Explore top 10 tips to secure your open-source projects now. Read More
×
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-2215 http://linux.oracle.com/errata/ELSA-2026-2215.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: libsoup-2.62.3-13.el8_10.i686.rpm libsoup-2.62.3-13.el8_10.x86_64.rpm libsoup-devel-2.62.3-13.el8_10.i686.rpm libsoup-devel-2.62.3-13.el8_10.x86_64.rpm aarch64: libsoup-2.62.3-13.el8_10.aarch64.rpm libsoup-devel-2.62.3-13.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/libsoup-2.62.3-13.el8_10.src.rpm Related CVEs: CVE-2026-0719 CVE-2026-1761 Description of changes: [2.62.3-13] - Backport patch for CVE-2026-1761 [2.62.3-12] - Backport patch for CVE-2026-0719 - Fix NTLM authentication test failures in FIPS mode _______________________________________________ El-errata mailing list
* bsc#1245274 * bsc#1245275 Cross-References: * CVE-2025-32462 . # Security update for sudo Announcement ID: SUSE-SU-2025:20489-1 Release Date: 2025-07-10T12:53:42Z Rating: important References: * bsc#1245274 * bsc#1245275 Cross-References: * CVE-2025-32462 * CVE-2025-32463 CVSS scores: * CVE-2025-32462 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-32462 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-32462 ( NVD ): 2.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N * CVE-2025-32462 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2025-32463 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-32463 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-32463 ( NVD ): 9.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2025-32463 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for sudo fixes the following issues: * CVE-2025-32462: Fix a possible local privilege escalation via the --host option (bsc#1245274) * CVE-2025-32463: Fix a possible local privilege Escalation via chroot option (bsc#1245275) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-378=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * sudo-debugsource-1.9.15p5-2.1 * sudo-1.9.15p5-2.1 * sudo-debuginfo-1.9.15p5-2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-32462.html * https://www.suse.com/security/cve/CVE-2025-32463.html * https://bugzilla.suse.com/show_bug.cgi?id=1245274 *https://bugzilla.suse.com/show_bug.cgi?id=1245275 . Essential SUSE upgrade for sudo tackles local privilege elevation vulnerabilities with two CVE resolutions and suggested updates.. SUSE, sudo, local escalation, security patch, CVE fixes. . Severity: Critical. LinuxSecurity.com Team
An update that solves three vulnerabilities and has one security fix can now be installed.. # Security update for ruby2.5 Announcement ID: SUSE-SU-2025:1369-1 Release Date: 2025-04-24T17:12:13Z Rating: important References: * bsc#1230930 * bsc#1235773 * bsc#1237804 * bsc#1237806 Cross-References: * CVE-2024-47220 * CVE-2025-27219 * CVE-2025-27220 CVSS scores: * CVE-2024-47220 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-47220 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N * CVE-2024-47220 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-27219 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-27219 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-27219 ( NVD ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L * CVE-2025-27219 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-27220 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-27220 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-27220 ( NVD ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L * CVE-2025-27220 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE LinuxEnterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves three vulnerabilities and has one security fix can now be installed. ## Description: This update for ruby2.5 fixes the following issues: * CVE-2025-27219: Fixed denial of service in CGI::Cookie.parse (bsc#1237804) * CVE-2025-27220: Fixed ReDoS in CGI::Util#escapeElement (bsc#1237806) Other fixes: \- Improved fix for CVE-2024-47220 (bsc#1230930, bsc#1235773) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1369=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1369=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1369=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1369=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-1369=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2025-1369=1 * SUSE Manager Server 4.3 zypper in -t patchSUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-1369=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-1369=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-1369=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-1369=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1369=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1369=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1369=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1369=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1369=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1369=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1369=1 ## Package List: * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.41.1 * ruby2.5-stdlib-2.5.9-150000.4.41.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.41.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.41.1 * libruby2_5-2_5-2.5.9-150000.4.41.1 * ruby2.5-debugsource-2.5.9-150000.4.41.1 * ruby2.5-debuginfo-2.5.9-150000.4.41.1 * ruby2.5-devel-2.5.9-150000.4.41.1 * ruby2.5-2.5.9-150000.4.41.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.41.1 * ruby2.5-stdlib-2.5.9-150000.4.41.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.41.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.41.1 * libruby2_5-2_5-2.5.9-150000.4.41.1 *ruby2.5-debugsource-2.5.9-150000.4.41.1 * ruby2.5-debuginfo-2.5.9-150000.4.41.1 * ruby2.5-devel-2.5.9-150000.4.41.1 * ruby2.5-2.5.9-150000.4.41.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.41.1 * ruby2.5-stdlib-2.5.9-150000.4.41.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.41.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.41.1 * libruby2_5-2_5-2.5.9-150000.4.41.1 * ruby2.5-debugsource-2.5.9-150000.4.41.1 * ruby2.5-debuginfo-2.5.9-150000.4.41.1 * ruby2.5-devel-2.5.9-150000.4.41.1 * ruby2.5-2.5.9-150000.4.41.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.41.1 * ruby2.5-stdlib-2.5.9-150000.4.41.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.41.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.41.1 * libruby2_5-2_5-2.5.9-150000.4.41.1 * ruby2.5-debugsource-2.5.9-150000.4.41.1 * ruby2.5-debuginfo-2.5.9-150000.4.41.1 * ruby2.5-devel-2.5.9-150000.4.41.1 * ruby2.5-2.5.9-150000.4.41.1 * SUSE Manager Proxy 4.3 (x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.41.1 * ruby2.5-stdlib-2.5.9-150000.4.41.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.41.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.41.1 * libruby2_5-2_5-2.5.9-150000.4.41.1 * ruby2.5-debugsource-2.5.9-150000.4.41.1 * ruby2.5-debuginfo-2.5.9-150000.4.41.1 * ruby2.5-devel-2.5.9-150000.4.41.1 * ruby2.5-2.5.9-150000.4.41.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.41.1 * ruby2.5-stdlib-2.5.9-150000.4.41.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.41.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.41.1 * libruby2_5-2_5-2.5.9-150000.4.41.1 * ruby2.5-debugsource-2.5.9-150000.4.41.1 * ruby2.5-debuginfo-2.5.9-150000.4.41.1 * ruby2.5-devel-2.5.9-150000.4.41.1 * ruby2.5-2.5.9-150000.4.41.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) *ruby2.5-devel-extra-2.5.9-150000.4.41.1 * ruby2.5-stdlib-2.5.9-150000.4.41.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.41.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.41.1 * libruby2_5-2_5-2.5.9-150000.4.41.1 * ruby2.5-debugsource-2.5.9-150000.4.41.1 * ruby2.5-debuginfo-2.5.9-150000.4.41.1 * ruby2.5-devel-2.5.9-150000.4.41.1 * ruby2.5-2.5.9-150000.4.41.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.41.1 * ruby2.5-stdlib-2.5.9-150000.4.41.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.41.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.41.1 * libruby2_5-2_5-2.5.9-150000.4.41.1 * ruby2.5-debugsource-2.5.9-150000.4.41.1 * ruby2.5-debuginfo-2.5.9-150000.4.41.1 * ruby2.5-devel-2.5.9-150000.4.41.1 * ruby2.5-2.5.9-150000.4.41.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.41.1 * ruby2.5-stdlib-2.5.9-150000.4.41.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.41.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.41.1 * libruby2_5-2_5-2.5.9-150000.4.41.1 * ruby2.5-debugsource-2.5.9-150000.4.41.1 * ruby2.5-debuginfo-2.5.9-150000.4.41.1 * ruby2.5-doc-2.5.9-150000.4.41.1 * ruby2.5-devel-2.5.9-150000.4.41.1 * ruby2.5-2.5.9-150000.4.41.1 * openSUSE Leap 15.6 (noarch) * ruby2.5-doc-ri-2.5.9-150000.4.41.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.41.1 * ruby2.5-stdlib-2.5.9-150000.4.41.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.41.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.41.1 * libruby2_5-2_5-2.5.9-150000.4.41.1 * ruby2.5-debugsource-2.5.9-150000.4.41.1 * ruby2.5-debuginfo-2.5.9-150000.4.41.1 * ruby2.5-devel-2.5.9-150000.4.41.1 * ruby2.5-2.5.9-150000.4.41.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.41.1 * ruby2.5-stdlib-2.5.9-150000.4.41.1 *ruby2.5-stdlib-debuginfo-2.5.9-150000.4.41.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.41.1 * libruby2_5-2_5-2.5.9-150000.4.41.1 * ruby2.5-debugsource-2.5.9-150000.4.41.1 * ruby2.5-debuginfo-2.5.9-150000.4.41.1 * ruby2.5-devel-2.5.9-150000.4.41.1 * ruby2.5-2.5.9-150000.4.41.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.41.1 * ruby2.5-stdlib-2.5.9-150000.4.41.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.41.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.41.1 * libruby2_5-2_5-2.5.9-150000.4.41.1 * ruby2.5-debugsource-2.5.9-150000.4.41.1 * ruby2.5-debuginfo-2.5.9-150000.4.41.1 * ruby2.5-devel-2.5.9-150000.4.41.1 * ruby2.5-2.5.9-150000.4.41.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.41.1 * ruby2.5-stdlib-2.5.9-150000.4.41.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.41.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.41.1 * libruby2_5-2_5-2.5.9-150000.4.41.1 * ruby2.5-debugsource-2.5.9-150000.4.41.1 * ruby2.5-debuginfo-2.5.9-150000.4.41.1 * ruby2.5-devel-2.5.9-150000.4.41.1 * ruby2.5-2.5.9-150000.4.41.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.41.1 * ruby2.5-stdlib-2.5.9-150000.4.41.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.41.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.41.1 * libruby2_5-2_5-2.5.9-150000.4.41.1 * ruby2.5-debugsource-2.5.9-150000.4.41.1 * ruby2.5-debuginfo-2.5.9-150000.4.41.1 * ruby2.5-devel-2.5.9-150000.4.41.1 * ruby2.5-2.5.9-150000.4.41.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.41.1 * ruby2.5-stdlib-2.5.9-150000.4.41.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.41.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.41.1 *libruby2_5-2_5-2.5.9-150000.4.41.1 * ruby2.5-debugsource-2.5.9-150000.4.41.1 * ruby2.5-debuginfo-2.5.9-150000.4.41.1 * ruby2.5-devel-2.5.9-150000.4.41.1 * ruby2.5-2.5.9-150000.4.41.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.41.1 * ruby2.5-stdlib-2.5.9-150000.4.41.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.41.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.41.1 * libruby2_5-2_5-2.5.9-150000.4.41.1 * ruby2.5-debugsource-2.5.9-150000.4.41.1 * ruby2.5-debuginfo-2.5.9-150000.4.41.1 * ruby2.5-devel-2.5.9-150000.4.41.1 * ruby2.5-2.5.9-150000.4.41.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * ruby2.5-devel-extra-2.5.9-150000.4.41.1 * ruby2.5-stdlib-2.5.9-150000.4.41.1 * ruby2.5-stdlib-debuginfo-2.5.9-150000.4.41.1 * libruby2_5-2_5-debuginfo-2.5.9-150000.4.41.1 * libruby2_5-2_5-2.5.9-150000.4.41.1 * ruby2.5-debugsource-2.5.9-150000.4.41.1 * ruby2.5-debuginfo-2.5.9-150000.4.41.1 * ruby2.5-devel-2.5.9-150000.4.41.1 * ruby2.5-2.5.9-150000.4.41.1 ## References: * https://www.suse.com/security/cve/CVE-2024-47220.html * https://www.suse.com/security/cve/CVE-2025-27219.html * https://www.suse.com/security/cve/CVE-2025-27220.html * https://bugzilla.suse.com/show_bug.cgi?id=1230930 * https://bugzilla.suse.com/show_bug.cgi?id=1235773 * https://bugzilla.suse.com/show_bug.cgi?id=1237804 * https://bugzilla.suse.com/show_bug.cgi?id=1237806 . Essential security patch released for ruby2.5 in openSUSE, tackling various risks and vulnerabilities thoroughly.. ruby2.5 update, openSUSE security, ruby vulnerabilities, patch management, denial of service fix. . Severity: Important. LinuxSecurity.com Team
Refresh patches Add -std=gnu17 to CFLAGS to fix the build 042-man2html-CVE-2021-40647.patch Add more patches from Debian. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-a778f51bce 2025-03-07 03:41:49.695819+00:00 -------------------------------------------------------------------------------- Name : man2html Product : Fedora 40 Version : 1.6 Release : 39.g.fc40 URL : Summary : Convert man pages to HTML - CGI scripts Description : man2html is a man page to HTML converter. This package contains CGI scripts that allow you to view, browse, and search man pages using a web server. -------------------------------------------------------------------------------- Update Information: Refresh patches Add -std=gnu17 to CFLAGS to fix the build 042-man2html-CVE-2021-40647.patch Add more patches from Debian -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 26 2025 Sérgio Basto - 1.6-39.g - Add more patches from Debian 004-spelling.patch 011-man2html-doctype-status.patch 012-man2html-TH.patch 013-man2html-file-link.patch 030-man2html-man-hyphens.patch 032-man2html-man-remove-LO-tags.patch 034-UTF8-charset.patch 036-fix-tbl-font-parsing.patch 037-man2html-Nm-and-Bk-mdoc.patch 038-man2html-colon-escape-sequence.patch 042-man2html-CVE-2021-40647.patch 043-man2html-fix-asan-issues.patch man2html-ungzip.patch rename to 024-man2html-uncompress.patch * Tue Feb 25 2025 Sérgio Basto - 1.6-38.g - Add -std=gnu17 to CFLAGS to fix the build * Fri Jan 17 2025 Fedora Release Engineering - 1.6-37.g - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Thu Jul 18 2024 Fedora Release Engineering - 1.6-36.g - Rebuilt forhttps://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2126814 - CVE-2021-40647 man2html: sys-apps/man2html: multiple vulnerabilities [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2126814 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-a778f51bce' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- . Ubuntu 22.04 update addresses CUPS privacy issues with code enhancements and system optimizations for better usability. Fedora 40 man2html update, security patches, build adjustments. . Severity: Important. LinuxSecurity.com Team
New curl packages are available for Slackware 15.0 and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] curl (SSA:2025-036-01) New curl packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/curl-8.12.0-i586-1_slack15.0.txz: Upgraded. This release fixes the following security issues: gzip integer overflow eventfd double close netrc and default credential leak For more information, see: https://curl.se/docs/CVE-2025-0725.html https://curl.se/docs/CVE-2025-0665.html https://curl.se/docs/CVE-2025-0167.html https://www.cve.org/CVERecord?id=CVE-2025-0725 https://www.cve.org/CVERecord?id=CVE-2025-0665 https://www.cve.org/CVERecord?id=CVE-2025-0167 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/curl-8.12.0-i586-1_slack15.0.txz Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/curl-8.12.0-x86_64-1_slack15.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-8.12.0-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-8.12.0-x86_64-1.txz MD5 signatures: +-------------+ Slackware 15.0 package: c95c2441f88525aca101a560b756abe4 curl-8.12.0-i586-1_slack15.0.txz Slackware x86_64 15.0 package: 63cdb7478aee72014108e955ab4f0e3e curl-8.12.0-x86_64-1_slack15.0.txz Slackware -currentpackage: 6bae28f544f54160e06c4b86b0faaa2d n/curl-8.12.0-i686-1.txz Slackware x86_64 -current package: 8b9ccf398ab7a9e4527ecdca6f6a0970 n/curl-8.12.0-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg curl-8.12.0-i586-1_slack15.0.txz +-----+ . Boost your Slackware setup by upgrading to the latest curl packages. This step is crucial for addressing serious security vulnerabilities and ensuring system integrity. curl packages, Slackware updates, security fixes, software updates. . Severity: Critical. LinuxSecurity.com Team
* bsc#1219296 Cross-References: * CVE-2023-52340 . # Security update for the Linux Kernel (Live Patch 41 for SLE 15 SP3) Announcement ID: SUSE-SU-2024:1207-1 Rating: important References: * bsc#1219296 Cross-References: * CVE-2023-52340 CVSS scores: * CVE-2023-52340 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_150 fixes one issue. The following security issue was fixed: * CVE-2023-52340: Fixed ICMPv6 âPacket Too Bigâ packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219296). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2024-1219=1 SUSE-SLE-Live- Patching-12-SP5-2024-1207=1 SUSE-SLE-Live-Patching-12-SP5-2024-1208=1 SUSE-SLE- Live-Patching-12-SP5-2024-1209=1 SUSE-SLE-Live-Patching-12-SP5-2024-1210=1 SUSE- SLE-Live-Patching-12-SP5-2024-1211=1SUSE-SLE-Live-Patching-12-SP5-2024-1212=1 SUSE-SLE-Live-Patching-12-SP5-2024-1213=1 SUSE-SLE-Live- Patching-12-SP5-2024-1214=1 SUSE-SLE-Live-Patching-12-SP5-2024-1215=1 SUSE-SLE- Live-Patching-12-SP5-2024-1216=1 SUSE-SLE-Live-Patching-12-SP5-2024-1217=1 SUSE- SLE-Live-Patching-12-SP5-2024-1218=1 * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2024-1227=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-1247=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2024-1247=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_165-default-9-2.1 * kgraft-patch-4_12_14-122_179-default-6-2.1 * kgraft-patch-4_12_14-122_150-default-14-2.2 * kgraft-patch-4_12_14-122_153-default-12-2.1 * kgraft-patch-4_12_14-122_176-default-7-2.1 * kgraft-patch-4_12_14-122_173-default-8-2.1 * kgraft-patch-4_12_14-122_194-default-3-2.1 * kgraft-patch-4_12_14-122_189-default-4-2.1 * kgraft-patch-4_12_14-122_183-default-6-2.1 * kgraft-patch-4_12_14-122_186-default-5-2.1 * kgraft-patch-4_12_14-122_162-default-10-2.1 * kgraft-patch-4_12_14-122_156-default-12-2.1 * kgraft-patch-4_12_14-122_159-default-11-2.1 * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP2_Update_45-debugsource-4-150200.2.1 * kernel-livepatch-5_3_18-150200_24_178-default-4-150200.2.1 * kernel-livepatch-5_3_18-150200_24_178-default-debuginfo-4-150200.2.1 * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_150-default-4-150300.2.1 * kernel-livepatch-5_3_18-150300_59_150-default-debuginfo-4-150300.2.1 * kernel-livepatch-SLE15-SP3_Update_41-debugsource-4-150300.2.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_150-preempt-4-150300.2.1 *kernel-livepatch-5_3_18-150300_59_150-preempt-debuginfo-4-150300.2.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_150-default-4-150300.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-52340.html * https://bugzilla.suse.com/show_bug.cgi?id=1219296 . Important SUSE Linux Kernel patch issued addressing a significant Denial of Service vulnerability concerning ICMPv6 packets across multiple distributions.. SUSE Linux Kernel, Live Patch, Security Issue, DoS Protection, Linux Security Update. . Severity: Critical. LinuxSecurity.com Team
The container bci/dotnet-sdk was updated. The following patches have been included in this update:. SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:92-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-18.1 , bci/dotnet-sdk:6.0.25 , bci/dotnet-sdk:6.0.25-18.1 Container Release : 18.1 Severity : low Type : security References : 1217969 CVE-2023-39804 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:70-1 Released: Tue Jan 9 18:29:39 2024 Summary: Security update for tar Type: security Severity: low References: 1217969,CVE-2023-39804 This update for tar fixes the following issues: - CVE-2023-39804: Fixed extension attributes in PAX archives incorrect hanling (bsc#1217969). The following package changes have been done: - tar-1.34-150000.3.34.1 updated - container:sles15-image-15.0.0-36.5.71 updated . SUSE Container Security Alert regarding bci/python modifications addresses slight weaknesses in zip. Keep your environments protected!. bci/dotnet-sdk, container updates, tar security patches. . Severity: Low. LinuxSecurity.com Team
The container suse/postgres was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4254-1 Container Tags : suse/postgres:16 , suse/postgres:16-2.13 , suse/postgres:16.1 , suse/postgres:16.1-2.13 , suse/postgres:latest Container Release : 2.13 Severity : moderate Type : security References : 1201384 1218014 CVE-2023-50495 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) The following package changes have been done: - libncurses6-6.1-150000.5.20.1 updated - terminfo-base-6.1-150000.5.20.1 updated - ncurses-utils-6.1-150000.5.20.1 updated - container:sles15-image-15.0.0-36.5.67 updated . SUSE Container Advisory for suse/postgres includes patches for moderate security issues and enhancements.. SUSE Container Update,SUSE/Postgres Security Update,Moderate Security Advisory. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.