Explore top 10 tips to secure your open-source projects now. Read More
×* bsc#1222045 Cross-References: * CVE-2024-29025 . # Security update for netty, netty-tcnative Announcement ID: SUSE-SU-2024:1079-2 Rating: important References: * bsc#1222045 Cross-References: * CVE-2024-29025 CVSS scores: * CVE-2024-29025 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Development Tools Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP6 An update that solves one vulnerability can now be installed. ## Description: This update for netty, netty-tcnative fixes the following issues: * CVE-2024-29025: Fixed out of memory due to large number of form fields (bsc#1222045). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-1079=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-1079=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-1079=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * netty-4.1.108-150200.4.23.1 * netty-tcnative-2.0.65-150200.3.19.1 * openSUSE Leap 15.6 (noarch) * netty-poms-4.1.108-150200.4.23.1 * netty-javadoc-4.1.108-150200.4.23.1 * netty-tcnative-javadoc-2.0.65-150200.3.19.1 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.65-150200.3.19.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64) * netty-4.1.108-150200.4.23.1 * SUSE Package Hub 15 15-SP6 (noarch) * netty-poms-4.1.108-150200.4.23.1 * netty-javadoc-4.1.108-150200.4.23.1 ## References: * https://www.suse.com/security/cve/CVE-2024-29025.html * https://bugzilla.suse.com/show_bug.cgi?id=1222045 . Important patch for netty and netty-tcnative resolves memory overflow problems on SUSE platforms. Implement these updates immediately!. SUSE Security Update, Netty Advisory, Netty-Tcnative Patch, SUSE Important Update. . Severity: Important. LinuxSecurity.com Team
* bsc#1222045 Cross-References: * CVE-2024-29025 . # Security update for netty3 Announcement ID: SUSE-SU-2024:2313-1 Rating: important References: * bsc#1222045 Cross-References: * CVE-2024-29025 CVSS scores: * CVE-2024-29025 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Development Tools Module 15-SP5 * Development Tools Module 15-SP6 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for netty3 fixes the following issues: * CVE-2024-29025: FixedHttpPostRequestDecoder can out of memory due to large number of form fields (bsc#1222045). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-2313=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-2313=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-2313=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-2313=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-2313=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-2313=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-2313=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-2313=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-2313=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-2313=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-2313=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2313=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-2313=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-2313=1 * SUSE Linux Enterprise Server for SAPApplications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-2313=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-2313=1 ## Package List: * openSUSE Leap 15.5 (noarch) * netty3-3.10.6-150200.3.10.1 * netty3-javadoc-3.10.6-150200.3.10.1 * openSUSE Leap 15.6 (noarch) * netty3-3.10.6-150200.3.10.1 * netty3-javadoc-3.10.6-150200.3.10.1 * Development Tools Module 15-SP5 (noarch) * netty3-3.10.6-150200.3.10.1 * Development Tools Module 15-SP6 (noarch) * netty3-3.10.6-150200.3.10.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * netty3-3.10.6-150200.3.10.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * netty3-3.10.6-150200.3.10.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * netty3-3.10.6-150200.3.10.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * netty3-3.10.6-150200.3.10.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch) * netty3-3.10.6-150200.3.10.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * netty3-3.10.6-150200.3.10.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * netty3-3.10.6-150200.3.10.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch) * netty3-3.10.6-150200.3.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * netty3-3.10.6-150200.3.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * netty3-3.10.6-150200.3.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * netty3-3.10.6-150200.3.10.1 * SUSE Enterprise Storage 7.1 (noarch) * netty3-3.10.6-150200.3.10.1 ## References: * https://www.suse.com/security/cve/CVE-2024-29025.html * https://bugzilla.suse.com/show_bug.cgi?id=1222045 . Dive into the SUSE Netty3 enhancement and critical vulnerability patch related to CVE-2024-29025. It's essential to maintain thesecurity of your system!. SUSE Netty3 Update, Security Advisory, CVE-2024-29025, Software Patch, OpenSUSE Security. . Severity: Important. LinuxSecurity.com Team
Red Hat Integration Camel for Spring Boot 4.0.0 release and security update is now available. Red Hat Product Security has rated this update as having an impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Integration Camel for Spring Boot 4.0.0 release and security update Advisory ID: RHSA-2023:5441-01 Product: Red Hat Integration Advisory URL: https://access.redhat.com/errata/RHSA-2023:5441 Issue date: 2023-10-04 CVE Names: CVE-2022-44729 CVE-2022-44730 CVE-2022-46751 CVE-2023-26048 CVE-2023-26049 CVE-2023-33008 CVE-2023-34462 CVE-2023-40167 ===================================================================== 1. Summary: Red Hat Integration Camel for Spring Boot 4.0.0 release and security update is now available. Red Hat Product Security has rated this update as having an impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Integration Camel for Spring Boot 4.0.0 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. * batik: Server-Side Request Forgery vulnerability (CVE-2022-44729) * batik: Server-Side Request Forgery vulnerability (CVE-2022-44730) * apache-ivy: XML External Entity vulnerability (CVE-2022-46751) * jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048) * jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049) * apache-johnzon: Prevent inefficient internal conversion from BigDecimal at large scale (CVE-2023-33008) * netty: io.netty:netty-handler:SniHandler 16MB allocation (CVE-2023-34462) * jetty-http: jetty: Improper validation of HTTP/1 content-length (CVE-2023-40167) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 2216888 - CVE-2023-34462 netty: SniHandler 16MB allocation leads to OOM 2221135 - CVE-2023-33008 apache-johnzon: Prevent inefficient internal conversion from BigDecimal at large scale 2233112 - CVE-2022-46751 apache-ivy: XML External Entity vulnerability 2233889 - CVE-2022-44729 batik: Server-Side Request Forgery vulnerability 2233899 - CVE-2022-44730 batik: Server-Side Request Forgery vulnerability 2236340 - CVE-2023-26048 jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() 2236341 - CVE-2023-26049 jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies 2239634 - CVE-2023-40167 jetty: Improper validation of HTTP/1 content-length 5. References: https://access.redhat.com/security/cve/CVE-2022-44729 https://access.redhat.com/security/cve/CVE-2022-44730 https://access.redhat.com/security/cve/CVE-2022-46751 https://access.redhat.com/security/cve/CVE-2023-26048 https://access.redhat.com/security/cve/CVE-2023-26049 https://access.redhat.com/security/cve/CVE-2023-33008 https://access.redhat.com/security/cve/CVE-2023-34462 https://access.redhat.com/security/cve/CVE-2023-40167 https://access.redhat.com/security/updates/classification#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2023-Q4 6. Contact: The Red Hatsecurity contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJlHYSlAAoJENzjgjWX9erEY5sP/2dMIE7R17o8VqlZdqqId2PD m7WiE/9WiEgtKr7540nykn3dMB8wt5IrAan7UhCQ60S2Q+xtlXKRsTxKWxmOtp/F cyOUufeXQsnl0hF68sBrTKgUKYzmOnsUSQXOnF8Hq9jgRPcDhq288F3T60cJZk3o mkibHlqe+1Gbr7rzeDtmdCiqDhlWSoTRgy9Q1xGVubica8sXhelc430Fm11pLms1 CzY6VXxD6t1WRnJ7k//pPVguqGsZytLBPlLclsFXa9CG4fNaN/m2jCncLEuaOZxN K5Ap6IGTqUow2dzY4N4k0v6V24srZtSFt+dFknwrjSaUeEl0p8H6wl11UJrW3DL5 1IizSST8NXrd783a1pqNTKD5iwgJ/94jpm673kzDxDZCoueFbc1ER/YOtQg5bCAd nzdormAVtnOBIzwVUi4l0l5bk0BMtfD0E8xHZeN502DJfAABZH27D3r7LnOgyXkj MjoMmMRtAl4xKeH3GlM1fyIYu3jHSsrId9ykTEZwvlegtFIKSTUF0/Znz7pSfO/w eMIvqinTX/rZ6Wjy4ENntMFvpFDkTastJLrsKmeSm+/mV44l9v76m/Oylsro/ui2 b9IuKcyJW2WGEosT++VUpgMrdJ8BWhBfirGpa1rh4fRQDh4NlB7VjiXwccHbEH2A lVwPfcWEn2MqKPtlx/vU =0Oie -----END PGP SIGNATURE----- -- RHSA-announce mailing list
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for gimp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2619-1 Rating: moderate References: #1199653 Cross-References: CVE-2022-30067 CVSS scores: CVE-2022-30067 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-30067 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gimp fixes the following issues: - CVE_2022-30067: Fixed an out of memory when reading. (bsc#1199653) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2619=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-2619=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-2619=1 Package List: - openSUSE Leap15.4 (aarch64 ppc64le s390x x86_64): gimp-2.10.30-150400.3.3.1 gimp-debuginfo-2.10.30-150400.3.3.1 gimp-debugsource-2.10.30-150400.3.3.1 gimp-devel-2.10.30-150400.3.3.1 gimp-devel-debuginfo-2.10.30-150400.3.3.1 gimp-plugin-aa-2.10.30-150400.3.3.1 gimp-plugin-aa-debuginfo-2.10.30-150400.3.3.1 libgimp-2_0-0-2.10.30-150400.3.3.1 libgimp-2_0-0-debuginfo-2.10.30-150400.3.3.1 libgimpui-2_0-0-2.10.30-150400.3.3.1 libgimpui-2_0-0-debuginfo-2.10.30-150400.3.3.1 - openSUSE Leap 15.4 (x86_64): libgimp-2_0-0-32bit-2.10.30-150400.3.3.1 libgimp-2_0-0-32bit-debuginfo-2.10.30-150400.3.3.1 libgimpui-2_0-0-32bit-2.10.30-150400.3.3.1 libgimpui-2_0-0-32bit-debuginfo-2.10.30-150400.3.3.1 - openSUSE Leap 15.4 (noarch): gimp-lang-2.10.30-150400.3.3.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): gimp-2.10.30-150400.3.3.1 gimp-debuginfo-2.10.30-150400.3.3.1 gimp-debugsource-2.10.30-150400.3.3.1 gimp-devel-2.10.30-150400.3.3.1 gimp-devel-debuginfo-2.10.30-150400.3.3.1 libgimp-2_0-0-2.10.30-150400.3.3.1 libgimp-2_0-0-debuginfo-2.10.30-150400.3.3.1 libgimpui-2_0-0-2.10.30-150400.3.3.1 libgimpui-2_0-0-debuginfo-2.10.30-150400.3.3.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (noarch): gimp-lang-2.10.30-150400.3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): gimp-debuginfo-2.10.30-150400.3.3.1 gimp-debugsource-2.10.30-150400.3.3.1 libgimp-2_0-0-2.10.30-150400.3.3.1 libgimp-2_0-0-debuginfo-2.10.30-150400.3.3.1 libgimpui-2_0-0-2.10.30-150400.3.3.1 libgimpui-2_0-0-debuginfo-2.10.30-150400.3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64): gimp-2.10.30-150400.3.3.1 gimp-devel-2.10.30-150400.3.3.1 gimp-devel-debuginfo-2.10.30-150400.3.3.1 gimp-plugin-aa-2.10.30-150400.3.3.1 gimp-plugin-aa-debuginfo-2.10.30-150400.3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): gimp-lang-2.10.30-150400.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-30067.html https://bugzilla.suse.com/1199653 . A recent GIMP release rectifies a significant security concern in the SUSE operating system. Detailed setup guidelines are provided.. gimp Fix, SUSE Security Update, Software Patching. . LinuxSecurity.com Team
An update that fixes 5 vulnerabilities is now available. . openSUSE Security Update: Security update for openexr ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:0670-1 Rating: important References: #1184353 #1184354 #1184355 #1185216 #1185217 Cross-References: CVE-2021-20296 CVE-2021-23215 CVE-2021-26260 CVE-2021-3477 CVE-2021-3479 CVSS scores: CVE-2021-20296 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-20296 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-23215 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-26260 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-3477 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-3477 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-3479 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-3479 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for openexr fixes the following issues: - CVE-2021-23215: Fixed an integer-overflow in Imf_2_5:DwaCompressor:initializeBuffers (bsc#1185216). - CVE-2021-26260: Fixed an Integer-overflow in Imf_2_5:DwaCompressor:initializeBuffers (bsc#1185217). - CVE-2021-20296: Fixed a Null Pointer dereference in Imf_2_5:hufUncompress (bsc#1184355). - CVE-2021-3477: Fixed a Heap-buffer-overflow in Imf_2_5::DeepTiledInputFile::readPixelSampleCounts (bsc#1184353). - CVE-2021-3479: Fixed an Out-of-memory caused by allocation of a very large buffer (bsc#1184354). Thisupdate was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-670=1 Package List: - openSUSE Leap 15.2 (i586 x86_64): libIlmImf-2_2-23-2.2.1-lp152.7.14.1 libIlmImf-2_2-23-debuginfo-2.2.1-lp152.7.14.1 libIlmImfUtil-2_2-23-2.2.1-lp152.7.14.1 libIlmImfUtil-2_2-23-debuginfo-2.2.1-lp152.7.14.1 openexr-2.2.1-lp152.7.14.1 openexr-debuginfo-2.2.1-lp152.7.14.1 openexr-debugsource-2.2.1-lp152.7.14.1 openexr-devel-2.2.1-lp152.7.14.1 openexr-doc-2.2.1-lp152.7.14.1 - openSUSE Leap 15.2 (x86_64): libIlmImf-2_2-23-32bit-2.2.1-lp152.7.14.1 libIlmImf-2_2-23-32bit-debuginfo-2.2.1-lp152.7.14.1 libIlmImfUtil-2_2-23-32bit-2.2.1-lp152.7.14.1 libIlmImfUtil-2_2-23-32bit-debuginfo-2.2.1-lp152.7.14.1 References: https://www.suse.com/security/cve/CVE-2021-20296.html https://www.suse.com/security/cve/CVE-2021-23215.html https://www.suse.com/security/cve/CVE-2021-26260.html https://www.suse.com/security/cve/CVE-2021-3477.html https://www.suse.com/security/cve/CVE-2021-3479.html https://bugzilla.suse.com/1184353 https://bugzilla.suse.com/1184354 https://bugzilla.suse.com/1184355 https://bugzilla.suse.com/1185216 https://bugzilla.suse.com/1185217 . A critical Fedora patch fixes 7 vulnerabilities in gimp, improving overall security resilience.. openSUSE Security Update, OpenEXR Patches, Integer Overflow Fix. . Severity: Important. LinuxSecurity.com Team
Multiple security issues were discovered in activemq, a message broker built around Java Message Service. CVE-2017-15709 . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2583-1
Several security issues were fixed in Tomcat.. =========================================================================Ubuntu Security Notice USN-4596-1 October 21, 2020 tomcat9 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: Several security issues were fixed in Tomcat. Software Description: - tomcat9: Apache Tomcat 9 - Servlet and JSP engine Details: It was discovered that Tomcat did not properly manage HTTP/2 streams. An attacker could possibly use this to cause Tomcat to consume resources, resulting in a denial of service. (CVE-2020-11996) It was discovered that Tomcat did not properly release the HTTP/1.1 processor after the upgrade to HTTP/2. An attacker could possibly use this to generate an OutOfMemoryException, resulting in a denial of service. (CVE-2020-13934) It was discovered that Tomcat did not properly validate the payload length in a WebSocket frame. An attacker could possibly use this to trigger an infinite loop, resulting in a denial of service. (CVE-2020-13935) It was discovered that Tomcat did not properly deserialize untrusted data. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-9484) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: libtomcat9-embed-java 9.0.31-1ubuntu0.1 libtomcat9-java 9.0.31-1ubuntu0.1 tomcat9 9.0.31-1ubuntu0.1 tomcat9-common 9.0.31-1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4596-1 CVE-2020-11996, CVE-2020-13934, CVE-2020-13935, CVE-2020-9484 Package Information: https://launchpad.net/ubuntu/+source/tomcat9/9.0.31-1ubuntu0.1 . Several security flaws in Tomcat highlighted inUbuntu security advisory USN-4596-1, affecting operational stability.. Ubuntu Tomcat Vulnerabilities, Apache Tomcat Security, Ubuntu Security Notice. . LinuxSecurity.com Team
**PHP version 7.3.11** (24 Oct 2019) **Core:** * Fixed bug php#78535 (auto_detect_line_endings value not parsed as bool). (bugreportuser) * Fixed bug php#78620 (Out of memory error). (cmb, Nikita) **Exif :** * Fixed bug php#78442 ('Illegal component' on exif_read_data since PHP7) (Kalle) **FPM:** * Fixed bug php#78599 (env_path_info underflow in fpm_main.c can lead to RCE).. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-7bb07c3b02 2019-11-03 00:10:34.337843 --------------------------------------------------------------------------------Name : php Product : Fedora 30 Version : 7.3.11 Release : 1.fc30 URL : https://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. --------------------------------------------------------------------------------Update Information: **PHP version 7.3.11** (24 Oct 2019) **Core:** * Fixed bug php#78535 (auto_detect_line_endings value not parsed as bool). (bugreportuser) * Fixed bug php#78620 (Out of memory error). (cmb, Nikita) **Exif :** * Fixed bug php#78442 ('Illegal component' on exif_read_data since PHP7) (Kalle) **FPM:** * Fixed bug php#78599 (env_path_info underflow in fpm_main.c can lead to RCE). (**CVE-2019-11043**) (Jakub Zelenka) * Fixed bug php#78413 (request_terminate_timeout does not take effect after fastcgi_finish_request). (Sergei Turchanov) **MBString:** * Fixed bugphp#78579 (mb_decode_numericentity: args number inconsistency). (cmb) * Fixed bug php#78609 (mb_check_encoding() no longer supports stringable objects). (cmb) **MySQLi:** * Fixed bug php#76809 (SSL settings aren't respected when persistent connections are used). (fabiomsouto) **Mysqlnd:** * Fixed bug php#78525 (Memory leak in pdo when reusing native prepared statements). (Nikita) **PCRE:** * Fixed bug php#78272 (calling preg_match() before pcntl_fork() will freeze child process). (Nikita) **PDO_MySQL:** * Fixed bug php#78623 (Regression caused by "SP call yields additional empty result set"). (cmb) **Session:** * Fixed bug php#78624 (session_gc return value for user defined session handlers). (bshaffer) **Standard:** * Fixed bug php#76342 (file_get_contents waits twice specified timeout). (Thomas Calvet) * Fixed bug php#78612 (strtr leaks memory when integer keys are used and the subject string shorter). (Nikita) * Fixed bug php#76859 (stream_get_line skips data if used with data-generating filter). (kkopachev) **Zip:** * Fixed bug php#78641 (addGlob can modify given remove_path value). (cmb) --------------------------------------------------------------------------------ChangeLog: * Tue Oct 22 2019 Remi Collet - 7.3.11-1 - Update to 7.3.11 - https://www.php.net/releases/7_3_11.php * Tue Sep 24 2019 Remi Collet - 7.3.10-1 - Update to 7.3.10 - https://www.php.net/releases/7_3_10.php * Wed Aug 28 2019 Remi Collet - 7.3.9-1 - Update to 7.3.9 - https://www.php.net/releases/7_3_9.php * Tue Jul 30 2019 Remi Collet - 7.3.8-1 - Update to 7.3.8 - https://www.php.net/releases/7_3_8.php * Wed Jul 3 2019 Remi Collet - 7.3.7-2 - Update to 7.3.7 - https://www.php.net/releases/7_3_7.php * Tue May 28 2019 Remi Collet - 7.3.6-1 - Update to 7.3.6 - https://www.php.net/releases/7_3_6.php * Wed May 1 2019 Remi Collet - 7.3.5-1 - Update to 7.3.5 -https://www.php.net/releases/7_3_5.php --------------------------------------------------------------------------------References: [ 1 ] Bug #1766378 - CVE-2019-11043 php: underflow in env_path_info in fpm_main.c https://bugzilla.redhat.com/show_bug.cgi?id=1766378 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-7bb07c3b02' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Get the latest Linux and open source security news straight to your inbox.