Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
217
security advisorysecurity issueupdateOracle7: ELSA-2024-6662 severe: python setuptools security issue
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-6662 http://linux.oracle.com/errata/ELSA-2024-6662.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: python-setuptools-0.9.8-7.0.1.el7.noarch.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates//python-setuptools-0.9.8-7.0.1.el7.src.rpm Related CVEs: CVE-2024-6345 Description of changes: [0.9.8-7.0.1] - Fixes CVE-2024-6345 security issue [Orabug: 37054994] _______________________________________________ El-errata mailing list
Oct 21, 2024
•Critical
Oracle
100
security advisorysoftware updatecode executionSUSE Linux 15: 2024:3055-1 Important: Python-Setuptools Code Threat
* bsc#1228105 Cross-References: * CVE-2024-6345 . # Security update for python-setuptools Announcement ID: SUSE-SU-2024:3055-1 Rating: important References: * bsc#1228105 Cross-References: * CVE-2024-6345 CVSS scores: * CVE-2024-6345 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * Public Cloud Module 15-SP4 * Python 3 Module 15-SP5 * Python 3 Module 15-SP6 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python-setuptools fixes the following issues: * CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-3055=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3055=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-3055=1 * Public CloudModule 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2024-3055=1 * Python 3 Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Python3-15-SP5-2024-3055=1 * Python 3 Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2024-3055=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-3055=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-3055=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-3055=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3055=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-3055=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python311-setuptools-wheel-67.7.2-150400.3.16.1 * python311-setuptools-67.7.2-150400.3.16.1 * openSUSE Leap 15.5 (noarch) * python311-setuptools-67.7.2-150400.3.16.1 * openSUSE Leap 15.6 (noarch) * python311-setuptools-wheel-67.7.2-150400.3.16.1 * python311-setuptools-67.7.2-150400.3.16.1 * Public Cloud Module 15-SP4 (noarch) * python311-setuptools-67.7.2-150400.3.16.1 * Python 3 Module 15-SP5 (noarch) * python311-setuptools-67.7.2-150400.3.16.1 * Python 3 Module 15-SP6 (noarch) * python311-setuptools-67.7.2-150400.3.16.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * python311-setuptools-67.7.2-150400.3.16.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * python311-setuptools-67.7.2-150400.3.16.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch) * python311-setuptools-67.7.2-150400.3.16.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch) * python311-setuptools-67.7.2-150400.3.16.1 * SUSE Linux EnterpriseServer for SAP Applications 15 SP4 (noarch) * python311-setuptools-67.7.2-150400.3.16.1 ## References: * https://www.suse.com/security/cve/CVE-2024-6345.html * https://bugzilla.suse.com/show_bug.cgi?id=1228105 . Critical patch for python-setuptools addresses a significant vulnerability surrounding code execution risks. Ensure updates are applied immediately!. python Setuptools Security Update, OpenSUSE Patch, Important Advisory. . Severity: Important. LinuxSecurity.com Team
Aug 28, 2024
•Important
SuSE
217
security advisorysecurity updatecriticalOracle Linux 8 ELSA-2024-5531: Python3.12 Security Advisory Update
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-5531 http://linux.oracle.com/errata/ELSA-2024-5531.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: python3.12-setuptools-68.2.2-4.el8_10.noarch.rpm python3.12-setuptools-wheel-68.2.2-4.el8_10.noarch.rpm aarch64: python3.12-setuptools-68.2.2-4.el8_10.noarch.rpm python3.12-setuptools-wheel-68.2.2-4.el8_10.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//python3.12-setuptools-68.2.2-4.el8_10.src.rpm Related CVEs: CVE-2024-6345 Description of changes: [68.2.2-4] - Security fix for CVE-2024-6345 Resolves: RHEL-50475 _______________________________________________ El-errata mailing list
Aug 22, 2024
•Important
Oracle
203
security advisorydenial of servicesecurity issueMageia 8: 2023-0219 Moderate: Python-Setuptools Denial of Service
Denial of service via crafted HTML (CVE-2022-40897) References: - https://bugs.mageia.org/show_bug.cgi?id=31421 - . MGASA-2023-0219 - Updated python-setuptools packages fix security vulnerability Publication date: 07 Jul 2023 URL: https://advisories.mageia.org/MGASA-2023-0219.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-40897 Denial of service via crafted HTML (CVE-2022-40897) References: - https://bugs.mageia.org/show_bug.cgi?id=31421 - - https://ubuntu.com/security/notices/USN-5817-1 - https://access.redhat.com/errata/RHSA-2023:0835 - https://lists.fedoraproject.org/archives/list/
Jul 07, 2023
Mageia
217
security advisorysecurity issuemoderate severityOracle Linux 8 ELSA-2023-0835 Moderate Python Setuptools Security Update
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2023-0835 https://linux.oracle.com/errata/ELSA-2023-0835.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: platform-python-setuptools-39.2.0-6.el8_7.1.noarch.rpm python3-setuptools-39.2.0-6.el8_7.1.noarch.rpm python3-setuptools-wheel-39.2.0-6.el8_7.1.noarch.rpm aarch64: platform-python-setuptools-39.2.0-6.el8_7.1.noarch.rpm python3-setuptools-39.2.0-6.el8_7.1.noarch.rpm python3-setuptools-wheel-39.2.0-6.el8_7.1.noarch.rpm SRPMS: https://oss.oracle.com:443/ol8/SRPMS-updates//python-setuptools-39.2.0-6.el8_7.1.src.rpm Related CVEs: CVE-2022-40897 Description of changes: [39.2.0-6.1] - Security fix for CVE-2022-40897 Resolves: rhbz#2158559 _______________________________________________ El-errata mailing list
Feb 22, 2023
Oracle
100
security advisorysecurity updatesecurity issueSUSE: 2020:750-1 Important: CephCSI Security Update for Containers
The container ses/7/cephcsi/cephcsi was updated. The following patches have been included in this update: . SUSE Container Update Advisory: ses/7/cephcsi/cephcsi -----------------------------------------------------------------Container Advisory ID : SUSE-CU-2020:750-1 Container Tags : ses/7/cephcsi/cephcsi:3.1.1 , ses/7/cephcsi/cephcsi:3.1.1.0.3.88 , ses/7/cephcsi/cephcsi:latest , ses/7/cephcsi/cephcsi:sle15.2.octopus , ses/7/cephcsi/cephcsi:v3.1.1 , ses/7/cephcsi/cephcsi:v3.1.1.0 Container Release : 3.88 Severity : important Type : security References : 1176262 1176262 1178168 1178376 1179036 1179193 1179341 1179431 1179515 CVE-2019-20916 CVE-2019-20916 CVE-2020-25659 -----------------------------------------------------------------The container ses/7/cephcsi/cephcsi was updated. The following patches have been included in this update: -----------------------------------------------------------------Advisory ID: SUSE-SU-2020:3566-1 Released: Mon Nov 30 16:56:52 2020 Summary: Security update for python-setuptools Type: security Severity: important References: 1176262,CVE-2019-20916 This update for python-setuptools fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) -----------------------------------------------------------------Advisory ID: SUSE-RU-2020:3581-1 Released: Tue Dec 1 14:40:22 2020 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1178376 This update for libusb-1_0 fixes the following issues: - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376) -----------------------------------------------------------------Advisory ID: SUSE-SU-2020:3592-1 Released: Wed Dec 2 10:31:34 2020 Summary: Security update for python-cryptography Type: security Severity: moderate References: 1178168,CVE-2020-25659 This update for python-cryptography fixes the following issues: - CVE-2020-25659: Attempted to mitigate Bleichenbacher attacks on RSA decryption (bsc#1178168). -----------------------------------------------------------------Advisory ID: SUSE-SU-2020:3593-1 Released: Wed Dec 2 10:33:49 2020 Summary: Security update for python3 Type: security Severity: important References: 1176262,1179193,CVE-2019-20916 This update for python3 fixes the following issues: Update to 3.6.12 (bsc#1179193), including: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) -----------------------------------------------------------------Advisory ID: SUSE-RU-2020:3620-1 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` -----------------------------------------------------------------Advisory ID: SUSE-RU-2020:3626-1 Released: Fri Dec 4 13:51:46 2020 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1179515 This update for audit fixes the following issues: - Enable Aarch64 processor support. (bsc#1179515) -----------------------------------------------------------------Advisory ID: SUSE-RU-2020:3640-1 Released: Mon Dec 7 13:24:41 2020 Summary: Recommended update for binutils Type: recommended Severity: important References: 1179036,1179341 This update for binutils fixes the following issues: Update binutils 2.35 branch to commit 1c5243df: * Fixes PR26520, aka [bsc#1179036], a problem in addr2line with certain DWARF variable descriptions. * Alsofixes PR26711, PR26656, PR26655, PR26929, PR26808, PR25878, PR26740, PR26778, PR26763, PR26685, PR26699, PR26902, PR26869, PR26711 * The above includes fixes for dwo files produced by modern dwp, fixing several problems in the DWARF reader. Update binutils to 2.35.1 and rebased branch diff: * This is a point release over the previous 2.35 version, containing bug fixes, and as an exception to the usual rule, one new feature. The new feature is the support for a new directive in the assembler: '.nop'. This directive creates a single no-op instruction in whatever encoding is correct for the target architecture. Unlike the .space or .fill this is a real instruction, and it does affect the generation of DWARF line number tables, should they be enabled. This fixes an incompatibility introduced in the latest update that broke the install scripts of the Oracle server. [bsc#1179341] -----------------------------------------------------------------Advisory ID: SUSE-RU-2020:3703-1 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1179431 This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) . SUSE recommends crucial upgrades for cephcsi to tackle vulnerabilities, bolstering the security of container environments.. SUSE Container,CepCSI Security,Container Advisory,Python Setuptools,Security Updates. . Severity: Important. LinuxSecurity.com Team
Dec 08, 2020
•Important
SuSE
202
security advisorydirectory traversalsecurity fixopenSUSE Leap 15.1: 2020:2185-1 Important: Directory Traversal Fix
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for python-setuptools ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:2185-1 Rating: important References: #1176262 Cross-References: CVE-2019-20916 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-setuptools fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) This update was imported from the SUSE:SLE-15-SP1:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-2185=1 Package List: - openSUSE Leap 15.1 (noarch): python2-setuptools-40.5.0-lp151.2.3.1 python2-setuptools-test-40.5.0-lp151.2.3.1 python2-setuptools-wheel-40.5.0-lp151.2.3.1 python3-setuptools-40.5.0-lp151.2.3.1 python3-setuptools-test-40.5.0-lp151.2.3.1 python3-setuptools-wheel-40.5.0-lp151.2.3.1 References: https://www.suse.com/security/cve/CVE-2019-20916.html https://bugzilla.suse.com/1176262 _______________________________________________ openSUSE Security Announce mailing list --
Dec 07, 2020
•Important
OpenSUSE
100
security advisoryupdatedirectory traversalSUSE: 2020:3566-1 Important: Python Setuptools Directory Traversal
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for python-setuptools ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3566-1 Rating: important References: #1176262 Cross-References: CVE-2019-20916 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Python2 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-setuptools fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2020-3566=1 - SUSE Linux Enterprise Module for Python2 15-SP1: zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2020-3566=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3566=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3566=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP2 (noarch): python2-setuptools-40.5.0-6.3.1 - SUSE Linux Enterprise Module for Python2 15-SP1 (noarch): python2-setuptools-40.5.0-6.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): python3-setuptools-40.5.0-6.3.1 - SUSE Linux Enterprise Module forBasesystem 15-SP1 (noarch): python3-setuptools-40.5.0-6.3.1 References: https://www.suse.com/security/cve/CVE-2019-20916.html https://bugzilla.suse.com/1176262 . A significant revision for python-setuptools deals with a vulnerability in directory navigation, bolstering security measures in SUSE environments.. SUSE Linux, Python Setuptools, Directory Traversal Fix. . Severity: Important. LinuxSecurity.com Team
Nov 30, 2020
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!