2-devel-2.24.33-150400.4.3.1 *typelib-1_0-Gtk-2_0-2.24.33-150400.4.3.1 * gtk2-debugsource-2.24.33-150400.4.3.1 * libgtk-2_0-0-debuginfo-2.24.33-150400.4.3.1 * gtk2-tools-debuginfo-2.24.33-150400.4.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * libgtk-2_0-0-32bit-debuginfo-2.24.33-150400.4.3.1 * gtk2-tools-32bit-2.24.33-150400.4.3.1 * libgtk-2_0-0-32bit-2.24.33-150400.4.3.1 * gtk2-tools-32bit-debuginfo-2.24.33-150400.4.3.1 * SUSE Manager Proxy 4.3 (x86_64) * libgtk-2_0-0-2.24.33-150400.4.3.1 * gtk2-tools-2.24.33-150400.4.3.1 * gtk2-devel-debuginfo-2.24.33-150400.4.3.1 * gtk2-devel-2.24.33-150400.4.3.1 * typelib-1_0-Gtk-2_0-2.24.33-150400.4.3.1 * gtk2-debugsource-2.24.33-150400.4.3.1 * libgtk-2_0-0-debuginfo-2.24.33-150400.4.3.1 * gtk2-tools-debuginfo-2.24.33-150400.4.3.1 * SUSE Manager Proxy 4.3 (noarch) * gtk2-lang-2.24.33-150400.4.3.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * libgtk-2_0-0-2.24.33-150400.4.3.1 * gtk2-tools-2.24.33-150400.4.3.1 * gtk2-devel-debuginfo-2.24.33-150400.4.3.1 * gtk2-devel-2.24.33-150400.4.3.1 * typelib-1_0-Gtk-2_0-2.24.33-150400.4.3.1 * gtk2-debugsource-2.24.33-150400.4.3.1 * libgtk-2_0-0-debuginfo-2.24.33-150400.4.3.1 * gtk2-tools-debuginfo-2.24.33-150400.4.3.1 * SUSE Manager Retail Branch Server 4.3 (noarch) * gtk2-lang-2.24.33-150400.4.3.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * libgtk-2_0-0-2.24.33-150400.4.3.1 * gtk2-tools-2.24.33-150400.4.3.1 * gtk2-devel-debuginfo-2.24.33-150400.4.3.1 * gtk2-devel-2.24.33-150400.4.3.1 * typelib-1_0-Gtk-2_0-2.24.33-150400.4.3.1 * gtk2-debugsource-2.24.33-150400.4.3.1 * libgtk-2_0-0-debuginfo-2.24.33-150400.4.3.1 * gtk2-tools-debuginfo-2.24.33-150400.4.3.1 * SUSE Manager Server 4.3 (noarch) * gtk2-lang-2.24.33-150400.4.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-6655.html * https://bugzilla.suse.com/show_bug.cgi?id=1228120 . Urgent patch release for gtk2tackles major vulnerability concerns. Ensure you apply the most recent updates for your security.. gtk2 update, SUSE Linux security, software advisory, linux security updates. . Severity: Important. LinuxSecurity.com Team
Jul 30, 2024
•Important
SuSE
100
security advisoryimportantSUSESUSE: 2024:2634-1 Important: gtk2 Library Injection Advisory
* bsc#1228120 Cross-References: * CVE-2024-6655 . # Security update for gtk2 Announcement ID: SUSE-SU-2024:2634-1 Rating: important References: * bsc#1228120 Cross-References: * CVE-2024-6655 CVSS scores: * CVE-2024-6655 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP6 * Desktop Applications Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for gtk2 fixes the following issues: * CVE-2024-6655: Fixed library injection from current working directory (bsc#1228120) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-2634=1 * Desktop Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2024-2634=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-2634=1 openSUSE-SLE-15.6-2024-2634=1 ## Package List: * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libgtk-2_0-0-2.24.33-150600.11.3.1 * gtk2-tools-debuginfo-2.24.33-150600.11.3.1 * typelib-1_0-Gtk-2_0-2.24.33-150600.11.3.1 * gtk2-debugsource-2.24.33-150600.11.3.1 * gtk2-devel-2.24.33-150600.11.3.1 * gtk2-tools-2.24.33-150600.11.3.1 * libgtk-2_0-0-debuginfo-2.24.33-150600.11.3.1 * gtk2-devel-debuginfo-2.24.33-150600.11.3.1 * Basesystem Module 15-SP6 (noarch) * gtk2-lang-2.24.33-150600.11.3.1 * Desktop Applications Module 15-SP6 (noarch) * gtk2-data-2.24.33-150600.11.3.1 * Desktop Applications Module 15-SP6 (x86_64) *gtk2-tools-32bit-debuginfo-2.24.33-150600.11.3.1 * gtk2-tools-32bit-2.24.33-150600.11.3.1 * libgtk-2_0-0-32bit-debuginfo-2.24.33-150600.11.3.1 * gtk2-debugsource-2.24.33-150600.11.3.1 * libgtk-2_0-0-32bit-2.24.33-150600.11.3.1 * openSUSE Leap 15.6 (noarch) * gtk2-data-2.24.33-150600.11.3.1 * gtk2-lang-2.24.33-150600.11.3.1 * gtk2-branding-upstream-2.24.33-150600.11.3.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * gtk2-immodule-inuktitut-debuginfo-2.24.33-150600.11.3.1 * typelib-1_0-Gtk-2_0-2.24.33-150600.11.3.1 * gtk2-immodule-xim-debuginfo-2.24.33-150600.11.3.1 * gtk2-immodule-amharic-debuginfo-2.24.33-150600.11.3.1 * libgtk-2_0-0-debuginfo-2.24.33-150600.11.3.1 * gtk2-immodule-tigrigna-debuginfo-2.24.33-150600.11.3.1 * gtk2-tools-debuginfo-2.24.33-150600.11.3.1 * gtk2-tools-2.24.33-150600.11.3.1 * gtk2-immodule-multipress-debuginfo-2.24.33-150600.11.3.1 * gtk2-immodule-thai-2.24.33-150600.11.3.1 * gtk2-devel-debuginfo-2.24.33-150600.11.3.1 * gtk2-immodule-vietnamese-2.24.33-150600.11.3.1 * libgtk-2_0-0-2.24.33-150600.11.3.1 * gtk2-debugsource-2.24.33-150600.11.3.1 * gtk2-immodule-thai-debuginfo-2.24.33-150600.11.3.1 * gtk2-immodule-tigrigna-2.24.33-150600.11.3.1 * gtk2-immodule-amharic-2.24.33-150600.11.3.1 * gtk2-immodule-multipress-2.24.33-150600.11.3.1 * gtk2-immodule-vietnamese-debuginfo-2.24.33-150600.11.3.1 * gtk2-devel-2.24.33-150600.11.3.1 * gtk2-immodule-xim-2.24.33-150600.11.3.1 * gtk2-immodule-inuktitut-2.24.33-150600.11.3.1 * openSUSE Leap 15.6 (x86_64) * gtk2-immodule-inuktitut-32bit-debuginfo-2.24.33-150600.11.3.1 * gtk2-immodule-xim-32bit-debuginfo-2.24.33-150600.11.3.1 * gtk2-immodule-inuktitut-32bit-2.24.33-150600.11.3.1 * gtk2-immodule-amharic-32bit-debuginfo-2.24.33-150600.11.3.1 * gtk2-immodule-multipress-32bit-debuginfo-2.24.33-150600.11.3.1 * gtk2-immodule-thai-32bit-2.24.33-150600.11.3.1 *gtk2-tools-32bit-2.24.33-150600.11.3.1 * gtk2-devel-32bit-2.24.33-150600.11.3.1 * gtk2-immodule-multipress-32bit-2.24.33-150600.11.3.1 * gtk2-immodule-xim-32bit-2.24.33-150600.11.3.1 * gtk2-tools-32bit-debuginfo-2.24.33-150600.11.3.1 * gtk2-devel-32bit-debuginfo-2.24.33-150600.11.3.1 * gtk2-immodule-vietnamese-32bit-2.24.33-150600.11.3.1 * libgtk-2_0-0-32bit-debuginfo-2.24.33-150600.11.3.1 * gtk2-immodule-vietnamese-32bit-debuginfo-2.24.33-150600.11.3.1 * gtk2-immodule-tigrigna-32bit-debuginfo-2.24.33-150600.11.3.1 * libgtk-2_0-0-32bit-2.24.33-150600.11.3.1 * gtk2-immodule-thai-32bit-debuginfo-2.24.33-150600.11.3.1 * gtk2-immodule-amharic-32bit-2.24.33-150600.11.3.1 * gtk2-immodule-tigrigna-32bit-2.24.33-150600.11.3.1 * openSUSE Leap 15.6 (aarch64_ilp32) * gtk2-immodule-tigrigna-64bit-debuginfo-2.24.33-150600.11.3.1 * gtk2-immodule-xim-64bit-debuginfo-2.24.33-150600.11.3.1 * libgtk-2_0-0-64bit-2.24.33-150600.11.3.1 * gtk2-immodule-thai-64bit-2.24.33-150600.11.3.1 * gtk2-tools-64bit-2.24.33-150600.11.3.1 * gtk2-immodule-inuktitut-64bit-debuginfo-2.24.33-150600.11.3.1 * gtk2-immodule-amharic-64bit-debuginfo-2.24.33-150600.11.3.1 * gtk2-immodule-amharic-64bit-2.24.33-150600.11.3.1 * gtk2-immodule-multipress-64bit-2.24.33-150600.11.3.1 * gtk2-immodule-xim-64bit-2.24.33-150600.11.3.1 * gtk2-tools-64bit-debuginfo-2.24.33-150600.11.3.1 * gtk2-devel-64bit-debuginfo-2.24.33-150600.11.3.1 * gtk2-devel-64bit-2.24.33-150600.11.3.1 * gtk2-immodule-multipress-64bit-debuginfo-2.24.33-150600.11.3.1 * gtk2-immodule-inuktitut-64bit-2.24.33-150600.11.3.1 * gtk2-immodule-vietnamese-64bit-2.24.33-150600.11.3.1 * libgtk-2_0-0-64bit-debuginfo-2.24.33-150600.11.3.1 * gtk2-immodule-thai-64bit-debuginfo-2.24.33-150600.11.3.1 * gtk2-immodule-tigrigna-64bit-2.24.33-150600.11.3.1 * gtk2-immodule-vietnamese-64bit-debuginfo-2.24.33-150600.11.3.1 ## References: *https://www.suse.com/security/cve/CVE-2024-6655.html * https://bugzilla.suse.com/show_bug.cgi?id=1228120 . A crucial security patch for gtk2 resolves a library injection vulnerability identified as CVE-2024-6655, providing essential instructions for Linux users to ensure system safety.. gtk2 Security Advisory, SUSE Important Update, Library Injection CVE, Linux Security Patch Instructions. . Severity: Important. LinuxSecurity.com Team
Jul 30, 2024
•Important
SuSE
100
security advisoryimportantsuseSUSE: 2024:2611-1 Important: Gtk2 Library Injection Threat
* bsc#1228120 Cross-References: * CVE-2024-6655 . # Security update for gtk2 Announcement ID: SUSE-SU-2024:2611-1 Rating: important References: * bsc#1228120 Cross-References: * CVE-2024-6655 CVSS scores: * CVE-2024-6655 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for gtk2 fixes the following issues: * CVE-2024-6655: Fixed library injection from current working directory (bsc#1228120) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-2611=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-2611=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-2611=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-2611=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2024-2611=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * gtk2-devel-2.24.31-9.9.1 * typelib-1_0-Gtk-2_0-2.24.31-9.9.1 * gtk2-devel-debuginfo-2.24.31-9.9.1 * gtk2-debugsource-2.24.31-9.9.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * gtk2-data-2.24.31-9.9.1 * gtk2-lang-2.24.31-9.9.1 * SUSE Linux Enterprise HighPerformance Computing 12 SP5 (aarch64 x86_64) * libgtk-2_0-0-debuginfo-2.24.31-9.9.1 * libgtk-2_0-0-2.24.31-9.9.1 * gtk2-tools-debuginfo-2.24.31-9.9.1 * gtk2-tools-2.24.31-9.9.1 * gtk2-debugsource-2.24.31-9.9.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libgtk-2_0-0-32bit-2.24.31-9.9.1 * libgtk-2_0-0-debuginfo-32bit-2.24.31-9.9.1 * gtk2-tools-debuginfo-32bit-2.24.31-9.9.1 * gtk2-tools-32bit-2.24.31-9.9.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * gtk2-data-2.24.31-9.9.1 * gtk2-lang-2.24.31-9.9.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libgtk-2_0-0-debuginfo-2.24.31-9.9.1 * libgtk-2_0-0-2.24.31-9.9.1 * gtk2-tools-debuginfo-2.24.31-9.9.1 * gtk2-tools-2.24.31-9.9.1 * gtk2-debugsource-2.24.31-9.9.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libgtk-2_0-0-32bit-2.24.31-9.9.1 * libgtk-2_0-0-debuginfo-32bit-2.24.31-9.9.1 * gtk2-tools-debuginfo-32bit-2.24.31-9.9.1 * gtk2-tools-32bit-2.24.31-9.9.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * gtk2-data-2.24.31-9.9.1 * gtk2-lang-2.24.31-9.9.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libgtk-2_0-0-debuginfo-2.24.31-9.9.1 * libgtk-2_0-0-2.24.31-9.9.1 * gtk2-tools-debuginfo-2.24.31-9.9.1 * gtk2-tools-2.24.31-9.9.1 * gtk2-debugsource-2.24.31-9.9.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libgtk-2_0-0-32bit-2.24.31-9.9.1 * libgtk-2_0-0-debuginfo-32bit-2.24.31-9.9.1 * gtk2-tools-debuginfo-32bit-2.24.31-9.9.1 * gtk2-tools-32bit-2.24.31-9.9.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * typelib-1_0-Gtk-2_0-2.24.31-9.9.1 * gtk2-debugsource-2.24.31-9.9.1 ## References: * https://www.suse.com/security/cve/CVE-2024-6655.html * https://bugzilla.suse.com/show_bug.cgi?id=1228120 . SUSE: 2024:2611-2 critical update for gnome-shell tackling CVE-2024-7755linked security vulnerabilities comprehensively.. SUSE Linux Enterprise, Security Update, gtk2 Patch. . Severity: Important. LinuxSecurity.com Team
Jul 29, 2024
•Important
SuSE
100
security advisorydenial of serviceremote code executionSUSE: 2018:2470-1 Moderate Fix for gtk2 Denial Of Service Issue
An update that solves 5 vulnerabilities and has one errata is now available. . SUSE Security Update: Security update for gtk2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2470-1 Rating: moderate References: #1027024 #1027025 #1027026 #1039465 #1048289 #1048544 Cross-References: CVE-2017-2862 CVE-2017-2870 CVE-2017-6312 CVE-2017-6313 CVE-2017-6314 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: This update for gtk2 provides the following fixes: These security issues were fixed: - CVE-2017-6312: Prevent integer overflow that allowed context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file (bsc#1027026). - CVE-2017-6314: The make_available_at_least function allowed context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file (bsc#1027025). - CVE-2017-6313: Prevent integer underflow in the load_resources function that allowed context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file (bsc#1027024). - CVE-2017-2862: Prevent heap overflow in the gdk_pixbuf__jpeg_image_load_increment function. A specially crafted jpeg file could have caused a heap overflow resulting in remote code execution (bsc#1048289) - CVE-2017-2870: Prevent integer overflow in the tiff_image_parse functionality. A specially crafted tiff file could have caused a heap-overflow resulting inremote code execution (bsc#1048544). This non-security issue was fixed: - Prevent an infinite loop when a window is destroyed while traversed (bsc#1039465). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-gtk2-13748=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-gtk2-13748=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-gtk2-13748=1 Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64): gtk2-devel-2.18.9-0.45.8.1 - SUSE Linux Enterprise Software Development Kit 11-SP4 (ppc64): gtk2-devel-32bit-2.18.9-0.45.8.1 - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): gtk2-2.18.9-0.45.8.1 gtk2-doc-2.18.9-0.45.8.1 gtk2-lang-2.18.9-0.45.8.1 - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64): gtk2-32bit-2.18.9-0.45.8.1 - SUSE Linux Enterprise Server 11-SP4 (ia64): gtk2-x86-2.18.9-0.45.8.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): gtk2-debuginfo-2.18.9-0.45.8.1 gtk2-debugsource-2.18.9-0.45.8.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): gtk2-debuginfo-32bit-2.18.9-0.45.8.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ia64): gtk2-debuginfo-x86-2.18.9-0.45.8.1 References: https://www.suse.com/security/cve/CVE-2017-2862.html https://www.suse.com/security/cve/CVE-2017-2870.html https://www.suse.com/security/cve/CVE-2017-6312.html https://www.suse.com/security/cve/CVE-2017-6313.html https://www.suse.com/security/cve/CVE-2017-6314.html https://bugzilla.suse.com/1027024 https://bugzilla.suse.com/1027025 https://bugzilla.suse.com/1027026 https://bugzilla.suse.com/1039465 https://bugzilla.suse.com/1048289 https://bugzilla.suse.com/1048544 . The recent SUSE update for gtk2 addresses various problems, such as potential remote code execution and denial of service vulnerabilities.. SUSE Update, gtk2 Security, Denial of Service Fix. . LinuxSecurity.com Team
Aug 21, 2018
SuSE
200
security advisorybug fixgtk2Scientific Linux 6: SLBA-2014:1554 Bug Fix Update for gtk2 and gdk-pixbuf2
SLBA-2014:1554 is a runtime dependency of several security . Date: Wed, 5 Nov 2014 11:45:58 -0600 Reply-To: Pat Riehecky Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Bugfix ERRATA: SLBA-2014:1554 gtk2, gdk-pixbuf2, librsvg2, and libwmf bug fix and enhancement update SL6.x i386/x86_64 MIME-Version: 1.0 Synopsis: SLBA-2014:1554 is a runtime dependency of several security errata pacakges Issue date: 2014-11-05 The previous publication of SLBA-2014:1554 was incomplete. This update has been placed in the security tree along with the rest of SLBA-2014:1554 SL6.x i386: libwmf-lite-0.2.8.4-23.el6.i686.rpm gdk-pixbuf2-2.24.1-5.el6.i686.rpm libwmf-0.2.8.4-23.el6.i686.rpm libwmf-devel-0.2.8.4-23.el6.i686.rpm gtk2-devel-2.24.23-6.el6.i686.rpm gtk2-2.24.23-6.el6.i686.rpm gdk-pixbuf2-devel-2.24.1-5.el6.i686.rpm librsvg2-2.26.0-14.el6.i686.rpm gtk2-immodule-xim-2.24.23-6.el6.i686.rpm gtk2-immodules-2.24.23-6.el6.i686.rpm librsvg2-devel-2.26.0-14.el6.i686.rpm gtk2-devel-docs-2.24.23-6.el6.i686.rpm x86_64: gtk2-immodule-xim-2.24.23-6.el6.x86_64.rpm gtk2-2.24.23-6.el6.x86_64.rpm gdk-pixbuf2-devel-2.24.1-5.el6.x86_64.rpm gdk-pixbuf2-2.24.1-5.el6.x86_64.rpm librsvg2-devel-2.26.0-14.el6.i686.rpm librsvg2-devel-2.26.0-14.el6.x86_64.rpm gtk2-2.24.23-6.el6.i686.rpm librsvg2-2.26.0-14.el6.x86_64.rpm libwmf-0.2.8.4-23.el6.x86_64.rpm libwmf-devel-0.2.8.4-23.el6.x86_64.rpm gtk2-devel-docs-2.24.23-6.el6.x86_64.rpm gtk2-devel-2.24.23-6.el6.i686.rpm libwmf-0.2.8.4-23.el6.i686.rpm gdk-pixbuf2-devel-2.24.1-5.el6.i686.rpm librsvg2-2.26.0-14.el6.i686.rpm gtk2-devel-2.24.23-6.el6.x86_64.rpm gtk2-immodule-xim-2.24.23-6.el6.i686.rpm libwmf-lite-0.2.8.4-23.el6.i686.rpm gtk2-immodules-2.24.23-6.el6.i686.rpm libwmf-devel-0.2.8.4-23.el6.i686.rpm libwmf-lite-0.2.8.4-23.el6.x86_64.rpm gtk2-immodules-2.24.23-6.el6.x86_64.rpm gdk-pixbuf2-2.24.1-5.el6.i686.rpm . Updates applied to runtime dependencies for SLBA-2014:1554 on Scientific Linux, enhancing security measures andoverall performance.. Scientific Linux, Bug Fix, Security Errata. . Severity: Important. LinuxSecurity.com Team
Nov 05, 2014
•Important
Scientific Linux
200
security advisorybug fixremote attackScientific Linux: gtk2 Low Severity Security Update January 2013
Low: gtk2 security and bug fix update. Date: Wed, 16 Jan 2013 16:10:31 -0600 Reply-To: Pat Riehecky Sender: Security Errata for Scientific Linux From: Pat Riehecky Organization: Fermilab Subject: Security ERRATA Low: gtk2 on SL5.x i386/x86_64 MIME-Version: 1.0 Synopsis: Low: gtk2 security and bug fix update Issue Date: 2013-01-08 CVE Numbers: CVE-2012-2370 -- An integer overflow flaw was found in the X BitMap (XBM) image file loader in GTK+. A remote attacker could provide a specially-crafted XBM image file that, when opened in an application linked against GTK+ (such as Nautilus), would cause the application to crash. (CVE-2012-2370) This update also fixes the following bugs: * Due to a bug in the Input Method GTK+ module, the usage of the Taiwanese Big5 (zh_TW.Big-5) locale led to the unexpected termination of certain applications, such as the GDM greeter. The bug has been fixed, and the Taiwanese locale no longer causes applications to terminate unexpectedly. * When a file was initially selected after the GTK+ file chooser dialog was opened and the Location field was visible, pressing the Enter key did not open the file. With this update, the initially selected file is opened regardless of the visibility of the Location field. * When a file was initially selected after the GTK+ file chooser dialog was opened and the Location field was visible, pressing the Enter key did not change into the directory. With this update, the dialog changes into the initially selected directory regardless of the visibility of the Location field. * Previously, the GTK Print dialog did not reflect the user-defined printer preferences stored in the ~/.cups/lpoptions file, such as those set in the Default Printer preferences panel. Consequently, the first device in the printer list was always set as a default printer. With this update, the underlying source code has been enhanced to parse the option file. As a result, the default values in the print dialog are set to those previously specified by the user. * The GTK+file chooser did not properly handle saving of nameless files. Consequently, attempting to save a file without specifying a file name caused GTK+ to become unresponsive. With this update, an explicit test for this condition has been added into the underlying source code. As a result, GTK+ no longer hangs in the described scenario. * When using certain graphics tablets, the GTK+ library incorrectly translated the input coordinates. Consequently, an offset occurred between the position of the pen and the content drawn on the screen. This issue was limited to the following configuration: a Wacom tablet with input coordinates bound to a single monitor in a dual head configuration, drawing with a pen with the pressure sensitivity option enabled. With this update, the coordinate translation method has been changed, and the offset is no longer present in the described configuration. * Previously, performing drag and drop operations on tabs in applications using the GtkNotebook widget could lead to releasing the same resource twice. Eventually, this behavior caused the applications to terminate with a segmentation fault. This bug has been fixed, and the applications using GtkNotebook no longer terminate in the aforementioned scenario. All users of GTK+ are advised to upgrade to these updated packages, which contain backported patches to correct these issues. -- SL5 x86_64 gtk2-2.10.4-29.el5.i386.rpm gtk2-2.10.4-29.el5.x86_64.rpm gtk2-debuginfo-2.10.4-29.el5.i386.rpm gtk2-debuginfo-2.10.4-29.el5.x86_64.rpm gtk2-devel-2.10.4-29.el5.i386.rpm gtk2-devel-2.10.4-29.el5.x86_64.rpm i386 gtk2-2.10.4-29.el5.i386.rpm gtk2-debuginfo-2.10.4-29.el5.i386.rpm gtk2-devel-2.10.4-29.el5.i386.rpm - Scientific Linux Development Team . To enhance security and rectify minor bugs, it is advisable to update GTK2 on Scientific Linux SL5.x.. gtk2 Update, Scientific Linux Security, Remote Attack Fixes. . Severity: Low. LinuxSecurity.com Team
Jan 16, 2013
•Low
Scientific Linux
98
security advisoryRed Hatbug fixRedHat: RHSA-2013-0135-01 Low: gtk2 Integer Overflow DoS
Updated gtk2 packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Low: gtk2 security and bug fix update Advisory ID: RHSA-2013:0135-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2013:0135.html Issue date: 2013-01-08 CVE Names: CVE-2012-2370 ==================================================================== 1. Summary: Updated gtk2 packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: GIMP Toolkit (GTK+) is a multi-platform toolkit for creating graphical user interfaces. An integer overflow flaw was found in the X BitMap (XBM) image file loader in GTK+. A remote attacker could provide a specially-crafted XBM image file that, when opened in an application linked against GTK+ (such as Nautilus), would cause the application to crash. (CVE-2012-2370) This update also fixes the following bugs: * Due to a bug in the Input Method GTK+ module, the usage of the Taiwanese Big5 (zh_TW.Big-5) locale led to the unexpected termination of certain applications, such as the GDM greeter. The bug has been fixed, and the Taiwanese locale no longercauses applications to terminate unexpectedly. (BZ#487630) * When a file was initially selected after the GTK+ file chooser dialog was opened and the Location field was visible, pressing the Enter key did not open the file. With this update, the initially selected file is opened regardless of the visibility of the Location field. (BZ#518483) * When a file was initially selected after the GTK+ file chooser dialog was opened and the Location field was visible, pressing the Enter key did not change into the directory. With this update, the dialog changes into the initially selected directory regardless of the visibility of the Location field. (BZ#523657) * Previously, the GTK Print dialog did not reflect the user-defined printer preferences stored in the ~/.cups/lpoptions file, such as those set in the Default Printer preferences panel. Consequently, the first device in the printer list was always set as a default printer. With this update, the underlying source code has been enhanced to parse the option file. As a result, the default values in the print dialog are set to those previously specified by the user. (BZ#603809) * The GTK+ file chooser did not properly handle saving of nameless files. Consequently, attempting to save a file without specifying a file name caused GTK+ to become unresponsive. With this update, an explicit test for this condition has been added into the underlying source code. As a result, GTK+ no longer hangs in the described scenario. (BZ#702342) * When using certain graphics tablets, the GTK+ library incorrectly translated the input coordinates. Consequently, an offset occurred between the position of the pen and the content drawn on the screen. This issue was limited to the following configuration: a Wacom tablet with input coordinates bound to a single monitor in a dual head configuration, drawing with a pen with the pressure sensitivity option enabled. With this update, the coordinate translation method has been changed, and the offset is no longer present in the describedconfiguration. (BZ#743658) * Previously, performing drag and drop operations on tabs in applications using the GtkNotebook widget could lead to releasing the same resource twice. Eventually, this behavior caused the applications to terminate with a segmentation fault. This bug has been fixed, and the applications using GtkNotebook no longer terminate in the aforementioned scenario. (BZ#830901) All users of GTK+ are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 487630 - [zh_CN.Big-5] gdm imcontext crash 518483 - file chooser does not open the default selected file if the Location field is visible 603809 - GtkPrintUnixDialog (OpenOffice.org|evince) fails to use a user configured default cups printer (~/.cups/lpoptions) 822468 - CVE-2012-2370 gdk-pixbuf: DoS (GLib error and application abort) due to an integer overflow in the XBM image file format loader 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: gtk2-2.10.4-29.el5.i386.rpm gtk2-debuginfo-2.10.4-29.el5.i386.rpm x86_64: gtk2-2.10.4-29.el5.i386.rpm gtk2-2.10.4-29.el5.x86_64.rpm gtk2-debuginfo-2.10.4-29.el5.i386.rpm gtk2-debuginfo-2.10.4-29.el5.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: i386: gtk2-debuginfo-2.10.4-29.el5.i386.rpm gtk2-devel-2.10.4-29.el5.i386.rpm x86_64: gtk2-debuginfo-2.10.4-29.el5.i386.rpm gtk2-debuginfo-2.10.4-29.el5.x86_64.rpm gtk2-devel-2.10.4-29.el5.i386.rpm gtk2-devel-2.10.4-29.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5server): Source: i386: gtk2-2.10.4-29.el5.i386.rpm gtk2-debuginfo-2.10.4-29.el5.i386.rpm gtk2-devel-2.10.4-29.el5.i386.rpm ia64: gtk2-2.10.4-29.el5.i386.rpm gtk2-2.10.4-29.el5.ia64.rpm gtk2-debuginfo-2.10.4-29.el5.i386.rpm gtk2-debuginfo-2.10.4-29.el5.ia64.rpm gtk2-devel-2.10.4-29.el5.ia64.rpm ppc: gtk2-2.10.4-29.el5.ppc.rpm gtk2-2.10.4-29.el5.ppc64.rpm gtk2-debuginfo-2.10.4-29.el5.ppc.rpm gtk2-debuginfo-2.10.4-29.el5.ppc64.rpm gtk2-devel-2.10.4-29.el5.ppc.rpm gtk2-devel-2.10.4-29.el5.ppc64.rpm s390x: gtk2-2.10.4-29.el5.s390.rpm gtk2-2.10.4-29.el5.s390x.rpm gtk2-debuginfo-2.10.4-29.el5.s390.rpm gtk2-debuginfo-2.10.4-29.el5.s390x.rpm gtk2-devel-2.10.4-29.el5.s390.rpm gtk2-devel-2.10.4-29.el5.s390x.rpm x86_64: gtk2-2.10.4-29.el5.i386.rpm gtk2-2.10.4-29.el5.x86_64.rpm gtk2-debuginfo-2.10.4-29.el5.i386.rpm gtk2-debuginfo-2.10.4-29.el5.x86_64.rpm gtk2-devel-2.10.4-29.el5.i386.rpm gtk2-devel-2.10.4-29.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2012-2370 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQ68WCXlSAg2UNWIIRAhfoAKCpQrb8Kmu0e6yo3GMpkOTKaF0twwCbBpi5 tPmbgWQ7AHYm670Q3xv+RUk=49Hw -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Jan 08, 2013
•Low
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!