Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 523
Alerts This Week
Warning Icon 1 523

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 31 articles for you...
100

SUSE nghttp2 Moderate HTTP Smuggling Risk Advisory 2026-2883-1

An update that solves one vulnerability can now be installed.. # Security update for nghttp2 Announcement ID: SUSE-SU-2026:2883-1 Release Date: 2026-07-13T09:54:51Z Rating: moderate References: * bsc#1269489 Cross-References: * CVE-2026-58055 CVSS scores: * CVE-2026-58055 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-58055 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N * CVE-2026-58055 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-58055 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves one vulnerability can now be installed. ## Description: This update for nghttp2 fixes the following issue * CVE-2026-58055: HTTP/1.1 Upgrade request can lead to HTTP request smuggling and cross-client response-queue poisoning (bsc#1269489). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2883=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2883=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2883=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2883=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patchSUSE-SLE-Micro-5.5-2026-2883=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libnghttp2-14-1.40.0-150200.25.1 * nghttp2-debuginfo-1.40.0-150200.25.1 * libnghttp2-14-debuginfo-1.40.0-150200.25.1 * nghttp2-debugsource-1.40.0-150200.25.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libnghttp2-14-1.40.0-150200.25.1 * nghttp2-debuginfo-1.40.0-150200.25.1 * libnghttp2-14-debuginfo-1.40.0-150200.25.1 * nghttp2-debugsource-1.40.0-150200.25.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libnghttp2-14-1.40.0-150200.25.1 * nghttp2-debugsource-1.40.0-150200.25.1 * nghttp2-debuginfo-1.40.0-150200.25.1 * libnghttp2-14-debuginfo-1.40.0-150200.25.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libnghttp2-14-1.40.0-150200.25.1 * nghttp2-debuginfo-1.40.0-150200.25.1 * libnghttp2-14-debuginfo-1.40.0-150200.25.1 * nghttp2-debugsource-1.40.0-150200.25.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libnghttp2-14-1.40.0-150200.25.1 * nghttp2-debuginfo-1.40.0-150200.25.1 * libnghttp2-14-debuginfo-1.40.0-150200.25.1 * nghttp2-debugsource-1.40.0-150200.25.1 ## References: * https://www.suse.com/security/cve/CVE-2026-58055.html * https://bugzilla.suse.com/show_bug.cgi?id=1269489 . A security update has been released for nghttp2 addressing a moderate issue related to HTTP smuggling risks. Install now.. SUSE updates, nghttp2 security, moderate threats, HTTP smuggling, Linux patches. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jul 13, 2026 moderate SuSE
202

openSUSE Leap 16.0 nghttp2 Moderate HTTP Smuggling Fix 2026-21302-1

An update that solves one vulnerability and has one bug fix can now be installed.. openSUSE security update: security update for nghttp2 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21302-1 Rating: moderate References: * bsc#1269489 Cross-References: * CVE-2026-58055 CVSS scores: * CVE-2026-58055 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N * CVE-2026-58055 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves one vulnerability and has one bug fix can now be installed. Description: This update for nghttp2 fixes the following issue - CVE-2026-58055: HTTP request/response smuggling via upgrade request with `Content-Length` (bsc#1269489). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-1213=1 Package List: - openSUSE Leap 16.0: libnghttp2-14-1.64.0-160000.4.1 libnghttp2-devel-1.64.0-160000.4.1 nghttp2-1.64.0-160000.4.1 References: * https://www.suse.com/security/cve/CVE-2026-58055.html . This openSUSE security update addresses a moderate issue in nghttp2 to enhance system protection and stability.. openSUSE update, nghttp2 patch, security alert. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jul 13, 2026 moderate OpenSUSE
202

openSUSE Capnproto Moderate HTTP Smuggling Vulnerability 2026-21062-1

An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.. openSUSE security update: security update for capnproto ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21062-1 Rating: moderate References: * bsc#1259638 * bsc#1259639 Cross-References: * CVE-2026-32239 * CVE-2026-32240 CVSS scores: * CVE-2026-32239 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-32239 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-32240 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-32240 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed. Description: This update for capnproto fixes the following issues: Update to version 1.4.0. Security issues fixed: - CVE-2026-32239: negative `Content-Length` conversion treated as impossibly large length by KJ-HTTP can lead to HTTP smuggling (bsc#1259638). - CVE-2026-32240: integer overflow when KJ-HTTP `Transfer-Encoding` chunk size is parsed to a value of 2^64 or larger can lead to HTTP smuggling (bsc#1259639). Other updates and bugfixes: - Have `stdcoro` use `::std` namespace. - Disable stack check when HWASan is used. - Fix benign buffer overrun in async `readMessage()`. - Shared library naming changes from `libsomething-%{version}.so` to `libsomething.so.%{version}`. Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-1083=1 Package List: - openSUSE Leap 16.0: capnproto-1.4.0-160000.1.1 libcapnp-1_4_0-1.4.0-160000.1.1 libcapnp-devel-1.4.0-160000.1.1 References: * https://www.suse.com/security/cve/CVE-2026-32239.html * https://www.suse.com/security/cve/CVE-2026-32240.html . This update for openSUSE addresses vulnerabilities in capnproto that can lead to HTTP smuggling and includes important bug fixes.. openSUSE security capnproto HTTP issues bug fixes. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jun 30, 2026 moderate OpenSUSE
202

openSUSE libsoup2 Vulnerability Advisory SUSE-SU-2026-0845-4

An update that solves seven vulnerabilities can now be installed.. # Security update for libsoup2 Announcement ID: SUSE-SU-2026:0834-1 Release Date: 2026-03-05T20:00:32Z Rating: important References: * bsc#1240751 * bsc#1257398 * bsc#1257441 * bsc#1257597 * bsc#1258120 * bsc#1258170 * bsc#1258508 Cross-References: * CVE-2025-32049 * CVE-2026-1467 * CVE-2026-1539 * CVE-2026-1760 * CVE-2026-2369 * CVE-2026-2443 * CVE-2026-2708 CVSS scores: * CVE-2025-32049 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-32049 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-32049 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-1467 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N * CVE-2026-1467 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-1467 ( NVD ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N * CVE-2026-1539 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N * CVE-2026-1539 ( SUSE ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N * CVE-2026-1539 ( NVD ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N * CVE-2026-1760 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2026-1760 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L * CVE-2026-1760 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-2369 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-2369 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-2443 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-2443 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-2443 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-2708 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-2708 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves seven vulnerabilities can now be installed. ## Description: This update for libsoup2 fixes the following issues: * CVE-2025-32049: denial of service attack to websocket server (bsc#1240751). * CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests (bsc#1257398). * CVE-2026-1539: proxy authentication credentials leaked via the Proxy- Authorization header when handling HTTP redirects (bsc#1257441). * CVE-2026-1760: improper handling of HTTP requests combining certain headers by SoupServer can lead to HTTP request smuggling and potential DoS (bsc#1257597). * CVE-2026-2369: buffer overread due to integer underflow when handling zero- length resources (bsc#1258120). * CVE-2026-2443: out-of-bounds read when processing specially crafted HTTP Range headers can lead to heap information disclosure to remote attackers (bsc#1258170). * CVE-2026-2708: HTTP requestsmuggling via duplicate Content-Length headers (bsc#1258508). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-834=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-834=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-834=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-834=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-834=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-834=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-834=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-834=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-834=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-834=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-834=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-834=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-834=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-834=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libsoup-2_4-1-2.74.2-150400.3.31.1 * libsoup2-devel-2.74.2-150400.3.31.1 *libsoup-2_4-1-debuginfo-2.74.2-150400.3.31.1 * libsoup2-debugsource-2.74.2-150400.3.31.1 * typelib-1_0-Soup-2_4-2.74.2-150400.3.31.1 * openSUSE Leap 15.4 (x86_64) * libsoup-2_4-1-32bit-2.74.2-150400.3.31.1 * libsoup-2_4-1-32bit-debuginfo-2.74.2-150400.3.31.1 * libsoup2-devel-32bit-2.74.2-150400.3.31.1 * openSUSE Leap 15.4 (noarch) * libsoup2-lang-2.74.2-150400.3.31.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libsoup-2_4-1-64bit-debuginfo-2.74.2-150400.3.31.1 * libsoup-2_4-1-64bit-2.74.2-150400.3.31.1 * libsoup2-devel-64bit-2.74.2-150400.3.31.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libsoup2-debugsource-2.74.2-150400.3.31.1 * libsoup-2_4-1-2.74.2-150400.3.31.1 * libsoup-2_4-1-debuginfo-2.74.2-150400.3.31.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libsoup2-debugsource-2.74.2-150400.3.31.1 * libsoup-2_4-1-2.74.2-150400.3.31.1 * libsoup-2_4-1-debuginfo-2.74.2-150400.3.31.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libsoup2-debugsource-2.74.2-150400.3.31.1 * libsoup-2_4-1-2.74.2-150400.3.31.1 * libsoup-2_4-1-debuginfo-2.74.2-150400.3.31.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libsoup2-debugsource-2.74.2-150400.3.31.1 * libsoup-2_4-1-2.74.2-150400.3.31.1 * libsoup-2_4-1-debuginfo-2.74.2-150400.3.31.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libsoup2-debugsource-2.74.2-150400.3.31.1 * libsoup-2_4-1-2.74.2-150400.3.31.1 * libsoup-2_4-1-debuginfo-2.74.2-150400.3.31.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libsoup-2_4-1-2.74.2-150400.3.31.1 * libsoup2-devel-2.74.2-150400.3.31.1 * libsoup-2_4-1-debuginfo-2.74.2-150400.3.31.1 * libsoup2-debugsource-2.74.2-150400.3.31.1 * typelib-1_0-Soup-2_4-2.74.2-150400.3.31.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) *libsoup2-lang-2.74.2-150400.3.31.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libsoup-2_4-1-2.74.2-150400.3.31.1 * libsoup2-devel-2.74.2-150400.3.31.1 * libsoup-2_4-1-debuginfo-2.74.2-150400.3.31.1 * libsoup2-debugsource-2.74.2-150400.3.31.1 * typelib-1_0-Soup-2_4-2.74.2-150400.3.31.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * libsoup2-lang-2.74.2-150400.3.31.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libsoup-2_4-1-2.74.2-150400.3.31.1 * libsoup2-devel-2.74.2-150400.3.31.1 * libsoup-2_4-1-debuginfo-2.74.2-150400.3.31.1 * libsoup2-debugsource-2.74.2-150400.3.31.1 * typelib-1_0-Soup-2_4-2.74.2-150400.3.31.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * libsoup2-lang-2.74.2-150400.3.31.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libsoup-2_4-1-2.74.2-150400.3.31.1 * libsoup2-devel-2.74.2-150400.3.31.1 * libsoup-2_4-1-debuginfo-2.74.2-150400.3.31.1 * libsoup2-debugsource-2.74.2-150400.3.31.1 * typelib-1_0-Soup-2_4-2.74.2-150400.3.31.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * libsoup2-lang-2.74.2-150400.3.31.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libsoup-2_4-1-2.74.2-150400.3.31.1 * libsoup2-devel-2.74.2-150400.3.31.1 * libsoup-2_4-1-debuginfo-2.74.2-150400.3.31.1 * libsoup2-debugsource-2.74.2-150400.3.31.1 * typelib-1_0-Soup-2_4-2.74.2-150400.3.31.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * libsoup2-lang-2.74.2-150400.3.31.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libsoup-2_4-1-2.74.2-150400.3.31.1 * libsoup2-devel-2.74.2-150400.3.31.1 * libsoup-2_4-1-debuginfo-2.74.2-150400.3.31.1 * libsoup2-debugsource-2.74.2-150400.3.31.1 * typelib-1_0-Soup-2_4-2.74.2-150400.3.31.1 * SUSELinux Enterprise Server 15 SP5 LTSS (noarch) * libsoup2-lang-2.74.2-150400.3.31.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libsoup-2_4-1-2.74.2-150400.3.31.1 * libsoup2-devel-2.74.2-150400.3.31.1 * libsoup-2_4-1-debuginfo-2.74.2-150400.3.31.1 * libsoup2-debugsource-2.74.2-150400.3.31.1 * typelib-1_0-Soup-2_4-2.74.2-150400.3.31.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * libsoup2-lang-2.74.2-150400.3.31.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libsoup-2_4-1-2.74.2-150400.3.31.1 * libsoup2-devel-2.74.2-150400.3.31.1 * libsoup-2_4-1-debuginfo-2.74.2-150400.3.31.1 * libsoup2-debugsource-2.74.2-150400.3.31.1 * typelib-1_0-Soup-2_4-2.74.2-150400.3.31.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * libsoup2-lang-2.74.2-150400.3.31.1 ## References: * https://www.suse.com/security/cve/CVE-2025-32049.html * https://www.suse.com/security/cve/CVE-2026-1467.html * https://www.suse.com/security/cve/CVE-2026-1539.html * https://www.suse.com/security/cve/CVE-2026-1760.html * https://www.suse.com/security/cve/CVE-2026-2369.html * https://www.suse.com/security/cve/CVE-2026-2443.html * https://www.suse.com/security/cve/CVE-2026-2708.html * https://bugzilla.suse.com/show_bug.cgi?id=1240751 * https://bugzilla.suse.com/show_bug.cgi?id=1257398 * https://bugzilla.suse.com/show_bug.cgi?id=1257441 * https://bugzilla.suse.com/show_bug.cgi?id=1257597 * https://bugzilla.suse.com/show_bug.cgi?id=1258120 * https://bugzilla.suse.com/show_bug.cgi?id=1258170 * https://bugzilla.suse.com/show_bug.cgi?id=1258508 . An important update resolves seven security issues in openSUSE libsoup2, with fixes for DoS and HTTP request issues.. Linux Security Update, SUSE Alps, Security Patch, Libsoup2 Improvements. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Mar 06, 2026 Important OpenSUSE
197

Debian 11: Critical HTTP Smuggling Flaw in Python-eventlet DLA-4289-1

CVE-2025-58068 Eventlet is a concurrent networking library for Python. Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable . ------------------------------------------------------------------------- Debian LTS Advisory DLA-4289-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Thomas Goirand September 02, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : python-eventlet Version : 0.26.1-7+deb11u2 CVE ID : CVE-2025-58068 Debian Bug : CVE-2025-58068 Eventlet is a concurrent networking library for Python. Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted attacks against active site users, and poison web caches. For Debian 11 bullseye, this problem has been fixed in version 0.26.1-7+deb11u2. We recommend that you upgrade your python-eventlet packages. For the detailed security status of python-eventlet please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/python-eventlet Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Eventlet in Debian LTS is facing a severe HTTP Request Smuggling vulnerability that demands immediate action and updates to safeguard system integrity.. python-networking, debian-security, eventlet-update, wsgi-parser, security-advisory. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Sep 02, 2025 Critical Debian LTS
202

openSUSE: 15.4, 15.5 major: libsoup2 buffer overflow and smuggling

An update that solves three vulnerabilities can now be installed.. # Security update for libsoup2 Announcement ID: SUSE-SU-2024:4349-1 Release Date: 2024-12-17T08:53:04Z Rating: important References: * bsc#1233285 * bsc#1233287 * bsc#1233292 Cross-References: * CVE-2024-52530 * CVE-2024-52531 * CVE-2024-52532 CVSS scores: * CVE-2024-52530 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2024-52530 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2024-52530 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2024-52531 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2024-52531 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2024-52531 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-52532 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-52532 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-52532 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.5 * SUSE Linux Enterprise Desktop 15 SP4 LTSS * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE LinuxEnterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves three vulnerabilities can now be installed. ## Description: This update for libsoup2 fixes the following issues: * CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names (bsc#1233285) * CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict (bsc#1233292) * CVE-2024-52532: Fixed infinite loop while reading websocket data (bsc#1233287) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-4349=1 * openSUSE Leap Micro 5.5 zypper in -t patch openSUSE-Leap-Micro-5.5-2024-4349=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-4349=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-4349=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-4349=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-4349=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-4349=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-4349=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-4349=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-4349=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-4349=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-4349=1 *SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4349=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-4349=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-4349=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2024-4349=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-4349=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libsoup2-devel-2.74.2-150400.3.3.1 * libsoup-2_4-1-2.74.2-150400.3.3.1 * typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 * libsoup-2_4-1-debuginfo-2.74.2-150400.3.3.1 * libsoup2-debugsource-2.74.2-150400.3.3.1 * openSUSE Leap 15.4 (x86_64) * libsoup2-devel-32bit-2.74.2-150400.3.3.1 * libsoup-2_4-1-32bit-debuginfo-2.74.2-150400.3.3.1 * libsoup-2_4-1-32bit-2.74.2-150400.3.3.1 * openSUSE Leap 15.4 (noarch) * libsoup2-lang-2.74.2-150400.3.3.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libsoup-2_4-1-64bit-2.74.2-150400.3.3.1 * libsoup2-devel-64bit-2.74.2-150400.3.3.1 * libsoup-2_4-1-64bit-debuginfo-2.74.2-150400.3.3.1 * openSUSE Leap Micro 5.5 (aarch64 s390x x86_64) * libsoup-2_4-1-2.74.2-150400.3.3.1 * libsoup-2_4-1-debuginfo-2.74.2-150400.3.3.1 * libsoup2-debugsource-2.74.2-150400.3.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libsoup2-devel-2.74.2-150400.3.3.1 * libsoup-2_4-1-2.74.2-150400.3.3.1 * typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 * libsoup-2_4-1-debuginfo-2.74.2-150400.3.3.1 * libsoup2-debugsource-2.74.2-150400.3.3.1 * openSUSE Leap 15.5 (x86_64) * libsoup2-devel-32bit-2.74.2-150400.3.3.1 * libsoup-2_4-1-32bit-debuginfo-2.74.2-150400.3.3.1 * libsoup-2_4-1-32bit-2.74.2-150400.3.3.1 * openSUSE Leap 15.5 (noarch) *libsoup2-lang-2.74.2-150400.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libsoup-2_4-1-2.74.2-150400.3.3.1 * libsoup-2_4-1-debuginfo-2.74.2-150400.3.3.1 * libsoup2-debugsource-2.74.2-150400.3.3.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libsoup-2_4-1-2.74.2-150400.3.3.1 * libsoup-2_4-1-debuginfo-2.74.2-150400.3.3.1 * libsoup2-debugsource-2.74.2-150400.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libsoup-2_4-1-2.74.2-150400.3.3.1 * libsoup-2_4-1-debuginfo-2.74.2-150400.3.3.1 * libsoup2-debugsource-2.74.2-150400.3.3.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libsoup-2_4-1-2.74.2-150400.3.3.1 * libsoup-2_4-1-debuginfo-2.74.2-150400.3.3.1 * libsoup2-debugsource-2.74.2-150400.3.3.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libsoup-2_4-1-2.74.2-150400.3.3.1 * libsoup-2_4-1-debuginfo-2.74.2-150400.3.3.1 * libsoup2-debugsource-2.74.2-150400.3.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libsoup2-devel-2.74.2-150400.3.3.1 * libsoup-2_4-1-2.74.2-150400.3.3.1 * typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 * libsoup-2_4-1-debuginfo-2.74.2-150400.3.3.1 * libsoup2-debugsource-2.74.2-150400.3.3.1 * Basesystem Module 15-SP5 (noarch) * libsoup2-lang-2.74.2-150400.3.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libsoup2-devel-2.74.2-150400.3.3.1 * libsoup-2_4-1-2.74.2-150400.3.3.1 * typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 * libsoup-2_4-1-debuginfo-2.74.2-150400.3.3.1 * libsoup2-debugsource-2.74.2-150400.3.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * libsoup2-lang-2.74.2-150400.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libsoup2-devel-2.74.2-150400.3.3.1 * libsoup-2_4-1-2.74.2-150400.3.3.1 *typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 * libsoup-2_4-1-debuginfo-2.74.2-150400.3.3.1 * libsoup2-debugsource-2.74.2-150400.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * libsoup2-lang-2.74.2-150400.3.3.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS (x86_64) * libsoup2-devel-2.74.2-150400.3.3.1 * libsoup-2_4-1-2.74.2-150400.3.3.1 * typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 * libsoup-2_4-1-debuginfo-2.74.2-150400.3.3.1 * libsoup2-debugsource-2.74.2-150400.3.3.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS (noarch) * libsoup2-lang-2.74.2-150400.3.3.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libsoup2-devel-2.74.2-150400.3.3.1 * libsoup-2_4-1-2.74.2-150400.3.3.1 * typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 * libsoup-2_4-1-debuginfo-2.74.2-150400.3.3.1 * libsoup2-debugsource-2.74.2-150400.3.3.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * libsoup2-lang-2.74.2-150400.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libsoup2-devel-2.74.2-150400.3.3.1 * libsoup-2_4-1-2.74.2-150400.3.3.1 * typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 * libsoup-2_4-1-debuginfo-2.74.2-150400.3.3.1 * libsoup2-debugsource-2.74.2-150400.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * libsoup2-lang-2.74.2-150400.3.3.1 * SUSE Manager Proxy 4.3 (x86_64) * libsoup2-devel-2.74.2-150400.3.3.1 * libsoup-2_4-1-2.74.2-150400.3.3.1 * typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 * libsoup-2_4-1-debuginfo-2.74.2-150400.3.3.1 * libsoup2-debugsource-2.74.2-150400.3.3.1 * SUSE Manager Proxy 4.3 (noarch) * libsoup2-lang-2.74.2-150400.3.3.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * libsoup2-devel-2.74.2-150400.3.3.1 * libsoup-2_4-1-2.74.2-150400.3.3.1 * typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 * libsoup-2_4-1-debuginfo-2.74.2-150400.3.3.1 *libsoup2-debugsource-2.74.2-150400.3.3.1 * SUSE Manager Retail Branch Server 4.3 (noarch) * libsoup2-lang-2.74.2-150400.3.3.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * libsoup2-devel-2.74.2-150400.3.3.1 * libsoup-2_4-1-2.74.2-150400.3.3.1 * typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 * libsoup-2_4-1-debuginfo-2.74.2-150400.3.3.1 * libsoup2-debugsource-2.74.2-150400.3.3.1 * SUSE Manager Server 4.3 (noarch) * libsoup2-lang-2.74.2-150400.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-52530.html * https://www.suse.com/security/cve/CVE-2024-52531.html * https://www.suse.com/security/cve/CVE-2024-52532.html * https://bugzilla.suse.com/show_bug.cgi?id=1233285 * https://bugzilla.suse.com/show_bug.cgi?id=1233287 * https://bugzilla.suse.com/show_bug.cgi?id=1233292 . Important patch release for libsoup2 resolves major security vulnerabilities. Apply updates promptly to protect affected installations.. libsoup2 Security Update, SUSE Linux Security, Vulnerability Fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Dec 17, 2024 Important OpenSUSE
100

SUSE 15-SP6: 2024:4290-1 important: libsoup critical issues

* bsc#1233285 * bsc#1233287 * bsc#1233292 Cross-References: . # Security update for libsoup2 Announcement ID: SUSE-SU-2024:4290-1 Release Date: 2024-12-11T11:10:48Z Rating: important References: * bsc#1233285 * bsc#1233287 * bsc#1233292 Cross-References: * CVE-2024-52530 * CVE-2024-52531 * CVE-2024-52532 CVSS scores: * CVE-2024-52530 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2024-52530 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2024-52530 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2024-52531 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2024-52531 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2024-52531 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-52532 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-52532 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-52532 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves three vulnerabilities can now be installed. ## Description: This update for libsoup2 fixes the following issues: * CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names (bsc#1233285) * CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict (bsc#1233292) * CVE-2024-52532: Fixed infinite loop while reading websocket data (bsc#1233287) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the commandlisted for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-4290=1 openSUSE-SLE-15.6-2024-4290=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-4290=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libsoup-2_4-1-debuginfo-2.74.3-150600.4.3.1 * libsoup-2_4-1-2.74.3-150600.4.3.1 * typelib-1_0-Soup-2_4-2.74.3-150600.4.3.1 * libsoup2-debugsource-2.74.3-150600.4.3.1 * libsoup2-devel-2.74.3-150600.4.3.1 * openSUSE Leap 15.6 (x86_64) * libsoup2-devel-32bit-2.74.3-150600.4.3.1 * libsoup-2_4-1-32bit-debuginfo-2.74.3-150600.4.3.1 * libsoup-2_4-1-32bit-2.74.3-150600.4.3.1 * openSUSE Leap 15.6 (noarch) * libsoup2-lang-2.74.3-150600.4.3.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libsoup-2_4-1-64bit-2.74.3-150600.4.3.1 * libsoup-2_4-1-64bit-debuginfo-2.74.3-150600.4.3.1 * libsoup2-devel-64bit-2.74.3-150600.4.3.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libsoup-2_4-1-debuginfo-2.74.3-150600.4.3.1 * libsoup-2_4-1-2.74.3-150600.4.3.1 * typelib-1_0-Soup-2_4-2.74.3-150600.4.3.1 * libsoup2-debugsource-2.74.3-150600.4.3.1 * libsoup2-devel-2.74.3-150600.4.3.1 * Basesystem Module 15-SP6 (noarch) * libsoup2-lang-2.74.3-150600.4.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-52530.html * https://www.suse.com/security/cve/CVE-2024-52531.html * https://www.suse.com/security/cve/CVE-2024-52532.html * https://bugzilla.suse.com/show_bug.cgi?id=1233285 * https://bugzilla.suse.com/show_bug.cgi?id=1233287 * https://bugzilla.suse.com/show_bug.cgi?id=1233292 . Significant news for libsoup2 tackling severe vulnerabilities such as memory leaks and request splitting. Upgrade today!. libsoup2 update, SUSE security advisory, buffer overflow fixes. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Dec 11, 2024 Important SuSE
89

Fedora 38: 2024-0ddda4c691 Critical: Python Aiohttp Http Smuggling

Security update for CVE-2024-23334 and CVE-2024-23829 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.2 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.3. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-0ddda4c691 2024-02-09 01:50:00.832021 -------------------------------------------------------------------------------- Name : python-aiohttp Product : Fedora 38 Version : 3.9.3 Release : 1.fc38 URL : https://github.com/aio-libs/aiohttp Summary : Python HTTP client/server for asyncio Description : Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing. -------------------------------------------------------------------------------- Update Information: Security update for CVE-2024-23334 and CVE-2024-23829 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.2 https://github.com/aio-libs/aiohttp/releases/tag/v3.9.3 -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 30 2024 Benjamin A. Beasley - 3.9.3-1 - Update to 3.9.3, security update for CVE-2024-23334 and CVE-2024-23829 (fix RHBZ#2261891, fix RHBZ#2261910) * Tue Jan 30 2024 Benjamin A. Beasley - 3.9.1-4 - Skip a couple of spurious or insignificant test failures (close RHBZ#2261544) * Fri Jan 26 2024 Fedora Release Engineering - 3.9.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sun Jan 21 2024 Fedora Release Engineering - 3.9.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2261887 - CVE-2024-23334 aiohttp: follow_symlinks directory traversal vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=2261887 [ 2 ] Bug #2261909 - CVE-2024-23829python-aiohttp: http request smuggling https://bugzilla.redhat.com/show_bug.cgi?id=2261909 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-0ddda4c691' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . A recent patch for python-aiohttp on Fedora tackles significant vulnerabilities, enhancing both the system's security posture and overall stability.. Fedora Security, Aiohttp Update, Python HTTP Client. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Feb 09, 2024 Critical Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200