Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 0 articles for you...
202
security advisorymoderatebuffer overflowopenSUSE Tumbleweed Restic Moderate Alert CVE-2026-33814
An update that solves one vulnerability can now be installed.. # restic-0.18.1-3.1 on GA media Announcement ID: openSUSE-SU-2026:10912-1 Rating: moderate Cross-References: * CVE-2026-33814 CVSS scores: * CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the restic-0.18.1-3.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * restic 0.18.1-3.1 * restic-bash-completion 0.18.1-3.1 * restic-zsh-completion 0.18.1-3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33814.html . Moderate security advisory for openSUSE Tumbleweed addressing vulnerability in restic-0.18.1-3.1 package.. openSUSE,Tumbleweed,restic,security patch. . Severity: moderate. LinuxSecurity.com Team
Jun 03, 2026
•moderate
OpenSUSE
89
security advisoryfedoraimportantFedora 42: Crucial Restic Security Advisory CVE-2025-47910 Update
Update to 0.18.1. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-65fc438cba 2025-12-03 01:05:22.296763+00:00 -------------------------------------------------------------------------------- Name : restic Product : Fedora 42 Version : 0.18.1 Release : 1.fc42 URL : https://github.com/restic/restic Summary : Fast, secure, efficient backup program Description : Fast, secure, efficient backup program. restic supports the following backends for storing backups natively: * Local directory * sftp server (via SSH) * HTTP REST server (protocol, rest-server) * Amazon S3 (either from Amazon or using the Minio server) * OpenStack Swift * BackBlaze B2 * Microsoft Azure Blob Storage * Google Cloud Storage * And many other services via the rclone Backend -------------------------------------------------------------------------------- Update Information: Update to 0.18.1 -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 24 2025 Mikel Olasagasti Uranga - 0.18.1-1 - Update to 0.18.1 - Closes rhbz#2397204 rhbz2416773 * Fri Oct 10 2025 Alejandro Sez - 0.18.0-5 - rebuild * Fri Aug 15 2025 Maxwell G - 0.18.0-4 - Rebuild for golang-1.25.0 * Fri Jul 25 2025 Fedora Release Engineering - 0.18.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2398882 - CVE-2025-47910 restic: CrossOriginProtection bypass in net/http [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2398882 [ 2 ] Bug #2399561 - CVE-2025-47906 restic: Unexpected paths returned from LookPath in os/exec [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2399561 [ 3 ] Bug #2408090 - CVE-2025-58189 restic: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2408090 [ 4 ] Bug #2408687 - CVE-2025-61725 restic: Excessive CPU consumption in ParseAddress in net/mail [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2408687 [ 5 ] Bug #2409560 - CVE-2025-61723 restic: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2409560 [ 6 ] Bug #2410511 - CVE-2025-58185 restic: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2410511 [ 7 ] Bug #2411409 - CVE-2025-58188 restic: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2411409 [ 8 ] Bug #2412816 - CVE-2025-58183 restic: Unbounded allocation when parsing GNU sparse map [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2412816 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-65fc438cba' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Critical update for restic on Fedora 42 addressing multiple security issues, improve backup efficiency.. Fedora Security Advisory, Restic Backup Program, Fedora 42 Updates, Restic Security Issues. . Severity: Important. LinuxSecurity.com Team
Dec 03, 2025
•Important
Fedora
89
security advisoryfedoraimportantFedora 43: restic Important Security Update 2025:416c3b48b3
Update to 0.18.1. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-416c3b48b3 2025-12-03 00:52:00.122550+00:00 -------------------------------------------------------------------------------- Name : restic Product : Fedora 43 Version : 0.18.1 Release : 1.fc43 URL : https://github.com/restic/restic Summary : Fast, secure, efficient backup program Description : Fast, secure, efficient backup program. restic supports the following backends for storing backups natively: * Local directory * sftp server (via SSH) * HTTP REST server (protocol, rest-server) * Amazon S3 (either from Amazon or using the Minio server) * OpenStack Swift * BackBlaze B2 * Microsoft Azure Blob Storage * Google Cloud Storage * And many other services via the rclone Backend -------------------------------------------------------------------------------- Update Information: Update to 0.18.1 -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 24 2025 Mikel Olasagasti Uranga - 0.18.1-1 - Update to 0.18.1 - Closes rhbz#2397204 rhbz2416773 * Fri Oct 10 2025 Alejandro Sez - 0.18.0-5 - rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2408344 - CVE-2025-58189 restic: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2408344 [ 2 ] Bug #2408743 - CVE-2025-61725 restic: Excessive CPU consumption in ParseAddress in net/mail [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2408743 [ 3 ] Bug #2409817 - CVE-2025-61723 restic: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2409817 [ 4 ] Bug #2410767 - CVE-2025-58185 restic: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2410767 [ 5 ] Bug #2411663 - CVE-2025-58188 restic: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2411663 [ 6 ] Bug #2412599 - CVE-2025-58183 restic: Unbounded allocation when parsing GNU sparse map [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2412599 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-416c3b48b3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Update available for restic 0.18.1 in Fedora 43 correcting multiple important security issues related to CPU use and memory exhaustion.. restic update,Fedora 43,security threats,CPU consumption,backup program. . Severity: Important. LinuxSecurity.com Team
Dec 03, 2025
•Important
Fedora
202
security advisorymoderateupdateopenSUSE: 2025:0110-1 moderate: restic Advisory Security Update
An update that contains security fixes can now be installed. . openSUSE Security Update: Security update for restic ______________________________________________________________________________ Announcement ID: openSUSE-SU-2025:0110-1 Rating: moderate References: Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for restic fixes the following issues: Update to 0.18.0 - Sec #5291: Mitigate attack on content-defined chunking algorithm - Fix #1843: Correctly restore long filepaths' timestamp on old Windows - Fix #2165: Ignore disappeared backup source files - Fix #5153: Include root tree when searching using find --tree - Fix #5169: Prevent Windows VSS event log 8194 warnings for backup with fs snapshot - Fix #5212: Fix duplicate data handling in prune --max-unused - Fix #5249: Fix creation of oversized index by repair index --read-all-packs - Fix #5259: Fix rare crash in command output - Chg #4938: Update dependencies and require Go 1.23 or newer - Chg #5162: Promote feature flags - Enh #1378: Add JSON support to check command - Enh #2511: Support generating shell completions to stdout - Enh #3697: Allow excluding online-only cloud files (e.g. OneDrive) - Enh #4179: Add sort option to ls command - Enh #4433: Change default sort order for find output - Enh #4521: Add support for Microsoft Blob Storage access tiers - Enh #4942: Add snapshot summary statistics to rewritten snapshots - Enh #4948: Format exit errors as JSON when requested - Enh #4983: Add SLSA provenance to GHCR container images - Enh #5054: Enable compression for ZIP archives in dump command - Enh #5081: Add retry mechanism for loading repository config - Enh #5089: Allow including/excluding extended file attributes during restore - Enh#5092: Show count of deleted files and directories during restore - Enh #5109: Make small pack size configurable for prune - Enh #5119: Add start and end timestamps to backup JSON output - Enh #5131: Add DragonFlyBSD support - Enh #5137: Make tag command print which snapshots were modified - Enh #5141: Provide clear error message if AZURE_ACCOUNT_NAME is not set - Enh #5173: Add experimental S3 cold storage support - Enh #5174: Add xattr support for NetBSD 10+ - Enh #5251: Improve retry handling for flaky rclone backends - Enh #52897: Make recover automatically rebuild index when needed Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2025-110=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64): restic-0.18.0-bp156.2.6.1 - openSUSE Backports SLE-15-SP6 (noarch): restic-bash-completion-0.18.0-bp156.2.6.1 restic-zsh-completion-0.18.0-bp156.2.6.1 References: . Restic update for openSUSE addresses issues including a content-defined chunking attack mitigation and enhances file handling.. security, update, fixes, installed, opensuse. . LinuxSecurity.com Team
Mar 31, 2025
OpenSUSE
202
security advisorymoderateupdateopenSUSE: 2025:0091-1 moderate: restic Advisory Security Update
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for restic ______________________________________________________________________________ Announcement ID: openSUSE-SU-2025:0091-1 Rating: moderate References: #1239264 Cross-References: CVE-2025-22868 CVSS scores: CVE-2025-22868 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for restic fixes the following issues: - Fixed CVE-2025-22868: golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2 (boo#1239264) - Update to version 0.17.3 - Fix #4971: Fix unusable mount on macOS Sonoma - Fix #5003: Fix metadata errors during backup of removable disks on Windows - Fix #5101: Do not retry load/list operation if SFTP connection is broken - Fix #5107: Fix metadata error on Windows for backups using VSS - Enh #5096: Allow prune --dry-run without lock - Update to version 0.17.2 - Fix #4004: Support container-level SAS/SAT tokens for Azure backend - Fix #5047: Resolve potential error during concurrent cache cleanup - Fix #5050: Return error if tag fails to lock repository - Fix #5057: Exclude irregular files from backups - Fix #5063: Correctly backup extended metadata when using VSS on Windows - Update to version 0.17.1 - Fix #2004: Correctly handle volume names in backup command on Windows - Fix #4945: Include missing backup error text with --json - Fix #4953: Correctly handle long paths on older Windows versions - Fix #4957: Fix delayed cancellation of certain commands - Fix #4958: Don't ignore metadata-setting errors during restore - Fix #4969:Correctly restore timestamp for files with resource forks on macOS - Fix #4975: Prevent backup --stdin-from-command from panicking - Fix #4980: Skip extended attribute processing on unsupported Windows volumes - Fix #5004: Fix spurious "A Required Privilege Is Not Held by the Client" error - Fix #5005: Fix rare failures to retry locking a repository - Fix #5018: Improve HTTP/2 support for REST backend - Chg #4953: Also back up files with incomplete metadata - Enh #4795: Display progress bar for restore --verify - Enh #4934: Automatically clear removed snapshots from cache - Enh #4944: Print JSON-formatted errors during restore --json - Enh #4959: Return exit code 12 for "bad password" errors - Enh #4970: Make timeout for stuck requests customizable - Update to version 0.17.0 - Fix #3600: Handle unreadable xattrs in folders above backup source - Fix #4209: Fix slow SFTP upload performance - Fix #4503: Correct hardlink handling in stats command - Fix #4568: Prevent forget --keep-tags from deleting all snapshots - Fix #4615: Make find not sometimes ignore directories - Fix #4656: Properly report ID of newly added keys - Fix #4703: Shutdown cleanly when receiving SIGTERM - Fix #4709: Correct --no-lock handling of ls and tag commands - Fix #4760: Fix possible error on concurrent cache cleanup - Fix #4850: Handle UTF-16 password files in key command correctly - Fix #4902: Update snapshot summary on rewrite - Chg #956: Return exit code 10 and 11 for non-existing and locked repository - Chg #4540: Require at least ARMv6 for ARM binaries - Chg #4602: Deprecate legacy index format and s3legacy repository layout - Chg #4627: Redesign backend error handling to improve reliability - Chg #4707: Disable S3 anonymous authentication by default - Chg #4744: Include full key ID in JSON output of key list - Enh #662: Optionally skip snapshotcreation if nothing changed - Enh #693: Include snapshot size in snapshots output - Enh #805: Add bitrot detection to diff command - Enh #828: Improve features of the repair packs command - Enh #1786: Support repositories with empty password - Enh #2348: Add --delete option to restore command - Enh #3067: Add extended options to configure Windows Shadow Copy Service - Enh #3406: Improve dump performance for large files - Enh #3806: Optimize and make prune command resumable - Enh #4006: (alpha) Store deviceID only for hardlinks - Enh #4048: Add support for FUSE-T with mount on macOS - Enh #4251: Support reading backup from a command's standard output - Enh #4287: Support connection to rest-server using unix socket - Enh #4354: Significantly reduce prune memory usage - Enh #4437: Make check command create non-existent cache directory - Enh #4472: Support AWS Assume Role for S3 backend - Enh #4547: Add --json option to version command - Enh #4549: Add --ncdu option to ls command - Enh #4573: Support rewriting host and time metadata in snapshots - Enh #4583: Ignore s3.storage-class archive tiers for metadata - Enh #4590: Speed up mount command's error detection - Enh #4601: Add support for feature flags - Enh #4611: Back up more file metadata on Windows - Enh #4664: Make ls use message_type field in JSON output - Enh #4676: Make key command's actions separate sub-commands - Enh #4678: Add --target option to the dump command - Enh #4708: Back up and restore SecurityDescriptors on Windows - Enh #4733: Allow specifying --host via environment variable - Enh #4737: Include snapshot ID in reason field of forget JSON output - Enh #4764: Support forgetting all snapshots - Enh #4768: Allow specifying custom User-Agent for outgoing requests - Enh #4781: Add restore options to read include/exclude patterns from files - Enh #4807: SupportExtended Attributes on Windows NTFS - Enh #4817: Make overwrite behavior of restore customizable - Enh #4839: Add dry-run support to restore command for all the details see https://github.com/restic/restic/releases/tag/v0.17.0 or /usr/share/doc/packages/restic/CHANGELOG.md - Update to version 0.16.5 - Enh #4799: Add option to force use of Azure CLI credential - Enh #4873: Update dependencies - Update to version 0.16.4 This release works around and improves detection of a bug in the compression library used by restic. The resulting issue only happens when using restic 0.16.3 and the max compression level (the default auto and off compression levels are not affected), and when the source files being backed up have specific data in them to trigger the bug. If you use max compression, you can use restic check --read-data to make sure you're not affected. - Update to version 0.16.3 - Fix #4560: Improve errors for irregular files on Windows - Fix #4574: Support backup of deduplicated files on Windows again - Fix #4612: Improve error handling for rclone backend - Fix #4624: Correct restore progress information if an error occurs - Fix #4626: Improve reliability of restoring large files - Update to version 0.16.2 - Fix #4540: Restore ARMv5 support for ARM binaries - Fix #4545: Repair documentation build on Read the Docs - Update to version 0.16.1 A very long list of improvements for all the details see https://github.com/restic/restic/releases/tag/v0.16.1 It contains an important bug fix which prevents data corruption when compression is set to max. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2025-91=1 Package List: -openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64): restic-0.17.3-bp156.2.3.1 - openSUSE Backports SLE-15-SP6 (noarch): restic-bash-completion-0.17.3-bp156.2.3.1 restic-zsh-completion-0.17.3-bp156.2.3.1 References: https://www.suse.com/security/cve/CVE-2025-22868.html https://bugzilla.suse.com/1239264 . A security update for restic has been released, addressing CVE-2025-22868 in openSUSE, with a severity rating of moderate for users and admins. update, security, fixes, vulnerability, opensuse. . LinuxSecurity.com Team
Mar 15, 2025
OpenSUSE
202
security advisorymoderatesecurity issueopenSUSE: 2025:14874-1 moderate: restic-0.17.3-2.1 Advisory Security Update
An update that solves one vulnerability can now be installed.. # restic-0.17.3-2.1 on GA media Announcement ID: openSUSE-SU-2025:14874-1 Rating: moderate Cross-References: * CVE-2025-22868 CVSS scores: * CVE-2025-22868 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-22868 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the restic-0.17.3-2.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * restic 0.17.3-2.1 * restic-bash-completion 0.17.3-2.1 * restic-zsh-completion 0.17.3-2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-22868.html . Update available for openSUSE addressing moderate issues found in restic-0.17.3-2.1 related to access control.. update, solves, vulnerability, installed, restic-0, media, announ. . LinuxSecurity.com Team
Mar 12, 2025
OpenSUSE
89
security advisoryfedorasystem updateFedora 36: 2022-5038c3236c Moderate: Restic Security Advisory
Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- Update to latest commit as of 20220719 ---- Added Experimental: nebula clients can be configured. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-5038c3236c 2022-07-31 01:30:22.784813 --------------------------------------------------------------------------------Name : restic Product : Fedora 36 Version : 0.12.1 Release : 4.fc36 URL : https://github.com/restic/restic Summary : Fast, secure, efficient backup program Description : A backup program that is easy, fast, verifiable, secure, efficient and free. Backup destinations can be: *Local *SFTP *REST Server *Amazon S3 *Minio Server *OpenStack Swift *Backblaze B2 *Microsoft Azure Blob Storage *Google Cloud Storage *Other Services via rclone --------------------------------------------------------------------------------Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- Update to latest commit as of 20220719 ---- Added Experimental: nebula clients can be configured to act as relays for other nebula clients. Primarily useful when stubborn NATs make a direct tunnel impossible. (#678) Configuration option to report manually specified ip:ports to lighthouses. (#650) Windows arm64 build. (#638) punchy and most lighthouse config options now support hot reloading. (#649) Changed Build against go 1.18. (#656) Promoted routines config from experimental to supported feature. (#702) Dependencies updated. (#664) Fixed Packets destined for the same host thatsent it will be returned on MacOS. This matches the default behavior of other operating systems. (#501) unsafe_route configuration will no longer crash on Windows. (#648) A few panics that were introduced in 1.5.x. (#657, #658, #675) Security You can set listen.send_recv_error to control the conditions in which recv_error messages are sent. Sending these messages can expose the fact that Nebula is running on a host, but it speeds up re-handshaking. (#670) Removed x509 config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ----fix package dir listing ---- resolve build issues and list new shell completion files ---- Release of stargz snapshotter v0.12.0. Please see the release note for details: https://github.com/containerd/stargz-snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric --------------------------------------------------------------------------------ChangeLog: * Tue Jul 19 2022 Maxwell G - 0.12.1-4 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jul 30, 2022
Fedora
100
security advisorysecurity updateimportantSUSE: 2020:852-1 Important: CaaS Container Security Update
The container caasp/v4.5/velero-restic-restore-helper was updated. The following patches have been included in this update:. SUSE Container Update Advisory: caasp/v4.5/velero-restic-restore-helper ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2020:852-1 Container Tags : caasp/v4.5/velero-restic-restore-helper:1.4.2 , caasp/v4.5/velero-restic-restore-helper:1.4.2-rev2 , caasp/v4.5/velero-restic-restore-helper:1.4.2-rev2-build5.5.1 Container Release : 5.5.1 Severity : important Type : security References : 1011548 1100369 1104902 1109160 1118367 1118368 1128220 1142733 1146991 1153943 1153946 1154935 1156205 1157051 1158336 1158830 1161168 1161239 1165424 1165502 1167471 1170667 1170713 1170964 1171313 1171740 1171762 1172195 1172270 1172798 1172824 1172846 1172958 1173055 1173165 1173273 1173307 1173311 1173422 1173470 1173529 1173539 1173972 1173983 1174079 1174154 1174219 1174232 1174240 1174551 1174561 1174593 1174736 1174753 1174817 1174918 1174918 1174951 1175109 1175168 1175342 1175352 1175443 1175568 1175592 1175811 1175830 1175831 1175844 1176086 1176092 1176123 1176179 1176181 1176192 1176225 1176410 1176435 1176513 1176578 1176671 1176674 1176712 1176740 1176800 1176902 1176903 1176904 1177143 1177238 1177361 1177362 1177458 1177479 1177490 1177510 1177660 1177661 1177858 1177864 1178376 1178387 1178512 1178727 1178785 1179398 1179399 1179431 1179491 1179515 1179593 906079 935885 CVE-2017-3136 CVE-2018-5741 CVE-2019-6477 CVE-2020-13844 CVE-2020-15106 CVE-2020-15719 CVE-2020-1971 CVE-2020-24659 CVE-2020-24977 CVE-2020-25219CVE-2020-25692 CVE-2020-26154 CVE-2020-28196 CVE-2020-8027 CVE-2020-8029 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2020-8564 CVE-2020-8565 CVE-2020-8616 CVE-2020-8617 CVE-2020-8618 CVE-2020-8619 CVE-2020-8620 CVE-2020-8621 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 ----------------------------------------------------------------- The container caasp/v4.5/velero-restic-restore-helper was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2384-1 Released: Sat Aug 29 00:57:13 2020 Summary: Recommended update for e2fsprogs Type: recommended Severity: low References: 1170964 This update for e2fsprogs fixes the following issues: - Fix for an issue when system message with placeholders are not properly replaced. (bsc#1170964) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2411-1 Released: Tue Sep 1 13:28:47 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1142733,1146991,1158336,1172195,1172824,1173539 This update for systemd fixes the following issues: - Improve logging when PID1 fails at setting a namespace up when spawning a command specified by 'Exec*='. (bsc#1172824, bsc#1142733) pid1: improve message when setting up namespace fails. execute: let's close glibc syslog channels too. execute: normalize logging in *execute.c*. execute: fix typo in error message. execute: drop explicit *log_open()*/*log_close()* now that it is unnecessary. execute: make use of the new logging mode in *execute.c* log: add a mode where we open the log fds for every single log message. log: let's make use of the fact that our functions return the negative error code for *log_oom()* too. execute: downgrade a log message ERR → WARNING, since weproceed ignoring its result. execute: rework logging in *setup_keyring()* to include unit info. execute: improve and augment execution log messages. - vconsole-setup: downgrade log message when setting font fails on dummy console. (bsc#1172195 bsc#1173539) - fix infinite timeout. (bsc#1158336) - bpf: mount bpffs by default on boot. (bsc#1146991) - man: explain precedence for options which take a list. - man: unify titling, fix description of precedence in sysusers.d(5) - udev-event: fix timeout log messages. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2420-1 Released: Tue Sep 1 13:48:35 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1174551,1174736 This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2445-1 Released: Wed Sep 2 09:33:02 2020 Summary: Security update for curl Type: security Severity: moderate References: 1175109,CVE-2020-8231 This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2581-1 Released: Wed Sep 9 13:07:07 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1174154,CVE-2020-15719 This update for openldap2 fixes the following issues: - bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2612-1 Released: Fri Sep 11 11:18:01 2020 Summary: Security update for libxml2 Type: security Severity: moderate References: 1176179,CVE-2020-24977 This update for libxml2 fixes the following issues: - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2651-1 Released: Wed Sep 16 14:42:55 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1175811,1175830,1175831 This update for zlib fixes the following issues: - Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831) - Enable hardware compression on s390/s390x (jsc#SLE-13776) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2704-1 Released: Tue Sep 22 15:06:36 2020 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1174079 This update for krb5 fixes the following issue: - Fix prefix reported by krb5-config, libraries and headers are not installed under /usr/lib/mit prefix. (bsc#1174079) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2712-1 Released: Tue Sep 22 17:08:03 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1175568,CVE-2020-8027 This update for openldap2 fixes the following issues: - CVE-2020-8027: openldap_update_modules_path.sh starts daemons unconditionally and uses fixed paths in /tmp (bsc#1175568). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2819-1 Released: Thu Oct 1 10:39:16 2020 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1165424,1173273,1173529,1174240,1174561,1174918,1175342,1175592 This update for libzypp, zypper provides the following fixes: Changes in libzypp: - VendorAttr: Const-correct API and let Target provide its settings. (bsc#1174918) - Support buildnr with commit hash in purge-kernels. This adds special behaviour for when a kernel version has the rebuild counter before the kernel commit hash. (bsc#1175342) - Improve Italian translation of the 'breaking dependencies' message. (bsc#1173529) - Make sure reading from lsof does not block forever. (bsc#1174240) - Just collect details for the signatures found. Changes in zypper: - man: Enhance description of the global package cache. (bsc#1175592) - man: Point out that plain rpm packages are not downloaded to the global package cache. (bsc#1173273) - Directly list subcommands in 'zypper help'. (bsc#1165424) - Remove extern C block wrapping augeas.h as it breaks the build on Arch Linux. - Point out that plaindir repos do not follow symlinks. (bsc#1174561) - Fix help command for list-patches. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2852-1 Released: Fri Oct 2 16:55:39 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1173470,1175844 This update for openssl-1_1 fixes the following issues: FIPS: * Include ECDH/DH Requirements from SP800-56Arev3 (bsc#1175844, bsc#1173470). * Add shared secret KAT to FIPS DH selftest (bsc#1175844). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2864-1 Released: Tue Oct 6 10:34:14 2020 Summary: Security update for gnutls Type: security Severity: moderate References: 1176086,1176181,1176671,CVE-2020-24659 This update for gnutls fixes the following issues: - Fix heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659 bsc#1176181) - FIPS: Implement (EC)DH requirements from SP800-56Arev3 (bsc#1176086) - FIPS: Use 2048 bit prime in DHselftest (bsc#1176086) - FIPS: Add TLS KDF selftest (bsc#1176671) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2869-1 Released: Tue Oct 6 16:13:20 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1011548,1153943,1153946,1161239,1171762 This update for aaa_base fixes the following issues: - DIR_COLORS (bug#1006973): - add screen.xterm-256color - add TERM rxvt-unicode-256color - sort and merge TERM entries in etc/DIR_COLORS - check for Packages.db and use this instead of Packages. (bsc#1171762) - Rename path() to _path() to avoid using a general name. - refresh_initrd call modprobe as /sbin/modprobe (bsc#1011548) - etc/profile add some missing ;; in case esac statements - profile and csh.login: on s390x set TERM to dumb on dumb terminal (bsc#1153946) - backup-rpmdb: exit if zypper is running (bsc#1161239) - Add color alias for ip command (jsc#sle-9880, jsc#SLE-7679, bsc#1153943) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2893-1 Released: Mon Oct 12 14:14:55 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1177479 This update for openssl-1_1 fixes the following issues: - Restore private key check in EC_KEY_check_key (bsc#1177479) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2901-1 Released: Tue Oct 13 14:22:43 2020 Summary: Security update for libproxy Type: security Severity: important References: 1176410,1177143,CVE-2020-25219,CVE-2020-26154 This update for libproxy fixes the following issues: - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410). - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2914-1 Released: Tue Oct 13 17:25:20 2020 Summary: Security updatefor bind Type: security Severity: moderate References: 1100369,1109160,1118367,1118368,1128220,1156205,1157051,1161168,1170667,1170713,1171313,1171740,1172958,1173307,1173311,1173983,1175443,1176092,1176674,906079,CVE-2017-3136,CVE-2018-5741,CVE-2019-6477,CVE-2020-8616,CVE-2020-8617,CVE-2020-8618,CVE-2020-8619,CVE-2020-8620,CVE-2020-8621,CVE-2020-8622,CVE-2020-8623,CVE-2020-8624 This update for bind fixes the following issues: BIND was upgraded to version 9.16.6: Note: - bind is now more strict in regards to DNSSEC. If queries are not working, check for DNSSEC issues. For instance, if bind is used in a namserver forwarder chain, the forwarding DNS servers must support DNSSEC. Fixing security issues: - CVE-2020-8616: Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server. (bsc#1171740) Address records are limited to 4 for any domain. - CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an assertion failure. (bsc#1171740) - CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass the tcp-clients limit (bsc#1157051). - CVE-2018-5741: Fixed the documentation (bsc#1109160). - CVE-2020-8618: It was possible to trigger an INSIST when determining whether a record would fit into a TCP message buffer (bsc#1172958). - CVE-2020-8619: It was possible to trigger an INSIST in lib/dns/rbtdb.c:new_reference() with a particular zone content and query patterns (bsc#1172958). - CVE-2020-8624: 'update-policy' rules of type 'subdomain' were incorrectly treated as 'zonesub' rules, which allowed keys used in 'subdomain' rules to update names outside of the specified subdomains. The problem was fixed by making sure 'subdomain' rules are again processed as described in the ARM (bsc#1175443). - CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determiningthe number of bits in the PKCS#11 RSA public key with a specially crafted packet (bsc#1175443). - CVE-2020-8621: named could crash in certain query resolution scenarios where QNAME minimization and forwarding were both enabled (bsc#1175443). - CVE-2020-8620: It was possible to trigger an assertion failure by sending a specially crafted large TCP DNS message (bsc#1175443). - CVE-2020-8622: It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request (bsc#1175443). Other issues fixed: - Add engine support to OpenSSL EdDSA implementation. - Add engine support to OpenSSL ECDSA implementation. - Update PKCS#11 EdDSA implementation to PKCS#11 v3.0. - Warn about AXFR streams with inconsistent message IDs. - Make ISC rwlock implementation the default again. - Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168) - Installed the default files in /var/lib/named and created chroot environment on systems using transactional-updates (bsc#1100369, fate#325524) - Fixed an issue where bind was not working in FIPS mode (bsc#906079). - Fixed dependency issues (bsc#1118367 and bsc#1118368). - GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205). - Fixed an issue with FIPS (bsc#1128220). - The liblwres library is discontinued upstream and is no longer included. - Added service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713). - Reject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE. - The default value of 'max-stale-ttl' has been changed from 1 week to 12 hours. - Zone timers are now exported via statistics channel. - The 'primary' and 'secondary' keywords, when used as parameters for 'check-names', were not processed correctly and were being ignored. - 'rndc dnstap -roll ' did not limit the number of saved files to . - Add 'rndc dnssec -status' command. - Addressed a couple of situations where named couldcrash. - Changed /var/lib/named to owner root:named and perms rwxrwxr-t so that named, being a/the only member of the 'named' group has full r/w access yet cannot change directories owned by root in the case of a compromized named. [bsc#1173307, bind-chrootenv.conf] - Added '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983). - Removed '-r /dev/urandom' from all invocations of rndc-confgen (init/named system/lwresd.init system/named.init in vendor-files) as this option is deprecated and causes rndc-confgen to fail. (bsc#1173311, bsc#1176674, bsc#1170713) - /usr/bin/genDDNSkey: Removing the use of the -r option in the call of /usr/sbin/dnssec-keygen as BIND now uses the random number functions provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as a source of randomness rather than /dev/random. Therefore the -r command line option no longer has any effect on dnssec-keygen. Leaving the option in genDDNSkey as to not break compatibility. Patch provided by Stefan Eisenwiener. [bsc#1171313] - Put libns into a separate subpackage to avoid file conflicts in the libisc subpackage due to different sonums (bsc#1176092). - Require /sbin/start_daemon: both init scripts, the one used in systemd context as well as legacy sysv, make use of start_daemon. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2947-1 Released: Fri Oct 16 15:23:07 2020 Summary: Security update for gcc10, nvptx-tools Type: security Severity: moderate References: 1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844 This update for gcc10, nvptx-tools fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can specify them via: CC=gcc-10 CXX=g++-10 or similarcommands. For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html Changes in nvptx-tools: - Enable build on aarch64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2958-1 Released: Tue Oct 20 12:24:55 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 This update for procps fixes the following issues: - Fixes an issue when command 'ps -C' does not allow anymore an argument longer than 15 characters. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2983-1 Released: Wed Oct 21 15:03:03 2020 Summary: Recommended update for file Type: recommended Severity: moderate References: 1176123 This update for file fixes the following issues: - Fixes an issue when file displays broken 'ELF' interpreter. (bsc#1176123) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3048-1 Released: Tue Oct 27 16:04:52 2020 Summary: Recommended update for libsolv, libzypp, yaml-cpp, zypper Type: recommended Severity: moderate References: 1174918,1176192,1176435,1176712,1176740,1176902,1177238,935885 This update for libsolv, libzypp, yaml-cpp, zypper fixes the following issues: libzypp was updated to 17.25.1: - When kernel-rt has been installed, the purge-kernels service fails during boot. (bsc#1176902) - Use package name provides as group key in purge-kernel (bsc#1176740 bsc#1176192) kernel-default-base has new packaging, where the kernel uname -r does not reflect the full package version anymore. This patch adds additional logic to use the most generic/shortest edition each package provides with %{packagename}= to group the kernel packages instead of the rpm versions. This also changes how the keep-spec for specific versions is applied, instead of matching the package versions, each of the package name provides will be matched. - RepoInfo: Returnthe type of the local metadata cache as fallback (bsc#1176435) - VendorAttr: Fix broken 'suse,opensuse' equivalence handling. Enhance API and testcases. (bsc#1174918) - Update docs regarding 'opensuse' namepace matching. - Link against libzstd to close libsolvs open references (as we link statically) yaml-cpp: - The libyaml-cpp0_6 library package is added the to the Basesystem module, LTSS and ESPOS channels, and the INSTALLER channels, as a new libzypp dependency. No source changes were done to yaml-cpp. zypper was updated to 1.14.40: - info: Assume descriptions starting with ' ' are richtext (bsc#935885) - help: prevent 'whatis' from writing to stderr (bsc#1176712) - wp: point out that command is aliased to a search command and searches case-insensitive (jsc#SLE-16271) libsolv was updated to 0.7.15 to fix: - make testcase_mangle_repo_names deal correctly with freed repos [bsc#1177238] - fix deduceq2addedmap clearing bits outside of the map - conda: feature depriorization first - conda: fix startswith implementation - move find_update_seeds() call in cleandeps calculation - set SOLVABLE_BUILDHOST in rpm and rpmmd parsers- new testcase_mangle_repo_names() function - new solv_fmemopen() function ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3138-1 Released: Tue Nov 3 12:14:03 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1104902,1154935,1165502,1167471,1173422,1176513,1176800 This update for systemd fixes the following issues: - seccomp: shm{get,at,dt} now have their own numbers everywhere (bsc#1173422) - test-seccomp: log function names - test-seccomp: add log messages when skipping tests - basic/virt: Detect PowerVM hypervisor (bsc#1176800) - fs-util: suppress world-writable warnings if we read /dev/null - udevadm: rename option '--log-priority' into '--log-level' - udev: rename kernel option 'log_priority' into 'log_level' - fstab-generator: add 'nofail' when NFS 'bg'option is used (bsc#1176513) - Fix memory protection default (bsc#1167471) - cgroup: Support 0-value for memory protection directives and accepts MemorySwapMax=0 (bsc#1154935) - Improve latency and reliability when users log in/out (bsc#1104902, bsc#1165502) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3157-1 Released: Wed Nov 4 15:37:05 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1177864 This update for ca-certificates-mozilla fixes the following issues: The SSL Root CA store was updated to the 2.44 state of the Mozilla NSS Certificate store (bsc#1177864) - Removed CAs: - EE Certification Centre Root CA - Taiwan GRCA - Added CAs: - Trustwave Global Certification Authority - Trustwave Global ECC P256 Certification Authority - Trustwave Global ECC P384 Certification Authority ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3290-1 Released: Wed Nov 11 12:25:32 2020 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1174232 This update for findutils fixes the following issues: - Do not unconditionally use leaf optimization for NFS. (bsc#1174232) NFS st_nlink are not accurate on all implementations, leading to aborts() if that assumption is made. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3313-1 Released: Thu Nov 12 16:07:37 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1178387,CVE-2020-25692 This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3377-1 Released: Thu Nov 19 09:29:32 2020 Summary: Security update forkrb5 Type: security Severity: moderate References: 1178512,CVE-2020-28196 This update for krb5 fixes the following security issue: - CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3381-1 Released: Thu Nov 19 10:53:38 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1177458,1177490,1177510 This update for systemd fixes the following issues: - build-sys: optionally disable support of journal over the network (bsc#1177458) - ask-password: prevent buffer overflow when reading from keyring (bsc#1177510) - mount: don't propagate errors from mount_setup_unit() further up - Rely on the new build option --disable-remote for journal_remote This allows to drop the workaround that consisted in cleaning journal-upload files and {sysusers.d,tmpfiles.d}/systemd-remote.conf manually when 'journal_remote' support was disabled. - Move journal-{remote,upload}.conf.5.gz man pages into systemd-journal_remote sub package - Make sure {sysusers.d,tmpfiles.d}/systemd-remote.conf are not shipped with --without=journal_remote (bsc#1177458) These files were incorrectly packaged in the main package when systemd-journal_remote was disabled. - Make use of %{_unitdir} and %{_sysusersdir} - Remove mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3462-1 Released: Fri Nov 20 13:14:35 2020 Summary: Recommended update for pam and sudo Type: recommended Severity: moderate References: 1174593,1177858,1178727 This update for pam and sudo fixes the following issue: pam: - pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858) - Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727) - Run /usr/bin/xauth usingthe old user's and group's identifiers. (bsc#1174593) sudo: - Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3581-1 Released: Tue Dec 1 14:40:22 2020 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1178376 This update for libusb-1_0 fixes the following issues: - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3620-1 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least ` ` characters length in some form. This is enabled by the new parameter `usersubstr= ` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3626-1 Released: Fri Dec 4 13:51:46 2020 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1179515 This update for audit fixes the following issues: - Enable Aarch64 processor support. (bsc#1179515) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3703-1 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1179431 This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3721-1 Released: Wed Dec 9 13:36:46 2020 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1179491,CVE-2020-1971 This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3735-1 Released: Wed Dec 9 18:19:24 2020 Summary: Security update for curl Type: security Severity: moderate References: 1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286 This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3761-1 Released: Fri Dec 11 13:29:49 2020 Summary: Security changes in Kubernetes, etcd, and skuba; Bugfix in cri-o package and make helm3 the default helm Type: security Severity: important References: 1172270,1173055,1173165,1174219,1174951,1175352,1176225,1176578,1176903,1176904,1177361,1177362,1177660,1177661,1178785,CVE-2020-15106,CVE-2020-8029,CVE-2020-8564,CVE-2020-8565 == Kubernetes & etcd (Security fixes) This fix involves an upgrade of Kubernetes and some add-ons. See https://documentation.suse.com:443/en-us/suse-caasp/4.5/ for the upgrade procedure. == Skuba (Security fixes) & helm3 becomes the default helm In order to update skuba and helm or helm 3, you need to update the management workstation. See detailed instructions at https://documentation.suse.com:443/en-us/suse-caasp/4.5/ . Canonical issues critical security patch for k8s/1.22/velero-backup-tool resolving various vulnerabilities.. SUSE CaaS Security Update, Velero Restore Helper, Kubernetes Container Updates. . Severity: Important. LinuxSecurity.com Team
Dec 12, 2020
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!