Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 12 articles for you...
219
security advisorysoftware developmentperformance updateRocky Linux 9 RLEA-2024:1140 Node.js Enhancement Update
nodejs:18 enhancement update. {"type":"TYPE_ENHANCEMENT","shortCode":"RL","name":"RLEA-2024:1140","synopsis":"nodejs:18 enhancement update","severity":"SEVERITY_UNKNOWN","topic":"An update is available for nodejs-nodemon, nodejs-packaging, module.nodejs-packaging, module.nodejs-nodemon.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list","description":"Node.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language.\n\nEnhancement(s):\n\n* nodejs:18\/nodejs: Rebase to latest upstream version (JIRA:Rocky Linux-21438)","solution":null,"affectedProducts":["Rocky Linux 9"],"fixes":[],"cves":[],"references":[],"publishedAt":"2025-05-07T19:13:09.903227Z","rpms":{"Rocky Linux 9":{"nvras":["nodejs-nodemon-0:3.0.1-1.module+el9.5.0+31785+5534beb0.noarch.rpm","nodejs-nodemon-0:3.0.1-1.module+el9.5.0+31770+0da7192d.noarch.rpm","nodejs-nodemon-0:3.0.1-1.module+el9.5.0+31770+0da7192d.src.rpm","nodejs-nodemon-0:3.0.1-1.module+el9.5.0+31785+5534beb0.src.rpm","nodejs-packaging-0:2021.06-4.module+el9.5.0+31786+d18c719d.noarch.rpm","nodejs-packaging-0:2021.06-4.module+el9.5.0+31770+0da7192d.noarch.rpm","nodejs-packaging-0:2021.06-4.module+el9.5.0+31785+5534beb0.noarch.rpm","nodejs-packaging-0:2021.06-4.module+el9.5.0+31785+5534beb0.src.rpm","nodejs-packaging-0:2021.06-4.module+el9.5.0+31786+d18c719d.src.rpm","nodejs-packaging-0:2021.06-4.module+el9.5.0+31770+0da7192d.src.rpm","nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+31785+5534beb0.noarch.rpm","nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+31770+0da7192d.noarch.rpm","nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+31786+d18c719d.noarch.rpm"]}},"rebootSuggested":false,"buildReferences":[]}. An important Node.js update for Rocky Linux 9 has been released, boosting performance and unveiling innovative functionalities.. Rocky Linux, Node.js, enhancementupdate, software development. . LinuxSecurity.com Team
May 07, 2025
Rocky Linux
89
security advisoryintrusion detectionFedoraFedora 41: 2025-5fa61dc843 critical: Suricata startup issue resolved
This is an extra release to address a critical issue in 7.0.9 affecting AF_PACKET users: setting a BPF would cause Suricata to fail to start up. This has been fixed. Various security, performance, accuracy, and stability issues have been fixed. LibHTP has been updated to version 0.5.50 which is bundled with this new. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-5fa61dc843 2025-04-03 01:35:58.156027+00:00 -------------------------------------------------------------------------------- Name : suricata Product : Fedora 41 Version : 7.0.10 Release : 1.fc41 URL : Summary : Intrusion Detection System Description : The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic Protocol Detection (IP, TCP, UDP, ICMP, HTTP, TLS, FTP and SMB! ), Gzip Decompression, Fast IP Matching, and GeoIP identification. -------------------------------------------------------------------------------- Update Information: This is an extra release to address a critical issue in 7.0.9 affecting AF_PACKET users: setting a BPF would cause Suricata to fail to start up. This has been fixed. Various security, performance, accuracy, and stability issues have been fixed. LibHTP has been updated to version 0.5.50 which is bundled with this new release. This fixes: CVE-2025-29915: HIGH CVE-2025-29917: HIGH CVE-2025-29918: HIGH CVE-2025-29916: Moderate -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 25 2025 Steve Grubb 7.0.10-1 - New bugfix release * Tue Mar 18 2025 Steve Grubb 7.0.9-1 - New security and bugfix release * Tue Feb 11 2025 Zbigniew JÄdrzejewski-Szmek - 7.0.8-3 - Add sysusers.d config file to allow rpm to create users/groupsautomatically * Sun Jan 19 2025 Fedora Release Engineering - 7.0.8-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-5fa61dc843' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- . Tackling significant challenges in Fedora 41's Suricata by enhancing efficiency and implementing security updates to ensure reliability and robustness.. Fedora Suricata Update, Intrusion Detection System, Performance Improvements, Security Fixes. . Severity: Critical. LinuxSecurity.com Team
Apr 03, 2025
•Critical
Fedora
89
security advisoryfedoraperformance updateFedora 38: 2024-0d4d9925a2 Moderate: golang-github-tdewolff-minify DoS
Update to latest version Security fix for CVE-2023-39325. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-0d4d9925a2 2024-03-07 01:49:42.076811 -------------------------------------------------------------------------------- Name : golang-github-tdewolff-minify Product : Fedora 38 Version : 2.20.18 Release : 1.fc38 URL : https://github.com/tdewolff/minify Summary : Go minifiers for web formats Description : Minify is a minifier package written in Go. It provides HTML5, CSS3, JS, JSON, SVG and XML minifiers and an interface to implement any other minifier. Minification is the process of removing bytes from a file (such as whitespace) without changing its output and therefore shrinking its size and speeding up transmission over the internet and possibly parsing. The implemented minifiers are designed for high performance. The core functionality associates mimetypes with minification functions, allowing embedded resources (like CSS or JS within HTML files) to be minified as well. Users can add new implementations that are triggered based on a mimetype (or pattern), or redirect to an external command (like ClosureCompiler, UglifyCSS, ...). -------------------------------------------------------------------------------- Update Information: Update to latest version Security fix for CVE-2023-39325 -------------------------------------------------------------------------------- ChangeLog: * Tue Feb 27 2024 Elliott Sales de Andrade - 2.20.18-1 - Update to latest version (#2245375) * Sun Feb 11 2024 Maxwell G - 2.12.9-4 - Rebuild for golang 1.22.0 * Wed Jan 24 2024 Fedora Release Engineering - 2.12.9-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sat Jan 20 2024 Fedora Release Engineering - 2.12.9-2 - Rebuilt forhttps://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2245375 - golang-github-tdewolff-minify-2.20.18 is available https://bugzilla.redhat.com/show_bug.cgi?id=2245375 [ 2 ] Bug #2246794 - golang-github-tdewolff-parse-2.7.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=2246794 [ 3 ] Bug #2248340 - golang-github-tdewolff-minify: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2248340 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-0d4d9925a2' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Mar 07, 2024
Fedora
100
security advisorysoftware patchimportantSUSE: 2023:4136-1 Important: suse-module-tools Security Issue
* bsc#1205767 * bsc#1210335 * jsc#PED-5731 Cross-References: . # Security update for suse-module-tools Announcement ID: SUSE-SU-2023:4136-1 Rating: important References: * bsc#1205767 * bsc#1210335 * jsc#PED-5731 Cross-References: * CVE-2023-1829 * CVE-2023-23559 CVSS scores: * CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23559 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L * CVE-2023-23559 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities and contains one feature can now be installed. ## Description: This update for suse-module-tools fixes the following issues: * Update to version 15.5.3: * CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier module (bsc#1210335). * CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules (bsc#1205767, jsc#PED-5731). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4136=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4136=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * suse-module-tools-15.5.3-150500.3.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * suse-module-tools-15.5.3-150500.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1829.html * https://www.suse.com/security/cve/CVE-2023-23559.html *https://bugzilla.suse.com/show_bug.cgi?id=1205767 * https://bugzilla.suse.com/show_bug.cgi?id=1210335 * . Enhances the ubuntu-package-tools to remediate significant security flaws, safeguarding system stability and operational effectiveness.. SUSE Module Tools Update, Linux Kernel Security, SUSE Security Advisory. . Severity: Important. LinuxSecurity.com Team
Oct 19, 2023
•Important
SuSE
219
security advisorybug fixenhancementRocky Linux 9: RLEA-2023:3727 Microcode_ctl Bug Fix And Enhancement
microcode_ctl bug fix and enhancement update . {"type":"TYPE_ENHANCEMENT","shortCode":"RL","name":"RLEA-2023:3727","synopsis":"microcode_ctl bug fix and enhancement update","severity":"SEVERITY_UNKNOWN","topic":"An update is available for microcode_ctl.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list","description":"The microcode_ctl packages provide microcode updates for Intel processors.\n\nBug Fix(es) and Enhancement(s):\n\n* Update Intel CPU microcode to microcode-20230214 release, which addresses CVE-2022-21216, CVE-2022-33196, CVE-2022-33972, and CVE-2022-38090. (BZ#2171236, BZ#2171261)","solution":null,"affectedProducts":["Rocky Linux 9"],"fixes":[],"cves":[],"references":[],"publishedAt":"2023-08-31T16:55:39.127366Z","rpms":{"Rocky Linux 9":{"nvras":["microcode_ctl-4:20220809-2.20230214.1.el9_2.noarch.rpm","microcode_ctl-4:20220809-2.20230214.1.el9_2.src.rpm"]}},"rebootSuggested":false,"buildReferences":[]} . Rocky Linux upgrades microcode_ctl to resolve issues and improve efficiency seamlessly.. Rocky Linux Microcode Update, Bug Fix, Intel CPU Enhancements. . LinuxSecurity.com Team
Aug 31, 2023
Rocky Linux
89
security advisorycritical issuefedoraFedora 36: FEDORA-2023-3ec32f6d4e Critical: Rust-Pore Performance Fix
This update contains rebuilds of all Rust applications against versions of the libgit2-sys crate that ship fixes for CVE-2022-24765 and CVE-2022-29187 in the bundled copies of libgit2. ---- Updates `pore` to 0.1.8 - Speed up `update_remote_refs` - Fall back to `/etc/pore.toml` if it exists.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-3ec32f6d4e 2023-01-31 01:36:42.599757 --------------------------------------------------------------------------------Name : rust-pore Product : Fedora 36 Version : 0.1.8 Release : 2.fc36 URL : Summary : Performance oriented reimplementation of repo Description : Performance oriented reimplementation of repo. --------------------------------------------------------------------------------Update Information: This update contains rebuilds of all Rust applications against versions of the libgit2-sys crate that ship fixes for CVE-2022-24765 and CVE-2022-29187 in the bundled copies of libgit2. ---- Updates `pore` to 0.1.8 - Speed up `update_remote_refs` - Fall back to `/etc/pore.toml` if it exists. --------------------------------------------------------------------------------ChangeLog: * Sat Jan 28 2023 Fabio Valentini - 0.1.8-2 - Rebuild for CVE-2022-24765 and CVE-2022-29187 in libgit2 * Fri Jan 27 2023 Michel Alexandre Salim - 0.1.8-1 - Update to 0.1.8 * Sat Jan 21 2023 Fedora Release Engineering - 0.1.6-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #2163592 - rust-pore-0.1.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=2163592 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-3ec32f6d4e' at the command line. For more information, refer to the dnfdocumentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jan 31, 2023
•Critical
Fedora
217
security advisorysecurity issuebug fixOracle Linux 8 ELSA-2022-7012 Moderate: Java-11-OpenJDK Security Fix
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2022-7012 https://linux.oracle.com/errata/ELSA-2022-7012.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable LinuxNetwork: x86_64: java-11-openjdk-11.0.17.0.8-2.el8_6.x86_64.rpm java-11-openjdk-demo-11.0.17.0.8-2.el8_6.x86_64.rpm java-11-openjdk-devel-11.0.17.0.8-2.el8_6.x86_64.rpm java-11-openjdk-headless-11.0.17.0.8-2.el8_6.x86_64.rpm java-11-openjdk-javadoc-11.0.17.0.8-2.el8_6.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.17.0.8-2.el8_6.x86_64.rpm java-11-openjdk-jmods-11.0.17.0.8-2.el8_6.x86_64.rpm java-11-openjdk-src-11.0.17.0.8-2.el8_6.x86_64.rpm java-11-openjdk-static-libs-11.0.17.0.8-2.el8_6.x86_64.rpm java-11-openjdk-demo-fastdebug-11.0.17.0.8-2.el8_6.x86_64.rpm java-11-openjdk-demo-slowdebug-11.0.17.0.8-2.el8_6.x86_64.rpm java-11-openjdk-devel-fastdebug-11.0.17.0.8-2.el8_6.x86_64.rpm java-11-openjdk-devel-slowdebug-11.0.17.0.8-2.el8_6.x86_64.rpm java-11-openjdk-fastdebug-11.0.17.0.8-2.el8_6.x86_64.rpm java-11-openjdk-headless-fastdebug-11.0.17.0.8-2.el8_6.x86_64.rpm java-11-openjdk-headless-slowdebug-11.0.17.0.8-2.el8_6.x86_64.rpm java-11-openjdk-jmods-fastdebug-11.0.17.0.8-2.el8_6.x86_64.rpm java-11-openjdk-jmods-slowdebug-11.0.17.0.8-2.el8_6.x86_64.rpm java-11-openjdk-slowdebug-11.0.17.0.8-2.el8_6.x86_64.rpm java-11-openjdk-src-fastdebug-11.0.17.0.8-2.el8_6.x86_64.rpm java-11-openjdk-src-slowdebug-11.0.17.0.8-2.el8_6.x86_64.rpm java-11-openjdk-static-libs-fastdebug-11.0.17.0.8-2.el8_6.x86_64.rpm java-11-openjdk-static-libs-slowdebug-11.0.17.0.8-2.el8_6.x86_64.rpm aarch64: java-11-openjdk-11.0.17.0.8-2.el8_6.aarch64.rpm java-11-openjdk-demo-11.0.17.0.8-2.el8_6.aarch64.rpm java-11-openjdk-devel-11.0.17.0.8-2.el8_6.aarch64.rpm java-11-openjdk-headless-11.0.17.0.8-2.el8_6.aarch64.rpm java-11-openjdk-javadoc-11.0.17.0.8-2.el8_6.aarch64.rpm java-11-openjdk-javadoc-zip-11.0.17.0.8-2.el8_6.aarch64.rpm java-11-openjdk-jmods-11.0.17.0.8-2.el8_6.aarch64.rpm java-11-openjdk-src-11.0.17.0.8-2.el8_6.aarch64.rpm java-11-openjdk-static-libs-11.0.17.0.8-2.el8_6.aarch64.rpm java-11-openjdk-demo-fastdebug-11.0.17.0.8-2.el8_6.aarch64.rpm java-11-openjdk-demo-slowdebug-11.0.17.0.8-2.el8_6.aarch64.rpm java-11-openjdk-devel-fastdebug-11.0.17.0.8-2.el8_6.aarch64.rpm java-11-openjdk-devel-slowdebug-11.0.17.0.8-2.el8_6.aarch64.rpm java-11-openjdk-fastdebug-11.0.17.0.8-2.el8_6.aarch64.rpm java-11-openjdk-headless-fastdebug-11.0.17.0.8-2.el8_6.aarch64.rpm java-11-openjdk-headless-slowdebug-11.0.17.0.8-2.el8_6.aarch64.rpm java-11-openjdk-jmods-fastdebug-11.0.17.0.8-2.el8_6.aarch64.rpm java-11-openjdk-jmods-slowdebug-11.0.17.0.8-2.el8_6.aarch64.rpm java-11-openjdk-slowdebug-11.0.17.0.8-2.el8_6.aarch64.rpm java-11-openjdk-src-fastdebug-11.0.17.0.8-2.el8_6.aarch64.rpm java-11-openjdk-src-slowdebug-11.0.17.0.8-2.el8_6.aarch64.rpm java-11-openjdk-static-libs-fastdebug-11.0.17.0.8-2.el8_6.aarch64.rpm java-11-openjdk-static-libs-slowdebug-11.0.17.0.8-2.el8_6.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol8/SRPMS-updates/java-11-openjdk-11.0.17.0.8-2.el8_6.src.rpm Related CVEs: CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-39399 Description of changes: [1:11.0.17.0.8-2] - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 - Update CLDR data with Europe/Kyiv (JDK-8293834) - Drop JDK-8292223 patch which we found to be unnecessary - Update TestTranslations.java to use public API based on TimeZoneNamesTest upstream - Related: rhbz#2133695 [1:11.0.17.0.8-1] - Update to jdk-11.0.17+8 (GA) - Update release notes to 11.0.17+8 - Switch to GA mode for release - Resolves: rhbz#2133695 [1:11.0.17.0.7-0.1.ea] - Update to jdk-11.0.17+7 - Update release notes to 11.0.17+7 - Resolves: rhbz#2131863 [1:11.0.17.0.1-0.1.ea] - Update to jdk-11.0.17+1 - Update release notes to 11.0.17+1 - Switch to EA mode for 11.0.17 pre-release builds. - Related: rhbz#2131863 _______________________________________________ El-errata mailing list
Oct 21, 2022
Oracle
203
security advisorysecurity issueDoSMageia 8 MGASA-2022-0361 Urgent: Unbound Non-Responsive Delegation DoS
Non-Responsive Delegation Attack. (CVE-2022-3204) Improves performance when under load, by cutting promiscuous queries for nameserver discovery and limiting the number of times a delegation point can look in the cache for missing records. . MGASA-2022-0361 - Updated unbound packages fix security vulnerability Publication date: 08 Oct 2022 URL: https://advisories.mageia.org/MGASA-2022-0361.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-3204 Non-Responsive Delegation Attack. (CVE-2022-3204) Improves performance when under load, by cutting promiscuous queries for nameserver discovery and limiting the number of times a delegation point can look in the cache for missing records. References: - https://bugs.mageia.org/show_bug.cgi?id=30876 - https://github.com/NLnetLabs/unbound/releases/tag/release-1.16.3 - https://www.cve.org/CVERecord?id=CVE-2022-3204 SRPMS: - 8/core/unbound-1.16.3-1.mga8 . The MGASA-2022-0361 advisory addresses a critical unbound security vulnerability, enhancing the security and performance of Mageia systems by mitigating potential risks. Unbound, Security Patch, Mageia Updates. . Severity: Important. LinuxSecurity.com Team
Oct 08, 2022
•Important
Mageia
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!