Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 5 articles for you...
217
security advisoryremote accessimportant fixOracle Linux 9 ELSA-2024-10244: Important pam Security Fixes
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-10244 http://linux.oracle.com/errata/ELSA-2024-10244.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: pam-1.5.1-22.0.1.el9_5.i686.rpm pam-1.5.1-22.0.1.el9_5.x86_64.rpm pam-devel-1.5.1-22.0.1.el9_5.i686.rpm pam-devel-1.5.1-22.0.1.el9_5.x86_64.rpm pam-docs-1.5.1-22.0.1.el9_5.x86_64.rpm aarch64: pam-1.5.1-22.0.1.el9_5.aarch64.rpm pam-devel-1.5.1-22.0.1.el9_5.aarch64.rpm pam-docs-1.5.1-22.0.1.el9_5.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//pam-1.5.1-22.0.1.el9_5.src.rpm Related CVEs: CVE-2024-10963 Description of changes: [1.5.1-22.0.1] - pam_access: clean up the remote host matching code [Orabug: 36771903] - pam_limits: fix use after free in pam_sm_open_session [Orabug: 36406534] [1.5.1-22] - pam_access: rework resolving of tokens as hostname. Resolves: CVE-2024-10963 and RHEL-66245 [1.5.1-21] - pam_unix: always run the helper to obtain shadow password file entries. CVE-2024-10041. Resolves: RHEL-62880 _______________________________________________ El-errata mailing list
Nov 27, 2024
•Important
Oracle
100
security advisorySUSEDenial Of ServiceSUSE: 2024:254-1 important: bci/golang pam Denial Of Service Threat
The container bci/golang was updated. The following patches have been included in this update:. SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:254-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-11.4 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-11.4 Container Release : 11.4 Severity : important Type : security References : 1211188 1211190 1217000 1218126 1218186 1218209 1218475 CVE-2023-1667 CVE-2023-2283 CVE-2023-48795 CVE-2023-6004 CVE-2023-6918 CVE-2024-22365 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:136-1 Released: Thu Jan 18 09:53:47 2024 Summary: Security update for pam Type: security Severity: moderate References: 1217000,1218475,CVE-2024-22365 This update for pam fixes the following issues: - CVE-2024-22365: Fixed a local denial of service during PAM login due to a missing check during path manipulation (bsc#1218475). - Check localtime_r() return value to fix crashing (bsc#1217000) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:140-1 Released: Thu Jan 18 11:34:58 2024 Summary: Security update for libssh Type: security Severity: important References: 1211188,1211190,1218126,1218186,1218209,CVE-2023-1667,CVE-2023-2283,CVE-2023-48795,CVE-2023-6004,CVE-2023-6918 This update for libssh fixes the following issues: Security fixes: - CVE-2023-6004: Fixed command injection using proxycommand (bsc#1218209) - CVE-2023-48795: Fixed potential downgrade attack using strict kex (bsc#1218126) - CVE-2023-6918: Fixed missing checks for return values of MD functions (bsc#1218186) - CVE-2023-1667: Fixed NULLdereference during rekeying with algorithm guessing (bsc#1211188) - CVE-2023-2283: Fixed possible authorization bypass in pki_verify_data_signature under low-memory conditions (bsc#1211190) Other fixes: - Update to version 0.9.8 - Allow @ in usernames when parsing from URI composes - Update to version 0.9.7 - Fix several memory leaks in GSSAPI handling code The following package changes have been done: - libssh-config-0.9.8-150400.3.3.1 updated - libssh4-0.9.8-150400.3.3.1 updated - pam-1.3.0-150000.6.66.1 updated - container:sles15-image-15.0.0-36.5.74 updated . SUSE Container Refresh for bci/golang brings crucial security patches to tackle denial of service threats effectively.. bci/golang Security, pam Update, libssh Fixes, Container Advisory. . Severity: Important. LinuxSecurity.com Team
Jan 19, 2024
•Important
SuSE
202
security advisorymoderatelocal denial of serviceopenSUSE 15.5 SUSE-SU-2024:0136-1 Moderate: PAM Local DoS
This update for pam fixes the following issues: CVE-2024-22365: Fixed a local denial of service during PAM login due to a missing check during path manipulation (bsc#1218475).. # Security update for pam Announcement ID: SUSE-SU-2024:0136-1 Rating: moderate References: * bsc#1217000 * bsc#1218475 Cross-References: * CVE-2024-22365 CVSS scores: * CVE-2024-22365 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * Development Tools Module 15-SP5 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux EnterpriseServer 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for pam fixes the following issues: * CVE-2024-22365: Fixed a local denial of service during PAM login due to a missing check during path manipulation (bsc#1218475). * Check localtime_r() return value to fix crashing (bsc#1217000) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-136=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-136=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-136=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-136=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-136=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-136=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-136=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patchSUSE-SLE-Product-HPC-15-SP1-LTSS-2024-136=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-136=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2024-136=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-136=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-136=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-136=1 * SUSE Linux Enterprise Real Time 15 SP4 zypper in -t patch SUSE-SLE-Product-RT-15-SP4-2024-136=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-136=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2024-136=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-136=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-136=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-136=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2024-136=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-136=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-136=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-136=1 * SUSE Manager Proxy 4.3 zypper in -t patchSUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-136=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2024-136=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-136=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-136=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-136=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-136=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-136=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2024-136=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2024-136=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-136=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * pam-debugsource-1.3.0-150000.6.66.1 * pam-debuginfo-1.3.0-150000.6.66.1 * pam-1.3.0-150000.6.66.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * pam-debugsource-1.3.0-150000.6.66.1 * pam-debuginfo-1.3.0-150000.6.66.1 * pam-1.3.0-150000.6.66.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * pam-debugsource-1.3.0-150000.6.66.1 * pam-debuginfo-1.3.0-150000.6.66.1 * pam-1.3.0-150000.6.66.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * pam-debugsource-1.3.0-150000.6.66.1 * pam-debuginfo-1.3.0-150000.6.66.1 * pam-1.3.0-150000.6.66.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * pam-debugsource-1.3.0-150000.6.66.1 * pam-debuginfo-1.3.0-150000.6.66.1 *pam-1.3.0-150000.6.66.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * pam-devel-1.3.0-150000.6.66.1 * pam-debugsource-1.3.0-150000.6.66.1 * pam-extra-debuginfo-1.3.0-150000.6.66.1 * pam-extra-1.3.0-150000.6.66.1 * pam-1.3.0-150000.6.66.1 * pam-debuginfo-1.3.0-150000.6.66.1 * Basesystem Module 15-SP5 (noarch) * pam-doc-1.3.0-150000.6.66.1 * Basesystem Module 15-SP5 (x86_64) * pam-extra-32bit-1.3.0-150000.6.66.1 * pam-32bit-debuginfo-1.3.0-150000.6.66.1 * pam-32bit-1.3.0-150000.6.66.1 * pam-extra-32bit-debuginfo-1.3.0-150000.6.66.1 * Development Tools Module 15-SP5 (x86_64) * pam-devel-32bit-1.3.0-150000.6.66.1 * pam-32bit-debuginfo-1.3.0-150000.6.66.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * pam-devel-1.3.0-150000.6.66.1 * pam-debugsource-1.3.0-150000.6.66.1 * pam-extra-debuginfo-1.3.0-150000.6.66.1 * pam-extra-1.3.0-150000.6.66.1 * pam-1.3.0-150000.6.66.1 * pam-debuginfo-1.3.0-150000.6.66.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * pam-doc-1.3.0-150000.6.66.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * pam-devel-32bit-1.3.0-150000.6.66.1 * pam-32bit-debuginfo-1.3.0-150000.6.66.1 * pam-32bit-1.3.0-150000.6.66.1 * pam-extra-32bit-1.3.0-150000.6.66.1 * pam-extra-32bit-debuginfo-1.3.0-150000.6.66.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * pam-devel-1.3.0-150000.6.66.1 * pam-debugsource-1.3.0-150000.6.66.1 * pam-extra-debuginfo-1.3.0-150000.6.66.1 * pam-extra-1.3.0-150000.6.66.1 * pam-1.3.0-150000.6.66.1 * pam-debuginfo-1.3.0-150000.6.66.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * pam-doc-1.3.0-150000.6.66.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * pam-devel-32bit-1.3.0-150000.6.66.1 *pam-32bit-debuginfo-1.3.0-150000.6.66.1 * pam-32bit-1.3.0-150000.6.66.1 * pam-extra-32bit-1.3.0-150000.6.66.1 * pam-extra-32bit-debuginfo-1.3.0-150000.6.66.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * pam-devel-1.3.0-150000.6.66.1 * pam-debugsource-1.3.0-150000.6.66.1 * pam-extra-debuginfo-1.3.0-150000.6.66.1 * pam-extra-1.3.0-150000.6.66.1 * pam-1.3.0-150000.6.66.1 * pam-debuginfo-1.3.0-150000.6.66.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * pam-doc-1.3.0-150000.6.66.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * pam-devel-32bit-1.3.0-150000.6.66.1 * pam-32bit-debuginfo-1.3.0-150000.6.66.1 * pam-32bit-1.3.0-150000.6.66.1 * pam-extra-32bit-1.3.0-150000.6.66.1 * pam-extra-32bit-debuginfo-1.3.0-150000.6.66.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * pam-devel-1.3.0-150000.6.66.1 * pam-debugsource-1.3.0-150000.6.66.1 * pam-extra-debuginfo-1.3.0-150000.6.66.1 * pam-extra-1.3.0-150000.6.66.1 * pam-1.3.0-150000.6.66.1 * pam-debuginfo-1.3.0-150000.6.66.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * pam-doc-1.3.0-150000.6.66.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * pam-devel-32bit-1.3.0-150000.6.66.1 * pam-32bit-debuginfo-1.3.0-150000.6.66.1 * pam-32bit-1.3.0-150000.6.66.1 * pam-extra-32bit-1.3.0-150000.6.66.1 * pam-extra-32bit-debuginfo-1.3.0-150000.6.66.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * pam-devel-1.3.0-150000.6.66.1 * pam-debugsource-1.3.0-150000.6.66.1 * pam-extra-debuginfo-1.3.0-150000.6.66.1 * pam-extra-1.3.0-150000.6.66.1 * pam-1.3.0-150000.6.66.1 * pam-debuginfo-1.3.0-150000.6.66.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * pam-doc-1.3.0-150000.6.66.1 * SUSE LinuxEnterprise High Performance Computing ESPOS 15 SP4 (x86_64) * pam-devel-32bit-1.3.0-150000.6.66.1 * pam-32bit-debuginfo-1.3.0-150000.6.66.1 * pam-32bit-1.3.0-150000.6.66.1 * pam-extra-32bit-1.3.0-150000.6.66.1 * pam-extra-32bit-debuginfo-1.3.0-150000.6.66.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * pam-devel-1.3.0-150000.6.66.1 * pam-debugsource-1.3.0-150000.6.66.1 * pam-extra-debuginfo-1.3.0-150000.6.66.1 * pam-extra-1.3.0-150000.6.66.1 * pam-1.3.0-150000.6.66.1 * pam-debuginfo-1.3.0-150000.6.66.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * pam-doc-1.3.0-150000.6.66.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * pam-devel-32bit-1.3.0-150000.6.66.1 * pam-32bit-debuginfo-1.3.0-150000.6.66.1 * pam-32bit-1.3.0-150000.6.66.1 * pam-extra-32bit-1.3.0-150000.6.66.1 * pam-extra-32bit-debuginfo-1.3.0-150000.6.66.1 * SUSE Linux Enterprise Real Time 15 SP4 (x86_64) * pam-devel-32bit-1.3.0-150000.6.66.1 * pam-32bit-debuginfo-1.3.0-150000.6.66.1 * pam-devel-1.3.0-150000.6.66.1 * pam-debugsource-1.3.0-150000.6.66.1 * pam-extra-debuginfo-1.3.0-150000.6.66.1 * pam-extra-1.3.0-150000.6.66.1 * pam-32bit-1.3.0-150000.6.66.1 * pam-1.3.0-150000.6.66.1 * pam-extra-32bit-1.3.0-150000.6.66.1 * pam-debuginfo-1.3.0-150000.6.66.1 * pam-extra-32bit-debuginfo-1.3.0-150000.6.66.1 * SUSE Linux Enterprise Real Time 15 SP4 (noarch) * pam-doc-1.3.0-150000.6.66.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * pam-devel-32bit-1.3.0-150000.6.66.1 * pam-32bit-debuginfo-1.3.0-150000.6.66.1 * pam-devel-1.3.0-150000.6.66.1 * pam-debugsource-1.3.0-150000.6.66.1 * pam-extra-debuginfo-1.3.0-150000.6.66.1 * pam-extra-1.3.0-150000.6.66.1 * pam-32bit-1.3.0-150000.6.66.1 * pam-1.3.0-150000.6.66.1 * pam-extra-32bit-1.3.0-150000.6.66.1 * pam-debuginfo-1.3.0-150000.6.66.1 *pam-extra-32bit-debuginfo-1.3.0-150000.6.66.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch) * pam-doc-1.3.0-150000.6.66.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * pam-devel-1.3.0-150000.6.66.1 * pam-debugsource-1.3.0-150000.6.66.1 * pam-extra-debuginfo-1.3.0-150000.6.66.1 * pam-extra-1.3.0-150000.6.66.1 * pam-1.3.0-150000.6.66.1 * pam-debuginfo-1.3.0-150000.6.66.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * pam-doc-1.3.0-150000.6.66.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * pam-devel-32bit-1.3.0-150000.6.66.1 * pam-32bit-debuginfo-1.3.0-150000.6.66.1 * pam-32bit-1.3.0-150000.6.66.1 * pam-extra-32bit-1.3.0-150000.6.66.1 * pam-extra-32bit-debuginfo-1.3.0-150000.6.66.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * pam-devel-1.3.0-150000.6.66.1 * pam-debugsource-1.3.0-150000.6.66.1 * pam-extra-debuginfo-1.3.0-150000.6.66.1 * pam-extra-1.3.0-150000.6.66.1 * pam-1.3.0-150000.6.66.1 * pam-debuginfo-1.3.0-150000.6.66.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * pam-doc-1.3.0-150000.6.66.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * pam-devel-32bit-1.3.0-150000.6.66.1 * pam-32bit-debuginfo-1.3.0-150000.6.66.1 * pam-32bit-1.3.0-150000.6.66.1 * pam-extra-32bit-1.3.0-150000.6.66.1 * pam-extra-32bit-debuginfo-1.3.0-150000.6.66.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * pam-devel-1.3.0-150000.6.66.1 * pam-debugsource-1.3.0-150000.6.66.1 * pam-extra-debuginfo-1.3.0-150000.6.66.1 * pam-extra-1.3.0-150000.6.66.1 * pam-1.3.0-150000.6.66.1 * pam-debuginfo-1.3.0-150000.6.66.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * pam-doc-1.3.0-150000.6.66.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * pam-devel-32bit-1.3.0-150000.6.66.1 *pam-32bit-debuginfo-1.3.0-150000.6.66.1 * pam-32bit-1.3.0-150000.6.66.1 * pam-extra-32bit-1.3.0-150000.6.66.1 * pam-extra-32bit-debuginfo-1.3.0-150000.6.66.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) * pam-devel-1.3.0-150000.6.66.1 * pam-debugsource-1.3.0-150000.6.66.1 * pam-extra-debuginfo-1.3.0-150000.6.66.1 * pam-extra-1.3.0-150000.6.66.1 * pam-1.3.0-150000.6.66.1 * pam-debuginfo-1.3.0-150000.6.66.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch) * pam-doc-1.3.0-150000.6.66.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (x86_64) * pam-devel-32bit-1.3.0-150000.6.66.1 * pam-32bit-debuginfo-1.3.0-150000.6.66.1 * pam-32bit-1.3.0-150000.6.66.1 * pam-extra-32bit-1.3.0-150000.6.66.1 * pam-extra-32bit-debuginfo-1.3.0-150000.6.66.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * pam-devel-1.3.0-150000.6.66.1 * pam-debugsource-1.3.0-150000.6.66.1 * pam-extra-debuginfo-1.3.0-150000.6.66.1 * pam-extra-1.3.0-150000.6.66.1 * pam-1.3.0-150000.6.66.1 * pam-debuginfo-1.3.0-150000.6.66.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * pam-doc-1.3.0-150000.6.66.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * pam-devel-32bit-1.3.0-150000.6.66.1 * pam-32bit-debuginfo-1.3.0-150000.6.66.1 * pam-32bit-1.3.0-150000.6.66.1 * pam-extra-32bit-1.3.0-150000.6.66.1 * pam-extra-32bit-debuginfo-1.3.0-150000.6.66.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * pam-devel-1.3.0-150000.6.66.1 * pam-debugsource-1.3.0-150000.6.66.1 * pam-extra-debuginfo-1.3.0-150000.6.66.1 * pam-extra-1.3.0-150000.6.66.1 * pam-1.3.0-150000.6.66.1 * pam-debuginfo-1.3.0-150000.6.66.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * pam-doc-1.3.0-150000.6.66.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * pam-devel-32bit-1.3.0-150000.6.66.1 * pam-32bit-debuginfo-1.3.0-150000.6.66.1 * pam-32bit-1.3.0-150000.6.66.1 * pam-extra-32bit-1.3.0-150000.6.66.1 * pam-extra-32bit-debuginfo-1.3.0-150000.6.66.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * pam-devel-1.3.0-150000.6.66.1 * pam-debugsource-1.3.0-150000.6.66.1 * pam-extra-debuginfo-1.3.0-150000.6.66.1 * pam-extra-1.3.0-150000.6.66.1 * pam-1.3.0-150000.6.66.1 * pam-debuginfo-1.3.0-150000.6.66.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * pam-doc-1.3.0-150000.6.66.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * pam-devel-32bit-1.3.0-150000.6.66.1 * pam-32bit-debuginfo-1.3.0-150000.6.66.1 * pam-32bit-1.3.0-150000.6.66.1 * pam-extra-32bit-1.3.0-150000.6.66.1 * pam-extra-32bit-debuginfo-1.3.0-150000.6.66.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * pam-devel-1.3.0-150000.6.66.1 * pam-debugsource-1.3.0-150000.6.66.1 * pam-extra-debuginfo-1.3.0-150000.6.66.1 * pam-extra-1.3.0-150000.6.66.1 * pam-1.3.0-150000.6.66.1 * pam-debuginfo-1.3.0-150000.6.66.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * pam-doc-1.3.0-150000.6.66.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * pam-devel-32bit-1.3.0-150000.6.66.1 * pam-32bit-debuginfo-1.3.0-150000.6.66.1 * pam-32bit-1.3.0-150000.6.66.1 * pam-extra-32bit-1.3.0-150000.6.66.1 * pam-extra-32bit-debuginfo-1.3.0-150000.6.66.1 * SUSE Manager Proxy 4.3 (x86_64) * pam-32bit-debuginfo-1.3.0-150000.6.66.1 * pam-devel-1.3.0-150000.6.66.1 * pam-debugsource-1.3.0-150000.6.66.1 * pam-extra-debuginfo-1.3.0-150000.6.66.1 * pam-extra-1.3.0-150000.6.66.1 * pam-32bit-1.3.0-150000.6.66.1 * pam-1.3.0-150000.6.66.1 * pam-extra-32bit-1.3.0-150000.6.66.1 * pam-debuginfo-1.3.0-150000.6.66.1 *pam-extra-32bit-debuginfo-1.3.0-150000.6.66.1 * SUSE Manager Proxy 4.3 (noarch) * pam-doc-1.3.0-150000.6.66.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * pam-32bit-debuginfo-1.3.0-150000.6.66.1 * pam-devel-1.3.0-150000.6.66.1 * pam-debugsource-1.3.0-150000.6.66.1 * pam-extra-debuginfo-1.3.0-150000.6.66.1 * pam-extra-1.3.0-150000.6.66.1 * pam-32bit-1.3.0-150000.6.66.1 * pam-1.3.0-150000.6.66.1 * pam-extra-32bit-1.3.0-150000.6.66.1 * pam-debuginfo-1.3.0-150000.6.66.1 * pam-extra-32bit-debuginfo-1.3.0-150000.6.66.1 * SUSE Manager Retail Branch Server 4.3 (noarch) * pam-doc-1.3.0-150000.6.66.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * pam-devel-1.3.0-150000.6.66.1 * pam-debugsource-1.3.0-150000.6.66.1 * pam-extra-debuginfo-1.3.0-150000.6.66.1 * pam-extra-1.3.0-150000.6.66.1 * pam-1.3.0-150000.6.66.1 * pam-debuginfo-1.3.0-150000.6.66.1 * SUSE Manager Server 4.3 (noarch) * pam-doc-1.3.0-150000.6.66.1 * SUSE Manager Server 4.3 (x86_64) * pam-extra-32bit-1.3.0-150000.6.66.1 * pam-32bit-debuginfo-1.3.0-150000.6.66.1 * pam-32bit-1.3.0-150000.6.66.1 * pam-extra-32bit-debuginfo-1.3.0-150000.6.66.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * pam-devel-1.3.0-150000.6.66.1 * pam-debugsource-1.3.0-150000.6.66.1 * pam-extra-debuginfo-1.3.0-150000.6.66.1 * pam-extra-1.3.0-150000.6.66.1 * pam-1.3.0-150000.6.66.1 * pam-debuginfo-1.3.0-150000.6.66.1 * SUSE Enterprise Storage 7.1 (noarch) * pam-doc-1.3.0-150000.6.66.1 * SUSE Enterprise Storage 7.1 (x86_64) * pam-devel-32bit-1.3.0-150000.6.66.1 * pam-32bit-debuginfo-1.3.0-150000.6.66.1 * pam-32bit-1.3.0-150000.6.66.1 * pam-extra-32bit-1.3.0-150000.6.66.1 * pam-extra-32bit-debuginfo-1.3.0-150000.6.66.1 * SUSE CaaS Platform 4.0 (x86_64) * pam-devel-32bit-1.3.0-150000.6.66.1 * pam-32bit-debuginfo-1.3.0-150000.6.66.1 * pam-devel-1.3.0-150000.6.66.1 * pam-debugsource-1.3.0-150000.6.66.1 *pam-extra-debuginfo-1.3.0-150000.6.66.1 * pam-32bit-1.3.0-150000.6.66.1 * pam-extra-1.3.0-150000.6.66.1 * pam-1.3.0-150000.6.66.1 * pam-extra-32bit-1.3.0-150000.6.66.1 * pam-debuginfo-1.3.0-150000.6.66.1 * pam-extra-32bit-debuginfo-1.3.0-150000.6.66.1 * SUSE CaaS Platform 4.0 (noarch) * pam-doc-1.3.0-150000.6.66.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * pam-debugsource-1.3.0-150000.6.66.1 * pam-debuginfo-1.3.0-150000.6.66.1 * pam-1.3.0-150000.6.66.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * pam-debugsource-1.3.0-150000.6.66.1 * pam-debuginfo-1.3.0-150000.6.66.1 * pam-1.3.0-150000.6.66.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * pam-debugsource-1.3.0-150000.6.66.1 * pam-debuginfo-1.3.0-150000.6.66.1 * pam-1.3.0-150000.6.66.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * pam-debugsource-1.3.0-150000.6.66.1 * pam-debuginfo-1.3.0-150000.6.66.1 * pam-1.3.0-150000.6.66.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * pam-debugsource-1.3.0-150000.6.66.1 * pam-debuginfo-1.3.0-150000.6.66.1 * pam-1.3.0-150000.6.66.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * pam-devel-1.3.0-150000.6.66.1 * pam-debugsource-1.3.0-150000.6.66.1 * pam-extra-debuginfo-1.3.0-150000.6.66.1 * pam-extra-1.3.0-150000.6.66.1 * pam-1.3.0-150000.6.66.1 * pam-debuginfo-1.3.0-150000.6.66.1 * openSUSE Leap 15.5 (x86_64) * pam-devel-32bit-1.3.0-150000.6.66.1 * pam-32bit-debuginfo-1.3.0-150000.6.66.1 * pam-32bit-1.3.0-150000.6.66.1 * pam-extra-32bit-1.3.0-150000.6.66.1 * pam-extra-32bit-debuginfo-1.3.0-150000.6.66.1 * openSUSE Leap 15.5 (noarch) * pam-doc-1.3.0-150000.6.66.1 ## References: * https://www.suse.com/security/cve/CVE-2024-22365.html * https://bugzilla.suse.com/show_bug.cgi?id=1217000 * https://bugzilla.suse.com/show_bug.cgi?id=1218475 . Patch released for pam to address local denial of servicevulnerability, enhancing secure authentication on impacted openSUSE versions.. pam Security Update, Local Denial Service, SUSE Advisory. . LinuxSecurity.com Team
Jan 18, 2024
OpenSUSE
100
security advisorycurl issueSUSESUSE: 2022:1014-1 Important: bci/openjdk Security Update for Threats
The container bci/openjdk was updated. The following patches have been included in this update:. SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1014-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-17.19 , bci/openjdk:latest Container Release : 17.19 Severity : important Type : security References : 1197771 1197794 1198614 1198723 1198766 CVE-2022-22576 CVE-2022-27775 CVE-2022-27776 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1657-1 Released: Fri May 13 15:39:07 2022 Summary: Security update for curl Type: security Severity: moderate References: 1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776 This update for curl fixes the following issues: - CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766) - CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723) - CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) The following package changes have been done: -libcurl4-7.66.0-150200.4.30.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - pam-1.3.0-150000.6.58.3 updated - container:sles15-image-15.0.0-17.14.12 updated . Recently upgraded bci/openjdk along with additional packages that include security updates for curl and pam. Review the details now!. SUSE Container,SUSE cloud,bci/openjdk security,Curl Fixes,pam updates. . Severity: Important. LinuxSecurity.com Team
May 15, 2022
•Important
SuSE
100
security advisorysecurity issueSUSESUSE: 2022:1012-1 Important: bci/golang Security Update Details
The container bci/golang was updated. The following patches have been included in this update:. SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1012-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-7.10 , bci/golang:latest Container Release : 7.10 Severity : important Type : security References : 1197771 1197794 1198614 1198723 1198766 CVE-2022-22576 CVE-2022-27775 CVE-2022-27776 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1657-1 Released: Fri May 13 15:39:07 2022 Summary: Security update for curl Type: security Severity: moderate References: 1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776 This update for curl fixes the following issues: - CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766) - CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723) - CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) The following package changes have been done: -libcurl4-7.66.0-150200.4.30.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - pam-1.3.0-150000.6.58.3 updated - container:sles15-image-15.0.0-17.14.12 updated . SUSE Package Update Notification: bci/python details important security fixes addressing vulnerabilities in libxml2 and openssl configurations.. SUSE Container Update,bci golang update,security patches,important updates. . Severity: Important. LinuxSecurity.com Team
May 15, 2022
•Important
SuSE
100
security advisoryimportantSUSESUSE: 2022:1010-1 Important: bci/golang Container Security Update
The container bci/golang was updated. The following patches have been included in this update:. SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1010-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-17.8 Container Release : 17.8 Severity : important Type : security References : 1197771 1197794 1198614 1198723 1198766 CVE-2022-22576 CVE-2022-27775 CVE-2022-27776 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1657-1 Released: Fri May 13 15:39:07 2022 Summary: Security update for curl Type: security Severity: moderate References: 1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776 This update for curl fixes the following issues: - CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766) - CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723) - CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) The following package changes have been done: -libcurl4-7.66.0-150200.4.30.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - pam-1.3.0-150000.6.58.3 updated - container:sles15-image-15.0.0-17.14.12 updated . The SUSE Container Bulletin outlines enhancements for bci/python, which include crucial patches addressing vulnerabilities in openssl and libxml2.. bci golang update, important security patch, SUSE container updates. . Severity: Important. LinuxSecurity.com Team
May 15, 2022
•Important
SuSE
100
security advisoryimportantpam updateSUSE: 2022:1003-1 Important: bci/openjdk-devel Security Update
The container bci/openjdk-devel was updated. The following patches have been included in this update:. SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1003-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-17.37 , bci/openjdk-devel:latest Container Release : 17.37 Severity : important Type : security References : 1197771 1197794 1198068 1198614 1198723 1198766 CVE-2022-22576 CVE-2022-27775 CVE-2022-27776 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1657-1 Released: Fri May 13 15:39:07 2022 Summary: Security update for curl Type: security Severity: moderate References: 1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776 This update for curl fixes the following issues: - CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766) - CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723) - CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues(bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1660-1 Released: Fri May 13 15:42:21 2022 Summary: Recommended update for publicsuffix Type: recommended Severity: low References: 1198068 This update for publicsuffix fixes the following issue: - Update to version 20220405 (bsc#1198068) The following package changes have been done: - libcurl4-7.66.0-150200.4.30.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - pam-1.3.0-150000.6.58.3 updated - publicsuffix-20220405-150000.3.9.1 updated - container:openjdk-11-image-15.3.0-17.19 updated . SUSE enhances the bci/openjdk-devel container with crucial patches featuring updates for curl and PAM. Keep your systems safe!. SUSE, Container Updates, OpenJDK Security, Patch Management. . Severity: Important. LinuxSecurity.com Team
May 14, 2022
•Important
SuSE
100
security advisoryimportantpam updateSUSE: 2022:1001-1 Important: bci/nodejs Security Fix for Curl and Pam
The container bci/nodejs was updated. The following patches have been included in this update:. SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1001-1 Container Tags : bci/node:14 , bci/node:14-19.16 , bci/nodejs:14 , bci/nodejs:14-19.16 Container Release : 19.16 Severity : important Type : security References : 1197771 1197794 1198614 1198723 1198766 CVE-2022-22576 CVE-2022-27775 CVE-2022-27776 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1657-1 Released: Fri May 13 15:39:07 2022 Summary: Security update for curl Type: security Severity: moderate References: 1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776 This update for curl fixes the following issues: - CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766) - CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723) - CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) The following package changes have beendone: - libcurl4-7.66.0-150200.4.30.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - pam-1.3.0-150000.6.58.3 updated - container:sles15-image-15.0.0-17.14.12 updated . Enhancements in the bci/nodejs container incorporate crucial security improvements for wget and ssh, resolving several vulnerabilities.. bci/nodejs security update, container security update, curl issue resolution. . Severity: Important. LinuxSecurity.com Team
May 14, 2022
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!