Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 70 articles for you...
172

Ubuntu 25.10 Rust-Tar Key Permissions Escalation USN-8138-1 CVE-2026-33056

tar-rs could be made to modify permissions on arbitrary directories.. ========================================================================== Ubuntu Security Notice USN-8138-1 April 01, 2026 rust-tar vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: tar-rs could be made to modify permissions on arbitrary directories. Software Description: - rust-tar: A tar archive reading/writing library for Rust Details: It was discovered that tar-rs incorrectly handled symlinks when unpacking a tar archive. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could use this issue to modify permissions of arbitrary directories outside the extraction root, and possibly escalate privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 librust-tar-dev 0.4.43-4ubuntu0.1 Ubuntu 24.04 LTS librust-tar-dev 0.4.40-1ubuntu0.1 Ubuntu 22.04 LTS librust-tar+default-dev 0.4.37-3ubuntu0.1 librust-tar-dev 0.4.37-3ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8138-1 CVE-2026-33056 Package Information: https://launchpad.net/ubuntu/+source/rust-tar/0.4.43-4ubuntu0.1 https://launchpad.net/ubuntu/+source/rust-tar/0.4.40-1ubuntu0.1 https://launchpad.net/ubuntu/+source/rust-tar/0.4.37-3ubuntu0.1 . A critical rust-tar issue allows permission modifications on arbitrary directories. Update for Ubuntu systems to secure your environment.. rust-tar permissions issue, Ubuntu security advisory, privilege escalation Ubuntu, rust-tar vulnerability, Ubuntu update instructions. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Apr 01, 2026 Important Ubuntu
89

Fedora 42: Important Permission Issues in cloud-init with CVE-2024-6174

Backport fixes for CVE-2024-6174 and CVE-2024-11584 cloud-init included the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. An unprivelege user could trigger hotplug-hook commands (CVE-2024-11584) When a non-x86 platform is detected, cloud-init granted root access to a. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-b93ee7b368 2025-07-30 01:21:50.253416+00:00 -------------------------------------------------------------------------------- Name : cloud-init Product : Fedora 42 Version : 24.2 Release : 5.fc42 URL : https://github.com/canonical/cloud-init Summary : Cloud instance init scripts Description : Cloud-init is a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install ssh keys and to let the user run various scripts. -------------------------------------------------------------------------------- Update Information: Backport fixes for CVE-2024-6174 and CVE-2024-11584 cloud-init included the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. An unprivelege user could trigger hotplug-hook commands (CVE-2024-11584) When a non-x86 platform is detected, cloud-init granted root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration (CVE-2024-6174) Note that the fix for CVE-2024-6174 includes a change that may break non-x86 OpenStack Nova users. Affected users may wish to use ConfigDrive as a workaround -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 21 2025 Jeremy Cline - 24.2-5 - Backport fixes for CVE-2024-6174 and CVE-2024-11584 - cloud-init included the systemd socket unit cloud-init-hotplugd.socket withdefault SocketMode that grants 0666 permissions, making it world- writable. An unprivelege user could trigger hotplug-hook commands (CVE-2024-11584) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2375012 - CVE-2024-6174 cloud-init: From CVEorg collector [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2375012 [ 2 ] Bug #2375013 - CVE-2024-6174 cloud-init: From CVEorg collector [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2375013 [ 3 ] Bug #2375025 - CVE-2024-11584 cloud-init: From CVEorg collector [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2375025 [ 4 ] Bug #2375026 - CVE-2024-11584 cloud-init: From CVEorg collector [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2375026 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-b93ee7b368' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Updates addressing severe vulnerabilitiesin cloud-init involve permission modifications and root access problems within Fedora 42.. Fedora 42 Security, cloud-init Update, Root Access Issue, Systemd Socket Vulnerability. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 30, 2025 Important Fedora
197

Debian 11 Bullseye DLA-3948-1 Critical: pypy3 Permissions Issue

Brief introduction CVE-2023-6597 . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3948-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Andrej Shadura November 07, 2024 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : pypy3 Version : 7.3.5+dfsg-2+deb11u3 CVE ID : CVE-2023-6597 CVE-2023-24329 CVE-2023-40217 CVE-2024-0450 Debian Bug : Brief introduction CVE-2023-6597 An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances. CVE-2023-24329 An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. CVE-2023-40217 An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.) CVE-2024-0450 An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive. For Debian 11 bullseye, these problems have been fixed in version 7.3.5+dfsg-2+deb11u3. We recommend that you upgrade your pypy3 packages. For the detailed security status of pypy3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/pypy3 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Debian LTS Advisory DLA-3949-1 highlights vulnerabilities in python3, which have implications for several CVE entries.. Debian Security Advisory,pypy3 update,Critical Threats,Permissions Issues. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Nov 07, 2024 Critical Debian LTS
203

Mageia 9 MGASA-2024-0315 moderate: Apache mod_jk permission flaw

Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service. (CVE-2024-46544) . MGASA-2024-0315 - Updated apache-mod_jk packages fix security vulnerability Publication date: 27 Sep 2024 URL: https://advisories.mageia.org/MGASA-2024-0315.html Type: security Affected Mageia releases: 9 CVE: CVE-2024-46544 Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service. (CVE-2024-46544) References: - https://bugs.mageia.org/show_bug.cgi?id=33586 - https://www.openwall.com/lists/oss-security/2024/09/23/1 - https://www.cve.org/CVERecord?id=CVE-2024-46544 SRPMS: - 9/core/apache-mod_jk-1.2.50-1.mga9 . Revised Nginx mod_proxy modules address vulnerabilities related to user permissions and configuration integrity.. apache mod_jk, permissions flaw, security update. . LinuxSecurity.com Team

Calendar%202 Sep 27, 2024 Mageia
100

SUSE: 2024:0291-1 Important: Addressing rear116 Permissions Issue

* bsc#1218728 Cross-References: * CVE-2024-23301 . # Security update for rear116 Announcement ID: SUSE-SU-2024:0291-1 Rating: important References: * bsc#1218728 Cross-References: * CVE-2024-23301 CVSS scores: * CVE-2024-23301 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23301 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise High Availability Extension 12 SP5 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for rear116 fixes the following issues: * CVE-2024-23301: Corrected world-readable permissions for initrd, which could be an issue if it contains sensitive information (bsc#1218728). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-HA-12-SP5-2024-291=1 * SUSE Linux Enterprise High Availability Extension 12 SP5 zypper in -t patch SUSE-SLE-HA-12-SP5-2024-291=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * rear116-1.16-15.3.1 * SUSE Linux Enterprise High Availability Extension 12 SP5 (noarch) * rear116-1.16-15.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-23301.html * https://bugzilla.suse.com/show_bug.cgi?id=1218728 . The release of rear116 resolves a critical permissions vulnerability found in SUSE Linux Enterprise systems, which pertains to the unauthorized access of confidential information.. SUSE Linux Update,rear116 Security Fix,SUSE Vulnerability Management,Importance of Security Updates,Linux Enterprise Security. . Severity: Important.LinuxSecurity.com Team

Calendar%202 Jan 31, 2024 Important SuSE
100

SUSE: 2024:0301-2 Critical: Front9873b Access Problem Resolved

* bsc#1218728 Cross-References: * CVE-2024-23301 . # Security update for rear1172a Announcement ID: SUSE-SU-2024:0292-1 Rating: important References: * bsc#1218728 Cross-References: * CVE-2024-23301 CVSS scores: * CVE-2024-23301 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23301 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise High Availability Extension 12 SP5 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for rear1172a fixes the following issues: * CVE-2024-23301: Corrected world-readable permissions for initrd, which could be an issue if it contains sensitive information (bsc#1218728). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-HA-12-SP5-2024-292=1 * SUSE Linux Enterprise High Availability Extension 12 SP5 zypper in -t patch SUSE-SLE-HA-12-SP5-2024-292=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * rear1172a-1.17.2.a-5.3.1 * SUSE Linux Enterprise High Availability Extension 12 SP5 (x86_64) * rear1172a-1.17.2.a-5.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-23301.html * https://bugzilla.suse.com/show_bug.cgi?id=1218728 . The recent patch for rear1172a resolves significant access control vulnerabilities, ensuring the safeguarding of confidential information in SUSE systems.. SUSE Linux, rear1172a Security, Important Update, High Availability Security, Permissions Fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jan 31, 2024 Important SuSE
202

openSUSE: SUSE-SU-2024:0284-1 Important: Slurm Permissions Issue

This update for slurm fixes the following issues: Update to slurm 23.02.6:. # Security update for slurm Announcement ID: SUSE-SU-2024:0284-1 Rating: important References: * bsc#1216869 * bsc#1217711 * bsc#1218046 * bsc#1218049 * bsc#1218050 * bsc#1218051 * bsc#1218053 Cross-References: * CVE-2023-49933 * CVE-2023-49935 * CVE-2023-49936 * CVE-2023-49937 * CVE-2023-49938 CVSS scores: * CVE-2023-49933 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-49933 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-49935 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-49935 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-49936 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2023-49936 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-49937 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2023-49937 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-49938 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-49938 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Affected Products: * HPC Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that solves five vulnerabilities and has two security fixes can now be installed. ## Description: This update for slurm fixes the following issues: Update to slurm 23.02.6: Security fixes: * CVE-2023-49933: Prevent message extension attacks that could bypass the message hash. (bsc#1218046) * CVE-2023-49935: Prevent message hash bypass in slurmd which can allow an attacker to reuse root-level MUNGE tokens andescalate permissions. (bsc#1218049) * CVE-2023-49936: Prevent NULL pointer dereference on `size_valp` overflow. (bsc#1218050) * CVE-2023-49937: Prevent double-xfree() on error in `_unpack_node_reg_resp()`. (bsc#1218051) * CVE-2023-49938: Prevent modified `sbcast` RPCs from opening a file with the wrong group permissions. (bsc#1218053) Other fixes: * Add missing service file for slurmrestd (bsc#1217711). * Fix slurm upgrading to incompatible versions (bsc#1216869). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * HPC Module 15-SP5 zypper in -t patch SUSE-SLE-Module-HPC-15-SP5-2024-284=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-284=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-284=1 openSUSE-SLE-15.5-2024-284=1 ## Package List: * HPC Module 15-SP5 (aarch64 x86_64) * slurm-sql-debuginfo-23.02.7-150500.5.15.1 * slurm-munge-23.02.7-150500.5.15.1 * slurm-cray-23.02.7-150500.5.15.1 * slurm-pam_slurm-debuginfo-23.02.7-150500.5.15.1 * slurm-slurmdbd-debuginfo-23.02.7-150500.5.15.1 * slurm-rest-23.02.7-150500.5.15.1 * slurm-torque-debuginfo-23.02.7-150500.5.15.1 * slurm-plugin-ext-sensors-rrd-23.02.7-150500.5.15.1 * perl-slurm-debuginfo-23.02.7-150500.5.15.1 * slurm-auth-none-23.02.7-150500.5.15.1 * slurm-plugin-ext-sensors-rrd-debuginfo-23.02.7-150500.5.15.1 * slurm-sview-23.02.7-150500.5.15.1 * slurm-debuginfo-23.02.7-150500.5.15.1 * slurm-23.02.7-150500.5.15.1 * slurm-node-23.02.7-150500.5.15.1 * slurm-devel-23.02.7-150500.5.15.1 * slurm-plugins-debuginfo-23.02.7-150500.5.15.1 * slurm-torque-23.02.7-150500.5.15.1 * libpmi0-23.02.7-150500.5.15.1 * libpmi0-debuginfo-23.02.7-150500.5.15.1 * slurm-auth-none-debuginfo-23.02.7-150500.5.15.1 *slurm-sql-23.02.7-150500.5.15.1 * libnss_slurm2-23.02.7-150500.5.15.1 * libnss_slurm2-debuginfo-23.02.7-150500.5.15.1 * slurm-cray-debuginfo-23.02.7-150500.5.15.1 * slurm-rest-debuginfo-23.02.7-150500.5.15.1 * slurm-sview-debuginfo-23.02.7-150500.5.15.1 * perl-slurm-23.02.7-150500.5.15.1 * slurm-pam_slurm-23.02.7-150500.5.15.1 * slurm-debugsource-23.02.7-150500.5.15.1 * slurm-lua-23.02.7-150500.5.15.1 * libslurm39-debuginfo-23.02.7-150500.5.15.1 * libslurm39-23.02.7-150500.5.15.1 * slurm-munge-debuginfo-23.02.7-150500.5.15.1 * slurm-node-debuginfo-23.02.7-150500.5.15.1 * slurm-plugins-23.02.7-150500.5.15.1 * slurm-slurmdbd-23.02.7-150500.5.15.1 * slurm-lua-debuginfo-23.02.7-150500.5.15.1 * HPC Module 15-SP5 (noarch) * slurm-config-man-23.02.7-150500.5.15.1 * slurm-doc-23.02.7-150500.5.15.1 * slurm-config-23.02.7-150500.5.15.1 * slurm-webdoc-23.02.7-150500.5.15.1 * SUSE Package Hub 15 15-SP5 (ppc64le s390x) * slurm-sql-debuginfo-23.02.7-150500.5.15.1 * slurm-munge-23.02.7-150500.5.15.1 * slurm-cray-23.02.7-150500.5.15.1 * slurm-pam_slurm-debuginfo-23.02.7-150500.5.15.1 * slurm-slurmdbd-debuginfo-23.02.7-150500.5.15.1 * slurm-rest-23.02.7-150500.5.15.1 * slurm-hdf5-23.02.7-150500.5.15.1 * slurm-torque-debuginfo-23.02.7-150500.5.15.1 * perl-slurm-debuginfo-23.02.7-150500.5.15.1 * slurm-auth-none-23.02.7-150500.5.15.1 * slurm-sview-23.02.7-150500.5.15.1 * slurm-debuginfo-23.02.7-150500.5.15.1 * slurm-23.02.7-150500.5.15.1 * slurm-node-23.02.7-150500.5.15.1 * slurm-devel-23.02.7-150500.5.15.1 * slurm-plugins-debuginfo-23.02.7-150500.5.15.1 * slurm-torque-23.02.7-150500.5.15.1 * libpmi0-23.02.7-150500.5.15.1 * libpmi0-debuginfo-23.02.7-150500.5.15.1 * slurm-auth-none-debuginfo-23.02.7-150500.5.15.1 * slurm-sql-23.02.7-150500.5.15.1 * libnss_slurm2-23.02.7-150500.5.15.1 * libnss_slurm2-debuginfo-23.02.7-150500.5.15.1 *slurm-cray-debuginfo-23.02.7-150500.5.15.1 * slurm-rest-debuginfo-23.02.7-150500.5.15.1 * slurm-sview-debuginfo-23.02.7-150500.5.15.1 * perl-slurm-23.02.7-150500.5.15.1 * slurm-pam_slurm-23.02.7-150500.5.15.1 * slurm-debugsource-23.02.7-150500.5.15.1 * slurm-lua-23.02.7-150500.5.15.1 * slurm-munge-debuginfo-23.02.7-150500.5.15.1 * slurm-hdf5-debuginfo-23.02.7-150500.5.15.1 * slurm-node-debuginfo-23.02.7-150500.5.15.1 * slurm-plugins-23.02.7-150500.5.15.1 * slurm-slurmdbd-23.02.7-150500.5.15.1 * slurm-lua-debuginfo-23.02.7-150500.5.15.1 * SUSE Package Hub 15 15-SP5 (noarch) * slurm-seff-23.02.7-150500.5.15.1 * slurm-openlava-23.02.7-150500.5.15.1 * slurm-doc-23.02.7-150500.5.15.1 * slurm-config-23.02.7-150500.5.15.1 * slurm-webdoc-23.02.7-150500.5.15.1 * slurm-config-man-23.02.7-150500.5.15.1 * slurm-sjstat-23.02.7-150500.5.15.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * slurm-sql-debuginfo-23.02.7-150500.5.15.1 * slurm-munge-23.02.7-150500.5.15.1 * slurm-cray-23.02.7-150500.5.15.1 * slurm-pam_slurm-debuginfo-23.02.7-150500.5.15.1 * slurm-slurmdbd-debuginfo-23.02.7-150500.5.15.1 * slurm-rest-23.02.7-150500.5.15.1 * slurm-hdf5-23.02.7-150500.5.15.1 * slurm-torque-debuginfo-23.02.7-150500.5.15.1 * slurm-plugin-ext-sensors-rrd-23.02.7-150500.5.15.1 * perl-slurm-debuginfo-23.02.7-150500.5.15.1 * slurm-auth-none-23.02.7-150500.5.15.1 * slurm-plugin-ext-sensors-rrd-debuginfo-23.02.7-150500.5.15.1 * slurm-sview-23.02.7-150500.5.15.1 * slurm-debuginfo-23.02.7-150500.5.15.1 * slurm-23.02.7-150500.5.15.1 * slurm-node-23.02.7-150500.5.15.1 * slurm-devel-23.02.7-150500.5.15.1 * slurm-plugins-debuginfo-23.02.7-150500.5.15.1 * slurm-torque-23.02.7-150500.5.15.1 * libpmi0-23.02.7-150500.5.15.1 * libpmi0-debuginfo-23.02.7-150500.5.15.1 * slurm-auth-none-debuginfo-23.02.7-150500.5.15.1 * slurm-sql-23.02.7-150500.5.15.1 *libnss_slurm2-23.02.7-150500.5.15.1 * libnss_slurm2-debuginfo-23.02.7-150500.5.15.1 * slurm-cray-debuginfo-23.02.7-150500.5.15.1 * slurm-rest-debuginfo-23.02.7-150500.5.15.1 * slurm-sview-debuginfo-23.02.7-150500.5.15.1 * perl-slurm-23.02.7-150500.5.15.1 * slurm-testsuite-23.02.7-150500.5.15.1 * slurm-pam_slurm-23.02.7-150500.5.15.1 * slurm-debugsource-23.02.7-150500.5.15.1 * slurm-lua-23.02.7-150500.5.15.1 * libslurm39-debuginfo-23.02.7-150500.5.15.1 * libslurm39-23.02.7-150500.5.15.1 * slurm-munge-debuginfo-23.02.7-150500.5.15.1 * slurm-hdf5-debuginfo-23.02.7-150500.5.15.1 * slurm-node-debuginfo-23.02.7-150500.5.15.1 * slurm-plugins-23.02.7-150500.5.15.1 * slurm-slurmdbd-23.02.7-150500.5.15.1 * slurm-lua-debuginfo-23.02.7-150500.5.15.1 * openSUSE Leap 15.5 (noarch) * slurm-seff-23.02.7-150500.5.15.1 * slurm-openlava-23.02.7-150500.5.15.1 * slurm-doc-23.02.7-150500.5.15.1 * slurm-config-23.02.7-150500.5.15.1 * slurm-webdoc-23.02.7-150500.5.15.1 * slurm-config-man-23.02.7-150500.5.15.1 * slurm-sjstat-23.02.7-150500.5.15.1 ## References: * https://www.suse.com/security/cve/CVE-2023-49933.html * https://www.suse.com/security/cve/CVE-2023-49935.html * https://www.suse.com/security/cve/CVE-2023-49936.html * https://www.suse.com/security/cve/CVE-2023-49937.html * https://www.suse.com/security/cve/CVE-2023-49938.html * https://bugzilla.suse.com/show_bug.cgi?id=1216869 * https://bugzilla.suse.com/show_bug.cgi?id=1217711 * https://bugzilla.suse.com/show_bug.cgi?id=1218046 * https://bugzilla.suse.com/show_bug.cgi?id=1218049 * https://bugzilla.suse.com/show_bug.cgi?id=1218050 * https://bugzilla.suse.com/show_bug.cgi?id=1218051 * https://bugzilla.suse.com/show_bug.cgi?id=1218053 . Essential security patch for slurm addresses multiple vulnerabilities and enhances overall protection. Important for every affected user.. SUSE Updates, slurm Security, System Improvement, Patch Management. . Severity:Important. LinuxSecurity.com Team

Calendar%202 Jan 31, 2024 Important OpenSUSE
100

SUSE: 2024:0239-1 important: corrected permissions in rear23a

* bsc#1218728 Cross-References: * CVE-2024-23301 . # Security update for rear23a Announcement ID: SUSE-SU-2024:0239-1 Rating: important References: * bsc#1218728 Cross-References: * CVE-2024-23301 CVSS scores: * CVE-2024-23301 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23301 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise High Availability Extension 15 SP1 * SUSE Linux Enterprise High Availability Extension 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 An update that solves one vulnerability can now be installed. ## Description: This update for rear23a fixes the following issues: * CVE-2024-23301: Corrected world-readable permissions for initrd, which could be an issue if it contains sensitive information (bsc#1218728). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Availability Extension 15 SP1 zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2024-239=1 * SUSE Linux Enterprise High Availability Extension 15 SP2 zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2024-239=1 ## Package List: * SUSE Linux Enterprise High Availability Extension 15 SP1 (ppc64le x86_64) *rear23a-2.3.a-150000.9.9.1 * SUSE Linux Enterprise High Availability Extension 15 SP2 (ppc64le x86_64) * rear23a-2.3.a-150000.9.9.1 ## References: * https://www.suse.com/security/cve/CVE-2024-23301.html * https://bugzilla.suse.com/show_bug.cgi?id=1218728 . A critical update for rear23a has been released, resolving CVE-2024-23301's vulnerabilities in access management within SUSE Linux.. SUSE Linux Update,rear23a,Permissions Issue,Important Advisory,Security Fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jan 26, 2024 Important SuSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200