Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
100
security advisoryvulnerabilitypatchSUSE: 2024:3500-1 important: openssl-3 remote attack fix
* bsc#1230698 Cross-References: * CVE-2024-41996 . # Security update for openssl-3 Announcement ID: SUSE-SU-2024:3500-1 Release Date: 2024-09-30T14:14:23Z Rating: important References: * bsc#1230698 Cross-References: * CVE-2024-41996 CVSS scores: * CVE-2024-41996 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-41996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-3 fixes the following issues: * CVE-2024-41996: Validating the order of the public keys in the Diffie- Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-3500=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3500=1 openSUSE-SLE-15.5-2024-3500=1 ## Package List: * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * openssl-3-debuginfo-3.0.8-150500.5.45.1 * libopenssl3-3.0.8-150500.5.45.1 * openssl-3-debugsource-3.0.8-150500.5.45.1 * libopenssl3-debuginfo-3.0.8-150500.5.45.1 * libopenssl-3-devel-3.0.8-150500.5.45.1 * openssl-3-3.0.8-150500.5.45.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * openssl-3-debuginfo-3.0.8-150500.5.45.1 * libopenssl3-3.0.8-150500.5.45.1 *openssl-3-debugsource-3.0.8-150500.5.45.1 * libopenssl3-debuginfo-3.0.8-150500.5.45.1 * libopenssl-3-devel-3.0.8-150500.5.45.1 * openssl-3-3.0.8-150500.5.45.1 * openSUSE Leap 15.5 (x86_64) * libopenssl-3-devel-32bit-3.0.8-150500.5.45.1 * libopenssl3-32bit-debuginfo-3.0.8-150500.5.45.1 * libopenssl3-32bit-3.0.8-150500.5.45.1 * openSUSE Leap 15.5 (noarch) * openssl-3-doc-3.0.8-150500.5.45.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libopenssl3-64bit-3.0.8-150500.5.45.1 * libopenssl3-64bit-debuginfo-3.0.8-150500.5.45.1 * libopenssl-3-devel-64bit-3.0.8-150500.5.45.1 ## References: * https://www.suse.com/security/cve/CVE-2024-41996.html * https://bugzilla.suse.com/show_bug.cgi?id=1230698 . A critical SUSE OpenSSL-3 update addresses vulnerability CVE-2024-41996. Users must apply the patch immediately to protect their systems.. openssl update, openssl advisory, Linux patch management, SUSE security, remote attack response. . Severity: Important. LinuxSecurity.com Team
Sep 30, 2024
•Important
SuSE
91
security advisorydenial of servicegentooGentoo: GLSA-201908-01 Normal: Binutils Remote DoS Advisory
Multiple vulnerabilities have been found in Binutils, the worst of which may allow remote attackers to cause a Denial of Service condition. [More...]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201908-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Binutils: Multiple vulnerabilities Date: August 03, 2019 Bugs: #672904, #672910, #674668, #682698, #682702 ID: 201908-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in Binutils, the worst of which may allow remote attackers to cause a Denial of Service condition. Background ========= The GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-devel/binutils < 2.32-r1 > = 2.32-r1 Description ========== Multiple vulnerabilities have been discovered in Binutils. Please review the referenced CVE identifiers for details. Impact ===== A remote attacker, by enticing a user to compile/execute a specially crafted ELF, object, PE, or binary file, could possibly cause a Denial of Service condition or have other unspecified impacts. Workaround ========= There is no known workaround at this time. Resolution ========= All Binutils users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =sys-devel/binutils-2.32-r1" References ========= [ 1 ]CVE-2018-10372 https://nvd.nist.gov/vuln/detail/CVE-2018-10372 [ 2 ] CVE-2018-10373 https://nvd.nist.gov/vuln/detail/CVE-2018-10373 [ 3 ] CVE-2018-10534 https://nvd.nist.gov/vuln/detail/CVE-2018-10534 [ 4 ] CVE-2018-10535 https://nvd.nist.gov/vuln/detail/CVE-2018-10535 [ 5 ] CVE-2018-12641 https://nvd.nist.gov/vuln/detail/CVE-2018-12641 [ 6 ] CVE-2018-12697 https://nvd.nist.gov/vuln/detail/CVE-2018-12697 [ 7 ] CVE-2018-12698 https://nvd.nist.gov/vuln/detail/CVE-2018-12698 [ 8 ] CVE-2018-12699 https://nvd.nist.gov/vuln/detail/CVE-2018-12699 [ 9 ] CVE-2018-12700 https://nvd.nist.gov/vuln/detail/CVE-2018-12700 [ 10 ] CVE-2018-13033 https://nvd.nist.gov/vuln/detail/CVE-2018-13033 [ 11 ] CVE-2018-19931 https://nvd.nist.gov/vuln/detail/CVE-2018-19931 [ 12 ] CVE-2018-19932 https://nvd.nist.gov/vuln/detail/CVE-2018-19932 [ 13 ] CVE-2018-20002 https://nvd.nist.gov/vuln/detail/CVE-2018-20002 [ 14 ] CVE-2018-20651 https://nvd.nist.gov/vuln/detail/CVE-2018-20651 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201908-01 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Aug 03, 2019
Gentoo
91
security advisorynetwork analyzergentoo linuxGentoo: GLSA-201412-52 Normal: Wireshark Multiple DoS Threats
Multiple vulnerabilities have been found in Wireshark which could allow remote attackers to cause Denial of Service.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-52 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Wireshark: Multiple vulnerabilities Date: December 28, 2014 Bugs: #522968, #529100 ID: 201412-52 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in Wireshark which could allow remote attackers to cause Denial of Service. Background ========= Wireshark is a network protocol analyzer formerly known as ethereal. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-analyzer/wireshark < 1.12.2 > = 1.12.2 Description ========== Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact ===== A remote attacker can cause a Denial of Service condition via specially crafted packets. Workaround ========= There is no known workaround at this time. Resolution ========= All Wireshark users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-analyzer/wireshark-1.12.2" References ========= [ 1 ] CVE-2014-6421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6421 [ 2 ] CVE-2014-6422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6422 [ 3 ] CVE-2014-6423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6423 [ 4 ] CVE-2014-6424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6424 [ 5 ] CVE-2014-6425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6425 [ 6 ] CVE-2014-6426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6426 [ 7 ] CVE-2014-6427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6427 [ 8 ] CVE-2014-6428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6428 [ 9 ] CVE-2014-6429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6429 [ 10 ] CVE-2014-6430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6430 [ 11 ] CVE-2014-6431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6431 [ 12 ] CVE-2014-6432 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6432 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201412-52 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Dec 29, 2014
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!