Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
219
security advisorybug fiximportantRocky Linux 8 microcode_ctl Important Microcode Bug Fix RLEA-2025-3114
Important:microcode_ctl bug fix and enhancement update. {"type": "TYPE_ENHANCEMENT", "shortCode": "RL", "name": "RLEA-2025:3114", "synopsis": "Important:microcode_ctl bug fix and enhancement update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for microcode_ctl.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The microcode_ctl packages provide microcode updates for Intel and AMD processors.\n\nBug Fix(es) and Enhancement(s):\n\n* [Rocky Linux 8] Update Intel CPU microcode to the latest version (JIRA:Rocky Linux-67344)\n\n* microcode_ctl: Improper input validation in UEFI firmware CseVariableStorageSmm [rhel-8.10.z] (JIRA:Rocky Linux-79195)\n\n* microcode_ctl: Improper input validation in UEFI firmware [rhel-8.10.z] (JIRA:Rocky Linux-79197)\n\n* microcode_ctl: Improper input validation in UEFI firmware [rhel-8.10.z] (JIRA:Rocky Linux-79198)\n\n* microcode_ctl: Improper input validation in XmlCli feature for UEFI firmware [rhel-8.10.z] (JIRA:Rocky Linux-79213)\n\n* microcode_ctl: Improper input validation in UEFI firmware [rhel-8.10.z] (JIRA:Rocky Linux-79216)", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2345359", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2345359", "description": ""}, {"ticket": "2345363", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2345363", "description": ""}, {"ticket": "2345365", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2345365", "description": ""}, {"ticket": "2345367", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2345367", "description": ""}, {"ticket": "2345370", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2345370", "description": ""}, {"ticket": "2345376", "sourceBy": "Red Hat","sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2345376", "description": ""}, {"ticket": "2345381", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2345381", "description": ""}, {"ticket": "2345401", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2345401", "description": ""}, {"ticket": "2345416", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2345416", "description": ""}, {"ticket": "2345421", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2345421", "description": ""}], "cves": [{"name": "CVE-2023-34440", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2023-34440", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-20"}, {"name": "CVE-2023-43758", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2023-43758", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "cvss3BaseScore": "8.2", "cwe": "CWE-20"}, {"name": "CVE-2024-24582", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-24582", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-20"}, {"name": "CVE-2024-28047", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-28047", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", "cvss3BaseScore": "5.3", "cwe": "CWE-20"}, {"name": "CVE-2024-28127", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-28127", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-20"}, {"name": "CVE-2024-29214", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-29214", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-20"}, {"name": "CVE-2024-31068", "sourceBy": "MITRE","sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-31068", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H", "cvss3BaseScore": "5.3", "cwe": "CWE-1245"}, {"name": "CVE-2024-31157", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-31157", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", "cvss3BaseScore": "5.3", "cwe": "CWE-665"}, {"name": "CVE-2024-36293", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-36293", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "cvss3BaseScore": "6.5", "cwe": "CWE-284"}, {"name": "CVE-2024-39279", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-39279", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "cvss3BaseScore": "6.5", "cwe": "CWE-1220"}], "references": [], "publishedAt": "2026-02-26T20:42:51.166824Z", "rpms": {"Rocky Linux 8": {"nvras": ["microcode_ctl-4:20250211-1.el8_10.src.rpm", "microcode_ctl-4:20250211-1.el8_10.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Update for microcode_ctl in Rocky Linux improves security and fixes important bugs affecting CPU microcode functionality.. microcode_ctl update, rocky linux enhancements, cpu microcode issues, important security update. . Severity: Important. LinuxSecurity.com Team
Feb 26, 2026
•Important
Rocky Linux
89
security advisoryfedoracriticalFedora 41: Critical Input Validation Vulnerability in guacamole-server
Apache Guacamole 1.6.0 User interface / platform Add the ability to specify separate permissions for \u201cHistory\u201d and \u201cActive sessions\u201d tabs (GUACAMOLE-538) Support batch import of connections from CSV (GUACAMOLE-926) . -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-c597fcda32 2025-07-04 01:07:02.316591+00:00 -------------------------------------------------------------------------------- Name : guacamole-server Product : Fedora 41 Version : 1.6.0 Release : 1.fc41 URL : https://guacamole.apache.org/ Summary : Server-side native components that form the Guacamole proxy Description : Guacamole is an HTML5 remote desktop gateway. Guacamole provides access to desktop environments using remote desktop protocols like VNC and RDP. A centralized server acts as a tunnel and proxy, allowing access to multiple desktops through a web browser. No browser plugins are needed, and no client software needs to be installed. The client requires nothing more than a web browser supporting HTML5 and AJAX. The main web application is provided by the "guacamole-client" package. -------------------------------------------------------------------------------- Update Information: Apache Guacamole 1.6.0 User interface / platform Add the ability to specify separate permissions for \u201cHistory\u201d and \u201cActive sessions\u201d tabs (GUACAMOLE-538) Support batch import of connections from CSV (GUACAMOLE-926) Add parameter token for connection name (GUACAMOLE-1177) Provide audit log for system modifications (GUACAMOLE-1224) Configurable username case sensitivity (GUACAMOLE-1239) Provide chunked file upload mechanism (GUACAMOLE-1320) Display whether user groups are disabled in group list (GUACAMOLE-1479) Support for true fullscreen mode and keyboard lock (GUACAMOLE-1525) Allow branding/customization of the section headers on the user home page (GUACAMOLE-1584) Addsupport for specifying VNC \u201cencodings\u201d parameter in webapp UI (GUACAMOLE-1642) Automatically clear view if session expires in background (GUACAMOLE-1744) Base64 encoding of image/binary data results in excessive syscalls that can degrade performance (GUACAMOLE-1776) Update session recording playback progress during large frame gaps (GUACAMOLE-1803) Enable viewing / searching of key events in session recording playback (GUACAMOLE-1820) Improvements to the \u201cRecent connections\u201d section (GUACAMOLE-1866) History Recording Player should indicate points of interest (GUACAMOLE-1876) Enhance client custom field functionality (GUACAMOLE-1904) Provide notification, jump-to-top of page for a clone operation (GUACAMOLE-1916) Bug: Logging of request details fails with recent Tomcat (GUACAMOLE-2052) Authentication, integration, and storage Ensure GUAC_DATE/GUAC_TIME tokens match connection startDate (GUACAMOLE-61) Add Proxy Hostname and Port to LDAP Extension (GUACAMOLE-577) Add webapp support for smart card authentication (GUACAMOLE-839) Enforce rate limit on authentication attempts (GUACAMOLE-990) Broadly configurable time limits for user logins and connection usage (GUACAMOLE-1020) Randomize generation of TOTP key until enrollment is confirmed (GUACAMOLE-1068) Allow TOTP to be disabled by group membership (GUACAMOLE-1219) Update guacamole-auth-duo to \u201cDuo Web v4 SDK\u201d (GUACAMOLE-1289) SAML module should be able to encrypt and sign requests (GUACAMOLE-1372) Allow LDAP extension to configure TLS level (GUACAMOLE-1488) Clarify TOTP reset/status logic (GUACAMOLE-1550) Allow JDBC Auth Extensions to track history for external connections (GUACAMOLE-1616) Allow extraction of \u201cdomain\u201d token from vault extensions (GUACAMOLE-1623) Enable more granular vault associations (GUACAMOLE-1629) Allow use of KSM one-time tokens in guacamole-vault-ksm extension (GUACAMOLE-1643) Allow per-user KSM Vault configurations (GUACAMOLE-1656) KSM vault extension should allowsearching records by domain (GUACAMOLE-1661) Allow user to configure Keeper Secrets Manager call frequency (GUACAMOLE-1722) Enforce user access windows even when already logged in (GUACAMOLE-1723) Add SSO providers list to UI at most once (GUACAMOLE-1757) Allow TOTP and SAML auth to be used together (GUACAMOLE-1780) Bug: KSM Vault extension doesn\u2019t support private key from \u201cPAM User\u201d record type (GUACAMOLE-1795) Map JWT claims from OpenID Connect as parameter tokens (GUACAMOLE-1844) Allow MFA to be bypassed or enforced based on client IP (GUACAMOLE-1855) Add parameter token for domain of LDAP user (GUACAMOLE-1881) Disable autofill on TOTP verification code field (GUACAMOLE-1946) Provide a comprehensive error message for input exceeding database column (GUACAMOLE-1948) Protocol support / guacd Allow selection of whole words by double-clicking (GUACAMOLE-192) Improve efficiency of streaming complex/large changes (Graphics Pipeline Extension, RemoteFX) (GUACAMOLE-377) Allow specifying connection timeout (GUACAMOLE-600) Add support for FreeRDP 3.0.0 (GUACAMOLE-1026) Bug: Connecting to unpublished RemoteApp results in black screen (GUACAMOLE-1084) Bug: Add support for right modifier keys to SSH/Telnet (GUACAMOLE-1113) Add auto resize to VNC sessions (GUACAMOLE-1196) RemoteApp windows become inaccessible after being minimized (GUACAMOLE-1231) Bug: Lines of file gets broken when navigating back and forth using a text editor (GUACAMOLE-1256) Add option to the vnc protocol to disable remote input (GUACAMOLE-1267) Add support for SSH certificates (GUACAMOLE-1290) Add parameter for specifying known RDP server certificate/fingerprint (GUACAMOLE-1332) Bug: \u201cAltGr\u201d received as \u201cAlt\u201d if remote keyboard layout lacks \u201cAltGr\u201d (GUACAMOLE-1473) Bug: Terminal emulator adds newlines when copying a wrapped line of text (GUACAMOLE-1586) Add small margins to SSH sessions (GUACAMOLE-1622) Bug: Text copied from terminal emulator may incorrectly omitindentation (GUACAMOLE-1632) Add terminal support for alternate screen buffer (GUACAMOLE-1633) Bug: SFTP+VNC broken when built with OpenSSL versions > = 1.1.0 (GUACAMOLE-1652) Clipboard normalization support for SSH connections (GUACAMOLE-1682) Test machine availability when sending Wake-on-LAN packet (GUACAMOLE-1686) Bug: Japanese characters display garbled in terminal when using guacd docker image (GUACAMOLE-1726) Add parameters for VNC compression and quality levels (GUACAMOLE-1760) Terminal protocols should support mac-style cmd+v paste shortcut (GUACAMOLE-1804) Ignore Ctrl+Shift+C within terminal emulator (GUACAMOLE-1805) Allow writing recordings to existing files (GUACAMOLE-1931) Bug: RDP connection fails when microphone input is enabled (GUACAMOLE-1940) Bug: Selected text in SSH is offset from cursor position (GUACAMOLE-1944) Bug: Multiple wheel events per mouse wheel tick (GUACAMOLE-1967) Bug: FreeRDP may invoke EndPaint without BeginPaint as of 3.8.0 (GUACAMOLE-1997) Internationalization Bug: Japanese keyboard layout for RDP incorrect (GUACAMOLE-520) Add support for Canadian french keyboard layout (GUACAMOLE-1312) Update French translations (GUACAMOLE-1611) Fix some typos in italian translation and improve it (GUACAMOLE-1612) Updated czech translation (GUACAMOLE-1664) Updated german translation (GUACAMOLE-1692) Add Czech keyboard layout (GUACAMOLE-1708) Polish translation (GUACAMOLE-1730) Updated czech translation (GUACAMOLE-1758) Add Romanian keymap to RDP protocol (GUACAMOLE-1770) Add Portuguese keymap to RDP protocol (GUACAMOLE-1771) Update the Simplified Chinese translation (GUACAMOLE-1778) Update the Simplified Chinese translation for totp auth extension (GUACAMOLE-1781) Updated czech translation (GUACAMOLE-1792) Bug: Mac Firefox repeats composed characters (GUACAMOLE-1810) Documentation Add missing WEBAPP_CONTEXT variable in docker setup documentation (GUACAMOLE-1680) Document RemoteIPValve to cover IPv4 and IPv6 (GUACAMOLE-1861) General housekeeping andcleanup Provide GuacamoleProperty List Implementations (GUACAMOLE-1006) Expose client state enum values (GUACAMOLE-1402) Guacamole manual: Makefile: find uses non-POSIX arguments (GUACAMOLE-1501) Bug: Phantomjs build issues on ubuntu 22.04 (GUACAMOLE-1614) Remove usage of AccessController (GUACAMOLE-1716) Bug: Correct autoconf issues that result in odd build results (GUACAMOLE-1719) Stop storing unnecessary auth response data in local storage (GUACAMOLE-1721) Bug: Projects outside scope of 1.5.0 fail to build following merge of version number bump (GUACAMOLE-1731) Bug: Projects outside scope of 1.5.1 fail to build following merge of version number bump (GUACAMOLE-1767) Bug: SQLSERVER_BATCH_SIZE defined twice in SQLServerGuacamoleProperties (GUACAMOLE-1789) Bug: Projects outside scope of 1.5.2 fail to build following merge of version number bump (GUACAMOLE-1790) Bug: Projects outside scope of 1.5.3 fail to build following merge of version number bump (GUACAMOLE-1829) Bug: Merge conflict markers left in guacamole-manual source (GUACAMOLE-1833) KSM Vault extension should support new PAM Hostname field type (GUACAMOLE-1868) Align libraries on \u201cLibrary status\u201d output (GUACAMOLE-1869) Check return values of WebP API functions (GUACAMOLE-1875) Bug: Projects outside scope of 1.5.4 fail to build following merge of version number bump (GUACAMOLE-1887) Bump versions for projects outside the 1.5.5 scope (GUACAMOLE-1915) Add support for FFmpeg 7.0 (GUACAMOLE-1952) Update dependencies to latest stable and compatible versions (GUACAMOLE-1956) Bump versions to 1.6.0 (GUACAMOLE-1980) Bug: Compile error in src/protocols/rdp/channels/rail.c (GUACAMOLE-1982) Upgrade KSM SDK to latest (v16.6.5) (GUACAMOLE-1984) -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 24 2025 Robert Scheck - 1.6.0-1 - Update to 1.6.0 (#2363860, thanks to W. Michael Petullo) - Add upstream patch for src/libguac/wol.c to fix inet_pton being called with adestination buffer size too small (GUACAMOLE-2087) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2375882 - CVE-2024-35164 guacamole: Apache Guacamole improper input validation https://bugzilla.redhat.com/show_bug.cgi?id=2375882 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-c597fcda32' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . The latest guacamole-server update in Fedora 41 brings essential security improvements aimed at input validation flaws, urging prompt upgrades for better attack defense. guacamole-server, fedora update, input validation, security advisory, critical issues. . Severity: Critical. LinuxSecurity.com Team
Jul 04, 2025
•Critical
Fedora
100
security advisorybuffer overflowimportantSUSE 2024:3358-1 critical: ffmpeg-4 buffer overflow and security issues
* bsc#1226892 * bsc#1226897 * bsc#1226898 * bsc#1226899 * bsc#1226900 . # Security update for ffmpeg-4 Announcement ID: SUSE-SU-2024:3358-1 Rating: important References: * bsc#1226892 * bsc#1226897 * bsc#1226898 * bsc#1226899 * bsc#1226900 * bsc#1226901 * bsc#1229026 * jsc#PED-10024 Cross-References: * CVE-2023-22656 * CVE-2023-45221 * CVE-2023-47169 * CVE-2023-47282 * CVE-2023-48368 * CVE-2024-7055 CVSS scores: * CVE-2023-22656 ( SUSE ): 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N * CVE-2023-45221 ( SUSE ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2023-47169 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-47282 ( SUSE ): 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L * CVE-2023-48368 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H * CVE-2024-7055 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Package Hub 15 15-SP5 An update that solves six vulnerabilities, contains one feature and has one security fix can now be installed. ## Description: This update for ffmpeg-4 fixes the following issues: * Dropped support for libmfx to fix the following CVEs: * libmfx: improper inputvalidation (CVE-2023-48368, bsc#1226897) * libmfx: improper buffer restrictions (CVE-2023-45221, bsc#1226898) * libmfx: out-of-bounds read (CVE-2023-22656, bsc#1226899) * libmfx: out-of-bounds write (CVE-2023-47282, bsc#1226900) * libmfx: improper buffer restrictions (CVE-2023-47169, bsc#1226901) * CVE-2024-7055: heap-based buffer overflow in pnmdec.c from the libavcodec library. (bsc#1229026) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-3358=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3358=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-3358=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-3358=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-3358=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-3358=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3358=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-3358=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2024-3358=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libavformat58_76-4.4-150400.3.42.1 * ffmpeg-4-libswscale-devel-4.4-150400.3.42.1 * libavdevice58_13-4.4-150400.3.42.1 * libavutil56_70-debuginfo-4.4-150400.3.42.1 * libpostproc55_9-debuginfo-4.4-150400.3.42.1 * ffmpeg-4-private-devel-4.4-150400.3.42.1 *libavformat58_76-debuginfo-4.4-150400.3.42.1 * libavfilter7_110-4.4-150400.3.42.1 * ffmpeg-4-4.4-150400.3.42.1 * ffmpeg-4-debuginfo-4.4-150400.3.42.1 * libswscale5_9-4.4-150400.3.42.1 * libavcodec58_134-4.4-150400.3.42.1 * libswscale5_9-debuginfo-4.4-150400.3.42.1 * ffmpeg-4-debugsource-4.4-150400.3.42.1 * ffmpeg-4-libavfilter-devel-4.4-150400.3.42.1 * ffmpeg-4-libavcodec-devel-4.4-150400.3.42.1 * libavutil56_70-4.4-150400.3.42.1 * ffmpeg-4-libavformat-devel-4.4-150400.3.42.1 * libavdevice58_13-debuginfo-4.4-150400.3.42.1 * ffmpeg-4-libswresample-devel-4.4-150400.3.42.1 * ffmpeg-4-libpostproc-devel-4.4-150400.3.42.1 * libavcodec58_134-debuginfo-4.4-150400.3.42.1 * libavresample4_0-4.4-150400.3.42.1 * libswresample3_9-4.4-150400.3.42.1 * ffmpeg-4-libavutil-devel-4.4-150400.3.42.1 * ffmpeg-4-libavresample-devel-4.4-150400.3.42.1 * libavfilter7_110-debuginfo-4.4-150400.3.42.1 * libpostproc55_9-4.4-150400.3.42.1 * ffmpeg-4-libavdevice-devel-4.4-150400.3.42.1 * libswresample3_9-debuginfo-4.4-150400.3.42.1 * libavresample4_0-debuginfo-4.4-150400.3.42.1 * openSUSE Leap 15.4 (x86_64) * libavresample4_0-32bit-4.4-150400.3.42.1 * libswresample3_9-32bit-4.4-150400.3.42.1 * libavfilter7_110-32bit-debuginfo-4.4-150400.3.42.1 * libavformat58_76-32bit-4.4-150400.3.42.1 * libpostproc55_9-32bit-4.4-150400.3.42.1 * libswresample3_9-32bit-debuginfo-4.4-150400.3.42.1 * libpostproc55_9-32bit-debuginfo-4.4-150400.3.42.1 * libswscale5_9-32bit-4.4-150400.3.42.1 * libswscale5_9-32bit-debuginfo-4.4-150400.3.42.1 * libavresample4_0-32bit-debuginfo-4.4-150400.3.42.1 * libavutil56_70-32bit-debuginfo-4.4-150400.3.42.1 * libavformat58_76-32bit-debuginfo-4.4-150400.3.42.1 * libavutil56_70-32bit-4.4-150400.3.42.1 * libavdevice58_13-32bit-debuginfo-4.4-150400.3.42.1 * libavdevice58_13-32bit-4.4-150400.3.42.1 * libavfilter7_110-32bit-4.4-150400.3.42.1 *libavcodec58_134-32bit-debuginfo-4.4-150400.3.42.1 * libavcodec58_134-32bit-4.4-150400.3.42.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libswresample3_9-64bit-4.4-150400.3.42.1 * libswscale5_9-64bit-debuginfo-4.4-150400.3.42.1 * libavdevice58_13-64bit-debuginfo-4.4-150400.3.42.1 * libavutil56_70-64bit-debuginfo-4.4-150400.3.42.1 * libavdevice58_13-64bit-4.4-150400.3.42.1 * libavfilter7_110-64bit-4.4-150400.3.42.1 * libavfilter7_110-64bit-debuginfo-4.4-150400.3.42.1 * libavcodec58_134-64bit-debuginfo-4.4-150400.3.42.1 * libpostproc55_9-64bit-4.4-150400.3.42.1 * libavcodec58_134-64bit-4.4-150400.3.42.1 * libpostproc55_9-64bit-debuginfo-4.4-150400.3.42.1 * libavresample4_0-64bit-debuginfo-4.4-150400.3.42.1 * libswresample3_9-64bit-debuginfo-4.4-150400.3.42.1 * libavformat58_76-64bit-4.4-150400.3.42.1 * libavformat58_76-64bit-debuginfo-4.4-150400.3.42.1 * libswscale5_9-64bit-4.4-150400.3.42.1 * libavresample4_0-64bit-4.4-150400.3.42.1 * libavutil56_70-64bit-4.4-150400.3.42.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libavformat58_76-4.4-150400.3.42.1 * ffmpeg-4-libswscale-devel-4.4-150400.3.42.1 * libavdevice58_13-4.4-150400.3.42.1 * libavutil56_70-debuginfo-4.4-150400.3.42.1 * libpostproc55_9-debuginfo-4.4-150400.3.42.1 * ffmpeg-4-private-devel-4.4-150400.3.42.1 * libavformat58_76-debuginfo-4.4-150400.3.42.1 * libavfilter7_110-4.4-150400.3.42.1 * ffmpeg-4-4.4-150400.3.42.1 * ffmpeg-4-debuginfo-4.4-150400.3.42.1 * libswscale5_9-4.4-150400.3.42.1 * libavcodec58_134-4.4-150400.3.42.1 * libswscale5_9-debuginfo-4.4-150400.3.42.1 * ffmpeg-4-debugsource-4.4-150400.3.42.1 * ffmpeg-4-libavfilter-devel-4.4-150400.3.42.1 * ffmpeg-4-libavcodec-devel-4.4-150400.3.42.1 * libavutil56_70-4.4-150400.3.42.1 * ffmpeg-4-libavformat-devel-4.4-150400.3.42.1 * libavdevice58_13-debuginfo-4.4-150400.3.42.1 * ffmpeg-4-libswresample-devel-4.4-150400.3.42.1 *ffmpeg-4-libpostproc-devel-4.4-150400.3.42.1 * libavcodec58_134-debuginfo-4.4-150400.3.42.1 * libavresample4_0-4.4-150400.3.42.1 * libswresample3_9-4.4-150400.3.42.1 * ffmpeg-4-libavutil-devel-4.4-150400.3.42.1 * ffmpeg-4-libavresample-devel-4.4-150400.3.42.1 * libavfilter7_110-debuginfo-4.4-150400.3.42.1 * libpostproc55_9-4.4-150400.3.42.1 * ffmpeg-4-libavdevice-devel-4.4-150400.3.42.1 * libswresample3_9-debuginfo-4.4-150400.3.42.1 * libavresample4_0-debuginfo-4.4-150400.3.42.1 * openSUSE Leap 15.5 (x86_64) * libavresample4_0-32bit-4.4-150400.3.42.1 * libswresample3_9-32bit-4.4-150400.3.42.1 * libavfilter7_110-32bit-debuginfo-4.4-150400.3.42.1 * libavformat58_76-32bit-4.4-150400.3.42.1 * libpostproc55_9-32bit-4.4-150400.3.42.1 * libswresample3_9-32bit-debuginfo-4.4-150400.3.42.1 * libpostproc55_9-32bit-debuginfo-4.4-150400.3.42.1 * libswscale5_9-32bit-4.4-150400.3.42.1 * libswscale5_9-32bit-debuginfo-4.4-150400.3.42.1 * libavresample4_0-32bit-debuginfo-4.4-150400.3.42.1 * libavutil56_70-32bit-debuginfo-4.4-150400.3.42.1 * libavformat58_76-32bit-debuginfo-4.4-150400.3.42.1 * libavutil56_70-32bit-4.4-150400.3.42.1 * libavdevice58_13-32bit-debuginfo-4.4-150400.3.42.1 * libavdevice58_13-32bit-4.4-150400.3.42.1 * libavfilter7_110-32bit-4.4-150400.3.42.1 * libavcodec58_134-32bit-debuginfo-4.4-150400.3.42.1 * libavcodec58_134-32bit-4.4-150400.3.42.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * libavformat58_76-4.4-150400.3.42.1 * ffmpeg-4-libswscale-devel-4.4-150400.3.42.1 * libavdevice58_13-4.4-150400.3.42.1 * libavutil56_70-debuginfo-4.4-150400.3.42.1 * libpostproc55_9-debuginfo-4.4-150400.3.42.1 * ffmpeg-4-private-devel-4.4-150400.3.42.1 * libavformat58_76-debuginfo-4.4-150400.3.42.1 * libavfilter7_110-4.4-150400.3.42.1 * ffmpeg-4-4.4-150400.3.42.1 * ffmpeg-4-debuginfo-4.4-150400.3.42.1 * libswscale5_9-4.4-150400.3.42.1 *libavcodec58_134-4.4-150400.3.42.1 * libswscale5_9-debuginfo-4.4-150400.3.42.1 * ffmpeg-4-debugsource-4.4-150400.3.42.1 * ffmpeg-4-libavfilter-devel-4.4-150400.3.42.1 * ffmpeg-4-libavcodec-devel-4.4-150400.3.42.1 * libavutil56_70-4.4-150400.3.42.1 * ffmpeg-4-libavformat-devel-4.4-150400.3.42.1 * libavdevice58_13-debuginfo-4.4-150400.3.42.1 * ffmpeg-4-libswresample-devel-4.4-150400.3.42.1 * ffmpeg-4-libpostproc-devel-4.4-150400.3.42.1 * libavcodec58_134-debuginfo-4.4-150400.3.42.1 * libavresample4_0-4.4-150400.3.42.1 * libswresample3_9-4.4-150400.3.42.1 * ffmpeg-4-libavutil-devel-4.4-150400.3.42.1 * ffmpeg-4-libavresample-devel-4.4-150400.3.42.1 * libavfilter7_110-debuginfo-4.4-150400.3.42.1 * libpostproc55_9-4.4-150400.3.42.1 * ffmpeg-4-libavdevice-devel-4.4-150400.3.42.1 * libswresample3_9-debuginfo-4.4-150400.3.42.1 * libavresample4_0-debuginfo-4.4-150400.3.42.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libavformat58_76-4.4-150400.3.42.1 * libavutil56_70-debuginfo-4.4-150400.3.42.1 * libpostproc55_9-debuginfo-4.4-150400.3.42.1 * libpostproc55_9-4.4-150400.3.42.1 * libavcodec58_134-4.4-150400.3.42.1 * libavformat58_76-debuginfo-4.4-150400.3.42.1 * libswresample3_9-debuginfo-4.4-150400.3.42.1 * libavcodec58_134-debuginfo-4.4-150400.3.42.1 * ffmpeg-4-debugsource-4.4-150400.3.42.1 * ffmpeg-4-debuginfo-4.4-150400.3.42.1 * libswresample3_9-4.4-150400.3.42.1 * libavutil56_70-4.4-150400.3.42.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libavformat58_76-4.4-150400.3.42.1 * libavutil56_70-debuginfo-4.4-150400.3.42.1 * libpostproc55_9-debuginfo-4.4-150400.3.42.1 * libpostproc55_9-4.4-150400.3.42.1 * libavcodec58_134-4.4-150400.3.42.1 * libavformat58_76-debuginfo-4.4-150400.3.42.1 * libswresample3_9-debuginfo-4.4-150400.3.42.1 * libavcodec58_134-debuginfo-4.4-150400.3.42.1 *ffmpeg-4-debugsource-4.4-150400.3.42.1 * ffmpeg-4-debuginfo-4.4-150400.3.42.1 * libswresample3_9-4.4-150400.3.42.1 * libavutil56_70-4.4-150400.3.42.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * libavformat58_76-4.4-150400.3.42.1 * libavutil56_70-debuginfo-4.4-150400.3.42.1 * libpostproc55_9-debuginfo-4.4-150400.3.42.1 * libpostproc55_9-4.4-150400.3.42.1 * libavcodec58_134-4.4-150400.3.42.1 * libavformat58_76-debuginfo-4.4-150400.3.42.1 * libswresample3_9-debuginfo-4.4-150400.3.42.1 * libswscale5_9-debuginfo-4.4-150400.3.42.1 * libavcodec58_134-debuginfo-4.4-150400.3.42.1 * ffmpeg-4-debugsource-4.4-150400.3.42.1 * ffmpeg-4-debuginfo-4.4-150400.3.42.1 * libswresample3_9-4.4-150400.3.42.1 * libavutil56_70-4.4-150400.3.42.1 * libswscale5_9-4.4-150400.3.42.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) * libavformat58_76-4.4-150400.3.42.1 * libavutil56_70-debuginfo-4.4-150400.3.42.1 * libpostproc55_9-debuginfo-4.4-150400.3.42.1 * libpostproc55_9-4.4-150400.3.42.1 * libavcodec58_134-4.4-150400.3.42.1 * libavformat58_76-debuginfo-4.4-150400.3.42.1 * libswresample3_9-debuginfo-4.4-150400.3.42.1 * libavcodec58_134-debuginfo-4.4-150400.3.42.1 * ffmpeg-4-debugsource-4.4-150400.3.42.1 * ffmpeg-4-debuginfo-4.4-150400.3.42.1 * libswresample3_9-4.4-150400.3.42.1 * libavutil56_70-4.4-150400.3.42.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libavformat58_76-4.4-150400.3.42.1 * libavutil56_70-debuginfo-4.4-150400.3.42.1 * libpostproc55_9-debuginfo-4.4-150400.3.42.1 * libpostproc55_9-4.4-150400.3.42.1 * libavcodec58_134-4.4-150400.3.42.1 * libavformat58_76-debuginfo-4.4-150400.3.42.1 * libswresample3_9-debuginfo-4.4-150400.3.42.1 * libavcodec58_134-debuginfo-4.4-150400.3.42.1 * ffmpeg-4-debugsource-4.4-150400.3.42.1 * ffmpeg-4-debuginfo-4.4-150400.3.42.1 *libswresample3_9-4.4-150400.3.42.1 * libavutil56_70-4.4-150400.3.42.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * libavformat58_76-4.4-150400.3.42.1 * libavutil56_70-debuginfo-4.4-150400.3.42.1 * libavcodec58_134-4.4-150400.3.42.1 * libavformat58_76-debuginfo-4.4-150400.3.42.1 * libswresample3_9-debuginfo-4.4-150400.3.42.1 * libswscale5_9-debuginfo-4.4-150400.3.42.1 * libavcodec58_134-debuginfo-4.4-150400.3.42.1 * ffmpeg-4-debugsource-4.4-150400.3.42.1 * ffmpeg-4-debuginfo-4.4-150400.3.42.1 * libswresample3_9-4.4-150400.3.42.1 * libavutil56_70-4.4-150400.3.42.1 * libswscale5_9-4.4-150400.3.42.1 ## References: * https://www.suse.com/security/cve/CVE-2023-22656.html * https://www.suse.com/security/cve/CVE-2023-45221.html * https://www.suse.com/security/cve/CVE-2023-47169.html * https://www.suse.com/security/cve/CVE-2023-47282.html * https://www.suse.com/security/cve/CVE-2023-48368.html * https://www.suse.com/security/cve/CVE-2024-7055.html * https://bugzilla.suse.com/show_bug.cgi?id=1226892 * https://bugzilla.suse.com/show_bug.cgi?id=1226897 * https://bugzilla.suse.com/show_bug.cgi?id=1226898 * https://bugzilla.suse.com/show_bug.cgi?id=1226899 * https://bugzilla.suse.com/show_bug.cgi?id=1226900 * https://bugzilla.suse.com/show_bug.cgi?id=1226901 * https://bugzilla.suse.com/show_bug.cgi?id=1229026 * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FPED-10024&page_caps=&user_role= . SUSE reveals critical security enhancements for ffmpeg-4, tackling various vulnerabilities and deprecating certain features.. SUSE Linux, ffmpeg security, important updates, security patches. . Severity: Critical. LinuxSecurity.com Team
Sep 20, 2024
•Critical
SuSE
98
security advisoryRed Hatbuffer overflowRed Hat: RHSA-2023-1744 Important: Node.js DoS and Buffer Overflows
An update for rh-nodejs14-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: rh-nodejs14-nodejs security, bug fix, and enhancement update Advisory ID: RHSA-2023:1744-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2023:1744 Issue date: 2023-04-12 CVE Names: CVE-2022-4904 CVE-2022-25881 CVE-2022-38900 CVE-2023-23918 CVE-2023-23920 ==================================================================== 1. Summary: An update for rh-nodejs14-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for RHEL Workstation(v. 7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for RHEL(v. 7) - noarch, x86_64 3. Description: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs14-nodejs (14.21.3). Security Fix(es): * decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900) * c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904) * http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881) * Node.js: Permissions policies can be bypassed viaprocess.mainModule (CVE-2023-23918) * Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2153715 - rh-nodejs14-nodejs: Rebase to the latest Nodejs 14 release [rhscl-3] 2165824 - CVE-2022-25881 http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability 2168631 - CVE-2022-4904 c-ares: buffer overflow in config_sortlist() due to missing string length check 2170644 - CVE-2022-38900 decode-uri-component: improper input validation resulting in DoS 2171935 - CVE-2023-23918 Node.js: Permissions policies can be bypassed via process.mainModule 2172217 - CVE-2023-23920 Node.js: insecure loading of ICU data through ICU_DATA environment variable 6. Package List: Red Hat Software Collections for RHEL Workstation(v.7): Source: rh-nodejs14-3.6-2.el7.src.rpm rh-nodejs14-nodejs-14.21.3-2.el7.src.rpm noarch: rh-nodejs14-nodejs-docs-14.21.3-2.el7.noarch.rpm ppc64le: rh-nodejs14-3.6-2.el7.ppc64le.rpm rh-nodejs14-nodejs-14.21.3-2.el7.ppc64le.rpm rh-nodejs14-nodejs-debuginfo-14.21.3-2.el7.ppc64le.rpm rh-nodejs14-nodejs-devel-14.21.3-2.el7.ppc64le.rpm rh-nodejs14-nodejs-full-i18n-14.21.3-2.el7.ppc64le.rpm rh-nodejs14-npm-6.14.18-14.21.3.2.el7.ppc64le.rpm rh-nodejs14-runtime-3.6-2.el7.ppc64le.rpm rh-nodejs14-scldevel-3.6-2.el7.ppc64le.rpm s390x: rh-nodejs14-3.6-2.el7.s390x.rpm rh-nodejs14-nodejs-14.21.3-2.el7.s390x.rpm rh-nodejs14-nodejs-debuginfo-14.21.3-2.el7.s390x.rpm rh-nodejs14-nodejs-devel-14.21.3-2.el7.s390x.rpm rh-nodejs14-nodejs-full-i18n-14.21.3-2.el7.s390x.rpm rh-nodejs14-npm-6.14.18-14.21.3.2.el7.s390x.rpm rh-nodejs14-runtime-3.6-2.el7.s390x.rpm rh-nodejs14-scldevel-3.6-2.el7.s390x.rpm x86_64: rh-nodejs14-3.6-2.el7.x86_64.rpm rh-nodejs14-nodejs-14.21.3-2.el7.x86_64.rpm rh-nodejs14-nodejs-debuginfo-14.21.3-2.el7.x86_64.rpm rh-nodejs14-nodejs-devel-14.21.3-2.el7.x86_64.rpm rh-nodejs14-nodejs-full-i18n-14.21.3-2.el7.x86_64.rpm rh-nodejs14-npm-6.14.18-14.21.3.2.el7.x86_64.rpm rh-nodejs14-runtime-3.6-2.el7.x86_64.rpm rh-nodejs14-scldevel-3.6-2.el7.x86_64.rpm Red Hat Software Collections for RHEL(v. 7): Source: rh-nodejs14-3.6-2.el7.src.rpm rh-nodejs14-nodejs-14.21.3-2.el7.src.rpm noarch: rh-nodejs14-nodejs-docs-14.21.3-2.el7.noarch.rpm x86_64: rh-nodejs14-3.6-2.el7.x86_64.rpm rh-nodejs14-nodejs-14.21.3-2.el7.x86_64.rpm rh-nodejs14-nodejs-debuginfo-14.21.3-2.el7.x86_64.rpm rh-nodejs14-nodejs-devel-14.21.3-2.el7.x86_64.rpm rh-nodejs14-nodejs-full-i18n-14.21.3-2.el7.x86_64.rpm rh-nodejs14-npm-6.14.18-14.21.3.2.el7.x86_64.rpm rh-nodejs14-runtime-3.6-2.el7.x86_64.rpm rh-nodejs14-scldevel-3.6-2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2022-4904 https://access.redhat.com/security/cve/CVE-2022-25881 https://access.redhat.com/security/cve/CVE-2022-38900 https://access.redhat.com/security/cve/CVE-2023-23918 https://access.redhat.com/security/cve/CVE-2023-23920 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZDbdGdzjgjWX9erEAQh5GhAAoPyyv0xyLUVIQwW9jgcf7mGtY2vSPzo0 fU/lJqovRxFVYmM/tu3u0MwfgG/8rItXmNYw7/OBx5QoCSGQryIc2UwXHrGnxUk+ 6MNlaOxIS5eTwWj+nenOL8/ltfFiDnXT1DmdbyYVSPhUBJCUbiQlWV0vEbGQOCnI nm1JkP3hjk4l80uicLmSKCL2mE1GnOgON+K4S0uX0E3tLZald3oOzHM3sr73nXNP 1v9gwBx/zgihF2N+Qd7WjGXPDoW0R/W3w7T5S7uwSGrc1hOHK3adwtm8CK7rtqPz engUzY/gL0OiZ+Bl0hA687o70bJh4/ubyt3Cey2n2AxYSf1rOAmSZ0qFz8ziZnMw Um3W3jLzbryRBHaAxMWjnzsMNBLr0AaVhd0HmkF9gLxmKOguK/sZamwyqoEoAtkQ bUtcMUJgjGuIDVx+t0f335ouuInEwTbcfrLxolS+mWXGzHbeX4ukigy7u0Rwy0h1 D7eW8EcbPWJEemkUsVIp2l7n40xp2ZpkP++BFNcaOEWLIIJw9UxZRvb6vR8h/m3R mnd6gA5pF7dO7NcxjtFV+pvShOWtNXQzsWmLNi/YBVuXuGBSLcUpAdcQiCQEn5T9 Nf+Tt5CTtCfLxjd9HtXusZ+wxN+GhtDjn8+zbPrzMBBFXPK5cAisuAiOuUSq2dVI zgHTrdqIde4=/A6t -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 12, 2023
•Important
Red Hat
89
security advisoryfedoracriticalFedora 34: 2021-d206891379 Critical: Radare2 Improper Input Validation
Radare2 update version 5.4.0. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-d206891379 2021-09-29 01:07:02.642411 --------------------------------------------------------------------------------Name : radare2 Product : Fedora 34 Version : 5.4.0 Release : 1.fc34 URL : https://radare.org/ Summary : The reverse engineering framework Description : The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and function levels. --------------------------------------------------------------------------------Update Information: Radare2 update version 5.4.0 --------------------------------------------------------------------------------ChangeLog: * Sat Sep 18 2021 Henrik Nordstrom - 5.4.0-1 - Update to version 5.4.0 * Fri Jul 23 2021 Fedora Release Engineering - 5.3.1-1.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1989130 - CVE-2021-3673 radare2: improper input validation can lead to resource exhaustion when reading LE binary https://bugzilla.redhat.com/show_bug.cgi?id=1989130 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-d206891379' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Sep 28, 2021
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!