Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 3 articles for you...
202
security advisorysoftware updateDoSopenSUSE 2025:0310-1 moderate: fix for python-pydantic DoS vulnerability
An update that solves one vulnerability can now be installed.. # Security update for python-pydantic Announcement ID: SUSE-SU-2025:0310-1 Release Date: 2025-01-31T12:42:14Z Rating: moderate References: * bsc#1222806 Cross-References: * CVE-2024-3772 CVSS scores: * CVE-2024-3772 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * Public Cloud Module 15-SP4 * Python 3 Module 15-SP6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python-pydantic fixes the following issues: * CVE-2024-3772: Fixed Regular expression DoS (bsc#1222806) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-310=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-310=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2025-310=1 * Python 3 Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2025-310=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python311-pydantic-1.10.8-150400.9.10.1 * openSUSE Leap 15.6 (noarch) * python311-pydantic-1.10.8-150400.9.10.1 * Public Cloud Module 15-SP4 (noarch) * python311-pydantic-1.10.8-150400.9.10.1 * Python 3 Module 15-SP6 (noarch) * python311-pydantic-1.10.8-150400.9.10.1 ## References: *https://www.suse.com/security/cve/CVE-2024-3772.html * https://bugzilla.suse.com/show_bug.cgi?id=1222806 . A recent patch for python-pydantic resolves a denial of service vulnerability related to regular expression handling in openSUSE, impacting multiple applications.. openSUSE update, python-pydantic security, DoS issue, SUSE advisory. . LinuxSecurity.com Team
Jan 31, 2025
OpenSUSE
203
security advisorydenial of servicesecurity updateMageia: 2023-0291 Moderate: Ruby RedCloth Security Update
A Regular Expression Denial of Service (ReDoS) issue was discovered in the sanitize_html function of redcloth gem v4.0.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. (CVE-2023-31606) . MGASA-2023-0291 - Updated ruby-RedCloth packages fix a security vulnerability Publication date: 20 Oct 2023 URL: https://advisories.mageia.org/MGASA-2023-0291.html Type: security Affected Mageia releases: 8, 9 CVE: CVE-2023-31606 A Regular Expression Denial of Service (ReDoS) issue was discovered in the sanitize_html function of redcloth gem v4.0.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. (CVE-2023-31606) References: - https://bugs.mageia.org/show_bug.cgi?id=32284 - https://ubuntu.com/security/notices/USN-6358-1 - https://www.cve.org/CVERecord?id=CVE-2023-31606 SRPMS: - 9/core/ruby-RedCloth-4.3.2-7.1.mga9 - 8/core/ruby-RedCloth-4.3.2-5.1.mga8 . Mageia 2023-0291 upgrades Ruby-RedCloth to mitigate a Denial of Service vulnerability and enhance overall security protocols.. Ruby RedCloth, Denial of Service, Mageia Security, Update Advisory. . LinuxSecurity.com Team
Oct 20, 2023
Mageia
98
security advisorymoderatered hatRed Hat Enterprise Linux: RHSA-2022-6447-01 Moderate: Ruby 2.7 Bug Fix
An update for the ruby:2.7 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: ruby:2.7 security, bug fix, and enhancement update Advisory ID: RHSA-2022:6447-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:6447 Issue date: 2022-09-13 CVE Names: CVE-2021-41817 CVE-2021-41819 CVE-2022-28739 ==================================================================== 1. Summary: An update for the ruby:2.7 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (2.7.6). (BZ#2109424) Security Fix(es): * ruby: Regular expression denial of service vulnerability of Date parsing methods (CVE-2021-41817) * ruby: Cookie prefix spoofing in CGI::Cookie.parse (CVE-2021-41819) * Ruby: Buffer overrun in String-to-Float conversion (CVE-2022-28739) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply thisupdate, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2025104 - CVE-2021-41817 ruby: Regular expression denial of service vulnerability of Date parsing methods 2026757 - CVE-2021-41819 ruby: Cookie prefix spoofing in CGI::Cookie.parse 2075687 - CVE-2022-28739 Ruby: Buffer overrun in String-to-Float conversion 2109424 - ruby:2.7/ruby: Rebase to the latest Ruby 2.7 release [rhel-8] [rhel-8.6.0.z] 6. Package List: Red Hat Enterprise Linux AppStream (v.8): Source: ruby-2.7.6-138.module+el8.6.0+16148+54b2ba8f.src.rpm rubygem-abrt-0.4.0-1.module+el8.3.0+7192+4e3a532a.src.rpm rubygem-bson-4.8.1-1.module+el8.3.0+7192+4e3a532a.src.rpm rubygem-mongo-2.11.3-1.module+el8.3.0+7192+4e3a532a.src.rpm rubygem-mysql2-0.5.3-1.module+el8.3.0+7192+4e3a532a.src.rpm rubygem-pg-1.2.3-1.module+el8.3.0+7192+4e3a532a.src.rpm aarch64: ruby-2.7.6-138.module+el8.6.0+16148+54b2ba8f.aarch64.rpm ruby-debuginfo-2.7.6-138.module+el8.6.0+16148+54b2ba8f.aarch64.rpm ruby-debugsource-2.7.6-138.module+el8.6.0+16148+54b2ba8f.aarch64.rpm ruby-devel-2.7.6-138.module+el8.6.0+16148+54b2ba8f.aarch64.rpm ruby-libs-2.7.6-138.module+el8.6.0+16148+54b2ba8f.aarch64.rpm ruby-libs-debuginfo-2.7.6-138.module+el8.6.0+16148+54b2ba8f.aarch64.rpm rubygem-bigdecimal-2.0.0-138.module+el8.6.0+16148+54b2ba8f.aarch64.rpm rubygem-bigdecimal-debuginfo-2.0.0-138.module+el8.6.0+16148+54b2ba8f.aarch64.rpm rubygem-bson-4.8.1-1.module+el8.3.0+7192+4e3a532a.aarch64.rpm rubygem-bson-debuginfo-4.8.1-1.module+el8.3.0+7192+4e3a532a.aarch64.rpm rubygem-bson-debugsource-4.8.1-1.module+el8.3.0+7192+4e3a532a.aarch64.rpm rubygem-io-console-0.5.6-138.module+el8.6.0+16148+54b2ba8f.aarch64.rpm rubygem-io-console-debuginfo-0.5.6-138.module+el8.6.0+16148+54b2ba8f.aarch64.rpm rubygem-json-2.3.0-138.module+el8.6.0+16148+54b2ba8f.aarch64.rpm rubygem-json-debuginfo-2.3.0-138.module+el8.6.0+16148+54b2ba8f.aarch64.rpm rubygem-mysql2-0.5.3-1.module+el8.3.0+7192+4e3a532a.aarch64.rpm rubygem-mysql2-debuginfo-0.5.3-1.module+el8.3.0+7192+4e3a532a.aarch64.rpm rubygem-mysql2-debugsource-0.5.3-1.module+el8.3.0+7192+4e3a532a.aarch64.rpm rubygem-openssl-2.1.3-138.module+el8.6.0+16148+54b2ba8f.aarch64.rpm rubygem-openssl-debuginfo-2.1.3-138.module+el8.6.0+16148+54b2ba8f.aarch64.rpm rubygem-pg-1.2.3-1.module+el8.3.0+7192+4e3a532a.aarch64.rpm rubygem-pg-debuginfo-1.2.3-1.module+el8.3.0+7192+4e3a532a.aarch64.rpm rubygem-pg-debugsource-1.2.3-1.module+el8.3.0+7192+4e3a532a.aarch64.rpm rubygem-psych-3.1.0-138.module+el8.6.0+16148+54b2ba8f.aarch64.rpm rubygem-psych-debuginfo-3.1.0-138.module+el8.6.0+16148+54b2ba8f.aarch64.rpm noarch: ruby-default-gems-2.7.6-138.module+el8.6.0+16148+54b2ba8f.noarch.rpm ruby-doc-2.7.6-138.module+el8.6.0+16148+54b2ba8f.noarch.rpm rubygem-abrt-0.4.0-1.module+el8.3.0+7192+4e3a532a.noarch.rpm rubygem-abrt-doc-0.4.0-1.module+el8.3.0+7192+4e3a532a.noarch.rpm rubygem-bson-doc-4.8.1-1.module+el8.3.0+7192+4e3a532a.noarch.rpm rubygem-bundler-2.2.24-138.module+el8.6.0+16148+54b2ba8f.noarch.rpm rubygem-irb-1.2.6-138.module+el8.6.0+16148+54b2ba8f.noarch.rpm rubygem-minitest-5.13.0-138.module+el8.6.0+16148+54b2ba8f.noarch.rpm rubygem-mongo-2.11.3-1.module+el8.3.0+7192+4e3a532a.noarch.rpm rubygem-mongo-doc-2.11.3-1.module+el8.3.0+7192+4e3a532a.noarch.rpm rubygem-mysql2-doc-0.5.3-1.module+el8.3.0+7192+4e3a532a.noarch.rpm rubygem-net-telnet-0.2.0-138.module+el8.6.0+16148+54b2ba8f.noarch.rpm rubygem-pg-doc-1.2.3-1.module+el8.3.0+7192+4e3a532a.noarch.rpm rubygem-power_assert-1.1.7-138.module+el8.6.0+16148+54b2ba8f.noarch.rpm rubygem-rake-13.0.1-138.module+el8.6.0+16148+54b2ba8f.noarch.rpm rubygem-rdoc-6.2.1.1-138.module+el8.6.0+16148+54b2ba8f.noarch.rpm rubygem-test-unit-3.3.4-138.module+el8.6.0+16148+54b2ba8f.noarch.rpm rubygem-xmlrpc-0.3.0-138.module+el8.6.0+16148+54b2ba8f.noarch.rpm rubygems-3.1.6-138.module+el8.6.0+16148+54b2ba8f.noarch.rpm rubygems-devel-3.1.6-138.module+el8.6.0+16148+54b2ba8f.noarch.rpm ppc64le: ruby-2.7.6-138.module+el8.6.0+16148+54b2ba8f.ppc64le.rpm ruby-debuginfo-2.7.6-138.module+el8.6.0+16148+54b2ba8f.ppc64le.rpm ruby-debugsource-2.7.6-138.module+el8.6.0+16148+54b2ba8f.ppc64le.rpm ruby-devel-2.7.6-138.module+el8.6.0+16148+54b2ba8f.ppc64le.rpm ruby-libs-2.7.6-138.module+el8.6.0+16148+54b2ba8f.ppc64le.rpm ruby-libs-debuginfo-2.7.6-138.module+el8.6.0+16148+54b2ba8f.ppc64le.rpm rubygem-bigdecimal-2.0.0-138.module+el8.6.0+16148+54b2ba8f.ppc64le.rpm rubygem-bigdecimal-debuginfo-2.0.0-138.module+el8.6.0+16148+54b2ba8f.ppc64le.rpm rubygem-bson-4.8.1-1.module+el8.3.0+7192+4e3a532a.ppc64le.rpm rubygem-bson-debuginfo-4.8.1-1.module+el8.3.0+7192+4e3a532a.ppc64le.rpm rubygem-bson-debugsource-4.8.1-1.module+el8.3.0+7192+4e3a532a.ppc64le.rpm rubygem-io-console-0.5.6-138.module+el8.6.0+16148+54b2ba8f.ppc64le.rpm rubygem-io-console-debuginfo-0.5.6-138.module+el8.6.0+16148+54b2ba8f.ppc64le.rpm rubygem-json-2.3.0-138.module+el8.6.0+16148+54b2ba8f.ppc64le.rpm rubygem-json-debuginfo-2.3.0-138.module+el8.6.0+16148+54b2ba8f.ppc64le.rpm rubygem-mysql2-0.5.3-1.module+el8.3.0+7192+4e3a532a.ppc64le.rpm rubygem-mysql2-debuginfo-0.5.3-1.module+el8.3.0+7192+4e3a532a.ppc64le.rpm rubygem-mysql2-debugsource-0.5.3-1.module+el8.3.0+7192+4e3a532a.ppc64le.rpm rubygem-openssl-2.1.3-138.module+el8.6.0+16148+54b2ba8f.ppc64le.rpm rubygem-openssl-debuginfo-2.1.3-138.module+el8.6.0+16148+54b2ba8f.ppc64le.rpm rubygem-pg-1.2.3-1.module+el8.3.0+7192+4e3a532a.ppc64le.rpm rubygem-pg-debuginfo-1.2.3-1.module+el8.3.0+7192+4e3a532a.ppc64le.rpm rubygem-pg-debugsource-1.2.3-1.module+el8.3.0+7192+4e3a532a.ppc64le.rpm rubygem-psych-3.1.0-138.module+el8.6.0+16148+54b2ba8f.ppc64le.rpm rubygem-psych-debuginfo-3.1.0-138.module+el8.6.0+16148+54b2ba8f.ppc64le.rpm s390x: ruby-2.7.6-138.module+el8.6.0+16148+54b2ba8f.s390x.rpm ruby-debuginfo-2.7.6-138.module+el8.6.0+16148+54b2ba8f.s390x.rpm ruby-debugsource-2.7.6-138.module+el8.6.0+16148+54b2ba8f.s390x.rpm ruby-devel-2.7.6-138.module+el8.6.0+16148+54b2ba8f.s390x.rpm ruby-libs-2.7.6-138.module+el8.6.0+16148+54b2ba8f.s390x.rpm ruby-libs-debuginfo-2.7.6-138.module+el8.6.0+16148+54b2ba8f.s390x.rpm rubygem-bigdecimal-2.0.0-138.module+el8.6.0+16148+54b2ba8f.s390x.rpm rubygem-bigdecimal-debuginfo-2.0.0-138.module+el8.6.0+16148+54b2ba8f.s390x.rpm rubygem-bson-4.8.1-1.module+el8.3.0+7192+4e3a532a.s390x.rpm rubygem-bson-debuginfo-4.8.1-1.module+el8.3.0+7192+4e3a532a.s390x.rpm rubygem-bson-debugsource-4.8.1-1.module+el8.3.0+7192+4e3a532a.s390x.rpm rubygem-io-console-0.5.6-138.module+el8.6.0+16148+54b2ba8f.s390x.rpm rubygem-io-console-debuginfo-0.5.6-138.module+el8.6.0+16148+54b2ba8f.s390x.rpm rubygem-json-2.3.0-138.module+el8.6.0+16148+54b2ba8f.s390x.rpm rubygem-json-debuginfo-2.3.0-138.module+el8.6.0+16148+54b2ba8f.s390x.rpm rubygem-mysql2-0.5.3-1.module+el8.3.0+7192+4e3a532a.s390x.rpm rubygem-mysql2-debuginfo-0.5.3-1.module+el8.3.0+7192+4e3a532a.s390x.rpm rubygem-mysql2-debugsource-0.5.3-1.module+el8.3.0+7192+4e3a532a.s390x.rpm rubygem-openssl-2.1.3-138.module+el8.6.0+16148+54b2ba8f.s390x.rpm rubygem-openssl-debuginfo-2.1.3-138.module+el8.6.0+16148+54b2ba8f.s390x.rpm rubygem-pg-1.2.3-1.module+el8.3.0+7192+4e3a532a.s390x.rpm rubygem-pg-debuginfo-1.2.3-1.module+el8.3.0+7192+4e3a532a.s390x.rpm rubygem-pg-debugsource-1.2.3-1.module+el8.3.0+7192+4e3a532a.s390x.rpm rubygem-psych-3.1.0-138.module+el8.6.0+16148+54b2ba8f.s390x.rpm rubygem-psych-debuginfo-3.1.0-138.module+el8.6.0+16148+54b2ba8f.s390x.rpm x86_64: ruby-2.7.6-138.module+el8.6.0+16148+54b2ba8f.i686.rpm ruby-2.7.6-138.module+el8.6.0+16148+54b2ba8f.x86_64.rpm ruby-debuginfo-2.7.6-138.module+el8.6.0+16148+54b2ba8f.i686.rpm ruby-debuginfo-2.7.6-138.module+el8.6.0+16148+54b2ba8f.x86_64.rpm ruby-debugsource-2.7.6-138.module+el8.6.0+16148+54b2ba8f.i686.rpm ruby-debugsource-2.7.6-138.module+el8.6.0+16148+54b2ba8f.x86_64.rpm ruby-devel-2.7.6-138.module+el8.6.0+16148+54b2ba8f.i686.rpm ruby-devel-2.7.6-138.module+el8.6.0+16148+54b2ba8f.x86_64.rpm ruby-libs-2.7.6-138.module+el8.6.0+16148+54b2ba8f.i686.rpm ruby-libs-2.7.6-138.module+el8.6.0+16148+54b2ba8f.x86_64.rpm ruby-libs-debuginfo-2.7.6-138.module+el8.6.0+16148+54b2ba8f.i686.rpm ruby-libs-debuginfo-2.7.6-138.module+el8.6.0+16148+54b2ba8f.x86_64.rpm rubygem-bigdecimal-2.0.0-138.module+el8.6.0+16148+54b2ba8f.i686.rpm rubygem-bigdecimal-2.0.0-138.module+el8.6.0+16148+54b2ba8f.x86_64.rpm rubygem-bigdecimal-debuginfo-2.0.0-138.module+el8.6.0+16148+54b2ba8f.i686.rpm rubygem-bigdecimal-debuginfo-2.0.0-138.module+el8.6.0+16148+54b2ba8f.x86_64.rpm rubygem-bson-4.8.1-1.module+el8.3.0+7192+4e3a532a.x86_64.rpm rubygem-bson-debuginfo-4.8.1-1.module+el8.3.0+7192+4e3a532a.x86_64.rpm rubygem-bson-debugsource-4.8.1-1.module+el8.3.0+7192+4e3a532a.x86_64.rpm rubygem-io-console-0.5.6-138.module+el8.6.0+16148+54b2ba8f.i686.rpm rubygem-io-console-0.5.6-138.module+el8.6.0+16148+54b2ba8f.x86_64.rpm rubygem-io-console-debuginfo-0.5.6-138.module+el8.6.0+16148+54b2ba8f.i686.rpm rubygem-io-console-debuginfo-0.5.6-138.module+el8.6.0+16148+54b2ba8f.x86_64.rpm rubygem-json-2.3.0-138.module+el8.6.0+16148+54b2ba8f.i686.rpm rubygem-json-2.3.0-138.module+el8.6.0+16148+54b2ba8f.x86_64.rpm rubygem-json-debuginfo-2.3.0-138.module+el8.6.0+16148+54b2ba8f.i686.rpm rubygem-json-debuginfo-2.3.0-138.module+el8.6.0+16148+54b2ba8f.x86_64.rpm rubygem-mysql2-0.5.3-1.module+el8.3.0+7192+4e3a532a.x86_64.rpm rubygem-mysql2-debuginfo-0.5.3-1.module+el8.3.0+7192+4e3a532a.x86_64.rpm rubygem-mysql2-debugsource-0.5.3-1.module+el8.3.0+7192+4e3a532a.x86_64.rpm rubygem-openssl-2.1.3-138.module+el8.6.0+16148+54b2ba8f.i686.rpm rubygem-openssl-2.1.3-138.module+el8.6.0+16148+54b2ba8f.x86_64.rpm rubygem-openssl-debuginfo-2.1.3-138.module+el8.6.0+16148+54b2ba8f.i686.rpm rubygem-openssl-debuginfo-2.1.3-138.module+el8.6.0+16148+54b2ba8f.x86_64.rpm rubygem-pg-1.2.3-1.module+el8.3.0+7192+4e3a532a.x86_64.rpm rubygem-pg-debuginfo-1.2.3-1.module+el8.3.0+7192+4e3a532a.x86_64.rpm rubygem-pg-debugsource-1.2.3-1.module+el8.3.0+7192+4e3a532a.x86_64.rpm rubygem-psych-3.1.0-138.module+el8.6.0+16148+54b2ba8f.i686.rpm rubygem-psych-3.1.0-138.module+el8.6.0+16148+54b2ba8f.x86_64.rpm rubygem-psych-debuginfo-3.1.0-138.module+el8.6.0+16148+54b2ba8f.i686.rpm rubygem-psych-debuginfo-3.1.0-138.module+el8.6.0+16148+54b2ba8f.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-41817 https://access.redhat.com/security/cve/CVE-2021-41819 https://access.redhat.com/security/cve/CVE-2022-28739 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details athttps://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYyCB8tzjgjWX9erEAQgejg/+OH6Jsb1IZAFisrfV/6nIZOkFqhSKpzNf 4VhuC22aesYUEWvSip2jHbFeGVkuI+iqieKPGLr6qHxZ4m8gt5EC8Ti8L6RbJ6rx W0/JZBalDZDLbsZJrbAH3EoP5WOQ1DYY+FTXaQNX4Yf2VIhTTFFtBXrYumtikkcW K8u1qT6v3rhdysSwJc+SZi0X2AVQrTRrRXjN4ozsypJvyAkOQRYB+v79YSNVK80q KF/4U76ohYBx5pbzHW+Vqf8ZMBaGuseXFbcgcqlWUC4n8pKNo06pcof5+nkMYM2Z tPieoq7AYs9f0zeVi39kkqhyXDPCZhCxcCaBepSAFAEUil6Pib7yWA+AA/FsITC6 Zvyn9ALA25XrUeeUAH8VngWWpJH6vcYxJe2AzkPXYoGEdgNhVgpnmdLWVkd80VSG ASEnPstIqYUGNR4Y1rTTy6DuvlFBlLfbwntfq1FtlXiScpvpQ8sJ+cquE4UaxWc2 ifggdPHVHILtNFom3hDNx1l89v2bOLhS6/1DgqRKUq/J1zvHx61rCqxZ1pwh3U23 rX2UPZ7oFlZCN2g884wLUJFPbJEs8di/0MTm6bdka27O1SP0h6d9vhZ4O69L8/BP GdtDZBe0TchUf+Zr0mAf7k0Mb66XH9/8oru+iEMq0tky97EVOpmbzbrYiOYdrJ4Y kP56IuEnZFk=Mwlx -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Sep 13, 2022
Red Hat
98
security advisorysecurity updatered hatRedHat: RHSA-2021-4626: Moderate Security Update For ovirt-engine
Updated ovirt-engine packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: RHV Manager (ovirt-engine) security update [ovirt-4.4.9] Advisory ID: RHSA-2021:4626-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2021:4626 Issue date: 2021-11-16 CVE Names: CVE-2020-7733 CVE-2020-28469 ==================================================================== 1. Summary: Updated ovirt-engine packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch 3. Description: The ovirt-engine package provides the manager for virtualization environments. This manager enables admins to define hosts and networks, as well as to add storage, create VMs and manage user permissions. A list of bugs fixed in this update is available in the Technical Notes book: https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes Security Fix(es): * nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469) * nodejs-ua-parser-js: Regular expression denial of service via the regex (CVE-2020-7733) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 4.Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/2974891 5. Bugs fixed (https://bugzilla.redhat.com/): 1352501 - [RFE] LUKs key management on RHV 1879733 - CVE-2020-7733 nodejs-ua-parser-js: Regular expression denial of service via the regex 1940991 - Hot plugging memory then hot unplugging the same memory on a RHEL 8 VM via API, after repeating the process several times the Defined Memory value in RHV-M and free command on the VM go out of sync, displaying completely different values 1945459 - CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service 1957830 - Creating thin disk from VM Portal on block storage fails 1971802 - Connection timeout when DNS server timeouts for IPv6 address resolution in mixed IPv4/IPv6 environments 1977232 - Create template broken with block storage 1977276 - Uploading ISO through RHV-M portal intermittently fails with error "Failed to add disk for image transfer command" 1979730 - Windows VM ends up with ghost NIC and missing secondary disks machine type changes from pc-q35-rhel8.3.0 to pc-q35-rhel8.4.0 1989324 - rhv-image-discrepancies should skip OVF_STORE 1992690 - [RFE] Customize 'oVirt Inventory Dashboard' to include cluster wide information about 'CPUs Overcommit' and 'Running VMs - CPU Cores vs. Total Hosts-CPU Cores' 2000364 - Engine fails to start, unable to read cloud-init network config from stateless snapshot configuration. 2001551 - Allow more granular checks with rhv-image-discrepancies 2001944 - Always log exception message which is raised during inserting into audit_log 2004444 - Try to enable cinderlib repos on host during host upgrade 2007550 - Change type of disk write/read rate from integer to long 2014017 - Can not download VM disks due to 'Cannot transfer Virtual Disk: Disk is locked' 6. Package List: RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine4.4: Source: ovirt-engine-4.4.9.2-0.6.el8ev.src.rpm ovirt-engine-dwh-4.4.9.1-1.el8ev.src.rpm ovirt-engine-extension-aaa-ldap-1.4.5-1.el8ev.src.rpm ovirt-engine-metrics-1.4.4-1.el8ev.src.rpm ovirt-web-ui-1.7.2-1.el8ev.src.rpm rhv-log-collector-analyzer-1.0.11-1.el8ev.src.rpm noarch: ovirt-engine-4.4.9.2-0.6.el8ev.noarch.rpm ovirt-engine-backend-4.4.9.2-0.6.el8ev.noarch.rpm ovirt-engine-dbscripts-4.4.9.2-0.6.el8ev.noarch.rpm ovirt-engine-dwh-4.4.9.1-1.el8ev.noarch.rpm ovirt-engine-dwh-grafana-integration-setup-4.4.9.1-1.el8ev.noarch.rpm ovirt-engine-dwh-setup-4.4.9.1-1.el8ev.noarch.rpm ovirt-engine-extension-aaa-ldap-1.4.5-1.el8ev.noarch.rpm ovirt-engine-extension-aaa-ldap-setup-1.4.5-1.el8ev.noarch.rpm ovirt-engine-health-check-bundler-4.4.9.2-0.6.el8ev.noarch.rpm ovirt-engine-metrics-1.4.4-1.el8ev.noarch.rpm ovirt-engine-restapi-4.4.9.2-0.6.el8ev.noarch.rpm ovirt-engine-setup-4.4.9.2-0.6.el8ev.noarch.rpm ovirt-engine-setup-base-4.4.9.2-0.6.el8ev.noarch.rpm ovirt-engine-setup-plugin-cinderlib-4.4.9.2-0.6.el8ev.noarch.rpm ovirt-engine-setup-plugin-imageio-4.4.9.2-0.6.el8ev.noarch.rpm ovirt-engine-setup-plugin-ovirt-engine-4.4.9.2-0.6.el8ev.noarch.rpm ovirt-engine-setup-plugin-ovirt-engine-common-4.4.9.2-0.6.el8ev.noarch.rpm ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.4.9.2-0.6.el8ev.noarch.rpm ovirt-engine-setup-plugin-websocket-proxy-4.4.9.2-0.6.el8ev.noarch.rpm ovirt-engine-tools-4.4.9.2-0.6.el8ev.noarch.rpm ovirt-engine-tools-backup-4.4.9.2-0.6.el8ev.noarch.rpm ovirt-engine-vmconsole-proxy-helper-4.4.9.2-0.6.el8ev.noarch.rpm ovirt-engine-webadmin-portal-4.4.9.2-0.6.el8ev.noarch.rpm ovirt-engine-websocket-proxy-4.4.9.2-0.6.el8ev.noarch.rpm ovirt-web-ui-1.7.2-1.el8ev.noarch.rpm python3-ovirt-engine-lib-4.4.9.2-0.6.el8ev.noarch.rpm rhv-log-collector-analyzer-1.0.11-1.el8ev.noarch.rpm rhvm-4.4.9.2-0.6.el8ev.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2020-7733 https://access.redhat.com/security/cve/CVE-2020-28469 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYZQXm9zjgjWX9erEAQgfGA//cT9M+SSFfEmyYDBEfwRL7zqst+bjsxJ5 B37q+1Ebo0JWHAsIgh0oluQ7WssqzCQp02bd4pZ3Mn8L0VzJ8/7ZO1czgHcjGxUN gew4JY3+wX3Bm2z16EwgMwuG4h9KZ9wajwe4oLvZGVny5bj/qc7Jb4yh1pw9IHIA rm3b4pSGxbqUh9cmiLMvf1gsIvLyHL3J5xu73TEjrFB8oSM4KnpC6Uqs5HMk/Qu6 6LRZpqFb+cOrLn7tarxIqZi9BODGo0jM6KImLZpWSQuiSeSlF7SuBAY8WtjRH9Yh bxl46OyPDk88pu4sHWVI7acM/ngkCDb6WCIigBqf0NlzVl2RSY42cd9n8sQrAMSg JRD3OpzZqMKVDfnoQEtxQrZCQJYLIgu0ALhZE5JwmzyuoK0EdMTs4xvStKB03cRy aVwXbol30esQCbk078kXROpgTB4GC+afBfAZqUb9K1XkngTfC/+hOUnvQgKruZ3H n4CB22UUGYJpqDhCqd+c+OssxTLp5qhhneruiayrxZyTYGrnmog4AaFvK5vdOz4u ofJHvb3z+s8Yjl0z50lQP3CzFdJfncYVwpsJxCa2dFwK6cKajiudP1aldx73Uyz7 Bxsr4hc2rmXmz70K5QhfuTN6Uz3qWNnxNFXDzZm+6+o98exRfqcI/Uuzdk7A6kMx o+zXeXdIuqM=TrU3 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 16, 2021
Red Hat
100
security advisorydenial of serviceupdateSUSE: 2021:2618-1 Important: Nodejs8 Regex Denial Of Service Fix
An update that fixes three vulnerabilities is now available. . SUSE Security Update: Security update for nodejs8 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2618-1 Rating: important References: #1184450 #1187976 #1187977 Cross-References: CVE-2020-7774 CVE-2021-23362 CVE-2021-27290 CVSS scores: CVE-2020-7774 (NVD) : 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2021-23362 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-23362 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-27290 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-27290 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for nodejs8 fixes the following issues: - update to npm 6.14.13 - CVE-2021-27290: Fixed ssri Regular Expression Denial of Service. (bsc#1187976) - CVE-2021-23362: Fixed hosted-git-info Regular Expression Denial of Service. (bsc#1187977) - CVE-2020-7774: fixes y18n Prototype Pollution. (bsc#1184450) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP2: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2021-2618=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (aarch64 ppc64le s390x x86_64): nodejs8-8.17.0-10.12.2 nodejs8-debuginfo-8.17.0-10.12.2 nodejs8-debugsource-8.17.0-10.12.2 nodejs8-devel-8.17.0-10.12.2 npm8-8.17.0-10.12.2 - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (noarch): nodejs8-docs-8.17.0-10.12.2 References: https://www.suse.com/security/cve/CVE-2020-7774.html https://www.suse.com/security/cve/CVE-2021-23362.html https://www.suse.com/security/cve/CVE-2021-27290.html https://bugzilla.suse.com/1184450 https://bugzilla.suse.com/1187976 https://bugzilla.suse.com/1187977 . Addresses three critical vulnerabilities in Node.js version 8 for SUSE Linux, bolstering security through essential patch updates.. Nodejs Security Fixes, SUSE Linux Update, Important Software Patches. . Severity: Important. LinuxSecurity.com Team
Aug 05, 2021
•Important
SuSE
203
security advisorysecurity issueDoSMageia: 2020-0182 Critical: Java-1.8.0-OpenJDK Security Issues Resolved
Updated java-1.8.0-openjdk packages fix security vulnerabilities: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) . MGASA-2020-0182 - Updated java-1.8.0-openjdk packages fix security vulnerabilities Publication date: 24 Apr 2020 URL: https://advisories.mageia.org/MGASA-2020-0182.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-2754, CVE-2020-2755, CVE-2020-2756, CVE-2020-2757, CVE-2020-2773, CVE-2020-2781, CVE-2020-2800, CVE-2020-2803, CVE-2020-2805, CVE-2020-2830 Updated java-1.8.0-openjdk packages fix security vulnerabilities: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) References: - https://bugs.mageia.org/show_bug.cgi?id=26520 - https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixJAVA - https://access.redhat.com/errata/RHSA-2020:1512 - https://www.cve.org/CVERecord?id=CVE-2020-2754 - https://www.cve.org/CVERecord?id=CVE-2020-2755 - https://www.cve.org/CVERecord?id=CVE-2020-2756 - https://www.cve.org/CVERecord?id=CVE-2020-2757 -https://www.cve.org/CVERecord?id=CVE-2020-2773 - https://www.cve.org/CVERecord?id=CVE-2020-2781 - https://www.cve.org/CVERecord?id=CVE-2020-2800 - https://www.cve.org/CVERecord?id=CVE-2020-2803 - https://www.cve.org/CVERecord?id=CVE-2020-2805 - https://www.cve.org/CVERecord?id=CVE-2020-2830 SRPMS: - 7/core/java-1.8.0-openjdk-1.8.0.252-1.b09.1.mga7 . The recently released java-1.8.0-openjdk updates rectify significant security vulnerabilities identified in multiple elements of Mageia.. java-1.8.0-openjdk, Mageia, security update, regex errors, DoS fixes. . Severity: Critical. LinuxSecurity.com Team
Apr 24, 2020
•Critical
Mageia
197
security advisoryupdatedebianDebian 8: DLA-2167-1 Critical: Python-Bleach ReDoS Issue
A vulnerability was discovered in python-bleach, a whitelist-based HTML-sanitizing library. Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to a regular expression denial . Package : python-bleach Version : 1.4-1+deb8u1 CVE ID : CVE-2020-6817 Debian Bug : 955388 A vulnerability was discovered in python-bleach, a whitelist-based HTML-sanitizing library. Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to a regular expression denial of service (ReDoS). For Debian 8 "Jessie", this problem has been fixed in version 1.4-1+deb8u1. We recommend that you upgrade your python-bleach packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Important security patch for python-bleach resolves a regex DoS vulnerability in Debian. Update is advised!. Python-Bleach Security, Debian 8 Upgrade, Regex Denial Of Service. . Severity: Critical. LinuxSecurity.com Team
Apr 01, 2020
•Critical
Debian LTS
89
security advisoryFedoraupdate informationFedora 29: 2019-5409bb5e68 Critical: Oniguruma Security Fixes
Some security issues are found on oniguruma. This new rpm should fix these issues. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-5409bb5e68 2019-07-31 01:48:17.829137 --------------------------------------------------------------------------------Name : oniguruma Product : Fedora 29 Version : 6.9.1 Release : 2.fc29 URL : https://github.com/kkos/oniguruma/ Summary : Regular expressions library Description : Oniguruma is a regular expressions library. The characteristics of this library is that different character encoding for every regular expression object can be specified. (supported APIs: GNU regex, POSIX and Oniguruma native) --------------------------------------------------------------------------------Update Information: Some security issues are found on oniguruma. This new rpm should fix these issues --------------------------------------------------------------------------------ChangeLog: * Fri Jul 12 2019 Mamoru TASAKA - 6.9.1-2 - patch for CVE-2019-13225 based on the upstream and backported into 6.9.1 (#1728966) - NON-upstream patch for CVE-2019-13224 (#1728971) * Wed Dec 12 2018 Mamoru TASAKA - 6.9.1-1 - 6.9.1 --------------------------------------------------------------------------------References: [ 1 ] Bug #1728971 - CVE-2019-13224 oniguruma: use-after-free in onig_new_deluxe() in regext.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1728971 [ 2 ] Bug #1728966 - CVE-2019-13225 oniguruma: null-pointer dereference in match_at() in regexec.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1728966 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-5409bb5e68' at the command line. For more information, refer to the dnf documentation availableat https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jul 30, 2019
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!