Explore top 10 tips to secure your open-source projects now. Read More
×An update that solves three vulnerabilities can now be installed.. # Security update for cockpit Announcement ID: SUSE-SU-2026:2019-1 Release Date: 2026-05-20T07:13:11Z Rating: important References: * bsc#1256521 * bsc#1259290 * bsc#1265040 Cross-References: * CVE-2026-0775 * CVE-2026-29074 * CVE-2026-4802 CVSS scores: * CVE-2026-0775 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-0775 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-0775 ( NVD ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-29074 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-29074 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-29074 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4802 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-4802 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4802 ( NVD ): 8.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves three vulnerabilities can now be installed. ## Description: This update for cockpit fixes the following issues * CVE-2026-0775: npm: loading of modules from an unsecured location can be used for local privilege escalation and arbitrary code execution in the context of a target user (bsc#1256521). * CVE-2026-4802: remote command execution via unsanitized user-controlled parameters within crafted links in system logs UI (bsc#1265040). * CVE-2026-29074: svgo: no guard against entity expansion or recursion when processing XML with custom entities can lead to DoS (bsc#1259290). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the commandlisted for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2019=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2019=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * cockpit-ws-debuginfo-251.3-150400.6.10.1 * cockpit-debuginfo-251.3-150400.6.10.1 * cockpit-bridge-debuginfo-251.3-150400.6.10.1 * cockpit-ws-251.3-150400.6.10.1 * cockpit-251.3-150400.6.10.1 * cockpit-bridge-251.3-150400.6.10.1 * cockpit-debugsource-251.3-150400.6.10.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * cockpit-networkmanager-251.3-150400.6.10.1 * cockpit-storaged-251.3-150400.6.10.1 * cockpit-system-251.3-150400.6.10.1 * cockpit-selinux-251.3-150400.6.10.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * cockpit-ws-debuginfo-251.3-150400.6.10.1 * cockpit-debuginfo-251.3-150400.6.10.1 * cockpit-bridge-debuginfo-251.3-150400.6.10.1 * cockpit-ws-251.3-150400.6.10.1 * cockpit-251.3-150400.6.10.1 * cockpit-bridge-251.3-150400.6.10.1 * cockpit-debugsource-251.3-150400.6.10.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * cockpit-networkmanager-251.3-150400.6.10.1 * cockpit-storaged-251.3-150400.6.10.1 * cockpit-system-251.3-150400.6.10.1 * cockpit-selinux-251.3-150400.6.10.1 ## References: * https://www.suse.com/security/cve/CVE-2026-0775.html * https://www.suse.com/security/cve/CVE-2026-29074.html * https://www.suse.com/security/cve/CVE-2026-4802.html * https://bugzilla.suse.com/show_bug.cgi?id=1256521 * https://bugzilla.suse.com/show_bug.cgi?id=1259290 * https://bugzilla.suse.com/show_bug.cgi?id=1265040 . An important update for SUSE cockpit fixes three vulnerabilities that can impact system integrity and security.. SUSE cockpit security patch vulnerabilities. . Severity: Important. LinuxSecurity.com Team
* bsc#1222121 Cross-References: * CVE-2024-3019 . # Security update for pcp Announcement ID: SUSE-SU-2025:03233-1 Release Date: 2025-09-15T13:16:57Z Rating: important References: * bsc#1222121 Cross-References: * CVE-2024-3019 CVSS scores: * CVE-2024-3019 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for pcp fixes the following issues: * CVE-2024-3019: exposure of the redis server backend allows remote command execution via pmproxy (bsc#1222121). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-3233=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-3233=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-3233=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-3233=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-3233=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * pcp-import-collectl2pcp-5.2.2-150300.3.3.1 * pcp-pmda-apache-5.2.2-150300.3.3.1 * perl-PCP-MMV-5.2.2-150300.3.3.1 * pcp-zeroconf-5.2.2-150300.3.3.1 * pcp-pmda-named-5.2.2-150300.3.3.1 * libpcp_web1-debuginfo-5.2.2-150300.3.3.1 *pcp-pmda-memcache-5.2.2-150300.3.3.1 * pcp-export-pcp2json-5.2.2-150300.3.3.1 * python3-pcp-5.2.2-150300.3.3.1 * libpcp_gui2-debuginfo-5.2.2-150300.3.3.1 * pcp-pmda-cifs-5.2.2-150300.3.3.1 * pcp-devel-debuginfo-5.2.2-150300.3.3.1 * pcp-export-pcp2graphite-5.2.2-150300.3.3.1 * pcp-export-pcp2spark-5.2.2-150300.3.3.1 * pcp-pmda-gluster-5.2.2-150300.3.3.1 * pcp-pmda-rabbitmq-5.2.2-150300.3.3.1 * pcp-pmda-ds389-5.2.2-150300.3.3.1 * pcp-pmda-bash-5.2.2-150300.3.3.1 * libpcp-devel-5.2.2-150300.3.3.1 * pcp-pmda-zswap-5.2.2-150300.3.3.1 * pcp-pmda-sendmail-debuginfo-5.2.2-150300.3.3.1 * pcp-pmda-systemd-5.2.2-150300.3.3.1 * pcp-pmda-smart-debuginfo-5.2.2-150300.3.3.1 * pcp-pmda-bonding-5.2.2-150300.3.3.1 * pcp-pmda-nfsclient-5.2.2-150300.3.3.1 * perl-PCP-MMV-debuginfo-5.2.2-150300.3.3.1 * libpcp3-debuginfo-5.2.2-150300.3.3.1 * pcp-pmda-mailq-5.2.2-150300.3.3.1 * pcp-system-tools-debuginfo-5.2.2-150300.3.3.1 * perl-PCP-LogImport-debuginfo-5.2.2-150300.3.3.1 * perl-PCP-LogSummary-5.2.2-150300.3.3.1 * pcp-pmda-lustre-5.2.2-150300.3.3.1 * perl-PCP-LogImport-5.2.2-150300.3.3.1 * pcp-pmda-roomtemp-5.2.2-150300.3.3.1 * pcp-pmda-rpm-5.2.2-150300.3.3.1 * pcp-pmda-slurm-5.2.2-150300.3.3.1 * pcp-import-ganglia2pcp-5.2.2-150300.3.3.1 * perl-PCP-PMDA-debuginfo-5.2.2-150300.3.3.1 * pcp-pmda-smart-5.2.2-150300.3.3.1 * pcp-pmda-mic-5.2.2-150300.3.3.1 * pcp-pmda-oracle-5.2.2-150300.3.3.1 * pcp-pmda-logger-5.2.2-150300.3.3.1 * pcp-pmda-netcheck-5.2.2-150300.3.3.1 * pcp-import-collectl2pcp-debuginfo-5.2.2-150300.3.3.1 * pcp-testsuite-5.2.2-150300.3.3.1 * pcp-pmda-shping-debuginfo-5.2.2-150300.3.3.1 * libpcp_gui2-5.2.2-150300.3.3.1 * pcp-pmda-openvswitch-5.2.2-150300.3.3.1 * pcp-pmda-elasticsearch-5.2.2-150300.3.3.1 * pcp-pmda-mounts-5.2.2-150300.3.3.1 * pcp-pmda-activemq-5.2.2-150300.3.3.1 * pcp-pmda-pdns-5.2.2-150300.3.3.1 * libpcp3-5.2.2-150300.3.3.1 *pcp-pmda-logger-debuginfo-5.2.2-150300.3.3.1 * pcp-pmda-trace-debuginfo-5.2.2-150300.3.3.1 * pcp-pmda-netfilter-5.2.2-150300.3.3.1 * pcp-pmda-docker-debuginfo-5.2.2-150300.3.3.1 * pcp-gui-debuginfo-5.2.2-150300.3.3.1 * pcp-pmda-docker-5.2.2-150300.3.3.1 * pcp-pmda-unbound-5.2.2-150300.3.3.1 * pcp-pmda-samba-5.2.2-150300.3.3.1 * libpcp_import1-5.2.2-150300.3.3.1 * pcp-pmda-bash-debuginfo-5.2.2-150300.3.3.1 * pcp-pmda-postfix-5.2.2-150300.3.3.1 * pcp-pmda-gpfs-5.2.2-150300.3.3.1 * pcp-import-sar2pcp-5.2.2-150300.3.3.1 * pcp-export-pcp2xml-5.2.2-150300.3.3.1 * pcp-pmda-bind2-5.2.2-150300.3.3.1 * libpcp_import1-debuginfo-5.2.2-150300.3.3.1 * pcp-conf-5.2.2-150300.3.3.1 * pcp-pmda-shping-5.2.2-150300.3.3.1 * perl-PCP-PMDA-5.2.2-150300.3.3.1 * pcp-pmda-news-5.2.2-150300.3.3.1 * libpcp_mmv1-debuginfo-5.2.2-150300.3.3.1 * pcp-pmda-lustrecomm-debuginfo-5.2.2-150300.3.3.1 * pcp-devel-5.2.2-150300.3.3.1 * pcp-pmda-rpm-debuginfo-5.2.2-150300.3.3.1 * libpcp_web1-5.2.2-150300.3.3.1 * pcp-pmda-gpsd-5.2.2-150300.3.3.1 * pcp-pmda-sendmail-5.2.2-150300.3.3.1 * pcp-pmda-lmsensors-5.2.2-150300.3.3.1 * pcp-pmda-nvidia-gpu-5.2.2-150300.3.3.1 * pcp-pmda-cisco-debuginfo-5.2.2-150300.3.3.1 * pcp-5.2.2-150300.3.3.1 * pcp-pmda-zimbra-5.2.2-150300.3.3.1 * pcp-export-pcp2elasticsearch-5.2.2-150300.3.3.1 * pcp-pmda-dm-5.2.2-150300.3.3.1 * pcp-pmda-mounts-debuginfo-5.2.2-150300.3.3.1 * pcp-pmda-cisco-5.2.2-150300.3.3.1 * pcp-pmda-trace-5.2.2-150300.3.3.1 * pcp-pmda-vmware-5.2.2-150300.3.3.1 * pcp-pmda-openmetrics-5.2.2-150300.3.3.1 * pcp-export-pcp2influxdb-5.2.2-150300.3.3.1 * pcp-testsuite-debuginfo-5.2.2-150300.3.3.1 * libpcp_trace2-debuginfo-5.2.2-150300.3.3.1 * pcp-debuginfo-5.2.2-150300.3.3.1 * pcp-pmda-cifs-debuginfo-5.2.2-150300.3.3.1 * pcp-debugsource-5.2.2-150300.3.3.1 * python3-pcp-debuginfo-5.2.2-150300.3.3.1 *pcp-pmda-gfs2-debuginfo-5.2.2-150300.3.3.1 * pcp-pmda-lustrecomm-5.2.2-150300.3.3.1 * pcp-pmda-rsyslog-5.2.2-150300.3.3.1 * libpcp_trace2-5.2.2-150300.3.3.1 * pcp-pmda-nvidia-gpu-debuginfo-5.2.2-150300.3.3.1 * pcp-import-iostat2pcp-5.2.2-150300.3.3.1 * pcp-pmda-redis-5.2.2-150300.3.3.1 * pcp-pmda-ds389log-5.2.2-150300.3.3.1 * pcp-pmda-mailq-debuginfo-5.2.2-150300.3.3.1 * pcp-system-tools-5.2.2-150300.3.3.1 * pcp-pmda-nutcracker-5.2.2-150300.3.3.1 * pcp-pmda-haproxy-5.2.2-150300.3.3.1 * pcp-pmda-dm-debuginfo-5.2.2-150300.3.3.1 * pcp-pmda-dbping-5.2.2-150300.3.3.1 * pcp-pmda-nginx-5.2.2-150300.3.3.1 * libpcp_mmv1-5.2.2-150300.3.3.1 * pcp-pmda-gfs2-5.2.2-150300.3.3.1 * pcp-pmda-roomtemp-debuginfo-5.2.2-150300.3.3.1 * pcp-export-pcp2zabbix-5.2.2-150300.3.3.1 * pcp-pmda-mysql-5.2.2-150300.3.3.1 * pcp-pmda-json-5.2.2-150300.3.3.1 * pcp-pmda-weblog-5.2.2-150300.3.3.1 * pcp-pmda-summary-5.2.2-150300.3.3.1 * pcp-import-mrtg2pcp-5.2.2-150300.3.3.1 * pcp-pmda-weblog-debuginfo-5.2.2-150300.3.3.1 * pcp-pmda-systemd-debuginfo-5.2.2-150300.3.3.1 * pcp-pmda-summary-debuginfo-5.2.2-150300.3.3.1 * pcp-pmda-apache-debuginfo-5.2.2-150300.3.3.1 * pcp-pmda-snmp-5.2.2-150300.3.3.1 * pcp-gui-5.2.2-150300.3.3.1 * openSUSE Leap 15.3 (noarch) * pcp-doc-5.2.2-150300.3.3.1 * openSUSE Leap 15.3 (aarch64 ppc64le x86_64 i586) * pcp-pmda-infiniband-debuginfo-5.2.2-150300.3.3.1 * pcp-pmda-perfevent-5.2.2-150300.3.3.1 * pcp-pmda-infiniband-5.2.2-150300.3.3.1 * pcp-pmda-perfevent-debuginfo-5.2.2-150300.3.3.1 * openSUSE Leap 15.3 (x86_64) * pcp-pmda-mssql-5.2.2-150300.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * pcp-debuginfo-5.2.2-150300.3.3.1 * pcp-import-sar2pcp-5.2.2-150300.3.3.1 * perl-PCP-LogImport-5.2.2-150300.3.3.1 * perl-PCP-MMV-5.2.2-150300.3.3.1 * libpcp_import1-debuginfo-5.2.2-150300.3.3.1 *libpcp_web1-debuginfo-5.2.2-150300.3.3.1 * pcp-debugsource-5.2.2-150300.3.3.1 * python3-pcp-debuginfo-5.2.2-150300.3.3.1 * pcp-conf-5.2.2-150300.3.3.1 * perl-PCP-PMDA-5.2.2-150300.3.3.1 * libpcp_trace2-5.2.2-150300.3.3.1 * python3-pcp-5.2.2-150300.3.3.1 * libpcp_gui2-debuginfo-5.2.2-150300.3.3.1 * perl-PCP-PMDA-debuginfo-5.2.2-150300.3.3.1 * pcp-import-iostat2pcp-5.2.2-150300.3.3.1 * libpcp_mmv1-debuginfo-5.2.2-150300.3.3.1 * pcp-devel-debuginfo-5.2.2-150300.3.3.1 * pcp-system-tools-5.2.2-150300.3.3.1 * pcp-devel-5.2.2-150300.3.3.1 * libpcp_gui2-5.2.2-150300.3.3.1 * libpcp_web1-5.2.2-150300.3.3.1 * libpcp-devel-5.2.2-150300.3.3.1 * pcp-5.2.2-150300.3.3.1 * libpcp3-5.2.2-150300.3.3.1 * libpcp_mmv1-5.2.2-150300.3.3.1 * perl-PCP-MMV-debuginfo-5.2.2-150300.3.3.1 * libpcp3-debuginfo-5.2.2-150300.3.3.1 * pcp-system-tools-debuginfo-5.2.2-150300.3.3.1 * perl-PCP-LogImport-debuginfo-5.2.2-150300.3.3.1 * pcp-import-mrtg2pcp-5.2.2-150300.3.3.1 * libpcp_import1-5.2.2-150300.3.3.1 * perl-PCP-LogSummary-5.2.2-150300.3.3.1 * libpcp_trace2-debuginfo-5.2.2-150300.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * pcp-doc-5.2.2-150300.3.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * pcp-debuginfo-5.2.2-150300.3.3.1 * pcp-import-sar2pcp-5.2.2-150300.3.3.1 * perl-PCP-LogImport-5.2.2-150300.3.3.1 * perl-PCP-MMV-5.2.2-150300.3.3.1 * libpcp_import1-debuginfo-5.2.2-150300.3.3.1 * libpcp_web1-debuginfo-5.2.2-150300.3.3.1 * pcp-debugsource-5.2.2-150300.3.3.1 * python3-pcp-debuginfo-5.2.2-150300.3.3.1 * pcp-conf-5.2.2-150300.3.3.1 * perl-PCP-PMDA-5.2.2-150300.3.3.1 * libpcp_trace2-5.2.2-150300.3.3.1 * python3-pcp-5.2.2-150300.3.3.1 * libpcp_gui2-debuginfo-5.2.2-150300.3.3.1 * perl-PCP-PMDA-debuginfo-5.2.2-150300.3.3.1 * pcp-import-iostat2pcp-5.2.2-150300.3.3.1 *libpcp_mmv1-debuginfo-5.2.2-150300.3.3.1 * pcp-devel-debuginfo-5.2.2-150300.3.3.1 * pcp-system-tools-5.2.2-150300.3.3.1 * pcp-devel-5.2.2-150300.3.3.1 * libpcp_gui2-5.2.2-150300.3.3.1 * libpcp_web1-5.2.2-150300.3.3.1 * libpcp-devel-5.2.2-150300.3.3.1 * pcp-5.2.2-150300.3.3.1 * libpcp3-5.2.2-150300.3.3.1 * libpcp_mmv1-5.2.2-150300.3.3.1 * perl-PCP-MMV-debuginfo-5.2.2-150300.3.3.1 * libpcp3-debuginfo-5.2.2-150300.3.3.1 * pcp-system-tools-debuginfo-5.2.2-150300.3.3.1 * perl-PCP-LogImport-debuginfo-5.2.2-150300.3.3.1 * pcp-import-mrtg2pcp-5.2.2-150300.3.3.1 * libpcp_import1-5.2.2-150300.3.3.1 * perl-PCP-LogSummary-5.2.2-150300.3.3.1 * libpcp_trace2-debuginfo-5.2.2-150300.3.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (noarch) * pcp-doc-5.2.2-150300.3.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le x86_64) * pcp-pmda-perfevent-5.2.2-150300.3.3.1 * pcp-pmda-perfevent-debuginfo-5.2.2-150300.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * pcp-debuginfo-5.2.2-150300.3.3.1 * pcp-import-sar2pcp-5.2.2-150300.3.3.1 * perl-PCP-LogImport-5.2.2-150300.3.3.1 * perl-PCP-MMV-5.2.2-150300.3.3.1 * libpcp_import1-debuginfo-5.2.2-150300.3.3.1 * libpcp_web1-debuginfo-5.2.2-150300.3.3.1 * pcp-debugsource-5.2.2-150300.3.3.1 * python3-pcp-debuginfo-5.2.2-150300.3.3.1 * pcp-conf-5.2.2-150300.3.3.1 * perl-PCP-PMDA-5.2.2-150300.3.3.1 * libpcp_trace2-5.2.2-150300.3.3.1 * python3-pcp-5.2.2-150300.3.3.1 * libpcp_gui2-debuginfo-5.2.2-150300.3.3.1 * perl-PCP-PMDA-debuginfo-5.2.2-150300.3.3.1 * pcp-import-iostat2pcp-5.2.2-150300.3.3.1 * libpcp_mmv1-debuginfo-5.2.2-150300.3.3.1 * pcp-devel-debuginfo-5.2.2-150300.3.3.1 * pcp-system-tools-5.2.2-150300.3.3.1 * pcp-devel-5.2.2-150300.3.3.1 * libpcp_gui2-5.2.2-150300.3.3.1 * libpcp_web1-5.2.2-150300.3.3.1 * libpcp-devel-5.2.2-150300.3.3.1 * pcp-5.2.2-150300.3.3.1 *libpcp3-5.2.2-150300.3.3.1 * libpcp_mmv1-5.2.2-150300.3.3.1 * perl-PCP-MMV-debuginfo-5.2.2-150300.3.3.1 * libpcp3-debuginfo-5.2.2-150300.3.3.1 * pcp-system-tools-debuginfo-5.2.2-150300.3.3.1 * perl-PCP-LogImport-debuginfo-5.2.2-150300.3.3.1 * pcp-import-mrtg2pcp-5.2.2-150300.3.3.1 * libpcp_import1-5.2.2-150300.3.3.1 * perl-PCP-LogSummary-5.2.2-150300.3.3.1 * libpcp_trace2-debuginfo-5.2.2-150300.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * pcp-doc-5.2.2-150300.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le) * pcp-pmda-perfevent-5.2.2-150300.3.3.1 * pcp-pmda-perfevent-debuginfo-5.2.2-150300.3.3.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * pcp-debuginfo-5.2.2-150300.3.3.1 * pcp-import-sar2pcp-5.2.2-150300.3.3.1 * perl-PCP-LogImport-5.2.2-150300.3.3.1 * perl-PCP-MMV-5.2.2-150300.3.3.1 * libpcp_import1-debuginfo-5.2.2-150300.3.3.1 * libpcp_web1-debuginfo-5.2.2-150300.3.3.1 * pcp-debugsource-5.2.2-150300.3.3.1 * python3-pcp-debuginfo-5.2.2-150300.3.3.1 * pcp-conf-5.2.2-150300.3.3.1 * perl-PCP-PMDA-5.2.2-150300.3.3.1 * libpcp_trace2-5.2.2-150300.3.3.1 * python3-pcp-5.2.2-150300.3.3.1 * libpcp_gui2-debuginfo-5.2.2-150300.3.3.1 * perl-PCP-PMDA-debuginfo-5.2.2-150300.3.3.1 * pcp-import-iostat2pcp-5.2.2-150300.3.3.1 * libpcp_mmv1-debuginfo-5.2.2-150300.3.3.1 * pcp-devel-debuginfo-5.2.2-150300.3.3.1 * pcp-system-tools-5.2.2-150300.3.3.1 * pcp-devel-5.2.2-150300.3.3.1 * libpcp_gui2-5.2.2-150300.3.3.1 * libpcp_web1-5.2.2-150300.3.3.1 * libpcp-devel-5.2.2-150300.3.3.1 * pcp-5.2.2-150300.3.3.1 * libpcp3-5.2.2-150300.3.3.1 * libpcp_mmv1-5.2.2-150300.3.3.1 * pcp-pmda-perfevent-debuginfo-5.2.2-150300.3.3.1 * perl-PCP-MMV-debuginfo-5.2.2-150300.3.3.1 * libpcp3-debuginfo-5.2.2-150300.3.3.1 * pcp-system-tools-debuginfo-5.2.2-150300.3.3.1 * perl-PCP-LogImport-debuginfo-5.2.2-150300.3.3.1 *pcp-import-mrtg2pcp-5.2.2-150300.3.3.1 * libpcp_import1-5.2.2-150300.3.3.1 * perl-PCP-LogSummary-5.2.2-150300.3.3.1 * pcp-pmda-perfevent-5.2.2-150300.3.3.1 * libpcp_trace2-debuginfo-5.2.2-150300.3.3.1 * SUSE Enterprise Storage 7.1 (noarch) * pcp-doc-5.2.2-150300.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-3019.html * https://bugzilla.suse.com/show_bug.cgi?id=1222121 . The patch addressing CVE-2024-3019 in pcp provides crucial security enhancements for impacted SUSE environments, mitigating risks associated with unauthorized remote command execution.. SUSE security update, pcp command execution, important patches. . Severity: Important. LinuxSecurity.com Team
* bsc#1069468 * bsc#1217783 * bsc#1217826 * bsc#1222121 * bsc#1222815 . # Security update for pcp Announcement ID: SUSE-SU-2025:20133-1 Release Date: 2025-03-05T15:58:43Z Rating: important References: * bsc#1069468 * bsc#1217783 * bsc#1217826 * bsc#1222121 * bsc#1222815 * bsc#1230551 * bsc#1230552 Cross-References: * CVE-2023-6917 * CVE-2024-3019 * CVE-2024-45769 * CVE-2024-45770 CVSS scores: * CVE-2023-6917 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6917 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-6917 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-3019 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-45769 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-45769 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45769 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45770 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2024-45770 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2024-45770 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Micro 6.0 An update that solves four vulnerabilities and has three fixes can now be installed. ## Description: This update for pcp fixes the following issues: * CVE-2024-45770: Fixed `pmpost` symlink attack allowing escalating `pcp` to `root` user (bsc#1230552). * CVE-2024-45769: Fixed `pmcd` heap corruption through metric pmstore operations (bsc#1230551). * CVE-2024-3019: Fixed exposure of the redis backend server allowing remote command execution via pmproxy (bsc#1222121). * CVE-2023-6917: Fixed Local privilege escalation from pcp user to root in /usr/libexec/pcp/lib/pmproxy (bsc#1217826). Other fixes: \- Updated to version 6.2.0 ## Patch Instructions: To install this SUSE update use the SUSErecommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-222=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * libpcp3-debuginfo-6.2.0-1.1 * pcp-debugsource-6.2.0-1.1 * libpcp_import1-debuginfo-6.2.0-1.1 * libpcp_import1-6.2.0-1.1 * libpcp3-6.2.0-1.1 * SUSE Linux Micro 6.0 (noarch) * pcp-conf-6.2.0-1.1 ## References: * https://www.suse.com/security/cve/CVE-2023-6917.html * https://www.suse.com/security/cve/CVE-2024-3019.html * https://www.suse.com/security/cve/CVE-2024-45769.html * https://www.suse.com/security/cve/CVE-2024-45770.html * https://bugzilla.suse.com/show_bug.cgi?id=1069468 * https://bugzilla.suse.com/show_bug.cgi?id=1217783 * https://bugzilla.suse.com/show_bug.cgi?id=1217826 * https://bugzilla.suse.com/show_bug.cgi?id=1222121 * https://bugzilla.suse.com/show_bug.cgi?id=1222815 * https://bugzilla.suse.com/show_bug.cgi?id=1230551 * https://bugzilla.suse.com/show_bug.cgi?id=1230552 . SUSE has issued a security advisory addressing severe pcp flaws affecting version 6.0. Ensure you implement the necessary patches immediately!. SUSE Linux Micro, pcp update, remote execution, security patch. . Severity: Important. LinuxSecurity.com Team
* bsc#1069468 * bsc#1217783 * bsc#1217826 * bsc#1222121 * bsc#1222815 . # Security update for pcp Announcement ID: SUSE-SU-2025:20133-1 Release Date: 2025-03-05T15:58:43Z Rating: important References: * bsc#1069468 * bsc#1217783 * bsc#1217826 * bsc#1222121 * bsc#1222815 * bsc#1230551 * bsc#1230552 Cross-References: * CVE-2023-6917 * CVE-2024-3019 * CVE-2024-45769 * CVE-2024-45770 CVSS scores: * CVE-2023-6917 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6917 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-6917 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-3019 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-45769 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-45769 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45769 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45770 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2024-45770 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2024-45770 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Micro 6.0 An update that solves four vulnerabilities and has three fixes can now be installed. ## Description: This update for pcp fixes the following issues: * CVE-2024-45770: Fixed `pmpost` symlink attack allowing escalating `pcp` to `root` user (bsc#1230552). * CVE-2024-45769: Fixed `pmcd` heap corruption through metric pmstore operations (bsc#1230551). * CVE-2024-3019: Fixed exposure of the redis backend server allowing remote command execution via pmproxy (bsc#1222121). * CVE-2023-6917: Fixed Local privilege escalation from pcp user to root in /usr/libexec/pcp/lib/pmproxy (bsc#1217826). Other fixes: \- Updated to version 6.2.0 ## Patch Instructions: To install this SUSE update use the SUSErecommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-222=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * libpcp3-6.2.0-1.1 * pcp-debugsource-6.2.0-1.1 * libpcp3-debuginfo-6.2.0-1.1 * libpcp_import1-6.2.0-1.1 * libpcp_import1-debuginfo-6.2.0-1.1 * SUSE Linux Micro 6.0 (noarch) * pcp-conf-6.2.0-1.1 ## References: * https://www.suse.com/security/cve/CVE-2023-6917.html * https://www.suse.com/security/cve/CVE-2024-3019.html * https://www.suse.com/security/cve/CVE-2024-45769.html * https://www.suse.com/security/cve/CVE-2024-45770.html * https://bugzilla.suse.com/show_bug.cgi?id=1069468 * https://bugzilla.suse.com/show_bug.cgi?id=1217783 * https://bugzilla.suse.com/show_bug.cgi?id=1217826 * https://bugzilla.suse.com/show_bug.cgi?id=1222121 * https://bugzilla.suse.com/show_bug.cgi?id=1222815 * https://bugzilla.suse.com/show_bug.cgi?id=1230551 * https://bugzilla.suse.com/show_bug.cgi?id=1230552 . SUSE Linux Micro has released urgent patches addressing several pcp security flaws, particularly issues related to remote command execution vulnerabilities.. pcp security,SUSE update,remote execution fix,local escalation. . Severity: Important. LinuxSecurity.com Team
Low: cups security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2025:0083", "synopsis": "Low: cups security update", "severity": "SEVERITY_LOW", "topic": "An update is available for cups.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems.\n\nSecurity Fix(es):\n\n* cups: libppd: remote command injection via attacker controlled data in PPD file (CVE-2024-47175)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2314256", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256", "description": ""}], "cves": [{"name": "CVE-2024-47175", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-47175", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}], "references": [], "publishedAt": "2025-01-11T02:01:22.576236Z", "rpms": {"Rocky Linux 8": {"nvras": ["cups-1:2.2.6-62.el8_10.aarch64.rpm", "cups-1:2.2.6-62.el8_10.src.rpm", "cups-1:2.2.6-62.el8_10.x86_64.rpm", "cups-client-1:2.2.6-62.el8_10.aarch64.rpm", "cups-client-1:2.2.6-62.el8_10.x86_64.rpm", "cups-client-debuginfo-1:2.2.6-62.el8_10.aarch64.rpm", "cups-client-debuginfo-1:2.2.6-62.el8_10.x86_64.rpm", "cups-debuginfo-1:2.2.6-62.el8_10.aarch64.rpm", "cups-debuginfo-1:2.2.6-62.el8_10.i686.rpm", "cups-debuginfo-1:2.2.6-62.el8_10.x86_64.rpm", "cups-debugsource-1:2.2.6-62.el8_10.aarch64.rpm", "cups-debugsource-1:2.2.6-62.el8_10.i686.rpm", "cups-debugsource-1:2.2.6-62.el8_10.x86_64.rpm", "cups-devel-1:2.2.6-62.el8_10.aarch64.rpm", "cups-devel-1:2.2.6-62.el8_10.i686.rpm","cups-devel-1:2.2.6-62.el8_10.x86_64.rpm", "cups-filesystem-1:2.2.6-62.el8_10.noarch.rpm", "cups-ipptool-1:2.2.6-62.el8_10.aarch64.rpm", "cups-ipptool-1:2.2.6-62.el8_10.x86_64.rpm", "cups-ipptool-debuginfo-1:2.2.6-62.el8_10.aarch64.rpm", "cups-ipptool-debuginfo-1:2.2.6-62.el8_10.x86_64.rpm", "cups-libs-1:2.2.6-62.el8_10.aarch64.rpm", "cups-libs-1:2.2.6-62.el8_10.i686.rpm", "cups-libs-1:2.2.6-62.el8_10.x86_64.rpm", "cups-libs-debuginfo-1:2.2.6-62.el8_10.aarch64.rpm", "cups-libs-debuginfo-1:2.2.6-62.el8_10.i686.rpm", "cups-libs-debuginfo-1:2.2.6-62.el8_10.x86_64.rpm", "cups-lpd-1:2.2.6-62.el8_10.aarch64.rpm", "cups-lpd-1:2.2.6-62.el8_10.x86_64.rpm", "cups-lpd-debuginfo-1:2.2.6-62.el8_10.aarch64.rpm", "cups-lpd-debuginfo-1:2.2.6-62.el8_10.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Cups security update for Rocky Linux enhances system safety against remote command injection threats.. cups update, Rocky Linux security, remote command execution, Linux security fix, security advisory. . Severity: Low. LinuxSecurity.com Team
Two vulnerabilities were found in Apache ActiveMQ, a Java-based message broker. CVE-2022-41678 . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3936-1
* bsc#1095184 * bsc#1118897 * bsc#1118898 * bsc#1118899 * bsc#1121850 . # Security update for etcd Announcement ID: SUSE-SU-2024:3656-1 Release Date: 2024-10-16T11:33:45Z Rating: moderate References: * bsc#1095184 * bsc#1118897 * bsc#1118898 * bsc#1118899 * bsc#1121850 * bsc#1174951 * bsc#1181400 * bsc#1183703 * bsc#1199031 * bsc#1208270 * bsc#1208297 * bsc#1210138 * bsc#1213229 * bsc#1217070 * bsc#1217950 * bsc#1218150 Cross-References: * CVE-2018-16873 * CVE-2018-16874 * CVE-2018-16875 * CVE-2018-16886 * CVE-2020-15106 * CVE-2020-15112 * CVE-2021-28235 * CVE-2022-41723 * CVE-2023-29406 * CVE-2023-47108 * CVE-2023-48795 CVSS scores: * CVE-2018-16873 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2018-16873 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2018-16873 ( NVD ): 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2018-16874 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2018-16874 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2018-16874 ( NVD ): 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2018-16875 ( SUSE ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2018-16875 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2018-16886 ( SUSE ): 6.8 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2018-16886 ( NVD ): 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2020-15106 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2020-15106 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2020-15112 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2020-15112 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-28235 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2021-28235 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-41723 ( SUSE ): 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-41723 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-29406 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-29406 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2023-47108 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-47108 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-48795 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-48795 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.5 * openSUSE Leap 15.6 An update that solves 11 vulnerabilities and has five security fixes can now be installed. ## Description: This update for etcd fixes the following issues: Update to version 3.5.12: Security fixes: * CVE-2018-16873: Fixed remote command execution in cmd/go (bsc#1118897) * CVE-2018-16874: Fixed directory traversal in cmd/go (bsc#1118898) * CVE-2018-16875: Fixed CPU denial of service in crypto/x509 (bsc#1118899) * CVE-2018-16886: Fixed improper authentication issue when RBAC and client- cert-auth is enabled (bsc#1121850) * CVE-2020-15106: Fixed panic in decodeRecord method (bsc#1174951) * CVE-2020-15112: Fixed improper checks in entry index (bsc#1174951) * CVE-2021-28235: Fixed information discosure via debug function (bsc#1210138) * CVE-2022-41723: Fixed quadratic complexity in HPACK decoding in net/http (bsc#1208270, bsc#1208297) * CVE-2023-29406: Fixed insufficient sanitization of Host header in go net/http (bsc#1213229) * CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (bsc#1217070) * CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (aka Terrapin Attack) in crypto/ssh (bsc#1217950, bsc#1218150) Other changes: * Added hardening to systemd service(s) (bsc#1181400) * Fixed static /tmp file issue (bsc#1199031) * Fixed systemd service not starting (bsc#1183703) Fullchangelog: https://github.com/etcd-io/etcd/compare/v3.3.1...v3.5.12 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3656=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-3656=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * etcdctl-3.5.12-150000.7.6.1 * etcd-3.5.12-150000.7.6.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * etcdctl-3.5.12-150000.7.6.1 * etcd-3.5.12-150000.7.6.1 ## References: * https://www.suse.com/security/cve/CVE-2018-16873.html * https://www.suse.com/security/cve/CVE-2018-16874.html * https://www.suse.com/security/cve/CVE-2018-16875.html * https://www.suse.com/security/cve/CVE-2018-16886.html * https://www.suse.com/security/cve/CVE-2020-15106.html * https://www.suse.com/security/cve/CVE-2020-15112.html * https://www.suse.com/security/cve/CVE-2021-28235.html * https://www.suse.com/security/cve/CVE-2022-41723.html * https://www.suse.com/security/cve/CVE-2023-29406.html * https://www.suse.com/security/cve/CVE-2023-47108.html * https://www.suse.com/security/cve/CVE-2023-48795.html * https://bugzilla.suse.com/show_bug.cgi?id=1095184 * https://bugzilla.suse.com/show_bug.cgi?id=1118897 * https://bugzilla.suse.com/show_bug.cgi?id=1118898 * https://bugzilla.suse.com/show_bug.cgi?id=1118899 * https://bugzilla.suse.com/show_bug.cgi?id=1121850 * https://bugzilla.suse.com/show_bug.cgi?id=1174951 * https://bugzilla.suse.com/show_bug.cgi?id=1181400 * https://bugzilla.suse.com/show_bug.cgi?id=1183703 * https://bugzilla.suse.com/show_bug.cgi?id=1199031 * https://bugzilla.suse.com/show_bug.cgi?id=1208270 * https://bugzilla.suse.com/show_bug.cgi?id=1208297 * https://bugzilla.suse.com/show_bug.cgi?id=1210138 *https://bugzilla.suse.com/show_bug.cgi?id=1213229 * https://bugzilla.suse.com/show_bug.cgi?id=1217070 * https://bugzilla.suse.com/show_bug.cgi?id=1217950 * https://bugzilla.suse.com/show_bug.cgi?id=1218150 . Apply the most recent SUSE etcd security patches to resolve various vulnerabilities while reinforcing overall system protection.. SUSE Security Patch, etcd Security Notice, openSUSE Update, etcd Fixes, SUSE Security Updates. . LinuxSecurity.com Team
Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the user opening a crafted document has access. The . MGASA-2024-0224 - Updated atril packages fix security vulnerability Publication date: 15 Jun 2024 URL: https://advisories.mageia.org/MGASA-2024-0224.html Type: security Affected Mageia releases: 9 CVE: CVE-2023-52076 Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the user opening a crafted document has access. The only limitation is that this vulnerability cannot be exploited to overwrite existing files, but that doesn't stop an attacker from achieving Remote Command Execution on the target system. (CVE-2023-52076) References: - https://bugs.mageia.org/show_bug.cgi?id=33282 - https://ubuntu.com/security/notices/USN-6808-1 - https://www.cve.org/CVERecord?id=CVE-2023-52076 SRPMS: - 9/core/atril-1.26.1-1.1.mga9 . Atril Document Viewer on Mageia receives crucial updates addressing a file write vulnerability that could potentially allow for Remote Code Execution.. Atril Document Viewer,Mageia Security,Path Traversal Fix,Remote Command Execution,Document Vulnerability. . Severity: Critical. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.