Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
202
security advisorysoftware updatecritical issuesopenSUSE 15.5: 2023:4788-1 Important: Xwayland Memory Threat Fix
This update for xwayland fixes the following issues: CVE-2023-6377: Fixed Out-of-bounds memory write in XKB button actions(bsc#1217765).. # Security update for xwayland Announcement ID: SUSE-SU-2023:4788-1 Rating: important References: * bsc#1217765 * bsc#1217766 Cross-References: * CVE-2023-6377 * CVE-2023-6478 CVSS scores: * CVE-2023-6377 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6478 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for xwayland fixes the following issues: * CVE-2023-6377: Fixed Out-of-bounds memory write in XKB button actions(bsc#1217765). * CVE-2023-6478: Fixed Out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty (bsc#1217766). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4788=1 openSUSE-SLE-15.5-2023-4788=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4788=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * xwayland-debuginfo-22.1.5-150500.7.8.1 * xwayland-debugsource-22.1.5-150500.7.8.1 * xwayland-devel-22.1.5-150500.7.8.1 * xwayland-22.1.5-150500.7.8.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * xwayland-debuginfo-22.1.5-150500.7.8.1 * xwayland-debugsource-22.1.5-150500.7.8.1 * xwayland-22.1.5-150500.7.8.1 ## References: *https://www.suse.com/security/cve/CVE-2023-6377.html * https://www.suse.com/security/cve/CVE-2023-6478.html * https://bugzilla.suse.com/show_bug.cgi?id=1217765 * https://bugzilla.suse.com/show_bug.cgi?id=1217766 . The recent update for xwayland tackles significant security gaps in openSUSE, improving both system safety and reliability.. SUSE Update, Xwayland Security, Memory Issues, Important Fixes, Security Patch. . Severity: Important. LinuxSecurity.com Team
Dec 13, 2023
•Important
OpenSUSE
98
security advisoryimportantRed Hat OpenStackRed Hat OpenStack 17.0 RHSA-2023:1014-01 Important: Etcd CPU Abuse Fix
An update for etcd is now available for Red Hat OpenStack Platform 17.0 (Wallaby). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat OpenStack Platform 17.0 (etcd) security update Advisory ID: RHSA-2023:1014-01 Product: Red Hat OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2023:1014 Issue date: 2023-02-28 CVE Names: CVE-2022-3064 ==================================================================== 1. Summary: An update for etcd is now available for Red Hat OpenStack Platform 17.0 (Wallaby). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 17.0 - x86_64 3. Description: A highly-available key value store for shared configuration Security Fix(es): * Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents (CVE-2022-3064) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2163037 - CVE-2022-3064 go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents 6. Package List: Red Hat OpenStack Platform17.0: Source: etcd-3.4.14-3.el9ost.src.rpm x86_64: etcd-3.4.14-3.el9ost.x86_64.rpm etcd-debuginfo-3.4.14-3.el9ost.x86_64.rpm etcd-debugsource-3.4.14-3.el9ost.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-3064 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY/5H9tzjgjWX9erEAQghrQ/+KbhJ/TNZPgbLL89L/Elf8BHt0TQ8jmF5 dDuKuCaYsimX13+qgYEugSeHkPm7CfWf11pNjKiHe8eqHzyR08FsHCifXfXaIom5 5uukTSkB0YmlGerwk1Tf5tCaGlMfD+KsfRIvjZIuMq/XIJqA3zb7XvoLSuoU1FKE 6EiXupTYv3FAzPdoxN0QoY5bJYUfbXYgeF7ZxtRovjDuD5xbd1Bs9zliSRLu8vhB +QaQ5BKnEsXwUrbocEVIv7cKH2TrLAr2txsNDvoaKoPL4wVJPaDO+7S6RMisnl9l iM3OqXHeK0r9n3ld8kWqr8IpVPZVjLrU4dAD5XbGoJhjydxmIOtfAiSKc4kkyrEs sH3jikYwiTPMNHbih+uu6MZ/DXbW/7jsM0Va09liTFgv2l1FEO1C6L4w3cZldqOZ s+33+xEHyaP5iHC1Ut1Esurw4rZrlnisd5hdWLEVDX1/H7bmxvHrAzRD1xRcrLeY h4T8obTbWWaqvHTUD1dQSSI03v/wUKtRvHWXNZcP4R8euZYX+nLhaagcl+uFAY26 91NDIQoMr5S9ylLUzCPLia7LFSRv5/+i1DZqih+z1D7fyKpO0//yTvRQhbNI0DLt cl8BAqxvWgvH1Kl+197CLXGPRpMrvOtyibd62KUYBRSHn6CcFAJarbCJdCJHSGKR /MZm9dZryu0=FbFk -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Feb 28, 2023
•Important
Red Hat
89
security advisoryfedorakernel updateFedora 32 5.10.12 Critical Memory Threat Advisory FEDORA-2021-6e805a5051
The 5.10.12 stable kernel update contains a number of important fixes across the tree.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-6e805a5051 2021-02-05 01:31:59.053837 --------------------------------------------------------------------------------Name : kernel Product : Fedora 32 Version : 5.10.12 Release : 100.fc32 URL : https://www.kernel.org/ Summary : The Linux kernel Description : The kernel meta package --------------------------------------------------------------------------------Update Information: The 5.10.12 stable kernel update contains a number of important fixes across the tree. --------------------------------------------------------------------------------ChangeLog: * Mon Feb 1 2021 Justin M. Forbes - 5.10.12-100 - Linux v5.10.12 --------------------------------------------------------------------------------References: [ 1 ] Bug #1922249 - CVE-2021-3347 kernel: Use after free via PI futex state https://bugzilla.redhat.com/show_bug.cgi?id=1922249 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-6e805a5051' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Feb 04, 2021
•Critical
Fedora
89
security advisorycriticalsoftware updateFedora 29: FEDORA-2019-32a2bf945e Critical Memory Threat in KMPlayer
- Update to 0.12.0b - Clean up SPEC - Remove patches - Use sed for make Phonon default - Use KF5 instead of KDE4 - Renew URLs - CVE-2019-9133. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-32a2bf945e 2019-09-17 01:29:30.821720 --------------------------------------------------------------------------------Name : kmplayer Product : Fedora 29 Version : 0.12.0b Release : 1.fc29 URL : https://apps.kde.org/kmplayer/ Summary : A simple front-end for MPlayer/FFMpeg/Phonon Description : KMPlayer, a simple front-end for MPlayer/FFMpeg/Phonon. It can play DVD/VCD movies, from file or URL and from a video device. KMPlayer can embed inside Konqueror. Which means if you click on a movie file, the movie is played inside Konqueror. --------------------------------------------------------------------------------Update Information: - Update to 0.12.0b - Clean up SPEC - Remove patches - Use sed for make Phonon default - Use KF5 instead of KDE4 - Renew URLs - CVE-2019-9133 --------------------------------------------------------------------------------ChangeLog: * Sun Sep 8 2019 Mosaab Alzoubi - 0.12.0b-1 - Update to 0.12.0b - Clean up SPEC - Remove patches - Use sed for make Phonon default - Use KF5 instead of KDE4 - Renew URLs * Fri Feb 1 2019 Fedora Release Engineering - 0.11.3c-18 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Fri Jul 13 2018 Fedora Release Engineering - 0.11.3c-17 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Wed Feb 7 2018 Fedora Release Engineering - 0.11.3c-16 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Thu Jan 11 2018 Igor Gnatenko - 0.11.3c-15 - Remove obsolete scriptlets --------------------------------------------------------------------------------References: [ 1 ] Bug #1675234 - kmplayer: FTBFS in Fedora rawhide/f30 https://bugzilla.redhat.com/show_bug.cgi?id=1675234 [ 2 ] Bug #1698370 - CVE-2019-9133 kmplayer: processing subtitles format media leads to memory out-of-bound read/write [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1698370 [ 3 ] Bug #1397875 - update 0.12b https://bugzilla.redhat.com/show_bug.cgi?id=1397875 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-32a2bf945e' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Sep 16, 2019
•Critical
Fedora
202
security advisorymoderate severityopenSUSEopenSUSE Leap 15.0: 2018:2645-1 Moderate: Apache-PDFBox Memory Threat
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for apache-pdfbox ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:2645-1 Rating: moderate References: #1099721 Cross-References: CVE-2018-8036 Affected Products: openSUSE Leap 15.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for apache-pdfbox fixes the following issues: Security issue fixed: - CVE-2018-8036: Fix infinite loop while parsing files that leads to an out of memory issue (bsc#1099721). This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.0: zypper in -t patch openSUSE-2018-975=1 Package List: - openSUSE Leap 15.0 (noarch): apache-pdfbox-1.8.12-lp150.4.3.1 apache-pdfbox-javadoc-1.8.12-lp150.4.3.1 References: https://www.suse.com/security/cve/CVE-2018-8036.html https://bugzilla.suse.com/1099721 -- . Get the current openSUSE security patch for apache-pdfbox that resolves a critical infinite loop memory vulnerability. Take action now!. openSUSE Security Update, Apache PDFBox Fix, Memory Issue Resolution. . LinuxSecurity.com Team
Sep 07, 2018
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!