Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
202
security advisorymoderate severitysecurity patchopenSUSE: 2023:0374-1 Moderate: yt-dlp MitM Threat Patch
An update that fixes two vulnerabilities is now available. . openSUSE Security Update: Security update for yt-dlp ______________________________________________________________________________ Announcement ID: openSUSE-SU-2023:0374-1 Rating: moderate References: #1213124 #1216467 Cross-References: CVE-2023-35934 CVE-2023-46121 CVSS scores: CVE-2023-35934 (NVD) : 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N Affected Products: openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for yt-dlp fixes the following issues: - Update to release 2023.11.14 * Security: [CVE-2023-46121] Patch Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection * Disallow smuggling of arbitrary http_headers; extractors now only use specific headers - Make yt-dlp require the one pythonXX-yt-dlp that /usr/bin/yt-dlp was built with. - Rework Python build procedure [boo#1216467] - Enable Python library [boo#1216467] - Update to release 2023.10.13 * youtube: fix some bug with --extractor-retries inf - Update to release 2023.10.07 * yt: Fix heatmap extraction * yt: Raise a warning for Incomplete Data instead of an error - Update to release 2023.09.24 * Extract subtitles from SMIL manifests * fb: Add dash manifest URL * crunchyroll: Remove initial state extraction * youtube: Add player_params extractor arg - remove suggests on brotlicffi - this is only for != cpython - Update to release 2023.07.06 * Prevent Cookie leaks on HTTP redirect [boo#1213124] [CVE-2023-35934] * yt: Avoid false DRM detection * yt: Process post_live over 2 hours * yt: Support shorts-only playlists - Update to release 2023.06.22 * youtube: add IOS to default clients used - Update to release 2023.06.21 * Add option --compat-option playlist-match-filter * Add options --no-quiet, option --color, --netrc-cmd, --xff * Auto-select default format in -f- * Improve HTTP redirect handling * Support decoding multiple content encodings - Use python3.11 on Leap 15.5 * python3.11 is the only python3 > 3.6 version would be shipped in Leap 15.5 - Update to release 2023.03.04 * A bunch of extractor fixes - Update to release 2023.03.03 * youtube: Construct dash formats with range query * yt: Detect and break on looping comments * yt: Extract channel view_count when /about tab is passed - Update to release 2023.02.17 * Merge youtube-dl: Upto commit/2dd6c6e (Feb 17 2023) * Fix --concat-playlist * Imply --no-progress when --print * Improve default subtitle language selection * Make title completely non-fatal * Sanitize formats before sorting * [hls] Allow extractors to provide AES key * [extractor/generic] Avoid catastrophic backtracking in KVS regex * [jsinterp] Support if statements * [plugins] Fix zip search paths * [utils] Don't use Content-length with encoding * [utils] Fix time_seconds to use the provided TZ * [utils] Fix race condition in make_dir * [extractor/anchorfm] Add episode * [extractor/boxcast] Add extractor * [extractor/ebay] Add extractor * [extractor/hypergryph] Add extractor * [extractor/NZOnScreen] Add extractor * [extractor/rozhlas] Add extractor * [extractor/tempo] Add IVXPlayer extractor * [extractor/txxx] Add extractors * [extractor/vocaroo] Add extractor * [extractor/wrestleuniverse] Add extractors * [extractor/yappy] Add extractor * [extractor/youtube] Fix uploader_id extraction * [extractor/youtube] Add hyperpipe instances * [extractor/youtube] Handle consent.youtube * [extractor/youtube] Support /live/ URL * [extractor/youtube] Update invidious and piped instances *[extractor/91porn] Fix title and comment extraction * [extractor/AbemaTV] Cache user token whenever appropriate * [extractor/bfmtv] Support rmc prefix * [extractor/biliintl] Add intro and ending chapters * [extractor/clyp] Support wav * [extractor/crunchyroll] Add intro chapter * [extractor/crunchyroll] Better message for premium videos * [extractor/crunchyroll] Fix incorrect premium-only error * [extractor/DouyuTV] Use new API * [extractor/embedly] Embedded links may be for other extractors * [extractor/freesound] Workaround invalid URL in webpage * [extractor/GoPlay] Use new API * [extractor/Hidive] Fix subtitles and age-restriction * [extractor/huya] Support HD streams * [extractor/moviepilot] Fix extractor * [extractor/nbc] Fix NBC and NBCStations extractors * [extractor/nbc] Fix XML parsing * [extractor/nebula] Remove broken cookie support * [extractor/nfl] Add NFLPlus extractor * [extractor/niconico] Add support for like history * [extractor/nitter] Update instance list by OIRNOIR * [extractor/npo] Fix extractor and add HD support * [extractor/odkmedia] Add OnDemandChinaEpisodeIE * [extractor/pornez] Handle relative URLs in iframe * [extractor/radiko] Fix format sorting for Time Free * [extractor/rcs] Fix extractors * [extractor/reddit] Support user posts * [extractor/rumble] Fix format sorting * [extractor/servus] Rewrite extractor * [extractor/slideslive] Fix slides and chapters/duration * [extractor/SportDeutschland] Fix extractor * [extractor/Stripchat] Fix extractor * [extractor/tnaflix] Fix extractor * [extractor/tvp] Support stream.tvp.pl * [extractor/twitter] Fix --no-playlist and add media view_count when using GraphQL * [extractor/twitter] Fix graphql extraction on some tweets * [extractor/vimeo] Fix playerConfig extraction * [extractor/viu] Add ViuOTTIndonesiaIE extractor * [extractor/vk] Fix playlistsfor new API * [extractor/vlive] Replace with VLiveWebArchiveIE * [extractor/ximalaya] Update album _VALID_URL * [extractor/zdf] Use android API endpoint for UHD downloads * [youtube] Improve description extraction * [youtube] Prevent excess HTTP 301 * [bellmedia] Add support for cp24.com clip URLs Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2023-374=1 Package List: - openSUSE Backports SLE-15-SP5 (noarch): python311-yt-dlp-2023.11.14-bp155.3.3.1 yt-dlp-2023.11.14-bp155.3.3.1 yt-dlp-bash-completion-2023.11.14-bp155.3.3.1 yt-dlp-fish-completion-2023.11.14-bp155.3.3.1 yt-dlp-zsh-completion-2023.11.14-bp155.3.3.1 References: https://www.suse.com/security/cve/CVE-2023-35934.html https://www.suse.com/security/cve/CVE-2023-46121.html https://bugzilla.suse.com/1213124 https://bugzilla.suse.com/1216467 . A new release for yt-dlp tackles concerns, notably a moderate intensity risk of proxy code injection. Suggested measures have been provided.. openSUSE Update, yt-dlp Security Fix, MitM Protection, Security Patch. . LinuxSecurity.com Team
Nov 18, 2023
OpenSUSE
202
security advisoryimportantpatch instructionsopenSUSE: 2023:5649-3 Critical: OpenSSL Vulnerability Mitigation
An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for opensaml ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:3241-1 Rating: important References: #1068685 Cross-References: CVE-2017-16853 Affected Products: openSUSE Leap 42.3 openSUSE Leap 42.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for opensaml fixes the following issues: Security issue fixed: - CVE-2017-16853: Fix the DynamicMetadataProvider class to properly configure itself with the MetadataFilter plugins, to avoid possible MITM attacks (bsc#1068685). This update was imported from the SUSE:SLE-12-SP1:Update update project. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2017-1350=1 - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-1350=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (x86_64): libsaml-devel-2.5.5-6.1 libsaml8-2.5.5-6.1 libsaml8-debuginfo-2.5.5-6.1 opensaml-bin-2.5.5-6.1 opensaml-bin-debuginfo-2.5.5-6.1 opensaml-debugsource-2.5.5-6.1 opensaml-schemas-2.5.5-6.1 - openSUSE Leap 42.2 (x86_64): libsaml-devel-2.5.5-3.3.1 libsaml8-2.5.5-3.3.1 libsaml8-debuginfo-2.5.5-3.3.1 opensaml-bin-2.5.5-3.3.1 opensaml-bin-debuginfo-2.5.5-3.3.1 opensaml-debugsource-2.5.5-3.3.1 opensaml-schemas-2.5.5-3.3.1 References: https://www.suse.com/security/cve/CVE-2017-16853.html https://bugzilla.suse.com/1068685 . Update for opensaml addresses important security issues with MITM risk. Ensure system safety with latest patches.. openSUSE, opensaml, security update, software fix. . Severity: Important. LinuxSecurity.com Team
Dec 08, 2017
•Important
OpenSUSE
98
security advisorysecurity issueupdateRed Hat 7 RHSA-2014:0680-01 Important: OpenSSL Man-In-The-Middle Threat
Updated openssl098e packages that fix one security issue are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: openssl098e security update Advisory ID: RHSA-2014:0680-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2014:0680.html Issue date: 2014-06-10 CVE Names: CVE-2014-0224 ==================================================================== 1. Summary: Updated openssl098e packages that fix one security issue are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and theclient must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433 Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of this issue. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1103586 - CVE-2014-0224 openssl: SSL/TLS MITM vulnerability 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: openssl098e-0.9.8e-29.el7_0.2.src.rpm x86_64: openssl098e-0.9.8e-29.el7_0.2.i686.rpm openssl098e-0.9.8e-29.el7_0.2.x86_64.rpm openssl098e-debuginfo-0.9.8e-29.el7_0.2.i686.rpm openssl098e-debuginfo-0.9.8e-29.el7_0.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: openssl098e-0.9.8e-29.el7_0.2.src.rpm x86_64: openssl098e-0.9.8e-29.el7_0.2.i686.rpm openssl098e-0.9.8e-29.el7_0.2.x86_64.rpm openssl098e-debuginfo-0.9.8e-29.el7_0.2.i686.rpm openssl098e-debuginfo-0.9.8e-29.el7_0.2.x86_64.rpm Red Hat Enterprise Linux Server (v.7): Source: openssl098e-0.9.8e-29.el7_0.2.src.rpm ppc64: openssl098e-0.9.8e-29.el7_0.2.ppc.rpm openssl098e-0.9.8e-29.el7_0.2.ppc64.rpm openssl098e-debuginfo-0.9.8e-29.el7_0.2.ppc.rpm openssl098e-debuginfo-0.9.8e-29.el7_0.2.ppc64.rpm s390x: openssl098e-0.9.8e-29.el7_0.2.s390.rpm openssl098e-0.9.8e-29.el7_0.2.s390x.rpm openssl098e-debuginfo-0.9.8e-29.el7_0.2.s390.rpm openssl098e-debuginfo-0.9.8e-29.el7_0.2.s390x.rpm x86_64: openssl098e-0.9.8e-29.el7_0.2.i686.rpm openssl098e-0.9.8e-29.el7_0.2.x86_64.rpm openssl098e-debuginfo-0.9.8e-29.el7_0.2.i686.rpm openssl098e-debuginfo-0.9.8e-29.el7_0.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: openssl098e-0.9.8e-29.el7_0.2.src.rpm x86_64: openssl098e-0.9.8e-29.el7_0.2.i686.rpm openssl098e-0.9.8e-29.el7_0.2.x86_64.rpm openssl098e-debuginfo-0.9.8e-29.el7_0.2.i686.rpm openssl098e-debuginfo-0.9.8e-29.el7_0.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2014-0224 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/site/articles/904433 https://access.redhat.com/site/solutions/905793 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTl17cXlSAg2UNWIIRAm+bAJ4/w3OKsvukjJb+Dxzt/Y5Wbor2owCfaOFB /ISpx2udUvDe+FUiXTtb/TY=f/pv -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Jun 10, 2014
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!