Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 8 articles for you...
219
security advisorydenial serviceimportantRocky Linux 9 RLSA-2026-10532 TigerVNC Significant Service Interruption
Important: tigervnc security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:10739", "synopsis": "Important: tigervnc security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for tigervnc.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.\n\nSecurity Fix(es):\n\n* xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling (CVE-2026-33999)\n\n* xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption (CVE-2026-34001)\n\n* xorg: xwayland: X.Org X server: Information exposure and denial of service via out-of-bounds memory access (CVE-2026-34003)\n\n* TigerVNC: x0vncserver: TigerVNC x0vncserver: Information disclosure, data manipulation, and denial of service via incorrect permissions (CVE-2026-34352)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2451106", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2451106", "description": ""}, {"ticket": "2451109", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2451109", "description": ""}, {"ticket": "2451113", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2451113", "description": ""}, {"ticket": "2452022", "sourceBy": "Red Hat", "sourceLink":"https://bugzilla.redhat.com/show_bug.cgi?id=2452022", "description": ""}], "cves": [{"name": "CVE-2026-33999", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33999", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-191"}, {"name": "CVE-2026-34001", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34001", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-825"}, {"name": "CVE-2026-34003", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34003", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-125"}, {"name": "CVE-2026-34352", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34352", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "cvss3BaseScore": "6.3", "cwe": "CWE-279"}], "references": [], "publishedAt": "2026-04-28T00:03:41.435121Z", "rpms": {"Rocky Linux 9": {"nvras": ["tigervnc-0:1.15.0-6.el9_7.1.aarch64.rpm", "tigervnc-0:1.15.0-6.el9_7.1.ppc64le.rpm", "tigervnc-0:1.15.0-6.el9_7.1.s390x.rpm", "tigervnc-0:1.15.0-6.el9_7.1.src.rpm", "tigervnc-0:1.15.0-6.el9_7.1.x86_64.rpm", "tigervnc-debuginfo-0:1.15.0-6.el9_7.1.aarch64.rpm", "tigervnc-debuginfo-0:1.15.0-6.el9_7.1.ppc64le.rpm", "tigervnc-debuginfo-0:1.15.0-6.el9_7.1.s390x.rpm", "tigervnc-debuginfo-0:1.15.0-6.el9_7.1.x86_64.rpm", "tigervnc-debugsource-0:1.15.0-6.el9_7.1.aarch64.rpm", "tigervnc-debugsource-0:1.15.0-6.el9_7.1.ppc64le.rpm", "tigervnc-debugsource-0:1.15.0-6.el9_7.1.s390x.rpm", "tigervnc-debugsource-0:1.15.0-6.el9_7.1.x86_64.rpm", "tigervnc-icons-0:1.15.0-6.el9_7.1.noarch.rpm", "tigervnc-license-0:1.15.0-6.el9_7.1.noarch.rpm", "tigervnc-selinux-0:1.15.0-6.el9_7.1.noarch.rpm", "tigervnc-server-0:1.15.0-6.el9_7.1.aarch64.rpm", "tigervnc-server-0:1.15.0-6.el9_7.1.ppc64le.rpm","tigervnc-server-0:1.15.0-6.el9_7.1.s390x.rpm", "tigervnc-server-0:1.15.0-6.el9_7.1.x86_64.rpm", "tigervnc-server-debuginfo-0:1.15.0-6.el9_7.1.aarch64.rpm", "tigervnc-server-debuginfo-0:1.15.0-6.el9_7.1.ppc64le.rpm", "tigervnc-server-debuginfo-0:1.15.0-6.el9_7.1.s390x.rpm", "tigervnc-server-debuginfo-0:1.15.0-6.el9_7.1.x86_64.rpm", "tigervnc-server-minimal-0:1.15.0-6.el9_7.1.aarch64.rpm", "tigervnc-server-minimal-0:1.15.0-6.el9_7.1.ppc64le.rpm", "tigervnc-server-minimal-0:1.15.0-6.el9_7.1.s390x.rpm", "tigervnc-server-minimal-0:1.15.0-6.el9_7.1.x86_64.rpm", "tigervnc-server-minimal-debuginfo-0:1.15.0-6.el9_7.1.aarch64.rpm", "tigervnc-server-minimal-debuginfo-0:1.15.0-6.el9_7.1.ppc64le.rpm", "tigervnc-server-minimal-debuginfo-0:1.15.0-6.el9_7.1.s390x.rpm", "tigervnc-server-minimal-debuginfo-0:1.15.0-6.el9_7.1.x86_64.rpm", "tigervnc-server-module-0:1.15.0-6.el9_7.1.aarch64.rpm", "tigervnc-server-module-0:1.15.0-6.el9_7.1.ppc64le.rpm", "tigervnc-server-module-0:1.15.0-6.el9_7.1.s390x.rpm", "tigervnc-server-module-0:1.15.0-6.el9_7.1.x86_64.rpm", "tigervnc-server-module-debuginfo-0:1.15.0-6.el9_7.1.aarch64.rpm", "tigervnc-server-module-debuginfo-0:1.15.0-6.el9_7.1.ppc64le.rpm", "tigervnc-server-module-debuginfo-0:1.15.0-6.el9_7.1.s390x.rpm", "tigervnc-server-module-debuginfo-0:1.15.0-6.el9_7.1.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Important security update for TigerVNC on Rocky Linux addressing multiple vulnerabilities. Immediate attention required.. tigervnc security update, Rocky Linux updates, remote display security, information disclosure, denial of service resolution. . Severity: Important. LinuxSecurity.com Team
Apr 28, 2026
•Important
Rocky Linux
89
security advisorycriticalFedoraUbuntu 24.04: 2024-a9d672gyd3 High: Monitoring Error Disclosure
Security fix for CVE-2024-21501. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-b8e474fbd3 2024-06-02 01:21:00.959089 -------------------------------------------------------------------------------- Name : glances Product : Fedora 40 Version : 4.0.5 Release : 2.fc40 URL : https://nicolargo.github.io/glances/ Summary : A cross-platform system monitoring tool Description : Glances is a cross-platform monitoring tool which aims to present a large amount of monitoring information through a curses or Web based interface. The information dynamically adapts depending on the size of the user interface It can also work in client/server mode. Remote monitoring could be done via terminal, Web interface or API (XML-RPC and RESTful). Stats can also be exported to files or external time/value databases. Glances is written in Python and uses libraries to grab information from your system. It is based on an open architecture where developers can add new plugins or exports modules. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2024-21501 -------------------------------------------------------------------------------- ChangeLog: * Fri May 24 2024 Ali Erdinc Koroglu - 4.0.5-1 - Update to 4.0.5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2207804 - glances-4.0.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=2207804 [ 2 ] Bug #2248802 - [abrt] glances: end(): glances_curses.py:514:end:_curses.error: nocbreak() returned ERR https://bugzilla.redhat.com/show_bug.cgi?id=2248802 [ 3 ] Bug #2266116 - TRIAGE CVE-2024-21501 glances: sanitize-html: Information Exposure when used on the backend [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266116 [ 4 ] Bug #2282299 - [abrt] glances: display_popup():glances_curses.py:976:display_popup:_curses.error: addnwstr() returned ERR https://bugzilla.redhat.com/show_bug.cgi?id=2282299 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-b8e474fbd3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jun 02, 2024
Fedora
172
security advisorycriticalremote accessUbuntu 23.04 LTS USN-6155-1 Critical: Requests Info Exposure
Requests could be made to expose sensitive information over the network.. =========================================================================Ubuntu Security Notice USN-6155-1 June 12, 2023 requests vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Requests could be made to expose sensitive information over the network. Software Description: - requests: elegant and simple HTTP library for Python Details: Dennis Brinkrolf and Tobias Funke discovered that Requests incorrectly leaked Proxy-Authorization headers. A remote attacker could possibly use this issue to obtain sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: python3-requests 2.28.1+dfsg-1ubuntu1.1 Ubuntu 22.10: python3-requests 2.27.1+dfsg-1ubuntu2.1 Ubuntu 22.04 LTS: python3-requests 2.25.1+dfsg-2ubuntu0.1 Ubuntu 20.04 LTS: python3-requests 2.22.0-2ubuntu1.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6155-1 CVE-2023-32681 Package Information: https://launchpad.net/ubuntu/+source/requests/2.28.1+dfsg-1ubuntu1.1 https://launchpad.net/ubuntu/+source/requests/2.27.1+dfsg-1ubuntu2.1 https://launchpad.net/ubuntu/+source/requests/2.25.1+dfsg-2ubuntu0.1 https://launchpad.net/ubuntu/+source/requests/2.22.0-2ubuntu1.1 . Strengthen your Ubuntu setup against the Requests vulnerability, a serious threat to sensitive network data, by following these steps to secure and update your system. Ubuntu Security, Python Requests, Network Security, Information Disclosure, Threat Mitigation. . Severity: Critical. LinuxSecurity.com Team
Jun 12, 2023
•Critical
Ubuntu
172
security advisorymoderate severityubuntuUbuntu 22.10: USN-5994-1 Moderate: HAProxy Info Exposure
HAProxy could be made to expose sensitive information over the network.. =========================================================================Ubuntu Security Notice USN-5994-1 April 03, 2023 haproxy vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 - Ubuntu 22.04 LTS Summary: HAProxy could be made to expose sensitive information over the network. Software Description: - haproxy: fast and reliable load balancing reverse proxy Details: It was discovered that HAProxy incorrectly initialized certain connection buffers. A remote attacker could possibly use this issue to obtain sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: haproxy 2.4.18-1ubuntu1.3 Ubuntu 22.04 LTS: haproxy 2.4.18-0ubuntu1.3 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5994-1 CVE-2023-0836 Package Information: https://launchpad.net/ubuntu/+source/haproxy/2.4.18-1ubuntu1.3 https://launchpad.net/ubuntu/+source/haproxy/2.4.18-0ubuntu1.3 . Ubuntu versions 22.10 and 22.04 LTS have vulnerabilities related to HAProxy potentially exposing confidential network details. It's advised to apply the latest updates promptly.. HAProxy, Information Exposure, Network Threat, Security Update. . LinuxSecurity.com Team
Apr 03, 2023
Ubuntu
172
security advisorycriticalUbuntuUbuntu 22.10: 5993-1 Critical: Samba Info Exposure Security Issue
Samba could be made to expose sensitive information over the network.. =========================================================================Ubuntu Security Notice USN-5993-1 April 03, 2023 samba vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Samba could be made to expose sensitive information over the network. Software Description: - samba: SMB/CIFS file, print, and login server for Unix Details: Demi Marie Obenour discovered that the Samba LDAP server incorrectly handled certain confidential attribute values. A remote authenticated attacker could possibly use this issue to obtain certain sensitive information. (CVE-2023-0614) Andrew Bartlett discovered that the Samba AD DC admin tool incorrectly sent passwords in cleartext. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2023-0922) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: samba 2:4.16.8+dfsg-0ubuntu1.1 Ubuntu 22.04 LTS: samba 2:4.15.13+dfsg-0ubuntu1.1 Ubuntu 20.04 LTS: samba 2:4.15.13+dfsg-0ubuntu0.20.04.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5993-1 CVE-2023-0614, CVE-2023-0922 Package Information: https://launchpad.net/ubuntu/+source/samba/2:4.16.8+dfsg-0ubuntu1.1 https://launchpad.net/ubuntu/+source/samba/2:4.15.13+dfsg-0ubuntu1.1 https://launchpad.net/ubuntu/+source/samba/2:4.15.13+dfsg-0ubuntu0.20.04.2 . Enhance your Ubuntu system security and mitigate Samba vulnerabilities with these update strategies, improving sensitive data protection without risk. Samba Vulnerability Information, Ubuntu SambaSecurity, Data Exposure Risk, Samba Cleartext Issues. . Severity: Critical. LinuxSecurity.com Team
Apr 03, 2023
•Critical
Ubuntu
172
security advisorydenial of servicekernelUbuntu 22.10: USN-5970-1 Critical: Kernel Security Issues Fixed
Several security issues were fixed in the Linux kernel.. =========================================================================Ubuntu Security Notice USN-5970-1 March 23, 2023 linux, linux-aws, linux-azure, linux-gcp, linux-ibm, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-ibm: Linux kernel for IBM cloud systems - linux-kvm: Linux kernel for cloud environments - linux-lowlatency: Linux low latency kernel - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi: Linux kernel for Raspberry Pi systems Details: It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. (CVE-2022-2196) It was discovered that a race condition existed in the Xen network backend driver in the Linux kernel when handling dropped packets in certain circumstances. An attacker could use this to cause a denial of service (kernel deadlock). (CVE-2022-42328, CVE-2022-42329) Gerald Lee discovered that the USB Gadget file system implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-4382) José Oliveira and Rodrigo Branco discovered that the prctl syscall implementation in the Linux kernel did notproperly protect against indirect branch prediction attacks in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2023-0045) It was discovered that a use-after-free vulnerability existed in the Advanced Linux Sound Architecture (ALSA) subsystem. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-0266) It was discovered that the io_uring subsystem in the Linux kernel contained a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2023-0469) It was discovered that the CIFS network file system implementation in the Linux kernel contained a user-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2023-1195) It was discovered that the RNDIS USB driver in the Linux kernel contained an integer overflow vulnerability. A local attacker with physical access could plug in a malicious USB device to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-23559) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: linux-image-5.19.0-1015-raspi 5.19.0-1015.22 linux-image-5.19.0-1015-raspi-nolpae 5.19.0-1015.22 linux-image-5.19.0-1019-gcp 5.19.0-1019.21 linux-image-5.19.0-1019-ibm 5.19.0-1019.21 linux-image-5.19.0-1019-oracle 5.19.0-1019.22 linux-image-5.19.0-1020-kvm 5.19.0-1020.21 linux-image-5.19.0-1021-lowlatency 5.19.0-1021.22 linux-image-5.19.0-1021-lowlatency-64k 5.19.0-1021.22 linux-image-5.19.0-1022-aws 5.19.0-1022.23 linux-image-5.19.0-1022-azure 5.19.0-1022.23 linux-image-5.19.0-38-generic 5.19.0-38.39 linux-image-5.19.0-38-generic-64k 5.19.0-38.39 linux-image-5.19.0-38-generic-lpae 5.19.0-38.39 linux-image-aws 5.19.0.1022.19 linux-image-azure 5.19.0.1022.18 linux-image-gcp 5.19.0.1019.16 linux-image-generic 5.19.0.38.34 linux-image-generic-64k 5.19.0.38.34 linux-image-generic-lpae 5.19.0.38.34 linux-image-ibm 5.19.0.1019.16 linux-image-kvm 5.19.0.1020.17 linux-image-lowlatency 5.19.0.1021.17 linux-image-lowlatency-64k 5.19.0.1021.17 linux-image-oracle 5.19.0.1019.16 linux-image-raspi 5.19.0.1015.14 linux-image-raspi-nolpae 5.19.0.1015.14 linux-image-virtual 5.19.0.38.34 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-5970-1 CVE-2022-2196, CVE-2022-42328, CVE-2022-42329, CVE-2022-4382, CVE-2023-0045, CVE-2023-0266, CVE-2023-0469, CVE-2023-1195, CVE-2023-23559 Package Information: https://launchpad.net/ubuntu/+source/linux/5.19.0-38.39 https://launchpad.net/ubuntu/+source/linux-aws/5.19.0-1022.23 https://launchpad.net/ubuntu/+source/linux-azure/5.19.0-1022.23 https://launchpad.net/ubuntu/+source/linux-gcp/5.19.0-1019.21 https://launchpad.net/ubuntu/+source/linux-ibm/5.19.0-1019.21 https://launchpad.net/ubuntu/+source/linux-kvm/5.19.0-1020.21 https://launchpad.net/ubuntu/+source/linux-lowlatency/5.19.0-1021.22 https://launchpad.net/ubuntu/+source/linux-oracle/5.19.0-1019.22 https://launchpad.net/ubuntu/+source/linux-raspi/5.19.0-1015.22 .Numerous patches released to address vulnerabilities tied to the Linux kernel in different Ubuntu versions.. Ubuntu Kernel Issues, Security Fixes, Linux Update Instructions. . Severity: Critical. LinuxSecurity.com Team
Mar 24, 2023
•Critical
Ubuntu
100
security advisorysquidSUSESUSE: 2022:3531-1 Important: Squid Buffer Overread & Info Exposure
An update that fixes two vulnerabilities is now available. . SUSE Security Update: Security update for squid ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3531-1 Rating: important References: #1203677 #1203680 Cross-References: CVE-2022-41317 CVE-2022-41318 CVSS scores: CVE-2022-41317 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-41318 (SUSE): 8.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for squid fixes the following issues: Updated squid to version 5.7: - CVE-2022-41317: Fixed exposure of sensitive information in cache manager (bsc#1203677). - CVE-2022-41318: Fixed buffer overread in SSPI and SMB Authentication (bsc#1203680). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3531=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3531=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): squid-5.7-150400.3.6.1 squid-debuginfo-5.7-150400.3.6.1 squid-debugsource-5.7-150400.3.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): squid-5.7-150400.3.6.1 squid-debuginfo-5.7-150400.3.6.1 squid-debugsource-5.7-150400.3.6.1 References: https://www.suse.com/security/cve/CVE-2022-41317.html https://www.suse.com/security/cve/CVE-2022-41318.html https://bugzilla.suse.com/1203677 https://bugzilla.suse.com/1203680 . SUSE Security Update brings critical improvements for openvpn. Find information on security threats and update guidelines below.. SUSE Squid Update, Info Exposure Fix, Buffer Overread Patch. . Severity: Important. LinuxSecurity.com Team
Oct 06, 2022
•Important
SuSE
100
security advisorySUSEinfo exposureSUSE: 2022:3533-1 Important: Squid Buffer Overread and Info Exposure
An update that fixes two vulnerabilities is now available. . SUSE Security Update: Security update for squid ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3533-1 Rating: important References: #1203677 #1203680 Cross-References: CVE-2022-41317 CVE-2022-41318 CVSS scores: CVE-2022-41317 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-41318 (SUSE): 8.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for squid fixes the following issues: - CVE-2022-41317: Fixed exposure of sensitive information in cache manager (bsc#1203677). - CVE-2022-41318: Fixed buffer overread in SSPI and SMB Authentication (bsc#1203680). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3533=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3533=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3533=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3533=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patchSUSE-SLE-SERVER-12-SP3-BCL-2022-3533=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3533=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): squid-3.5.21-26.38.1 squid-debuginfo-3.5.21-26.38.1 squid-debugsource-3.5.21-26.38.1 - SUSE OpenStack Cloud 9 (x86_64): squid-3.5.21-26.38.1 squid-debuginfo-3.5.21-26.38.1 squid-debugsource-3.5.21-26.38.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): squid-3.5.21-26.38.1 squid-debuginfo-3.5.21-26.38.1 squid-debugsource-3.5.21-26.38.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): squid-3.5.21-26.38.1 squid-debuginfo-3.5.21-26.38.1 squid-debugsource-3.5.21-26.38.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): squid-3.5.21-26.38.1 squid-debuginfo-3.5.21-26.38.1 squid-debugsource-3.5.21-26.38.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): squid-3.5.21-26.38.1 squid-debuginfo-3.5.21-26.38.1 squid-debugsource-3.5.21-26.38.1 References: https://www.suse.com/security/cve/CVE-2022-41317.html https://www.suse.com/security/cve/CVE-2022-41318.html https://bugzilla.suse.com/1203677 https://bugzilla.suse.com/1203680 . SUSE has released a significant patch for nginx, addressing two severe vulnerabilities found in its security protocol with this memorandum.. SUSE Linux Update,squid Security Fix,Security Advisory. . Severity: Important. LinuxSecurity.com Team
Oct 06, 2022
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!