Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 4 articles for you...
100
security advisorymoderateSuSESUSE Linux Micro 6.0: sevctl Moderate OpenSSL IDNA Issues 2025:20716-1
* bsc#1242618 * bsc#1243860 Cross-References: * CVE-2024-12224 . # Security update for sevctl Announcement ID: SUSE-SU-2025:20716-1 Release Date: 2025-09-12T08:47:46Z Rating: moderate References: * bsc#1242618 * bsc#1243860 Cross-References: * CVE-2024-12224 * CVE-2025-3416 CVSS scores: * CVE-2024-12224 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-12224 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2024-12224 ( NVD ): 5.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-3416 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-3416 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-3416 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for sevctl fixes the following issues: * CVE-2025-3416: openssl: Fixed Use-After-Free in Md::fetch and Cipher::fetch (bsc#1242618) * CVE-2024-12224: idna: Fixed Punycode labels not producing any non-ASCII when decode (bsc#1243860) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-459=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * sevctl-debuginfo-0.4.3-3.1 * sevctl-0.4.3-3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-12224.html * https://www.suse.com/security/cve/CVE-2025-3416.html * https://bugzilla.suse.com/show_bug.cgi?id=1242618 * https://bugzilla.suse.com/show_bug.cgi?id=1243860 . Obtain essential information regarding the SUSEupdate for sevctl addressing moderate security vulnerabilities, as reported in advisory ID: SUSE-SU-2025:20716-1.. SUSE Linux, sevctl, security update. . LinuxSecurity.com Team
Sep 17, 2025
SuSE
100
security advisorypackage updatelow severitySUSE: 2025:01662-2 low: python-cryptography openssl use-after-free
* bsc#1242631 Cross-References: * CVE-2025-3416 . # Security update for python-cryptography Announcement ID: SUSE-SU-2025:01662-2 Release Date: 2025-05-29T13:31:03Z Rating: low References: * bsc#1242631 Cross-References: * CVE-2025-3416 CVSS scores: * CVE-2025-3416 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-3416 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-3416 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Python 3 Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for python-cryptography fixes the following issues: * CVE-2025-3416: openssl: use-after-free in `Md::fetch` and `Cipher::fetch` when `Some(...)` value passed as `properties` argument to either function (bsc#1242631). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Python 3 Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2025-1662=1 ## Package List: * Python 3 Module 15-SP7 (aarch64 ppc64le s390x x86_64) * python311-cryptography-41.0.3-150600.23.6.1 ## References: * https://www.suse.com/security/cve/CVE-2025-3416.html * https://bugzilla.suse.com/show_bug.cgi?id=1242631 . Important security patch for SUSE python-cryptography fixes a minor vulnerability detected in OpenSSL components.. SUSE Linux Enterprise, python-cryptography, security issues, OpenSSL, security updates. . Severity: Low. LinuxSecurity.com Team
May 29, 2025
•Low
SuSE
100
security advisorymoderatesecurity patchSUSE: 2023:1193-1 Critical: Bci/Dotnet-Sdk Security Patch Overview
The container bci/dotnet-sdk was updated. The following patches have been included in this update:. SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1192-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-33.9 , bci/dotnet-sdk:6.0.16 , bci/dotnet-sdk:6.0.16-33.9 Container Release : 33.9 Severity : moderate Type : security References : 1208529 1209873 1209878 CVE-2023-0465 CVE-2023-0466 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1916-1 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Type: recommended Severity: low References: 1208529 This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.34.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.34.1 updated - sles-release-15.4-150400.58.7.3 updated - container:sles15-image-15.0.0-27.14.53 updated . This revision strengthens the bci/dotnet-sdk by implementing crucial security updates to address potential vulnerabilities adeptly.. bci/dotnet-sdk,containersecurity patch,openssl update. . LinuxSecurity.com Team
Apr 20, 2023
SuSE
202
security advisoryimportantpatch updateopenSUSE Leap Micro 5.2: Important Update for AES OCB Issue
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:2328-1 Rating: important References: #1201099 Cross-References: CVE-2022-2097 CVSS scores: CVE-2022-2097 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-2097 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-2328=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): libopenssl-1_1-devel-1.1.1d-150200.11.51.1 libopenssl1_1-1.1.1d-150200.11.51.1 libopenssl1_1-debuginfo-1.1.1d-150200.11.51.1 libopenssl1_1-hmac-1.1.1d-150200.11.51.1 openssl-1_1-1.1.1d-150200.11.51.1 openssl-1_1-debuginfo-1.1.1d-150200.11.51.1 openssl-1_1-debugsource-1.1.1d-150200.11.51.1 References: https://www.suse.com/security/cve/CVE-2022-2097.html https://bugzilla.suse.com/1201099 . A vital patch is now available for openSUSE to fix a major vulnerability in openssl-1_1. To learn more about current threats and updates, refer to the official documentation. openSUSE Security Update, OpenSSL Fixes, Important Issues, AES OCB Threat. . Severity: Important. LinuxSecurity.com Team
Sep 01, 2022
•Important
OpenSUSE
98
security advisorybug fixRed Hat EnterpriseRed Hat Enterprise Linux 9: RHSA-2022-4899-01 Important: OpenSSL Bug Fix
An update for compat-openssl11 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: compat-openssl11 security and bug fix update Advisory ID: RHSA-2022:4899-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:4899 Issue date: 2022-06-03 CVE Names: CVE-2022-0778 ==================================================================== 1. Summary: An update for compat-openssl11 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. compat-openssl11 provides the legacy 1.1 version of OpenSSL for use with older binaries. Security Fix(es): * openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * compat-openssl11 breaks in FIPS (BZ#2091968) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Forthe update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 5. Bugs fixed (https://bugzilla.redhat.com/): 2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates 6. Package List: Red Hat Enterprise Linux AppStream (v. 9): Source: compat-openssl11-1.1.1k-4.el9_0.src.rpm aarch64: compat-openssl11-1.1.1k-4.el9_0.aarch64.rpm compat-openssl11-debuginfo-1.1.1k-4.el9_0.aarch64.rpm compat-openssl11-debugsource-1.1.1k-4.el9_0.aarch64.rpm ppc64le: compat-openssl11-1.1.1k-4.el9_0.ppc64le.rpm compat-openssl11-debuginfo-1.1.1k-4.el9_0.ppc64le.rpm compat-openssl11-debugsource-1.1.1k-4.el9_0.ppc64le.rpm s390x: compat-openssl11-1.1.1k-4.el9_0.s390x.rpm compat-openssl11-debuginfo-1.1.1k-4.el9_0.s390x.rpm compat-openssl11-debugsource-1.1.1k-4.el9_0.s390x.rpm x86_64: compat-openssl11-1.1.1k-4.el9_0.i686.rpm compat-openssl11-1.1.1k-4.el9_0.x86_64.rpm compat-openssl11-debuginfo-1.1.1k-4.el9_0.i686.rpm compat-openssl11-debuginfo-1.1.1k-4.el9_0.x86_64.rpm compat-openssl11-debugsource-1.1.1k-4.el9_0.i686.rpm compat-openssl11-debugsource-1.1.1k-4.el9_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-0778 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYprJ0tzjgjWX9erEAQhrrxAAj+axPVSrlNafX9qnKRG3gypnXfHFcax2 ZSEJltzPMnEjwS2+4GU4V1JE6Y6GsiDs8RYJlmVxd6Nc81y+ZJRLYY+E7/gxRHIS LWZy4+ieePji4c00Y+6Al0nx6cbZnda4jkUaOPKvp0CxkpAIBE0hqM+i6FuzhNIg EiUc6KkOBjxVCKYbDzGR4ncvaE5XXrVj3/TGNwH7Pp1x+upPGofaOBkDyB9qLyO5 7HUPFMtvu/xArRi8WCnCrAQVBcmLItolHYPM6rYCexYZD5MUvGNXwtsHTlQUJIuq EozHKQyupE+0ak0/bBAq4WLPmPMCNcbLZ5BhkbRISwOGY8bNyF31wAZ2twFITOzh UqUNhGz6rJENshmbHgjhEoS2iEzJIp7PtX0vIhFXLG20+tz3sPtHjVqAfSx93+FL YI7eHrNFI+VdbOdjh5Oxo+zWnDiZ735ZWg/NuCx1w2LxDQA31OCgGHQ83Muow627 kPLn7254cJ4jCcepAs2DTLiYxF29n+uUhuttapYg+mzii31nBFTu+1oxeTTcg7nG HSI8iVN6pTu3Q3DEnVVW6og7C0XiVaE/50gAn3fvTwz8Vzsw2ZeCi00tnh5ZKhuB BqoucdSbcjjuCsySUqVhzlFAMDUqLtcmd9vo2AsFf1hM6jYw54dDHfyVq31WzTMw 2R5zX6yfp6Y=pN5K -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 03, 2022
•Important
Red Hat
98
security advisorysecurity updatebug fixRHEL 7: RHSA-2021:1202-01 Critical Security Fix for JBoss Web Server 3.1
An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 7. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Web Server 3.1 Service Pack 12 security update Advisory ID: RHSA-2021:1202-01 Product: Red Hat JBoss Web Server Advisory URL: https://access.redhat.com/errata/RHSA-2021:1202 Issue date: 2021-04-14 CVE Names: CVE-2021-3449 CVE-2021-3450 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 7. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Web Server 3.1 for RHEL 7 - x86_64 3. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 12 serves as a replacement for Red Hat JBoss Web Server 3.1.11, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es): * openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449) * openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450) For moredetails about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT 1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing 6. Package List: Red Hat JBoss Web Server 3.1 for RHEL 7: Source: tomcat-native-1.2.23-24.redhat_24.ep7.el7.src.rpm x86_64: tomcat-native-1.2.23-24.redhat_24.ep7.el7.x86_64.rpm tomcat-native-debuginfo-1.2.23-24.redhat_24.ep7.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYHctstzjgjWX9erEAQgp5g/+PmVzCLWS2x+IBEanPp+efKJpDq5Gej3E PFB9uJ0WKIH4qtznGfI/i5mtrIjy1BrbrlBJrFF72+a2pEyP8EL9DcJubIlLu9MH QgwsB5XVwC8+6aRVAN3blKPKPLC8CjHK3Ef+4cSq8vZocRHRKsx4Jz8dk1m1U36p /be1EBKaTrm9rGHgT+UYuKSeYrRq2QSEmoLKjyBQwDADHJzSRXuSv6AlaUHx9RvB xvRp+A9JErjaweOo2Ndo1KGhyHAQRUWTWym0M5QNbvBwBGNEShNjlezMhNVvC7UH fM5kLpcCxk4gtPuMGtg26fBSYZyzKiijl7zkkHiEt9jLqonik7QKRDaucPch8UgA 5Ic+bkN65+SlPpVYoCq65aUKmlQNJuL5FmXVXGV2OToyiOctojTYglvZI/zgcEOf 0vpZGeZ/duupuN7OHQ4YTYY44Li5CVKIojLlE8cMRJRkmH3X76xW2DCooFRx7viI cKiNBFSu2z47B3EZkKN2X5Zz/c7tWA/qD4cx3aP9bL1ucT6c0QFhi95we9vmwRaj TFC9RjmvzWeacI2ZfsEFv10wmSkF71idLr7zXFJ/e2vGKYVUQ+TKLf2cdXcHLW76 9wG9fy3SMjhDGmaJPEn9Ii42Ntu8Sj1BoxuBydJ2Wxf9I7cpMh62B9Hc1s4/SJHR CVXTbuaHHtI=bubg -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 14, 2021
•Important
Red Hat
98
security advisorysecurity updateOpenSSLRed Hat JBoss Web Server 5.4.2 Important: RHSA-2021:1195-01
Updated Red Hat JBoss Web Server 5.4.2 packages are now available for Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Web Server 5.4.2 Security Update Advisory ID: RHSA-2021:1195-01 Product: Red Hat JBoss Web Server Advisory URL: https://access.redhat.com/errata/RHSA-2021:1195 Issue date: 2021-04-14 CVE Names: CVE-2021-3449 CVE-2021-3450 ==================================================================== 1. Summary: Updated Red Hat JBoss Web Server 5.4.2 packages are now available for Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Web Server 5.4 for RHEL 7 Server - x86_64 Red Hat JBoss Web Server 5.4 for RHEL 8 - x86_64 3. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.4.2 serves as a replacement for Red Hat JBoss Web Server 5.4.1, and includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Security Fix(es): * openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449) * openssl: CAcertificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT 1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing 6. Package List: Red Hat JBoss Web Server 5.4 for RHEL 7 Server: Source: jws5-tomcat-native-1.2.25-4.redhat_4.el7jws.src.rpm x86_64: jws5-tomcat-native-1.2.25-4.redhat_4.el7jws.x86_64.rpm jws5-tomcat-native-debuginfo-1.2.25-4.redhat_4.el7jws.x86_64.rpm Red Hat JBoss Web Server 5.4 for RHEL 8: Source: jws5-tomcat-native-1.2.25-4.redhat_4.el8jws.src.rpm x86_64: jws5-tomcat-native-1.2.25-4.redhat_4.el8jws.x86_64.rpm jws5-tomcat-native-debuginfo-1.2.25-4.redhat_4.el8jws.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYHcAdtzjgjWX9erEAQgQ4RAAktpzx/5WHgvBQgcb9aZrVc3TCDwWAy9g W88lvzzXWz1Is+DYngpt2upDkAijyp2vrbUDqLmh2uaQ/vBLe3WlVXCc0fS6YB/e 4uqAIdRQWoVt1Rb2pX7p7hXOzTPcZSe2FTWwumg2SNZvGkREzc2QhSMP+UdkTbE4 fLoNWKXkvC6j+Cs339cxQbjSssjxg9WDkpralRx/gaxge8TTDHKfzjbQsExY4UrZ WRYWqYKExmkO1d6g2sXOBW/uFqlUR8On+BNSd9g8FOAyiehvpScvj/0a2Mc9lKiD 0g5yoFEdkhWqaWLndbDpwrXETl77sHl+7Pou+TzxfK3nNgZNCLgbc6yAJknvLwuf AuCcPflfsnF/docnKWR5+Pky2ZiNB/Cq4MUaJPVFVMcfoLKtfXgRYKdyVuxmWCXm mIRrMqgxVuxk7eQBv/eWSXFVwipYmkQgWMaaartZCXjbDrbilR9TBw/v/2GSLsBn gSajBKt89xKzzpE6rkoJV1mBSvN4Zck/+Eb0RborKRr7LyoSPS7FJyySAPeC2Q9+ Mv2mjGQWkX95yHLG0XCRp9do65G3jC6ILIqD6ee1XD8lPrALkpJZZWR+EfVumZxO Zx6p3T0egk6a75jAepI04NmrX52Gla0ARKri9YawDLaxTjGeo4K9963qkfzeJJxq 8QzbJQ6gPfU=XW2w -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 14, 2021
•Important
Red Hat
98
security advisorysecurity updateRed HatRed Hat: RHSA-2021-1196-01 Important: JBoss Web Server Critical Fix
Red Hat JBoss Web Server 5.4.2 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8 and Windows. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Web Server 5.4.2 Security Update Advisory ID: RHSA-2021:1196-01 Product: Red Hat JBoss Web Server Advisory URL: https://access.redhat.com/errata/RHSA-2021:1196 Issue date: 2021-04-14 CVE Names: CVE-2021-3449 CVE-2021-3450 ==================================================================== 1. Summary: Red Hat JBoss Web Server 5.4.2 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8 and Windows. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.4.2 serves as a replacement for Red Hat JBoss Web Server 5.4.1, and includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Security Fix(es): * openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449) * openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450) For more details about the security issue(s), including the impact, aCVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link for the update. You must be logged in to download the update. 4. Bugs fixed (https://bugzilla.redhat.com/): 1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT 1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing 5. References: https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/updates/classification/#important 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYHb9ptzjgjWX9erEAQgFCQ/7BJTSfq5w3doR0kSXLda2Obe3kHPppe5P yaCT135mIOJgWA+IRdupdmrXrnVdXPAW1EmRn6AgWVzb+94LavgHq0ZZoMlMTgRD mVhmmfnp9X7/PmrDjqoo/th07yWbTzl9j6x6fOP1OJRnFMFyBgX6ZqFGskft+ca0 VWuMr5iyWgLJElh0o2kaJPP5FuzJ79oSQv2MfzS/gGy/gOK3agvXsqSQLLS70TI1 E2mBi8Vcvqwo67GDgDdABa+8cQxgqm6+UqOCs38tLUwGtgU6bqeC855b23HNpyyQ 2D9JH4V32QO28Bjt40u4oFuZ6Ds2uCPJD0KpworxXBvCX/spU0K5N/5To2c09xP/ UkmsnTnKtH1Er0Xxz9V27i1W3tIE6fgvbBYCbDv204criLwGQYv5BOD/1blwpX9a 9Ds4fWKBtO80+9prcJfWYNlFHRuifcte+AGwJWGkbmL1eatj8KobYTvxEtlL25+R u9sRNpdMEWz3yjbBB0W2XiziXuflPNOYg8DWWncAKdmwPBL6VsInUYMv6r+/7JBT gvViapJZfJJlbD/LB/7E6r6OFt51BfHBLdib5PR9uXy45pszRFpiG+rUbCBmBWCs 1EqVn9jnu/0E7WIc49Wg+jwCyQcGNJmbOGMcxHTvvdi4XvwuJyJF/zXQfqFSQ0V6 HG1YdwtAWR8=p16h -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 14, 2021
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!