Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 1 articles for you...
100
security advisorymoderatesecurity issueSUSE: 2020:0818-1 Moderate: Cloud-Init Security Update for Issues
An update that solves two vulnerabilities and has one errata is now available. . SUSE Security Update: Security update for cloud-init ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0818-1 Rating: moderate References: #1162936 #1162937 #1163178 Cross-References: CVE-2020-8631 CVE-2020-8632 Affected Products: SUSE Linux Enterprise Module for Public Cloud 12 SUSE CaaS Platform 3.0 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for cloud-init fixes the following security issues: - CVE-2020-8631: Replaced the theoretically predictable deterministic random number generator with the system RNG (bsc#1162937). - CVE-2020-8632: Increased the default random password length from 9 to 20 (bsc#1162936). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2020-818=1 - SUSE CaaS Platform 3.0: To install this update, use the SUSE CaaS Platform Velum dashboard. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): cloud-init-19.4-37.39.1 cloud-init-config-suse-19.4-37.39.1 - SUSE CaaS Platform 3.0 (x86_64): cloud-init-19.4-37.39.1 References: https://www.suse.com/security/cve/CVE-2020-8631.html https://www.suse.com/security/cve/CVE-2020-8632.html https://bugzilla.suse.com/1162936 https://bugzilla.suse.com/1162937 https://bugzilla.suse.com/1163178 _______________________________________________ sle-security-updates mailing list
Mar 31, 2020
SuSE
202
security advisorymoderatesecurity issueopenSUSE: 2020:0400-1 Moderate: Cloud-Init Security Issues
An update that solves two vulnerabilities and has one errata is now available.. openSUSE Security Update: Security update for cloud-init ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:0400-1 Rating: moderate References: #1162936 #1162937 #1163178 Cross-References: CVE-2020-8631 CVE-2020-8632 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for cloud-init fixes the following security issues: - CVE-2020-8631: Replaced the theoretically predictable deterministic RNG with the system RNG (bsc#1162937). - CVE-2020-8632: Increased the default random password length from 9 to 20 (bsc#1162936). This update was imported from the SUSE:SLE-15-SP1:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-400=1 Package List: - openSUSE Leap 15.1 (x86_64): cloud-init-19.4-lp151.2.15.1 cloud-init-config-suse-19.4-lp151.2.15.1 cloud-init-doc-19.4-lp151.2.15.1 References: https://www.suse.com/security/cve/CVE-2020-8631.html https://www.suse.com/security/cve/CVE-2020-8632.html https://bugzilla.suse.com/1162936 https://bugzilla.suse.com/1162937 https://bugzilla.suse.com/1163178 -- . A recent openSUSE patch for cloud-init addresses multiple security vulnerabilities and improves the generation of random passwords.. openSUSE Security, cloud-init Update, moderate security fix. . LinuxSecurity.com Team
Mar 29, 2020
OpenSUSE
100
security advisorymoderatesecurity issueSUSE: 2020:0585-1 Moderate: Cloud-Init Security Issue Update
An update that solves two vulnerabilities and has one errata is now available. . SUSE Security Update: Security update for cloud-init ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0585-1 Rating: moderate References: #1162936 #1162937 #1163178 Cross-References: CVE-2020-8631 CVE-2020-8632 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for cloud-init fixes the following security issues: - CVE-2020-8631: Replaced the theoretically predictable deterministic RNG with the system RNG (bsc#1162937). - CVE-2020-8632: Increased the default random password length from 9 to 20 (bsc#1162936). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2020-585=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2020-585=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (aarch64 ppc64le s390x x86_64): cloud-init-19.4-5.24.1 cloud-init-config-suse-19.4-5.24.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): cloud-init-doc-19.4-5.24.1 References: https://www.suse.com/security/cve/CVE-2020-8631.html https://www.suse.com/security/cve/CVE-2020-8632.html https://bugzilla.suse.com/1162936 https://bugzilla.suse.com/1162937 https://bugzilla.suse.com/1163178 _______________________________________________ sle-security-updates mailing list
Mar 04, 2020
•Important
SuSE
202
security advisorymoderatesecurity fixopenSUSE: 2019:2365-1 Moderate: gcc7 Integer Overflow Fix
An update that solves two vulnerabilities and has three fixes is now available.. openSUSE Security Update: Security update for gcc7 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:2365-1 Rating: moderate References: #1071995 #1141897 #1142649 #1148517 #1149145 Cross-References: CVE-2019-14250 CVE-2019-15847 Affected Products: openSUSE Leap 15.0 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for gcc7 to r275405 fixes the following issues: Security issues fixed: - CVE-2019-14250: Fixed an integer overflow in binutils (bsc#1142649). - CVE-2019-15847: Fixed an optimization in the POWER9 backend of gcc that could reduce the entropy of the random number generator (bsc#1149145). Non-security issue fixed: - Move Live Patching technology stack from kGraft to upstream klp (bsc#1071995, fate#323487). This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.0: zypper in -t patch openSUSE-2019-2365=1 Package List: - openSUSE Leap 15.0 (i586 x86_64): cpp7-7.4.1+r275405-lp150.12.1 cpp7-debuginfo-7.4.1+r275405-lp150.12.1 gcc7-7.4.1+r275405-lp150.12.1 gcc7-ada-7.4.1+r275405-lp150.12.1 gcc7-ada-debuginfo-7.4.1+r275405-lp150.12.1 gcc7-c++-7.4.1+r275405-lp150.12.1 gcc7-c++-debuginfo-7.4.1+r275405-lp150.12.1 gcc7-debuginfo-7.4.1+r275405-lp150.12.1 gcc7-debugsource-7.4.1+r275405-lp150.12.1 gcc7-fortran-7.4.1+r275405-lp150.12.1 gcc7-fortran-debuginfo-7.4.1+r275405-lp150.12.1 gcc7-go-7.4.1+r275405-lp150.12.1 gcc7-go-debuginfo-7.4.1+r275405-lp150.12.1 gcc7-locale-7.4.1+r275405-lp150.12.1 gcc7-obj-c++-7.4.1+r275405-lp150.12.1 gcc7-obj-c++-debuginfo-7.4.1+r275405-lp150.12.1 gcc7-objc-7.4.1+r275405-lp150.12.1 gcc7-objc-debuginfo-7.4.1+r275405-lp150.12.1 libada7-7.4.1+r275405-lp150.12.1 libada7-debuginfo-7.4.1+r275405-lp150.12.1 libasan4-7.4.1+r275405-lp150.12.1 libasan4-debuginfo-7.4.1+r275405-lp150.12.1 libcilkrts5-7.4.1+r275405-lp150.12.1 libcilkrts5-debuginfo-7.4.1+r275405-lp150.12.1 libgfortran4-7.4.1+r275405-lp150.12.1 libgfortran4-debuginfo-7.4.1+r275405-lp150.12.1 libgo11-7.4.1+r275405-lp150.12.1 libgo11-debuginfo-7.4.1+r275405-lp150.12.1 libobjc4-7.4.1+r275405-lp150.12.1 libobjc4-debuginfo-7.4.1+r275405-lp150.12.1 libstdc++6-devel-gcc7-7.4.1+r275405-lp150.12.1 libubsan0-7.4.1+r275405-lp150.12.1 libubsan0-debuginfo-7.4.1+r275405-lp150.12.1 - openSUSE Leap 15.0 (x86_64): gcc7-32bit-7.4.1+r275405-lp150.12.1 gcc7-ada-32bit-7.4.1+r275405-lp150.12.1 gcc7-c++-32bit-7.4.1+r275405-lp150.12.1 gcc7-fortran-32bit-7.4.1+r275405-lp150.12.1 gcc7-go-32bit-7.4.1+r275405-lp150.12.1 gcc7-obj-c++-32bit-7.4.1+r275405-lp150.12.1 gcc7-objc-32bit-7.4.1+r275405-lp150.12.1 libada7-32bit-7.4.1+r275405-lp150.12.1 libada7-32bit-debuginfo-7.4.1+r275405-lp150.12.1 libasan4-32bit-7.4.1+r275405-lp150.12.1 libasan4-32bit-debuginfo-7.4.1+r275405-lp150.12.1 libcilkrts5-32bit-7.4.1+r275405-lp150.12.1 libcilkrts5-32bit-debuginfo-7.4.1+r275405-lp150.12.1 libgfortran4-32bit-7.4.1+r275405-lp150.12.1 libgfortran4-32bit-debuginfo-7.4.1+r275405-lp150.12.1 libgo11-32bit-7.4.1+r275405-lp150.12.1 libgo11-32bit-debuginfo-7.4.1+r275405-lp150.12.1 libobjc4-32bit-7.4.1+r275405-lp150.12.1 libobjc4-32bit-debuginfo-7.4.1+r275405-lp150.12.1 libstdc++6-devel-gcc7-32bit-7.4.1+r275405-lp150.12.1 libubsan0-32bit-7.4.1+r275405-lp150.12.1 libubsan0-32bit-debuginfo-7.4.1+r275405-lp150.12.1 - openSUSE Leap 15.0 (noarch): gcc7-info-7.4.1+r275405-lp150.12.1 References: https://www.suse.com/security/cve/CVE-2019-14250.html https://www.suse.com/security/cve/CVE-2019-15847.html https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1141897 https://bugzilla.suse.com/1142649 https://bugzilla.suse.com/1148517 https://bugzilla.suse.com/1149145 -- . openSUSE gcc7 security patch resolves a pair of issues rated as moderate severity, incorporating numerous fixes.. openSUSE Security Update, gcc7 fixes, moderate severity issues, security update. . LinuxSecurity.com Team
Oct 22, 2019
OpenSUSE
100
security advisorymoderateinteger overflowSUSE: 2019:2702-1 Moderate: gcc7 Integer Overflow Fix and More
An update that solves two vulnerabilities and has three fixes is now available. . SUSE Security Update: Security update for gcc7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:2702-1 Rating: moderate References: #1071995 #1141897 #1142649 #1148517 #1149145 Cross-References: CVE-2019-14250 CVE-2019-15847 Affected Products: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15-SP1 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for gcc7 to r275405 fixes the following issues: Security issues fixed: - CVE-2019-14250: Fixed an integer overflow in binutils (bsc#1142649). - CVE-2019-15847: Fixed an optimization in the POWER9 backend of gcc that could reduce the entropy of the random number generator (bsc#1149145). Non-security issue fixed: - Move Live Patching technology stack from kGraft to upstream klp (bsc#1071995, fate#323487). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2702=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patchSUSE-SLE-Module-Development-Tools-OBS-15-2019-2702=1 - SUSE Linux Enterprise Module for Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-2702=1 - SUSE Linux Enterprise Module for Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-2702=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2702=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2702=1 Package List: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): cross-arm-gcc7-7.4.1+r275405-4.9.2 cross-arm-gcc7-debuginfo-7.4.1+r275405-4.9.2 cross-arm-gcc7-debugsource-7.4.1+r275405-4.9.2 cross-arm-none-gcc7-bootstrap-7.4.1+r275405-4.9.2 cross-arm-none-gcc7-bootstrap-debuginfo-7.4.1+r275405-4.9.2 cross-arm-none-gcc7-bootstrap-debugsource-7.4.1+r275405-4.9.2 cross-avr-gcc7-bootstrap-7.4.1+r275405-4.9.2 cross-avr-gcc7-bootstrap-debuginfo-7.4.1+r275405-4.9.2 cross-avr-gcc7-bootstrap-debugsource-7.4.1+r275405-4.9.2 cross-epiphany-gcc7-bootstrap-7.4.1+r275405-4.9.2 cross-epiphany-gcc7-bootstrap-debuginfo-7.4.1+r275405-4.9.2 cross-epiphany-gcc7-bootstrap-debugsource-7.4.1+r275405-4.9.2 cross-hppa-gcc7-7.4.1+r275405-4.9.2 cross-hppa-gcc7-debuginfo-7.4.1+r275405-4.9.2 cross-hppa-gcc7-debugsource-7.4.1+r275405-4.9.2 cross-hppa-gcc7-icecream-backend-7.4.1+r275405-4.9.2 cross-i386-gcc7-7.4.1+r275405-4.9.2 cross-i386-gcc7-debuginfo-7.4.1+r275405-4.9.2 cross-i386-gcc7-debugsource-7.4.1+r275405-4.9.2 cross-i386-gcc7-icecream-backend-7.4.1+r275405-4.9.2 cross-m68k-gcc7-7.4.1+r275405-4.9.2 cross-m68k-gcc7-debuginfo-7.4.1+r275405-4.9.2 cross-m68k-gcc7-debugsource-7.4.1+r275405-4.9.2 cross-m68k-gcc7-icecream-backend-7.4.1+r275405-4.9.2 cross-mips-gcc7-7.4.1+r275405-4.9.2 cross-mips-gcc7-debuginfo-7.4.1+r275405-4.9.2 cross-mips-gcc7-debugsource-7.4.1+r275405-4.9.2 cross-mips-gcc7-icecream-backend-7.4.1+r275405-4.9.2 cross-ppc64-gcc7-7.4.1+r275405-4.9.2 cross-ppc64-gcc7-debuginfo-7.4.1+r275405-4.9.2 cross-ppc64-gcc7-debugsource-7.4.1+r275405-4.9.2 cross-ppc64-gcc7-icecream-backend-7.4.1+r275405-4.9.2 cross-rx-gcc7-bootstrap-7.4.1+r275405-4.9.2 cross-rx-gcc7-bootstrap-debuginfo-7.4.1+r275405-4.9.2 cross-rx-gcc7-bootstrap-debugsource-7.4.1+r275405-4.9.2 cross-sparc-gcc7-7.4.1+r275405-4.9.2 cross-sparc-gcc7-debuginfo-7.4.1+r275405-4.9.2 cross-sparc-gcc7-debugsource-7.4.1+r275405-4.9.2 cross-sparc64-gcc7-7.4.1+r275405-4.9.2 cross-sparc64-gcc7-debuginfo-7.4.1+r275405-4.9.2 cross-sparc64-gcc7-debugsource-7.4.1+r275405-4.9.2 cross-sparc64-gcc7-icecream-backend-7.4.1+r275405-4.9.2 cross-sparcv9-gcc7-icecream-backend-7.4.1+r275405-4.9.2 gcc7-debuginfo-7.4.1+r275405-4.9.2 gcc7-debugsource-7.4.1+r275405-4.9.2 gcc7-go-7.4.1+r275405-4.9.2 gcc7-go-debuginfo-7.4.1+r275405-4.9.2 gcc7-obj-c++-7.4.1+r275405-4.9.2 gcc7-obj-c++-debuginfo-7.4.1+r275405-4.9.2 gcc7-testresults-7.4.1+r275405-4.9.2 libatomic1-gcc7-7.4.1+r275405-4.9.2 libatomic1-gcc7-debuginfo-7.4.1+r275405-4.9.2 libgcc_s1-gcc7-7.4.1+r275405-4.9.2 libgcc_s1-gcc7-debuginfo-7.4.1+r275405-4.9.2 libgo11-7.4.1+r275405-4.9.2 libgo11-debuginfo-7.4.1+r275405-4.9.2 libgomp1-gcc7-7.4.1+r275405-4.9.2 libgomp1-gcc7-debuginfo-7.4.1+r275405-4.9.2 libitm1-gcc7-7.4.1+r275405-4.9.2 libitm1-gcc7-debuginfo-7.4.1+r275405-4.9.2 libstdc++6-gcc7-7.4.1+r275405-4.9.2 libstdc++6-gcc7-debuginfo-7.4.1+r275405-4.9.2 libstdc++6-gcc7-locale-7.4.1+r275405-4.9.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le x86_64): cross-s390x-gcc7-7.4.1+r275405-4.9.2 cross-s390x-gcc7-debuginfo-7.4.1+r275405-4.9.2 cross-s390x-gcc7-debugsource-7.4.1+r275405-4.9.2 cross-s390x-gcc7-icecream-backend-7.4.1+r275405-4.9.2 liblsan0-gcc7-7.4.1+r275405-4.9.2 liblsan0-gcc7-debuginfo-7.4.1+r275405-4.9.2 libtsan0-gcc7-7.4.1+r275405-4.9.2 libtsan0-gcc7-debuginfo-7.4.1+r275405-4.9.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x): cross-x86_64-gcc7-7.4.1+r275405-4.9.2 cross-x86_64-gcc7-debuginfo-7.4.1+r275405-4.9.2 cross-x86_64-gcc7-debugsource-7.4.1+r275405-4.9.2 cross-x86_64-gcc7-icecream-backend-7.4.1+r275405-4.9.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 s390x x86_64): cross-ppc64le-gcc7-7.4.1+r275405-4.9.2 cross-ppc64le-gcc7-debuginfo-7.4.1+r275405-4.9.2 cross-ppc64le-gcc7-debugsource-7.4.1+r275405-4.9.2 cross-ppc64le-gcc7-icecream-backend-7.4.1+r275405-4.9.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (ppc64le s390x x86_64): cross-aarch64-gcc7-7.4.1+r275405-4.9.2 cross-aarch64-gcc7-debuginfo-7.4.1+r275405-4.9.2 cross-aarch64-gcc7-debugsource-7.4.1+r275405-4.9.2 cross-aarch64-gcc7-icecream-backend-7.4.1+r275405-4.9.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (s390x x86_64): gcc7-ada-32bit-7.4.1+r275405-4.9.2 gcc7-go-32bit-7.4.1+r275405-4.9.2 gcc7-obj-c++-32bit-7.4.1+r275405-4.9.2 gcc7-objc-32bit-7.4.1+r275405-4.9.2 libada7-32bit-7.4.1+r275405-4.9.2 libada7-32bit-debuginfo-7.4.1+r275405-4.9.2 libatomic1-gcc7-32bit-7.4.1+r275405-4.9.2 libatomic1-gcc7-32bit-debuginfo-7.4.1+r275405-4.9.2 libgcc_s1-gcc7-32bit-7.4.1+r275405-4.9.2 libgcc_s1-gcc7-32bit-debuginfo-7.4.1+r275405-4.9.2 libgo11-32bit-7.4.1+r275405-4.9.2 libgo11-32bit-debuginfo-7.4.1+r275405-4.9.2 libgomp1-gcc7-32bit-7.4.1+r275405-4.9.2 libgomp1-gcc7-32bit-debuginfo-7.4.1+r275405-4.9.2 libitm1-gcc7-32bit-7.4.1+r275405-4.9.2 libitm1-gcc7-32bit-debuginfo-7.4.1+r275405-4.9.2 libobjc4-32bit-7.4.1+r275405-4.9.2 libobjc4-32bit-debuginfo-7.4.1+r275405-4.9.2 libstdc++6-gcc7-32bit-7.4.1+r275405-4.9.2 libstdc++6-gcc7-32bit-debuginfo-7.4.1+r275405-4.9.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64): libmpx2-gcc7-32bit-7.4.1+r275405-4.9.2 libmpx2-gcc7-32bit-debuginfo-7.4.1+r275405-4.9.2 libmpx2-gcc7-7.4.1+r275405-4.9.2 libmpx2-gcc7-debuginfo-7.4.1+r275405-4.9.2 libmpxwrappers2-gcc7-32bit-7.4.1+r275405-4.9.2 libmpxwrappers2-gcc7-32bit-debuginfo-7.4.1+r275405-4.9.2 libmpxwrappers2-gcc7-7.4.1+r275405-4.9.2 libmpxwrappers2-gcc7-debuginfo-7.4.1+r275405-4.9.2 libquadmath0-gcc7-32bit-7.4.1+r275405-4.9.2 libquadmath0-gcc7-32bit-debuginfo-7.4.1+r275405-4.9.2 libquadmath0-gcc7-7.4.1+r275405-4.9.2 libquadmath0-gcc7-debuginfo-7.4.1+r275405-4.9.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (s390x): gcc7-32bit-7.4.1+r275405-4.9.2 gcc7-c++-32bit-7.4.1+r275405-4.9.2 gcc7-fortran-32bit-7.4.1+r275405-4.9.2 libasan4-32bit-7.4.1+r275405-4.9.2 libasan4-32bit-debuginfo-7.4.1+r275405-4.9.2 libgfortran4-32bit-7.4.1+r275405-4.9.2 libgfortran4-32bit-debuginfo-7.4.1+r275405-4.9.2 libstdc++6-devel-gcc7-32bit-7.4.1+r275405-4.9.2 libubsan0-32bit-7.4.1+r275405-4.9.2 libubsan0-32bit-debuginfo-7.4.1+r275405-4.9.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): cross-arm-gcc7-7.4.1+r275405-4.9.2 cross-arm-gcc7-debuginfo-7.4.1+r275405-4.9.2 cross-arm-gcc7-debugsource-7.4.1+r275405-4.9.2 cross-arm-none-gcc7-bootstrap-7.4.1+r275405-4.9.2 cross-arm-none-gcc7-bootstrap-debuginfo-7.4.1+r275405-4.9.2 cross-arm-none-gcc7-bootstrap-debugsource-7.4.1+r275405-4.9.2 cross-avr-gcc7-bootstrap-7.4.1+r275405-4.9.2 cross-avr-gcc7-bootstrap-debuginfo-7.4.1+r275405-4.9.2 cross-avr-gcc7-bootstrap-debugsource-7.4.1+r275405-4.9.2 cross-epiphany-gcc7-bootstrap-7.4.1+r275405-4.9.2 cross-epiphany-gcc7-bootstrap-debuginfo-7.4.1+r275405-4.9.2 cross-epiphany-gcc7-bootstrap-debugsource-7.4.1+r275405-4.9.2 cross-hppa-gcc7-7.4.1+r275405-4.9.2 cross-hppa-gcc7-debuginfo-7.4.1+r275405-4.9.2 cross-hppa-gcc7-debugsource-7.4.1+r275405-4.9.2 cross-hppa-gcc7-icecream-backend-7.4.1+r275405-4.9.2 cross-i386-gcc7-7.4.1+r275405-4.9.2 cross-i386-gcc7-debuginfo-7.4.1+r275405-4.9.2 cross-i386-gcc7-debugsource-7.4.1+r275405-4.9.2 cross-i386-gcc7-icecream-backend-7.4.1+r275405-4.9.2 cross-m68k-gcc7-7.4.1+r275405-4.9.2 cross-m68k-gcc7-debuginfo-7.4.1+r275405-4.9.2 cross-m68k-gcc7-debugsource-7.4.1+r275405-4.9.2 cross-m68k-gcc7-icecream-backend-7.4.1+r275405-4.9.2 cross-mips-gcc7-7.4.1+r275405-4.9.2 cross-mips-gcc7-debuginfo-7.4.1+r275405-4.9.2 cross-mips-gcc7-debugsource-7.4.1+r275405-4.9.2 cross-mips-gcc7-icecream-backend-7.4.1+r275405-4.9.2 cross-ppc64-gcc7-7.4.1+r275405-4.9.2 cross-ppc64-gcc7-debuginfo-7.4.1+r275405-4.9.2 cross-ppc64-gcc7-debugsource-7.4.1+r275405-4.9.2 cross-ppc64-gcc7-icecream-backend-7.4.1+r275405-4.9.2 cross-rx-gcc7-bootstrap-7.4.1+r275405-4.9.2 cross-rx-gcc7-bootstrap-debuginfo-7.4.1+r275405-4.9.2 cross-rx-gcc7-bootstrap-debugsource-7.4.1+r275405-4.9.2 cross-sparc-gcc7-7.4.1+r275405-4.9.2 cross-sparc-gcc7-debuginfo-7.4.1+r275405-4.9.2 cross-sparc-gcc7-debugsource-7.4.1+r275405-4.9.2 cross-sparc64-gcc7-7.4.1+r275405-4.9.2 cross-sparc64-gcc7-debuginfo-7.4.1+r275405-4.9.2 cross-sparc64-gcc7-debugsource-7.4.1+r275405-4.9.2 cross-sparc64-gcc7-icecream-backend-7.4.1+r275405-4.9.2 cross-sparcv9-gcc7-icecream-backend-7.4.1+r275405-4.9.2 gcc7-debuginfo-7.4.1+r275405-4.9.2 gcc7-debugsource-7.4.1+r275405-4.9.2 gcc7-go-7.4.1+r275405-4.9.2 gcc7-go-debuginfo-7.4.1+r275405-4.9.2 gcc7-obj-c++-7.4.1+r275405-4.9.2 gcc7-obj-c++-debuginfo-7.4.1+r275405-4.9.2 gcc7-testresults-7.4.1+r275405-4.9.2 libgo11-7.4.1+r275405-4.9.2 libgo11-debuginfo-7.4.1+r275405-4.9.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (s390x x86_64): gcc7-ada-32bit-7.4.1+r275405-4.9.2 gcc7-go-32bit-7.4.1+r275405-4.9.2 gcc7-obj-c++-32bit-7.4.1+r275405-4.9.2 gcc7-objc-32bit-7.4.1+r275405-4.9.2 libada7-32bit-7.4.1+r275405-4.9.2 libada7-7.4.1+r275405-4.9.2 libada7-debuginfo-7.4.1+r275405-4.9.2 libgo11-32bit-7.4.1+r275405-4.9.2 libobjc4-32bit-7.4.1+r275405-4.9.2 libobjc4-7.4.1+r275405-4.9.2 libobjc4-debuginfo-7.4.1+r275405-4.9.2 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (s390x): gcc7-32bit-7.4.1+r275405-4.9.2 gcc7-c++-32bit-7.4.1+r275405-4.9.2 gcc7-fortran-32bit-7.4.1+r275405-4.9.2 libasan4-32bit-7.4.1+r275405-4.9.2 libgfortran4-32bit-7.4.1+r275405-4.9.2 libstdc++6-devel-gcc7-32bit-7.4.1+r275405-4.9.2 libubsan0-32bit-7.4.1+r275405-4.9.2 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64): gcc7-ada-7.4.1+r275405-4.9.2 gcc7-ada-debuginfo-7.4.1+r275405-4.9.2 gcc7-debuginfo-7.4.1+r275405-4.9.2 gcc7-debugsource-7.4.1+r275405-4.9.2 gcc7-locale-7.4.1+r275405-4.9.2 gcc7-objc-7.4.1+r275405-4.9.2 gcc7-objc-debuginfo-7.4.1+r275405-4.9.2 libada7-7.4.1+r275405-4.9.2 libada7-debuginfo-7.4.1+r275405-4.9.2 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (x86_64): cross-nvptx-gcc7-7.4.1+r275405-4.9.2 cross-nvptx-newlib7-devel-7.4.1+r275405-4.9.2 gcc7-32bit-7.4.1+r275405-4.9.2 gcc7-c++-32bit-7.4.1+r275405-4.9.2 gcc7-fortran-32bit-7.4.1+r275405-4.9.2 libasan4-32bit-7.4.1+r275405-4.9.2 libasan4-32bit-debuginfo-7.4.1+r275405-4.9.2 libcilkrts5-32bit-7.4.1+r275405-4.9.2 libcilkrts5-32bit-debuginfo-7.4.1+r275405-4.9.2 libstdc++6-devel-gcc7-32bit-7.4.1+r275405-4.9.2 libubsan0-32bit-7.4.1+r275405-4.9.2 libubsan0-32bit-debuginfo-7.4.1+r275405-4.9.2 - SUSE Linux Enterprise Module for Development Tools 15-SP1 (noarch): gcc7-info-7.4.1+r275405-4.9.2 - SUSE Linux Enterprise Module for Development Tools 15 (aarch64 ppc64le s390x x86_64): gcc7-ada-7.4.1+r275405-4.9.2 gcc7-ada-debuginfo-7.4.1+r275405-4.9.2 gcc7-debuginfo-7.4.1+r275405-4.9.2 gcc7-debugsource-7.4.1+r275405-4.9.2 gcc7-locale-7.4.1+r275405-4.9.2 gcc7-objc-7.4.1+r275405-4.9.2 gcc7-objc-debuginfo-7.4.1+r275405-4.9.2 libada7-7.4.1+r275405-4.9.2 libada7-debuginfo-7.4.1+r275405-4.9.2 - SUSE Linux Enterprise Module for Development Tools 15 (x86_64): cross-nvptx-gcc7-7.4.1+r275405-4.9.2 cross-nvptx-newlib7-devel-7.4.1+r275405-4.9.2 gcc7-32bit-7.4.1+r275405-4.9.2 gcc7-c++-32bit-7.4.1+r275405-4.9.2 gcc7-fortran-32bit-7.4.1+r275405-4.9.2 libasan4-32bit-7.4.1+r275405-4.9.2 libasan4-32bit-debuginfo-7.4.1+r275405-4.9.2 libcilkrts5-32bit-7.4.1+r275405-4.9.2 libcilkrts5-32bit-debuginfo-7.4.1+r275405-4.9.2 libstdc++6-devel-gcc7-32bit-7.4.1+r275405-4.9.2 libubsan0-32bit-7.4.1+r275405-4.9.2 libubsan0-32bit-debuginfo-7.4.1+r275405-4.9.2 - SUSE Linux Enterprise Module for Development Tools 15 (noarch): gcc7-info-7.4.1+r275405-4.9.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): cpp7-7.4.1+r275405-4.9.2 cpp7-debuginfo-7.4.1+r275405-4.9.2 gcc7-7.4.1+r275405-4.9.2 gcc7-c++-7.4.1+r275405-4.9.2 gcc7-c++-debuginfo-7.4.1+r275405-4.9.2 gcc7-debuginfo-7.4.1+r275405-4.9.2 gcc7-debugsource-7.4.1+r275405-4.9.2 gcc7-fortran-7.4.1+r275405-4.9.2 gcc7-fortran-debuginfo-7.4.1+r275405-4.9.2 libasan4-7.4.1+r275405-4.9.2 libasan4-debuginfo-7.4.1+r275405-4.9.2 libgfortran4-7.4.1+r275405-4.9.2 libgfortran4-debuginfo-7.4.1+r275405-4.9.2 libobjc4-7.4.1+r275405-4.9.2 libobjc4-debuginfo-7.4.1+r275405-4.9.2 libstdc++6-devel-gcc7-7.4.1+r275405-4.9.2 libubsan0-7.4.1+r275405-4.9.2 libubsan0-debuginfo-7.4.1+r275405-4.9.2 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libcilkrts5-7.4.1+r275405-4.9.2 libcilkrts5-debuginfo-7.4.1+r275405-4.9.2 libgfortran4-32bit-7.4.1+r275405-4.9.2 libgfortran4-32bit-debuginfo-7.4.1+r275405-4.9.2 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): cpp7-7.4.1+r275405-4.9.2 cpp7-debuginfo-7.4.1+r275405-4.9.2 gcc7-7.4.1+r275405-4.9.2 gcc7-c++-7.4.1+r275405-4.9.2 gcc7-c++-debuginfo-7.4.1+r275405-4.9.2 gcc7-debuginfo-7.4.1+r275405-4.9.2 gcc7-debugsource-7.4.1+r275405-4.9.2 gcc7-fortran-7.4.1+r275405-4.9.2 gcc7-fortran-debuginfo-7.4.1+r275405-4.9.2 libasan4-7.4.1+r275405-4.9.2 libasan4-debuginfo-7.4.1+r275405-4.9.2 libgfortran4-7.4.1+r275405-4.9.2 libgfortran4-debuginfo-7.4.1+r275405-4.9.2 libobjc4-7.4.1+r275405-4.9.2 libobjc4-debuginfo-7.4.1+r275405-4.9.2 libstdc++6-devel-gcc7-7.4.1+r275405-4.9.2 libubsan0-7.4.1+r275405-4.9.2 libubsan0-debuginfo-7.4.1+r275405-4.9.2 - SUSE Linux Enterprise Module for Basesystem 15 (x86_64): libcilkrts5-7.4.1+r275405-4.9.2 libcilkrts5-debuginfo-7.4.1+r275405-4.9.2 libgfortran4-32bit-7.4.1+r275405-4.9.2 libgfortran4-32bit-debuginfo-7.4.1+r275405-4.9.2 References: https://www.suse.com/security/cve/CVE-2019-14250.html https://www.suse.com/security/cve/CVE-2019-15847.html https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1141897 https://bugzilla.suse.com/1142649 https://bugzilla.suse.com/1148517 https://bugzilla.suse.com/1149145 _______________________________________________ sle-security-updates mailing list
Oct 16, 2019
SuSE
91
security advisoryrandom number generatornormalGentoo: GLSA-202310-02 Normal: libgpgme Information Leak
Multiple vulnerabilities have been fixed in libgcrypt,the worst of which results in predictable output from the random number generator.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201610-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libgcrypt: Multiple vulnerabilities Date: October 10, 2016 Bugs: #541564, #559942, #574268, #591534 ID: 201610-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been fixed in libgcrypt,the worst of which results in predictable output from the random number generator. Background ========= libgcrypt is a general purpose cryptographic library derived out of GnuPG. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/libgcrypt < 1.7.3 > = 1.7.3 Description ========== Multiple vulnerabilities have been discovered in libgcrypt. Please review the CVE identifiers referenced below for details. Impact ===== Side-channel attacks can leak private key information. A separate critical bug allows an attacker who obtains 4640 bits from the RNG to trivially predict the next 160 bits of output. Workaround ========= There is no known workaround at this time. Resolution ========= All libgcrypt users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-libs/libgcrypt-1.7.3" References ========= [ 1 ] CVE-2014-3591 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3591 [ 2 ] CVE-2015-0837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0837 [ 3 ] CVE-2015-7511 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7511 [ 4 ] CVE-2016-6313 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6313 [ 5 ] Factoring RSA Keys With TLS Perfect Forward Secrecy https://www.redhat.com/en/blog/factoring-rsa-keys-tls-perfect-forward-secrecy Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201610-04 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Oct 10, 2016
Gentoo
87
security advisorycriticalDebianDebian: DSA-3650-1 Critical: Libgcrypt20 RNG Attack Overview
Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of Technology discovered a flaw in the mixing functions of Libgcrypt's random number generator. An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-3650-1
Aug 17, 2016
•Critical
Debian
172
security advisorysecurity issueupdateUbuntu 15.04 & 14.04 USN-2709-1: Pollinate Certificate Update
The certificate bundled with pollinate has been refreshed.. =========================================================================Ubuntu Security Notice USN-2709-1 August 14, 2015 pollinate update ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.04 - Ubuntu 14.04 LTS Summary: The certificate bundled with pollinate has been refreshed. Software Description: - pollinate: seed the pseudo random number generator in virtual machines Details: The pollinate package bundles the certificate for entropy.ubuntu.com. This update refreshes the certificate to match the new certificate for the server. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.04: pollinate 4.11-0ubuntu2.1 Ubuntu 14.04 LTS: pollinate 4.7-0ubuntu1.3 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-2709-1 https://bugs.launchpad.net/ubuntu/+source/pollinate/+bug/1483762 Package Information: https://launchpad.net/ubuntu/+source/pollinate/4.11-0ubuntu2.1 https://launchpad.net/ubuntu/+source/pollinate/4.7-0ubuntu1.3 . Ubuntu Security Notice USN-2709-1 outlines the update of the certificate included with pollinate to enhance security measures.. Pollinate Update, Ubuntu Security, Certificate Refresh, Random Number Generation, Software Updates. . Severity: Important. LinuxSecurity.com Team
Aug 14, 2015
•Important
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!