Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 11 articles for you...
203
security advisoryghostscriptpassword exposureMageia: 2025-0170 critical: ghostscript cleartext issue
gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext. (CVE-2025-48708) References: . MGASA-2025-0170 - Updated ghostscript packages fix security vulnerabilities Publication date: 28 May 2025 URL: https://advisories.mageia.org/MGASA-2025-0170.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-48708 gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext. (CVE-2025-48708) References: - https://bugs.mageia.org/show_bug.cgi?id=34307 - https://www.openwall.com/lists/oss-security/2025/05/23/2 - https://www.cve.org/CVERecord?id=CVE-2025-48708 SRPMS: - 9/core/ghostscript-10.05.1-1.mga9 . Revised ghostscript packages fix security flaws in PDFs that could compromise passwords, impacting Mageia 9 users.. Ghostscript Security, PDF Password Exposure, Mageia Update. . Severity: Critical. LinuxSecurity.com Team
May 28, 2025
•Critical
Mageia
100
security advisoryimportantthreat mitigationSUSE: 2025:0144-1 important: git credential issues and security updates
* bsc#1235600 * bsc#1235601 Cross-References: * CVE-2024-50349 . # Security update for git Announcement ID: SUSE-SU-2025:0144-1 Release Date: 2025-01-16T13:30:38Z Rating: important References: * bsc#1235600 * bsc#1235601 Cross-References: * CVE-2024-50349 * CVE-2024-52006 CVSS scores: * CVE-2024-50349 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2024-50349 ( NVD ): 2.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-52006 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2024-52006 ( NVD ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE ManagerServer 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for git fixes the following issues: * CVE-2024-50349: Passwords for trusted sites could be sent to untrusted sites (bsc#1235600). * CVE-2024-52006: Carriage Returns via the credential protocol to credential helpers (bsc#1235601). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-144=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2025-144=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-144=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-144=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-144=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-144=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-144=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-144=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-144=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-144=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-144=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-144=1 * SUSE Linux Enterprise Server forSAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-144=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-144=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2025-144=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-144=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-144=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * git-web-2.35.3-150300.10.48.1 * git-email-2.35.3-150300.10.48.1 * git-gui-2.35.3-150300.10.48.1 * gitk-2.35.3-150300.10.48.1 * git-daemon-debuginfo-2.35.3-150300.10.48.1 * git-2.35.3-150300.10.48.1 * perl-Git-2.35.3-150300.10.48.1 * git-credential-libsecret-2.35.3-150300.10.48.1 * git-daemon-2.35.3-150300.10.48.1 * git-credential-libsecret-debuginfo-2.35.3-150300.10.48.1 * git-debuginfo-2.35.3-150300.10.48.1 * git-core-2.35.3-150300.10.48.1 * git-debugsource-2.35.3-150300.10.48.1 * git-svn-2.35.3-150300.10.48.1 * git-credential-gnome-keyring-2.35.3-150300.10.48.1 * git-core-debuginfo-2.35.3-150300.10.48.1 * git-credential-gnome-keyring-debuginfo-2.35.3-150300.10.48.1 * git-arch-2.35.3-150300.10.48.1 * git-p4-2.35.3-150300.10.48.1 * git-cvs-2.35.3-150300.10.48.1 * openSUSE Leap 15.3 (noarch) * git-doc-2.35.3-150300.10.48.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * git-2.35.3-150300.10.48.1 * perl-Git-2.35.3-150300.10.48.1 * git-debugsource-2.35.3-150300.10.48.1 * git-core-2.35.3-150300.10.48.1 * git-debuginfo-2.35.3-150300.10.48.1 * git-core-debuginfo-2.35.3-150300.10.48.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * git-web-2.35.3-150300.10.48.1 * git-email-2.35.3-150300.10.48.1 * git-gui-2.35.3-150300.10.48.1 *git-2.35.3-150300.10.48.1 * perl-Git-2.35.3-150300.10.48.1 * git-daemon-2.35.3-150300.10.48.1 * git-debugsource-2.35.3-150300.10.48.1 * git-core-2.35.3-150300.10.48.1 * git-svn-2.35.3-150300.10.48.1 * git-debuginfo-2.35.3-150300.10.48.1 * git-core-debuginfo-2.35.3-150300.10.48.1 * git-cvs-2.35.3-150300.10.48.1 * git-arch-2.35.3-150300.10.48.1 * gitk-2.35.3-150300.10.48.1 * git-daemon-debuginfo-2.35.3-150300.10.48.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * git-doc-2.35.3-150300.10.48.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * git-web-2.35.3-150300.10.48.1 * git-email-2.35.3-150300.10.48.1 * git-gui-2.35.3-150300.10.48.1 * git-2.35.3-150300.10.48.1 * perl-Git-2.35.3-150300.10.48.1 * git-daemon-2.35.3-150300.10.48.1 * git-debugsource-2.35.3-150300.10.48.1 * git-core-2.35.3-150300.10.48.1 * git-svn-2.35.3-150300.10.48.1 * git-debuginfo-2.35.3-150300.10.48.1 * git-core-debuginfo-2.35.3-150300.10.48.1 * git-cvs-2.35.3-150300.10.48.1 * git-arch-2.35.3-150300.10.48.1 * gitk-2.35.3-150300.10.48.1 * git-daemon-debuginfo-2.35.3-150300.10.48.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * git-doc-2.35.3-150300.10.48.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * git-web-2.35.3-150300.10.48.1 * git-email-2.35.3-150300.10.48.1 * git-gui-2.35.3-150300.10.48.1 * git-2.35.3-150300.10.48.1 * perl-Git-2.35.3-150300.10.48.1 * git-daemon-2.35.3-150300.10.48.1 * git-debugsource-2.35.3-150300.10.48.1 * git-core-2.35.3-150300.10.48.1 * git-svn-2.35.3-150300.10.48.1 * git-debuginfo-2.35.3-150300.10.48.1 * git-core-debuginfo-2.35.3-150300.10.48.1 * git-cvs-2.35.3-150300.10.48.1 * git-arch-2.35.3-150300.10.48.1 * gitk-2.35.3-150300.10.48.1 * git-daemon-debuginfo-2.35.3-150300.10.48.1 * SUSE Linux Enterprise HighPerformance Computing LTSS 15 SP4 (noarch) * git-doc-2.35.3-150300.10.48.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * git-web-2.35.3-150300.10.48.1 * git-email-2.35.3-150300.10.48.1 * git-gui-2.35.3-150300.10.48.1 * git-2.35.3-150300.10.48.1 * perl-Git-2.35.3-150300.10.48.1 * git-daemon-2.35.3-150300.10.48.1 * git-debugsource-2.35.3-150300.10.48.1 * git-core-2.35.3-150300.10.48.1 * git-svn-2.35.3-150300.10.48.1 * git-debuginfo-2.35.3-150300.10.48.1 * git-core-debuginfo-2.35.3-150300.10.48.1 * git-cvs-2.35.3-150300.10.48.1 * git-arch-2.35.3-150300.10.48.1 * gitk-2.35.3-150300.10.48.1 * git-daemon-debuginfo-2.35.3-150300.10.48.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * git-doc-2.35.3-150300.10.48.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * git-web-2.35.3-150300.10.48.1 * git-email-2.35.3-150300.10.48.1 * git-gui-2.35.3-150300.10.48.1 * git-2.35.3-150300.10.48.1 * perl-Git-2.35.3-150300.10.48.1 * git-daemon-2.35.3-150300.10.48.1 * git-debugsource-2.35.3-150300.10.48.1 * git-core-2.35.3-150300.10.48.1 * git-svn-2.35.3-150300.10.48.1 * git-debuginfo-2.35.3-150300.10.48.1 * git-core-debuginfo-2.35.3-150300.10.48.1 * git-cvs-2.35.3-150300.10.48.1 * git-arch-2.35.3-150300.10.48.1 * gitk-2.35.3-150300.10.48.1 * git-daemon-debuginfo-2.35.3-150300.10.48.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * git-doc-2.35.3-150300.10.48.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * git-web-2.35.3-150300.10.48.1 * git-email-2.35.3-150300.10.48.1 * git-gui-2.35.3-150300.10.48.1 * git-2.35.3-150300.10.48.1 * perl-Git-2.35.3-150300.10.48.1 * git-daemon-2.35.3-150300.10.48.1 * git-debugsource-2.35.3-150300.10.48.1 * git-core-2.35.3-150300.10.48.1 * git-svn-2.35.3-150300.10.48.1 *git-debuginfo-2.35.3-150300.10.48.1 * git-core-debuginfo-2.35.3-150300.10.48.1 * git-cvs-2.35.3-150300.10.48.1 * git-arch-2.35.3-150300.10.48.1 * gitk-2.35.3-150300.10.48.1 * git-daemon-debuginfo-2.35.3-150300.10.48.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (noarch) * git-doc-2.35.3-150300.10.48.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * git-web-2.35.3-150300.10.48.1 * git-email-2.35.3-150300.10.48.1 * git-gui-2.35.3-150300.10.48.1 * git-2.35.3-150300.10.48.1 * perl-Git-2.35.3-150300.10.48.1 * git-daemon-2.35.3-150300.10.48.1 * git-debugsource-2.35.3-150300.10.48.1 * git-core-2.35.3-150300.10.48.1 * git-svn-2.35.3-150300.10.48.1 * git-debuginfo-2.35.3-150300.10.48.1 * git-core-debuginfo-2.35.3-150300.10.48.1 * git-cvs-2.35.3-150300.10.48.1 * git-arch-2.35.3-150300.10.48.1 * gitk-2.35.3-150300.10.48.1 * git-daemon-debuginfo-2.35.3-150300.10.48.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * git-doc-2.35.3-150300.10.48.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * git-web-2.35.3-150300.10.48.1 * git-email-2.35.3-150300.10.48.1 * git-gui-2.35.3-150300.10.48.1 * git-2.35.3-150300.10.48.1 * perl-Git-2.35.3-150300.10.48.1 * git-daemon-2.35.3-150300.10.48.1 * git-debugsource-2.35.3-150300.10.48.1 * git-core-2.35.3-150300.10.48.1 * git-svn-2.35.3-150300.10.48.1 * git-debuginfo-2.35.3-150300.10.48.1 * git-core-debuginfo-2.35.3-150300.10.48.1 * git-cvs-2.35.3-150300.10.48.1 * git-arch-2.35.3-150300.10.48.1 * gitk-2.35.3-150300.10.48.1 * git-daemon-debuginfo-2.35.3-150300.10.48.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * git-doc-2.35.3-150300.10.48.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * git-web-2.35.3-150300.10.48.1 * git-email-2.35.3-150300.10.48.1 * git-gui-2.35.3-150300.10.48.1 * git-2.35.3-150300.10.48.1 *perl-Git-2.35.3-150300.10.48.1 * git-daemon-2.35.3-150300.10.48.1 * git-debugsource-2.35.3-150300.10.48.1 * git-core-2.35.3-150300.10.48.1 * git-svn-2.35.3-150300.10.48.1 * git-debuginfo-2.35.3-150300.10.48.1 * git-core-debuginfo-2.35.3-150300.10.48.1 * git-cvs-2.35.3-150300.10.48.1 * git-arch-2.35.3-150300.10.48.1 * gitk-2.35.3-150300.10.48.1 * git-daemon-debuginfo-2.35.3-150300.10.48.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * git-doc-2.35.3-150300.10.48.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * git-web-2.35.3-150300.10.48.1 * git-email-2.35.3-150300.10.48.1 * git-gui-2.35.3-150300.10.48.1 * git-2.35.3-150300.10.48.1 * perl-Git-2.35.3-150300.10.48.1 * git-daemon-2.35.3-150300.10.48.1 * git-debugsource-2.35.3-150300.10.48.1 * git-core-2.35.3-150300.10.48.1 * git-svn-2.35.3-150300.10.48.1 * git-debuginfo-2.35.3-150300.10.48.1 * git-core-debuginfo-2.35.3-150300.10.48.1 * git-cvs-2.35.3-150300.10.48.1 * git-arch-2.35.3-150300.10.48.1 * gitk-2.35.3-150300.10.48.1 * git-daemon-debuginfo-2.35.3-150300.10.48.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * git-doc-2.35.3-150300.10.48.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * git-web-2.35.3-150300.10.48.1 * git-email-2.35.3-150300.10.48.1 * git-gui-2.35.3-150300.10.48.1 * git-2.35.3-150300.10.48.1 * perl-Git-2.35.3-150300.10.48.1 * git-daemon-2.35.3-150300.10.48.1 * git-debugsource-2.35.3-150300.10.48.1 * git-core-2.35.3-150300.10.48.1 * git-svn-2.35.3-150300.10.48.1 * git-debuginfo-2.35.3-150300.10.48.1 * git-core-debuginfo-2.35.3-150300.10.48.1 * git-cvs-2.35.3-150300.10.48.1 * git-arch-2.35.3-150300.10.48.1 * gitk-2.35.3-150300.10.48.1 * git-daemon-debuginfo-2.35.3-150300.10.48.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) *git-doc-2.35.3-150300.10.48.1 * SUSE Manager Proxy 4.3 (x86_64) * git-debuginfo-2.35.3-150300.10.48.1 * git-core-2.35.3-150300.10.48.1 * git-core-debuginfo-2.35.3-150300.10.48.1 * git-debugsource-2.35.3-150300.10.48.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * git-debuginfo-2.35.3-150300.10.48.1 * git-core-2.35.3-150300.10.48.1 * git-core-debuginfo-2.35.3-150300.10.48.1 * git-debugsource-2.35.3-150300.10.48.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * git-debuginfo-2.35.3-150300.10.48.1 * git-core-2.35.3-150300.10.48.1 * git-core-debuginfo-2.35.3-150300.10.48.1 * git-debugsource-2.35.3-150300.10.48.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * git-web-2.35.3-150300.10.48.1 * git-email-2.35.3-150300.10.48.1 * git-gui-2.35.3-150300.10.48.1 * git-2.35.3-150300.10.48.1 * perl-Git-2.35.3-150300.10.48.1 * git-daemon-2.35.3-150300.10.48.1 * git-debugsource-2.35.3-150300.10.48.1 * git-core-2.35.3-150300.10.48.1 * git-svn-2.35.3-150300.10.48.1 * git-debuginfo-2.35.3-150300.10.48.1 * git-core-debuginfo-2.35.3-150300.10.48.1 * git-cvs-2.35.3-150300.10.48.1 * git-arch-2.35.3-150300.10.48.1 * gitk-2.35.3-150300.10.48.1 * git-daemon-debuginfo-2.35.3-150300.10.48.1 * SUSE Enterprise Storage 7.1 (noarch) * git-doc-2.35.3-150300.10.48.1 ## References: * https://www.suse.com/security/cve/CVE-2024-50349.html * https://www.suse.com/security/cve/CVE-2024-52006.html * https://bugzilla.suse.com/show_bug.cgi?id=1235600 * https://bugzilla.suse.com/show_bug.cgi?id=1235601 . Essential patch for git on SUSE addresses significant vulnerabilities and authentication concerns across various distributions and versions.. git security update, SUSE important advisory, credential issue git, password handling vulnerability. . Severity: Important. LinuxSecurity.com Team
Jan 16, 2025
•Important
SuSE
197
security advisorycriticaldebianDebian 10 Buster DLA-3809-1 Critical: Libkf5ksieve Password Exposure
A bug in libkf5ksieve, an email filtering library for KDE, exposed the user password in plaintext server logs. For Debian 10 buster, this problem has been fixed in version . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3809-1
May 05, 2024
•Critical
Debian LTS
98
security advisorysecurity issuemoderate impactRed Hat OpenShift 8 AMQ Broker Moderate Advisory RHSA-2023-4720-01
This is the multiarch release of the AMQ Broker 7.11.1 aligned Operator and associated container images on Red Hat Enterprise Linux 8 for the OpenShift Container Platform. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: AMQ Broker 7.11.1.OPR.2.GA Container Images Release Advisory ID: RHSA-2023:4720-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2023:4720 Issue date: 2023-08-23 CVE Names: CVE-2020-24736 CVE-2023-1667 CVE-2023-2283 CVE-2023-2602 CVE-2023-2603 CVE-2023-4065 CVE-2023-4066 CVE-2023-26604 CVE-2023-27536 CVE-2023-28321 CVE-2023-28484 CVE-2023-29469 CVE-2023-32681 CVE-2023-34969 ===================================================================== 1. Summary: This is the multiarch release of the AMQ Broker 7.11.1 aligned Operator and associated container images on Red Hat Enterprise Linux 8 for the OpenShift Container Platform. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Middleware for OpenShift provides images for many of the Red Hat Middleware products for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments. This release of the AMQ Broker 7.11.1 aligned Operator includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Security Fix(es): * amq-broker-operator-container: Red Hat AMQ Broker Operator:plaintext password in operator log (CVE-2023-4065) * activemq-broker-operator: Red Hat AMQ Broker Operator: Passwords defined in secrets shown in StatefulSet yaml (CVE-2023-4066) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. For information on supported configurations, see Red Hat AMQ Broker 7 Supported Configurations at https://access.redhat.com/articles/2791941 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2224630 - CVE-2023-4065 Red Hat AMQ Broker Operator: plaintext password in operator log 2224677 - CVE-2023-4066 Red Hat AMQ Broker Operator: Passwords defined in secrets shown in StatefulSet yaml 5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): ENTMQBR-7804 - Move json dumps for Openshift objects into Debug from INFO loglevel 6. References: https://access.redhat.com/security/cve/CVE-2020-24736 https://access.redhat.com/security/cve/CVE-2023-1667 https://access.redhat.com/security/cve/CVE-2023-2283 https://access.redhat.com/security/cve/CVE-2023-2602 https://access.redhat.com/security/cve/CVE-2023-2603 https://access.redhat.com/security/cve/CVE-2023-4065 https://access.redhat.com/security/cve/CVE-2023-4066 https://access.redhat.com/security/cve/CVE-2023-26604 https://access.redhat.com/security/cve/CVE-2023-27536 https://access.redhat.com/security/cve/CVE-2023-28321 https://access.redhat.com/security/cve/CVE-2023-28484 https://access.redhat.com/security/cve/CVE-2023-29469 https://access.redhat.com/security/cve/CVE-2023-32681 https://access.redhat.com/security/cve/CVE-2023-34969 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_amq_broker/7.14 7. Contact: The Red Hat securitycontact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJk5nCIAAoJENzjgjWX9erEpDoP/3aD3YllQ8QZQtrzg0PUfOql ElVQW456eRzOAuD44axM2ShM2WbkXOxl9z3HcxqpO9iyOvAFTXBnWib6Rjc/OVuZ 5cj/v0AaZ0xJbHzKELpLZqHAMh24B4cVd0PZ41QM9i4bTomSihX+W035U/gnnJuT CjQvaNY1MoZVUK7J5eIhCurSQtH7jLYi7VXCtkViaTifu0fw63NKKvm3hwm7mmSG ADWCoyZFl+6VsPmjbFfOCLEjs3/yjsPctFfmAFTEwKZTHZONLzIQCLA0BR3czwU7 9fGD+UNzJ4nobelP7Tjd3IIv+G2WM+u97Da0vS7/3DBSeETYABcpM74ftyoOG1pg B+wcMxzAid0iWrIbiFZkxg5xatjTs8I3hw3n1/n4hgTbz7vauy5cLJ4963RBAQEh VQW2A+xh0XUOY9kY/6kHPjx5b6CqfhS9JG2fxRCFPuJGl0uNEzGEztc1yCjt0Yw8 eeLhI6XCkwzcPLiHMpx/7uMMzlk2Kh74DHg4x1h3pYreUbf7ppjY2YoSWuGJlddu 5ehMmtfV+8310htygdIfnt3HyP+nBqir9ptwXf4L5afeNdkIzZCLuy0A6/AaKOUJ 8rfRSmBc+JTessL5+BOMCccQFdf7HDCD4CckGaKjDRWAXUzzpEtXV9/0wryh7mmf 7TDWMk48Klzq3qHxZN7A =eJ9v -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 23, 2023
Red Hat
98
security advisoryRed Hatsecurity impactRedHat: RHSA-2022-1618-01 Important: Convert2RHEL Password Exposure
A security update for convert2rhel is now available for unsupported conversions of CentOS Linux 6 and Oracle Linux 6 to Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: convert2rhel security update Advisory ID: RHSA-2022:1618-01 Product: Convert2RHEL Advisory URL: https://access.redhat.com/errata/RHSA-2022:1618 Issue date: 2022-04-27 CVE Names: CVE-2022-0852 ==================================================================== 1. Summary: A security update for convert2rhel is now available for unsupported conversions of CentOS Linux 6 and Oracle Linux 6 to Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Convert2RHEL for RHEL-6 - noarch 3. Description: The convert2rhel package provides the Convert2RHEL utility, which performs operating system conversion. During the conversion process, Convert2RHEL replaces all RPM packages from the original Linux distribution with their Red Hat Enterprise Linux version. Security fix: * convert2rhel: Red Hat account password passed via command line by code (CVE-2022-0852) Enhancement: * Enable the conversion of untested 8.6 to 8.10 on release day For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed(https://bugzilla.redhat.com/): 2060129 - CVE-2022-0852 convert2rhel: Red Hat account password passed via command line by code 6. Package List: Convert2RHEL for RHEL-6: Source: convert2rhel-0.25-4.el6.src.rpm noarch: convert2rhel-0.25-4.el6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-0852 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/2360841 https://access.redhat.com/support/policy/convert2rhel-support 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYmkYZNzjgjWX9erEAQhUCw/+JOfVj5t8dBwkbFFl13eYTKxaffs5S31O lIDX+qobhvZpAf10N+L4+C4kkbz3g3i2D5PKel8raQzbwlo4taiGHHEQ/EabOkjn pStKFIaXaS7ahJcLPOjE1jA0A3JDhFhBrh+UNmDfGeawDf1NtO9IugqrlbdGDPCh EAIQyB7aXgobDiBnULMrfIucQubX5lEv2Zk5Qa1wFsvrFmnc2cmh3lQ1KTzEm1TB 0rUYdsOdgePxrLikS/qccXSUrBVbb2+0vt4rq6ZtXQjwRk/btfRAbvzGeIgMiOgx ii2sJPZ/Wfm6Uw+TXfWLxByCAD17SQij3lU1JVAN13AdaOUvaihbgzkjbOBX8KrI RsehNv23Nde6ixRCVC3smCnCQMkfwF4Va8PCx83PUz5ggJXNV7gElOMGH8P8BKCI GWLdQYZi1HrLvzPpuRyL5HbrIy5eEbeV9IhW3oAKcp/+rtkkjvA3GARrYJIYPZY5 iNYihDMXJLuQIizidt78q+QplZcfA5hBF+zbKV0zhE40svvG69fRZUJ6l0kczHBu /gQsEKWtDo+/pS74uDKn5LV9VZ/CVI4pWAul2/mNldA8emen6sTk55QlW6/12KyL rsmdOBJlyJFamwEDz/2buhBGNGhss5tzVC0cQ9pKPMfHC7mGeuXATark6MvEnRCS ruplhcS704c=kqai -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 27, 2022
•Important
Red Hat
203
security advisorylog managementpassword exposureMageia 7 And 8 MGASA-2021-0342 Critical: Freeradius Password Exposure
Moved logrotate options into specific parts for each log as "global" options will persist past and clobber global options in the main logrotate config (bsc#1180525). Fixed plaintext password entries in logfiles (bsc#1184016). . MGASA-2021-0342 - Updated freeradius packages fix security vulnerabilities Publication date: 12 Jul 2021 URL: https://advisories.mageia.org/MGASA-2021-0342.html Type: security Affected Mageia releases: 7, 8 Moved logrotate options into specific parts for each log as "global" options will persist past and clobber global options in the main logrotate config (bsc#1180525). Fixed plaintext password entries in logfiles (bsc#1184016). The freeradius package has been updated to version 3.0.22, fixing these issues and other bugs. See the upstream release announcements for details. References: - https://bugs.mageia.org/show_bug.cgi?id=29059 - https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_21 - https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_22 - - SRPMS: - 8/core/freeradius-3.0.22-1.mga8 - 7/core/freeradius-3.0.22-1.mga7 . The latest freeradius update for Mageia resolves critical vulnerabilities, notably mitigating risks associated with direct password visibility and enhancing log handling practices.. Freeradius Security Update,Mageia Security Advisory,Log Management Fixes. . Severity: Critical. LinuxSecurity.com Team
Jul 12, 2021
•Critical
Mageia
203
security advisorysoftware updatemoderate severityMageia 7: MGASA-2021-0325 Moderate: Libosinfo Password Exposure
Updated libosinfo packages fix security vulnerability: A flaw was found in libosinfo, version 1.5.0, where the script for automated guest installations, 'osinfo-install-script', accepts user and admin passwords via command line arguments. This could allow guest . MGASA-2021-0325 - Updated libosinfo packages fix security vulnerability Publication date: 10 Jul 2021 URL: https://advisories.mageia.org/MGASA-2021-0325.html Type: security Affected Mageia releases: 7 CVE: CVE-2019-13313 Updated libosinfo packages fix security vulnerability: A flaw was found in libosinfo, version 1.5.0, where the script for automated guest installations, 'osinfo-install-script', accepts user and admin passwords via command line arguments. This could allow guest passwords to leak to other system users via a process listing (CVE-2019-13313). The libosinfo package has been updated to version 1.8.0, fixing this issue and other bugs. References: - https://bugs.mageia.org/show_bug.cgi?id=25112 - https://access.redhat.com/errata/RHSA-2019:3387 - https://access.redhat.com/errata/RHBA-2020:4758 - https://www.cve.org/CVERecord?id=CVE-2019-13313 SRPMS: - 7/core/libosinfo-1.8.0-1.mga7 . Revised libosinfo updates tackle critical security vulnerabilities to safeguard confidential credential information from illicit exposure.. libosinfo security update, Mageia libosinfo, command line vulnerability, security patch. . LinuxSecurity.com Team
Jul 10, 2021
Mageia
203
security advisorycritical issuesecurity fixMageia: 2021-0316 Critical: Gnome-Shell Password Exposure Issue
An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the . MGASA-2021-0316 - Updated gnome-shell package fixes a security vulnerability Publication date: 08 Jul 2021 URL: https://advisories.mageia.org/MGASA-2021-0316.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-17489 An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.) (CVE-2020-17489). References: - https://bugs.mageia.org/show_bug.cgi?id=27303 - https://lists.debian.org/debian-lts-announce/2020/09/msg00014.html - https://www.cve.org/CVERecord?id=CVE-2020-17489 SRPMS: - 7/core/gnome-shell-3.32.1-2.2.mga7 . The latest GNOME Shell patch resolves serious vulnerabilities related to password exposure when logging out in Mageia 7.. GNOME Shell, Mageia Security, Password Exposure, Security Fixes, Logout Issues. . Severity: Critical. LinuxSecurity.com Team
Jul 08, 2021
•Critical
Mageia
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!