Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 0 articles for you...
202
security advisorybug fiximportantopenSUSE Leap 16.0 Chromium Important Bug Fix for 151 Issues 2026-20849-1
An update that solves 151 vulnerabilities and has one bug fix can now be installed.. openSUSE security update: security update for chromium ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20849-1 Rating: important References: * bsc#1266471 Cross-References: * CVE-2026-10000 * CVE-2026-10001 * CVE-2026-10002 * CVE-2026-10003 * CVE-2026-10004 * CVE-2026-10005 * CVE-2026-10006 * CVE-2026-10007 * CVE-2026-10008 * CVE-2026-10009 * CVE-2026-10010 * CVE-2026-10011 * CVE-2026-10012 * CVE-2026-10013 * CVE-2026-10014 * CVE-2026-10015 * CVE-2026-10016 * CVE-2026-10017 * CVE-2026-10018 * CVE-2026-10019 * CVE-2026-10020 * CVE-2026-10021 * CVE-2026-10022 * CVE-2026-9872 * CVE-2026-9873 * CVE-2026-9874 * CVE-2026-9875 * CVE-2026-9876 * CVE-2026-9877 * CVE-2026-9878 * CVE-2026-9879 * CVE-2026-9880 * CVE-2026-9881 * CVE-2026-9882 * CVE-2026-9883 * CVE-2026-9884 * CVE-2026-9885 * CVE-2026-9886 * CVE-2026-9887 * CVE-2026-9888 * CVE-2026-9889 * CVE-2026-9890 * CVE-2026-9891 * CVE-2026-9892 * CVE-2026-9893 * CVE-2026-9894 * CVE-2026-9895 * CVE-2026-9896 * CVE-2026-9897 * CVE-2026-9898 * CVE-2026-9899 * CVE-2026-9900 * CVE-2026-9901 * CVE-2026-9902 * CVE-2026-9903 * CVE-2026-9904 * CVE-2026-9905 * CVE-2026-9906 * CVE-2026-9907 * CVE-2026-9908 * CVE-2026-9909 * CVE-2026-9910 * CVE-2026-9911 * CVE-2026-9912 * CVE-2026-9913 * CVE-2026-9914 * CVE-2026-9915 * CVE-2026-9916 * CVE-2026-9917 * CVE-2026-9918 * CVE-2026-9919 * CVE-2026-9920 * CVE-2026-9921 * CVE-2026-9922 * CVE-2026-9923 * CVE-2026-9924 * CVE-2026-9925 * CVE-2026-9926 * CVE-2026-9927 * CVE-2026-9928 * CVE-2026-9929 * CVE-2026-9930 * CVE-2026-9931 * CVE-2026-9932 * CVE-2026-9933 * CVE-2026-9934 * CVE-2026-9935 * CVE-2026-9936 * CVE-2026-9937 * CVE-2026-9938 * CVE-2026-9939 * CVE-2026-9940 * CVE-2026-9941 * CVE-2026-9942 *CVE-2026-9943 * CVE-2026-9944 * CVE-2026-9945 * CVE-2026-9946 * CVE-2026-9947 * CVE-2026-9948 * CVE-2026-9949 * CVE-2026-9950 * CVE-2026-9951 * CVE-2026-9952 * CVE-2026-9953 * CVE-2026-9954 * CVE-2026-9955 * CVE-2026-9956 * CVE-2026-9957 * CVE-2026-9958 * CVE-2026-9959 * CVE-2026-9960 * CVE-2026-9961 * CVE-2026-9962 * CVE-2026-9963 * CVE-2026-9964 * CVE-2026-9965 * CVE-2026-9966 * CVE-2026-9967 * CVE-2026-9968 * CVE-2026-9969 * CVE-2026-9970 * CVE-2026-9971 * CVE-2026-9972 * CVE-2026-9973 * CVE-2026-9974 * CVE-2026-9975 * CVE-2026-9976 * CVE-2026-9977 * CVE-2026-9978 * CVE-2026-9979 * CVE-2026-9980 * CVE-2026-9981 * CVE-2026-9982 * CVE-2026-9983 * CVE-2026-9984 * CVE-2026-9985 * CVE-2026-9986 * CVE-2026-9987 * CVE-2026-9988 * CVE-2026-9989 * CVE-2026-9990 * CVE-2026-9991 * CVE-2026-9992 * CVE-2026-9993 * CVE-2026-9994 * CVE-2026-9995 * CVE-2026-9996 * CVE-2026-9997 * CVE-2026-9998 * CVE-2026-9999 Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 151 vulnerabilities and has one bug fix can now be installed. Description: This update for chromium fixes the following issues: Changes in chromium: - Chromium 148.0.7778.215 (boo#1266471): * CVE-2026-9872: Out of bounds write in GPU * CVE-2026-9873: Use after free in Network * CVE-2026-9874: Use after free in Dawn * CVE-2026-9875: Out of bounds read in WebGL * CVE-2026-9876: Use after free in WebGL * CVE-2026-9877: Use after free in ANGLE * CVE-2026-9878: Use after free in ANGLE * CVE-2026-9879: Out of bounds write in ANGLE * CVE-2026-9880: Insufficient validation of untrusted input in WebGL * CVE-2026-9881: Use after free in Bluetooth * CVE-2026-9882: Integer overflow in ANGLE * CVE-2026-9883: Use after free in Base * CVE-2026-9884: Use after free in Browser * CVE-2026-9885: Insufficient validation of untrusted input in UI * CVE-2026-9886:Use after free in Base * CVE-2026-9887: Use after free in Proxy * CVE-2026-9888: Use after free in WebView * CVE-2026-9889: Out of bounds read and write in Dawn * CVE-2026-9890: Use after free in XR * CVE-2026-9891: Use after free in Extensions * CVE-2026-9892: Inappropriate implementation in Skia * CVE-2026-9893: Use after free in Skia * CVE-2026-9894: Use after free in GPU * CVE-2026-9895: Out of bounds read in GPU * CVE-2026-9896: Out of bounds write in V8 * CVE-2026-9897: Use after free in DOM * CVE-2026-9898: Insufficient validation of untrusted input in GPU * CVE-2026-9899: Use after free in ANGLE * CVE-2026-9900: Out of bounds write in ANGLE * CVE-2026-9901: Use after free in ANGLE * CVE-2026-9902: Use after free in Accessibility * CVE-2026-9903: Insufficient validation of untrusted input in Site Isolation * CVE-2026-9904: Use after free in ANGLE * CVE-2026-9905: Use after free in Accessibility * CVE-2026-9906: Out of bounds write in GPU * CVE-2026-9907: Out of bounds read in Dawn * CVE-2026-9908: Out of bounds read in ANGLE * CVE-2026-9909: Integer overflow in Skia * CVE-2026-9910: Out of bounds memory access in ANGLE * CVE-2026-9911: Integer overflow in ANGLE * CVE-2026-9912: Inappropriate implementation in GPU * CVE-2026-9913: Inappropriate implementation in ANGLE * CVE-2026-9914: Insufficient validation of untrusted input in ANGLE * CVE-2026-9915: Heap buffer overflow in ANGLE * CVE-2026-9916: Out of bounds write in ANGLE * CVE-2026-9917: Uninitialized Use in WebGL * CVE-2026-9918: Inappropriate implementation in Tint * CVE-2026-9919: Out of bounds read in WebGL * CVE-2026-9920: Uninitialized Use in GPU * CVE-2026-9921: Uninitialized Use in WebGL * CVE-2026-9922: Use after free in GPU * CVE-2026-9923: Use after free in Skia * CVE-2026-9924: Heap buffer overflow in ANGLE * CVE-2026-9925: Use after free in ANGLE * CVE-2026-9926: Heap buffer overflow in ANGLE * CVE-2026-9927: Use after free in ANGLE * CVE-2026-9928: Outof bounds read in ANGLE * CVE-2026-9929: Inappropriate implementation in WebGL * CVE-2026-9930: Out of bounds write in Dawn * CVE-2026-9931: Use after free in GPU * CVE-2026-9932: Use after free in ANGLE * CVE-2026-9933: Use after free in Input * CVE-2026-9934: Use after free in Aura * CVE-2026-9935: Uninitialized Use in ANGLE * CVE-2026-9936: Use after free in GFX * CVE-2026-9937: Use after free in UI * CVE-2026-9938: Inappropriate implementation in V8 * CVE-2026-9939: Heap buffer overflow in WebCodecs * CVE-2026-9940: Heap buffer overflow in ANGLE * CVE-2026-9941: Use after free in ANGLE * CVE-2026-9942: Uninitialized Use in ANGLE * CVE-2026-9943: Out of bounds read in WebGL * CVE-2026-9944: Uninitialized Use in ANGLE * CVE-2026-9945: Use after free in Media * CVE-2026-9946: Use after free in ANGLE * CVE-2026-9947: Use after free in XML * CVE-2026-9948: Use after free in Views * CVE-2026-9949: Use after free in Core * CVE-2026-9950: Insufficient validation of untrusted input in iOS * CVE-2026-9951: Use after free in UI * CVE-2026-9952: Use after free in WebAudio * CVE-2026-9953: Out of bounds read in ANGLE * CVE-2026-9954: Use after free in TabStrip * CVE-2026-9955: Inappropriate implementation in iOS * CVE-2026-9956: Use after free in iOS * CVE-2026-9957: Use after free in PDF * CVE-2026-9958: Use after free in PDFium * CVE-2026-9959: Race in WebRTC * CVE-2026-9960: Integer overflow in PDFium * CVE-2026-9961: Use after free in SurfaceCapture * CVE-2026-9962: Use after free in WebRTC * CVE-2026-9963: Uninitialized Use in iOS * CVE-2026-9964: Use after free in Bluetooth * CVE-2026-9965: Out of bounds write in ANGLE * CVE-2026-9966: Integer overflow in XML * CVE-2026-9967: Out of bounds write in GPU * CVE-2026-9968: Integer overflow in V8 * CVE-2026-9969: Insufficient validation of untrusted input in ANGLE * CVE-2026-9970: Use after free in WebGL * CVE-2026-9971: Inappropriate implementation in iOS * CVE-2026-9972:Uninitialized Use in Gamepad * CVE-2026-9973: Out of bounds write in V8 * CVE-2026-9974: Out of bounds write in GPU * CVE-2026-9975: Out of bounds read and write in ANGLE * CVE-2026-9976: Inappropriate implementation in USB * CVE-2026-9977: Insufficient validation of untrusted input in WebShare * CVE-2026-9978: Use after free in Glic * CVE-2026-9979: Insufficient validation of untrusted input in Input * CVE-2026-9980: Insufficient validation of untrusted input in Printing * CVE-2026-9981: Inappropriate implementation in Skia * CVE-2026-9982: Insufficient validation of untrusted input in ANGLE * CVE-2026-9983: Type Confusion in Skia * CVE-2026-9984: Use after free in UI * CVE-2026-9985: Insufficient validation of untrusted input in Media * CVE-2026-9986: Insufficient validation of untrusted input in OptimizationGuide * CVE-2026-9987: Insufficient validation of untrusted input in WebAppInstalls * CVE-2026-9988: Use after free in WebRTC * CVE-2026-9989: Inappropriate implementation in Media * CVE-2026-9990: Use after free in WebAppInstalls * CVE-2026-9991: Inappropriate implementation in Media * CVE-2026-9992: Use after free in Network * CVE-2026-9993: Use after free in Views * CVE-2026-9994: Use after free in Core * CVE-2026-9995: Use after free in WebXR * CVE-2026-9996: Out of bounds read in WebRTC * CVE-2026-9997: Use after free in Input * CVE-2026-9998: Integer overflow in Skia * CVE-2026-9999: Inappropriate implementation in ANGLE * CVE-2026-10000: Use after free in Passwords * CVE-2026-10001: Use after free in PerformanceManager * CVE-2026-10002: Use after free in PDFium * CVE-2026-10003: Use after free in Views * CVE-2026-10004: Insufficient validation of untrusted input in Passwords * CVE-2026-10005: Use after free in WebAppInstalls * CVE-2026-10006: Race in WebAudio * CVE-2026-10007: Use after free in SVG * CVE-2026-10008: Uninitialized Use in GPU * CVE-2026-10009: Integer overflow in Skia * CVE-2026-10010: Inappropriateimplementation in Input * CVE-2026-10011: Inappropriate implementation in Skia * CVE-2026-10012: Use after free in Skia * CVE-2026-10013: Use after free in WebCodecs * CVE-2026-10014: Use after free in WebMIDI * CVE-2026-10015: Integer overflow in WTF * CVE-2026-10016: Use after free in DOM * CVE-2026-10017: Out of bounds read in Headless * CVE-2026-10018: Integer overflow in ANGLE * CVE-2026-10019: Integer overflow in ANGLE * CVE-2026-10020: Insufficient validation of untrusted input in Skia * CVE-2026-10021: Insufficient validation of untrusted input in USB * CVE-2026-10022: Type Confusion in V8 Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-packagehub-279=1 Package List: - openSUSE Leap 16.0: chromedriver-148.0.7778.215-bp160.1.1 chromium-148.0.7778.215-bp160.1.1 References: * https://www.suse.com/security/cve/CVE-2026-10000.html * https://www.suse.com/security/cve/CVE-2026-10001.html * https://www.suse.com/security/cve/CVE-2026-10002.html * https://www.suse.com/security/cve/CVE-2026-10003.html * https://www.suse.com/security/cve/CVE-2026-10004.html * https://www.suse.com/security/cve/CVE-2026-10005.html * https://www.suse.com/security/cve/CVE-2026-10006.html * https://www.suse.com/security/cve/CVE-2026-10007.html * https://www.suse.com/security/cve/CVE-2026-10008.html * https://www.suse.com/security/cve/CVE-2026-10009.html * https://www.suse.com/security/cve/CVE-2026-10010.html * https://www.suse.com/security/cve/CVE-2026-10011.html * https://www.suse.com/security/cve/CVE-2026-10012.html * https://www.suse.com/security/cve/CVE-2026-10013.html * https://www.suse.com/security/cve/CVE-2026-10014.html * https://www.suse.com/security/cve/CVE-2026-10015.html *https://www.suse.com/security/cve/CVE-2026-10016.html * https://www.suse.com/security/cve/CVE-2026-10017.html * https://www.suse.com/security/cve/CVE-2026-10018.html * https://www.suse.com/security/cve/CVE-2026-10019.html * https://www.suse.com/security/cve/CVE-2026-10020.html * https://www.suse.com/security/cve/CVE-2026-10021.html * https://www.suse.com/security/cve/CVE-2026-10022.html * https://www.suse.com/security/cve/CVE-2026-9872.html * https://www.suse.com/security/cve/CVE-2026-9873.html * https://www.suse.com/security/cve/CVE-2026-9874.html * https://www.suse.com/security/cve/CVE-2026-9875.html * https://www.suse.com/security/cve/CVE-2026-9876.html * https://www.suse.com/security/cve/CVE-2026-9877.html * https://www.suse.com/security/cve/CVE-2026-9878.html * https://www.suse.com/security/cve/CVE-2026-9879.html * https://www.suse.com/security/cve/CVE-2026-9880.html * https://www.suse.com/security/cve/CVE-2026-9881.html * https://www.suse.com/security/cve/CVE-2026-9882.html * https://www.suse.com/security/cve/CVE-2026-9883.html * https://www.suse.com/security/cve/CVE-2026-9884.html * https://www.suse.com/security/cve/CVE-2026-9885.html * https://www.suse.com/security/cve/CVE-2026-9886.html * https://www.suse.com/security/cve/CVE-2026-9887.html * https://www.suse.com/security/cve/CVE-2026-9888.html * https://www.suse.com/security/cve/CVE-2026-9889.html * https://www.suse.com/security/cve/CVE-2026-9890.html * https://www.suse.com/security/cve/CVE-2026-9891.html * https://www.suse.com/security/cve/CVE-2026-9892.html * https://www.suse.com/security/cve/CVE-2026-9893.html * https://www.suse.com/security/cve/CVE-2026-9894.html * https://www.suse.com/security/cve/CVE-2026-9895.html * https://www.suse.com/security/cve/CVE-2026-9896.html * https://www.suse.com/security/cve/CVE-2026-9897.html * https://www.suse.com/security/cve/CVE-2026-9898.html * https://www.suse.com/security/cve/CVE-2026-9899.html *https://www.suse.com/security/cve/CVE-2026-9900.html * https://www.suse.com/security/cve/CVE-2026-9901.html * https://www.suse.com/security/cve/CVE-2026-9902.html * https://www.suse.com/security/cve/CVE-2026-9903.html * https://www.suse.com/security/cve/CVE-2026-9904.html * https://www.suse.com/security/cve/CVE-2026-9905.html * https://www.suse.com/security/cve/CVE-2026-9906.html * https://www.suse.com/security/cve/CVE-2026-9907.html * https://www.suse.com/security/cve/CVE-2026-9908.html * https://www.suse.com/security/cve/CVE-2026-9909.html * https://www.suse.com/security/cve/CVE-2026-9910.html * https://www.suse.com/security/cve/CVE-2026-9911.html * https://www.suse.com/security/cve/CVE-2026-9912.html * https://www.suse.com/security/cve/CVE-2026-9913.html * https://www.suse.com/security/cve/CVE-2026-9914.html * https://www.suse.com/security/cve/CVE-2026-9915.html * https://www.suse.com/security/cve/CVE-2026-9916.html * https://www.suse.com/security/cve/CVE-2026-9917.html * https://www.suse.com/security/cve/CVE-2026-9918.html * https://www.suse.com/security/cve/CVE-2026-9919.html * https://www.suse.com/security/cve/CVE-2026-9920.html * https://www.suse.com/security/cve/CVE-2026-9921.html * https://www.suse.com/security/cve/CVE-2026-9922.html * https://www.suse.com/security/cve/CVE-2026-9923.html * https://www.suse.com/security/cve/CVE-2026-9924.html * https://www.suse.com/security/cve/CVE-2026-9925.html * https://www.suse.com/security/cve/CVE-2026-9926.html * https://www.suse.com/security/cve/CVE-2026-9927.html * https://www.suse.com/security/cve/CVE-2026-9928.html * https://www.suse.com/security/cve/CVE-2026-9929.html * https://www.suse.com/security/cve/CVE-2026-9930.html * https://www.suse.com/security/cve/CVE-2026-9931.html * https://www.suse.com/security/cve/CVE-2026-9932.html * https://www.suse.com/security/cve/CVE-2026-9933.html * https://www.suse.com/security/cve/CVE-2026-9934.html *https://www.suse.com/security/cve/CVE-2026-9935.html * https://www.suse.com/security/cve/CVE-2026-9936.html * https://www.suse.com/security/cve/CVE-2026-9937.html * https://www.suse.com/security/cve/CVE-2026-9938.html * https://www.suse.com/security/cve/CVE-2026-9939.html * https://www.suse.com/security/cve/CVE-2026-9940.html * https://www.suse.com/security/cve/CVE-2026-9941.html * https://www.suse.com/security/cve/CVE-2026-9942.html * https://www.suse.com/security/cve/CVE-2026-9943.html * https://www.suse.com/security/cve/CVE-2026-9944.html * https://www.suse.com/security/cve/CVE-2026-9945.html * https://www.suse.com/security/cve/CVE-2026-9946.html * https://www.suse.com/security/cve/CVE-2026-9947.html * https://www.suse.com/security/cve/CVE-2026-9948.html * https://www.suse.com/security/cve/CVE-2026-9949.html * https://www.suse.com/security/cve/CVE-2026-9950.html * https://www.suse.com/security/cve/CVE-2026-9951.html * https://www.suse.com/security/cve/CVE-2026-9952.html * https://www.suse.com/security/cve/CVE-2026-9953.html * https://www.suse.com/security/cve/CVE-2026-9954.html * https://www.suse.com/security/cve/CVE-2026-9955.html * https://www.suse.com/security/cve/CVE-2026-9956.html * https://www.suse.com/security/cve/CVE-2026-9957.html * https://www.suse.com/security/cve/CVE-2026-9958.html * https://www.suse.com/security/cve/CVE-2026-9959.html * https://www.suse.com/security/cve/CVE-2026-9960.html * https://www.suse.com/security/cve/CVE-2026-9961.html * https://www.suse.com/security/cve/CVE-2026-9962.html * https://www.suse.com/security/cve/CVE-2026-9963.html * https://www.suse.com/security/cve/CVE-2026-9964.html * https://www.suse.com/security/cve/CVE-2026-9965.html * https://www.suse.com/security/cve/CVE-2026-9966.html * https://www.suse.com/security/cve/CVE-2026-9967.html * https://www.suse.com/security/cve/CVE-2026-9968.html * https://www.suse.com/security/cve/CVE-2026-9969.html *https://www.suse.com/security/cve/CVE-2026-9970.html * https://www.suse.com/security/cve/CVE-2026-9971.html * https://www.suse.com/security/cve/CVE-2026-9972.html * https://www.suse.com/security/cve/CVE-2026-9973.html * https://www.suse.com/security/cve/CVE-2026-9974.html * https://www.suse.com/security/cve/CVE-2026-9975.html * https://www.suse.com/security/cve/CVE-2026-9976.html * https://www.suse.com/security/cve/CVE-2026-9977.html * https://www.suse.com/security/cve/CVE-2026-9978.html * https://www.suse.com/security/cve/CVE-2026-9979.html * https://www.suse.com/security/cve/CVE-2026-9980.html * https://www.suse.com/security/cve/CVE-2026-9981.html * https://www.suse.com/security/cve/CVE-2026-9982.html * https://www.suse.com/security/cve/CVE-2026-9983.html * https://www.suse.com/security/cve/CVE-2026-9984.html * https://www.suse.com/security/cve/CVE-2026-9985.html * https://www.suse.com/security/cve/CVE-2026-9986.html * https://www.suse.com/security/cve/CVE-2026-9987.html * https://www.suse.com/security/cve/CVE-2026-9988.html * https://www.suse.com/security/cve/CVE-2026-9989.html * https://www.suse.com/security/cve/CVE-2026-9990.html * https://www.suse.com/security/cve/CVE-2026-9991.html * https://www.suse.com/security/cve/CVE-2026-9992.html * https://www.suse.com/security/cve/CVE-2026-9993.html * https://www.suse.com/security/cve/CVE-2026-9994.html * https://www.suse.com/security/cve/CVE-2026-9995.html * https://www.suse.com/security/cve/CVE-2026-9996.html * https://www.suse.com/security/cve/CVE-2026-9997.html * https://www.suse.com/security/cve/CVE-2026-9998.html * https://www.suse.com/security/cve/CVE-2026-9999.html . Update for openSUSE fixing 151 vulnerabilities in Chromium, including performance improvements and a critical bug fix.. Linux Security Update, openSUSE Vulnerability Fix, Chromium Security Advisory. . Severity: Important. LinuxSecurity.com Team
Jun 01, 2026
•Important
OpenSUSE
217
security advisorymoderatekernelOracle Linux 9: ELSA-2025-10837 Kernel Moderate Advisory
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-10837 http://linux.oracle.com/errata/ELSA-2025-10837.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable LinuxNetwork: x86_64: kernel-5.14.0-570.26.1.0.1.el9_6.x86_64.rpm kernel-abi-stablelists-5.14.0-570.26.1.0.1.el9_6.noarch.rpm kernel-core-5.14.0-570.26.1.0.1.el9_6.x86_64.rpm kernel-cross-headers-5.14.0-570.26.1.0.1.el9_6.x86_64.rpm kernel-debug-5.14.0-570.26.1.0.1.el9_6.x86_64.rpm kernel-debug-core-5.14.0-570.26.1.0.1.el9_6.x86_64.rpm kernel-debug-devel-5.14.0-570.26.1.0.1.el9_6.x86_64.rpm kernel-debug-devel-matched-5.14.0-570.26.1.0.1.el9_6.x86_64.rpm kernel-debug-modules-5.14.0-570.26.1.0.1.el9_6.x86_64.rpm kernel-debug-modules-core-5.14.0-570.26.1.0.1.el9_6.x86_64.rpm kernel-debug-modules-extra-5.14.0-570.26.1.0.1.el9_6.x86_64.rpm kernel-debug-uki-virt-5.14.0-570.26.1.0.1.el9_6.x86_64.rpm kernel-devel-5.14.0-570.26.1.0.1.el9_6.x86_64.rpm kernel-devel-matched-5.14.0-570.26.1.0.1.el9_6.x86_64.rpm kernel-doc-5.14.0-570.26.1.0.1.el9_6.noarch.rpm kernel-headers-5.14.0-570.26.1.0.1.el9_6.x86_64.rpm kernel-modules-5.14.0-570.26.1.0.1.el9_6.x86_64.rpm kernel-modules-core-5.14.0-570.26.1.0.1.el9_6.x86_64.rpm kernel-modules-extra-5.14.0-570.26.1.0.1.el9_6.x86_64.rpm kernel-tools-5.14.0-570.26.1.0.1.el9_6.x86_64.rpm kernel-tools-libs-5.14.0-570.26.1.0.1.el9_6.x86_64.rpm kernel-tools-libs-devel-5.14.0-570.26.1.0.1.el9_6.x86_64.rpm kernel-uki-virt-5.14.0-570.26.1.0.1.el9_6.x86_64.rpm kernel-uki-virt-addons-5.14.0-570.26.1.0.1.el9_6.x86_64.rpm libperf-5.14.0-570.26.1.0.1.el9_6.x86_64.rpm perf-5.14.0-570.26.1.0.1.el9_6.x86_64.rpm python3-perf-5.14.0-570.26.1.0.1.el9_6.x86_64.rpm rtla-5.14.0-570.26.1.0.1.el9_6.x86_64.rpm rv-5.14.0-570.26.1.0.1.el9_6.x86_64.rpm aarch64: kernel-cross-headers-5.14.0-570.26.1.0.1.el9_6.aarch64.rpm kernel-headers-5.14.0-570.26.1.0.1.el9_6.aarch64.rpm kernel-tools-5.14.0-570.26.1.0.1.el9_6.aarch64.rpm kernel-tools-libs-5.14.0-570.26.1.0.1.el9_6.aarch64.rpm kernel-tools-libs-devel-5.14.0-570.26.1.0.1.el9_6.aarch64.rpm perf-5.14.0-570.26.1.0.1.el9_6.aarch64.rpm python3-perf-5.14.0-570.26.1.0.1.el9_6.aarch64.rpm rtla-5.14.0-570.26.1.0.1.el9_6.aarch64.rpm rv-5.14.0-570.26.1.0.1.el9_6.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/kernel-5.14.0-570.26.1.0.1.el9_6.src.rpm Related CVEs: CVE-2025-21991 Description of changes: [5.14.0-570.26.1.0.1.el9_6.OL9] - nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64
Jul 16, 2025
Oracle
89
security advisoryfedoracriticalFedora 36 Critical Advisory: 2023-4e6353c6f7 Chromium Security Fix
Update to 110.0.5481.77. Fixes the following security issues: CVE-2023-0696 CVE-2023-0697 CVE-2023-0698 CVE-2023-0699 CVE-2023-0700 CVE-2023-0701 CVE-2023-0702 CVE-2023-0703 CVE-2023-0704 CVE-2023-0705 CVE-2023-25193. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-4e6353c6f7 2023-02-13 01:23:28.995426 --------------------------------------------------------------------------------Name : chromium Product : Fedora 36 Version : 110.0.5481.77 Release : 1.fc36 URL : https://www.chromium.org/Home/ Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). --------------------------------------------------------------------------------Update Information: Update to 110.0.5481.77. Fixes the following security issues: CVE-2023-0696 CVE-2023-0697 CVE-2023-0698 CVE-2023-0699 CVE-2023-0700 CVE-2023-0701 CVE-2023-0702 CVE-2023-0703 CVE-2023-0704 CVE-2023-0705 CVE-2023-25193 --------------------------------------------------------------------------------ChangeLog: * Wed Feb 8 2023 Than Ngo - 110.0.5481.77-1 - update to 110.0.5481.77 * Sat Feb 4 2023 Than Ngo - 110.0.5481.61-1 - update to 110.0.5481.61 * Thu Feb 2 2023 Jan Grulich - 109.0.5414.119-2 - Use ffmpeg decoders for h264 support --------------------------------------------------------------------------------References: [ 1 ] Bug #2167630 - CVE-2023-25193 chromium: harfbuzz: allows attackers to trigger O(n^2) growth via consecutive marks [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2167630 [ 2 ] Bug #2168785 - CVE-2023-0696 CVE-2023-0697 CVE-2023-0698 CVE-2023-0699 CVE-2023-0700 CVE-2023-0701 CVE-2023-0702 CVE-2023-0703 CVE-2023-0704 CVE-2023-0705 chromium: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2168785 [ 3 ] Bug #2168786 - CVE-2023-0696 CVE-2023-0697CVE-2023-0698 CVE-2023-0699 CVE-2023-0700 CVE-2023-0701 CVE-2023-0702 CVE-2023-0703 CVE-2023-0704 CVE-2023-0705 chromium: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2168786 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-4e6353c6f7' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Feb 13, 2023
•Critical
Fedora
98
security advisorymoderate severityRed Hat EnterpriseRed Hat Enterprise: RHSA-2023-0402-01 Moderate: Cache Poisoning Risk
An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: bind security update Advisory ID: RHSA-2023:0402-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:0402 Issue date: 2023-01-24 CVE Names: CVE-2021-25220 CVE-2022-2795 ==================================================================== 1. Summary: An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): *bind: DNS forwarders - cache poisoning vulnerability (CVE-2021-25220) * bind: processing large delegations may severely degrade resolver performance (CVE-2022-2795) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, the BIND daemon (named) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 2064512 - CVE-2021-25220 bind: DNS forwarders - cache poisoning vulnerability 2128584 - CVE-2022-2795 bind: processing large delegations may severely degrade resolver performance 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: bind-9.11.4-26.P2.el7_9.13.src.rpm noarch: bind-license-9.11.4-26.P2.el7_9.13.noarch.rpm x86_64: bind-debuginfo-9.11.4-26.P2.el7_9.13.i686.rpm bind-debuginfo-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-export-libs-9.11.4-26.P2.el7_9.13.i686.rpm bind-export-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-libs-9.11.4-26.P2.el7_9.13.i686.rpm bind-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-libs-lite-9.11.4-26.P2.el7_9.13.i686.rpm bind-libs-lite-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-utils-9.11.4-26.P2.el7_9.13.x86_64.rpm Red Hat Enterprise Linux Client Optional (v.7): x86_64: bind-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-chroot-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-debuginfo-9.11.4-26.P2.el7_9.13.i686.rpm bind-debuginfo-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-devel-9.11.4-26.P2.el7_9.13.i686.rpm bind-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-export-devel-9.11.4-26.P2.el7_9.13.i686.rpm bind-export-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-lite-devel-9.11.4-26.P2.el7_9.13.i686.rpm bind-lite-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-pkcs11-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.13.i686.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.13.i686.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-pkcs11-utils-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-sdb-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-sdb-chroot-9.11.4-26.P2.el7_9.13.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: bind-9.11.4-26.P2.el7_9.13.src.rpm noarch: bind-license-9.11.4-26.P2.el7_9.13.noarch.rpm x86_64: bind-debuginfo-9.11.4-26.P2.el7_9.13.i686.rpm bind-debuginfo-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-export-libs-9.11.4-26.P2.el7_9.13.i686.rpm bind-export-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-libs-9.11.4-26.P2.el7_9.13.i686.rpm bind-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-libs-lite-9.11.4-26.P2.el7_9.13.i686.rpm bind-libs-lite-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-utils-9.11.4-26.P2.el7_9.13.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v.7): x86_64: bind-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-chroot-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-debuginfo-9.11.4-26.P2.el7_9.13.i686.rpm bind-debuginfo-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-devel-9.11.4-26.P2.el7_9.13.i686.rpm bind-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-export-devel-9.11.4-26.P2.el7_9.13.i686.rpm bind-export-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-lite-devel-9.11.4-26.P2.el7_9.13.i686.rpm bind-lite-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-pkcs11-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.13.i686.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.13.i686.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-pkcs11-utils-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-sdb-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-sdb-chroot-9.11.4-26.P2.el7_9.13.x86_64.rpm Red Hat Enterprise Linux Server (v.7): Source: bind-9.11.4-26.P2.el7_9.13.src.rpm noarch: bind-license-9.11.4-26.P2.el7_9.13.noarch.rpm ppc64: bind-9.11.4-26.P2.el7_9.13.ppc64.rpm bind-chroot-9.11.4-26.P2.el7_9.13.ppc64.rpm bind-debuginfo-9.11.4-26.P2.el7_9.13.ppc.rpm bind-debuginfo-9.11.4-26.P2.el7_9.13.ppc64.rpm bind-export-libs-9.11.4-26.P2.el7_9.13.ppc.rpm bind-export-libs-9.11.4-26.P2.el7_9.13.ppc64.rpm bind-libs-9.11.4-26.P2.el7_9.13.ppc.rpm bind-libs-9.11.4-26.P2.el7_9.13.ppc64.rpm bind-libs-lite-9.11.4-26.P2.el7_9.13.ppc.rpm bind-libs-lite-9.11.4-26.P2.el7_9.13.ppc64.rpm bind-pkcs11-9.11.4-26.P2.el7_9.13.ppc64.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.13.ppc.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.13.ppc64.rpm bind-pkcs11-utils-9.11.4-26.P2.el7_9.13.ppc64.rpm bind-utils-9.11.4-26.P2.el7_9.13.ppc64.rpm ppc64le: bind-9.11.4-26.P2.el7_9.13.ppc64le.rpm bind-chroot-9.11.4-26.P2.el7_9.13.ppc64le.rpm bind-debuginfo-9.11.4-26.P2.el7_9.13.ppc64le.rpm bind-export-libs-9.11.4-26.P2.el7_9.13.ppc64le.rpm bind-libs-9.11.4-26.P2.el7_9.13.ppc64le.rpm bind-libs-lite-9.11.4-26.P2.el7_9.13.ppc64le.rpm bind-pkcs11-9.11.4-26.P2.el7_9.13.ppc64le.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.13.ppc64le.rpm bind-pkcs11-utils-9.11.4-26.P2.el7_9.13.ppc64le.rpm bind-utils-9.11.4-26.P2.el7_9.13.ppc64le.rpm s390x: bind-9.11.4-26.P2.el7_9.13.s390x.rpm bind-chroot-9.11.4-26.P2.el7_9.13.s390x.rpm bind-debuginfo-9.11.4-26.P2.el7_9.13.s390.rpm bind-debuginfo-9.11.4-26.P2.el7_9.13.s390x.rpm bind-export-libs-9.11.4-26.P2.el7_9.13.s390.rpm bind-export-libs-9.11.4-26.P2.el7_9.13.s390x.rpm bind-libs-9.11.4-26.P2.el7_9.13.s390.rpm bind-libs-9.11.4-26.P2.el7_9.13.s390x.rpm bind-libs-lite-9.11.4-26.P2.el7_9.13.s390.rpm bind-libs-lite-9.11.4-26.P2.el7_9.13.s390x.rpm bind-pkcs11-9.11.4-26.P2.el7_9.13.s390x.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.13.s390.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.13.s390x.rpm bind-pkcs11-utils-9.11.4-26.P2.el7_9.13.s390x.rpm bind-utils-9.11.4-26.P2.el7_9.13.s390x.rpm x86_64: bind-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-chroot-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-debuginfo-9.11.4-26.P2.el7_9.13.i686.rpm bind-debuginfo-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-export-libs-9.11.4-26.P2.el7_9.13.i686.rpm bind-export-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-libs-9.11.4-26.P2.el7_9.13.i686.rpm bind-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-libs-lite-9.11.4-26.P2.el7_9.13.i686.rpm bind-libs-lite-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-pkcs11-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.13.i686.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-pkcs11-utils-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-utils-9.11.4-26.P2.el7_9.13.x86_64.rpm Red Hat Enterprise Linux Server Optional (v.7): ppc64: bind-debuginfo-9.11.4-26.P2.el7_9.13.ppc.rpm bind-debuginfo-9.11.4-26.P2.el7_9.13.ppc64.rpm bind-devel-9.11.4-26.P2.el7_9.13.ppc.rpm bind-devel-9.11.4-26.P2.el7_9.13.ppc64.rpm bind-export-devel-9.11.4-26.P2.el7_9.13.ppc.rpm bind-export-devel-9.11.4-26.P2.el7_9.13.ppc64.rpm bind-lite-devel-9.11.4-26.P2.el7_9.13.ppc.rpm bind-lite-devel-9.11.4-26.P2.el7_9.13.ppc64.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.13.ppc.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.13.ppc64.rpm bind-sdb-9.11.4-26.P2.el7_9.13.ppc64.rpm bind-sdb-chroot-9.11.4-26.P2.el7_9.13.ppc64.rpm ppc64le: bind-debuginfo-9.11.4-26.P2.el7_9.13.ppc64le.rpm bind-devel-9.11.4-26.P2.el7_9.13.ppc64le.rpm bind-export-devel-9.11.4-26.P2.el7_9.13.ppc64le.rpm bind-lite-devel-9.11.4-26.P2.el7_9.13.ppc64le.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.13.ppc64le.rpm bind-sdb-9.11.4-26.P2.el7_9.13.ppc64le.rpm bind-sdb-chroot-9.11.4-26.P2.el7_9.13.ppc64le.rpm s390x: bind-debuginfo-9.11.4-26.P2.el7_9.13.s390.rpm bind-debuginfo-9.11.4-26.P2.el7_9.13.s390x.rpm bind-devel-9.11.4-26.P2.el7_9.13.s390.rpm bind-devel-9.11.4-26.P2.el7_9.13.s390x.rpm bind-export-devel-9.11.4-26.P2.el7_9.13.s390.rpm bind-export-devel-9.11.4-26.P2.el7_9.13.s390x.rpm bind-lite-devel-9.11.4-26.P2.el7_9.13.s390.rpm bind-lite-devel-9.11.4-26.P2.el7_9.13.s390x.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.13.s390.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.13.s390x.rpm bind-sdb-9.11.4-26.P2.el7_9.13.s390x.rpm bind-sdb-chroot-9.11.4-26.P2.el7_9.13.s390x.rpm x86_64: bind-debuginfo-9.11.4-26.P2.el7_9.13.i686.rpm bind-debuginfo-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-devel-9.11.4-26.P2.el7_9.13.i686.rpm bind-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-export-devel-9.11.4-26.P2.el7_9.13.i686.rpm bind-export-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-lite-devel-9.11.4-26.P2.el7_9.13.i686.rpm bind-lite-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.13.i686.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-sdb-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-sdb-chroot-9.11.4-26.P2.el7_9.13.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: bind-9.11.4-26.P2.el7_9.13.src.rpm noarch: bind-license-9.11.4-26.P2.el7_9.13.noarch.rpm x86_64: bind-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-chroot-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-debuginfo-9.11.4-26.P2.el7_9.13.i686.rpm bind-debuginfo-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-export-libs-9.11.4-26.P2.el7_9.13.i686.rpm bind-export-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-libs-9.11.4-26.P2.el7_9.13.i686.rpm bind-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-libs-lite-9.11.4-26.P2.el7_9.13.i686.rpm bind-libs-lite-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-pkcs11-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.13.i686.rpm bind-pkcs11-libs-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-pkcs11-utils-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-utils-9.11.4-26.P2.el7_9.13.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: bind-debuginfo-9.11.4-26.P2.el7_9.13.i686.rpm bind-debuginfo-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-devel-9.11.4-26.P2.el7_9.13.i686.rpm bind-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-export-devel-9.11.4-26.P2.el7_9.13.i686.rpm bind-export-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-lite-devel-9.11.4-26.P2.el7_9.13.i686.rpm bind-lite-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.13.i686.rpm bind-pkcs11-devel-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-sdb-9.11.4-26.P2.el7_9.13.x86_64.rpm bind-sdb-chroot-9.11.4-26.P2.el7_9.13.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-25220 https://access.redhat.com/security/cve/CVE-2022-2795 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version:GnuPG v1 iQIVAwUBY9AIs9zjgjWX9erEAQiz9BAAiQvmAQ5DWdOQbHHizPAHBnKnBtNBfCT3 iaAzKQ0Yrpk26N9cdrvcBJwdrHpI28VJ3eemFUxQFseUqtAErsgfL4QqnjPjQgsp U2qLPjqbzfOrbi1CuruMMIIbtxfwvsdic8OB9Zi7XzfZjWm2X4c6Ima+QXol6x9a 8J2qdzCqhoYUXJgdpVK9nAAGsPtidcnqLYYIcTclJArp6uRSlEEk7EbNJvs2SAbj MUo5aq5BoVy2TkiMyqhT5voy6K8f4c7WbQYerNieps18541ZSr29fAzWBznr3Yns gE10Aaoa8uCxlaexFR8EahPVYe6wJAm6R62LBabEWChbzW0oxr7X2DdzX9eiOwl0 wJT0n4GHoFsCGMa+v1yybkjHIUfiW25WC7bC4QDj4fjTpbicVlnttXhQJwCJK5bb PC27GE6qi7EqwHYJa/jPenbIG38mXj/r2bwIr1qYQMLjQ8BQIneShky3ZWE4l/jd zTMwGVal8ACBYdCALx/O9QNyzaO92xHLnKl3DIoqaQdjasIfGp/G6Xc1YggKyZAP VVtXPiOIbReBVNWiBXMH1ZEQeNon4su0/MbMWrmJpwvEzYeXkuWO98LZ4dlLVuim NG/dJ6RqzT6/aqRNVyOt5s4SLIQ5DrPXoPnZRUBsbpWhP6lxPhESKA0TUg5FYz33 eDGIrZR4jEY=azJw -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jan 24, 2023
Red Hat
100
security advisorykernel updateprivilege escalationSUSE Linux Enterprise 15 SP2: 2022:3476-1 Important Kernel Update
An update that fixes three vulnerabilities is now available. . SUSE Security Update: Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3476-1 Rating: important References: #1199695 #1200057 #1203116 Cross-References: CVE-2022-1652 CVE-2022-29581 CVE-2022-39188 CVSS scores: CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29581 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29581 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150200_24_112 fixes several issues. The following security issues were fixed: - CVE-2022-39188: Fixed a race condition between unmap_mapping_range() and munmap() on VM_PFNMAP mappings leads to stale TLB entry (bsc#1203116). - CVE-2022-29581: Fixed an improper Update of Reference Count vulnerability in net/sched that causes privilege escalation to root (bsc#1199695). - CVE-2022-1652: Fixed a use-after-free in bad_flp_intr (bsc#1200057). Patch Instructions: To install this SUSE Security Update use theSUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-3474=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-3476=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-3478=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-3479=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-3482=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150200_24_112-default-8-150200.2.2 kernel-livepatch-5_3_18-150200_24_112-default-debuginfo-8-150200.2.2 kernel-livepatch-5_3_18-24_102-default-13-150200.2.2 kernel-livepatch-5_3_18-24_102-default-debuginfo-13-150200.2.2 kernel-livepatch-5_3_18-24_93-default-16-150200.2.2 kernel-livepatch-5_3_18-24_93-default-debuginfo-16-150200.2.2 kernel-livepatch-5_3_18-24_96-default-15-150200.2.2 kernel-livepatch-5_3_18-24_96-default-debuginfo-15-150200.2.2 kernel-livepatch-5_3_18-24_99-default-14-150200.2.2 kernel-livepatch-5_3_18-24_99-default-debuginfo-14-150200.2.2 kernel-livepatch-SLE15-SP2_Update_21-debugsource-16-150200.2.2 kernel-livepatch-SLE15-SP2_Update_22-debugsource-15-150200.2.2 kernel-livepatch-SLE15-SP2_Update_23-debugsource-14-150200.2.2 kernel-livepatch-SLE15-SP2_Update_24-debugsource-13-150200.2.2 kernel-livepatch-SLE15-SP2_Update_26-debugsource-8-150200.2.2 References: https://www.suse.com/security/cve/CVE-2022-1652.html https://www.suse.com/security/cve/CVE-2022-29581.html https://www.suse.com/security/cve/CVE-2022-39188.html https://bugzilla.suse.com/1199695 https://bugzilla.suse.com/1200057 https://bugzilla.suse.com/1203116 . Mitigating vulnerabilities in the SUSE Linux Kernel includes essential updates to address risks associated with Live Patching, ensuring secure system operations areprioritized. SUSE Linux Kernel, Live Patch, Security Patch, Privilege Escalation, Update Instructions. . Severity: Important. LinuxSecurity.com Team
Sep 30, 2022
•Important
SuSE
98
security advisorysecurity updatedoSRed Hat: .NET 6.0 Important DoS Security Advisory RHSA-2022:2199-01
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: .NET 6.0 security, bug fix, and enhancement update Advisory ID: RHSA-2022:2199-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:2199 Issue date: 2022-05-11 CVE Names: CVE-2022-23267 CVE-2022-29117 CVE-2022-29145 ==================================================================== 1. Summary: An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, s390x, x86_64 Red Hat Enterprise Linux AppStream (v. 8) - aarch64, s390x, x86_64 3. Description: .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 6.0.105 and .NET Core Runtime 6.0.5. Security Fix(es): * dotnet: excess memory allocation via HttpClient causes DoS (CVE-2022-23267) * dotnet: malicious content causes high CPU and memory usage (CVE-2022-29117) * dotnet: parsing HTML causes Denial of Service (CVE-2022-29145) For more details about the security issue(s), including the impact, a CVSS score,acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2083647 - CVE-2022-29117 dotnet: malicious content causes high CPU and memory usage 2083649 - CVE-2022-29145 dotnet: parsing HTML causes Denial of Service 2083650 - CVE-2022-23267 dotnet: excess memory allocation via HttpClient causes DoS 6. Package List: Red Hat Enterprise Linux AppStream (v.8): Source: dotnet6.0-6.0.105-1.el8_6.src.rpm aarch64: aspnetcore-runtime-6.0-6.0.5-1.el8_6.aarch64.rpm aspnetcore-targeting-pack-6.0-6.0.5-1.el8_6.aarch64.rpm dotnet-6.0.105-1.el8_6.aarch64.rpm dotnet-apphost-pack-6.0-6.0.5-1.el8_6.aarch64.rpm dotnet-apphost-pack-6.0-debuginfo-6.0.5-1.el8_6.aarch64.rpm dotnet-host-6.0.5-1.el8_6.aarch64.rpm dotnet-host-debuginfo-6.0.5-1.el8_6.aarch64.rpm dotnet-hostfxr-6.0-6.0.5-1.el8_6.aarch64.rpm dotnet-hostfxr-6.0-debuginfo-6.0.5-1.el8_6.aarch64.rpm dotnet-runtime-6.0-6.0.5-1.el8_6.aarch64.rpm dotnet-runtime-6.0-debuginfo-6.0.5-1.el8_6.aarch64.rpm dotnet-sdk-6.0-6.0.105-1.el8_6.aarch64.rpm dotnet-sdk-6.0-debuginfo-6.0.105-1.el8_6.aarch64.rpm dotnet-targeting-pack-6.0-6.0.5-1.el8_6.aarch64.rpm dotnet-templates-6.0-6.0.105-1.el8_6.aarch64.rpm dotnet6.0-debuginfo-6.0.105-1.el8_6.aarch64.rpm dotnet6.0-debugsource-6.0.105-1.el8_6.aarch64.rpm netstandard-targeting-pack-2.1-6.0.105-1.el8_6.aarch64.rpm s390x: aspnetcore-runtime-6.0-6.0.5-1.el8_6.s390x.rpm aspnetcore-targeting-pack-6.0-6.0.5-1.el8_6.s390x.rpm dotnet-6.0.105-1.el8_6.s390x.rpm dotnet-apphost-pack-6.0-6.0.5-1.el8_6.s390x.rpm dotnet-apphost-pack-6.0-debuginfo-6.0.5-1.el8_6.s390x.rpm dotnet-host-6.0.5-1.el8_6.s390x.rpm dotnet-host-debuginfo-6.0.5-1.el8_6.s390x.rpm dotnet-hostfxr-6.0-6.0.5-1.el8_6.s390x.rpm dotnet-hostfxr-6.0-debuginfo-6.0.5-1.el8_6.s390x.rpm dotnet-runtime-6.0-6.0.5-1.el8_6.s390x.rpm dotnet-runtime-6.0-debuginfo-6.0.5-1.el8_6.s390x.rpm dotnet-sdk-6.0-6.0.105-1.el8_6.s390x.rpm dotnet-sdk-6.0-debuginfo-6.0.105-1.el8_6.s390x.rpm dotnet-targeting-pack-6.0-6.0.5-1.el8_6.s390x.rpm dotnet-templates-6.0-6.0.105-1.el8_6.s390x.rpm dotnet6.0-debuginfo-6.0.105-1.el8_6.s390x.rpm dotnet6.0-debugsource-6.0.105-1.el8_6.s390x.rpm netstandard-targeting-pack-2.1-6.0.105-1.el8_6.s390x.rpm x86_64: aspnetcore-runtime-6.0-6.0.5-1.el8_6.x86_64.rpm aspnetcore-targeting-pack-6.0-6.0.5-1.el8_6.x86_64.rpm dotnet-6.0.105-1.el8_6.x86_64.rpm dotnet-apphost-pack-6.0-6.0.5-1.el8_6.x86_64.rpm dotnet-apphost-pack-6.0-debuginfo-6.0.5-1.el8_6.x86_64.rpm dotnet-host-6.0.5-1.el8_6.x86_64.rpm dotnet-host-debuginfo-6.0.5-1.el8_6.x86_64.rpm dotnet-hostfxr-6.0-6.0.5-1.el8_6.x86_64.rpm dotnet-hostfxr-6.0-debuginfo-6.0.5-1.el8_6.x86_64.rpm dotnet-runtime-6.0-6.0.5-1.el8_6.x86_64.rpm dotnet-runtime-6.0-debuginfo-6.0.5-1.el8_6.x86_64.rpm dotnet-sdk-6.0-6.0.105-1.el8_6.x86_64.rpm dotnet-sdk-6.0-debuginfo-6.0.105-1.el8_6.x86_64.rpm dotnet-targeting-pack-6.0-6.0.5-1.el8_6.x86_64.rpm dotnet-templates-6.0-6.0.105-1.el8_6.x86_64.rpm dotnet6.0-debuginfo-6.0.105-1.el8_6.x86_64.rpm dotnet6.0-debugsource-6.0.105-1.el8_6.x86_64.rpm netstandard-targeting-pack-2.1-6.0.105-1.el8_6.x86_64.rpm Red Hat CodeReady Linux Builder (v. 8): aarch64: dotnet-apphost-pack-6.0-debuginfo-6.0.5-1.el8_6.aarch64.rpm dotnet-host-debuginfo-6.0.5-1.el8_6.aarch64.rpm dotnet-hostfxr-6.0-debuginfo-6.0.5-1.el8_6.aarch64.rpm dotnet-runtime-6.0-debuginfo-6.0.5-1.el8_6.aarch64.rpm dotnet-sdk-6.0-debuginfo-6.0.105-1.el8_6.aarch64.rpm dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el8_6.aarch64.rpm dotnet6.0-debuginfo-6.0.105-1.el8_6.aarch64.rpm dotnet6.0-debugsource-6.0.105-1.el8_6.aarch64.rpm s390x: dotnet-apphost-pack-6.0-debuginfo-6.0.5-1.el8_6.s390x.rpm dotnet-host-debuginfo-6.0.5-1.el8_6.s390x.rpm dotnet-hostfxr-6.0-debuginfo-6.0.5-1.el8_6.s390x.rpm dotnet-runtime-6.0-debuginfo-6.0.5-1.el8_6.s390x.rpm dotnet-sdk-6.0-debuginfo-6.0.105-1.el8_6.s390x.rpm dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el8_6.s390x.rpm dotnet6.0-debuginfo-6.0.105-1.el8_6.s390x.rpm dotnet6.0-debugsource-6.0.105-1.el8_6.s390x.rpm x86_64: dotnet-apphost-pack-6.0-debuginfo-6.0.5-1.el8_6.x86_64.rpm dotnet-host-debuginfo-6.0.5-1.el8_6.x86_64.rpm dotnet-hostfxr-6.0-debuginfo-6.0.5-1.el8_6.x86_64.rpm dotnet-runtime-6.0-debuginfo-6.0.5-1.el8_6.x86_64.rpm dotnet-sdk-6.0-debuginfo-6.0.105-1.el8_6.x86_64.rpm dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el8_6.x86_64.rpm dotnet6.0-debuginfo-6.0.105-1.el8_6.x86_64.rpm dotnet6.0-debugsource-6.0.105-1.el8_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-23267 https://access.redhat.com/security/cve/CVE-2022-29117 https://access.redhat.com/security/cve/CVE-2022-29145 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYnw2btzjgjWX9erEAQiO/Q/9EDfVGLJ6E75Os4iZ84mphnHDYdEh7t6m aUdv9ACW973+ze8QtvxWRlJTQrSyIbhhVvgYY3MCnRChYPCDRrMf2Fq8siGJEiva 3ybp+Lt/YgxnGy+klrQeB6htaSj+NsvUhcHOxcqwXCOerwNW9DblD/TqrD9Fg7DS IveSztgA/2uZKgj2TAcgy6SFC6QlybVcQhv/DyGk7nZlI/Y1HX7bHdAJcR+1cXVc ox6p2UyV9K+a9HoVcSNIKymxyBoSFiPzZvuNu19lKSIUShwfI90wJhj2x0FxXvkf nmG8SvTSA2agiqZKVbSH/p9obtsPXcVue7lHBfUWXhqG61Su+ptt9SlsLjVN1si8 BMgJ3c2DbevzV8wdzndG1LAF1qZ/E0pgeN2NQ9ybqwQSeBTXRJmTIbZr8eG15SF/ wChv4kqoTEY/tKT6ESU0mhYP7O8aJoOsCWGNohMxCvb0Et1ovqxfXrZNEgZcS+LQ ea0gFbXutFeFugy3q6pwaViEgiJqnx26TbKEIiTAoohmPUX2spwxa6OvGWb2pRPN gtTbQI+ISCcMa7HOlXdboFQCuTSBrIe4c4z9/a8nYplapBrG8Ga8As5rZamo8YYD GZ+yyK1TqnhH2v7UEmOwrPFE6lgLGYBSljGz2Q/ldXVbcnkElEYZ3c8+cv/wX7QZ KwDrWHN07qA=mTMH -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 11, 2022
•Important
Red Hat
98
security advisorysecurity issueRed Hat Enterprise LinuxRed Hat: RHSA-2022:0513-01 Important: Firefox Security Update
An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2022:0513-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0513 Issue date: 2022-02-14 CVE Names: CVE-2022-22754 CVE-2022-22756 CVE-2022-22759 CVE-2022-22760 CVE-2022-22761 CVE-2022-22763 CVE-2022-22764 ==================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream E4S (v. 8.1) - ppc64le, x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.6.0 ESR. Security Fix(es): * Mozilla: Extensions could have bypassed permission confirmation during update (CVE-2022-22754) * Mozilla: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6 (CVE-2022-22764) * Mozilla: Drag and dropping an image could have resulted in the dropped object being an executable (CVE-2022-22756) * Mozilla: Sandboxed iframes could have executed script if the parent appended elements (CVE-2022-22759) * Mozilla: Cross-Origin responses could bedistinguished between script and non-script content-types (CVE-2022-22760) * Mozilla: frame-ancestors Content Security Policy directive was not enforced for framed extension pages (CVE-2022-22761) * Mozilla: Script Execution during invalid object state (CVE-2022-22763) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2053236 - CVE-2022-22754 Mozilla: Extensions could have bypassed permission confirmation during update 2053237 - CVE-2022-22756 Mozilla: Drag and dropping an image could have resulted in the dropped object being an executable 2053238 - CVE-2022-22760 Mozilla: Cross-Origin responses could be distinguished between script and non-script content-types 2053239 - CVE-2022-22761 Mozilla: frame-ancestors Content Security Policy directive was not enforced for framed extension pages 2053240 - CVE-2022-22763 Mozilla: Script Execution during invalid object state 2053242 - CVE-2022-22759 Mozilla: Sandboxed iframes could have executed script if the parent appended elements 2053243 - CVE-2022-22764 Mozilla: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6 6. Package List: Red Hat Enterprise Linux AppStream E4S (v. 8.1): Source: firefox-91.6.0-1.el8_1.src.rpm ppc64le: firefox-91.6.0-1.el8_1.ppc64le.rpm firefox-debuginfo-91.6.0-1.el8_1.ppc64le.rpm firefox-debugsource-91.6.0-1.el8_1.ppc64le.rpm x86_64: firefox-91.6.0-1.el8_1.x86_64.rpm firefox-debuginfo-91.6.0-1.el8_1.x86_64.rpm firefox-debugsource-91.6.0-1.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are availablefrom https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-22754 https://access.redhat.com/security/cve/CVE-2022-22756 https://access.redhat.com/security/cve/CVE-2022-22759 https://access.redhat.com/security/cve/CVE-2022-22760 https://access.redhat.com/security/cve/CVE-2022-22761 https://access.redhat.com/security/cve/CVE-2022-22763 https://access.redhat.com/security/cve/CVE-2022-22764 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYgorONzjgjWX9erEAQjyJQ/9ExPCG8hG64i67FOm4K9AuczBClFiwR47 ESt40+EcN8uC9ZNmKqfyCg1JT4lw2zyG2C9nve88qT/tloRReFZyJTWsj8o2Hzf3 xqn63effvrz0JZsOp5IUTugVc3COyFxhlECj0fQDuKXs9b4rUw3+Aoqtep6ImMme Cn+iKj5LuvB+UWKsAq133zJophsbEWpP83ZGdw1TBSOccyPGvZxPUHqf7e/Xk6hC 7uQuHKzkOZ2q7RKhz3gqdNBj4Q8q/cEftZv3H5uE9w3CltYg0ypVWKsZ0itQPClF 2Kyts+S84hnKoDtLsdyfFtqfTRfV5yN6mY3wOQYiYiQMD9Oo2QHQ4FsQWMoiAw6o jPeagtuaIGZahrsrpnW+zfY661OxLskvOlKSf72aLOkYjnYdsjfB5Cowu91WNDIJ Fe1F2e/7J0C68+fsKG1LJySJOJPPVNjCj2CfTATcnQoGhCHQDHdaxZTKUQvXHJXe J4sQl5LBxhCIiKizYUQ1EQAfrQvw6xw4yDCu3uRhoOENVhXy+1o01geVtt3xAfGi 3saxT3vDAtW84Mq4DXSan3ANGXy2pa2a+EUfiI/b6ZVXstpjnHsK7L9gr1j5/fLn itUJoRecO/QcRAUo0/czi+20/1EDe2RJK4Ai1nZ85HXCkUfbhN4nNpzKvic3H3lx p9xjRV4txjk=5AdE -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Feb 14, 2022
•Important
Red Hat
202
security advisorybug fixcritical patchopenSUSE 2021:0341-1 Moderate nghttp2 Critical Update Released Now
An update that solves one vulnerability and has one errata is now available. . openSUSE Security Update: Security update for nghttp2 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:0341-1 Rating: moderate References: #1159003 #1166481 Cross-References: CVE-2019-18802 CVSS scores: CVE-2019-18802 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-18802 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for nghttp2 fixes the following issues: nghttp2 was update to version 1.40.0 (bsc#1166481) - lib: Add nghttp2_check_authority as public API - lib: Fix the bug that stream is closed with wrong error code - lib: Faster huffman encoding and decoding - build: Avoid filename collision of static and dynamic lib - build: Add new flag ENABLE_STATIC_CRT for Windows - build: cmake: Support building nghttpx with systemd - third-party: Update neverbleed to fix memory leak - nghttpx: Fix bug that mruby is incorrectly shared between backends - nghttpx: Reconnect h1 backend if it lost connection before sending headers - nghttpx: Returns 408 if backend timed out before sending headers - nghttpx: Fix request stal This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-341=1 Package List: - openSUSE Leap 15.2 (i586 x86_64): libnghttp2-14-1.40.0-lp152.2.3.1 libnghttp2-14-debuginfo-1.40.0-lp152.2.3.1 libnghttp2-devel-1.40.0-lp152.2.3.1 libnghttp2_asio-devel-1.40.0-lp152.2.3.1 libnghttp2_asio1-1.40.0-lp152.2.3.1 libnghttp2_asio1-debuginfo-1.40.0-lp152.2.3.1 nghttp2-1.40.0-lp152.2.3.1 nghttp2-debuginfo-1.40.0-lp152.2.3.1 nghttp2-debugsource-1.40.0-lp152.2.3.1 nghttp2-python-debugsource-1.40.0-lp152.2.3.1 python3-nghttp2-1.40.0-lp152.2.3.1 python3-nghttp2-debuginfo-1.40.0-lp152.2.3.1 - openSUSE Leap 15.2 (x86_64): libnghttp2-14-32bit-1.40.0-lp152.2.3.1 libnghttp2-14-32bit-debuginfo-1.40.0-lp152.2.3.1 libnghttp2_asio1-32bit-1.40.0-lp152.2.3.1 libnghttp2_asio1-32bit-debuginfo-1.40.0-lp152.2.3.1 References: https://www.suse.com/security/cve/CVE-2019-18802.html https://bugzilla.suse.com/1159003 https://bugzilla.suse.com/1166481 . A recent openSUSE Security Update for nghttp2 addresses performance limitations with essential fixes implemented.. openSUSE Update, nghttp2 Security, Linux Bug Fixes. . LinuxSecurity.com Team
Feb 25, 2021
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!