Alerts This Week
Warning Icon 1 697
Alerts This Week
Warning Icon 1 697

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":547,"type":"x","order":1,"pct":78.48,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.88,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.34,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 7 articles for you...
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedoralocal exploit

Fedora 43 smb4k 4.0.6 Advisory 2026-9250fdf5cb - Local Exploit Resolved

Update to version 4.0.6. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-9250fdf5cb 2026-04-18 00:52:25.911659+00:00 -------------------------------------------------------------------------------- Name : smb4k Product : Fedora 43 Version : 4.0.6 Release : 1.fc43 URL : https://smb4k.sourceforge.net/ Summary : The SMB/CIFS Share Browser for KDE Description : Smb4K is an SMB/CIFS share browser for KDE. It uses the Samba software suite to access the SMB/CIFS shares of the local network neighborhood. Its purpose is to provide a program that's easy to use and has as many features as possible. -------------------------------------------------------------------------------- Update Information: Update to version 4.0.6 -------------------------------------------------------------------------------- ChangeLog: * Sun Feb 15 2026 Packit - 4.0.6-1 - Update to version 4.0.6 - Resolves: rhbz#2365800 * Sat Jan 17 2026 Fedora Release Engineering - 4.0.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2365800 - smb4k-4.0.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=2365800 [ 2 ] Bug #2443264 - CVE-2025-66003 smb4k: smb4k local root exploit [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2443264 [ 3 ] Bug #2443268 - CVE-2025-66002 smb4k: SMB4K Arbitrary Mount [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2443268 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-9250fdf5cb' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages aresigned with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Stay updated with Fedora's SMB4K 4.0.6 for enhanced network sharing features and fixes.. Fedora update, smb4k application, Samba, KDE, exploit resolution. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Apr 18, 2026 Important Fedora
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedoraupdate process

Fedora 44 gstreamer1-plugins-bad-free Update 1.28.1 Advisory 2026

1.28.1. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-9cfb46ac78 2026-03-14 00:15:28.464474+00:00 -------------------------------------------------------------------------------- Name : gstreamer1-plugins-bad-free Product : Fedora 44 Version : 1.28.1 Release : 1.fc44 URL : http://gstreamer.freedesktop.org/ Summary : GStreamer streaming media framework "bad" plugins Description : GStreamer is a streaming media framework, based on graphs of elements which operate on media data. This package contains plug-ins that aren't tested well enough, or the code is not of good enough quality. -------------------------------------------------------------------------------- Update Information: 1.28.1 -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 26 2026 Gwyn Ciesla - 1.28.1-1 - 1.28.1 * Mon Feb 16 2026 Marcin Juszkiewicz - 1.28.0-5 - Disable onnx on riscv64 port * Fri Feb 6 2026 Yaakov Selkowitz - 1.28.0-4 - Move HIP plugin to main package -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-9cfb46ac78' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Fedora 44 gstreamer1-plugins-bad-free update 1.28.1 provides essential change log. Learn how to upgrade securely.. Fedora gstreamer update security instructions. . Severity: Informational. LinuxSecurity.com Team

Calendar 2 Mar 14, 2026 Informational Fedora
Banner 3 1028x280 1708121785 1771599793
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorymoderateSuSE

SUSE libsodium Moderate Security Fix CVE-2025-15444 2026-20354-1

An update that solves one vulnerability can now be installed.. # Security update for libsodium Announcement ID: SUSE-SU-2026:20354-1 Release Date: 2026-01-13T13:25:04Z Rating: moderate References: * bsc#1256070 Cross-References: * CVE-2025-15444 CVSS scores: * CVE-2025-15444 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2025-15444 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for libsodium fixes the following issues: * CVE-2025-15444: missing checks when validating elliptic curve points allows for cryptographic bypass (bsc#1256070). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-373=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * libsodium-debugsource-1.0.18-slfo.1.1_2.1 * libsodium23-debuginfo-1.0.18-slfo.1.1_2.1 * libsodium23-1.0.18-slfo.1.1_2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-15444.html * https://bugzilla.suse.com/show_bug.cgi?id=1256070 . SUSE security update for libsodium resolves moderate issues linked to cryptographic bypass vulnerabilities. Install recommended update.. SUSE update, libsodium, security patch, cryptographic fix, moderate threat. . LinuxSecurity.com Team

Calendar 2 Feb 17, 2026 SuSE
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorymoderatesuse

SUSE: 2025:02017-1 moderate: s390-tools vulnerability CVE-2025-3416

* bsc#1242622 * jsc#PED-12028 Cross-References: * CVE-2025-3416 . # Security update for s390-tools Announcement ID: SUSE-SU-2025:02017-1 Release Date: 2025-06-19T07:14:57Z Rating: moderate References: * bsc#1242622 * jsc#PED-12028 Cross-References: * CVE-2025-3416 CVSS scores: * CVE-2025-3416 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-3416 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-3416 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability and contains one feature can now be installed. ## Description: This update for s390-tools fixes the following issues: Security issues fixed: * CVE-2025-3416: Fixed Use-After-Free in Md::fetch and Cipher::fetch in rust- openssl crate. (bsc#1242622) Other issues: * Added the new IBM z17 (9175) processor type. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-2017=1 ## Package List: * Basesystem Module 15-SP7 (s390x) * osasnmpd-debuginfo-2.37.0-150700.4.3.1 * osasnmpd-2.37.0-150700.4.3.1 * s390-tools-chreipl-fcp-mpath-2.37.0-150700.4.3.1 * s390-tools-zdsfs-2.37.0-150700.4.3.1 * s390-tools-debugsource-2.37.0-150700.4.3.1 * libekmfweb1-devel-2.37.0-150700.4.3.1 * libekmfweb1-2.37.0-150700.4.3.1 * s390-tools-debuginfo-2.37.0-150700.4.3.1 * libkmipclient1-debuginfo-2.37.0-150700.4.3.1 * libekmfweb1-debuginfo-2.37.0-150700.4.3.1 * libkmipclient1-2.37.0-150700.4.3.1 *s390-tools-hmcdrvfs-2.37.0-150700.4.3.1 * s390-tools-zdsfs-debuginfo-2.37.0-150700.4.3.1 * s390-tools-hmcdrvfs-debuginfo-2.37.0-150700.4.3.1 * Basesystem Module 15-SP7 (s390x x86_64) * s390-tools-2.37.0-150700.4.3.1 * Basesystem Module 15-SP7 (noarch) * s390-tools-genprotimg-data-2.37.0-150700.4.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-3416.html * https://bugzilla.suse.com/show_bug.cgi?id=1242622 * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FPED-12028&page_caps=&user_role= . Recent critical patch released for s390-tools tackling CVE-2025-3416. Detailed installation guidance is provided.. s390-tools update, SUSE security, installation instructions, CVE-2025-3416, moderate vulnerability. . LinuxSecurity.com Team

Calendar 2 Jun 19, 2025 SuSE
Banner 3 1028x280 1708121785 1771599793
100
Ls Advisories Suse Esm H240
Price Tag 1security advisoryupdatethreat

SUSE: 2025:0616-1 important: postgresql17 SQL injection threat

* bsc#1237093 Cross-References: * CVE-2025-1094 . # Security update for postgresql17 Announcement ID: SUSE-SU-2025:0616-1 Release Date: 2025-02-21T10:42:50Z Rating: important References: * bsc#1237093 Cross-References: * CVE-2025-1094 CVSS scores: * CVE-2025-1094 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-1094 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-1094 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * Server Applications Module 15-SP6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP6 An update that solves one vulnerability can now be installed. ## Description: This update for postgresql17 fixes the following issues: Upgrade to 17.4: * CVE-2025-1094: Harden PQescapeString and allied functions against invalidly- encoded input strings (bsc#1237093). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-616=1 * Server Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-616=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-616=1 openSUSE-SLE-15.6-2025-616=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-616=1 ## Package List: * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64) * postgresql17-llvmjit-debuginfo-17.4-150600.13.10.1 * postgresql17-debugsource-17.4-150600.13.10.1 * postgresql17-llvmjit-devel-17.4-150600.13.10.1 *postgresql17-debuginfo-17.4-150600.13.10.1 * postgresql17-llvmjit-17.4-150600.13.10.1 * postgresql17-test-17.4-150600.13.10.1 * Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * postgresql17-plperl-17.4-150600.13.10.1 * postgresql17-debugsource-17.4-150600.13.10.1 * postgresql17-server-devel-debuginfo-17.4-150600.13.10.1 * postgresql17-plperl-debuginfo-17.4-150600.13.10.1 * postgresql17-pltcl-debuginfo-17.4-150600.13.10.1 * postgresql17-server-debuginfo-17.4-150600.13.10.1 * libecpg6-debuginfo-17.4-150600.13.10.1 * postgresql17-plpython-17.4-150600.13.10.1 * postgresql17-plpython-debuginfo-17.4-150600.13.10.1 * postgresql17-server-17.4-150600.13.10.1 * postgresql17-server-devel-17.4-150600.13.10.1 * postgresql17-debuginfo-17.4-150600.13.10.1 * postgresql17-contrib-17.4-150600.13.10.1 * postgresql17-devel-17.4-150600.13.10.1 * libecpg6-17.4-150600.13.10.1 * postgresql17-contrib-debuginfo-17.4-150600.13.10.1 * postgresql17-pltcl-17.4-150600.13.10.1 * postgresql17-devel-debuginfo-17.4-150600.13.10.1 * Server Applications Module 15-SP6 (noarch) * postgresql17-docs-17.4-150600.13.10.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * postgresql17-llvmjit-debuginfo-17.4-150600.13.10.1 * postgresql17-devel-mini-debuginfo-17.4-150600.13.10.1 * postgresql17-server-devel-debuginfo-17.4-150600.13.10.1 * libpq5-17.4-150600.13.10.1 * libecpg6-debuginfo-17.4-150600.13.10.1 * postgresql17-server-17.4-150600.13.10.1 * postgresql17-test-17.4-150600.13.10.1 * postgresql17-mini-debugsource-17.4-150600.13.10.1 * postgresql17-contrib-17.4-150600.13.10.1 * postgresql17-plperl-17.4-150600.13.10.1 * postgresql17-17.4-150600.13.10.1 * libecpg6-17.4-150600.13.10.1 * postgresql17-server-debuginfo-17.4-150600.13.10.1 * libpq5-debuginfo-17.4-150600.13.10.1 * postgresql17-debuginfo-17.4-150600.13.10.1 * postgresql17-devel-17.4-150600.13.10.1 *postgresql17-contrib-debuginfo-17.4-150600.13.10.1 * postgresql17-devel-debuginfo-17.4-150600.13.10.1 * postgresql17-debugsource-17.4-150600.13.10.1 * postgresql17-plperl-debuginfo-17.4-150600.13.10.1 * postgresql17-pltcl-debuginfo-17.4-150600.13.10.1 * postgresql17-devel-mini-17.4-150600.13.10.1 * postgresql17-plpython-17.4-150600.13.10.1 * postgresql17-plpython-debuginfo-17.4-150600.13.10.1 * postgresql17-server-devel-17.4-150600.13.10.1 * postgresql17-llvmjit-devel-17.4-150600.13.10.1 * postgresql17-llvmjit-17.4-150600.13.10.1 * postgresql17-pltcl-17.4-150600.13.10.1 * openSUSE Leap 15.6 (x86_64) * libecpg6-32bit-debuginfo-17.4-150600.13.10.1 * libpq5-32bit-17.4-150600.13.10.1 * libecpg6-32bit-17.4-150600.13.10.1 * libpq5-32bit-debuginfo-17.4-150600.13.10.1 * openSUSE Leap 15.6 (noarch) * postgresql17-docs-17.4-150600.13.10.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libpq5-64bit-17.4-150600.13.10.1 * libecpg6-64bit-17.4-150600.13.10.1 * libecpg6-64bit-debuginfo-17.4-150600.13.10.1 * libpq5-64bit-debuginfo-17.4-150600.13.10.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * postgresql17-debugsource-17.4-150600.13.10.1 * libpq5-17.4-150600.13.10.1 * libpq5-debuginfo-17.4-150600.13.10.1 * postgresql17-debuginfo-17.4-150600.13.10.1 * postgresql17-17.4-150600.13.10.1 * Basesystem Module 15-SP6 (x86_64) * libpq5-32bit-17.4-150600.13.10.1 * libpq5-32bit-debuginfo-17.4-150600.13.10.1 ## References: * https://www.suse.com/security/cve/CVE-2025-1094.html * https://bugzilla.suse.com/show_bug.cgi?id=1237093 . A crucial update for PostgreSQL 17 has been released, addressing serious vulnerabilities. Apply this security patch immediately to protect your database.. PostgreSQL security threat, SUSE PostgreSQL update, important PostgreSQL patch. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Feb 21, 2025 Important SuSE
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorysecurity issuemoderate severity

SUSE: 2024:0305-3 Moderate: Cpio Security Issue CVE-2023-7207

* bsc#1218571 * bsc#1219238 Cross-References: * CVE-2023-7207 . # Security update for cpio Announcement ID: SUSE-SU-2024:0305-3 Rating: moderate References: * bsc#1218571 * bsc#1219238 Cross-References: * CVE-2023-7207 CVSS scores: * CVE-2023-7207 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise Micro 5.5 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for cpio fixes the following issues: * Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-305=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * cpio-debuginfo-2.13-150400.3.6.1 * cpio-2.13-150400.3.6.1 * cpio-debugsource-2.13-150400.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-7207.html * https://bugzilla.suse.com/show_bug.cgi?id=1218571 * https://bugzilla.suse.com/show_bug.cgi?id=1219238 . A critical patch for cpio has been released to mitigate CVE-2023-7207 in SUSE Linux Enterprise Micro version 5.5.. cpio security fix, SUSE update, cpio patch, Linux vulnerabilities. . LinuxSecurity.com Team

Calendar 2 Aug 19, 2024 SuSE
Banner 3 1028x280 1708121785 1771599793
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorycritical issueinstall instructions

SUSE: 2022:2374-1 Important: xorg-x11-server Critical Out-Of-Bounds Issues

An update that fixes two vulnerabilities is now available. . SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2374-1 Rating: important References: #1194179 #1194181 Cross-References: CVE-2022-2319 CVE-2022-2320 CVSS scores: CVE-2022-2320 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2022-2319: Fixed out-of-bounds access in _CheckSetSections() (ZDI-CAN-16062) (bsc#1194179). - CVE-2022-2320: Fixed out-of-bounds access in CheckSetDeviceIndicators() (ZDI-CAN-16070) (bsc#1194181). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2374=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2374=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2374=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patchSUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2374=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2374=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2374=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): xorg-x11-server-1.20.3-150100.14.5.25.1 xorg-x11-server-debuginfo-1.20.3-150100.14.5.25.1 xorg-x11-server-debugsource-1.20.3-150100.14.5.25.1 xorg-x11-server-extra-1.20.3-150100.14.5.25.1 xorg-x11-server-extra-debuginfo-1.20.3-150100.14.5.25.1 xorg-x11-server-sdk-1.20.3-150100.14.5.25.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-150100.14.5.25.1 xorg-x11-server-debuginfo-1.20.3-150100.14.5.25.1 xorg-x11-server-debugsource-1.20.3-150100.14.5.25.1 xorg-x11-server-extra-1.20.3-150100.14.5.25.1 xorg-x11-server-extra-debuginfo-1.20.3-150100.14.5.25.1 xorg-x11-server-sdk-1.20.3-150100.14.5.25.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): xorg-x11-server-1.20.3-150100.14.5.25.1 xorg-x11-server-debuginfo-1.20.3-150100.14.5.25.1 xorg-x11-server-debugsource-1.20.3-150100.14.5.25.1 xorg-x11-server-extra-1.20.3-150100.14.5.25.1 xorg-x11-server-extra-debuginfo-1.20.3-150100.14.5.25.1 xorg-x11-server-sdk-1.20.3-150100.14.5.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): xorg-x11-server-1.20.3-150100.14.5.25.1 xorg-x11-server-debuginfo-1.20.3-150100.14.5.25.1 xorg-x11-server-debugsource-1.20.3-150100.14.5.25.1 xorg-x11-server-extra-1.20.3-150100.14.5.25.1 xorg-x11-server-extra-debuginfo-1.20.3-150100.14.5.25.1 xorg-x11-server-sdk-1.20.3-150100.14.5.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): xorg-x11-server-1.20.3-150100.14.5.25.1 xorg-x11-server-debuginfo-1.20.3-150100.14.5.25.1 xorg-x11-server-debugsource-1.20.3-150100.14.5.25.1 xorg-x11-server-extra-1.20.3-150100.14.5.25.1 xorg-x11-server-extra-debuginfo-1.20.3-150100.14.5.25.1 xorg-x11-server-sdk-1.20.3-150100.14.5.25.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): xorg-x11-server-1.20.3-150100.14.5.25.1 xorg-x11-server-debuginfo-1.20.3-150100.14.5.25.1 xorg-x11-server-debugsource-1.20.3-150100.14.5.25.1 xorg-x11-server-extra-1.20.3-150100.14.5.25.1 xorg-x11-server-extra-debuginfo-1.20.3-150100.14.5.25.1 xorg-x11-server-sdk-1.20.3-150100.14.5.25.1 - SUSE CaaS Platform 4.0 (x86_64): xorg-x11-server-1.20.3-150100.14.5.25.1 xorg-x11-server-debuginfo-1.20.3-150100.14.5.25.1 xorg-x11-server-debugsource-1.20.3-150100.14.5.25.1 xorg-x11-server-extra-1.20.3-150100.14.5.25.1 xorg-x11-server-extra-debuginfo-1.20.3-150100.14.5.25.1 xorg-x11-server-sdk-1.20.3-150100.14.5.25.1 References: https://www.suse.com/security/cve/CVE-2022-2319.html https://www.suse.com/security/cve/CVE-2022-2320.html https://bugzilla.suse.com/1194179 https://bugzilla.suse.com/1194181 . This patch resolves critical vulnerabilities in xorg-x11-server, improving both system security and reliability.. SUSE Linux Enterprise Server Update,xorg-x11-server Fix,payload Security Patch,system Stability Enhancement. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jul 12, 2022 Important SuSE
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisorycriticalmemory access

openSUSE: 2022:10010-1 Critical: Chromium Memory Access Flaws

An update that fixes four vulnerabilities is now available. . openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10010-1 Rating: critical References: #1200139 #1200423 Cross-References: CVE-2022-2007 CVE-2022-2008 CVE-2022-2010 CVE-2022-2011 Affected Products: openSUSE Backports SLE-15-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for chromium fixes the following issues: - Chromium 102.0.5005.115 (boo#1200423) * CVE-2022-2007: Use after free in WebGPU * CVE-2022-2008: Out of bounds memory access in WebGL * CVE-2022-2010: Out of bounds read in compositing * CVE-2022-2011: Use after free in ANGLE Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2022-10010=1 Package List: - openSUSE Backports SLE-15-SP4 (aarch64 x86_64): chromedriver-102.0.5005.115-bp154.2.8.1 chromium-102.0.5005.115-bp154.2.8.1 References: https://www.suse.com/security/cve/CVE-2022-2007.html https://www.suse.com/security/cve/CVE-2022-2008.html https://www.suse.com/security/cve/CVE-2022-2010.html https://www.suse.com/security/cve/CVE-2022-2011.html https://bugzilla.suse.com/1200139 https://bugzilla.suse.com/1200423 . Important patch for openSUSE targets four security flaws in Chromium. Comprehensive information on vulnerabilities and remedial actions provided.. openSUSE Security Update, Critical Chromium Update, Web Security Patch. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jun 15, 2022 Critical OpenSUSE
Banner 3 1028x280 1708121785 1771599793
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":547,"type":"x","order":1,"pct":78.48,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.88,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.34,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here