Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
100
security advisorymoderate severitydaemon issueSUSE: 2020:2712-1 Moderate: Openldap2 Daemon Path Issue
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2712-1 Rating: moderate References: #1175568 Cross-References: CVE-2020-8027 Affected Products: SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Linux Enterprise Module for Legacy Software 15-SP1 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openldap2 fixes the following issues: - CVE-2020-8027: openldap_update_modules_path.sh starts daemons unconditionally and uses fixed paths in /tmp (bsc#1175568). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-2712=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2020-2712=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2020-2712=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-2712=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2712=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2712=1 Package List: - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): openldap2-back-meta-2.4.46-9.37.1 openldap2-back-meta-debuginfo-2.4.46-9.37.1 openldap2-back-perl-2.4.46-9.37.1 openldap2-back-perl-debuginfo-2.4.46-9.37.1 openldap2-debuginfo-2.4.46-9.37.1 openldap2-debugsource-2.4.46-9.37.1 openldap2-ppolicy-check-password-1.2-9.37.1 openldap2-ppolicy-check-password-debuginfo-1.2-9.37.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64): openldap2-2.4.46-9.37.1 openldap2-back-meta-2.4.46-9.37.1 openldap2-back-meta-debuginfo-2.4.46-9.37.1 openldap2-back-perl-2.4.46-9.37.1 openldap2-back-perl-debuginfo-2.4.46-9.37.1 openldap2-debuginfo-2.4.46-9.37.1 openldap2-debugsource-2.4.46-9.37.1 openldap2-ppolicy-check-password-1.2-9.37.1 openldap2-ppolicy-check-password-debuginfo-1.2-9.37.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (x86_64): openldap2-debugsource-2.4.46-9.37.1 openldap2-devel-32bit-2.4.46-9.37.1 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (x86_64): openldap2-debugsource-2.4.46-9.37.1 openldap2-devel-32bit-2.4.46-9.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.46-9.37.1 libldap-2_4-2-debuginfo-2.4.46-9.37.1 openldap2-client-2.4.46-9.37.1 openldap2-client-debuginfo-2.4.46-9.37.1 openldap2-debugsource-2.4.46-9.37.1 openldap2-devel-2.4.46-9.37.1 openldap2-devel-static-2.4.46-9.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libldap-2_4-2-32bit-2.4.46-9.37.1 libldap-2_4-2-32bit-debuginfo-2.4.46-9.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): libldap-data-2.4.46-9.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.46-9.37.1 libldap-2_4-2-debuginfo-2.4.46-9.37.1 openldap2-client-2.4.46-9.37.1 openldap2-client-debuginfo-2.4.46-9.37.1 openldap2-debuginfo-2.4.46-9.37.1 openldap2-debugsource-2.4.46-9.37.1 openldap2-devel-2.4.46-9.37.1 openldap2-devel-static-2.4.46-9.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): libldap-data-2.4.46-9.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libldap-2_4-2-32bit-2.4.46-9.37.1 libldap-2_4-2-32bit-debuginfo-2.4.46-9.37.1 References: https://www.suse.com/security/cve/CVE-2020-8027.html https://bugzilla.suse.com/1175568 _______________________________________________ sle-security-updates mailing list
Sep 22, 2020
SuSE
89
security advisoryFedoraupdate informationFedora 29: FEDORA-2019-0cf869d6d6 Critical: Safelease Update
Rebase on upstream version 1.0.1. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-0cf869d6d6 2019-05-28 02:00:25.697818 --------------------------------------------------------------------------------Name : safelease Product : Fedora 29 Version : 1.0.1 Release : 1.fc29 URL : https://www.ovirt.org/develop/developer-guide/vdsm/safelease.html Summary : Legacy locking utility for VDSM Description : Safelease is a legacy cluster lock utility used by VDSM. It is based on the algorithm presented in the article "Light-Weight Leases for Storage-Centric Coordination" by G Chockler and D Malkhi. --------------------------------------------------------------------------------Update Information: Rebase on upstream version 1.0.1 --------------------------------------------------------------------------------ChangeLog: * Fri May 3 2019 Sandro Bonazzola - 1.0.1-1 - Rebase on upstream 1.0.1 - Resolves: BZ#1696313 - Resolves: BZ#1711160 - Resolves: BZ#1329663 * Sat Feb 2 2019 Fedora Release Engineering - 1.0-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1711160 - Upgrade safelease to 1.0.1 https://bugzilla.redhat.com/show_bug.cgi?id=1711160 [ 2 ] Bug #1329663 - [security] safelease tarball hash changed between releases 5 and 7 https://bugzilla.redhat.com/show_bug.cgi?id=1329663 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-0cf869d6d6' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 27, 2019
•Critical
Fedora
100
security advisorybuffer overflowsecurity issuesSUSE 12: Important Security Update for SLE-Module 2016:0428-1 Java Issue
An update that fixes 11 vulnerabilities is now available. An update that fixes 11 vulnerabilities is now available. An update that fixes 11 vulnerabilities is now available.. SUSE Security Update: Security update for java-1_6_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:0428-1 Rating: important References: #960286 #960402 #963937 Cross-References: CVE-2015-5041 CVE-2015-7575 CVE-2015-7981 CVE-2015-8126 CVE-2015-8472 CVE-2015-8540 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 Affected Products: SUSE Linux Enterprise Module for Legacy Software 12 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for java-1_6_0-ibm fixes the following issues by updating to 6.0-16.20 (bsc#963937) - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials - CVE-2015-7981: libpng could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker could exploit this vulnerability to obtain sensitive information - CVE-2015-8126: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8472: buffer overflow in libpng caused by improper bounds checking by the png_set_PLTE() and png_get_PLTE() functions - CVE-2015-8540: libpng isvulnerable to a buffer overflow, caused by a read underflow in png_check_keyword in pngwutil.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. - CVE-2016-0402: An unspecified vulnerability related to the Networking component has no confidentiality impact, partial integrity impact, and no availability impact - CVE-2016-0448: An unspecified vulnerability related to the JMX component could allow a remote attacker to obtain sensitive information - CVE-2016-0466: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service - CVE-2016-0483: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact - CVE-2016-0494: An unspecified vulnerability related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact The following bugs were fixed: - bsc#960402: resolve package conflicts in devel package - bsc#960286: resolve package conflicts in the fonts subpackage Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2016-244=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Legacy Software 12 (s390x x86_64): java-1_6_0-ibm-1.6.0_sr16.20-30.1 java-1_6_0-ibm-fonts-1.6.0_sr16.20-30.1 java-1_6_0-ibm-jdbc-1.6.0_sr16.20-30.1 - SUSE Linux Enterprise Module for Legacy Software 12 (x86_64): java-1_6_0-ibm-plugin-1.6.0_sr16.20-30.1 References: https://www.suse.com/security/cve/CVE-2015-5041.html https://www.suse.com/security/cve/CVE-2015-7575.html https://www.suse.com/security/cve/CVE-2015-7981.html https://www.suse.com/security/cve/CVE-2015-8126.html https://www.suse.com/security/cve/CVE-2015-8472.html https://www.suse.com/security/cve/CVE-2015-8540.html https://www.suse.com/security/cve/CVE-2016-0402.html https://www.suse.com/security/cve/CVE-2016-0448.html https://www.suse.com/security/cve/CVE-2016-0466.html https://www.suse.com/security/cve/CVE-2016-0483.html https://www.suse.com/security/cve/CVE-2016-0494.html https://bugzilla.suse.com/960286 https://bugzilla.suse.com/960402 https://bugzilla.suse.com/963937 . A patch for java-1_6_0-ibm from SUSE addresses 11 severe vulnerabilities. Prompt implementation is urged.. java Security Update,SUSE Security Advisory,Linux Patching,IBM Java Issues. . Severity: Important. LinuxSecurity.com Team
Feb 11, 2016
•Important
SuSE
100
security advisorycriticalcross-site scriptingSUSE: 2015:1044-2 Critical: Cups154 Cross-Site Scripting Issues
An update that fixes three vulnerabilities is now available. An update that fixes three vulnerabilities is now available. An update that fixes three vulnerabilities is now available.. SUSE Security Update: Security update for cups154 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:1044-2 Rating: critical References: #924208 Cross-References: CVE-2012-5519 CVE-2015-1158 CVE-2015-1159 Affected Products: SUSE Linux Enterprise Module for Legacy Software 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: The following issues are fixed by this update: * CVE-2012-5519: privilege escalation via cross-site scripting and bad print job submission used to replace cupsd.conf on server (bsc#924208). * CVE-2015-1158: Improper Update of Reference Count * CVE-2015-1159: Cross-Site Scripting Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2015-265=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Legacy Software 12 (s390x): cups154-1.5.4-9.1 cups154-client-1.5.4-9.1 cups154-client-debuginfo-1.5.4-9.1 cups154-debuginfo-1.5.4-9.1 cups154-debugsource-1.5.4-9.1 cups154-filters-1.5.4-9.1 cups154-filters-debuginfo-1.5.4-9.1 cups154-libs-1.5.4-9.1 cups154-libs-debuginfo-1.5.4-9.1 References: https://www.suse.com/security/cve/CVE-2012-5519.html https://www.suse.com/security/cve/CVE-2015-1158.html https://www.suse.com/security/cve/CVE-2015-1159.html https://bugzilla.suse.com/show_bug.cgi?id=924208 . Important security patch for cups154 resolving various issues in SUSE Linux. System restart necessary for application.. cups154 Update, SUSE Security, Critical Update, Legacy Software Patch, Cross-Site Scripting Fix. . Severity: Critical. LinuxSecurity.com Team
Jun 11, 2015
•Critical
SuSE
100
security advisorysecurity updateimportantSUSE: 2015:0553-1 Important: compat-openssl098 SSL Issues
An update that fixes 8 vulnerabilities is now available. An update that fixes 8 vulnerabilities is now available. An update that fixes 8 vulnerabilities is now available.. SUSE Security Update: Security update for compat-openssl098 ______________________________________________________________________________ Announcement ID: SUSE-SU-2015:0553-1 Rating: important References: #915976 #919648 #920236 #922488 #922496 #922499 #922500 #922501 Cross-References: CVE-2009-5146 CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0292 CVE-2015-0293 Affected Products: SUSE Linux Enterprise Module for Legacy Software 12 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: OpenSSL was updated to fix various security issues. Following security issues were fixed: - CVE-2015-0209: A Use After Free following d2i_ECPrivatekey error was fixed which could lead to crashes for attacker supplied Elliptic Curve keys. This could be exploited over SSL connections with client supplied keys. - CVE-2015-0286: A segmentation fault in ASN1_TYPE_cmp was fixed that could be exploited by attackers when e.g. client authentication is used. This could be exploited over SSL connections. - CVE-2015-0287: A ASN.1 structure reuse memory corruption was fixed. This problem can not be exploited over regular SSL connections, only if specific client programs use specific ASN.1 routines. - CVE-2015-0288: A X509_to_X509_REQ NULL pointer dereference was fixed, which could lead to crashes. This function is not commonly used, and not reachable over SSL methods. - CVE-2015-0289: Several PKCS7 NULL pointer dereferences were fixed, which could lead to crashes of programs using the PKCS7 APIs. The SSL apis do not use those by default. -CVE-2015-0292: Various issues in base64 decoding were fixed, which could lead to crashes with memory corruption, for instance by using attacker supplied PEM data. - CVE-2015-0293: Denial of service via reachable assert in SSLv2 servers, could be used by remote attackers to terminate the server process. Note that this requires SSLv2 being allowed, which is not the default. - CVE-2009-5146: A memory leak in the TLS hostname extension was fixed, which could be used by remote attackers to run SSL services out of memory. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2015-135=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Module for Legacy Software 12 (s390x x86_64): compat-openssl098-debugsource-0.9.8j-73.2 libopenssl0_9_8-0.9.8j-73.2 libopenssl0_9_8-32bit-0.9.8j-73.2 libopenssl0_9_8-debuginfo-0.9.8j-73.2 libopenssl0_9_8-debuginfo-32bit-0.9.8j-73.2 References: https://www.suse.com/security/cve/CVE-2009-5146.html https://www.suse.com/security/cve/CVE-2015-0209.html https://www.suse.com/security/cve/CVE-2015-0286.html https://www.suse.com/security/cve/CVE-2015-0287.html https://www.suse.com/security/cve/CVE-2015-0288.html https://www.suse.com/security/cve/CVE-2015-0289.html https://www.suse.com/security/cve/CVE-2015-0292.html https://www.suse.com/security/cve/CVE-2015-0293.html https://bugzilla.suse.com/show_bug.cgi?id=915976 https://bugzilla.suse.com/show_bug.cgi?id=919648 https://bugzilla.suse.com/show_bug.cgi?id=920236 https://bugzilla.suse.com/show_bug.cgi?id=922488 https://bugzilla.suse.com/show_bug.cgi?id=922496 https://bugzilla.suse.com/show_bug.cgi?id=922499 https://bugzilla.suse.com/show_bug.cgi?id=922500 https://bugzilla.suse.com/show_bug.cgi?id=922501 . SUSE Security Patch for compat-openssl098 addresses 8 vulnerabilities. This is a critical notice for outdated applications on SUSE Linux.. SUSE Security Update, Security Patch, SSL Fix, Legacy Software. . Severity: Important. LinuxSecurity.com Team
Mar 20, 2015
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!