Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
100
security advisorySuSEimportantSUSE: Linux Kernel Important Security Update CVE-2025-38079 2025:02875-1
* bsc#1245218 * bsc#1245350 * bsc#1247350 * bsc#1247351 . # Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP6) Announcement ID: SUSE-SU-2025:02875-1 Release Date: 2025-08-19T06:04:44Z Rating: important References: * bsc#1245218 * bsc#1245350 * bsc#1247350 * bsc#1247351 Cross-References: * CVE-2025-38079 * CVE-2025-38083 * CVE-2025-38494 * CVE-2025-38495 CVSS scores: * CVE-2025-38079 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38079 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38083 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38494 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38494 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38495 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38495 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 6.4.0-150600_23_25 fixes several issues. The following security issues were fixed: * CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350). * CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351). * CVE-2025-38079: crypto: algif_hash - fixdouble free in hash_accept (bsc#1245218). * CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2025-2866=1 SUSE-SLE- Module-Live-Patching-15-SP6-2025-2867=1 SUSE-SLE-Module-Live- Patching-15-SP6-2025-2865=1 SUSE-SLE-Module-Live-Patching-15-SP6-2025-2868=1 SUSE-SLE-Module-Live-Patching-15-SP6-2025-2869=1 SUSE-SLE-Module-Live- Patching-15-SP6-2025-2877=1 SUSE-SLE-Module-Live-Patching-15-SP6-2025-2872=1 SUSE-SLE-Module-Live-Patching-15-SP6-2025-2885=1 SUSE-SLE-Module-Live- Patching-15-SP6-2025-2864=1 SUSE-SLE-Module-Live-Patching-15-SP6-2025-2862=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-2885=1 SUSE-2025-2877=1 SUSE-2025-2872=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2025-2875=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-2875=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP6 (x86_64) * kernel-livepatch-6_4_0-150600_10_11-rt-debuginfo-15-150600.2.1 * kernel-livepatch-6_4_0-150600_10_17-rt-debuginfo-13-150600.2.1 * kernel-livepatch-6_4_0-150600_10_8-rt-debuginfo-15-150600.2.1 * kernel-livepatch-6_4_0-150600_10_23-rt-debuginfo-10-150600.2.1 * kernel-livepatch-6_4_0-150600_10_29-rt-debuginfo-5-150600.2.1 * kernel-livepatch-SLE15-SP6-RT_Update_1-debugsource-19-150600.2.1 * kernel-livepatch-6_4_0-150600_10_34-rt-4-150600.2.1 * kernel-livepatch-SLE15-SP6-RT_Update_10-debugsource-4-150600.2.1 * kernel-livepatch-6_4_0-150600_10_11-rt-15-150600.2.1 * kernel-livepatch-SLE15-SP6-RT_Update_2-debugsource-15-150600.2.1 * kernel-livepatch-6_4_0-150600_10_17-rt-13-150600.2.1 *kernel-livepatch-6_4_0-150600_10_34-rt-debuginfo-4-150600.2.1 * kernel-livepatch-6_4_0-150600_10_5-rt-19-150600.2.1 * kernel-livepatch-6_4_0-150600_10_23-rt-10-150600.2.1 * kernel-livepatch-SLE15-SP6-RT_Update_3-debugsource-15-150600.2.1 * kernel-livepatch-SLE15-SP6-RT_Update_5-debugsource-13-150600.2.1 * kernel-livepatch-SLE15-SP6-RT_Update_7-debugsource-10-150600.2.1 * kernel-livepatch-SLE15-SP6-RT_Update_9-debugsource-5-150600.2.1 * kernel-livepatch-6_4_0-150600_10_29-rt-5-150600.2.1 * kernel-livepatch-6_4_0-150600_10_8-rt-15-150600.2.1 * kernel-livepatch-6_4_0-150600_10_5-rt-debuginfo-19-150600.2.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_25-default-debuginfo-14-150600.2.1 * kernel-livepatch-6_4_0-150600_23_14-default-debuginfo-19-150600.2.1 * kernel-livepatch-6_4_0-150600_23_17-default-19-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_3-debugsource-19-150600.2.1 * kernel-livepatch-6_4_0-150600_23_25-default-14-150600.2.1 * kernel-livepatch-6_4_0-150600_23_14-default-19-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_5-debugsource-14-150600.2.1 * kernel-livepatch-6_4_0-150600_23_17-default-debuginfo-19-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_2-debugsource-19-150600.2.1 * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_25-default-debuginfo-14-150600.2.1 * kernel-livepatch-6_4_0-150600_23_14-default-debuginfo-19-150600.2.1 * kernel-livepatch-6_4_0-150600_23_17-default-19-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_3-debugsource-19-150600.2.1 * kernel-livepatch-6_4_0-150600_23_25-default-14-150600.2.1 * kernel-livepatch-6_4_0-150600_23_14-default-19-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_5-debugsource-14-150600.2.1 * kernel-livepatch-6_4_0-150600_23_17-default-debuginfo-19-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_2-debugsource-19-150600.2.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_83-default-debuginfo-13-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_20-debugsource-13-150500.2.1 * kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_83-default-debuginfo-13-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_20-debugsource-13-150500.2.1 * kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38079.html * https://www.suse.com/security/cve/CVE-2025-38083.html * https://www.suse.com/security/cve/CVE-2025-38494.html * https://www.suse.com/security/cve/CVE-2025-38495.html * https://bugzilla.suse.com/show_bug.cgi?id=1245218 * https://bugzilla.suse.com/show_bug.cgi?id=1245350 * https://bugzilla.suse.com/show_bug.cgi?id=1247350 * https://bugzilla.suse.com/show_bug.cgi?id=1247351 . SUSE enhances Linux Kernel tackling vital security vulnerabilities and offering fixes for various CVEs.. Linux Kernel Update,SUSE Security Advisory,Critical Security Fixes,Linux System Patch. . Severity: Important. LinuxSecurity.com Team
Aug 19, 2025
•Important
SuSE
202
security advisorycritical threatimportant updateopenSUSE Leap 15.5 SUSE-SU-2024:0200-1 Critical: Redis7 Permission Bypass
This update for redis7 fixes the following issues: CVE-2023-45145: Fixed a potential permission bypass due to a race condition during UNIX socket creation (bsc#1216376).. # Security update for redis7 Announcement ID: SUSE-SU-2024:0200-1 Rating: important References: * bsc#1212119 * bsc#1216376 Cross-References: * CVE-2023-45145 CVSS scores: * CVE-2023-45145 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45145 ( NVD ): 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N Affected Products: * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for redis7 fixes the following issues: * CVE-2023-45145: Fixed a potential permission bypass due to a race condition during UNIX socket creation (bsc#1216376). The following non-security issues were fixed: * Redis services are no longer disabled after an upgrade (bsc#1212119). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-200=1 openSUSE-SLE-15.5-2024-200=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2024-200=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * redis7-debugsource-7.0.8-150500.3.9.1 * redis7-7.0.8-150500.3.9.1 * redis7-debuginfo-7.0.8-150500.3.9.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * redis7-debugsource-7.0.8-150500.3.9.1 * redis7-7.0.8-150500.3.9.1 * redis7-debuginfo-7.0.8-150500.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45145.html * https://bugzilla.suse.com/show_bug.cgi?id=1212119 * https://bugzilla.suse.com/show_bug.cgi?id=1216376 . An important patch for redis7 has been released, tackling CVE-2023-45145, which resolves a possible vulnerability that could lead to unauthorized access.. Redis7 Security Update, openSUSE Permissions, Important Patch. . Severity: Critical. LinuxSecurity.com Team
Jan 23, 2024
•Critical
OpenSUSE
198
security advisorydenial of servicehigh severityArch Linux: 201810-8 High Severity: Command Execution & DoS Risks
The package patch before version 2.7.6-3 is vulnerable to multiple issues including arbitrary command execution and denial of service. . Arch Linux Security Advisory ASA-201810-8 ======================================== Severity: High Date : 2018-10-09 CVE-ID : CVE-2018-6951 CVE-2018-6952 CVE-2018-1000156 Package : patch Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-619 Summary ====== The package patch before version 2.7.6-3 is vulnerable to multiple issues including arbitrary command execution and denial of service. Resolution ========= Upgrade to 2.7.6-3. # pacman -Syu "patch> =2.7.6-3" The problems have been fixed upstream but no release is available yet. Workaround ========= None. Description ========== - CVE-2018-6951 (denial of service) An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue. - CVE-2018-6952 (denial of service) A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. An attacker could potentially use this flaw to crash the patch utility by tricking it into processing crafted patches. - CVE-2018-1000156 (arbitrary command execution) An arbitrary command execution vulnerability has been found in patch versions prior to 2.7.7 when applying ed-style patches. Due to insufficient sanitization of the input patch stream, it is possible for a patch file to cause patch to pass certain ed scripts to the ed editor, which would run commands. This issue could be exploited to execute arbitrary commands as the user invoking patch against a specially crafted patch file, which could be leveraged to obtain elevated privileges. Impact ===== An attacker can execute arbitrary commands or crash the patch utility via a specially crafted patchfile. References ========= https://bugs.archlinux.org/task/57526 https://cgit.git.savannah.gnu.org/cgit/patch.git/commit/?id=9c986353e420ead6e706262bf204d6e03322c300 https://cgit.git.savannah.gnu.org/cgit/patch.git/commit/?id=123eaff0d5d1aebe128295959435b9ca5909c26d https://security.archlinux.org/CVE-2018-6951 https://security.archlinux.org/CVE-2018-6952 https://security.archlinux.org/CVE-2018-1000156 . Gentoo Linux Security Notice GLSA-201908-15 underscores critical risks from resolved flaws enabling code execution.. Arch Linux Security Advisory, Command Execution Threats, High Severity Issues. . LinuxSecurity.com Team
Oct 10, 2018
ArchLinux
172
security advisorydenial of servicecriticalUbuntu 12.04 ESM USN-3624-2 Critical: Denial Of Service Threat
Several security issues were fixed in Patch.. =========================================================================Ubuntu Security Notice USN-3624-2 April 16, 2018 patch vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 ESM Summary: Several security issues were fixed in Patch. Software Description: - patch: Apply a diff file to an original Details: USN-3624-1 fixed a vulnerability in Patch. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Patch incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. (CVE-2016-10713) It was discovered that Patch incorrectly handled certain input validation. An attacker could possibly use this to execute arbitrary code. (CVE-2018-1000156) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM: patch 2.6.1-3ubuntu0.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-3624-2 https://ubuntu.com/security/notices/USN-3624-1 CVE-2016-10713, CVE-2018-1000156 . Numerous security flaws resolved in Ubuntu 12.04 ESM Update. Necessary to implement changes to mitigate possible risks.. Ubuntu Update, Security Notice, Patch Vulnerabilities. . Severity: Critical. LinuxSecurity.com Team
Apr 16, 2018
•Critical
Ubuntu
91
security advisorydenial of servicegentooGentoo: 201612-12 Normal: Patch Denial of Service Threat
Patch is vulnerable to a locally generated Denial of Service condition.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201612-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Patch: Denial of Service Date: December 05, 2016 Bugs: #538658 ID: 201612-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Patch is vulnerable to a locally generated Denial of Service condition. Background ========= Patch takes a patch file containing a difference listing produced by the diff program and applies those differences to one or more original files, producing patched versions. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-devel/patch < 2.7.4 > = 2.7.4 Description ========== Due to a flaw in Patch, the application can enter an infinite loop when processing a specially crafted diff file. Impact ===== A local attacker could pass a specially crafted diff file to Patch, possibly resulting in a Denial of Service condition. Workaround ========= There is no known workaround at this time. Resolution ========= All patch users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =sys-devel/patch-2.7.4" References ========= Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201612-12 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users'machines is of utmost importance to us. Any security concerns should be addressed to
Dec 05, 2016
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!