Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
100
security advisorysecurity issueupdateSUSE 15 SP6: 2025:0623-1 critical: Grafana Security Issues Fixed
* bsc#1235206 * bsc#1235574 * bsc#1236559 * bsc#1236734 . # Security update for grafana Announcement ID: SUSE-SU-2025:0623-1 Release Date: 2025-02-21T11:00:15Z Rating: important References: * bsc#1235206 * bsc#1235574 * bsc#1236559 * bsc#1236734 Cross-References: * CVE-2024-11741 * CVE-2024-28180 * CVE-2024-45339 * CVE-2025-21613 CVSS scores: * CVE-2024-11741 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-11741 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2024-11741 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2024-28180 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-28180 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-28180 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-45339 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-45339 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-45339 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2025-21613 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-21613 ( NVD ): 9.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Clear * CVE-2025-21613 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP6 An update that solves four vulnerabilities can now be installed. ## Description: This update for grafana fixes the following issues: grafana was updated from version 10.4.13 to 10.4.15: * Security issues fixed: * CVE-2024-45339: Fixedvulnerability when creating log files (bsc#1236559) * CVE-2024-11741: Fixed the Grafana Alerting VictorOps integration (bsc#1236734) * CVE-2025-21613: Removed vulnerable library github.com/go-git/go-git/v5 (bsc#1235574) * CVE-2024-28180: Fixed improper handling of highly compressed data (bsc#1235206) * Other bugs fixed and changes: * Alerting: Do not fetch Orgs if the user is authenticated by apikey/sa or render key * Added provisioning directories * Use /bin/bash in wrapper scripts ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-623=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-623=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * grafana-debuginfo-10.4.15-150200.3.64.1 * grafana-10.4.15-150200.3.64.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64) * grafana-debuginfo-10.4.15-150200.3.64.1 * grafana-10.4.15-150200.3.64.1 ## References: * https://www.suse.com/security/cve/CVE-2024-11741.html * https://www.suse.com/security/cve/CVE-2024-28180.html * https://www.suse.com/security/cve/CVE-2024-45339.html * https://www.suse.com/security/cve/CVE-2025-21613.html * https://bugzilla.suse.com/show_bug.cgi?id=1235206 * https://bugzilla.suse.com/show_bug.cgi?id=1235574 * https://bugzilla.suse.com/show_bug.cgi?id=1236559 * https://bugzilla.suse.com/show_bug.cgi?id=1236734 . SUSE has released a crucial security notice regarding grafana, detailing updates that fix severe weaknesses found across multiple offerings.. Grafana Patch, SUSE Security, Important Updates, Issue Resolution. . Severity: Important. LinuxSecurity.com Team
Feb 21, 2025
•Important
SuSE
100
security advisorysecurity updateresource agentsSUSE: 2022:2335-1 Moderate: Resource Agents Fix Details
An update that contains security fixes can now be installed. . SUSE Security Update: Security update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2335-1 Rating: moderate References: #1146691 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Performance Computing 12-SP4 SUSE Linux Enterprise High Performance Computing 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for resource-agents fixes the following issues: - Fixed redictable log file in /tmp in mariadb.in (bsc#1146691). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2022-2335=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2022-2335=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): ldirectord-4.3.018.a7fb5035-3.92.1 resource-agents-4.3.018.a7fb5035-3.92.1 resource-agents-debuginfo-4.3.018.a7fb5035-3.92.1 resource-agents-debugsource-4.3.018.a7fb5035-3.92.1 - SUSE Linux Enterprise High Availability 12-SP5 (noarch): monitoring-plugins-metadata-4.3.018.a7fb5035-3.92.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): ldirectord-4.3.018.a7fb5035-3.92.1 resource-agents-4.3.018.a7fb5035-3.92.1 resource-agents-debuginfo-4.3.018.a7fb5035-3.92.1 resource-agents-debugsource-4.3.018.a7fb5035-3.92.1 - SUSE Linux Enterprise High Availability 12-SP4 (noarch): monitoring-plugins-metadata-4.3.018.a7fb5035-3.92.1 References: https://bugzilla.suse.com/1146691 . SUSE Security Update for resource-agents addresses critical vulnerabilities, enhancing agent security. To install, refresh repos and update resource-agents.. SUSE Linux Enterprise, Resource Agents, Security Fix, Installation Instructions. . LinuxSecurity.com Team
Jul 08, 2022
SuSE
200
security advisorylow severityScientific LinuxScientific Linux SL7: SLSA-2019-2137-1 Low: Keycloak-Httpd Security Flaws
keycloak-httpd-client-install: unsafe /tmp log file in --log-file option in keycloak_cli.py (CVE-2017-15111) * keycloak-httpd-client-install: unsafe use of -p/--admin-password on command line (CVE-2017-15112) SL7 x86_64 python2-keycloak-httpd-client-install-0.8-1.el7.noarch.rpm keycloak-httpd-client-install-0.8-1.el7.noarch.rpm noarch keycloak-httpd-client-install-0.8-1.el7.n [More...]. Synopsis: Low: keycloak-httpd-client-install security, bug fix, and Advisory ID: SLSA-2019:2137-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2017-15112 CVE-2017-15111 -- Security Fix(es): * keycloak-httpd-client-install: unsafe /tmp log file in --log-file option in keycloak_cli.py (CVE-2017-15111) * keycloak-httpd-client-install: unsafe use of -p/--admin-password on command line (CVE-2017-15112) -- SL7 x86_64 python2-keycloak-httpd-client-install-0.8-1.el7.noarch.rpm keycloak-httpd-client-install-0.8-1.el7.noarch.rpm noarch keycloak-httpd-client-install-0.8-1.el7.noarch.rpm python2-keycloak-httpd-client-install-0.8-1.el7.noarch.rpm - Scientific Linux Development Team . Minor caution notice for keycloak-httpd-client-install concerning vulnerabilities in SL7.x.. keycloak-httpd-client-install, security flaws, Scientific Linux, command line issues. . Severity: Low. LinuxSecurity.com Team
Aug 26, 2019
•Low
Scientific Linux
98
security advisoryRed Hatlow impactKeycloak-Httpd-Client-Install Security Fix in Red Hat Enterprise Linux 7
An update for keycloak-httpd-client-install is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: keycloak-httpd-client-install security, bug fix, and enhancement update Advisory ID: RHSA-2019:2137-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2137 Issue date: 2019-08-06 CVE Names: CVE-2017-15111 CVE-2017-15112 ==================================================================== 1. Summary: An update for keycloak-httpd-client-install is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch 3. Description: The keycloak-httpd-client-install packages provide various libraries and tools that can automate and simplify the configuration of Apache httpd authentication modules when registering as a Red Hat Single Sign-On (RH-SSO, also called Keycloak) federated Identity Provider (IdP) client. The following packages have been upgraded to a later upstream version: keycloak-httpd-client-install (0.8). (BZ#1673716) Security Fix(es): * keycloak-httpd-client-install: unsafe /tmp log file in --log-file option in keycloak_cli.py (CVE-2017-15111) * keycloak-httpd-client-install: unsafe use of -p/--admin-password on command line (CVE-2017-15112) For more details about the security issue(s), including the impact, aCVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1511623 - CVE-2017-15111 keycloak-httpd-client-install: unsafe /tmp log file in --log-file option in keycloak_cli.py 1511626 - CVE-2017-15112 keycloak-httpd-client-install: unsafe use of -p/--admin-password on command line 1673716 - Rebase k-h-c-i to version 0.8 6. Package List: Red Hat Enterprise Linux Server (v. 7): Source: keycloak-httpd-client-install-0.8-1.el7.src.rpm noarch: keycloak-httpd-client-install-0.8-1.el7.noarch.rpm python2-keycloak-httpd-client-install-0.8-1.el7.noarch.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: keycloak-httpd-client-install-0.8-1.el7.src.rpm noarch: keycloak-httpd-client-install-0.8-1.el7.noarch.rpm python2-keycloak-httpd-client-install-0.8-1.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-15111 https://access.redhat.com/security/cve/CVE-2017-15112 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXUl2t9zjgjWX9erEAQgZSA/+J4nhmOlUCoXb4z1M3q0C/JpsyaTQJGIM gHFjXPAHm2cn0itG9wNij2+r9blnIF2QWAOeJgcI8VfMANJrs9U1NetfzBeprxyy +gJvXUCRd+kS4Obmq28E2DBeMONHxg3XsurxSKl1AlNmhHCN9aga+Pv7OSmYEteC eSrhym1ij9p7WUBCx0GrlefSkrYNHBpgtb19l+16D6DiOjqXvypWllkcLXXyPmyl 94g1zZB6+lR31CyPUn1gbWOXmWm3jVKuIHcqBn7bHv8kQUtMaGGMKFCLTDsuC7r5 LR50ZHUlarxZ5QfwLVJZE4230mM3rXR7oOfEC6qnnEhZGkX1zvahLSeDrdmAMQj5 AI1UVwZSD/qWuHEM9lekvKQ7DB28urpewUk2DdD1QUkOiUhTps2xSFjbJte9uNm+ Wlzbjpi3+U1eM7PL2aiS3YQCUrk/4waRMkCODVi4FzR6L4VrP27aUaMJeAT1/nMz vrAEZ5990M/NipaUcV7SFQs4B81kV8p1vAkcvao5PyzDt57hQyrMqA/FwuGyuWLn U04VeBmzFoG7/RM6L5KM6i6TPVtFjQOAibYTgIlvdlHJJPtEU6xpn87LsRB7s4Wi x6W6BPAybqgr4LtuwbBYQ1mCtNARQh6b9NdfLPVxT8FkMXPXnh5jdcvaGiLsuSBU 41ciNoaa5oM=9jwT -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 06, 2019
•Low
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!