Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 23 articles for you...
89
security advisoryfedoraimportantFedora 43 Python-Apt Important Local DoS Threat 2026-1c47e433df
Update to latest upstream release apt 3.1.15 and python-apt 3.1.0 Update to latest upstream release apt 3.1.15, also fix build problem with previous release. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-1c47e433df 2026-03-04 00:54:59.722793+00:00 -------------------------------------------------------------------------------- Name : python-apt Product : Fedora 43 Version : 3.1.0 Release : 1.fc43 URL : https://tracker.debian.org/pkg/python-apt Summary : Python bindings for APT Description : python-apt is a wrapper to use features of APT from Python. -------------------------------------------------------------------------------- Update Information: Update to latest upstream release apt 3.1.15 and python-apt 3.1.0 Update to latest upstream release apt 3.1.15, also fix build problem with previous release -------------------------------------------------------------------------------- ChangeLog: * Mon Feb 16 2026 Terje Rsten - 3.1.0-1 - Rebuild for so bump in apt 3.1.15 - 3.1.0 * Sat Jan 17 2026 Fedora Release Engineering - 2.3.0-17 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2149769 - python-apt-3.1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2149769 [ 2 ] Bug #2319327 - apt-3.1.15 is available https://bugzilla.redhat.com/show_bug.cgi?id=2319327 [ 3 ] Bug #2339898 - apt-2.9.8-1.fc43 FTBFS: apt-2.9.8/apt-pkg/contrib/strutl.cc:597:7: error: \u2018uint8_t\u2019 was not declared in this scope https://bugzilla.redhat.com/show_bug.cgi?id=2339898 [ 4 ] Bug #2384459 - apt: FTBFS in Fedora rawhide/f43 https://bugzilla.redhat.com/show_bug.cgi?id=2384459 [ 5 ] Bug #2423062 - CVE-2025-6966 python-apt: python-apt: NULL pointer dereference leads to local denial of service [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2423062 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-1c47e433df' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Update to Python bindings for APT fixes a local DoS threat in Fedora with the latest upstream version.. python-apt Fedora update local DoS fix. . Severity: Important. LinuxSecurity.com Team
Mar 04, 2026
•Important
Fedora
89
security advisoryFedoraIPsecFedora 42: 2025-f55f140c15 moderate: openiked 7.4 security update
Updated to new release 7.4. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-f55f140c15 2025-04-23 01:45:48.554903+00:00 -------------------------------------------------------------------------------- Name : openiked Product : Fedora 42 Version : 7.4 Release : 2.fc42 URL : https://github.com/openiked/openiked-portable Summary : A free Internet Key Exchange (IKEv2) implementation Description : OpenIKED is a free, permissively licensed Internet Key Exchange (IKEv2) implementation, developed as part of the OpenBSD project. It is intended to be a lean, secure and inter-operable daemon that allows for easy setup and management of IPsec VPNs. -------------------------------------------------------------------------------- Update Information: Updated to new release 7.4 -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 10 2025 Henrik Boeving 7.4-2 - Updated to new release 7.4 * Thu Apr 10 2025 Henrik Boeving 7.4-1 - Updated to new release 7.4 * Tue Feb 11 2025 Zbigniew JÄdrzejewski-Szmek - 7.3-6 - Drop call to %sysusers_create_compat * Fri Jan 17 2025 Fedora Release Engineering - 7.3-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Thu Jul 18 2024 Fedora Release Engineering - 7.3-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-f55f140c15' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- . Ubuntu 23.10 upgraded strongSwan to version 5.9.3 for improved encryption standards in IKEv2 protocols. Discover further details on this update.. openiked security, IKEv2 implementation, Fedora update, transport security, VPN management. . LinuxSecurity.com Team
Apr 23, 2025
Fedora
217
security advisorybuffer overflowimportantOracle8: ELSA-2025-2502: tigervnc security Important Security Advisory Updates
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-2502 http://linux.oracle.com/errata/ELSA-2025-2502.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: tigervnc-1.13.1-15.el8_10.x86_64.rpm tigervnc-icons-1.13.1-15.el8_10.noarch.rpm tigervnc-license-1.13.1-15.el8_10.noarch.rpm tigervnc-selinux-1.13.1-15.el8_10.noarch.rpm tigervnc-server-1.13.1-15.el8_10.x86_64.rpm tigervnc-server-minimal-1.13.1-15.el8_10.x86_64.rpm tigervnc-server-module-1.13.1-15.el8_10.x86_64.rpm aarch64: tigervnc-1.13.1-15.el8_10.aarch64.rpm tigervnc-icons-1.13.1-15.el8_10.noarch.rpm tigervnc-license-1.13.1-15.el8_10.noarch.rpm tigervnc-selinux-1.13.1-15.el8_10.noarch.rpm tigervnc-server-1.13.1-15.el8_10.aarch64.rpm tigervnc-server-minimal-1.13.1-15.el8_10.aarch64.rpm tigervnc-server-module-1.13.1-15.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//tigervnc-1.13.1-15.el8_10.src.rpm Related CVEs: CVE-2025-26594 CVE-2025-26595 CVE-2025-26596 CVE-2025-26597 CVE-2025-26598 CVE-2025-26599 CVE-2025-26600 CVE-2025-26601 Description of changes: [1.13.1-15] - Fix CVE-2025-26594 xorg-x11-server Use-after-free of the root cursor Resolves: RHEL-79397 - Fix CVE-2025-26595 xorg-x11-server Buffer overflow in XkbVModMaskText() Resolves: RHEL-79401 - Fix CVE-2025-26596 xorg-x11-server Heap overflow in XkbWriteKeySyms() Resolves: RHEL-79386 - Fix CVE-2025-26597 xorg-x11-server Buffer overflow in XkbChangeTypesOfKey() Resolves: RHEL-79380 - Fix CVE-2025-26598 xorg-x11-server Out-of-bounds write in CreatePointerBarrierClient() Resolves: RHEL-79369 - Fix CVE-2025-26599 xorg-x11-server Use of uninitialized pointer in compRedirectWindow() Resolves: RHEL-79364 - Fix CVE-2025-26600 xorg-x11-server Use-after-free in PlayReleasedEvents() Resolves: RHEL-79360 - Fix CVE-2025-26601 xorg-x11-server Use-after-free in SyncInitTrigger() Resolves:RHEL-79348 _______________________________________________ El-errata mailing list
Mar 11, 2025
•Important
Oracle
202
security advisoryupdatepatchopenSUSE 15.6: 2025:0754-1 Important: Wireshark Stack Overflow Issue
An update that solves one vulnerability can now be installed.. # Security update for wireshark Announcement ID: SUSE-SU-2025:0754-1 Release Date: 2025-02-28T16:31:33Z Rating: important References: * bsc#1237414 Cross-References: * CVE-2025-1492 CVSS scores: * CVE-2025-1492 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-1492 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-1492 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP6 * Desktop Applications Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for wireshark fixes the following issues: Update to version 4.2.11: * CVE-2025-1492: uncontrolled recursion leading to a stack buffer overflow can cause Bundle Protocol and CBOR dissector to crash (bsc#1237414). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-754=1 openSUSE-SLE-15.6-2025-754=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-754=1 * Desktop Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-754=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libwiretap14-debuginfo-4.2.11-150600.18.20.1 * libwsutil15-4.2.11-150600.18.20.1 * libwsutil15-debuginfo-4.2.11-150600.18.20.1 * wireshark-ui-qt-4.2.11-150600.18.20.1 * wireshark-ui-qt-debuginfo-4.2.11-150600.18.20.1 * libwireshark17-4.2.11-150600.18.20.1 *wireshark-4.2.11-150600.18.20.1 * wireshark-debuginfo-4.2.11-150600.18.20.1 * wireshark-debugsource-4.2.11-150600.18.20.1 * wireshark-devel-4.2.11-150600.18.20.1 * libwiretap14-4.2.11-150600.18.20.1 * libwireshark17-debuginfo-4.2.11-150600.18.20.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libwiretap14-debuginfo-4.2.11-150600.18.20.1 * libwsutil15-4.2.11-150600.18.20.1 * libwsutil15-debuginfo-4.2.11-150600.18.20.1 * libwireshark17-4.2.11-150600.18.20.1 * wireshark-4.2.11-150600.18.20.1 * wireshark-debuginfo-4.2.11-150600.18.20.1 * wireshark-debugsource-4.2.11-150600.18.20.1 * libwiretap14-4.2.11-150600.18.20.1 * libwireshark17-debuginfo-4.2.11-150600.18.20.1 * Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * wireshark-ui-qt-4.2.11-150600.18.20.1 * wireshark-ui-qt-debuginfo-4.2.11-150600.18.20.1 * wireshark-debugsource-4.2.11-150600.18.20.1 * wireshark-debuginfo-4.2.11-150600.18.20.1 * wireshark-devel-4.2.11-150600.18.20.1 ## References: * https://www.suse.com/security/cve/CVE-2025-1492.html * https://bugzilla.suse.com/show_bug.cgi?id=1237414 . SUSE provides a vital patch for Wireshark to address serious security flaws and avert system failures for enhanced protection.. SUSE Security Update, Wireshark Patch, Stack Overflow Bug. . Severity: Important. LinuxSecurity.com Team
Feb 28, 2025
•Important
OpenSUSE
202
security advisoryimportantinteger overflowopenSUSE 15.6: SUSE-SU-2025:0062-1 important: gstreamer integer overflow
An update that solves one vulnerability can now be installed.. # Security update for gstreamer Announcement ID: SUSE-SU-2025:0062-1 Release Date: 2025-01-10T12:53:37Z Rating: important References: * bsc#1234449 Cross-References: * CVE-2024-47606 CVSS scores: * CVE-2024-47606 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47606 ( NVD ): 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-47606 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP6 An update that solves one vulnerability can now be installed. ## Description: This update for gstreamer fixes the following issues: * CVE-2024-47606: Avoid integer overflow when allocating sysmem. (bsc#1234449). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-62=1 openSUSE-SLE-15.6-2025-62=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-62=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-62=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libgstreamer-1_0-0-1.24.0-150600.3.3.1 * gstreamer-debuginfo-1.24.0-150600.3.3.1 * gstreamer-utils-debuginfo-1.24.0-150600.3.3.1 * libgstreamer-1_0-0-debuginfo-1.24.0-150600.3.3.1 * gstreamer-devel-1.24.0-150600.3.3.1 *gstreamer-debugsource-1.24.0-150600.3.3.1 * gstreamer-utils-1.24.0-150600.3.3.1 * gstreamer-1.24.0-150600.3.3.1 * typelib-1_0-Gst-1_0-1.24.0-150600.3.3.1 * openSUSE Leap 15.6 (x86_64) * typelib-1_0-Gst-1_0-32bit-1.24.0-150600.3.3.1 * gstreamer-32bit-1.24.0-150600.3.3.1 * libgstreamer-1_0-0-32bit-debuginfo-1.24.0-150600.3.3.1 * libgstreamer-1_0-0-32bit-1.24.0-150600.3.3.1 * gstreamer-devel-32bit-1.24.0-150600.3.3.1 * gstreamer-32bit-debuginfo-1.24.0-150600.3.3.1 * openSUSE Leap 15.6 (noarch) * gstreamer-lang-1.24.0-150600.3.3.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libgstreamer-1_0-0-64bit-debuginfo-1.24.0-150600.3.3.1 * libgstreamer-1_0-0-64bit-1.24.0-150600.3.3.1 * gstreamer-64bit-1.24.0-150600.3.3.1 * gstreamer-64bit-debuginfo-1.24.0-150600.3.3.1 * gstreamer-devel-64bit-1.24.0-150600.3.3.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libgstreamer-1_0-0-1.24.0-150600.3.3.1 * gstreamer-debuginfo-1.24.0-150600.3.3.1 * gstreamer-utils-debuginfo-1.24.0-150600.3.3.1 * libgstreamer-1_0-0-debuginfo-1.24.0-150600.3.3.1 * gstreamer-devel-1.24.0-150600.3.3.1 * gstreamer-debugsource-1.24.0-150600.3.3.1 * gstreamer-utils-1.24.0-150600.3.3.1 * gstreamer-1.24.0-150600.3.3.1 * typelib-1_0-Gst-1_0-1.24.0-150600.3.3.1 * Basesystem Module 15-SP6 (noarch) * gstreamer-lang-1.24.0-150600.3.3.1 * SUSE Package Hub 15 15-SP6 (x86_64) * gstreamer-32bit-1.24.0-150600.3.3.1 * gstreamer-debuginfo-1.24.0-150600.3.3.1 * libgstreamer-1_0-0-32bit-debuginfo-1.24.0-150600.3.3.1 * libgstreamer-1_0-0-32bit-1.24.0-150600.3.3.1 * gstreamer-debugsource-1.24.0-150600.3.3.1 * gstreamer-32bit-debuginfo-1.24.0-150600.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-47606.html * https://bugzilla.suse.com/show_bug.cgi?id=1234449 . Important SUSE security patch for vlc resolves buffer overflow vulnerability under advisory ID SUSE-SU-2025:0075-2.. gstreamer security update, importantLinux patch, integer overflow fix. . Severity: Important. LinuxSecurity.com Team
Jan 10, 2025
•Important
OpenSUSE
89
security advisoryFedorarelease updateFedora 40 Advisory FEDORA-2024-272544ceb9: Critical Heap Overflow Fix
Update to openjpeg-2.5.3 Fix 2 heap-buffer-overflow. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-272544ceb9 2025-01-09 02:31:17.828390+00:00 -------------------------------------------------------------------------------- Name : openjpeg2 Product : Fedora 40 Version : 2.5.3 Release : 1.fc40 URL : https://github.com/uclouvain/openjpeg Summary : C-Library for JPEG 2000 Description : The OpenJPEG library is an open-source JPEG 2000 library developed in order to promote the use of JPEG 2000. This package contains * JPEG 2000 codec compliant with the Part 1 of the standard (Class-1 Profile-1 compliance). * JP2 (JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multiple component transforms for multispectral and hyperspectral imagery) -------------------------------------------------------------------------------- Update Information: Update to openjpeg-2.5.3 Fix 2 heap-buffer-overflow -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 24 2024 Sérgio Basto - 2.5.3-1 - Update to 2.5.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2333951 - heap-buffer-overflow at lib/openjp2/j2k.c:8460:84 in opj_j2k_add_tlmarker in openjpeg/opj_decompress https://bugzilla.redhat.com/show_bug.cgi?id=2333951 [ 2 ] Bug #2333954 - heap-buffer-overflow at bin/common/color.c:215:42 in sycc422_to_rgb in openjpeg/opj_decompress https://bugzilla.redhat.com/show_bug.cgi?id=2333954 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-272544ceb9' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora ProjectGPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- . # Resolution for heap buffer overflow in openjpeg2 library through Fedora advisory update for 2024.. openjpeg update,Fedora 40,heap overflow fix. . Severity: Critical. LinuxSecurity.com Team
Jan 09, 2025
•Critical
Fedora
89
security advisorysecurity issuebuffer overflowFedora 41 mbedtls Update: 2024-09-13 critical buffer overflow
Update to 2.28.9 Release notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.9. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-d4bcb0da46 2024-09-13 20:43:08.471899 -------------------------------------------------------------------------------- Name : mbedtls Product : Fedora 41 Version : 2.28.9 Release : 1.fc41 URL : https://www.trustedfirmware.org/projects/mbed-tls Summary : Light-weight cryptographic and SSL/TLS library Description : Mbed TLS is a light-weight open source cryptographic and SSL/TLS library written in C. Mbed TLS makes it easy for developers to include cryptographic and SSL/TLS capabilities in their (embedded) applications with as little hassle as possible. -------------------------------------------------------------------------------- Update Information: Update to 2.28.9 Release notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.9 -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 3 2024 Morten Stevens - 2.28.9-1 - Revert to 2.28.x branch for F41 * Thu Jul 18 2024 Fedora Release Engineering - 3.6.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Tue May 14 2024 Morten Stevens - 3.6.0-1 - Update to 3.6.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2310290 - CVE-2024-45157 mbedtls: From NVD collector [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2310290 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-d4bcb0da46' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with theFedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Sep 13, 2024
•Critical
Fedora
100
security advisoryimportantDNSSUSE: 2024:1923-1 Important Security Advisory for Unbound DNS
* bsc#1202031 * bsc#1202033 * bsc#1203643 * bsc#1219823 * bsc#1219826 . # Security update for unbound Announcement ID: SUSE-SU-2024:1923-1 Rating: important References: * bsc#1202031 * bsc#1202033 * bsc#1203643 * bsc#1219823 * bsc#1219826 * jsc#PED-8333 Cross-References: * CVE-2022-30698 * CVE-2022-30699 * CVE-2022-3204 * CVE-2023-50387 * CVE-2023-50868 CVSS scores: * CVE-2022-30698 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2022-30698 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2022-30699 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2022-30699 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2022-3204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-3204 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-50387 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-50387 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-50868 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP6 An update that solves five vulnerabilities and contains one feature can now be installed. ## Description: This update for unbound fixes the following issues: unbound was updated to 1.20.0: * A lot of bugfixes and added features. For a complete list take a look at the changelog located at: /usr/share/doc/packages/unbound/Changelog or https://www.nlnetlabs.nl/projects/unbound/download/ Some Noteworthy Changes: * Removed DLV. The DLV has been decommisioned since unbound 1.5.4 and has been advised to stop using it since. The use of dlv options displays a warning. * Remove EDNS lame procedure, do notre-query without EDNS after timeout. * Add DNS over HTTPS * libunbound has been upgraded to major version 8 Security Fixes: * CVE-2023-50387: DNSSEC verification complexity can be exploited to exhaust CPU resources and stall DNS resolvers. [bsc#1219823] * CVE-2023-50868: NSEC3 closest encloser proof can exhaust CPU. [bsc#1219826] * CVE-2022-30698: Novel "ghost domain names" attack by introducing subdomain delegations. [bsc#1202033] * CVE-2022-30699: Novel "ghost domain names" attack by updating almost expired delegation information. [bsc#1202031] * CVE-2022-3204: NRDelegation attack leads to uncontrolled resource consumption (Non-Responsive Delegation Attack). [bsc#1203643] Packaging Changes: * Use prefixes instead of sudo in unbound.service * Remove no longer necessary BuildRequires: libfstrm-devel and libprotobuf-c- devel ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-1923=1 openSUSE-SLE-15.6-2024-1923=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-1923=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-1923=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libunbound-devel-mini-debugsource-1.20.0-150600.23.3.1 * unbound-1.20.0-150600.23.3.1 * libunbound8-1.20.0-150600.23.3.1 * libunbound-devel-mini-debuginfo-1.20.0-150600.23.3.1 * libunbound8-debuginfo-1.20.0-150600.23.3.1 * unbound-anchor-debuginfo-1.20.0-150600.23.3.1 * unbound-debugsource-1.20.0-150600.23.3.1 * unbound-debuginfo-1.20.0-150600.23.3.1 * unbound-devel-1.20.0-150600.23.3.1 * unbound-python-1.20.0-150600.23.3.1 * unbound-anchor-1.20.0-150600.23.3.1 * unbound-python-debuginfo-1.20.0-150600.23.3.1 *libunbound-devel-mini-1.20.0-150600.23.3.1 * openSUSE Leap 15.6 (noarch) * unbound-munin-1.20.0-150600.23.3.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * unbound-debugsource-1.20.0-150600.23.3.1 * libunbound8-1.20.0-150600.23.3.1 * unbound-anchor-debuginfo-1.20.0-150600.23.3.1 * libunbound8-debuginfo-1.20.0-150600.23.3.1 * unbound-devel-1.20.0-150600.23.3.1 * unbound-debuginfo-1.20.0-150600.23.3.1 * unbound-anchor-1.20.0-150600.23.3.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64) * unbound-1.20.0-150600.23.3.1 * unbound-debugsource-1.20.0-150600.23.3.1 * unbound-python-1.20.0-150600.23.3.1 * unbound-debuginfo-1.20.0-150600.23.3.1 * unbound-python-debuginfo-1.20.0-150600.23.3.1 ## References: * https://www.suse.com/security/cve/CVE-2022-30698.html * https://www.suse.com/security/cve/CVE-2022-30699.html * https://www.suse.com/security/cve/CVE-2022-3204.html * https://www.suse.com/security/cve/CVE-2023-50387.html * https://www.suse.com/security/cve/CVE-2023-50868.html * https://bugzilla.suse.com/show_bug.cgi?id=1202031 * https://bugzilla.suse.com/show_bug.cgi?id=1202033 * https://bugzilla.suse.com/show_bug.cgi?id=1203643 * https://bugzilla.suse.com/show_bug.cgi?id=1219823 * https://bugzilla.suse.com/show_bug.cgi?id=1219826 * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FPED-8333&page_caps=&user_role= . A significant safety enhancement for unbound tackles various vulnerabilities within SUSE's software solutions, enhancing reliability.. SUSE Security, Unbound Update, DNS Security, Patch Management, Attack Mitigation. . Severity: Important. LinuxSecurity.com Team
Jun 04, 2024
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!