Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
100
security advisorymoderatesecurity fixSUSE: 2024:1007-2 Moderate: Shadow Issues with Password Leak
* bsc#1144060 * bsc#1176006 * bsc#1188307 * bsc#1203823 * bsc#1205502 . # Security update for shadow Announcement ID: SUSE-SU-2024:1007-2 Rating: moderate References: * bsc#1144060 * bsc#1176006 * bsc#1188307 * bsc#1203823 * bsc#1205502 * bsc#1206627 * bsc#1210507 * bsc#1213189 * bsc#1214806 Cross-References: * CVE-2023-29383 * CVE-2023-4641 CVSS scores: * CVE-2023-29383 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-29383 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2023-4641 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-4641 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise Micro 5.5 An update that solves two vulnerabilities and has seven security fixes can now be installed. ## Description: This update for shadow fixes the following issues: * CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). * CVE-2023-4641: Fixed possible password leak during passwd(1) change (bsc#1214806). The following non-security bugs were fixed: * bsc#1176006: Fix chage date miscalculation * bsc#1188307: Fix passwd segfault * bsc#1203823: Remove pam_keyinit from PAM config files * bsc#1213189: Change lock mechanism to file locking to prevent lock files after power interruptions * bsc#1206627: Add --prefix support to passwd, chpasswd and chage * bsc#1205502: useradd audit event user id field cannot be interpretedd ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-1007=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (noarch) * login_defs-4.8.1-150500.3.3.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) *shadow-4.8.1-150500.3.3.1 * shadow-debugsource-4.8.1-150500.3.3.1 * shadow-debuginfo-4.8.1-150500.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-29383.html * https://www.suse.com/security/cve/CVE-2023-4641.html * https://bugzilla.suse.com/show_bug.cgi?id=1144060 * https://bugzilla.suse.com/show_bug.cgi?id=1176006 * https://bugzilla.suse.com/show_bug.cgi?id=1188307 * https://bugzilla.suse.com/show_bug.cgi?id=1203823 * https://bugzilla.suse.com/show_bug.cgi?id=1205502 * https://bugzilla.suse.com/show_bug.cgi?id=1206627 * https://bugzilla.suse.com/show_bug.cgi?id=1210507 * https://bugzilla.suse.com/show_bug.cgi?id=1213189 * https://bugzilla.suse.com/show_bug.cgi?id=1214806 . Apply the most recent SUSE security patch for shadow that addresses two critical vulnerabilities and incorporates necessary corrections.. SUSE Linux Enterprise Micro, Shadow Security Fix, Security Advisory. . LinuxSecurity.com Team
Aug 19, 2024
SuSE
172
security advisoryremote attackupdate instructionsUbuntu 20.04 LTS: USN-4457-1 Critical Software Properties Manipulation
Software Properties could be made to manipulate the display.. =========================================================================Ubuntu Security Notice USN-4457-1 August 12, 2020 software-properties vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Software Properties could be made to manipulate the display. Software Description: - software-properties: manage the repositories that you install software from Details: Jason A. Donenfeld discovered that Software Properties incorrectly filtered certain escape sequences when displaying PPA descriptions. If a user were tricked into adding an arbitrary PPA, a remote attacker could possibly manipulate the screen. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: python3-software-properties 0.98.9.2 software-properties-common 0.98.9.2 Ubuntu 18.04 LTS: python3-software-properties 0.96.24.32.14 software-properties-common 0.96.24.32.14 Ubuntu 16.04 LTS: python-software-properties 0.96.20.10 python3-software-properties 0.96.20.10 software-properties-common 0.96.20.10 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4457-1 CVE-2020-15709 Package Information: https://launchpad.net/ubuntu/+source/software-properties/0.98.9.2 https://launchpad.net/ubuntu/+source/software-properties/0.96.24.32.14 https://launchpad.net/ubuntu/+source/software-properties/0.96.20.10 . Ubuntu Security Alert USN-4458-1 brings attention to a flaw in system-packages across multiple iterations. Apply updates immediately. software properties vulnerability, ubuntu security, update instructions. . Severity: Critical. LinuxSecurity.com Team
Aug 12, 2020
•Critical
Ubuntu
202
security advisorydirectory traversalaccess issueopenSUSE: 2019:0093-1 Important: OpenSSH Directory Traversal Risk
An update that fixes four vulnerabilities is now available.. openSUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:0093-1 Rating: important References: #1121571 #1121816 #1121818 #1121821 Cross-References: CVE-2018-20685 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for openssh fixes the following issues: Security issue fixed: - CVE-2018-20685: Fixed an issue where scp client allows remote SSH servers to bypass intended access restrictions (bsc#1121571) - CVE-2019-6109: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate terminal output via the object name, e.g. by inserting ANSI escape sequences (bsc#1121816) - CVE-2019-6110: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate stderr output, e.g. by inserting ANSI escape sequences (bsc#1121818) - CVE-2019-6111: Fixed an issue where the scp client would allow malicious remote SSH servers to execute directory traversal attacks and overwrite files (bsc#1121821) This update was imported from the SUSE:SLE-12-SP2:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2019-93=1 Package List: - openSUSE Leap 42.3 (i586 x86_64): openssh-7.2p2-29.1 openssh-askpass-gnome-7.2p2-29.1 openssh-askpass-gnome-debuginfo-7.2p2-29.1 openssh-cavs-7.2p2-29.1 openssh-cavs-debuginfo-7.2p2-29.1 openssh-debuginfo-7.2p2-29.1 openssh-debugsource-7.2p2-29.1 openssh-fips-7.2p2-29.1 openssh-helpers-7.2p2-29.1 openssh-helpers-debuginfo-7.2p2-29.1 References: https://www.suse.com/security/cve/CVE-2018-20685.html https://www.suse.com/security/cve/CVE-2019-6109.html https://www.suse.com/security/cve/CVE-2019-6110.html https://www.suse.com/security/cve/CVE-2019-6111.html https://bugzilla.suse.com/1121571 https://bugzilla.suse.com/1121816 https://bugzilla.suse.com/1121818 https://bugzilla.suse.com/1121821 -- . openSUSE Security Update: Security update for openssh ______________________________________________. update, security, fixes, vulnerabilities, opensuse, updat. . Severity: Important. LinuxSecurity.com Team
Jan 29, 2019
•Important
OpenSUSE
100
security advisorycriticalremote accessSUSE: 2019:0126-1 Important: Openssh Remote Access Issues
An update that fixes four vulnerabilities is now available. . SUSE Security Update: Security update for openssh ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:0126-1 Rating: important References: #1121571 #1121816 #1121818 #1121821 Cross-References: CVE-2018-20685 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for openssh fixes the following issues: Security issues fixed: - CVE-2018-20685: Fixed an issue where scp client allows remote SSH servers to bypass intended access restrictions (bsc#1121571) - CVE-2019-6109: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate terminal output via the object name, e.g. by inserting ANSI escape sequences (bsc#1121816) - CVE-2019-6110: Fixed an issue where the scp client would allow malicious remote SSH servers to manipulate stderr output, e.g. by inserting ANSI escape sequences (bsc#1121818) - CVE-2019-6111: Fixed an issue where the scp client would allow malicious remote SSH servers to execute directory traversal attacks and overwrite files (bsc#1121821) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patchSUSE-SLE-Module-Server-Applications-15-2019-126=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-126=1 - SUSE Linux Enterprise Module for Desktop Applications 15: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2019-126=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-126=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): openssh-debuginfo-7.6p1-9.13.1 openssh-debugsource-7.6p1-9.13.1 openssh-fips-7.6p1-9.13.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): openssh-cavs-7.6p1-9.13.1 openssh-cavs-debuginfo-7.6p1-9.13.1 openssh-debuginfo-7.6p1-9.13.1 openssh-debugsource-7.6p1-9.13.1 - SUSE Linux Enterprise Module for Desktop Applications 15 (aarch64 ppc64le s390x x86_64): openssh-askpass-gnome-7.6p1-9.13.1 openssh-askpass-gnome-debuginfo-7.6p1-9.13.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): openssh-7.6p1-9.13.1 openssh-debuginfo-7.6p1-9.13.1 openssh-debugsource-7.6p1-9.13.1 openssh-helpers-7.6p1-9.13.1 openssh-helpers-debuginfo-7.6p1-9.13.1 References: https://www.suse.com/security/cve/CVE-2018-20685.html https://www.suse.com/security/cve/CVE-2019-6109.html https://www.suse.com/security/cve/CVE-2019-6110.html https://www.suse.com/security/cve/CVE-2019-6111.html https://bugzilla.suse.com/1121571 https://bugzilla.suse.com/1121816 https://bugzilla.suse.com/1121818 https://bugzilla.suse.com/1121821 _______________________________________________ sle-security-updates mailing list
Jan 18, 2019
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!