Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 2 articles for you...
100
security advisorySuSEimportantSUSE FreeRDP Important Heap Overflow Risk Advisory 2026-0417-1
An update that solves eight vulnerabilities can now be installed.. # Security update for freerdp Announcement ID: SUSE-SU-2026:0417-1 Release Date: 2026-02-10T14:14:21Z Rating: important References: * bsc#1256718 * bsc#1256720 * bsc#1256722 * bsc#1256725 * bsc#1256940 * bsc#1256941 * bsc#1256942 * bsc#1256944 Cross-References: * CVE-2026-22852 * CVE-2026-22854 * CVE-2026-22856 * CVE-2026-22859 * CVE-2026-23530 * CVE-2026-23531 * CVE-2026-23532 * CVE-2026-23534 CVSS scores: * CVE-2026-22852 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22852 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-22852 ( NVD ): 6.8 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-22852 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22854 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22854 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-22854 ( NVD ): 6.8 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-22854 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22856 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22856 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-22856 ( NVD ): 6.8 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-22856 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22859 ( SUSE ): 6.1 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-22859 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H * CVE-2026-22859 ( NVD ): 5.6 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-22859 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23530 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23530 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-23530 ( NVD ): 7.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-23530 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23531 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23531 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-23531 ( NVD ): 7.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-23531 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23532 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23532 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-23532 ( NVD ): 7.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-23532 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23534 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23534 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-23534 ( NVD ): 7.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-23534 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves eight vulnerabilities can now be installed. ## Description: This update for freerdp fixes the following issues: * CVE-2026-22852: a malicious RDP server can trigger a heap-buffer-overflow in audin_process_formats (bsc#1256718). * CVE-2026-22854: server-controlled read length is used to read file data into an IRP output can cause heap-buffer-overflow in drive_process_irp_read (bsc#1256720). * CVE-2026-22856: race condition in the serial channel IRP thread tracking can cause heap-use-after-free in create_irp_thread(bsc#1256722). * CVE-2026-22859: improper bound check can lead to heap-buffer-overflow in urb_select_configuration (bsc#1256725). * CVE-2026-23530: improper validation can lead to heap buffer overflow in `planar_decompress_plane_rle` (bsc#1256940). * CVE-2026-23531: improper validation in `clear_decompress` can lead to heap buffer overflow (bsc#1256941). * CVE-2026-23532: mismatch between destination rectangle clamping and the actual copy size can lead to a heap buffer overflow in `gdi_SurfaceToSurface` (bsc#1256942). * CVE-2026-23534: missing checks can lead to heap buffer overflow in `clear_decompress_bands_data` (bsc#1256944). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-417=1openSUSE-SLE-15.6-2026-417=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-417=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * freerdp-server-2.11.2-150600.4.6.1 * libwinpr2-2-debuginfo-2.11.2-150600.4.6.1 * libfreerdp2-2-debuginfo-2.11.2-150600.4.6.1 * libwinpr2-2-2.11.2-150600.4.6.1 * libuwac0-0-debuginfo-2.11.2-150600.4.6.1 * uwac0-0-devel-2.11.2-150600.4.6.1 * winpr-devel-2.11.2-150600.4.6.1 * freerdp-devel-2.11.2-150600.4.6.1 * freerdp-proxy-debuginfo-2.11.2-150600.4.6.1 * freerdp-wayland-debuginfo-2.11.2-150600.4.6.1 * freerdp-2.11.2-150600.4.6.1 * freerdp-proxy-2.11.2-150600.4.6.1 * libfreerdp2-2-2.11.2-150600.4.6.1 * libuwac0-0-2.11.2-150600.4.6.1 * freerdp-debugsource-2.11.2-150600.4.6.1 * freerdp-wayland-2.11.2-150600.4.6.1 * freerdp-server-debuginfo-2.11.2-150600.4.6.1 * freerdp-debuginfo-2.11.2-150600.4.6.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * freerdp-debugsource-2.11.2-150600.4.6.1 * uwac0-0-devel-2.11.2-150600.4.6.1 * freerdp-debuginfo-2.11.2-150600.4.6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-22852.html * https://www.suse.com/security/cve/CVE-2026-22854.html * https://www.suse.com/security/cve/CVE-2026-22856.html * https://www.suse.com/security/cve/CVE-2026-22859.html * https://www.suse.com/security/cve/CVE-2026-23530.html * https://www.suse.com/security/cve/CVE-2026-23531.html * https://www.suse.com/security/cve/CVE-2026-23532.html * https://www.suse.com/security/cve/CVE-2026-23534.html * https://bugzilla.suse.com/show_bug.cgi?id=1256718 * https://bugzilla.suse.com/show_bug.cgi?id=1256720 * https://bugzilla.suse.com/show_bug.cgi?id=1256722 * https://bugzilla.suse.com/show_bug.cgi?id=1256725 * https://bugzilla.suse.com/show_bug.cgi?id=1256940 * https://bugzilla.suse.com/show_bug.cgi?id=1256941 * https://bugzilla.suse.com/show_bug.cgi?id=1256942 *https://bugzilla.suse.com/show_bug.cgi?id=1256944 . Fixes eight vulnerabilities in FreeRDP with importance rating; advises users to implement these security patches swiftly.. freerdp security patch, heap overflow vulnerability, SUSE Update, security fix freerdp. . Severity: Important. LinuxSecurity.com Team
Feb 10, 2026
•Important
SuSE
197
security advisoryDebianDenial of ServiceDebian 11: DLA-3952-1 critical: unbound performance issue
A vulnerability has been discovered in unbound, a validating, recursive, caching DNS resolver. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3952-1
Nov 14, 2024
•Critical
Debian LTS
100
security advisorysoftware updatesecurity fixSUSE: 2021:2971-1 Important Security Fix for Ntfs-3g NTFSProgs
An update that fixes 21 vulnerabilities is now available. . SUSE Security Update: Security update for ntfs-3g_ntfsprogs ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2971-1 Rating: important References: #1189720 Cross-References: CVE-2019-9755 CVE-2021-33285 CVE-2021-33286 CVE-2021-33287 CVE-2021-33289 CVE-2021-35266 CVE-2021-35267 CVE-2021-35268 CVE-2021-35269 CVE-2021-39251 CVE-2021-39252 CVE-2021-39253 CVE-2021-39255 CVE-2021-39256 CVE-2021-39257 CVE-2021-39258 CVE-2021-39259 CVE-2021-39260 CVE-2021-39261 CVE-2021-39262 CVE-2021-39263 CVSS scores: CVE-2019-9755 (NVD) : 7 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-9755 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP2 ______________________________________________________________________________ An update that fixes 21 vulnerabilities is now available. Description: This update for ntfs-3g_ntfsprogs fixes the following issues: Update to version 2021.8.22 (bsc#1189720): * Fixed compile error when building with libfuse < 2.8.0 * Fixed obsolete macros in configure.ac * Signalled support of UTIME_OMIT to external libfuse2 * Fixed an improper macro usage in ntfscp.c * Updated the repository change in the README * Fixed vulnerability threats caused by maliciously tampered NTFS partitions * Security fixes: CVE-2021-33285, CVE-2021-33286, CVE-2021-33287, CVE-2021-33289, CVE-2021-35266, CVE-2021-35267, CVE-2021-35268, CVE-2021-35269, CVE-2021-39251, CVE-2021-39252, CVE-2021-39253, CVE_2021-39254, CVE-2021-39255, CVE-2021-39256, CVE-2021-39257, CVE-2021-39258,CVE-2021-39259, CVE-2021-39260, CVE-2021-39261, CVE-2021-39262, CVE-2021-39263. - Library soversion is now 89 * Changes in version 2017.3.23 * Delegated processing of special reparse points to external plugins * Allowed kernel cacheing by lowntfs-3g when not using Posix ACLs * Enabled fallback to read-only mount when the volume is hibernated * Made a full check for whether an extended attribute is allowed * Moved secaudit and usermap to ntfsprogs (now ntfssecaudit and ntfsusermap) * Enabled encoding broken UTF-16 into broken UTF-8 * Autoconfigured selecting vs * Allowed using the full library API on systems without extended attributes support * Fixed DISABLE_PLUGINS as the condition for not using plugins * Corrected validation of multi sector transfer protected records * Denied creating/removing files from $Extend * Returned the size of locale encoded target as the size of symlinks Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2021-2971=1 - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-2971=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): libntfs-3g-devel-2021.8.22-3.8.1 libntfs-3g87-2021.8.22-3.8.1 libntfs-3g87-debuginfo-2021.8.22-3.8.1 ntfs-3g-2021.8.22-3.8.1 ntfs-3g-debuginfo-2021.8.22-3.8.1 ntfs-3g_ntfsprogs-debuginfo-2021.8.22-3.8.1 ntfs-3g_ntfsprogs-debugsource-2021.8.22-3.8.1 ntfsprogs-2021.8.22-3.8.1 ntfsprogs-debuginfo-2021.8.22-3.8.1 - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): libntfs-3g-devel-2021.8.22-3.8.1 libntfs-3g87-2021.8.22-3.8.1 libntfs-3g87-debuginfo-2021.8.22-3.8.1 ntfs-3g-2021.8.22-3.8.1 ntfs-3g-debuginfo-2021.8.22-3.8.1 ntfs-3g_ntfsprogs-debuginfo-2021.8.22-3.8.1 ntfs-3g_ntfsprogs-debugsource-2021.8.22-3.8.1 ntfsprogs-2021.8.22-3.8.1 ntfsprogs-debuginfo-2021.8.22-3.8.1 References: https://www.suse.com/security/cve/CVE-2019-9755.html https://www.suse.com/security/cve/CVE-2021-33285.html https://www.suse.com/security/cve/CVE-2021-33286.html https://www.suse.com/security/cve/CVE-2021-33287.html https://www.suse.com/security/cve/CVE-2021-33289.html https://www.suse.com/security/cve/CVE-2021-35266.html https://www.suse.com/security/cve/CVE-2021-35267.html https://www.suse.com/security/cve/CVE-2021-35268.html https://www.suse.com/security/cve/CVE-2021-35269.html https://www.suse.com/security/cve/CVE-2021-39251.html https://www.suse.com/security/cve/CVE-2021-39252.html https://www.suse.com/security/cve/CVE-2021-39253.html https://www.suse.com/security/cve/CVE-2021-39255.html https://www.suse.com/security/cve/CVE-2021-39256.html https://www.suse.com/security/cve/CVE-2021-39257.html https://www.suse.com/security/cve/CVE-2021-39258.html https://www.suse.com/security/cve/CVE-2021-39259.html https://www.suse.com/security/cve/CVE-2021-39260.html https://www.suse.com/security/cve/CVE-2021-39261.html https://www.suse.com/security/cve/CVE-2021-39262.html https://www.suse.com/security/cve/CVE-2021-39263.html https://bugzilla.suse.com/1189720 . Crucial SUSE patch for ntfs-3g_ntfsprogs tackles major security flaws and weaknesses present in the application.. SUSE Linux Enterprise, ntfs-3g security, software patch, system update. . Severity: Important. LinuxSecurity.com Team
Sep 07, 2021
•Important
SuSE
200
security advisorycritical issuesoftware updateScientific Linux: SLSA-2021-1350-1 Critical: Thunderbird Security Fix
This update upgrades Thunderbird to version 78.10.0. * Mozilla: Out of bound write due to lazy initialization (CVE-2021-23994) * Mozilla: Use-after-free in Responsive Design Mode (CVE-2021-23995) * Mozilla: More internal network hosts could have been probed by a malicious webpage (CVE-2021-23961) * Mozilla: Secure Lock icon could have been spoofed (CVE-2021-23998) * Mozilla: Blob URLs may h [More...]. Synopsis: Important: thunderbird security update Advisory ID: SLSA-2021:1350-1 Issue Date: 2021-04-26 CVE Numbers: CVE-2021-23994 CVE-2021-23995 CVE-2021-23998 CVE-2021-23961 CVE-2021-23999 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946 CVE-2021-29948 -- This update upgrades Thunderbird to version 78.10.0. Security Fix(es): * Mozilla: Out of bound write due to lazy initialization (CVE-2021-23994) * Mozilla: Use-after-free in Responsive Design Mode (CVE-2021-23995) * Mozilla: More internal network hosts could have been probed by a malicious webpage (CVE-2021-23961) * Mozilla: Secure Lock icon could have been spoofed (CVE-2021-23998) * Mozilla: Blob URLs may have been granted additional privileges (CVE-2021-23999) * Mozilla: Arbitrary FTP command execution on FTP servers using an encoded URL (CVE-2021-24002) * Mozilla: Incorrect size computation in WebAssembly JIT could lead to null-reads (CVE-2021-29945) * Mozilla: Port blocking could be bypassed (CVE-2021-29946) * Mozilla: Race condition when reading from disk while verifying signatures (CVE-2021-29948) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE --- SL7 x86_64 - thunderbird-78.10.0-1.el7_9.x86_64.rpm - thunderbird-debuginfo-78.10.0-1.el7_9.x86_64.rpm -- - Scientific Linux Development Team . The new version of Anemone software includes vital security enhancementsand is now upgraded to version 2.4.5. Advisory ID: SLSA-2021:1450-2. Thunderbird Security Update, Scientific Linux, Mozilla Issues. . Severity: Critical. LinuxSecurity.com Team
Apr 26, 2021
•Critical
Scientific Linux
98
security advisorysecurity updateimportantRedHat: RHSA-2020-3704-01 Critical OpenStack-Nova Soft Reboot Issue
An update for openstack-nova is now available for Red Hat OpenStack Platform 16 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: openstack-nova security update Advisory ID: RHSA-2020:3704-01 Product: Red Hat OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2020:3704 Issue date: 2020-09-10 CVE Names: CVE-2020-17376 ==================================================================== 1. Summary: An update for openstack-nova is now available for Red Hat OpenStack Platform 16 (Train). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 16.0 - noarch 3. Description: OpenStack Compute (nova) launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. Security Fix(es): * Soft reboot after live-migration reverts instance to original source domain XML (CVE-2020-17376) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed(https://bugzilla.redhat.com/): 1869426 - CVE-2020-17376 openstack-nova: Soft reboot after live-migration reverts instance to original source domain XML 6. Package List: Red Hat OpenStack Platform 16.0: Source: openstack-nova-20.1.2-0.20200401205215.28324e6.el8ost.src.rpm noarch: openstack-nova-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm openstack-nova-api-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm openstack-nova-common-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm openstack-nova-compute-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm openstack-nova-conductor-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm openstack-nova-console-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm openstack-nova-migration-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm openstack-nova-novncproxy-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm openstack-nova-scheduler-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm openstack-nova-serialproxy-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm openstack-nova-spicehtml5proxy-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm python3-nova-20.1.2-0.20200401205215.28324e6.el8ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-17376 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBX1m1OtzjgjWX9erEAQg3vw//dmnTYdpD+nDi/hWb3eQV12JsPb0opsHL LIAIixmWSSYCH6MtQcbeYdkeX3LDL2d1D7mDbFF0qRjdH05J45uJkXv8C4UmMjc/ GbOYKmlGZBjoaESEF7EQUTqjNAGa+5CUFmm2j5CKSzBLXsujpuCl5Rk0gke7QK1J BHNTMe7pksywd7R0bPcpnGoeeWGKVQ4VTSFtz8nmf0FgrIT71UCV01DuBhVEFRCx Ywuy5tDSvb4YTA8C+MNmxhRmfV+5WKCOaq7Lb6boceD5z5RS0n2EXjHDXjpYBd1l AOnCyECGI5hiXAhYaMboZ1NvoGlNE8ojhoU5SPwravnx0SN/5KR46IrImCeWiUk0 mNK3EsICb7jPvJ+P54BnInZuujNPUMoTox75XssM2EHKoEiVttPXB0lnUQOx4roG tpnHAjSS4qIrambg5qcNwFzLaHCJZv02GbAJImI79xFkRaq9oylkWaJkqEaKIBd2 WKszo1/4ucRpKpEiIyW/6vc4X9tDpq0XwNX2M0lUoD+KjwlEnRpsRWwEt0LIt13S o5y7OITcp60XXwyk33Vxe/6ljCGeHBlRZBK0n3O+BFHMgDV6LOCIr15IOxHCq+BY VIkKqWp0qCmFgN6xSbXzJlGev7zA999mHZiDQiUKriwW9/Pc1Iy5BXTCSYzs6YoO LlpIbZIM5EE=RQmt -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Sep 10, 2020
•Important
Red Hat
89
security advisoryFedoramalicious attackFedora: 2020-13ae5f7221 Moderate: libetpan Response Injection Risk
A security flaw was found on libetpan which may allow malicious attacker to inject additional responses or mimic whole sessions. This vulnerability is now assined as CVE-2020-15953. This new rpm should fix this issue.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-13ae5f7221 2020-08-19 00:51:10.926437 --------------------------------------------------------------------------------Name : libetpan Product : Fedora 32 Version : 1.9.4 Release : 4.fc32 URL : Summary : Portable, efficient middle-ware for different kinds of mail access Description : The purpose of this mail library is to provide a portable, efficient middle-ware for different kinds of mail access. When using the drivers interface, the interface is the same for all kinds of mail access, remote and local mailboxes. --------------------------------------------------------------------------------Update Information: A security flaw was found on libetpan which may allow malicious attacker to inject additional responses or mimic whole sessions. This vulnerability is now assined as CVE-2020-15953. This new rpm should fix this issue. --------------------------------------------------------------------------------ChangeLog: * Mon Aug 10 2020 Mamoru TASAKA - 1.9.4-4 - Address CVE-2020-15953 (bug 1861068) * Tue Jul 28 2020 Fedora Release Engineering - 1.9.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1861071 - CVE-2020-15953 libetpan: response injection via STARTTLS in IMAP [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1861071 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-13ae5f7221' at the command line. For more information, refer to thednf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Aug 18, 2020
Fedora
89
security advisorydenial of serviceFedoraFedora 31: FEDORA-2020-dd0c20d985 Critical: ClamAV Security Issues
ClamAV 0.102.4 is a bug patch release to address the following issues: CVE-2020-3350 Fixed a vulnerability a malicious user could exploit to replace a scan target's directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (such as a critical system . --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-dd0c20d985 2020-07-28 15:00:49.911952 --------------------------------------------------------------------------------Name : clamav Product : Fedora 31 Version : 0.102.4 Release : 1.fc31 URL : https://www.clamav.net/ Summary : End-user tools for the Clam Antivirus scanner Description : Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. The virus database is based on the virus database from OpenAntiVirus, but contains additional signatures (including signatures for popular polymorphic viruses, too) and is KEPT UP TO DATE. --------------------------------------------------------------------------------Update Information: ClamAV 0.102.4 is a bug patch release to address the following issues: CVE-2020-3350 Fixed a vulnerability a malicious user could exploit to replace a scan target's directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (such as a critical system file). The issue would affect users that use the --move or --remove options for clamscan, clamdscan and clamonacc. For more information about AV quarantine attacks using links, see RACK911 Lab's report . CVE-2020-3327 Fixed avulnerability in the ARJ archive-parsing module in ClamAV 0.102.3 that could cause a denial-of-service (DoS) condition. Improper bounds checking resulted in an out-of-bounds read that could cause a crash. The previous fix for this CVE in version 0.102.3 was incomplete. This fix correctly resolves the issue. CVE-2020-3481 Fixed a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3 that could cause a denial-of-service (DoS) condition. Improper error handling could cause a crash due to a NULL pointer dereference. This vulnerability is mitigated for those using the official ClamAV signature databases because the file type signatures in daily.cvd will not enable the EGG archive parser in affected versions. --------------------------------------------------------------------------------ChangeLog: * Fri Jul 17 2020 Orion Poplawski - 0.102.4-1 - Update to 0.102.4 (bz#1857867,1858262,1858263,1858265,1858266) - Security fixes CVE-2020-3327 CVE-2020-3350 CVE-2020-3481 * Thu May 28 2020 Orion Poplawski - 0.102.3-2 - Update clamd README file (bz#1798369) --------------------------------------------------------------------------------References: [ 1 ] Bug #1858261 - CVE-2020-3350 clamav: malicious user exploit to replace scan target's directory with symlink https://bugzilla.redhat.com/show_bug.cgi?id=1858261 [ 2 ] Bug #1858264 - CVE-2020-3481 clamav: improper error handling causing crash due to NULL pointer dereference https://bugzilla.redhat.com/show_bug.cgi?id=1858264 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-dd0c20d985' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jul 28, 2020
•Critical
Fedora
203
security advisorysecurity updatemalicious attackMageia 7: MGASA-2020-0021 Moderate: MediaWiki Bypass Protection
Updated mediawiki packages fix security vulnerability: MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 . MGASA-2020-0021 - Updated mediawiki packages fix security vulnerability Publication date: 05 Jan 2020 URL: https://advisories.mageia.org/MGASA-2020-0021.html Type: security Affected Mageia releases: 7 CVE: CVE-2019-19709 Updated mediawiki packages fix security vulnerability: MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page (CVE-2019-19709). References: - https://bugs.mageia.org/show_bug.cgi?id=25986 - https://lists.wikimedia.org/hyperkitty/list/
Jan 05, 2020
Mageia
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!