Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
89
security advisorydenial of servicefedoraFedora 42: cpp-httplib Critical Denial of Service Issues 2026-3b0e5b457d
Update to 0.30.1 Denial of service (DOS) using zip bomb (CVE-2026-22776) CRLF injection in http headers (CVE-2026-21428) Untrusted HTTP Header Handling: X-Forwarded-For/X-Real-IP Trust (CVE-2025-66577) https://github.com/yhirose/cpp-httplib/releases/tag/v0.30.1. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-3b0e5b457d 2026-01-22 01:14:01.609543+00:00 -------------------------------------------------------------------------------- Name : cpp-httplib Product : Fedora 42 Version : 0.30.1 Release : 5.fc42 URL : https://github.com/yhirose/cpp-httplib Summary : A C++11 single-file header-only cross platform HTTP/HTTPS library Description : A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include the httplib.h file in your code! -------------------------------------------------------------------------------- Update Information: Update to 0.30.1 Denial of service (DOS) using zip bomb (CVE-2026-22776) CRLF injection in http headers (CVE-2026-21428) Untrusted HTTP Header Handling: X-Forwarded-For/X-Real-IP Trust (CVE-2025-66577) https://github.com/yhirose/cpp-httplib/releases/tag/v0.30.1 -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 13 2026 Petr Men\u0161k - 0.30.1-5 - Switch to GCC 15 test fix with active PR * Tue Jan 13 2026 Petr Men\u0161k - 0.30.1-4 - Drop 32 bit support like upstream did * Mon Jan 12 2026 Petr Men\u0161k - 0.30.1-3 - fixup! Fix tests in last release * Mon Jan 12 2026 Petr Men\u0161k - 0.30.1-2 - Fix tests in last release * Mon Jan 12 2026 Petr Men\u0161k - 0.30.1-1 - Update to 0.30.1 (rhbz#2406686) * Sat Aug 30 2025 Orion Poplawski - 0.26.0-1 - Update to 0.26.0 (CVE-2025-53629) * Wed Jul 23 2025 Fedora Release Engineering - 0.20.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Fri May 9 2025 Orion Poplawski - 0.20.1-1 - Update to0.20.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2364284 - CVE-2025-46728 cpp-httplib: cpp-httplib has Unbounded Memory Allocation in Chunked/No-Length Requests [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2364284 [ 2 ] Bug #2379431 - CVE-2025-53629 cpp-httplib: cpp-httplib Unbounded Memory Allocation in Chunked/No-Length Requests Vulnerability [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2379431 [ 3 ] Bug #2419548 - CVE-2025-66570 cpp-httplib: cpp-httplib Untrusted HTTP Header Handling [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2419548 [ 4 ] Bug #2419631 - CVE-2025-66577 cpp-httplib: cpp-httplib Untrusted HTTP Header Handling: X-Forwarded-For/X-Real-IP Trust [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2419631 [ 5 ] Bug #2426699 - CVE-2026-21428 cpp-httplib: cpp-httplib: Server-Side Request Forgery via header injection [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2426699 [ 6 ] Bug #2428893 - CVE-2026-22776 cpp-httplib: cpp-httplib: Denial of Service due to excessive memory usage from compressed HTTP request bodies [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2428893 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-3b0e5b457d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Critical Fedora 42 update for cpp-httplib addresses denial of service and header injection issues. Immediate action advised.. cpp-httplib, Fedora 42, denial ofservice, http headers, security advisory. . Severity: Critical. LinuxSecurity.com Team
Jan 22, 2026
•Critical
Fedora
100
security advisorySuSEDoSSUSE: Important DoS Threat Update for python-tornado6 CVE-2025-67724
An update that solves three vulnerabilities can now be installed.. # Security update for python-tornado6 Announcement ID: SUSE-SU-2026:0010-1 Release Date: 2026-01-05T10:27:06Z Rating: important References: * bsc#1254903 * bsc#1254904 * bsc#1254905 Cross-References: * CVE-2025-67724 * CVE-2025-67725 * CVE-2025-67726 CVSS scores: * CVE-2025-67724 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-67724 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-67724 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-67724 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2025-67725 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-67725 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67725 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67726 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-67726 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67726 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * Python 3 Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSELinux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves three vulnerabilities can now be installed. ## Description: This update for python-tornado6 fixes the following issues: * CVE-2025-67724: unescaped `reason` argument used in HTTP headers and in HTML default error pages can be used by attackers to launch header injection or XSS attacks (bsc#1254903). * CVE-2025-67725: quadratic complexity of string concatenation operations used by the `HTTPHeaders.add` method can lead to DoS when processing a maliciously crafted HTTP request (bsc#1254905). * CVE-2025-67726: quadratic complexity algorithm used in the `_parseparam` function of `httputil.py` can lead to DoS when processing maliciously crafted parameters in a `Content-Disposition` header (bsc#1254904). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-10=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-10=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-10=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-10=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-10=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-10=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patchSUSE-SLE-Product-SLES_SAP-15-SP4-2026-10=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-10=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-10=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-10=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-10=1 * Python 3 Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-10=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-10=1 ## Package List: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * python311-tornado6-6.3.2-150400.9.12.1 * python-tornado6-debugsource-6.3.2-150400.9.12.1 * python311-tornado6-debuginfo-6.3.2-150400.9.12.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * python311-tornado6-6.3.2-150400.9.12.1 * python-tornado6-debugsource-6.3.2-150400.9.12.1 * python311-tornado6-debuginfo-6.3.2-150400.9.12.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * python311-tornado6-6.3.2-150400.9.12.1 * python-tornado6-debugsource-6.3.2-150400.9.12.1 * python311-tornado6-debuginfo-6.3.2-150400.9.12.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * python311-tornado6-6.3.2-150400.9.12.1 * python-tornado6-debugsource-6.3.2-150400.9.12.1 * python311-tornado6-debuginfo-6.3.2-150400.9.12.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * python311-tornado6-6.3.2-150400.9.12.1 * python-tornado6-debugsource-6.3.2-150400.9.12.1 * python311-tornado6-debuginfo-6.3.2-150400.9.12.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * python311-tornado6-6.3.2-150400.9.12.1 *python-tornado6-debugsource-6.3.2-150400.9.12.1 * python311-tornado6-debuginfo-6.3.2-150400.9.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * python311-tornado6-6.3.2-150400.9.12.1 * python-tornado6-debugsource-6.3.2-150400.9.12.1 * python311-tornado6-debuginfo-6.3.2-150400.9.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * python311-tornado6-6.3.2-150400.9.12.1 * python-tornado6-debugsource-6.3.2-150400.9.12.1 * python311-tornado6-debuginfo-6.3.2-150400.9.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * python311-tornado6-6.3.2-150400.9.12.1 * python-tornado6-debugsource-6.3.2-150400.9.12.1 * python311-tornado6-debuginfo-6.3.2-150400.9.12.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * python311-tornado6-6.3.2-150400.9.12.1 * python-tornado6-debugsource-6.3.2-150400.9.12.1 * python311-tornado6-debuginfo-6.3.2-150400.9.12.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * python311-tornado6-6.3.2-150400.9.12.1 * python-tornado6-debugsource-6.3.2-150400.9.12.1 * python311-tornado6-debuginfo-6.3.2-150400.9.12.1 * Python 3 Module 15-SP7 (aarch64 ppc64le s390x x86_64) * python311-tornado6-6.3.2-150400.9.12.1 * python-tornado6-debugsource-6.3.2-150400.9.12.1 * python311-tornado6-debuginfo-6.3.2-150400.9.12.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * python311-tornado6-6.3.2-150400.9.12.1 * python-tornado6-debugsource-6.3.2-150400.9.12.1 * python311-tornado6-debuginfo-6.3.2-150400.9.12.1 ## References: * https://www.suse.com/security/cve/CVE-2025-67724.html * https://www.suse.com/security/cve/CVE-2025-67725.html * https://www.suse.com/security/cve/CVE-2025-67726.html * https://bugzilla.suse.com/show_bug.cgi?id=1254903 * https://bugzilla.suse.com/show_bug.cgi?id=1254904 * https://bugzilla.suse.com/show_bug.cgi?id=1254905 . Importantsecurity update available for python-tornado6 addressing multiple critical issues to enhance stability and security.. python tornado6 security update, SUSE update, important security patch. . Severity: Important. LinuxSecurity.com Team
Jan 05, 2026
•Important
SuSE
87
security advisorydenial of servicedebianDebian 12: DSA-5665-1 critical: tomcat10 request smuggling and dos
Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2023-46589 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5665-1
Apr 17, 2024
•Critical
Debian
197
security advisorysecurity updatedebianDebian LTS: DLA-2133-1 Critical: Tomcat7 HTTP Request Smuggling Risks
Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2019-17569 . Package : tomcat7 Version : 7.0.56-3+really7.0.100-1 CVE ID : CVE-2019-17569 CVE-2020-1935 CVE-2020-1938 Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2019-17569 The refactoring in 7.0.98 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely. CVE-2020-1935 The HTTP header parsing code used an approach to end-of-line (EOL) parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely. CVE-2020-1938 When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. Prior to Tomcat 7.0.100, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. Note that Debian already disabled the AJP connector by default. Mitigation is only required if the AJP port was made accessible to untrusted users. For Debian 8 "Jessie", these problems have been fixed in version 7.0.56-3+really7.0.100-1. We recommend that you upgradeyour tomcat7 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . The recent Tomcat7 patch resolves major security flaws and suggests system upgrades for improved protection on Debian platforms.. Tomcat Update, Debian Security, HTTP Request Smuggling, AJP Connector, Tomcat Security Advisory. . Severity: Critical. LinuxSecurity.com Team
Mar 04, 2020
•Critical
Debian LTS
100
security advisoryhttp headersSUSE Enterprise StorageSUSE: 2018:2299-1 Important: Ceph Security Update and Fixes
An update that solves four vulnerabilities and has two fixes is now available. . SUSE Security Update: Security update for ceph ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2299-1 Rating: important References: #1072512 #1080112 #1081379 #1086340 #1096748 #1099162 Cross-References: CVE-2018-10861 CVE-2018-1128 CVE-2018-1129 CVE-2018-7262 Affected Products: SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that solves four vulnerabilities and has two fixes is now available. Description: This update for ceph fixes the following issues: Security issues fixed: - CVE-2018-10861: Fix ceph-mon authorization on OSD pool ops (bsc#1099162). - CVE-2018-1128: Fix cephx signature check bypass (bsc#1096748). - CVE-2018-1129: Fix cephx protocol vulnerability to replay attack (bsc#1096748). - CVE-2018-7262: Fix malformed http headers that can crash rgw (bsc#1081379). Bug fixes: - bsc#1072512: multipart uploads are broken if the bucket has been resharded - bsc#1080112: rgw: user stats increased after bucket reshard - bsc#1086340: SES5: XFS metadata corruption on rbd-nbd mapped image with journaling feature enabled Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1537=1 Package List: - SUSE Enterprise Storage 4 (aarch64 x86_64): ceph-10.2.11+git.1531487710.3a12911a2e-12.14.2 ceph-base-10.2.11+git.1531487710.3a12911a2e-12.14.2 ceph-base-debuginfo-10.2.11+git.1531487710.3a12911a2e-12.14.2 ceph-common-10.2.11+git.1531487710.3a12911a2e-12.14.2 ceph-common-debuginfo-10.2.11+git.1531487710.3a12911a2e-12.14.2 ceph-debugsource-10.2.11+git.1531487710.3a12911a2e-12.14.2 ceph-fuse-10.2.11+git.1531487710.3a12911a2e-12.14.2 ceph-fuse-debuginfo-10.2.11+git.1531487710.3a12911a2e-12.14.2 ceph-mds-10.2.11+git.1531487710.3a12911a2e-12.14.2 ceph-mds-debuginfo-10.2.11+git.1531487710.3a12911a2e-12.14.2 ceph-mon-10.2.11+git.1531487710.3a12911a2e-12.14.2 ceph-mon-debuginfo-10.2.11+git.1531487710.3a12911a2e-12.14.2 ceph-osd-10.2.11+git.1531487710.3a12911a2e-12.14.2 ceph-osd-debuginfo-10.2.11+git.1531487710.3a12911a2e-12.14.2 ceph-radosgw-10.2.11+git.1531487710.3a12911a2e-12.14.2 ceph-radosgw-debuginfo-10.2.11+git.1531487710.3a12911a2e-12.14.2 ceph-test-10.2.11+git.1531487710.3a12911a2e-12.14.2 ceph-test-debuginfo-10.2.11+git.1531487710.3a12911a2e-12.14.2 ceph-test-debugsource-10.2.11+git.1531487710.3a12911a2e-12.14.2 libcephfs1-10.2.11+git.1531487710.3a12911a2e-12.14.2 libcephfs1-debuginfo-10.2.11+git.1531487710.3a12911a2e-12.14.2 librados2-10.2.11+git.1531487710.3a12911a2e-12.14.2 librados2-debuginfo-10.2.11+git.1531487710.3a12911a2e-12.14.2 libradosstriper1-10.2.11+git.1531487710.3a12911a2e-12.14.2 libradosstriper1-debuginfo-10.2.11+git.1531487710.3a12911a2e-12.14.2 librbd1-10.2.11+git.1531487710.3a12911a2e-12.14.2 librbd1-debuginfo-10.2.11+git.1531487710.3a12911a2e-12.14.2 librgw2-10.2.11+git.1531487710.3a12911a2e-12.14.2 librgw2-debuginfo-10.2.11+git.1531487710.3a12911a2e-12.14.2 python-ceph-compat-10.2.11+git.1531487710.3a12911a2e-12.14.2 python-cephfs-10.2.11+git.1531487710.3a12911a2e-12.14.2 python-cephfs-debuginfo-10.2.11+git.1531487710.3a12911a2e-12.14.2 python-rados-10.2.11+git.1531487710.3a12911a2e-12.14.2 python-rados-debuginfo-10.2.11+git.1531487710.3a12911a2e-12.14.2 python-rbd-10.2.11+git.1531487710.3a12911a2e-12.14.2 python-rbd-debuginfo-10.2.11+git.1531487710.3a12911a2e-12.14.2 rbd-fuse-10.2.11+git.1531487710.3a12911a2e-12.14.2 rbd-fuse-debuginfo-10.2.11+git.1531487710.3a12911a2e-12.14.2 rbd-mirror-10.2.11+git.1531487710.3a12911a2e-12.14.2 rbd-mirror-debuginfo-10.2.11+git.1531487710.3a12911a2e-12.14.2 rbd-nbd-10.2.11+git.1531487710.3a12911a2e-12.14.2 rbd-nbd-debuginfo-10.2.11+git.1531487710.3a12911a2e-12.14.2 References: https://www.suse.com/security/cve/CVE-2018-10861.html https://www.suse.com/security/cve/CVE-2018-1128.html https://www.suse.com/security/cve/CVE-2018-1129.html https://www.suse.com/security/cve/CVE-2018-7262.html https://bugzilla.suse.com/1072512 https://bugzilla.suse.com/1080112 https://bugzilla.suse.com/1081379 https://bugzilla.suse.com/1086340 https://bugzilla.suse.com/1096748 https://bugzilla.suse.com/1099162 . A new update is now released for Ceph, focusing on crucial security vulnerabilities and bug resolutions to improve overall storage performance.. Important Update,SUSE Security,Critical Ceph Issues,Ceph Fixes ,SUSE Enterprise Storage. . Severity: Important. LinuxSecurity.com Team
Aug 10, 2018
•Important
SuSE
202
security advisorysoftware updateDoSopenSUSE Leap 42.3 Security Update: Important Ceph Fixes for DoS
An update that solves two vulnerabilities and has 21 fixes is now available.. openSUSE Security Update: Security update for ceph ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:1470-1 Rating: important References: #1051598 #1054061 #1056125 #1056967 #1059458 #1060904 #1061461 #1063014 #1066182 #1066502 #1067088 #1067119 #1067705 #1070357 #1071386 #1074301 #1079076 #1080788 #1081379 #1081600 #1086340 #1087269 #1087493 Cross-References: CVE-2017-16818 CVE-2018-7262 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that solves two vulnerabilities and has 21 fixes is now available. Description: This update for ceph fixes the following issues: Security issues fixed: - CVE-2018-7262: rgw: malformed http headers can crash rgw (bsc#1081379). - CVE-2017-16818: User reachable asserts allow for DoS (bsc#1063014). Bug fixes: - bsc#1061461: OSDs keep generating coredumps after adding new OSD node to cluster. - bsc#1079076: RGW openssl fixes. - bsc#1067088: Upgrade to SES5 restarted all nodes, majority of OSDs aborts during start. - bsc#1056125: Some OSDs are down when doing performance testing on rbd image in EC Pool. - bsc#1087269: allow_ec_overwrites option not in command options list. - bsc#1051598: Fix mountpoint check for systemctl enable --runtime. - bsc#1070357: Zabbix mgr module doesn't recover from HEALTH_ERR. - bsc#1066502: After upgrading a single OSD from SES 4 to SES 5 the OSDs do not rejoin the cluster. - bsc#1067119: Crushtool decompile creates wrong device entries (device 20 device20) for not existing / deleted OSDs. - bsc#1060904: Loglevel misleading during keystone authentication. - bsc#1056967: Monitors goes down after pool creation on cluster with120 OSDs. - bsc#1067705: Issues with RGW Multi-Site Federation between SES5 and RH Ceph Storage 2. - bsc#1059458: Stopping / restarting rados gateway as part of deepsea stage.4 executions causes core-dump of radosgw. - bsc#1087493: Commvault cannot reconnect to storage after restarting haproxy. - bsc#1066182: Container synchronization between two Ceph clusters failed. - bsc#1081600: Crash in civetweb/RGW. - bsc#1054061: NFS-GANESHA service failing while trying to list mountpoint on client. - bsc#1074301: OSDs keep aborting: SnapMapper failed asserts. - bsc#1086340: XFS metadata corruption on rbd-nbd mapped image with journaling feature enabled. - bsc#1080788: fsid mismatch when creating additional OSDs. - bsc#1071386: Metadata spill onto block.slow. This update was imported from the SUSE:SLE-12-SP3:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-541=1 Package List: - openSUSE Leap 42.3 (x86_64): ceph-12.2.5+git.1524775272.5e7ea8cf03-9.1 ceph-base-12.2.5+git.1524775272.5e7ea8cf03-9.1 ceph-base-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1 ceph-common-12.2.5+git.1524775272.5e7ea8cf03-9.1 ceph-common-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1 ceph-debugsource-12.2.5+git.1524775272.5e7ea8cf03-9.1 ceph-fuse-12.2.5+git.1524775272.5e7ea8cf03-9.1 ceph-fuse-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1 ceph-mds-12.2.5+git.1524775272.5e7ea8cf03-9.1 ceph-mds-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1 ceph-mgr-12.2.5+git.1524775272.5e7ea8cf03-9.1 ceph-mgr-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1 ceph-mon-12.2.5+git.1524775272.5e7ea8cf03-9.1 ceph-mon-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1 ceph-osd-12.2.5+git.1524775272.5e7ea8cf03-9.1 ceph-osd-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1 ceph-radosgw-12.2.5+git.1524775272.5e7ea8cf03-9.1 ceph-radosgw-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1 ceph-resource-agents-12.2.5+git.1524775272.5e7ea8cf03-9.1 ceph-test-12.2.5+git.1524775272.5e7ea8cf03-9.1 ceph-test-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1 ceph-test-debugsource-12.2.5+git.1524775272.5e7ea8cf03-9.1 libcephfs-devel-12.2.5+git.1524775272.5e7ea8cf03-9.1 libcephfs2-12.2.5+git.1524775272.5e7ea8cf03-9.1 libcephfs2-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1 librados-devel-12.2.5+git.1524775272.5e7ea8cf03-9.1 librados-devel-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1 librados2-12.2.5+git.1524775272.5e7ea8cf03-9.1 librados2-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1 libradosstriper-devel-12.2.5+git.1524775272.5e7ea8cf03-9.1 libradosstriper1-12.2.5+git.1524775272.5e7ea8cf03-9.1 libradosstriper1-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1 librbd-devel-12.2.5+git.1524775272.5e7ea8cf03-9.1 librbd1-12.2.5+git.1524775272.5e7ea8cf03-9.1 librbd1-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1 librgw-devel-12.2.5+git.1524775272.5e7ea8cf03-9.1 librgw2-12.2.5+git.1524775272.5e7ea8cf03-9.1 librgw2-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1 python-ceph-compat-12.2.5+git.1524775272.5e7ea8cf03-9.1 python-cephfs-12.2.5+git.1524775272.5e7ea8cf03-9.1 python-cephfs-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1 python-rados-12.2.5+git.1524775272.5e7ea8cf03-9.1 python-rados-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1 python-rbd-12.2.5+git.1524775272.5e7ea8cf03-9.1 python-rbd-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1 python-rgw-12.2.5+git.1524775272.5e7ea8cf03-9.1 python-rgw-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1 python3-ceph-argparse-12.2.5+git.1524775272.5e7ea8cf03-9.1 python3-cephfs-12.2.5+git.1524775272.5e7ea8cf03-9.1 python3-cephfs-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1 python3-rados-12.2.5+git.1524775272.5e7ea8cf03-9.1 python3-rados-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1 python3-rbd-12.2.5+git.1524775272.5e7ea8cf03-9.1 python3-rbd-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1 python3-rgw-12.2.5+git.1524775272.5e7ea8cf03-9.1 python3-rgw-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1 rados-objclass-devel-12.2.5+git.1524775272.5e7ea8cf03-9.1 rbd-fuse-12.2.5+git.1524775272.5e7ea8cf03-9.1 rbd-fuse-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1 rbd-mirror-12.2.5+git.1524775272.5e7ea8cf03-9.1 rbd-mirror-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1 rbd-nbd-12.2.5+git.1524775272.5e7ea8cf03-9.1 rbd-nbd-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-9.1 References: https://www.suse.com/security/cve/CVE-2017-16818.html https://www.suse.com/security/cve/CVE-2018-7262.html https://bugzilla.suse.com/1051598 https://bugzilla.suse.com/1054061 https://bugzilla.suse.com/1056125 https://bugzilla.suse.com/1056967 https://bugzilla.suse.com/1059458 https://bugzilla.suse.com/1060904 https://bugzilla.suse.com/1061461 https://bugzilla.suse.com/1063014 https://bugzilla.suse.com/1066182 https://bugzilla.suse.com/1066502 https://bugzilla.suse.com/1067088 https://bugzilla.suse.com/1067119 https://bugzilla.suse.com/1067705 https://bugzilla.suse.com/1070357 https://bugzilla.suse.com/1071386 https://bugzilla.suse.com/1074301 https://bugzilla.suse.com/1079076 https://bugzilla.suse.com/1080788 https://bugzilla.suse.com/1081379 https://bugzilla.suse.com/1081600 https://bugzilla.suse.com/1086340 https://bugzilla.suse.com/1087269 https://bugzilla.suse.com/1087493 -- . An important upgrade for openSUSE ceph fixes vulnerabilities and introduces several enhancements toboost performance and reliability.. openSUSE Security, Ceph Update, Important Fixes, DoS Vulnerability, HTTP Headers Impact. . Severity: Important. LinuxSecurity.com Team
May 30, 2018
•Important
OpenSUSE
100
security advisoryDoSimportantSUSE: 2018:1417-1 Important: Ceph DoS and Header Crashes
An update that solves two vulnerabilities and has 21 fixes is now available. . SUSE Security Update: Security update for ceph ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1417-1 Rating: important References: #1051598 #1054061 #1056125 #1056967 #1059458 #1060904 #1061461 #1063014 #1066182 #1066502 #1067088 #1067119 #1067705 #1070357 #1071386 #1074301 #1079076 #1080788 #1081379 #1081600 #1086340 #1087269 #1087493 Cross-References: CVE-2017-16818 CVE-2018-7262 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 SUSE CaaS Platform ALL ______________________________________________________________________________ An update that solves two vulnerabilities and has 21 fixes is now available. Description: This update for ceph fixes the following issues: Security issues fixed: - CVE-2018-7262: rgw: malformed http headers can crash rgw (bsc#1081379). - CVE-2017-16818: User reachable asserts allow for DoS (bsc#1063014). Bug fixes: - bsc#1061461: OSDs keep generating coredumps after adding new OSD node to cluster. - bsc#1079076: RGW openssl fixes. - bsc#1067088: Upgrade to SES5 restarted all nodes, majority of OSDs aborts during start. - bsc#1056125: Some OSDs are down when doing performance testing on rbd image in EC Pool. - bsc#1087269: allow_ec_overwrites option not in command options list. - bsc#1051598: Fix mountpoint check for systemctl enable --runtime. - bsc#1070357: Zabbix mgr module doesn't recover from HEALTH_ERR. - bsc#1066502: After upgrading a single OSD from SES 4 to SES 5 the OSDs do not rejoin the cluster. - bsc#1067119: Crushtool decompile creates wrong device entries (device 20 device20) for not existing / deleted OSDs. - bsc#1060904: Loglevel misleading during keystone authentication. - bsc#1056967: Monitors goes down after pool creation on cluster with 120 OSDs. - bsc#1067705: Issues with RGW Multi-Site Federation between SES5 and RH Ceph Storage 2. - bsc#1059458: Stopping / restarting rados gateway as part of deepsea stage.4 executions causes core-dump of radosgw. - bsc#1087493: Commvault cannot reconnect to storage after restarting haproxy. - bsc#1066182: Container synchronization between two Ceph clusters failed. - bsc#1081600: Crash in civetweb/RGW. - bsc#1054061: NFS-GANESHA service failing while trying to list mountpoint on client. - bsc#1074301: OSDs keep aborting: SnapMapper failed asserts. - bsc#1086340: XFS metadata corruption on rbd-nbd mapped image with journaling feature enabled. - bsc#1080788: fsid mismatch when creating additional OSDs. - bsc#1071386: Metadata spill onto block.slow. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-980=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-980=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-980=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ceph-debugsource-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 libcephfs-devel-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 librados-devel-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 librados-devel-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 librbd-devel-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): ceph-common-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 ceph-common-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 ceph-debugsource-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 libcephfs2-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 libcephfs2-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 librados2-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 librados2-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 libradosstriper1-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 libradosstriper1-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 librbd1-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 librbd1-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 librgw2-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 librgw2-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 python-cephfs-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 python-cephfs-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 python-rados-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 python-rados-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 python-rbd-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 python-rbd-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 python-rgw-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 python-rgw-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): ceph-common-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 ceph-common-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 ceph-debugsource-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 libcephfs2-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 libcephfs2-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 librados2-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 librados2-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 libradosstriper1-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 libradosstriper1-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 librbd1-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 librbd1-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 librgw2-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 librgw2-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 python-cephfs-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 python-cephfs-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 python-rados-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 python-rados-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 python-rbd-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 python-rbd-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 python-rgw-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 python-rgw-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 - SUSE CaaS Platform ALL (x86_64): ceph-common-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 ceph-common-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 ceph-debugsource-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 libcephfs2-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 libcephfs2-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 librados2-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 librados2-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 libradosstriper1-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 libradosstriper1-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 librbd1-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 librbd1-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 librgw2-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 librgw2-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 python-cephfs-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 python-cephfs-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 python-rados-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 python-rados-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 python-rbd-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 python-rbd-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 python-rgw-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 python-rgw-debuginfo-12.2.5+git.1524775272.5e7ea8cf03-2.6.3 References: https://www.suse.com/security/cve/CVE-2017-16818.html https://www.suse.com/security/cve/CVE-2018-7262.html https://bugzilla.suse.com/1051598 https://bugzilla.suse.com/1054061 https://bugzilla.suse.com/1056125 https://bugzilla.suse.com/1056967 https://bugzilla.suse.com/1059458 https://bugzilla.suse.com/1060904 https://bugzilla.suse.com/1061461 https://bugzilla.suse.com/1063014 https://bugzilla.suse.com/1066182 https://bugzilla.suse.com/1066502 https://bugzilla.suse.com/1067088 https://bugzilla.suse.com/1067119 https://bugzilla.suse.com/1067705 https://bugzilla.suse.com/1070357 https://bugzilla.suse.com/1071386 https://bugzilla.suse.com/1074301 https://bugzilla.suse.com/1079076 https://bugzilla.suse.com/1080788 https://bugzilla.suse.com/1081379 https://bugzilla.suse.com/1081600 https://bugzilla.suse.com/1086340 https://bugzilla.suse.com/1087269 https://bugzilla.suse.com/1087493 . SUSE Security Update for apache critical advisory: rectifies significant vulnerabilities and enhances overall system performance and safety.. SUSE Security Advisory,Critical Fixes,Ceph Update,Security Issues. . Severity: Important. LinuxSecurity.com Team
May 24, 2018
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!