Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
203
security advisorysecurity issuephpMageia 9: MGASA-2024-0375 critical: php heap errors and segfaults
Some heap errors, segmentation faults and security vulnerabilities have been found and corrected. It is advised to install this update. References: - https://bugs.mageia.org/show_bug.cgi?id=33793 . MGASA-2024-0375 - Updated php packages fix security vulnerabilities Publication date: 27 Nov 2024 URL: https://advisories.mageia.org/MGASA-2024-0375.html Type: security Affected Mageia releases: 9 CVE: CVE-2024-8932, CVE-2024-8929, CVE-2024-11236, CVE-2024-11233, CVE-2024-11234 Some heap errors, segmentation faults and security vulnerabilities have been found and corrected. It is advised to install this update. References: - https://bugs.mageia.org/show_bug.cgi?id=33793 - https://www.cve.org/CVERecord?id=CVE-2024-8932 - https://www.cve.org/CVERecord?id=CVE-2024-8929 - https://www.cve.org/CVERecord?id=CVE-2024-11236 - https://www.cve.org/CVERecord?id=CVE-2024-11233 - https://www.cve.org/CVERecord?id=CVE-2024-11234 SRPMS: - 9/core/php-8.2.26-1.mga9 . Recent php package updates patch vulnerabilities in Mageia. It is imperative to apply this security advisory fix.. php Packages, Mageia Security, Heap Errors, Segmentation Faults. . Severity: Critical. LinuxSecurity.com Team
Nov 27, 2024
•Critical
Mageia
100
security advisorysecurity updateimportantSUSE Linux Enterprise Micro: 2024:2171-2 Important: Libarchive Heap Issue
* bsc#1225971 Cross-References: * CVE-2024-20696 . # Security update for libarchive Announcement ID: SUSE-SU-2024:2171-2 Rating: important References: * bsc#1225971 Cross-References: * CVE-2024-20696 CVSS scores: * CVE-2024-20696 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Micro 5.5 An update that solves one vulnerability can now be installed. ## Description: This update for libarchive fixes the following issues: * CVE-2024-20696: Fixed heap based out-of-bounds write (bsc#1225971). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-2171=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libarchive13-debuginfo-3.5.1-150400.3.15.1 * libarchive13-3.5.1-150400.3.15.1 * libarchive-debugsource-3.5.1-150400.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2024-20696.html * https://bugzilla.suse.com/show_bug.cgi?id=1225971 . Important security patch for libarchive resolves a heap overflow vulnerability in SUSE Linux Enterprise Micro.. SUSE Linux Enterprise Micro, libarchive patch, security update, important advisory, software fix. . Severity: Important. LinuxSecurity.com Team
Jul 12, 2024
•Important
SuSE
100
security advisorykernel updateimportantSUSE SLE 15 SP2: 2024:1729-1 Important Kernel Patch Notification
* bsc#1216644 * bsc#1218259 * bsc#1220211 * bsc#1220832 * bsc#1222685 . # Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP2) Announcement ID: SUSE-SU-2024:1729-1 Rating: important References: * bsc#1216644 * bsc#1218259 * bsc#1220211 * bsc#1220832 * bsc#1222685 * bsc#1223514 Cross-References: * CVE-2022-48651 * CVE-2023-52502 * CVE-2023-6546 * CVE-2023-6931 * CVE-2024-26585 CVSS scores: * CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52502 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6931 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6931 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26585 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26585 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves five vulnerabilities and has one security fix can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_163 fixes several issues. The following security issues were fixed: * CVE-2023-6931: Fixed a heap out-of-bounds write vulnerability in perf_read_group() (bsc#1216644). * CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb-> mac_header (bsc#1223514). * CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220832). * CVE-2024-26585: Fixed race between tx work scheduling and socket close for tls (bsc#1220211). * CVE-2023-6546: Fixed a race condition that could lead to a use-after-freein the GSM 0710 tty multiplexor (bsc#1222685). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2024-1729=1 SUSE-SLE- Module-Live-Patching-15-SP2-2024-1733=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150200_24_163-default-9-150200.2.1 * kernel-livepatch-SLE15-SP2_Update_38-debugsource-11-150200.2.1 * kernel-livepatch-5_3_18-150200_24_157-default-debuginfo-11-150200.2.1 * kernel-livepatch-5_3_18-150200_24_157-default-11-150200.2.1 * kernel-livepatch-5_3_18-150200_24_163-default-debuginfo-9-150200.2.1 * kernel-livepatch-SLE15-SP2_Update_40-debugsource-9-150200.2.1 ## References: * https://www.suse.com/security/cve/CVE-2022-48651.html * https://www.suse.com/security/cve/CVE-2023-52502.html * https://www.suse.com/security/cve/CVE-2023-6546.html * https://www.suse.com/security/cve/CVE-2023-6931.html * https://www.suse.com/security/cve/CVE-2024-26585.html * https://bugzilla.suse.com/show_bug.cgi?id=1216644 * https://bugzilla.suse.com/show_bug.cgi?id=1218259 * https://bugzilla.suse.com/show_bug.cgi?id=1220211 * https://bugzilla.suse.com/show_bug.cgi?id=1220832 * https://bugzilla.suse.com/show_bug.cgi?id=1222685 * https://bugzilla.suse.com/show_bug.cgi?id=1223514 . Critical patch released for the Linux kernel in SUSE SLE 15 SP2 tackling various security flaws along with guidance on installation procedures.. Kernel Patch,SLE 15 Security,Race Condition Fix,Heap Overflow,Out-of-Bounds Error. . Severity: Important. LinuxSecurity.com Team
May 21, 2024
•Important
SuSE
100
security advisoryimportantmultiple issuesSUSE: 2021:0457-1 Critical: OpenSSL Security Flaws Resolved
An update that fixes 9 vulnerabilities is now available. . SUSE Security Update: Security update for LibVNCServer ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0080-1 Rating: important References: #1120114 #1120115 #1120116 #1120117 #1120118 #1120119 #1120120 #1120121 #1120122 Cross-References: CVE-2018-15126 CVE-2018-15127 CVE-2018-20019 CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20023 CVE-2018-20024 CVE-2018-6307 Affected Products: SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Module for Packagehub Subpackages 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-15126: Fixed use-after-free in file transfer extension (bsc#1120114) - CVE-2018-6307: Fixed use-after-free in file transfer extension server code (bsc#1120115) - CVE-2018-20020: Fixed heap out-of-bound write inside structure in VNC client code (bsc#1120116) - CVE-2018-15127: Fixed heap out-of-bounds write in rfbserver.c (bsc#1120117) - CVE-2018-20019: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1120118) - CVE-2018-20023: Fixed information disclosure through improper initialization in VNC Repeater client code (bsc#1120119) - CVE-2018-20022: Fixed information disclosure through improper initialization in VNC client code (bsc#1120120) - CVE-2018-20024: Fixed NULL pointer dereference in VNC client code (bsc#1120121) - CVE-2018-20021: Fixed infinite loop in VNC client code (bsc#1120122) Patch Instructions: To install this SUSESecurity Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15: zypper in -t patch SUSE-SLE-Product-WE-15-2019-80=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-2019-80=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-80=1 Package List: - SUSE Linux Enterprise Workstation Extension 15 (x86_64): LibVNCServer-debugsource-0.9.10-4.3.1 libvncclient0-0.9.10-4.3.1 libvncclient0-debuginfo-0.9.10-4.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.10-4.3.1 libvncserver0-0.9.10-4.3.1 libvncserver0-debuginfo-0.9.10-4.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.10-4.3.1 LibVNCServer-devel-0.9.10-4.3.1 libvncserver0-0.9.10-4.3.1 libvncserver0-debuginfo-0.9.10-4.3.1 References: https://www.suse.com/security/cve/CVE-2018-15126.html https://www.suse.com/security/cve/CVE-2018-15127.html https://www.suse.com/security/cve/CVE-2018-20019.html https://www.suse.com/security/cve/CVE-2018-20020.html https://www.suse.com/security/cve/CVE-2018-20021.html https://www.suse.com/security/cve/CVE-2018-20022.html https://www.suse.com/security/cve/CVE-2018-20023.html https://www.suse.com/security/cve/CVE-2018-20024.html https://www.suse.com/security/cve/CVE-2018-6307.html https://bugzilla.suse.com/1120114 https://bugzilla.suse.com/1120115 https://bugzilla.suse.com/1120116 https://bugzilla.suse.com/1120117 https://bugzilla.suse.com/1120118 https://bugzilla.suse.com/1120119 https://bugzilla.suse.com/1120120 https://bugzilla.suse.com/1120121 https://bugzilla.suse.com/1120122 _______________________________________________ sle-security-updates mailing list
Jan 11, 2019
•Important
SuSE
203
security advisorydenial of servicebuffer overflowMageia 6: 2018-0438 Moderate: cimg and gmic Buffer Overflow DoS
Updated cimg and gmic packages fix security vulnerabilities: An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h (CVE-2018-7587). . MGASA-2018-0438 - Updated cimg and gmic packages fix security vulnerabilities Publication date: 03 Nov 2018 URL: https://advisories.mageia.org/MGASA-2018-0438.html Type: security Affected Mageia releases: 6 CVE: CVE-2018-7587, CVE-2018-7588, CVE-2018-7589, CVE-2018-7637, CVE-2018-7638, CVE-2018-7639, CVE-2018-7640, CVE-2018-7641 Updated cimg and gmic packages fix security vulnerabilities: An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h (CVE-2018-7587). An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image (CVE-2018-7588). An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h occurs when loading a crafted bmp image (CVE-2018-7589). An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a "16 colors" case, aka case 4 (CVE-2018-7637). An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a "256 colors" case, aka case 8 (CVE-2018-7638). An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a "16 bits colors" case, aka case 16 (CVE-2018-7639). An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a Monochrome case, aka case 1 (CVE-2018-7640). An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a "32 bits colors" case, aka case32 (CVE-2018-7641). References: - https://bugs.mageia.org/show_bug.cgi?id=23700 - https://lists.fedoraproject.org/archives/list/
Nov 03, 2018
Mageia
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!