Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 1 articles for you...
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisoryDoSimportant

openSUSE: cosign Important Path Injection Vulnern 2025:02592-1

An update that solves one vulnerability and contains one feature can now be installed.. # Security update for cosign Announcement ID: SUSE-SU-2025:02592-1 Release Date: 2025-08-01T14:44:33Z Rating: important References: * bsc#1246725 * jsc#SLE-23879 Cross-References: * CVE-2025-46569 CVSS scores: * CVE-2025-46569 ( SUSE ): 7.6 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2025-46569 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L * CVE-2025-46569 ( NVD ): 7.4 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * Basesystem Module 15-SP6 * Basesystem Module 15-SP7 * openSUSE Leap 15.4 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and containsone feature can now be installed. ## Description: This update for cosign fixes the following issues: Update to version 2.5.3 (jsc#SLE-23879): * CVE-2025-46569: Fixed OPA server Data API HTTP path injection of Rego (bsc#1246725) Changelog: Update to 2.5.3: * Add signing-config create command (#4280) * Allow multiple services to be specified for trusted-root create (#4285) * force when copying the latest image to overwrite (#4298) * Fix cert verification logic for trusted-root/SCTs (#4294) * Fix lint error for types package (#4295) * feat: Add OCI 1.1+ experimental support to tree (#4205) * Add validity period end for trusted-root create (#4271) * avoid double-loading trustedroot from file (#4264) Update to 2.5.2: * Do not load trusted root when CT env key is set * docs: improve doc for --no-upload option (#4206) Update to 2.5.1: * Add Rekor v2 support for trusted-root create (#4242) * Add baseUrl and Uri to trusted-root create command * Upgrade to TUF v2 client with trusted root * Don't verify SCT for a private PKI cert (#4225) * Bump TSA library to relax EKU chain validation rules (#4219) * Bump sigstore-go to pick up log index=0 fix (#4162) * remove unused recursive flag on attest command (#4187) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2592=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-2592=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2025-2592=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-2592=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-2592=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-2592=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-2592=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-2592=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-2592=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-2592=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2592=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2592=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-2592=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2592=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-2592=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * cosign-2.5.3-150400.3.30.1 * SUSE Manager Proxy 4.3 (x86_64) * cosign-2.5.3-150400.3.30.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * cosign-2.5.3-150400.3.30.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * cosign-2.5.3-150400.3.30.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * cosign-debuginfo-2.5.3-150400.3.30.1 * cosign-2.5.3-150400.3.30.1 * openSUSE Leap 15.4 (noarch) * cosign-zsh-completion-2.5.3-150400.3.30.1 * cosign-fish-completion-2.5.3-150400.3.30.1 * cosign-bash-completion-2.5.3-150400.3.30.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * cosign-debuginfo-2.5.3-150400.3.30.1 * cosign-2.5.3-150400.3.30.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) *cosign-debuginfo-2.5.3-150400.3.30.1 * cosign-2.5.3-150400.3.30.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * cosign-debuginfo-2.5.3-150400.3.30.1 * cosign-2.5.3-150400.3.30.1 * Basesystem Module 15-SP7 (noarch) * cosign-zsh-completion-2.5.3-150400.3.30.1 * cosign-bash-completion-2.5.3-150400.3.30.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * cosign-2.5.3-150400.3.30.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * cosign-2.5.3-150400.3.30.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * cosign-2.5.3-150400.3.30.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * cosign-2.5.3-150400.3.30.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * cosign-2.5.3-150400.3.30.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * cosign-2.5.3-150400.3.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * cosign-2.5.3-150400.3.30.1 ## References: * https://www.suse.com/security/cve/CVE-2025-46569.html * https://bugzilla.suse.com/show_bug.cgi?id=1246725 * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FSLE-23879&page_caps=&user_role= . SUSE security notice regarding cosign includes crucial updates tackling path injection vulnerabilities. Apply the updates without delay.. cosign updates, openSUSE security, security patch updates, path injection vulnerabilities. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Aug 01, 2025 Important OpenSUSE
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorySuSEimportant

SUSE: cosign Important HTTP Path Injection Vulnerability CVE-2025-46569

* bsc#1246725 * jsc#SLE-23879 Cross-References: * CVE-2025-46569 . # Security update for cosign Announcement ID: SUSE-SU-2025:02592-1 Release Date: 2025-08-01T14:44:33Z Rating: important References: * bsc#1246725 * jsc#SLE-23879 Cross-References: * CVE-2025-46569 CVSS scores: * CVE-2025-46569 ( SUSE ): 7.6 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2025-46569 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L * CVE-2025-46569 ( NVD ): 7.4 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * Basesystem Module 15-SP6 * Basesystem Module 15-SP7 * openSUSE Leap 15.4 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and contains one feature can nowbe installed. ## Description: This update for cosign fixes the following issues: Update to version 2.5.3 (jsc#SLE-23879): * CVE-2025-46569: Fixed OPA server Data API HTTP path injection of Rego (bsc#1246725) Changelog: Update to 2.5.3: * Add signing-config create command (#4280) * Allow multiple services to be specified for trusted-root create (#4285) * force when copying the latest image to overwrite (#4298) * Fix cert verification logic for trusted-root/SCTs (#4294) * Fix lint error for types package (#4295) * feat: Add OCI 1.1+ experimental support to tree (#4205) * Add validity period end for trusted-root create (#4271) * avoid double-loading trustedroot from file (#4264) Update to 2.5.2: * Do not load trusted root when CT env key is set * docs: improve doc for --no-upload option (#4206) Update to 2.5.1: * Add Rekor v2 support for trusted-root create (#4242) * Add baseUrl and Uri to trusted-root create command * Upgrade to TUF v2 client with trusted root * Don't verify SCT for a private PKI cert (#4225) * Bump TSA library to relax EKU chain validation rules (#4219) * Bump sigstore-go to pick up log index=0 fix (#4162) * remove unused recursive flag on attest command (#4187) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2592=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-2592=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2025-2592=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-2592=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-2592=1 * openSUSE Leap 15.6 zypper in -tpatch openSUSE-SLE-15.6-2025-2592=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-2592=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-2592=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-2592=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-2592=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2592=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2592=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-2592=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2592=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-2592=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * cosign-2.5.3-150400.3.30.1 * SUSE Manager Proxy 4.3 (x86_64) * cosign-2.5.3-150400.3.30.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * cosign-2.5.3-150400.3.30.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * cosign-2.5.3-150400.3.30.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * cosign-debuginfo-2.5.3-150400.3.30.1 * cosign-2.5.3-150400.3.30.1 * openSUSE Leap 15.4 (noarch) * cosign-zsh-completion-2.5.3-150400.3.30.1 * cosign-fish-completion-2.5.3-150400.3.30.1 * cosign-bash-completion-2.5.3-150400.3.30.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * cosign-debuginfo-2.5.3-150400.3.30.1 * cosign-2.5.3-150400.3.30.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) *cosign-debuginfo-2.5.3-150400.3.30.1 * cosign-2.5.3-150400.3.30.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * cosign-debuginfo-2.5.3-150400.3.30.1 * cosign-2.5.3-150400.3.30.1 * Basesystem Module 15-SP7 (noarch) * cosign-zsh-completion-2.5.3-150400.3.30.1 * cosign-bash-completion-2.5.3-150400.3.30.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * cosign-2.5.3-150400.3.30.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * cosign-2.5.3-150400.3.30.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * cosign-2.5.3-150400.3.30.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * cosign-2.5.3-150400.3.30.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * cosign-2.5.3-150400.3.30.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * cosign-2.5.3-150400.3.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * cosign-2.5.3-150400.3.30.1 ## References: * https://www.suse.com/security/cve/CVE-2025-46569.html * https://bugzilla.suse.com/show_bug.cgi?id=1246725 * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FSLE-23879&page_caps=&user_role= . SUSE has released a vital cosign security patch that tackles a severe path injection flaw identified as CVE-2025-46569.. SUSE, cosign, security fix. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Aug 01, 2025 Important SuSE
Banner 3 1028x280 1708121785 1771599793
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorysecurity issueimportant

SUSE: 2022:4601-2 Critical: Network Security Patch Release

An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for cni ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4592-1 Rating: important References: #1181961 Cross-References: CVE-2021-20206 CVSS scores: CVE-2021-20206 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-20206 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cni fixes the following issues: - CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4592=1 - openSUSELeap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4592=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4592=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4592=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4592=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4592=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4592=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4592=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4592=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4592=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4592=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4592=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4592=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-4592=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-4592=1 - SUSE Linux Enterprise Module for Containers 15-SP4: zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-4592=1 - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-4592=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4592=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4592=1 -SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4592=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4592=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4592=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4592=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4592=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2022-4592=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4592=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4592=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): cni-0.7.1-150100.3.8.1 - openSUSE Leap Micro 5.2 (aarch64 x86_64): cni-0.7.1-150100.3.8.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): cni-0.7.1-150100.3.8.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): cni-0.7.1-150100.3.8.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): cni-0.7.1-150100.3.8.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): cni-0.7.1-150100.3.8.1 - SUSE Manager Proxy 4.1 (x86_64): cni-0.7.1-150100.3.8.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): cni-0.7.1-150100.3.8.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): cni-0.7.1-150100.3.8.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): cni-0.7.1-150100.3.8.1 -SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): cni-0.7.1-150100.3.8.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): cni-0.7.1-150100.3.8.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): cni-0.7.1-150100.3.8.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): cni-0.7.1-150100.3.8.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): cni-0.7.1-150100.3.8.1 - SUSE Linux Enterprise Module for Containers 15-SP4 (aarch64 ppc64le s390x x86_64): cni-0.7.1-150100.3.8.1 - SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64): cni-0.7.1-150100.3.8.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): cni-0.7.1-150100.3.8.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): cni-0.7.1-150100.3.8.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): cni-0.7.1-150100.3.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): cni-0.7.1-150100.3.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): cni-0.7.1-150100.3.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): cni-0.7.1-150100.3.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): cni-0.7.1-150100.3.8.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): cni-0.7.1-150100.3.8.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): cni-0.7.1-150100.3.8.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): cni-0.7.1-150100.3.8.1 - SUSE CaaS Platform 4.0 (x86_64): cni-0.7.1-150100.3.8.1 References: https://www.suse.com/security/cve/CVE-2021-20206.html https://bugzilla.suse.com/1181961 . SUSE Security Announcement resolves cni flaw classified as critical. Find patch guidance and product specifics within.. SUSE CaaSPlatform, SUSE Linux Enterprise, CNI Update, Security Fixes. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Dec 20, 2022 Important SuSE
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorysoftware updateimportant

SUSE: 2022:4593-1 Important: cni-plugins Path Injection Risk

An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for cni-plugins ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4593-1 Rating: important References: #1181961 Cross-References: CVE-2021-20206 CVSS scores: CVE-2021-20206 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-20206 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cni-plugins fixes the following issues: - CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4593=1 - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4593=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4593=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4593=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4593=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4593=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4593=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4593=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4593=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4593=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4593=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4593=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4593=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-4593=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-4593=1 - SUSE Linux Enterprise Module for Containers 15-SP4: zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-4593=1 - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-4593=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4593=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patchSUSE-SUSE-MicroOS-5.2-2022-4593=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4593=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4593=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4593=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4593=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4593=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2022-4593=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4593=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4593=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): cni-plugins-0.8.6-150100.3.11.1 - openSUSE Leap Micro 5.2 (aarch64 x86_64): cni-plugins-0.8.6-150100.3.11.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): cni-plugins-0.8.6-150100.3.11.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Manager Proxy 4.1 (x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise Module for Containers 15-SP4 (aarch64 ppc64le s390x x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE CaaS Platform 4.0 (x86_64): cni-plugins-0.8.6-150100.3.11.1 References: https://www.suse.com/security/cve/CVE-2021-20206.html https://bugzilla.suse.com/1181961 . SUSE unveils vital patch for cni-plugins to mitigate vulnerabilities and maintain system reliability.. SUSE CNI Plugins, Path Injection Risk, Security Update. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Dec 20, 2022 Important SuSE
Banner 3 1028x280 1708121785 1771599793
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorymoderatesecurity update

Red Hat OpenShift 2.0.5 Moderate: CNI Path Injection Issue

The components for Red Hat OpenShift support for Windows Containers 2.0.5 are now available. This product release includes a moderate security update for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat OpenShift support for Windows Containers 2.0.5 [security update] Advisory ID: RHSA-2022:1660-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2022:1660 Issue date: 2022-05-02 CVE Names: CVE-2021-20206 ==================================================================== 1. Summary: The components for Red Hat OpenShift support for Windows Containers 2.0.5 are now available. This product release includes a moderate security update for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers. Security Fix(es): * containernetworking-cni: Arbitrary path injection via type field in CNI configuration (CVE-2021-20206) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For Windows Machine Config Operator upgrades, see thefollowing documentation: https://docs.redhat.com/en/documentation/openshift_container_platform/4.15/html/windows_container_support_for_openshift/windows-node-upgrades 4. Bugs fixed (https://bugzilla.redhat.com/): 1919391 - CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration 5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): WINC-756 - Windows Container Support for Red Hat OpenShift 2.0.5 release 6. References: https://access.redhat.com/security/cve/CVE-2021-20206 https://access.redhat.com/security/updates/classification#moderate 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYnAFZNzjgjWX9erEAQhe/A//fvs6Aa32A6rMhMKG+FlQEsfMuug0pnnA 2jTEkhuDS7wYl2ijuYUSQmTQwLd24upGt4AlmYqGgXogEhAFdOKi6D+ntzPUUKta iuPv7V8IQIFYV5/K3N32ZC/p1/cTAPt1jb0ClvyNbvU5+U5R5SzS6OSFNDAfeg0Q //uEjFLoJwyITHkjvMU4NVnMQuKCFqcl6WFTjT0ufp4PeFVdy7vNazmavnwWlSY+ tjQb62sl4cRHZhoiZHIZc+Y+qgLNJKhFsrO9B1C3DdhWLNPG7jrByDQW/oOsTBFg oP90YzNWKWWJRaDl5l46u2MrEH4jzEaSai4kE6/lRTh7JMOoeQSFhi+PnTbtmiPt DWS0md+MnKmWugEE/HNV1CwDzD8EBgz9zbXGWniv3oVlgcTklP9ZSst8scz4DN55 zsuvgGNYWG1jkF2WRxLSdR8vt1TAk8GZzvXBjcGjyQy0QOJGXFdEVZ510y7rlSZt 0WMLJ/22xHo/3bXAyACVHBoPt/UO+2IlsUhVa34EqAiGCgVd69uwJQb15XScXdKf rZM5+gq8qQKwcT9KFAnbDA7cDpPuEM7CL95x5W+L1BOFrcBp3TvmNTbOs7gC5JK8 9ZJDKOu5CjgpIXiFYuFSzWiFJInbSwZAQFV7pvu+Ze3L8KVjsX/Tj9L8+4fPdCsi YW5Ax78Uw9s=F/rw -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://listman.redhat.com/mailman/listinfo/rhsa-announce . A significant patch for Red Hat OpenShift's Windows capabilities resolves a critical CNI pathway vulnerability. More details available here.. Red Hat OpenShift, Windows Containers, Security Update. . Severity: Important. LinuxSecurity.com Team

Calendar 2 May 02, 2022 Important Red Hat
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorymoderateFedora

Fedora 33: 2021-fb466fb623 Moderate: Podman Path Injection Threat

bump podman to v3.0.1, Security fix for CVE-2021-20206 ---- Resolves: #1919391, #1926796 - Security fix for CVE-2021-20206 ---- Autobuilt v1.19.3 ---- Autobuilt v1.19.2 ---- Autobuilt v1.19.1 ---- Autobuilt v1.19.0 ---- harden cgo based golang binaries ---- Autobuilt v0.9.1. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-fb466fb623 2021-02-26 01:07:35.018897 --------------------------------------------------------------------------------Name : podman Product : Fedora 33 Version : 3.0.1 Release : 1.fc33 URL : https://podman.io/ Summary : Manage Pods, Containers and Container Images Description : podman (Pod Manager) is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=podman. Most podman commands can be run as a regular user, without requiring additional privileges. podman uses Buildah(1) internally to create container images. Both tools share image (not container) storage, hence each can use or manipulate images (but not containers) created by the other. Manage Pods, Containers and Container Images podman Simple management tool for pods, containers and images --------------------------------------------------------------------------------Update Information: bump podman to v3.0.1, Security fix for CVE-2021-20206 ---- Resolves: #1919391, #1926796 - Security fix for CVE-2021-20206 ---- Autobuilt v1.19.3 ---- Autobuilt v1.19.2 ---- Autobuilt v1.19.1 ---- Autobuilt v1.19.0 ----harden cgo based golang binaries ---- Autobuilt v0.9.1 --------------------------------------------------------------------------------ChangeLog: * Fri Feb 19 2021 Lokesh Mandvekar - 2:3.0.1-1 - bump to v3.0.1 * Mon Feb 15 2021 Lokesh Mandvekar - 2:3.0.0-3 - requires runcv1.0.0-rc93 for centos7 * Sun Feb 14 2021 Lokesh Mandvekar - 2:3.0.0-2 - bump release to hopefully hide centos7 build * Thu Feb 11 2021 Lokesh Mandvekar - 2:3.0.0-1 - bump to v3.0.0 * Thu Feb 11 2021 Lokesh Mandvekar - 2:3.0.0-0.6.rc3 - set GO111MODULE=off go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -extldflags '-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld '" -a -v -x for centos; * Mon Feb 8 2021 Lokesh Mandvekar - 2:3.0.0-0.5.rc3 - built v3.0.0-rc3 * Thu Feb 4 2021 Lokesh Mandvekar - 2:3.0.0-0.4.rc2 - bump for centos * Thu Feb 4 2021 Lokesh Mandvekar - 2:3.0.0-0.3.rc2 - update dependencies * Fri Jan 29 2021 RH Container Bot - 2:3.0.0-0.2.rc2 - autobuilt v3.0.0-rc2 * Mon Jan 18 2021 RH Container Bot - 2:3.0.0-0.1.rc1 - autobuilt v3.0.0-rc1 --------------------------------------------------------------------------------References: [ 1 ] Bug #1919391 - CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration https://bugzilla.redhat.com/show_bug.cgi?id=1919391 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-fb466fb623' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . Fedora's latest Podman update fixes a critical path injection vulnerability and boosts container orchestration features, urging users to upgrade for security and efficiency. Podman Update,Fedora Advisory,Container Security Fix,Path Injection Issue. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Feb 25, 2021 Important Fedora
Banner 3 1028x280 1708121785 1771599793
100
Ls Advisories Suse Esm H240
Price Tag 1security advisoryprivilege escalationpatch

SUSE: 2019:3248-1 Important: Live Patch for Kernel Security Issues

An update that fixes two vulnerabilities is now available. . SUSE Security Update: Security update for the Linux Kernel (Live Patch 10 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:3248-1 Rating: important References: #1153108 #1156321 Cross-References: CVE-2019-10220 CVE-2019-13272 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Live Patching 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-150_17 fixes several issues. The following security issues were fixed: - CVE-2019-13272: Fixed a privilege escalation from user to root due to improper handling of credentials by leveraging certain scenarios with a parent-child process relationship (bsc#1156321). - CVE-2019-10220: Fixed an issue where samba servers could inject relative paths in directory entry lists (bsc#1153108). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2019-3250=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2019-3248=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-195-default-8-22.2 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_17-default-6-2.3 kernel-livepatch-4_12_14-150_17-default-debuginfo-6-2.3 References: https://www.suse.com/security/cve/CVE-2019-10220.html https://www.suse.com/security/cve/CVE-2019-13272.html https://bugzilla.suse.com/1153108 https://bugzilla.suse.com/1156321 _______________________________________________ sle-security-updates mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. http://lists.suse.com/mailman/listinfo/sle-security-updates . An essential SUSE Security Update targeting significant vulnerabilities in the Linux Kernel, with options for immediate patching.. SUSE Security Update, Linux Kernel Patch, Privilege Escalation, Path Injection. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Dec 11, 2019 Important SuSE
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorysecurity issuesoftware update

SUSE: 2019:2893-1 Important: Samba Path Injection Issue

An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2893-1 Rating: important References: #1144902 Cross-References: CVE-2019-10218 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise High Availability 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for samba fixes the following issue: - CVE-2019-10218: Fixed a path injection caused by filenames containing path separators (bso#14071) (bsc#1144902). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2019-2893=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2019-2893=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2019-2893=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2019-2893=1 - SUSE Linux Enterprise High Availability 12-SP2: zypper in -t patch SUSE-SLE-HA-12-SP2-2019-2893=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): libdcerpc-binding0-32bit-4.4.2-38.28.1 libdcerpc-binding0-4.4.2-38.28.1 libdcerpc-binding0-debuginfo-32bit-4.4.2-38.28.1 libdcerpc-binding0-debuginfo-4.4.2-38.28.1 libdcerpc0-32bit-4.4.2-38.28.1 libdcerpc0-4.4.2-38.28.1 libdcerpc0-debuginfo-32bit-4.4.2-38.28.1 libdcerpc0-debuginfo-4.4.2-38.28.1 libndr-krb5pac0-32bit-4.4.2-38.28.1 libndr-krb5pac0-4.4.2-38.28.1 libndr-krb5pac0-debuginfo-32bit-4.4.2-38.28.1 libndr-krb5pac0-debuginfo-4.4.2-38.28.1 libndr-nbt0-32bit-4.4.2-38.28.1 libndr-nbt0-4.4.2-38.28.1 libndr-nbt0-debuginfo-32bit-4.4.2-38.28.1 libndr-nbt0-debuginfo-4.4.2-38.28.1 libndr-standard0-32bit-4.4.2-38.28.1 libndr-standard0-4.4.2-38.28.1 libndr-standard0-debuginfo-32bit-4.4.2-38.28.1 libndr-standard0-debuginfo-4.4.2-38.28.1 libndr0-32bit-4.4.2-38.28.1 libndr0-4.4.2-38.28.1 libndr0-debuginfo-32bit-4.4.2-38.28.1 libndr0-debuginfo-4.4.2-38.28.1 libnetapi0-32bit-4.4.2-38.28.1 libnetapi0-4.4.2-38.28.1 libnetapi0-debuginfo-32bit-4.4.2-38.28.1 libnetapi0-debuginfo-4.4.2-38.28.1 libsamba-credentials0-32bit-4.4.2-38.28.1 libsamba-credentials0-4.4.2-38.28.1 libsamba-credentials0-debuginfo-32bit-4.4.2-38.28.1 libsamba-credentials0-debuginfo-4.4.2-38.28.1 libsamba-errors0-32bit-4.4.2-38.28.1 libsamba-errors0-4.4.2-38.28.1 libsamba-errors0-debuginfo-32bit-4.4.2-38.28.1 libsamba-errors0-debuginfo-4.4.2-38.28.1 libsamba-hostconfig0-32bit-4.4.2-38.28.1 libsamba-hostconfig0-4.4.2-38.28.1 libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.28.1 libsamba-hostconfig0-debuginfo-4.4.2-38.28.1 libsamba-passdb0-32bit-4.4.2-38.28.1 libsamba-passdb0-4.4.2-38.28.1 libsamba-passdb0-debuginfo-32bit-4.4.2-38.28.1 libsamba-passdb0-debuginfo-4.4.2-38.28.1 libsamba-util0-32bit-4.4.2-38.28.1 libsamba-util0-4.4.2-38.28.1 libsamba-util0-debuginfo-32bit-4.4.2-38.28.1 libsamba-util0-debuginfo-4.4.2-38.28.1 libsamdb0-32bit-4.4.2-38.28.1 libsamdb0-4.4.2-38.28.1 libsamdb0-debuginfo-32bit-4.4.2-38.28.1 libsamdb0-debuginfo-4.4.2-38.28.1 libsmbclient0-32bit-4.4.2-38.28.1 libsmbclient0-4.4.2-38.28.1 libsmbclient0-debuginfo-32bit-4.4.2-38.28.1 libsmbclient0-debuginfo-4.4.2-38.28.1 libsmbconf0-32bit-4.4.2-38.28.1 libsmbconf0-4.4.2-38.28.1 libsmbconf0-debuginfo-32bit-4.4.2-38.28.1 libsmbconf0-debuginfo-4.4.2-38.28.1 libsmbldap0-32bit-4.4.2-38.28.1 libsmbldap0-4.4.2-38.28.1 libsmbldap0-debuginfo-32bit-4.4.2-38.28.1 libsmbldap0-debuginfo-4.4.2-38.28.1 libtevent-util0-32bit-4.4.2-38.28.1 libtevent-util0-4.4.2-38.28.1 libtevent-util0-debuginfo-32bit-4.4.2-38.28.1 libtevent-util0-debuginfo-4.4.2-38.28.1 libwbclient0-32bit-4.4.2-38.28.1 libwbclient0-4.4.2-38.28.1 libwbclient0-debuginfo-32bit-4.4.2-38.28.1 libwbclient0-debuginfo-4.4.2-38.28.1 samba-4.4.2-38.28.1 samba-client-32bit-4.4.2-38.28.1 samba-client-4.4.2-38.28.1 samba-client-debuginfo-32bit-4.4.2-38.28.1 samba-client-debuginfo-4.4.2-38.28.1 samba-debuginfo-4.4.2-38.28.1 samba-debugsource-4.4.2-38.28.1 samba-libs-32bit-4.4.2-38.28.1 samba-libs-4.4.2-38.28.1 samba-libs-debuginfo-32bit-4.4.2-38.28.1 samba-libs-debuginfo-4.4.2-38.28.1 samba-winbind-32bit-4.4.2-38.28.1 samba-winbind-4.4.2-38.28.1 samba-winbind-debuginfo-32bit-4.4.2-38.28.1 samba-winbind-debuginfo-4.4.2-38.28.1 - SUSE OpenStack Cloud 7 (noarch): samba-doc-4.4.2-38.28.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): libdcerpc-binding0-4.4.2-38.28.1 libdcerpc-binding0-debuginfo-4.4.2-38.28.1 libdcerpc0-4.4.2-38.28.1 libdcerpc0-debuginfo-4.4.2-38.28.1 libndr-krb5pac0-4.4.2-38.28.1 libndr-krb5pac0-debuginfo-4.4.2-38.28.1 libndr-nbt0-4.4.2-38.28.1 libndr-nbt0-debuginfo-4.4.2-38.28.1 libndr-standard0-4.4.2-38.28.1 libndr-standard0-debuginfo-4.4.2-38.28.1 libndr0-4.4.2-38.28.1 libndr0-debuginfo-4.4.2-38.28.1 libnetapi0-4.4.2-38.28.1 libnetapi0-debuginfo-4.4.2-38.28.1 libsamba-credentials0-4.4.2-38.28.1 libsamba-credentials0-debuginfo-4.4.2-38.28.1 libsamba-errors0-4.4.2-38.28.1 libsamba-errors0-debuginfo-4.4.2-38.28.1 libsamba-hostconfig0-4.4.2-38.28.1 libsamba-hostconfig0-debuginfo-4.4.2-38.28.1 libsamba-passdb0-4.4.2-38.28.1 libsamba-passdb0-debuginfo-4.4.2-38.28.1 libsamba-util0-4.4.2-38.28.1 libsamba-util0-debuginfo-4.4.2-38.28.1 libsamdb0-4.4.2-38.28.1 libsamdb0-debuginfo-4.4.2-38.28.1 libsmbclient0-4.4.2-38.28.1 libsmbclient0-debuginfo-4.4.2-38.28.1 libsmbconf0-4.4.2-38.28.1 libsmbconf0-debuginfo-4.4.2-38.28.1 libsmbldap0-4.4.2-38.28.1 libsmbldap0-debuginfo-4.4.2-38.28.1 libtevent-util0-4.4.2-38.28.1 libtevent-util0-debuginfo-4.4.2-38.28.1 libwbclient0-4.4.2-38.28.1 libwbclient0-debuginfo-4.4.2-38.28.1 samba-4.4.2-38.28.1 samba-client-4.4.2-38.28.1 samba-client-debuginfo-4.4.2-38.28.1 samba-debuginfo-4.4.2-38.28.1 samba-debugsource-4.4.2-38.28.1 samba-libs-4.4.2-38.28.1 samba-libs-debuginfo-4.4.2-38.28.1 samba-winbind-4.4.2-38.28.1 samba-winbind-debuginfo-4.4.2-38.28.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64): libdcerpc-binding0-32bit-4.4.2-38.28.1 libdcerpc-binding0-debuginfo-32bit-4.4.2-38.28.1 libdcerpc0-32bit-4.4.2-38.28.1 libdcerpc0-debuginfo-32bit-4.4.2-38.28.1 libndr-krb5pac0-32bit-4.4.2-38.28.1 libndr-krb5pac0-debuginfo-32bit-4.4.2-38.28.1 libndr-nbt0-32bit-4.4.2-38.28.1 libndr-nbt0-debuginfo-32bit-4.4.2-38.28.1 libndr-standard0-32bit-4.4.2-38.28.1 libndr-standard0-debuginfo-32bit-4.4.2-38.28.1 libndr0-32bit-4.4.2-38.28.1 libndr0-debuginfo-32bit-4.4.2-38.28.1 libnetapi0-32bit-4.4.2-38.28.1 libnetapi0-debuginfo-32bit-4.4.2-38.28.1 libsamba-credentials0-32bit-4.4.2-38.28.1 libsamba-credentials0-debuginfo-32bit-4.4.2-38.28.1 libsamba-errors0-32bit-4.4.2-38.28.1 libsamba-errors0-debuginfo-32bit-4.4.2-38.28.1 libsamba-hostconfig0-32bit-4.4.2-38.28.1 libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.28.1 libsamba-passdb0-32bit-4.4.2-38.28.1 libsamba-passdb0-debuginfo-32bit-4.4.2-38.28.1 libsamba-util0-32bit-4.4.2-38.28.1 libsamba-util0-debuginfo-32bit-4.4.2-38.28.1 libsamdb0-32bit-4.4.2-38.28.1 libsamdb0-debuginfo-32bit-4.4.2-38.28.1 libsmbclient0-32bit-4.4.2-38.28.1 libsmbclient0-debuginfo-32bit-4.4.2-38.28.1 libsmbconf0-32bit-4.4.2-38.28.1 libsmbconf0-debuginfo-32bit-4.4.2-38.28.1 libsmbldap0-32bit-4.4.2-38.28.1 libsmbldap0-debuginfo-32bit-4.4.2-38.28.1 libtevent-util0-32bit-4.4.2-38.28.1 libtevent-util0-debuginfo-32bit-4.4.2-38.28.1 libwbclient0-32bit-4.4.2-38.28.1 libwbclient0-debuginfo-32bit-4.4.2-38.28.1 samba-client-32bit-4.4.2-38.28.1 samba-client-debuginfo-32bit-4.4.2-38.28.1 samba-libs-32bit-4.4.2-38.28.1 samba-libs-debuginfo-32bit-4.4.2-38.28.1 samba-winbind-32bit-4.4.2-38.28.1 samba-winbind-debuginfo-32bit-4.4.2-38.28.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (noarch): samba-doc-4.4.2-38.28.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): libdcerpc-binding0-4.4.2-38.28.1 libdcerpc-binding0-debuginfo-4.4.2-38.28.1 libdcerpc0-4.4.2-38.28.1 libdcerpc0-debuginfo-4.4.2-38.28.1 libndr-krb5pac0-4.4.2-38.28.1 libndr-krb5pac0-debuginfo-4.4.2-38.28.1 libndr-nbt0-4.4.2-38.28.1 libndr-nbt0-debuginfo-4.4.2-38.28.1 libndr-standard0-4.4.2-38.28.1 libndr-standard0-debuginfo-4.4.2-38.28.1 libndr0-4.4.2-38.28.1 libndr0-debuginfo-4.4.2-38.28.1 libnetapi0-4.4.2-38.28.1 libnetapi0-debuginfo-4.4.2-38.28.1 libsamba-credentials0-4.4.2-38.28.1 libsamba-credentials0-debuginfo-4.4.2-38.28.1 libsamba-errors0-4.4.2-38.28.1 libsamba-errors0-debuginfo-4.4.2-38.28.1 libsamba-hostconfig0-4.4.2-38.28.1 libsamba-hostconfig0-debuginfo-4.4.2-38.28.1 libsamba-passdb0-4.4.2-38.28.1 libsamba-passdb0-debuginfo-4.4.2-38.28.1 libsamba-util0-4.4.2-38.28.1 libsamba-util0-debuginfo-4.4.2-38.28.1 libsamdb0-4.4.2-38.28.1 libsamdb0-debuginfo-4.4.2-38.28.1 libsmbclient0-4.4.2-38.28.1 libsmbclient0-debuginfo-4.4.2-38.28.1 libsmbconf0-4.4.2-38.28.1 libsmbconf0-debuginfo-4.4.2-38.28.1 libsmbldap0-4.4.2-38.28.1 libsmbldap0-debuginfo-4.4.2-38.28.1 libtevent-util0-4.4.2-38.28.1 libtevent-util0-debuginfo-4.4.2-38.28.1 libwbclient0-4.4.2-38.28.1 libwbclient0-debuginfo-4.4.2-38.28.1 samba-4.4.2-38.28.1 samba-client-4.4.2-38.28.1 samba-client-debuginfo-4.4.2-38.28.1 samba-debuginfo-4.4.2-38.28.1 samba-debugsource-4.4.2-38.28.1 samba-libs-4.4.2-38.28.1 samba-libs-debuginfo-4.4.2-38.28.1 samba-winbind-4.4.2-38.28.1 samba-winbind-debuginfo-4.4.2-38.28.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64): libdcerpc-binding0-32bit-4.4.2-38.28.1 libdcerpc-binding0-debuginfo-32bit-4.4.2-38.28.1 libdcerpc0-32bit-4.4.2-38.28.1 libdcerpc0-debuginfo-32bit-4.4.2-38.28.1 libndr-krb5pac0-32bit-4.4.2-38.28.1 libndr-krb5pac0-debuginfo-32bit-4.4.2-38.28.1 libndr-nbt0-32bit-4.4.2-38.28.1 libndr-nbt0-debuginfo-32bit-4.4.2-38.28.1 libndr-standard0-32bit-4.4.2-38.28.1 libndr-standard0-debuginfo-32bit-4.4.2-38.28.1 libndr0-32bit-4.4.2-38.28.1 libndr0-debuginfo-32bit-4.4.2-38.28.1 libnetapi0-32bit-4.4.2-38.28.1 libnetapi0-debuginfo-32bit-4.4.2-38.28.1 libsamba-credentials0-32bit-4.4.2-38.28.1 libsamba-credentials0-debuginfo-32bit-4.4.2-38.28.1 libsamba-errors0-32bit-4.4.2-38.28.1 libsamba-errors0-debuginfo-32bit-4.4.2-38.28.1 libsamba-hostconfig0-32bit-4.4.2-38.28.1 libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.28.1 libsamba-passdb0-32bit-4.4.2-38.28.1 libsamba-passdb0-debuginfo-32bit-4.4.2-38.28.1 libsamba-util0-32bit-4.4.2-38.28.1 libsamba-util0-debuginfo-32bit-4.4.2-38.28.1 libsamdb0-32bit-4.4.2-38.28.1 libsamdb0-debuginfo-32bit-4.4.2-38.28.1 libsmbclient0-32bit-4.4.2-38.28.1 libsmbclient0-debuginfo-32bit-4.4.2-38.28.1 libsmbconf0-32bit-4.4.2-38.28.1 libsmbconf0-debuginfo-32bit-4.4.2-38.28.1 libsmbldap0-32bit-4.4.2-38.28.1 libsmbldap0-debuginfo-32bit-4.4.2-38.28.1 libtevent-util0-32bit-4.4.2-38.28.1 libtevent-util0-debuginfo-32bit-4.4.2-38.28.1 libwbclient0-32bit-4.4.2-38.28.1 libwbclient0-debuginfo-32bit-4.4.2-38.28.1 samba-client-32bit-4.4.2-38.28.1 samba-client-debuginfo-32bit-4.4.2-38.28.1 samba-libs-32bit-4.4.2-38.28.1 samba-libs-debuginfo-32bit-4.4.2-38.28.1 samba-winbind-32bit-4.4.2-38.28.1 samba-winbind-debuginfo-32bit-4.4.2-38.28.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (noarch): samba-doc-4.4.2-38.28.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libdcerpc-binding0-32bit-4.4.2-38.28.1 libdcerpc-binding0-4.4.2-38.28.1 libdcerpc-binding0-debuginfo-32bit-4.4.2-38.28.1 libdcerpc-binding0-debuginfo-4.4.2-38.28.1 libdcerpc0-32bit-4.4.2-38.28.1 libdcerpc0-4.4.2-38.28.1 libdcerpc0-debuginfo-32bit-4.4.2-38.28.1 libdcerpc0-debuginfo-4.4.2-38.28.1 libndr-krb5pac0-32bit-4.4.2-38.28.1 libndr-krb5pac0-4.4.2-38.28.1 libndr-krb5pac0-debuginfo-32bit-4.4.2-38.28.1 libndr-krb5pac0-debuginfo-4.4.2-38.28.1 libndr-nbt0-32bit-4.4.2-38.28.1 libndr-nbt0-4.4.2-38.28.1 libndr-nbt0-debuginfo-32bit-4.4.2-38.28.1 libndr-nbt0-debuginfo-4.4.2-38.28.1 libndr-standard0-32bit-4.4.2-38.28.1 libndr-standard0-4.4.2-38.28.1 libndr-standard0-debuginfo-32bit-4.4.2-38.28.1 libndr-standard0-debuginfo-4.4.2-38.28.1 libndr0-32bit-4.4.2-38.28.1 libndr0-4.4.2-38.28.1 libndr0-debuginfo-32bit-4.4.2-38.28.1 libndr0-debuginfo-4.4.2-38.28.1 libnetapi0-32bit-4.4.2-38.28.1 libnetapi0-4.4.2-38.28.1 libnetapi0-debuginfo-32bit-4.4.2-38.28.1 libnetapi0-debuginfo-4.4.2-38.28.1 libsamba-credentials0-32bit-4.4.2-38.28.1 libsamba-credentials0-4.4.2-38.28.1 libsamba-credentials0-debuginfo-32bit-4.4.2-38.28.1 libsamba-credentials0-debuginfo-4.4.2-38.28.1 libsamba-errors0-32bit-4.4.2-38.28.1 libsamba-errors0-4.4.2-38.28.1 libsamba-errors0-debuginfo-32bit-4.4.2-38.28.1 libsamba-errors0-debuginfo-4.4.2-38.28.1 libsamba-hostconfig0-32bit-4.4.2-38.28.1 libsamba-hostconfig0-4.4.2-38.28.1 libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.28.1 libsamba-hostconfig0-debuginfo-4.4.2-38.28.1 libsamba-passdb0-32bit-4.4.2-38.28.1 libsamba-passdb0-4.4.2-38.28.1 libsamba-passdb0-debuginfo-32bit-4.4.2-38.28.1 libsamba-passdb0-debuginfo-4.4.2-38.28.1 libsamba-util0-32bit-4.4.2-38.28.1 libsamba-util0-4.4.2-38.28.1 libsamba-util0-debuginfo-32bit-4.4.2-38.28.1 libsamba-util0-debuginfo-4.4.2-38.28.1 libsamdb0-32bit-4.4.2-38.28.1 libsamdb0-4.4.2-38.28.1 libsamdb0-debuginfo-32bit-4.4.2-38.28.1 libsamdb0-debuginfo-4.4.2-38.28.1 libsmbclient0-32bit-4.4.2-38.28.1 libsmbclient0-4.4.2-38.28.1 libsmbclient0-debuginfo-32bit-4.4.2-38.28.1 libsmbclient0-debuginfo-4.4.2-38.28.1 libsmbconf0-32bit-4.4.2-38.28.1 libsmbconf0-4.4.2-38.28.1 libsmbconf0-debuginfo-32bit-4.4.2-38.28.1 libsmbconf0-debuginfo-4.4.2-38.28.1 libsmbldap0-32bit-4.4.2-38.28.1 libsmbldap0-4.4.2-38.28.1 libsmbldap0-debuginfo-32bit-4.4.2-38.28.1 libsmbldap0-debuginfo-4.4.2-38.28.1 libtevent-util0-32bit-4.4.2-38.28.1 libtevent-util0-4.4.2-38.28.1 libtevent-util0-debuginfo-32bit-4.4.2-38.28.1 libtevent-util0-debuginfo-4.4.2-38.28.1 libwbclient0-32bit-4.4.2-38.28.1 libwbclient0-4.4.2-38.28.1 libwbclient0-debuginfo-32bit-4.4.2-38.28.1 libwbclient0-debuginfo-4.4.2-38.28.1 samba-4.4.2-38.28.1 samba-client-32bit-4.4.2-38.28.1 samba-client-4.4.2-38.28.1 samba-client-debuginfo-32bit-4.4.2-38.28.1 samba-client-debuginfo-4.4.2-38.28.1 samba-debuginfo-4.4.2-38.28.1 samba-debugsource-4.4.2-38.28.1 samba-libs-32bit-4.4.2-38.28.1 samba-libs-4.4.2-38.28.1 samba-libs-debuginfo-32bit-4.4.2-38.28.1 samba-libs-debuginfo-4.4.2-38.28.1 samba-winbind-32bit-4.4.2-38.28.1 samba-winbind-4.4.2-38.28.1 samba-winbind-debuginfo-32bit-4.4.2-38.28.1 samba-winbind-debuginfo-4.4.2-38.28.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): samba-doc-4.4.2-38.28.1 - SUSE Linux Enterprise High Availability 12-SP2 (ppc64le s390x x86_64): ctdb-4.4.2-38.28.1 ctdb-debuginfo-4.4.2-38.28.1 samba-debuginfo-4.4.2-38.28.1 samba-debugsource-4.4.2-38.28.1 References: https://www.suse.com/security/cve/CVE-2019-10218.html https://bugzilla.suse.com/1144902 _______________________________________________ sle-security-updates mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. http://lists.suse.com/mailman/listinfo/sle-security-updates . SUSE Security Update: Critical patch for samba resolving directory traversal flaw. Update immediately for enhanced protection.. SUSE Linux, samba update, software security, path injection, security issues. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Nov 05, 2019 Important SuSE
Banner 3 1028x280 1708121785 1771599793
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here