Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 0 articles for you...
100
security advisorysecurity patchlow severitySUSE: 2024:2290-1 Security Advisory for libxml2 Buffer Over-Read Risk
* bsc#1224282 Cross-References: * CVE-2024-34459 . # Security update for libxml2 Announcement ID: SUSE-SU-2024:2290-1 Rating: low References: * bsc#1224282 Cross-References: * CVE-2024-34459 CVSS scores: * CVE-2024-34459 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Products: * Basesystem Module 15-SP5 * Basesystem Module 15-SP6 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * Python 3 Module 15-SP5 * Python 3 Module 15-SP6 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for libxml2 fixes the following issues: * CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-2290=1 SUSE-2024-2290=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-2290=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-2290=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-2290=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-2290=1 * Python 3 Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Python3-15-SP5-2024-2290=1 * Python 3 Module 15-SP6 zypper in -t patchSUSE-SLE-Module-Python3-15-SP6-2024-2290=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libxml2-2-debuginfo-2.10.3-150500.5.17.1 * libxml2-tools-2.10.3-150500.5.17.1 * python3-libxml2-debuginfo-2.10.3-150500.5.17.1 * libxml2-2-2.10.3-150500.5.17.1 * python3-libxml2-2.10.3-150500.5.17.1 * libxml2-python-debugsource-2.10.3-150500.5.17.1 * python311-libxml2-2.10.3-150500.5.17.1 * libxml2-devel-2.10.3-150500.5.17.1 * libxml2-tools-debuginfo-2.10.3-150500.5.17.1 * libxml2-debugsource-2.10.3-150500.5.17.1 * python311-libxml2-debuginfo-2.10.3-150500.5.17.1 * openSUSE Leap 15.5 (x86_64) * libxml2-devel-32bit-2.10.3-150500.5.17.1 * libxml2-2-32bit-debuginfo-2.10.3-150500.5.17.1 * libxml2-2-32bit-2.10.3-150500.5.17.1 * openSUSE Leap 15.5 (noarch) * libxml2-doc-2.10.3-150500.5.17.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libxml2-2-64bit-2.10.3-150500.5.17.1 * libxml2-devel-64bit-2.10.3-150500.5.17.1 * libxml2-2-64bit-debuginfo-2.10.3-150500.5.17.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * libxml2-2-debuginfo-2.10.3-150500.5.17.1 * libxml2-tools-2.10.3-150500.5.17.1 * python3-libxml2-debuginfo-2.10.3-150500.5.17.1 * libxml2-2-2.10.3-150500.5.17.1 * python3-libxml2-2.10.3-150500.5.17.1 * libxml2-python-debugsource-2.10.3-150500.5.17.1 * python311-libxml2-2.10.3-150500.5.17.1 * libxml2-devel-2.10.3-150500.5.17.1 * libxml2-tools-debuginfo-2.10.3-150500.5.17.1 * libxml2-debugsource-2.10.3-150500.5.17.1 * python311-libxml2-debuginfo-2.10.3-150500.5.17.1 * openSUSE Leap 15.6 (x86_64) * libxml2-devel-32bit-2.10.3-150500.5.17.1 * libxml2-2-32bit-debuginfo-2.10.3-150500.5.17.1 * libxml2-2-32bit-2.10.3-150500.5.17.1 * openSUSE Leap 15.6 (noarch) * libxml2-doc-2.10.3-150500.5.17.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libxml2-2-debuginfo-2.10.3-150500.5.17.1 * libxml2-tools-2.10.3-150500.5.17.1 *python3-libxml2-debuginfo-2.10.3-150500.5.17.1 * libxml2-2-2.10.3-150500.5.17.1 * python3-libxml2-2.10.3-150500.5.17.1 * libxml2-python-debugsource-2.10.3-150500.5.17.1 * libxml2-tools-debuginfo-2.10.3-150500.5.17.1 * libxml2-debugsource-2.10.3-150500.5.17.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libxml2-2-debuginfo-2.10.3-150500.5.17.1 * libxml2-tools-2.10.3-150500.5.17.1 * python3-libxml2-debuginfo-2.10.3-150500.5.17.1 * libxml2-2-2.10.3-150500.5.17.1 * python3-libxml2-2.10.3-150500.5.17.1 * libxml2-python-debugsource-2.10.3-150500.5.17.1 * libxml2-devel-2.10.3-150500.5.17.1 * libxml2-tools-debuginfo-2.10.3-150500.5.17.1 * libxml2-debugsource-2.10.3-150500.5.17.1 * Basesystem Module 15-SP5 (x86_64) * libxml2-2-32bit-debuginfo-2.10.3-150500.5.17.1 * libxml2-2-32bit-2.10.3-150500.5.17.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libxml2-2-debuginfo-2.10.3-150500.5.17.1 * libxml2-tools-2.10.3-150500.5.17.1 * python3-libxml2-debuginfo-2.10.3-150500.5.17.1 * libxml2-2-2.10.3-150500.5.17.1 * python3-libxml2-2.10.3-150500.5.17.1 * libxml2-python-debugsource-2.10.3-150500.5.17.1 * libxml2-devel-2.10.3-150500.5.17.1 * libxml2-tools-debuginfo-2.10.3-150500.5.17.1 * libxml2-debugsource-2.10.3-150500.5.17.1 * Basesystem Module 15-SP6 (x86_64) * libxml2-2-32bit-debuginfo-2.10.3-150500.5.17.1 * libxml2-2-32bit-2.10.3-150500.5.17.1 * Python 3 Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python311-libxml2-debuginfo-2.10.3-150500.5.17.1 * python311-libxml2-2.10.3-150500.5.17.1 * Python 3 Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libxml2-python-debugsource-2.10.3-150500.5.17.1 * python311-libxml2-debuginfo-2.10.3-150500.5.17.1 * python311-libxml2-2.10.3-150500.5.17.1 ## References: * https://www.suse.com/security/cve/CVE-2024-34459.html * https://bugzilla.suse.com/show_bug.cgi?id=1224282 . The recent security update from SUSE tackles aminor vulnerability found in libxml2. Applying the newest patch will strengthen the overall security of the system.. libxml2 Updates, SUSE Security, Buffer Over Read, Patch Instructions. . Severity: Low. LinuxSecurity.com Team
Jul 03, 2024
•Low
SuSE
100
security advisorysecurity fiximportantSUSE: 2023:3774-1 Important: Security Fixes for SUSE/SLE15
The container suse/sle15 was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3774-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.843 Container Release : 6.2.843 Severity : important Type : security References : 1206480 1206684 1210557 1211427 1212101 1213915 1214052 1214460 1215427 1216129 1216664 CVE-2023-4039 CVE-2023-45322 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) -Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlibto version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4464-1 Released: Thu Nov 16 17:56:12 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). The following package changes have been done: - libgcc_s1-13.2.1+git7813-150000.1.6.1 updated - libstdc++6-13.2.1+git7813-150000.1.6.1 updated - libxml2-2-2.9.7-150000.3.63.1 updated . SUSE Container Patch Notice for suse/sle15 encompasses essential security enhancements and updates addressing significant vulnerabilities.. SUSE Container, Security Update, SUSE Linux, Patch Management, Software Security. . Severity: Important. LinuxSecurity.com Team
Nov 19, 2023
•Important
SuSE
100
security advisorySUSEcontainer updateSUSE: 2023:1549-1 Moderate: Rancher/Seedimage-Builder Container Security
The container rancher/seedimage-builder/5.3 was updated. The following patches have been included in this update:. SUSE Container Update Advisory: rancher/seedimage-builder/5.3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1549-1 Container Tags : rancher/seedimage-builder/5.3:1.2.2 , rancher/seedimage-builder/5.3:1.2.2-2.2.18 , rancher/seedimage-builder/5.3:latest Container Release : 2.2.18 Severity : moderate Type : security References : 1206513 1209713 1209714 1209918 1210135 1210411 1210412 1210434 1210507 CVE-2023-24593 CVE-2023-25180 CVE-2023-28484 CVE-2023-29383 CVE-2023-29469 CVE-2023-29491 ----------------------------------------------------------------- The container rancher/seedimage-builder/5.3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2060-1 Released: Thu Apr 27 17:04:25 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of servicecaused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) The following package changes have been done: - libz1-1.2.11-150000.3.42.1 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - libglib-2_0-0-2.70.5-150400.3.8.1 updated - libxml2-2-2.9.14-150400.5.16.1 updated - login_defs-4.8.1-150400.10.6.1 updated - shadow-4.8.1-150400.10.6.1 updated - container:sles15-image-15.0.0-27.14.60 updated . SUSE's latest update for rancher/seedimage-builder/5.3 enhances security and optimizes performance, addressing vulnerabilities to safeguard systems and improve reliability. SUSE Updates, Rancher Security, Container Fixes, Libxml2 Issues, Glib2 Vulnerabilities. .LinuxSecurity.com Team
May 12, 2023
SuSE
100
security advisorymoderate severitysuseSUSE: 2023:1337-1 Moderate: glib2 and libxml2 Security Update
The container suse/sle15 was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1337-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.55 , suse/sle15:15.4 , suse/sle15:15.4.27.14.55 Container Release : 27.14.55 Severity : moderate Type : security References : 1209713 1209714 1209918 1210135 1210411 1210412 CVE-2023-24593 CVE-2023-25180 CVE-2023-28484 CVE-2023-29469 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2060-1 Released: Thu Apr 27 17:04:25 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135,glgo#GNOME/glib!2978). The following package changes have been done: - libglib-2_0-0-2.70.5-150400.3.8.1 updated - libxml2-2-2.9.14-150400.5.16.1 updated . Updates for the SUSE container suse/sle15 have been released, focusing on vulnerabilities found in glib2 and libxml2, categorized with moderate severity.. SUSE Container Update, Security Patches, SUSE Security Advisory. . LinuxSecurity.com Team
Apr 28, 2023
SuSE
100
security advisorymoderate severitysuseSUSE: 2023:1316-1 Moderate: Bci/Dotnet-Runtime Security Update Overview
The container bci/dotnet-runtime was updated. The following patches have been included in this update:. SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1316-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-11.14 , bci/dotnet-runtime:7.0.5 , bci/dotnet-runtime:7.0.5-11.14 , bci/dotnet-runtime:latest Container Release : 11.14 Severity : moderate Type : security References : 1209918 1210411 1210412 CVE-2023-28484 CVE-2023-29469 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). The following package changes have been done: - libxml2-2-2.9.14-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.55 updated . SUSE has issued a crucial security update for the bci/dotnet-runtime package, addressing several vulnerabilities classified as high risk for system integrity and availability. SUSE Container Update,DotNet Runtime,Security Patches. . LinuxSecurity.com Team
Apr 28, 2023
SuSE
100
security advisorysecurity issuemoderate severitySUSE: 2023:1313-1 Moderate: bci/dotnet-sdk Security Update Overview
The container bci/dotnet-sdk was updated. The following patches have been included in this update:. SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1313-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-33.14 , bci/dotnet-sdk:6.0.16 , bci/dotnet-sdk:6.0.16-33.14 Container Release : 33.14 Severity : moderate Type : security References : 1209918 1210411 1210412 CVE-2023-28484 CVE-2023-29469 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). The following package changes have been done: - libxml2-2-2.9.14-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.55 updated . Recent developments for bci/dotnet-sdk feature essential security fixes targeting identified risks. Maintain your safety with SUSE!. dotnet-sdk update, container security, SUSE patch, libxml2 fixes. . LinuxSecurity.com Team
Apr 28, 2023
SuSE
100
security advisorymoderate severitycontainer updateSUSE: 2023:1310-1 Moderate: libxml2 Security Update in suse/389-ds
The container suse/389-ds was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1310-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-21.18 , suse/389-ds:latest Container Release : 21.18 Severity : moderate Type : security References : 1209918 1210411 1210412 CVE-2023-28484 CVE-2023-29469 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). The following package changes have been done: - libxml2-2-2.9.14-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.55 updated . SUSE has released a security advisory on container security, highlighting moderate severity patches for the 389 Directory Server (389-ds) to boost security and compliance. suse container, 389-ds update, security patch, libxml2 fix, container security advisory. . LinuxSecurity.com Team
Apr 28, 2023
SuSE
100
security advisorysecurity updateimportantSUSE: 2022:1665-1 Important: bci/nodejs Security Update Advisory
The container bci/nodejs was updated. The following patches have been included in this update:. SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1665-1 Container Tags : bci/node:16 , bci/node:16-8.23 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-8.23 , bci/nodejs:latest Container Release : 8.23 Severity : important Type : security References : 1196490 1199132 1201431 CVE-2022-23308 CVE-2022-29187 CVE-2022-29824 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2550-1 Released: Tue Jul 26 14:00:21 2022 Summary: Security update for git Type: security Severity: important References: 1201431,CVE-2022-29187 This update for git fixes the following issues: - CVE-2022-29187: Incomplete fix for CVE-2022-24765: potential command injection via git worktree (bsc#1201431). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2552-1 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) The following package changes have been done: - libxml2-2-2.9.14-150400.5.7.1 updated - git-core-2.35.3-150300.10.15.1 updated - container:sles15-image-15.0.0-27.11.5 updated . The SUSE Container Update Advisory highlights important security updates for the bci/nodejs package,providing critical patches for vulnerabilities in git and libxml2, ensuring security.. bci/nodejs Security Update, Important Patches, Container Advisory. . Severity: Important. LinuxSecurity.com Team
Jul 27, 2022
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!