Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -7 articles for you...
100
security advisorymoderateXSSSUSE: 2021:3728-1 Moderate: Ardana Ansible and Monasca Update
An update that fixes two vulnerabilities, contains one feature is now available. . SUSE Security Update: Security update for ardana-ansible, ardana-monasca, documentation-suse-openstack-cloud, openstack-ec2-api, openstack-heat-templates, python-Django, python-monasca-common, rubygem-redcarpet, rubygem-puma ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3728-1 Rating: moderate References: #1180837 #1191681 SOC-11543 Cross-References: CVE-2020-26298 CVE-2021-41136 CVSS scores: CVE-2020-26298 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2020-26298 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2021-41136 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N CVE-2021-41136 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes two vulnerabilities, contains one feature is now available. Description: This update for ardana-ansible, ardana-monasca, documentation-suse-openstack-cloud, openstack-ec2-api, openstack-heat-templates, python-Django, python-monasca-common, rubygem-redcarpet, rubygem-puma contains the following fixes: Security fixes included in this update: rubygem-redcarpet: CVE-2020-26298: Fixed XSS via HTML escaping when processing quotes. (bsc#1180837) rubygem-puma: CVE-2021-41136: Fixed build of the Java state machine for parsing HTTP. (bsc#1191681) Non-security fixes included in this update: Changes in ardana-ansible: * Patch service.py to skip blank lines. Changes in ardana-monasca: * Use specific TLS versions for monasca-thresh DB connections. (SOC-11543) Changes indocumentation-suse-openstack-cloud: * CI: only run on DocBook/AsciiDoc paths, make upload fails nonfatal * DC files: Update to 2021 stylesheets (#1327) * CI: Use GitHub Actions Changes in openstack-ec2-api: * Remove jobs corresponds to obselete featuresets * OpenDev Migration Patch Changes in openstack-heat-templates: * [ussuri][goal] Update contributor documentation Changes in python-Django: - Add missing dependency for CVE-2021-31542 Changes in python-monasca-common: - Remove renderspec source service. - Retry publish once on failures. (SOC-11543) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-3728=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-3728=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-3728=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): documentation-suse-openstack-cloud-deployment-8.20210806-1.35.1 documentation-suse-openstack-cloud-supplement-8.20210806-1.35.1 documentation-suse-openstack-cloud-upstream-admin-8.20210806-1.35.1 documentation-suse-openstack-cloud-upstream-user-8.20210806-1.35.1 openstack-ec2-api-5.0.1~dev12-4.9.1 openstack-ec2-api-api-5.0.1~dev12-4.9.1 openstack-ec2-api-metadata-5.0.1~dev12-4.9.1 openstack-ec2-api-s3-5.0.1~dev12-4.9.1 openstack-heat-templates-0.0.0+git.1628179051.7d761bf-3.24.1 python-Django-1.11.29-3.28.1 python-ec2api-5.0.1~dev12-4.9.1 python-monasca-common-2.3.1~dev4-4.9.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): ruby2.1-rubygem-puma-2.16.0-3.15.1 ruby2.1-rubygem-puma-debuginfo-2.16.0-3.15.1 ruby2.1-rubygem-redcarpet-3.2.3-3.3.1 ruby2.1-rubygem-redcarpet-debuginfo-3.2.3-3.3.1 rubygem-puma-debugsource-2.16.0-3.15.1 rubygem-redcarpet-debugsource-3.2.3-3.3.1 - SUSE OpenStack Cloud 8 (noarch): ardana-ansible-8.0+git.1632499354.a56668f-3.82.1 ardana-monasca-8.0+git.1627997000.6c3bc04-3.30.1 documentation-suse-openstack-cloud-installation-8.20210806-1.35.1 documentation-suse-openstack-cloud-operations-8.20210806-1.35.1 documentation-suse-openstack-cloud-opsconsole-8.20210806-1.35.1 documentation-suse-openstack-cloud-planning-8.20210806-1.35.1 documentation-suse-openstack-cloud-security-8.20210806-1.35.1 documentation-suse-openstack-cloud-supplement-8.20210806-1.35.1 documentation-suse-openstack-cloud-upstream-admin-8.20210806-1.35.1 documentation-suse-openstack-cloud-upstream-user-8.20210806-1.35.1 documentation-suse-openstack-cloud-user-8.20210806-1.35.1 openstack-ec2-api-5.0.1~dev12-4.9.1 openstack-ec2-api-api-5.0.1~dev12-4.9.1 openstack-ec2-api-metadata-5.0.1~dev12-4.9.1 openstack-ec2-api-s3-5.0.1~dev12-4.9.1 openstack-heat-templates-0.0.0+git.1628179051.7d761bf-3.24.1 python-Django-1.11.29-3.28.1 python-ec2api-5.0.1~dev12-4.9.1 python-monasca-common-2.3.1~dev4-4.9.1 venv-openstack-heat-x86_64-9.0.8~dev22-12.35.1 venv-openstack-horizon-x86_64-12.0.5~dev6-14.38.2 venv-openstack-monasca-x86_64-2.2.2~dev1-11.30.1 - HPE Helion Openstack 8 (noarch): ardana-ansible-8.0+git.1632499354.a56668f-3.82.1 ardana-monasca-8.0+git.1627997000.6c3bc04-3.30.1 documentation-hpe-helion-openstack-installation-8.20210806-1.35.1 documentation-hpe-helion-openstack-operations-8.20210806-1.35.1 documentation-hpe-helion-openstack-opsconsole-8.20210806-1.35.1 documentation-hpe-helion-openstack-planning-8.20210806-1.35.1 documentation-hpe-helion-openstack-security-8.20210806-1.35.1 documentation-hpe-helion-openstack-user-8.20210806-1.35.1 openstack-ec2-api-5.0.1~dev12-4.9.1 openstack-ec2-api-api-5.0.1~dev12-4.9.1 openstack-ec2-api-metadata-5.0.1~dev12-4.9.1 openstack-ec2-api-s3-5.0.1~dev12-4.9.1 openstack-heat-templates-0.0.0+git.1628179051.7d761bf-3.24.1 python-Django-1.11.29-3.28.1 python-ec2api-5.0.1~dev12-4.9.1 python-monasca-common-2.3.1~dev4-4.9.1 venv-openstack-heat-x86_64-9.0.8~dev22-12.35.1 venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.38.1 venv-openstack-monasca-x86_64-2.2.2~dev1-11.30.1 References: https://www.suse.com/security/cve/CVE-2020-26298.html https://www.suse.com/security/cve/CVE-2021-41136.html https://bugzilla.suse.com/1180837 https://bugzilla.suse.com/1191681 . Enhancements made for ardana-ansible, ardana-monasca, along with various other SUSE packages addressing XSS vulnerabilities and HTTP concerns. Discover more!. SUSE Security Update, Ardana Ansible Fix, OpenStack Security Fixes. . LinuxSecurity.com Team
Nov 19, 2021
SuSE
197
security advisorydebianauthenticationDebian: DLA-1894-1 Moderate: XSS in libapache2-mod-auth-openidc
Compass Security Schweiz AG discovered an issue in libapache2-mod-auth-openidc, an OpenID Connect authentication module for Apache. The OIDCRedirectURI page contains generated JavaScript code that . Package : libapache2-mod-auth-openidc Version : 1.6.0-1+deb8u1 CVE ID : CVE-2019-1010247 Compass Security Schweiz AG discovered an issue in libapache2-mod-auth-openidc, an OpenID Connect authentication module for Apache. The OIDCRedirectURI page contains generated JavaScript code that uses a poll parameter as a string variable, thus might contain additional JavaScript code. This might result in Criss-Site Scripting (XSS). For Debian 8 "Jessie", this problem has been fixed in version 1.6.0-1+deb8u1. We recommend that you upgrade your libapache2-mod-auth-openidc packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . libapache2-mod-auth-openidc patch addresses XSS vulnerability; Debian 8 users should consider upgrading.. libapache2-mod-auth-openidc, Debian LTS, cross-site scripting, security patch. . Severity: Important. LinuxSecurity.com Team
Aug 23, 2019
•Important
Debian LTS
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!