Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 1 articles for you...
100
security advisoryupdateSUSESUSE 15 SP3: 2025:0246-1 important: Live Patch 48 security update
* bsc#1226324 * bsc#1232637 * bsc#1233712 Cross-References: . # Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP3) Announcement ID: SUSE-SU-2025:0246-1 Release Date: 2025-01-27T12:04:06Z Rating: important References: * bsc#1226324 * bsc#1232637 * bsc#1233712 Cross-References: * CVE-2022-48956 * CVE-2024-36971 * CVE-2024-50264 CVSS scores: * CVE-2022-48956 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48956 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36971 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36971 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50264 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50264 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50264 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_174 fixes several issues. The following security issues were fixed: * CVE-2024-36971: Fixed __dst_negative_advice() race (bsc#1226324). * CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-> trans (bsc#1233712). * CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1232637). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-246=1 * SUSE Linux EnterpriseLive Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-246=1 ## Package List: * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_174-default-debuginfo-3-150300.7.6.1 * kernel-livepatch-SLE15-SP3_Update_48-debugsource-3-150300.7.6.1 * kernel-livepatch-5_3_18-150300_59_174-default-3-150300.7.6.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_174-preempt-debuginfo-3-150300.7.6.1 * kernel-livepatch-5_3_18-150300_59_174-preempt-3-150300.7.6.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_174-default-3-150300.7.6.1 ## References: * https://www.suse.com/security/cve/CVE-2022-48956.html * https://www.suse.com/security/cve/CVE-2024-36971.html * https://www.suse.com/security/cve/CVE-2024-50264.html * https://bugzilla.suse.com/show_bug.cgi?id=1226324 * https://bugzilla.suse.com/show_bug.cgi?id=1232637 * https://bugzilla.suse.com/show_bug.cgi?id=1233712 . Apply the most recent critical security patches for the Linux Kernel through SUSE to strengthen defences against vulnerabilities.. Linux Kernel Update,SUSE Security Advisory,Live Patch 48,Security Fixes. . Severity: Important. LinuxSecurity.com Team
Jan 27, 2025
•Important
SuSE
100
security advisoryimportantkernelSUSE: 2024:3425-1 important: fix for Kernel Live Patch security issues
* bsc#1223521 * bsc#1225099 * bsc#1225313 Cross-References: . # Security update for the Linux Kernel (Live Patch 18 for SLE 15 SP4) Announcement ID: SUSE-SU-2024:3425-1 Rating: important References: * bsc#1223521 * bsc#1225099 * bsc#1225313 Cross-References: * CVE-2022-48662 * CVE-2023-52846 * CVE-2024-35817 CVSS scores: * CVE-2022-48662 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48662 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35817 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_88 fixes several issues. The following security issues were fixed: * CVE-2023-52846: Prevent use after free in prp_create_tagged_frame() (bsc#1225099). * CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223521). * CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1225313). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-3425=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2024-3425=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) *kernel-livepatch-5_14_21-150400_24_88-default-debuginfo-13-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_18-debugsource-13-150400.2.2 * kernel-livepatch-5_14_21-150400_24_88-default-13-150400.2.2 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_88-default-debuginfo-13-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_18-debugsource-13-150400.2.2 * kernel-livepatch-5_14_21-150400_24_88-default-13-150400.2.2 ## References: * https://www.suse.com/security/cve/CVE-2022-48662.html * https://www.suse.com/security/cve/CVE-2023-52846.html * https://www.suse.com/security/cve/CVE-2024-35817.html * https://bugzilla.suse.com/show_bug.cgi?id=1223521 * https://bugzilla.suse.com/show_bug.cgi?id=1225099 * https://bugzilla.suse.com/show_bug.cgi?id=1225313 . Essential revisions targeting vulnerabilities within the Linux Kernel live patch for SUSE platforms, guaranteeing improved security measures.. Linux Kernel, Security Advisory, SUSE, Live Patching. . Severity: Important. LinuxSecurity.com Team
Sep 24, 2024
•Important
SuSE
89
security advisoryupdateFedoraFedora 37: 2023-4827db70a8 Moderate: open62541 DoS Protection Information
Update 1.2.6. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-4827db70a8 2023-01-30 01:23:29.292078 --------------------------------------------------------------------------------Name : open62541 Product : Fedora 37 Version : 1.2.6 Release : 1.fc37 URL : Summary : OPC UA implementation Description : open62541 is a C-based library (linking with C++ projects is possible) with all necessary tools to implement dedicated OPC UA clients and servers, or to integrate OPC UA-based communication into existing applications. --------------------------------------------------------------------------------Update Information: Update 1.2.6 --------------------------------------------------------------------------------ChangeLog: * Fri Jan 20 2023 Peter Robinson - 1.2.6-1 - Update 1.2.6 * Fri Jul 22 2022 Fedora Release Engineering - 1.2.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Fri Jun 10 2022 Peter Robinson - 1.2.5-1 - Update to 1.2.5 --------------------------------------------------------------------------------References: [ 1 ] Bug #2122901 - CVE-2022-25761 open62541: incorrect limits allow a DoS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2122901 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-4827db70a8' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list
Jan 30, 2023
•Important
Fedora
100
security advisorymoderatesoftware updateSUSE: 2022:4603-1 Moderate: sqlite3 Security Patch Update
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for sqlite3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4603-1 Rating: moderate References: #1206337 Cross-References: CVE-2022-46908 CVSS scores: CVE-2022-46908 (NVD) : 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L CVE-2022-46908 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4603=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4603=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): sqlite3-debuginfo-3.39.3-9.26.1 sqlite3-debugsource-3.39.3-9.26.1 sqlite3-devel-3.39.3-9.26.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libsqlite3-0-3.39.3-9.26.1 libsqlite3-0-debuginfo-3.39.3-9.26.1 sqlite3-3.39.3-9.26.1 sqlite3-debuginfo-3.39.3-9.26.1 sqlite3-debugsource-3.39.3-9.26.1 sqlite3-devel-3.39.3-9.26.1 sqlite3-tcl-3.39.3-9.26.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libsqlite3-0-32bit-3.39.3-9.26.1 libsqlite3-0-debuginfo-32bit-3.39.3-9.26.1 References: https://www.suse.com/security/cve/CVE-2022-46908.html https://bugzilla.suse.com/1206337 . SUSE Security Alert for sqlite4 resolves a significant vulnerability through SUSE-SU-2022:4604-1, promoting enhanced protection during script operations.. SUSE Linux, sqlite3 update, CLI execution, software security, protection mechanisms. . LinuxSecurity.com Team
Dec 21, 2022
SuSE
98
security advisorymoderateRed HatRed Hat Software Collections RHSA-2022-1664-01 Moderate HTML Cleaner Threat
An update for rh-python38-python, rh-python38-python-lxml, and rh-python38-python-pip is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Software Collections security update Advisory ID: RHSA-2022:1664-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2022:1664 Issue date: 2022-05-02 CVE Names: CVE-2021-43818 ==================================================================== 1. Summary: An update for rh-python38-python, rh-python38-python-lxml, and rh-python38-python-pip is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: lxml is an XML processing library providing access to libxml2 and libxslt libraries using the Python ElementTree API. Security Fix(es): * python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through (CVE-2021-43818) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2032569 - CVE-2021-43818 python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through 2064443 - SCL Python 3.8: pip contains bundled pre-built exe files in site-packages/pip/_vendor/distlib/ [rhscl-3.8.z] 2068592 - Rebase the python3.8 interpreter to version 3.8.13 [rhscl-3.8.z] 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v.7): Source: rh-python38-python-3.8.13-1.el7.src.rpm rh-python38-python-lxml-4.4.1-8.el7.src.rpm rh-python38-python-pip-19.3.1-3.el7.src.rpm noarch: rh-python38-python-pip-19.3.1-3.el7.noarch.rpm rh-python38-python-pip-wheel-19.3.1-3.el7.noarch.rpm rh-python38-python-rpm-macros-3.8.13-1.el7.noarch.rpm rh-python38-python-srpm-macros-3.8.13-1.el7.noarch.rpm ppc64le: rh-python38-python-3.8.13-1.el7.ppc64le.rpm rh-python38-python-debug-3.8.13-1.el7.ppc64le.rpm rh-python38-python-debuginfo-3.8.13-1.el7.ppc64le.rpm rh-python38-python-devel-3.8.13-1.el7.ppc64le.rpm rh-python38-python-idle-3.8.13-1.el7.ppc64le.rpm rh-python38-python-libs-3.8.13-1.el7.ppc64le.rpm rh-python38-python-lxml-4.4.1-8.el7.ppc64le.rpm rh-python38-python-lxml-debuginfo-4.4.1-8.el7.ppc64le.rpm rh-python38-python-test-3.8.13-1.el7.ppc64le.rpm rh-python38-python-tkinter-3.8.13-1.el7.ppc64le.rpm s390x: rh-python38-python-3.8.13-1.el7.s390x.rpm rh-python38-python-debug-3.8.13-1.el7.s390x.rpm rh-python38-python-debuginfo-3.8.13-1.el7.s390x.rpm rh-python38-python-devel-3.8.13-1.el7.s390x.rpm rh-python38-python-idle-3.8.13-1.el7.s390x.rpm rh-python38-python-libs-3.8.13-1.el7.s390x.rpm rh-python38-python-lxml-4.4.1-8.el7.s390x.rpm rh-python38-python-lxml-debuginfo-4.4.1-8.el7.s390x.rpm rh-python38-python-test-3.8.13-1.el7.s390x.rpm rh-python38-python-tkinter-3.8.13-1.el7.s390x.rpm x86_64: rh-python38-python-3.8.13-1.el7.x86_64.rpm rh-python38-python-debug-3.8.13-1.el7.x86_64.rpm rh-python38-python-debuginfo-3.8.13-1.el7.x86_64.rpm rh-python38-python-devel-3.8.13-1.el7.x86_64.rpm rh-python38-python-idle-3.8.13-1.el7.x86_64.rpm rh-python38-python-libs-3.8.13-1.el7.x86_64.rpm rh-python38-python-lxml-4.4.1-8.el7.x86_64.rpm rh-python38-python-lxml-debuginfo-4.4.1-8.el7.x86_64.rpm rh-python38-python-test-3.8.13-1.el7.x86_64.rpm rh-python38-python-tkinter-3.8.13-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v.7): Source: rh-python38-python-3.8.13-1.el7.src.rpm rh-python38-python-lxml-4.4.1-8.el7.src.rpm rh-python38-python-pip-19.3.1-3.el7.src.rpm noarch: rh-python38-python-pip-19.3.1-3.el7.noarch.rpm rh-python38-python-pip-wheel-19.3.1-3.el7.noarch.rpm rh-python38-python-rpm-macros-3.8.13-1.el7.noarch.rpm rh-python38-python-srpm-macros-3.8.13-1.el7.noarch.rpm x86_64: rh-python38-python-3.8.13-1.el7.x86_64.rpm rh-python38-python-debug-3.8.13-1.el7.x86_64.rpm rh-python38-python-debuginfo-3.8.13-1.el7.x86_64.rpm rh-python38-python-devel-3.8.13-1.el7.x86_64.rpm rh-python38-python-idle-3.8.13-1.el7.x86_64.rpm rh-python38-python-libs-3.8.13-1.el7.x86_64.rpm rh-python38-python-lxml-4.4.1-8.el7.x86_64.rpm rh-python38-python-lxml-debuginfo-4.4.1-8.el7.x86_64.rpm rh-python38-python-test-3.8.13-1.el7.x86_64.rpm rh-python38-python-tkinter-3.8.13-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-43818 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYm+vntzjgjWX9erEAQi/gg/8CuTnUa8Ds0aFv3nwfjfiZcq3N8VWxTHB kdG/iamBiMPAjPMRPFB7HqetmzbmbzB3Qc/1QYbRvnkYGGUoDzdhxlwjhb9lkgwU rfWtpB4A4ryffT+V2va/8GDBnipLGmT9Myg0CcJmQ+gi75zB/+nGgAGCoxpJGCv7 QDLm+IIKVUpGmDQkny2BSWzA64iQJMz2Kb1gy/igOLHyn4RmJkrt8nqZbLoN1KF7 KnQG6GxMtfai3PmoHBQUA/CsD49V3Z2kYgT6xmq9l3xzYLkIeMSRvEqPdkwGOROP 9l+SV7VvD/lqKTgpfAyAw7BzG5T088ZgMB1MjIHDbU8I0uy2A5PvGjfdW1u35okT CZnpzTPWLeJqDO4rs4YdU8uJRJjm9gA20Ts9I0S1GIT/oJIW3FxElVr1ya2bQQNc OR1ytZvJBfR7QzjkzLIzLUEoyLgRd/gvja59+SYLM3RMxjfcY8OPZk6MbBXvdkwL kY3E2k/W4jCXMXI9bb7okNO/RmGrGQ3Zz526NlOsOJZwtJrqyFILPL1V/bDOFGDW lL1oQnROilEIZY07RpYDw6j042Tp3I0imv3TX6o192dYYJP1ybDNv9jPmcl77Eqt p2r8rtnA0NO8yUwEBUFkoOyI4MBmLmqy7tJCI2r51KvMgyTaaAo087kNnwIbvWG3 lanRNEaBolA=vlmi -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 02, 2022
Red Hat
98
security advisorymoderateRed HatRed Hat: RHSA-2021-0485-01 Moderate: rh-nodejs12-nodejs Update
An update for rh-nodejs12-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: rh-nodejs12-nodejs security update Advisory ID: RHSA-2021:0485-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2021:0485 Issue date: 2021-02-11 CVE Names: CVE-2019-10746 CVE-2019-10747 CVE-2020-7754 CVE-2020-7788 CVE-2020-8265 CVE-2020-8287 ==================================================================== 1. Summary: An update for rh-nodejs12-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs12-nodejs (12.20.1), rh-nodejs12-nodejs-nodemon (2.0.3). Security Fix(es): * nodejs-mixin-deep: prototype pollution in functionmixin-deep (CVE-2019-10746) * nodejs-set-value: prototype pollution in function set-value (CVE-2019-10747) * nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS (CVE-2020-7754) * nodejs-ini: prototype pollution via malicious INI file (CVE-2020-7788) * nodejs: use-after-free in the TLS implementation (CVE-2020-8265) * nodejs: HTTP request smuggling via two copies of a header field in an http request (CVE-2020-8287) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1795475 - CVE-2019-10746 nodejs-mixin-deep: prototype pollution in function mixin-deep 1795479 - CVE-2019-10747 nodejs-set-value: prototype pollution in function set-value 1892430 - CVE-2020-7754 nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS 1907444 - CVE-2020-7788 nodejs-ini: prototype pollution via malicious INI file 1912854 - CVE-2020-8265 nodejs: use-after-free in the TLS implementation 1912863 - CVE-2020-8287 nodejs: HTTP request smuggling via two copies of a header field in an http request 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v.7): Source: rh-nodejs12-nodejs-12.20.1-1.el7.src.rpm rh-nodejs12-nodejs-nodemon-2.0.3-1.el7.src.rpm noarch: rh-nodejs12-nodejs-docs-12.20.1-1.el7.noarch.rpm rh-nodejs12-nodejs-nodemon-2.0.3-1.el7.noarch.rpm ppc64le: rh-nodejs12-nodejs-12.20.1-1.el7.ppc64le.rpm rh-nodejs12-nodejs-debuginfo-12.20.1-1.el7.ppc64le.rpm rh-nodejs12-nodejs-devel-12.20.1-1.el7.ppc64le.rpm rh-nodejs12-npm-6.14.10-12.20.1.1.el7.ppc64le.rpm s390x: rh-nodejs12-nodejs-12.20.1-1.el7.s390x.rpm rh-nodejs12-nodejs-debuginfo-12.20.1-1.el7.s390x.rpm rh-nodejs12-nodejs-devel-12.20.1-1.el7.s390x.rpm rh-nodejs12-npm-6.14.10-12.20.1.1.el7.s390x.rpm x86_64: rh-nodejs12-nodejs-12.20.1-1.el7.x86_64.rpm rh-nodejs12-nodejs-debuginfo-12.20.1-1.el7.x86_64.rpm rh-nodejs12-nodejs-devel-12.20.1-1.el7.x86_64.rpm rh-nodejs12-npm-6.14.10-12.20.1.1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6): Source: rh-nodejs12-nodejs-12.20.1-1.el7.src.rpm rh-nodejs12-nodejs-nodemon-2.0.3-1.el7.src.rpm noarch: rh-nodejs12-nodejs-docs-12.20.1-1.el7.noarch.rpm rh-nodejs12-nodejs-nodemon-2.0.3-1.el7.noarch.rpm ppc64le: rh-nodejs12-nodejs-12.20.1-1.el7.ppc64le.rpm rh-nodejs12-nodejs-debuginfo-12.20.1-1.el7.ppc64le.rpm rh-nodejs12-nodejs-devel-12.20.1-1.el7.ppc64le.rpm rh-nodejs12-npm-6.14.10-12.20.1.1.el7.ppc64le.rpm s390x: rh-nodejs12-nodejs-12.20.1-1.el7.s390x.rpm rh-nodejs12-nodejs-debuginfo-12.20.1-1.el7.s390x.rpm rh-nodejs12-nodejs-devel-12.20.1-1.el7.s390x.rpm rh-nodejs12-npm-6.14.10-12.20.1.1.el7.s390x.rpm x86_64: rh-nodejs12-nodejs-12.20.1-1.el7.x86_64.rpm rh-nodejs12-nodejs-debuginfo-12.20.1-1.el7.x86_64.rpm rh-nodejs12-nodejs-devel-12.20.1-1.el7.x86_64.rpm rh-nodejs12-npm-6.14.10-12.20.1.1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v.7.7): Source: rh-nodejs12-nodejs-12.20.1-1.el7.src.rpm rh-nodejs12-nodejs-nodemon-2.0.3-1.el7.src.rpm noarch: rh-nodejs12-nodejs-docs-12.20.1-1.el7.noarch.rpm rh-nodejs12-nodejs-nodemon-2.0.3-1.el7.noarch.rpm ppc64le: rh-nodejs12-nodejs-12.20.1-1.el7.ppc64le.rpm rh-nodejs12-nodejs-debuginfo-12.20.1-1.el7.ppc64le.rpm rh-nodejs12-nodejs-devel-12.20.1-1.el7.ppc64le.rpm rh-nodejs12-npm-6.14.10-12.20.1.1.el7.ppc64le.rpm s390x: rh-nodejs12-nodejs-12.20.1-1.el7.s390x.rpm rh-nodejs12-nodejs-debuginfo-12.20.1-1.el7.s390x.rpm rh-nodejs12-nodejs-devel-12.20.1-1.el7.s390x.rpm rh-nodejs12-npm-6.14.10-12.20.1.1.el7.s390x.rpm x86_64: rh-nodejs12-nodejs-12.20.1-1.el7.x86_64.rpm rh-nodejs12-nodejs-debuginfo-12.20.1-1.el7.x86_64.rpm rh-nodejs12-nodejs-devel-12.20.1-1.el7.x86_64.rpm rh-nodejs12-npm-6.14.10-12.20.1.1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-nodejs12-nodejs-12.20.1-1.el7.src.rpm rh-nodejs12-nodejs-nodemon-2.0.3-1.el7.src.rpm noarch: rh-nodejs12-nodejs-docs-12.20.1-1.el7.noarch.rpm rh-nodejs12-nodejs-nodemon-2.0.3-1.el7.noarch.rpm x86_64: rh-nodejs12-nodejs-12.20.1-1.el7.x86_64.rpm rh-nodejs12-nodejs-debuginfo-12.20.1-1.el7.x86_64.rpm rh-nodejs12-nodejs-devel-12.20.1-1.el7.x86_64.rpm rh-nodejs12-npm-6.14.10-12.20.1.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2019-10746 https://access.redhat.com/security/cve/CVE-2019-10747 https://access.redhat.com/security/cve/CVE-2020-7754 https://access.redhat.com/security/cve/CVE-2020-7788 https://access.redhat.com/security/cve/CVE-2020-8265 https://access.redhat.com/security/cve/CVE-2020-8287 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat,Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYCUzDtzjgjWX9erEAQhN8Q/9EYy3XsHB2t/o5ed93d1atPwU/EktPG+8 suqXWP4XMzRkPSSMFIEnLzeU+KcCAX9h8J7eZ/lVDDY0tcHbbxoJGwh3ihF7ie54 f3yVAMJ4JSx1jITUlBKnssCsMypQHyVkToIZg5VV1XfYaBJtfYUzLWG8dssshKZL WrZQtgJRzfspzBObAD/0dDKiaphRqISSkLyfx3mox+/WOGmlF7WoGeJn4f0FNVsq lS46Uhj4MjYuxT/o6K6PDXB8w8AYzrPwppolbAWg0r+j4WhabRwTeEaIqbLKE/26 jTWFnzZfpu7IUg0z7oiL0gfrjYa4KH+3syMmqcxmDLWFIyPQuvuFujTaePOMHF7Z D3fhiFVYxlFoRezMEIRJ/c7ugAUBJFKoIYSGzvIFm6dl5iBh9vwD9K3RZsLNj870 WMAgA7FWzauzrQ6N2OYKPn8D//6ME6gMKZshSIASMvzcKcbG1AQY6QNNzOx8BSun IPRdzLTHeSu8dHQ9yVhe3PXaY9eNWXFMQc+YAJ7ubEAOtQFR8ziVMiZoqWPHvjo5 M98ij3CfdA+UoPDV9iXIG0xJjiYDYiNEj0Gfpco+nCIBmRViOleP8aA6bWqz6PrT gHjaKM6cMiM4TGwugStTrgeQGae9lGmQ2XMCqiIYbNCkXxw2mOejFGygiyMcIome 3vhkxWp4im8=t0oj -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Feb 11, 2021
Red Hat
89
security advisorycriticalFedoraFedora 30 Advisory: Critical wpa_supplicant Fix for Disconnection Issue
Security fix for CVE-2019-16275. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-2bdcccee3c 2019-11-17 01:12:46.786636 --------------------------------------------------------------------------------Name : wpa_supplicant Product : Fedora 30 Version : 2.8 Release : 3.fc30 URL : http://w1.fi/wpa_supplicant/ Summary : WPA/WPA2/IEEE 802.1X Supplicant Description : wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with support for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association of the wlan driver. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2019-16275 --------------------------------------------------------------------------------ChangeLog: * Wed Oct 30 2019 Davide Caratti - 1:2.8-3 - fix AP mode PMF disconnection protection bypass (CVE-2019-16275, rh #1767026) * Fri May 10 2019 Davide Caratti - 1:2.8-2 - fix changelog for version 2.8-1 * Thu May 2 2019 Davide Caratti - 1:2.8-1 - Update to 2.8 upstream release, to include latest fix for NULL pointer dereference when EAP-PWD peer receives unexpected EAP fragments (CVE-2019-11555, rh #1701759) --------------------------------------------------------------------------------References: [ 1 ] Bug #1767023 - CVE-2019-16275 wpa_supplicant: AP mode PMF disconnection protection bypass https://bugzilla.redhat.com/show_bug.cgi?id=1767023 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-2bdcccee3c' at the command line. For more information, refer to the dnf documentation availableat https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Nov 16, 2019
•Critical
Fedora
203
security advisoryaccess controllibxsltDebian: 2020-0308 Severe: openldap Directory Traversal Vulnerability
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded (CVE-2019-11068). . MGASA-2019-0175 - Updated libxslt packages fix security vulnerability Publication date: 18 May 2019 URL: https://advisories.mageia.org/MGASA-2019-0175.html Type: security Affected Mageia releases: 6 CVE: CVE-2019-11068 libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded (CVE-2019-11068). References: - https://bugs.mageia.org/show_bug.cgi?id=24705 - https://ubuntu.com/security/notices/USN-3947-1 - https://www.cve.org/CVERecord?id=CVE-2019-11068 SRPMS: - 6/core/libxslt-1.1.29-6.1.mga6 . The latest libxslt updates rectify significant access control vulnerabilities in Mageia, enabling potential bypass. Comprehensive security patch information is available.. libxslt, access control, Mageia security update. . Severity: Critical. LinuxSecurity.com Team
May 18, 2019
•Critical
Mageia
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!