Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 3 articles for you...
100
security advisorySUSEpolkitopenSUSE Leap 15.4: 2024:0010-1 moderate: explore polkit permission changes
* bsc#1209282 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 . # Security update for polkit Announcement ID: SUSE-SU-2024:0010-1 Rating: moderate References: * bsc#1209282 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one security fix can now be installed. ## Description: This update for polkit fixes the following issues: * Change permissions for rules folders (bsc#1209282) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2024-10=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2024-10=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2024-10=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-10=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-10=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-10=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-10=1 * Basesystem Module 15-SP4 zypperin -t patch SUSE-SLE-Module-Basesystem-15-SP4-2024-10=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-10=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-10=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-10=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libpolkit0-0.116-150200.3.12.1 * polkit-debugsource-0.116-150200.3.12.1 * polkit-0.116-150200.3.12.1 * libpolkit0-debuginfo-0.116-150200.3.12.1 * polkit-debuginfo-0.116-150200.3.12.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libpolkit0-0.116-150200.3.12.1 * polkit-debugsource-0.116-150200.3.12.1 * polkit-0.116-150200.3.12.1 * libpolkit0-debuginfo-0.116-150200.3.12.1 * polkit-debuginfo-0.116-150200.3.12.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libpolkit0-0.116-150200.3.12.1 * polkit-debugsource-0.116-150200.3.12.1 * typelib-1_0-Polkit-1_0-0.116-150200.3.12.1 * polkit-0.116-150200.3.12.1 * libpolkit0-debuginfo-0.116-150200.3.12.1 * polkit-devel-debuginfo-0.116-150200.3.12.1 * polkit-debuginfo-0.116-150200.3.12.1 * polkit-devel-0.116-150200.3.12.1 * openSUSE Leap 15.4 (x86_64) * libpolkit0-32bit-debuginfo-0.116-150200.3.12.1 * libpolkit0-32bit-0.116-150200.3.12.1 * openSUSE Leap 15.4 (noarch) * polkit-doc-0.116-150200.3.12.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libpolkit0-0.116-150200.3.12.1 * polkit-debugsource-0.116-150200.3.12.1 * polkit-0.116-150200.3.12.1 * libpolkit0-debuginfo-0.116-150200.3.12.1 * polkit-debuginfo-0.116-150200.3.12.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libpolkit0-0.116-150200.3.12.1 * polkit-debugsource-0.116-150200.3.12.1 * polkit-0.116-150200.3.12.1 * libpolkit0-debuginfo-0.116-150200.3.12.1 * polkit-debuginfo-0.116-150200.3.12.1 * SUSE Linux Enterprise Micro forRancher 5.4 (aarch64 s390x x86_64) * libpolkit0-0.116-150200.3.12.1 * polkit-debugsource-0.116-150200.3.12.1 * polkit-0.116-150200.3.12.1 * libpolkit0-debuginfo-0.116-150200.3.12.1 * polkit-debuginfo-0.116-150200.3.12.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libpolkit0-0.116-150200.3.12.1 * polkit-debugsource-0.116-150200.3.12.1 * polkit-0.116-150200.3.12.1 * libpolkit0-debuginfo-0.116-150200.3.12.1 * polkit-debuginfo-0.116-150200.3.12.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libpolkit0-0.116-150200.3.12.1 * polkit-debugsource-0.116-150200.3.12.1 * typelib-1_0-Polkit-1_0-0.116-150200.3.12.1 * polkit-0.116-150200.3.12.1 * libpolkit0-debuginfo-0.116-150200.3.12.1 * polkit-devel-debuginfo-0.116-150200.3.12.1 * polkit-debuginfo-0.116-150200.3.12.1 * polkit-devel-0.116-150200.3.12.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libpolkit0-0.116-150200.3.12.1 * polkit-debugsource-0.116-150200.3.12.1 * polkit-0.116-150200.3.12.1 * libpolkit0-debuginfo-0.116-150200.3.12.1 * polkit-debuginfo-0.116-150200.3.12.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libpolkit0-0.116-150200.3.12.1 * polkit-debugsource-0.116-150200.3.12.1 * polkit-0.116-150200.3.12.1 * libpolkit0-debuginfo-0.116-150200.3.12.1 * polkit-debuginfo-0.116-150200.3.12.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libpolkit0-0.116-150200.3.12.1 * polkit-debugsource-0.116-150200.3.12.1 * polkit-0.116-150200.3.12.1 * libpolkit0-debuginfo-0.116-150200.3.12.1 * polkit-debuginfo-0.116-150200.3.12.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209282 . An updated polkit implementation improves permission management across various SUSE Linux distributions, impacting the Basesystem Module along with openSUSE Leap.. polkit patch, SUSE update, permission fix, openSUSE security, Linux administration. .LinuxSecurity.com Team
Jan 02, 2024
SuSE
89
security advisoryFedoramoderate severityFedora 39: 2023-4f0bb4ff5e Moderate: Ruby On Rails Permission Issue
Ruby on Rails security upgrade: - Versions-7-0-7-2-6-1-7-6-have-been-released - incorrect file permissions on encrypted files. Exploit not known.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-4f0bb4ff5e 2023-09-15 18:36:13.240099 -------------------------------------------------------------------------------- Name : rubygem-rails Product : Fedora 39 Version : 7.0.7.2 Release : 1.fc39 URL : https://rubyonrails.org/ Summary : Full-stack web application framework Description : Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration. -------------------------------------------------------------------------------- Update Information: Ruby on Rails security upgrade: - Versions-7-0-7-2-6-1-7-6-have-been-released - incorrect file permissions on encrypted files. Exploit not known. -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 28 2023 Pavel Valena - 1:7.0.7.2-1 - Update to rails 7.0.7.2. Resolves: rhbz#2230758 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-4f0bb4ff5e' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Sep 15, 2023
Fedora
89
security advisorysecurity updateFedoraFedora 37 FEDORA-2022-dedbb92a08 Severe: OpenJDK 8 Updates
# New in release OpenJDK 8u352 (2022-10-18) * [Release announcement](https://mail.openjdk.org/pipermail/jdk8u-dev/2022-October/015706.html) * [Full release notes](https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u352.html) ## Security Fixes * JDK-8282252: Improve BigInteger/Decimal validation * JDK-8285662: Better permission resolution * JDK-8286511: Improve. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-dedbb92a08 2022-11-10 22:04:44.634216 --------------------------------------------------------------------------------Name : java-1.8.0-openjdk Product : Fedora 37 Version : 1.8.0.352.b08 Release : 2.fc37 URL : https://openjdk.org/ Summary : OpenJDK 8 Runtime Environment Description : The OpenJDK 8 runtime environment. --------------------------------------------------------------------------------Update Information: # New in release OpenJDK 8u352 (2022-10-18) * [Release announcement](https://mail.openjdk.org/pipermail/jdk8u-dev/2022-October/015706.html) * [Full release notes](https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u352.html) ## Security Fixes * JDK-8282252: Improve BigInteger/Decimal validation * JDK-8285662: Better permission resolution * JDK-8286511: Improve macro allocation * JDK-8286519: Better memory handling * JDK-8286526, CVE-2022-21619: Improve NTLM support * JDK-8286533, CVE-2022-21626: Key X509 usages * JDK-8286910, CVE-2022-21624: Improve JNDI lookups * JDK-8286918, CVE-2022-21628: Better HttpServer service * JDK-8288508: Enhance ECDSA usage ## Major Changes ### [JDK-8201793](https://bugs.openjdk.org/browse/JDK-8201793): (ref) Reference object should not support cloning `java.lang.ref.Reference::clone` method always throws `CloneNotSupportedException`. `Reference` objects cannot be meaningfully cloned. To create a new Reference object, call the constructor to create a `Reference` object with the same referent andreference queue instead. ### [JDK-8175797](https://bugs.openjdk.org/browse/JDK-8175797): (ref) Reference::enqueue method should clear the reference object before enqueuing `java.lang.ref.Reference.enqueue` method clears the reference object before it is added to the registered queue. When the `enqueue` method is called, the reference object is cleared and `get()` method will return null in OpenJDK 8u352. Typically when a reference object is enqueued, it is expected that the reference object is cleared explicitly via the `clear` method to avoid memory leak because its referent is no longer referenced. In other words the `get` method is expected not to be called in common cases once the `enqueue`method is called. In the case when the `get` method from an enqueued reference object and existing code attempts to access members of the referent, `NullPointerException` may be thrown. Such code will need to be updated. ### [JDK-8071507](https://bugs.openjdk.org/browse/JDK-8071507): (ref) Clear phantom reference as soft and weak references do This enhancement changes phantom references to be automatically cleared by the garbage collector as soft and weak references. An object becomes phantom reachable after it has been finalized. This change may cause the phantom reachable objects to be GC'ed earlier -previously the referent is kept alive until PhantomReference objects are GC'ed or cleared by the application. This potential behavioral change might only impact existing code that would depend on PhantomReference being enqueued rather than when the referent be freed from the heap. ### JDK-8286918: Better HttpServer service The HttpServer can be optionally configured with a maximum connection limit by setting the `jdk.httpserver.maxConnections` system property. A value of `0` or a negative integer is ignored and considered to represent no connection limit. In the case of a positive integer value, any newly accepted connections will be first checked against the current count ofestablished connections and, if the configured limit has been reached, then the newly accepted connection will be closed immediately. ### [JDK-8282859](https://bugs.openjdk.org/browse/JDK-8282859): Enable TLSv1.3 by Default on JDK 8 for Client Roles The TLSv1.3 implementation is now enabled by default for client roles in 8u352. It has been enabled by default for server roles since 8u272. Note that TLS 1.3 is not directly compatible with previous versions. Enabling it on the client may introduce compatibility issues on either the server or the client side. Here are some more details on potential compatibility issues that you should be aware of: * TLS 1.3 uses a half-close policy, while TLS 1.2 and prior versions use a duplex-close policy. For applications that depend on the duplex-close policy, there may be compatibility issues when upgrading to TLS 1.3. * The signature_algorithms_cert extension requires that pre-defined signature algorithms are used for certificate authentication. In practice, however, an application may use non-supported signature algorithms. * The DSA signature algorithm is not supported in TLS 1.3. If a server is configured to only use DSA certificates, it cannot upgrade to TLS 1.3. * The supported cipher suites for TLS 1.3 are not the same as TLS 1.2 and prior versions. If an application hard-codes cipher suites which are no longer supported, it may not be able to use TLS 1.3 without modifying the application code. * The TLS 1.3 session resumption and key update behaviors are different from TLS 1.2 and prior versions. The compatibility should be minimal, but it could be a risk if an application depends on the handshake details of the TLS protocols. The TLS 1.3 protocol can be disabled by using the jdk.tls.client.protocols system property: ~~~ java -Djdk.tls.client.protocols="TLSv1.2" ... ~~~ Alternatively, an application can explicitly set the enabled protocols with the javax.net.ssl APIs e.g. ~~~sslSocket.setEnabledProtocols(new String[] {"TLSv1.2"}); ~~~ or: ~~~ SSLParameters params = sslSocket.getSSLParameters(); params.setProtocols(new String[] {"TLSv1.2"}); sslSocket.setSSLParameters(params); ~~~ --------------------------------------------------------------------------------ChangeLog: * Wed Oct 19 2022 Andrew Hughes - 1:1.8.0.352.b08-1 - Update to shenandoah-jdk8u352-b08 (GA) - Update release notes for shenandoah-8u352-b08. - Switch to GA mode for final release. * Sun Oct 16 2022 Andrew Hughes - 1:1.8.0.352.b07-0.2.ea - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 - Add test to ensure timezones can be translated * Wed Oct 12 2022 Andrew Hughes - 1:1.8.0.352.b07-0.1.ea - Update to shenandoah-jdk8u352-b07 (EA) - Update release notes for shenandoah-8u352-b07. - Switch to EA mode for 8u352 pre-release builds. - Rebase FIPS patch against 8u352-b07 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-dedbb92a08' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Nov 10, 2022
Fedora
202
security advisorymoderate severityopenSUSEopenSUSE Leap 15.2: Security Update for WireGuard Tools - Moderate Severity
An update that contains security fixes can now be installed. . openSUSE Security Update: Security update for wireguard-tools ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:1425-1 Rating: moderate References: #1191224 Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for wireguard-tools fixes the following issues: - Removed world-readable permissions from /etc/wireguard (bsc#1191224) This update was imported from the SUSE:SLE-15-SP2:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-1425=1 Package List: - openSUSE Leap 15.2 (x86_64): wireguard-tools-1.0.20200827-lp152.2.6.1 wireguard-tools-debuginfo-1.0.20200827-lp152.2.6.1 wireguard-tools-debugsource-1.0.20200827-lp152.2.6.1 References: https://bugzilla.suse.com/1191224 . The wireguard-tools package has been revised to address significant security vulnerabilities and adjust permission configurations within openSUSE Leap 15.2.. openSUSE Security Update, WireGuard Tools Fixes, System Security Patch. . LinuxSecurity.com Team
Oct 31, 2021
OpenSUSE
202
security advisorymoderateupdateopenSUSE 15.3: 2021:3527-1 Moderate: Wireguard-Tools Permission Issue
An update that contains security fixes can now be installed. . openSUSE Security Update: Security update for wireguard-tools ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:3527-1 Rating: moderate References: #1191224 Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for wireguard-tools fixes the following issues: - Removed world-readable permissions from /etc/wireguard (bsc#1191224) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-3527=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): wireguard-tools-1.0.20200827-5.9.1 wireguard-tools-debuginfo-1.0.20200827-5.9.1 wireguard-tools-debugsource-1.0.20200827-5.9.1 References: https://bugzilla.suse.com/1191224 . New update released for wireguard-tools on openSUSE to address security concerns related to accessible permissions.. openSUSE Security Update,wiring tools fix,permission configuration. . LinuxSecurity.com Team
Oct 26, 2021
OpenSUSE
100
security advisoryimportantlibxml2 updateSUSE: 2021:252-1 Important Security Update for SUSE/SLE15 Containers
The container suse/sle15 was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:252-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.17.5.1 Container Release : 17.5.1 Severity : important Type : security References : 1029961 1106014 1153687 1161276 1178577 1178624 1178675 1180851 1180851 1181443 1181874 1181874 1182016 1182372 1182899 1182936 1182936 1183064 1183268 1183589 1183628 1183628 1184326 1184358 1184399 1184435 1184614 1184997 1184997 1184997 1185163 1185239 1185239 1185325 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185562 1185698 1186015 1186114 1186642 CVE-2021-22898 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 CVE-2021-3541 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after freein xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1526-1 Released: Thu May 6 08:57:30 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Addmissing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname(bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1762-1 Released: Wed May 26 12:30:01 2021 Summary: Security update for curl Type: security Severity: moderate References: 1186114,CVE-2021-22898 This update for curl fixes the following issues: - CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114). - Allow partial chain verification [jsc#SLE-17956] * Have intermediate certificates in the trust store be treated as trust-anchors, in the same way as self-signed root CA certificates are. This allows users to verify servers using the intermediate cert only, instead of needing the whole chain. * Set FLAG_TRUSTED_FIRST unconditionally. * Do not check partial chains with CRL check. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1825-1 Released: Tue Jun 1 16:24:01 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: -CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1833-1 Released: Wed Jun 2 15:32:28 2021 Summary: Recommended update for zypper Type: recommended Severity: moderate References: 1153687,1180851,1181874,1182372,1182936,1183268,1183589,1183628,1184997,1185239 This update for zypper fixes the following issues: zypper was upgraded to 1.14.44: - man page: Recommend the needs-rebooting command to test whether a system reboot is suggested. - patch: Let a patch's reboot-needed flag overrule included packages. (bsc#1183268) - Quickfix setting 'openSUSE_Tumbleweed' as default platform for 'MicroOS'. (bsc#1153687) - Protect against strict/relaxed user umask via sudo. (bsc#1183589) - xml summary: Add solvables repository alias. (bsc#1182372) libzypp was upgraded from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1861-1 Released: Fri Jun 4 09:59:40 2021 Summary: Recommended update for gcc10 Type: recommended Severity: moderate References: 1029961,1106014,1178577,1178624,1178675,1182016 This update for gcc10 fixes the following issues: - Disable nvptx offloading for aarch64 again since it doesn't work - Fixed a build failure issue. (bsc#1182016) - Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577) - Fix 32bit 'libgnat.so' link.(bsc#1178675) - prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961) - Build complete set of multilibs for arm-none target. (bsc#1106014) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1879-1 Released: Tue Jun 8 09:16:09 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1184326,1184399,1184997,1185325 This update for libzypp, zypper fixes the following issues: libzypp was updated to 17.26.0: - Work around download.o.o broken https redirects. - Allow trusted repos to add additional signing keys (bsc#1184326) Repositories signed with a trusted gpg key may import additional package signing keys. This is needed if different keys were used to sign the the packages shipped by the repository. - MediaCurl: Fix logging of redirects. - Use 15.3 resolver problem and solution texts on all distros. - $ZYPP_LOCK_TIMEOUT: Let negative values wait forever for the zypp lock (bsc#1184399) Helps boot time services like 'zypper purge-kernels' to wait for the zypp lock until other services using zypper have completed. - Fix purge-kernels is broken in Leap 15.3 (bsc#1185325) Leap 15.3 introduces a new kernel package called kernel-flavour-extra, which contain kmp's. Currently kmp's are detected by name '.*-kmp(-.*)?' but this does not work which those new packages. This patch fixes the problem by checking packages for kmod(*) and ksym(*) provides and only falls back to name checking if the package in question does not provide one of those. - Introduce zypp-runpurge, a tool to run purge-kernels on testcases. zypper was updated to 1.14.45: - Fix service detection with cgroupv2 (bsc#1184997) - Add hints to 'trust GPG key' prompt. - Add report when receiving new package signing keys from a trusted repo (bsc#1184326) - Added translation using Weblate (Kabyle) ----------------------------------------------------------------- Advisory ID:SUSE-SU-2021:1917-1 Released: Wed Jun 9 14:48:05 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1186015,CVE-2021-3541 This update for libxml2 fixes the following issues: - CVE-2021-3541: Fixed exponential entity expansion attack bypasses all existing protection mechanisms. (bsc#1186015) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1937-1 Released: Thu Jun 10 10:47:09 2021 Summary: Recommended update for nghttp2 Type: recommended Severity: moderate References: 1186642 This update for nghttp2 fixes the following issue: - The (lib)nghttp2 packages had a lower release number in SUSE Linux Enterprise 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) . Recent updates for suse/sle15 containers include essential security patches for major vulnerabilities in libraries like libcurl, libxml2, and lz4, as well as permission adjustments. SUSE Container Update, suse/sle15, security fixes, libxml2 updates, advisory. . Severity: Important. LinuxSecurity.com Team
Jun 17, 2021
•Important
SuSE
89
security advisorymoderateupdateFedora 33: FEDORA-2021-93911302d6 Moderate: x11vnc Permissions Issue
This release fixes an insecure permissins of shared memory semgentes created by an x11vnc server. Previously the segments were readable and writable for any local user. Now they are accessible only to the user who executed the x11vnc server.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-93911302d6 2021-03-10 00:41:43.224833 --------------------------------------------------------------------------------Name : x11vnc Product : Fedora 33 Version : 0.9.16 Release : 5.fc33 URL : https://github.com/LibVNC/x11vnc Summary : VNC server for the current X11 session Description : What WinVNC is to Windows x11vnc is to X Window System, i.e. a server which serves the current X Window System desktop via RFB (VNC) protocol to the user. Based on the ideas of x0rfbserver and on LibVNCServer it has evolved into a versatile and productive while still easy to use program. --------------------------------------------------------------------------------Update Information: This release fixes an insecure permissins of shared memory semgentes created by an x11vnc server. Previously the segments were readable and writable for any local user. Now they are accessible only to the user who executed the x11vnc server. --------------------------------------------------------------------------------ChangeLog: * Mon Mar 1 2021 Petr Pisar - 0.9.16-5 - Fix CVE-2020-29074 (insecure permissions on a shared memory) (bug #1933603) --------------------------------------------------------------------------------References: [ 1 ] Bug #1933602 - CVE-2020-29074 x11vnc: insecure permissions on shm https://bugzilla.redhat.com/show_bug.cgi?id=1933602 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-93911302d6' at the command line. For more information, refer to the dnfdocumentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Mar 09, 2021
Fedora
87
security advisorycriticaldebianDebian: DSA-4850-1 Critical: World-Readable Permissions in Libzstd
It was discovered that zstd, a compression utility, temporarily exposed a world-readable version of its input even if the original file had restrictive permissions. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-4850-1
Feb 10, 2021
•Critical
Debian
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!