Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
219
security advisorymoderateMySQLRocky Linux 8 RLSA-2026-5678 MySQL Major Vulnerability Patch
Moderate: mysql:8.0 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:5580", "synopsis": "Moderate: mysql:8.0 security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for mecab-ipadic, module.mecab, mecab, module.mecab-ipadic.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\n\nSecurity Fix(es):\n\n* mysql: Optimizer unspecified vulnerability (CPU Jan 2026) (CVE-2026-21941)\n\n* mysql: Optimizer unspecified vulnerability (CPU Jan 2026) (CVE-2026-21948)\n\n* mysql: InnoDB unspecified vulnerability (CPU Jan 2026) (CVE-2026-21936)\n\n* mysql: Optimizer unspecified vulnerability (CPU Jan 2026) (CVE-2026-21968)\n\n* mysql: DDL unspecified vulnerability (CPU Jan 2026) (CVE-2026-21937)\n\n* mysql: Thread Pooling unspecified vulnerability (CPU Jan 2026) (CVE-2026-21964)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2431384", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431384", "description": ""}, {"ticket": "2431385", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431385", "description": ""}, {"ticket": "2431402", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431402", "description": ""}, {"ticket": "2431409", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431409", "description": ""}, {"ticket": "2431413", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431413","description": ""}, {"ticket": "2431431", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431431", "description": ""}], "cves": [{"name": "CVE-2026-21936", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-21936", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "4.9", "cwe": null}, {"name": "CVE-2026-21937", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-21937", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "4.9", "cwe": null}, {"name": "CVE-2026-21941", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-21941", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "4.9", "cwe": null}, {"name": "CVE-2026-21948", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-21948", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "4.9", "cwe": null}, {"name": "CVE-2026-21964", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-21964", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "4.9", "cwe": null}, {"name": "CVE-2026-21968", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-21968", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "6.5", "cwe": null}], "references": [], "publishedAt": "2026-03-24T12:01:12.163837Z", "rpms": {"Rocky Linux 8": {"nvras": ["mecab-0:0.996-2.module+el8.10.0+1676+9b4b6e24.aarch64.rpm", "mecab-0:0.996-2.module+el8.10.0+1676+9b4b6e24.x86_64.rpm", "mecab-debuginfo-0:0.996-2.module+el8.10.0+1676+9b4b6e24.x86_64.rpm", "mecab-debugsource-0:0.996-2.module+el8.10.0+1676+9b4b6e24.x86_64.rpm", "mecab-devel-0:0.996-2.module+el8.10.0+1676+9b4b6e24.aarch64.rpm", "mecab-devel-0:0.996-2.module+el8.10.0+1676+9b4b6e24.x86_64.rpm","mecab-0:0.996-2.module+el8.10.0+1937+28fbbc83.aarch64.rpm", "mecab-0:0.996-2.module+el8.10.0+2091+db4d14f6.aarch64.rpm", "mecab-0:0.996-2.module+el8.10.0+1937+28fbbc83.src.rpm", "mecab-0:0.996-2.module+el8.10.0+2091+db4d14f6.src.rpm", "mecab-0:0.996-2.module+el8.10.0+1676+9b4b6e24.src.rpm", "mecab-0:0.996-2.module+el8.10.0+1937+28fbbc83.x86_64.rpm", "mecab-0:0.996-2.module+el8.10.0+2091+db4d14f6.x86_64.rpm", "mecab-debuginfo-0:0.996-2.module+el8.10.0+1676+9b4b6e24.aarch64.rpm", "mecab-debuginfo-0:0.996-2.module+el8.10.0+2091+db4d14f6.aarch64.rpm", "mecab-debuginfo-0:0.996-2.module+el8.10.0+1937+28fbbc83.aarch64.rpm", "mecab-debuginfo-0:0.996-2.module+el8.10.0+1937+28fbbc83.x86_64.rpm", "mecab-debuginfo-0:0.996-2.module+el8.10.0+2091+db4d14f6.x86_64.rpm", "mecab-debugsource-0:0.996-2.module+el8.10.0+1676+9b4b6e24.aarch64.rpm", "mecab-debugsource-0:0.996-2.module+el8.10.0+1937+28fbbc83.aarch64.rpm", "mecab-debugsource-0:0.996-2.module+el8.10.0+2091+db4d14f6.aarch64.rpm", "mecab-debugsource-0:0.996-2.module+el8.10.0+1937+28fbbc83.x86_64.rpm", "mecab-debugsource-0:0.996-2.module+el8.10.0+2091+db4d14f6.x86_64.rpm", "mecab-devel-0:0.996-2.module+el8.10.0+2091+db4d14f6.aarch64.rpm", "mecab-devel-0:0.996-2.module+el8.10.0+1937+28fbbc83.aarch64.rpm", "mecab-devel-0:0.996-2.module+el8.10.0+1937+28fbbc83.x86_64.rpm", "mecab-devel-0:0.996-2.module+el8.10.0+2091+db4d14f6.x86_64.rpm", "mecab-ipadic-0:2.7.0.20070801-17.module+el8.10.0+1937+28fbbc83.aarch64.rpm", "mecab-ipadic-0:2.7.0.20070801-17.module+el8.10.0+2091+db4d14f6.aarch64.rpm", "mecab-ipadic-0:2.7.0.20070801-17.module+el8.10.0+1937+28fbbc83.src.rpm", "mecab-ipadic-0:2.7.0.20070801-17.module+el8.10.0+2091+db4d14f6.src.rpm", "mecab-ipadic-0:2.7.0.20070801-17.module+el8.10.0+2091+db4d14f6.x86_64.rpm", "mecab-ipadic-0:2.7.0.20070801-17.module+el8.10.0+1937+28fbbc83.x86_64.rpm", "mecab-ipadic-EUCJP-0:2.7.0.20070801-17.module+el8.10.0+2091+db4d14f6.aarch64.rpm", "mecab-ipadic-EUCJP-0:2.7.0.20070801-17.module+el8.10.0+1937+28fbbc83.aarch64.rpm","mecab-ipadic-EUCJP-0:2.7.0.20070801-17.module+el8.10.0+1937+28fbbc83.x86_64.rpm", "mecab-ipadic-EUCJP-0:2.7.0.20070801-17.module+el8.10.0+2091+db4d14f6.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Rocky Linux 8 provides a moderate mySQL security advisory to address optimizer issues, enhancing database security.. mySQL security, Rocky Linux advisory, moderate security update, mySQL updates. . LinuxSecurity.com Team
Mar 24, 2026
Rocky Linux
219
security advisorymoderateMySQLRocky Linux 8 RLSA-2026-5603 MariaDB Enhanced Session Management Features
Moderate: mysql:8.0 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:5580", "synopsis": "Moderate: mysql:8.0 security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for mecab-ipadic, module.mecab, mecab, module.mecab-ipadic.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\n\nSecurity Fix(es):\n\n* mysql: Optimizer unspecified vulnerability (CPU Jan 2026) (CVE-2026-21941)\n\n* mysql: Optimizer unspecified vulnerability (CPU Jan 2026) (CVE-2026-21948)\n\n* mysql: InnoDB unspecified vulnerability (CPU Jan 2026) (CVE-2026-21936)\n\n* mysql: Optimizer unspecified vulnerability (CPU Jan 2026) (CVE-2026-21968)\n\n* mysql: DDL unspecified vulnerability (CPU Jan 2026) (CVE-2026-21937)\n\n* mysql: Thread Pooling unspecified vulnerability (CPU Jan 2026) (CVE-2026-21964)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2431384", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431384", "description": ""}, {"ticket": "2431385", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431385", "description": ""}, {"ticket": "2431402", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431402", "description": ""}, {"ticket": "2431409", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431409", "description": ""}, {"ticket": "2431413", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431413","description": ""}, {"ticket": "2431431", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431431", "description": ""}], "cves": [{"name": "CVE-2026-21936", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-21936", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "4.9", "cwe": null}, {"name": "CVE-2026-21937", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-21937", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "4.9", "cwe": null}, {"name": "CVE-2026-21941", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-21941", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "4.9", "cwe": null}, {"name": "CVE-2026-21948", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-21948", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "4.9", "cwe": null}, {"name": "CVE-2026-21964", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-21964", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "4.9", "cwe": null}, {"name": "CVE-2026-21968", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-21968", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "6.5", "cwe": null}], "references": [], "publishedAt": "2026-03-24T12:01:12.163837Z", "rpms": {"Rocky Linux 8": {"nvras": ["mecab-0:0.996-2.module+el8.10.0+1676+9b4b6e24.aarch64.rpm", "mecab-0:0.996-2.module+el8.10.0+1676+9b4b6e24.x86_64.rpm", "mecab-debuginfo-0:0.996-2.module+el8.10.0+1676+9b4b6e24.x86_64.rpm", "mecab-debugsource-0:0.996-2.module+el8.10.0+1676+9b4b6e24.x86_64.rpm", "mecab-devel-0:0.996-2.module+el8.10.0+1676+9b4b6e24.aarch64.rpm", "mecab-devel-0:0.996-2.module+el8.10.0+1676+9b4b6e24.x86_64.rpm","mecab-0:0.996-2.module+el8.10.0+1937+28fbbc83.aarch64.rpm", "mecab-0:0.996-2.module+el8.10.0+2091+db4d14f6.aarch64.rpm", "mecab-0:0.996-2.module+el8.10.0+1937+28fbbc83.src.rpm", "mecab-0:0.996-2.module+el8.10.0+2091+db4d14f6.src.rpm", "mecab-0:0.996-2.module+el8.10.0+1676+9b4b6e24.src.rpm", "mecab-0:0.996-2.module+el8.10.0+1937+28fbbc83.x86_64.rpm", "mecab-0:0.996-2.module+el8.10.0+2091+db4d14f6.x86_64.rpm", "mecab-debuginfo-0:0.996-2.module+el8.10.0+1676+9b4b6e24.aarch64.rpm", "mecab-debuginfo-0:0.996-2.module+el8.10.0+2091+db4d14f6.aarch64.rpm", "mecab-debuginfo-0:0.996-2.module+el8.10.0+1937+28fbbc83.aarch64.rpm", "mecab-debuginfo-0:0.996-2.module+el8.10.0+1937+28fbbc83.x86_64.rpm", "mecab-debuginfo-0:0.996-2.module+el8.10.0+2091+db4d14f6.x86_64.rpm", "mecab-debugsource-0:0.996-2.module+el8.10.0+1676+9b4b6e24.aarch64.rpm", "mecab-debugsource-0:0.996-2.module+el8.10.0+1937+28fbbc83.aarch64.rpm", "mecab-debugsource-0:0.996-2.module+el8.10.0+2091+db4d14f6.aarch64.rpm", "mecab-debugsource-0:0.996-2.module+el8.10.0+1937+28fbbc83.x86_64.rpm", "mecab-debugsource-0:0.996-2.module+el8.10.0+2091+db4d14f6.x86_64.rpm", "mecab-devel-0:0.996-2.module+el8.10.0+2091+db4d14f6.aarch64.rpm", "mecab-devel-0:0.996-2.module+el8.10.0+1937+28fbbc83.aarch64.rpm", "mecab-devel-0:0.996-2.module+el8.10.0+1937+28fbbc83.x86_64.rpm", "mecab-devel-0:0.996-2.module+el8.10.0+2091+db4d14f6.x86_64.rpm", "mecab-ipadic-0:2.7.0.20070801-17.module+el8.10.0+1937+28fbbc83.aarch64.rpm", "mecab-ipadic-0:2.7.0.20070801-17.module+el8.10.0+2091+db4d14f6.aarch64.rpm", "mecab-ipadic-0:2.7.0.20070801-17.module+el8.10.0+1937+28fbbc83.src.rpm", "mecab-ipadic-0:2.7.0.20070801-17.module+el8.10.0+2091+db4d14f6.src.rpm", "mecab-ipadic-0:2.7.0.20070801-17.module+el8.10.0+2091+db4d14f6.x86_64.rpm", "mecab-ipadic-0:2.7.0.20070801-17.module+el8.10.0+1937+28fbbc83.x86_64.rpm", "mecab-ipadic-EUCJP-0:2.7.0.20070801-17.module+el8.10.0+2091+db4d14f6.aarch64.rpm", "mecab-ipadic-EUCJP-0:2.7.0.20070801-17.module+el8.10.0+1937+28fbbc83.aarch64.rpm","mecab-ipadic-EUCJP-0:2.7.0.20070801-17.module+el8.10.0+1937+28fbbc83.x86_64.rpm", "mecab-ipadic-EUCJP-0:2.7.0.20070801-17.module+el8.10.0+2091+db4d14f6.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. A moderate security update is available for MySQL on Rocky Linux 8 addressing multiple unspecified vulnerabilities.. Rocky Linux, MySQL, security update, optimization, thread pooling. . LinuxSecurity.com Team
Mar 24, 2026
Rocky Linux
89
security advisorydenial of servicecriticalFedora 40: FEDORA-2024-ce2936b568 Critical: Rust Oxipng Denial Of Service
This update contains builds from a mini-mass-rebuild for Rust applications (and some C-style libraries). Rebuilding with the Rust 1.78 toolchain should fix incomplete debug information for the Rust standard library (and the resulting low-quality stack traces). Additionally, builds will have picked up fixes for some minor low-priority. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-ce2936b568 2024-05-26 01:25:15.719720 -------------------------------------------------------------------------------- Name : rust-oxipng Product : Fedora 40 Version : 9.1.1 Release : 3.fc40 URL : Summary : Lossless PNG compression optimizer Description : A lossless PNG compression optimizer. -------------------------------------------------------------------------------- Update Information: This update contains builds from a mini-mass-rebuild for Rust applications (and some C-style libraries). Rebuilding with the Rust 1.78 toolchain should fix incomplete debug information for the Rust standard library (and the resulting low-quality stack traces). Additionally, builds will have picked up fixes for some minor low-priority security and / or safety fixes in crate dependencies that had not yet been handled via a separate (targeted) rebuild: h2 v0.3.26+ (denial-of-service): https://rustsec.org/advisories/RUSTSEC-2024-0332.html glib v0.19.4+ and backports (UB): core/pull/1343 hashbrown v0.14.5+ (UB): https://github.com/rust-lang/hashbrown/pull/511 rustls v0.22.4+, v0.21.11+ (denial-of-service): https://rustsec.org/advisories/RUSTSEC-2024-0336.html -------------------------------------------------------------------------------- ChangeLog: * Thu May 23 2024 Fabio Valentini - 9.1.1-3 - Rebuild with Rust 1.78 to fix incomplete debuginfo and backtraces -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su-c 'dnf upgrade --advisory FEDORA-2024-ce2936b568' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
May 26, 2024
•Critical
Fedora
89
security advisoryFedoramemory issueFedora 34: 2022-9a1e4d4123b Low: WebAssembly Memory Handling Flaw
Bug fixes and incremental optimization improvements. ---- Bugfix release including fix for CVE-2021-45290 and CVE-2021-45293.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-9d18d4159e 2022-01-25 01:02:31.955857 --------------------------------------------------------------------------------Name : binaryen Product : Fedora 34 Version : 105 Release : 1.fc34 URL : https://github.com/WebAssembly/binaryen Summary : Compiler and toolchain infrastructure library for WebAssembly Description : Binaryen is a compiler and toolchain infrastructure library for WebAssembly, written in C++. It aims to make compiling to WebAssembly easy, fast, and effective: * Easy: Binaryen has a simple C API in a single header, and can also be used from JavaScript. It accepts input in WebAssembly-like form but also accepts a general control flow graph for compilers that prefer that. * Fast: Binaryen's internal IR uses compact data structures and is designed for completely parallel codegen and optimization, using all available CPU cores. Binaryen's IR also compiles down to WebAssembly extremely easily and quickly because it is essentially a subset of WebAssembly. * Effective: Binaryen's optimizer has many passes that can improve code very significantly (e.g. local coloring to coalesce local variables; dead code elimination; precomputing expressions when possible at compile time; etc.). These optimizations aim to make Binaryen powerful enough to be used as a compiler backend by itself. One specific area of focus is on WebAssembly-specific optimizations (that general-purpose compilers might not do), which you can think of as wasm minification , similar to minification for JavaScript, CSS, etc., all of which are language-specific (an example of such an optimization is block return value generation inSimplifyLocals). --------------------------------------------------------------------------------Update Information: Bug fixes and incremental optimization improvements. ---- Bugfix release including fix for CVE-2021-45290 and CVE-2021-45293. --------------------------------------------------------------------------------ChangeLog: * Sun Jan 16 2022 Dominik Mierzejewski 105-1 - update to 105 (#2040105) * Tue Jan 11 2022 Dominik Mierzejewski 104-1 - update to 104 (#2033827) - fixes CVE-2021-45290 (#2037323, #2037325) - fixes CVE-2021-45293 (#2037324, #2037326) --------------------------------------------------------------------------------References: [ 1 ] Bug #2033827 - binaryen-104 is available https://bugzilla.redhat.com/show_bug.cgi?id=2033827 [ 2 ] Bug #2037325 - CVE-2021-45290 binaryen: assertion abort in wasm::handle_unreachable [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2037325 [ 3 ] Bug #2037326 - CVE-2021-45293 binaryen: Invalid memory address dereference in wasm::WasmBinaryBuilder::visitLet [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2037326 [ 4 ] Bug #2040105 - binaryen-105 is available https://bugzilla.redhat.com/show_bug.cgi?id=2040105 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-9d18d4159e' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jan 24, 2022
•Low
Fedora
98
security advisorymoderatered hatRedHat: RHSA-2020-4136-01 Moderate: Ansible Tower 3.7.3 Security Fix
Red Hat Ansible Tower 3.7.3-1 - RHEL7 Container 2. Description: * Updated to the latest version of the git-python library to no longer cause certain jobs to fail. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: security update - Red Hat Ansible Tower 3.7.3-1 - RHEL7 Container Advisory ID: RHSA-2020:4136-01 Product: Red Hat Ansible Tower Advisory URL: https://access.redhat.com/errata/RHSA-2020:4136 Issue date: 2020-09-30 CVE Names: CVE-2020-14365 CVE-2020-25626 ==================================================================== 1. Summary: Red Hat Ansible Tower 3.7.3-1 - RHEL7 Container 2. Description: * Updated to the latest version of the git-python library to no longer cause certain jobs to fail * Updated to the latest version of the ovirt.ovirt collection to no longer cause connections to hang when syncing inventory from oVirt/RHV * Added a number of optimizations to Ansible Tower's callback receiver to improve the speed of stdout processing for simultaneous playbooks runs * Added an optional setting to disable the auto-creation of organizations and teams on successful SAML login * Fixed an XSS vulnerability (CVE-2020-25626) * Fixed a slow memory leak in the Daphne process * Fixed Automation Analytics data gathering to no longer fail for customerswith large datasets * Fixed scheduled jobs that run every X minute(s) or hour(s) to no longer fail to run at the proper time * Fixed delays in Ansible Tower's task manager when large numbers of simultaneous jobs are scheduled * Fixed the performance for playbooks that store large amounts of data using the set_stats module * Fixed the awx-manage remove_from_queue tool when used with isolated nodes * Fixed an issue that prevented jobs from being properly marked as canceled when Tower is backed up and then restored to another environment 3. Solution: For information on upgradingAnsible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://legacy-controller-docs.ansible.com/ansible-tower/ index.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1878635 - CVE-2020-25626 django-rest-framework: XSS Vulnerability in API viewer 5. References: https://access.redhat.com/security/cve/CVE-2020-14365 https://access.redhat.com/security/cve/CVE-2020-25626 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX3STrNzjgjWX9erEAQjacg//aPaDOirEblGdQwQd+PZEIylBv0mfeaVE M25xAnTJCWpzeC6C8Vd5BKzIsAihNfMjTBGQi6x7b7PrIubd/d3uKYaLsRpsaQHz KQL8gbxuNwWid85HJLvcyh2WRjoW7GAKpvdjh3IjyjTp8c3dkERvjT+LcODE5Mt0 zjUon37FzWZdX4d1heDc3seUtTSpAjskoQ4Dy2qDWC0cyJKSFFqZxWmE/rzBt79r 4niDYCcaEfiiy4lCYqr0qObYvf1hS9sHrD5SVZQYzzfxlL3zNPONUaKwwu1yatcY Sr/o4LdNIUWn04vjxRx6mZNpsJ5+t1Q+YhYGHNtxtE2cy30p+JxpaeJnL50s/VM7 jdQF1/NqcA9F1RKpaquwm3HMPWMvdlzynP5TN+9PdEeT6iCqIXd0Q+scMxGLlhVw zyGU+zlACa9rrSe8DBeS0x3KayydyU7e45mKEJtUHeUYwfPw5rlV/kK05qf7CfMg X7VU6087uU4SAnH5E6Uw8xVibjgAzuSu0GQ/clWdpfiMK85dhdIUGyqYbCOVpFKj /fi0I9N8NAWLItO0OvuWZwjWcOGFQFYw2n+uPo/+Z3XV/oeps4A/KuBrWDnYhvg4 CVzWCpKX//iVaJNWyFwmtitzYRw4couZexR5DdIEABJ2bvydo4gWVQrXNrICLTz3 2v4EqCCyi3U=O51G -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Sep 30, 2020
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!