Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 7 articles for you...
100
security advisorySuSEimportantSUSE 5.2 Cockpit Important CPU Memory Issues Vuln SUSE-SU-2026-1232-1
An update that solves two vulnerabilities can now be installed.. # Security update for cockpit Announcement ID: SUSE-SU-2026:1232-1 Release Date: 2026-04-09T10:47:30Z Rating: important References: * bsc#1257836 * bsc#1258641 Cross-References: * CVE-2026-25547 * CVE-2026-26996 CVSS scores: * CVE-2026-25547 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25547 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25547 ( NVD ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26996 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for cockpit fixes the following issues: * CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and may crash a Node.js process (bsc#1257836). * CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string (bsc#1258641). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1232=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1232=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * cockpit-251.3-150300.6.9.1 * cockpit-bridge-251.3-150300.6.9.1 * cockpit-debuginfo-251.3-150300.6.9.1 * cockpit-debugsource-251.3-150300.6.9.1 * cockpit-bridge-debuginfo-251.3-150300.6.9.1 * cockpit-ws-251.3-150300.6.9.1 * cockpit-ws-debuginfo-251.3-150300.6.9.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * cockpit-system-251.3-150300.6.9.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * cockpit-251.3-150300.6.9.1 * cockpit-bridge-251.3-150300.6.9.1 * cockpit-debuginfo-251.3-150300.6.9.1 * cockpit-debugsource-251.3-150300.6.9.1 * cockpit-bridge-debuginfo-251.3-150300.6.9.1 * cockpit-ws-251.3-150300.6.9.1 * cockpit-ws-debuginfo-251.3-150300.6.9.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * cockpit-system-251.3-150300.6.9.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25547.html * https://www.suse.com/security/cve/CVE-2026-26996.html * https://bugzilla.suse.com/show_bug.cgi?id=1257836 * https://bugzilla.suse.com/show_bug.cgi?id=1258641 . Important update for SUSE addressing critical issues in Cockpit that could lead to CPU and memory consumption.. SUSE Security Update, Cockpit Vulnerability, Node.js Issues. . Severity: Important. LinuxSecurity.com Team
Apr 09, 2026
•Important
SuSE
197
security advisorydebianimportantDebian 11: Curl Important Memory Crash Issue DLA-4432-1 CVE-2025-9086
A vulnerability was found in Curl, an easy-to-use client-side URL transfer library and command line tool. It can cause a crash or potentially a memory out of bounds read. For Debian 11 bullseye, this problem has been fixed in version 7.74.0-1.3+deb11u16.. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4432-1
Jan 04, 2026
•Important
Debian LTS
100
security advisorymoderateSuSESUSE: Librsvg Moderate Security Update OOM Crash CVE-2024-12224 2025:4411-1
An update that solves two vulnerabilities can now be installed.. # Security update for librsvg Announcement ID: SUSE-SU-2025:4411-1 Release Date: 2025-12-16T11:35:36Z Rating: moderate References: * bsc#1229950 * bsc#1243867 Cross-References: * CVE-2024-12224 * CVE-2024-43806 CVSS scores: * CVE-2024-12224 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-12224 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2024-12224 ( NVD ): 5.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-43806 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves two vulnerabilities can now be installed. ## Description: This update for librsvg fixes the following issues: Update to version 2.52.12. * CVE-2024-12224: idna: incorrect hostname comparisons and URL parsing may be performed due to acceptance of Punycode labels that do not produce any non- ASCII output when decoded (bsc#1243867). * CVE-2024-43806: rustix: unbounded memory explosion leading to an application OOM crash when using the `rustix::fs::Dir` iterator with the `linux_raw` backend (bsc#1229950). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-4411=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-4411=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patchSUSE-SLE-Micro-5.3-2025-4411=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-4411=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-4411=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2025-4411=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * librsvg-debugsource-2.52.12-150400.3.9.1 * gdk-pixbuf-loader-rsvg-debuginfo-2.52.12-150400.3.9.1 * librsvg-2-2-debuginfo-2.52.12-150400.3.9.1 * librsvg-2-2-2.52.12-150400.3.9.1 * typelib-1_0-Rsvg-2_0-2.52.12-150400.3.9.1 * rsvg-convert-2.52.12-150400.3.9.1 * gdk-pixbuf-loader-rsvg-2.52.12-150400.3.9.1 * librsvg-devel-2.52.12-150400.3.9.1 * openSUSE Leap 15.4 (x86_64) * gdk-pixbuf-loader-rsvg-32bit-debuginfo-2.52.12-150400.3.9.1 * gdk-pixbuf-loader-rsvg-32bit-2.52.12-150400.3.9.1 * librsvg-2-2-32bit-2.52.12-150400.3.9.1 * librsvg-2-2-32bit-debuginfo-2.52.12-150400.3.9.1 * openSUSE Leap 15.4 (noarch) * rsvg-thumbnailer-2.52.12-150400.3.9.1 * openSUSE Leap 15.4 (aarch64_ilp32) * librsvg-2-2-64bit-debuginfo-2.52.12-150400.3.9.1 * gdk-pixbuf-loader-rsvg-64bit-2.52.12-150400.3.9.1 * librsvg-2-2-64bit-2.52.12-150400.3.9.1 * gdk-pixbuf-loader-rsvg-64bit-debuginfo-2.52.12-150400.3.9.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * librsvg-debugsource-2.52.12-150400.3.9.1 * gdk-pixbuf-loader-rsvg-debuginfo-2.52.12-150400.3.9.1 * librsvg-2-2-debuginfo-2.52.12-150400.3.9.1 * librsvg-2-2-2.52.12-150400.3.9.1 * gdk-pixbuf-loader-rsvg-2.52.12-150400.3.9.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * librsvg-debugsource-2.52.12-150400.3.9.1 * gdk-pixbuf-loader-rsvg-debuginfo-2.52.12-150400.3.9.1 * librsvg-2-2-debuginfo-2.52.12-150400.3.9.1 * librsvg-2-2-2.52.12-150400.3.9.1 * gdk-pixbuf-loader-rsvg-2.52.12-150400.3.9.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390xx86_64) * librsvg-debugsource-2.52.12-150400.3.9.1 * gdk-pixbuf-loader-rsvg-debuginfo-2.52.12-150400.3.9.1 * librsvg-2-2-debuginfo-2.52.12-150400.3.9.1 * librsvg-2-2-2.52.12-150400.3.9.1 * gdk-pixbuf-loader-rsvg-2.52.12-150400.3.9.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * librsvg-debugsource-2.52.12-150400.3.9.1 * gdk-pixbuf-loader-rsvg-debuginfo-2.52.12-150400.3.9.1 * librsvg-2-2-debuginfo-2.52.12-150400.3.9.1 * librsvg-2-2-2.52.12-150400.3.9.1 * gdk-pixbuf-loader-rsvg-2.52.12-150400.3.9.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * librsvg-debugsource-2.52.12-150400.3.9.1 * gdk-pixbuf-loader-rsvg-debuginfo-2.52.12-150400.3.9.1 * librsvg-2-2-debuginfo-2.52.12-150400.3.9.1 * librsvg-2-2-2.52.12-150400.3.9.1 * gdk-pixbuf-loader-rsvg-2.52.12-150400.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2024-12224.html * https://www.suse.com/security/cve/CVE-2024-43806.html * https://bugzilla.suse.com/show_bug.cgi?id=1229950 * https://bugzilla.suse.com/show_bug.cgi?id=1243867 . This update resolves two vulnerabilities in librsvg to prevent memory issues and incorrect hostname handling for better security.. librsvg update,SUSE security,moderate vulnerabilities,memory explosion. . LinuxSecurity.com Team
Dec 16, 2025
SuSE
172
security advisorymoderatecode executionUbuntu 14.04 ESM USN-5638-4 Moderate Expat Code Execution Threat
Expat could be made to crash or execute arbitrary code.. =========================================================================Ubuntu Security Notice USN-5638-4 February 28, 2023 expat vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM Summary: Expat could be made to crash or execute arbitrary code. Software Description: - expat: XML parsing C library Details: USN-5638-1 fixed several vulnerabilities in Expat. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Rhodri James discovered that Expat incorrectly handled memory when processing certain malformed XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: expat 2.1.0-4ubuntu1.4+esm7 libexpat1 2.1.0-4ubuntu1.4+esm7 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5638-4 https://ubuntu.com/security/notices/USN-5638-1 CVE-2022-40674, CVE-2022-43680 . Security flaws in Ubuntu 14.04 ESM expose expats to risks necessitating patches to avert system failures or unauthorized code execution.. Expat Vulnerabilities, Ubuntu Security Notice, Code Execution. . LinuxSecurity.com Team
Feb 28, 2023
Ubuntu
100
security advisorysusemoderate riskSUSE 2023:5147-1 Moderate Dbus-2 Memory Leak and Service Disruption Issue
An update that solves three vulnerabilities and has one errata is now available. . SUSE Security Update: Security update for dbus-1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4295-1 Rating: moderate References: #1087072 #1204111 #1204112 #1204113 Cross-References: CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVSS scores: CVE-2022-42010 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42010 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-42011 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42011 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2022-42012 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42012 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed a potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed use-after-free and possible memory corruption via a message in non-native endianness with out-of-band Unix file descriptors (bsc#1204113). - Disable assertions to prevent unexpected DDoS attacks (bsc#1087072). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: Toinstall this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4295=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4295=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): dbus-1-debugsource-1.8.22-38.1 dbus-1-devel-1.8.22-38.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): dbus-1-devel-doc-1.8.22-38.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): dbus-1-1.8.22-38.1 dbus-1-debuginfo-1.8.22-38.1 dbus-1-debugsource-1.8.22-38.1 dbus-1-x11-1.8.22-38.1 dbus-1-x11-debuginfo-1.8.22-38.1 dbus-1-x11-debugsource-1.8.22-38.1 libdbus-1-3-1.8.22-38.1 libdbus-1-3-debuginfo-1.8.22-38.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libdbus-1-3-32bit-1.8.22-38.1 libdbus-1-3-debuginfo-32bit-1.8.22-38.1 References: https://www.suse.com/security/cve/CVE-2022-42010.html https://www.suse.com/security/cve/CVE-2022-42011.html https://www.suse.com/security/cve/CVE-2022-42012.html https://bugzilla.suse.com/1087072 https://bugzilla.suse.com/1204111 https://bugzilla.suse.com/1204112 https://bugzilla.suse.com/1204113 . SUSE Security Advisory for dbus-1 tackles several concerns with moderate evaluations on reliability.. dbus Security Update, SUSE Fix, Moderate Threat. . Severity: Important. LinuxSecurity.com Team
Nov 29, 2022
•Important
SuSE
89
security advisorycriticalsoftware updateFedora 36 UnrealIRCd Update FEDORA-2022-c51b3a7f19 Critical DoS Issue
# UnrealIRCd 6.0.3 A number of serious issues were discovered in UnrealIRCd 6. Among these is an issue which will likely crash the IRCd sooner or later if you `/REHASH` with any active clients connected. ## Fixes * Crash in `WATCH` if the IRCd has been rehashed at least once. After doing a `REHASH` with active clients it will likely corrupt memory. It may take several days until after the. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-c51b3a7f19 2022-05-07 04:08:14.310175 --------------------------------------------------------------------------------Name : unrealircd Product : Fedora 36 Version : 6.0.3 Release : 1.fc36 URL : https://www.unrealircd.org/ Summary : Open Source IRC server Description : UnrealIRCd is an Open Source IRC server based on the branch of IRCu called Dreamforge, formerly used by the DALnet IRC network. Since the beginning of development on UnrealIRCd in May of 1999, it has become a highly advanced IRCd with a strong focus on modularity, an advanced and highly configurable configuration file. Key features include SSL/TLS, cloaking, advanced anti-flood and anti-spam systems, swear filtering and module support. --------------------------------------------------------------------------------Update Information: # UnrealIRCd 6.0.3 A number of serious issues were discovered in UnrealIRCd 6. Among these is an issue which will likely crash the IRCd sooner or later if you `/REHASH` with any active clients connected. ## Fixes * Crash in `WATCH` if the IRCd has been rehashed at least once. After doing a `REHASH` with active clients it will likely corrupt memory. It may take several days until after the rehash for the crash to occur, or even weeks/months on smaller networks (accidental triggering, that is). * A `REHASH` with certain remote includes setups could cause a crash or other weird and confusing problems such as complaining about unable to open anipv6-database or missing snomask configuration. This only affected some people with remote includes, not all. * Potential out-of-bounds write in sending code. In practice it seems harmless on most servers but this cannot be 100% guaranteed. * Unlikely triggered log message would log uninitialized stack data to the log file or send it to ircops. * Channel ops could not remove halfops from a user (`-h`). * After using the `RESTART` command (not recommended) the new IRCd was often no longer writing to log files. * Fix compile problem if you choose to use cURL remote includes but don't have cURL on the system and ask UnrealIRCd to compile cURL. ## Enhancements * The default text log format on disk changed. It now includes the server name where the event was generated. Without this, it was sometimes difficult to trace problems, since previously it sometimes looked like there was a problem on your server when it was actually another server on the network. * Old log format: `[DATE TIME] subsystem.EVENT_ID loglevel: ........` * New log format: `[DATE TIME] servername subsystem.EVENT_ID loglevel: ........` ## Changes * Any MOTD lines added by services via [`SVSMOTD`](https://www.unrealircd.org/docs/MOTD_and_Rules) are now shown at the end of the MOTD-on-connect (unless using a shortmotd). Previously the lines were only shown if you manually ran the MOTD command. ## Protocol * `LIST C
May 07, 2022
•Critical
Fedora
172
security advisorydenial of servicecriticalUbuntu 21.10, 20.04, 18.04: USN-5333-1 Critical Apache Issue
Several security issues were fixed in Apache HTTP Server.. =========================================================================Ubuntu Security Notice USN-5333-1 March 17, 2022 apache2 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in Apache HTTP Server. Software Description: - apache2: Apache HTTP server Details: Chamal De Silva discovered that the Apache HTTP Server mod_lua module incorrectly handled certain crafted request bodies. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2022-22719) James Kettle discovered that the Apache HTTP Server incorrectly closed inbound connection when certain errors are encountered. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. (CVE-2022-22720) It was discovered that the Apache HTTP Server incorrectly handled large LimitXMLRequestBody settings on certain platforms. In certain configurations, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-22721) Ronald Crane discovered that the Apache HTTP Server mod_sed module incorrectly handled memory. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-23943) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: apache2 2.4.48-3.1ubuntu3.3 apache2-bin 2.4.48-3.1ubuntu3.3 Ubuntu 20.04 LTS: apache2 2.4.41-4ubuntu3.10 apache2-bin 2.4.41-4ubuntu3.10 Ubuntu 18.04 LTS: apache2 2.4.29-1ubuntu4.22 apache2-bin 2.4.29-1ubuntu4.22 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5333-1 CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-23943 Package Information: https://launchpad.net/ubuntu/+source/apache2/2.4.48-3.1ubuntu3.3 https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.10 https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.22 . Ubuntu has addressed various security vulnerabilities in the Apache HTTP Server through several updates, providing enhanced safeguarding.. Apache Security Issues, Ubuntu OS Update, Server Threats, Denial Of Service. . Severity: Critical. LinuxSecurity.com Team
Mar 17, 2022
•Critical
Ubuntu
202
security advisorysoftware updateimportantopenSUSE Leap 15.2: 2021:0950-1 Important Go1.15 Memory Issue
An update that solves four vulnerabilities and has one errata is now available. . openSUSE Security Update: Security update for go1.15 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:0950-1 Rating: important References: #1175132 #1186622 #1187443 #1187444 #1187445 Cross-References: CVE-2021-33195 CVE-2021-33196 CVE-2021-33197 CVE-2021-33198 CVSS scores: CVE-2021-33195 (SUSE): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N CVE-2021-33196 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-33197 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-33198 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for go1.15 fixes the following issues: Update to 1.15.13. Includes these security fixes - CVE-2021-33195: net: Lookup functions may return invalid host names (bsc#1187443). - CVE-2021-33196: archive/zip: malformed archive may cause panic or memory exhaustion (bsc#1186622). - CVE-2021-33197: net/http/httputil: ReverseProxy forwards Connection headers if first one is empty (bsc#1187444) - CVE-2021-33198: math/big: (*Rat).SetString with "1.770p02041010010011001001" crashes with "makeslice: len out of range" (bsc#1187445). This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patchopenSUSE-2021-950=1 Package List: - openSUSE Leap 15.2 (x86_64): go1.15-1.15.13-lp152.20.1 go1.15-doc-1.15.13-lp152.20.1 go1.15-race-1.15.13-lp152.20.1 References: https://www.suse.com/security/cve/CVE-2021-33195.html https://www.suse.com/security/cve/CVE-2021-33196.html https://www.suse.com/security/cve/CVE-2021-33197.html https://www.suse.com/security/cve/CVE-2021-33198.html https://bugzilla.suse.com/1175132 https://bugzilla.suse.com/1186622 https://bugzilla.suse.com/1187443 https://bugzilla.suse.com/1187444 https://bugzilla.suse.com/1187445 . Fedora has released a critical security patch for go1.15, tackling various vulnerabilities and including guidance for applying the updates.. OpenSUSE Update, Go Security Fix, Important Go Patches. . Severity: Important. LinuxSecurity.com Team
Jul 01, 2021
•Important
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!