Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 0 articles for you...
89
security advisorycriticalFedoraFedora 40: 2025-935f8882e4 critical Java Runtime Security Update
January CPU 2025. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-935f8882e4 2025-02-07 01:44:12.172409+00:00 -------------------------------------------------------------------------------- Name : java-1.8.0-openjdk Product : Fedora 40 Version : 1.8.0.442.b06 Release : 1.fc40 URL : https://openjdk.org/ Summary : OpenJDK 8 Runtime Environment Description : The OpenJDK 8 runtime environment. -------------------------------------------------------------------------------- Update Information: January CPU 2025 -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 28 2025 Jiri Vanek - 1:1.8.0.442.b06-1 - january cpu 2025 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-935f8882e4' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Feb 07, 2025
•Critical
Fedora
199
security advisorysecurity fixmoderate severityCentOS: CESA-2023-5761 moderate: Java runtime security update
Upstream details at : https://access.redhat.com/errata/RHSA-2023:5761. CentOS Errata and Security Advisory 2023:5761 Moderate Upstream details at : https://access.redhat.com/errata/RHSA-2023:5761 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 40afa7c237d384eb15a196fb651eecd913e28b743ba7734e05849c45323ff597 java-1.8.0-openjdk-1.8.0.392.b08-2.el7_9.i686.rpm 230daa889ac4a0bede450aeb0258b6c9db6746486271506eb2037b877bbce588 java-1.8.0-openjdk-1.8.0.392.b08-2.el7_9.x86_64.rpm f676e5412e87446863b10f16b82807f5a4324279353554edb7aeb3cfa9143061 java-1.8.0-openjdk-accessibility-1.8.0.392.b08-2.el7_9.i686.rpm 0150773cdef45797820d481008b2e7297bc32060b190f3493a27354e52ffb8ba java-1.8.0-openjdk-accessibility-1.8.0.392.b08-2.el7_9.x86_64.rpm dc1cfb04b799c30dca02faae2f75f5cc94d83b63b11cf8e7acb33ed1b252117f java-1.8.0-openjdk-demo-1.8.0.392.b08-2.el7_9.i686.rpm 1a73f880c24703aeacd0795c62a4ddd8fe4db2ca199a961180176c9713e3fdf2 java-1.8.0-openjdk-demo-1.8.0.392.b08-2.el7_9.x86_64.rpm 6e70e53e5187df893930a8cf3cec44c126d94196925b1a43fa27f481acdeb5bb java-1.8.0-openjdk-devel-1.8.0.392.b08-2.el7_9.i686.rpm 76640b341c1b50d068385f178412bff6541f41c567500e0f8e16463cdeb30c40 java-1.8.0-openjdk-devel-1.8.0.392.b08-2.el7_9.x86_64.rpm f5e02cd3cf204b648c7dd511674fd8b54070efe7521303ff43080cfcb8b074a3 java-1.8.0-openjdk-headless-1.8.0.392.b08-2.el7_9.i686.rpm 13c47236e82fe68997766cf6d15ce0201350f4f534beee1f7e77dbee3e461cf0 java-1.8.0-openjdk-headless-1.8.0.392.b08-2.el7_9.x86_64.rpm c253a31b070bc89bcd355eeb3c549a299fb205b9c6badcc9d3e7254057f26ef3 java-1.8.0-openjdk-javadoc-1.8.0.392.b08-2.el7_9.noarch.rpm 5d35f8e8e692daf8ad4f89ccba227841148704f4f1a52d100f8d5555f6e2c562 java-1.8.0-openjdk-javadoc-zip-1.8.0.392.b08-2.el7_9.noarch.rpm a9b3782c3c170d426ed6352d73a207121cb78d86ee04aff09e0065659d0cddb7 java-1.8.0-openjdk-src-1.8.0.392.b08-2.el7_9.i686.rpm ab64f5672ee9bcce92e16118c4c13b43b53597bb1ec2a50445c04cb3b9eeef74 java-1.8.0-openjdk-src-1.8.0.392.b08-2.el7_9.x86_64.rpm Source: 1d697aa74d1e3fc0c18daf120fd98c22af5ea98383ba0ef5532eb0a9bced5665 java-1.8.0-openjdk-1.8.0.392.b08-2.el7_9.src.rpm -- Johnny Hughes CentOS Project { https://www.centos.org/ } irc: hughesjr, #
Jan 12, 2024
CentOS
217
security advisorysoftware patchcritical patchOracle Linux 9 ELSA-2023-7256 critical: .NET runtime update
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2023-7255 https://linux.oracle.com/errata/ELSA-2023-7255.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: aspnetcore-runtime-7.0-7.0.14-1.0.1.el9_3.x86_64.rpm aspnetcore-targeting-pack-7.0-7.0.14-1.0.1.el9_3.x86_64.rpm dotnet-apphost-pack-7.0-7.0.14-1.0.1.el9_3.x86_64.rpm dotnet-host-7.0.14-1.0.1.el9_3.x86_64.rpm dotnet-hostfxr-7.0-7.0.14-1.0.1.el9_3.x86_64.rpm dotnet-runtime-7.0-7.0.14-1.0.1.el9_3.x86_64.rpm dotnet-sdk-7.0-7.0.114-1.0.1.el9_3.x86_64.rpm dotnet-targeting-pack-7.0-7.0.14-1.0.1.el9_3.x86_64.rpm dotnet-templates-7.0-7.0.114-1.0.1.el9_3.x86_64.rpm netstandard-targeting-pack-2.1-7.0.114-1.0.1.el9_3.x86_64.rpm dotnet-sdk-7.0-source-built-artifacts-7.0.114-1.0.1.el9_3.x86_64.rpm aarch64: aspnetcore-runtime-7.0-7.0.14-1.0.1.el9_3.aarch64.rpm aspnetcore-targeting-pack-7.0-7.0.14-1.0.1.el9_3.aarch64.rpm dotnet-apphost-pack-7.0-7.0.14-1.0.1.el9_3.aarch64.rpm dotnet-host-7.0.14-1.0.1.el9_3.aarch64.rpm dotnet-hostfxr-7.0-7.0.14-1.0.1.el9_3.aarch64.rpm dotnet-runtime-7.0-7.0.14-1.0.1.el9_3.aarch64.rpm dotnet-sdk-7.0-7.0.114-1.0.1.el9_3.aarch64.rpm dotnet-targeting-pack-7.0-7.0.14-1.0.1.el9_3.aarch64.rpm dotnet-templates-7.0-7.0.114-1.0.1.el9_3.aarch64.rpm dotnet-sdk-7.0-source-built-artifacts-7.0.114-1.0.1.el9_3.aarch64.rpm netstandard-targeting-pack-2.1-7.0.114-1.0.1.el9_3.aarch64.rpm SRPMS: Related CVEs: CVE-2023-36049 CVE-2023-36558 Description of changes: [7.0.114-1.0.1] - Update to .NET SDK 7.0.114 and Runtime 7.0.14 _______________________________________________ El-errata mailing list
Nov 29, 2023
•Critical
Oracle
98
security advisorysecurity updateRed HatRedHat RHSA-2023-3374-01 Moderate Migration Toolkit Denial of Service
Migration Toolkit for Runtimes 1.1.0 release Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Migration Toolkit for Runtimes security update Advisory ID: RHSA-2023:3374-01 Product: Migration Toolkit for Runtimes Advisory URL: https://access.redhat.com/errata/RHSA-2023:3374 Issue date: 2023-05-31 CVE Names: CVE-2022-37603 CVE-2022-41881 ==================================================================== 1. Summary: Migration Toolkit for Runtimes 1.1.0 release Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Migration Toolkit for Runtimes 1.1.0 ZIP artifacts Security Fix(es): * loader-utils: Regular expression denial of service (CVE-2022-37603) * codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2140597 - CVE-2022-37603 loader-utils:Regular expression denial of service 2153379 - CVE-2022-41881 codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS 5.References: https://access.redhat.com/security/cve/CVE-2022-37603 https://access.redhat.com/security/cve/CVE-2022-41881 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=migration.toolkit.runtimes&downloadType=distributions 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZHsCbdzjgjWX9erEAQjmKg/+JdODxrKY7Y7MNYtIWlDNWkLW/H+spNql bl+h7icTnTiBgbeCXEl9/g8C6HLJZHJ2nYj+av5qSV3kgbYLyLexa6SiY/dd/fCB XpPmWFaOx9i2yYtGXMsDLUc0OAW2mE4Z7F9VuiXuJyU6BtMIOeQ2DR+SfFZ3RpSR 5W1SCUiR2FnNIqyAteTZ6CEQKa7VbZGMUdW1oBhFqN0ThThIY7Ao+BBmspnQtMUW JakuaYwW6qbEtEnKxhhYi598e0X5Mkv2eNnXKkWpE9r6kzLp+RlerRDzvxNFFa2H Wu3mGWzx4sA9/7YxAu13PS9185WISUHeWr022M2JWJzcV/tN67F0N3QgYsGH+gyb pHpcFRg5V/m/xlOhZuz8a0d0IfbRqgd3F32b0LaYpw7rSrfz5+9KeHVCM9aU9hII Wn3+sHlIIGdlnWGGKCXuLiDIqVyaqDzb/a3HgQ3JHSE5vWyTQ19CFUYotrx4EjTH FgbPyou4IOfcoNS5oPRFTFCG0OMSdAOYwFv0G4kIKTf/PLHPGnK+0+8htKmXbb0S lugcu/oGz/ultxYSGiOivh8B6Wk9AXoulxV3iZBjTUacBSyaHUAQ86t6GN+RHCqs 6ydFkk/Qw9oflGbndDMELaThIzHZXFg6UoOSMb4dDmBiU/FFL7ab1p9MslGjIAh5 3KmwYDRd4d0=Ev0R -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 03, 2023
Red Hat
98
security advisoryred hatimportant updateRedHat 2023 Important Advisory: Migration Toolkit Update Critical Threat
An update is now available for Migration Toolkit for Runtimes (v1.0.1). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Migration Toolkit for Runtimes security update Advisory ID: RHSA-2023:0470-01 Product: Migration Toolkit for Runtimes Advisory URL: https://access.redhat.com/errata/RHSA-2023:0470 Issue date: 2023-01-26 CVE Names: CVE-2016-3709 CVE-2020-35525 CVE-2020-35527 CVE-2021-46848 CVE-2022-0561 CVE-2022-0562 CVE-2022-0865 CVE-2022-0891 CVE-2022-0908 CVE-2022-0909 CVE-2022-0924 CVE-2022-1304 CVE-2022-1355 CVE-2022-1471 CVE-2022-2509 CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 CVE-2022-22662 CVE-2022-22844 CVE-2022-25308 CVE-2022-25309 CVE-2022-25310 CVE-2022-26700 CVE-2022-26709 CVE-2022-26710 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-27404 CVE-2022-27405 CVE-2022-27406 CVE-2022-30293 CVE-2022-35737 CVE-2022-37434 CVE-2022-42898 CVE-2022-42920 ==================================================================== 1. Summary: An update is now available for Migration Toolkit for Runtimes (v1.0.1). Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Security Fix(es): * mtr-web-container: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920) For more detailsabout the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2142707 - CVE-2022-42920 Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing 5.References: https://access.redhat.com/security/cve/CVE-2016-3709 https://access.redhat.com/security/cve/CVE-2020-35525 https://access.redhat.com/security/cve/CVE-2020-35527 https://access.redhat.com/security/cve/CVE-2021-46848 https://access.redhat.com/security/cve/CVE-2022-0561 https://access.redhat.com/security/cve/CVE-2022-0562 https://access.redhat.com/security/cve/CVE-2022-0865 https://access.redhat.com/security/cve/CVE-2022-0891 https://access.redhat.com/security/cve/CVE-2022-0908 https://access.redhat.com/security/cve/CVE-2022-0909 https://access.redhat.com/security/cve/CVE-2022-0924 https://access.redhat.com/security/cve/CVE-2022-1304 https://access.redhat.com/security/cve/CVE-2022-1355 https://access.redhat.com/security/cve/CVE-2022-1471 https://access.redhat.com/security/cve/CVE-2022-2509 https://access.redhat.com/security/cve/CVE-2022-22624 https://access.redhat.com/security/cve/CVE-2022-22628 https://access.redhat.com/security/cve/CVE-2022-22629 https://access.redhat.com/security/cve/CVE-2022-22662 https://access.redhat.com/security/cve/CVE-2022-22844 https://access.redhat.com/security/cve/CVE-2022-25308 https://access.redhat.com/security/cve/CVE-2022-25309 https://access.redhat.com/security/cve/CVE-2022-25310 https://access.redhat.com/security/cve/CVE-2022-26700 https://access.redhat.com/security/cve/CVE-2022-26709 https://access.redhat.com/security/cve/CVE-2022-26710 https://access.redhat.com/security/cve/CVE-2022-26716 https://access.redhat.com/security/cve/CVE-2022-26717 https://access.redhat.com/security/cve/CVE-2022-26719 https://access.redhat.com/security/cve/CVE-2022-27404 https://access.redhat.com/security/cve/CVE-2022-27405 https://access.redhat.com/security/cve/CVE-2022-27406 https://access.redhat.com/security/cve/CVE-2022-30293 https://access.redhat.com/security/cve/CVE-2022-35737 https://access.redhat.com/security/cve/CVE-2022-37434 https://access.redhat.com/security/cve/CVE-2022-42898 https://access.redhat.com/security/cve/CVE-2022-42920 https://access.redhat.com/security/updates/classification#important 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY9Krl9zjgjWX9erEAQiQHw//SmAuCEyNB48pniqYtBPEMYXC0GPv8GjR nCJh3aREXvSIeWV58A1mJAkrPDYCEUh87Lm1Tdsn2m7qUWWYTLlZL7PHGHIu3EiB kqQv4PyExh9ww5Z7vDVbj2s70hF6Swx1u5Q9v/tdEKVkjw7MbfiWddhFhJz26goN CwgOwO0AMnyXC35R6MRUPIv4FXm9l/delQ46BRY60d3MWHrnAU8o3oolzyfLQz/w iZcQiweM/DB3kY80GJesr/hlfPAtUsH7lc1tjSk6BQfncYDfZLtJfwfFJF2cnGi1 2o7wv7VM/HKku+LBlUQivF9NIDm5NctgjMUfsYjZcqGYcQBZgPOZVBwMh+dWDvHb Dy3BU+AvuNHF2fRqsEr1t87zEOjoiO9729Q8vMeCTKdgQLJ0cg8P/6TaQoylW1A8 N6mduFALHe9HA+Xg0narJQVmVyh9yVpinc+HRAVtCzBmU81jKrmwKMv3T2s+CeXO TJz8Pt0A2E9z1oB+cxBNbJTHFwqAr+BU/GFuFWuf85/DIUk7IwDkvh+7e7eMHLKw qe4sIwt5O3l6g5/GFjfk6mmfwpb2kpbWGmdhzXSvlSHneZTCh+1vXEFANFLQn7IY zD2uFBFCnAtwVXZNrIoMs1u9/i1CWM02/NmEKp+Sbay3PVbam8YJmsFw8EGXAKuI PDYlpa0DcLU=wl80 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jan 26, 2023
•Important
Red Hat
100
security advisorybuffer overflowSUSE LinuxSUSE Linux: 2022:0062-2 Critical: OpenEXR Buffer Overflow
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for openexr ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0062-2 Rating: important References: #1194333 Cross-References: CVE-2021-45942 CVSS scores: CVE-2021-45942 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45942 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openexr fixes the following issues: - CVE-2021-45942: Fixed heap-based buffer overflow in Imf_3_1:LineCompositeTask:execute. (bsc#1194333) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-62=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libIlmImf-2_2-23-2.2.1-3.41.1 libIlmImf-2_2-23-debuginfo-2.2.1-3.41.1 libIlmImfUtil-2_2-23-2.2.1-3.41.1 libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.41.1 openexr-debuginfo-2.2.1-3.41.1 openexr-debugsource-2.2.1-3.41.1 openexr-devel-2.2.1-3.41.1 References: https://www.suse.com/security/cve/CVE-2021-45942.html https://bugzilla.suse.com/1194333 . SUSE has released a security patch for openexr that resolves a critical buffer overflow vulnerability. Make sure your system is updated immediately.. SUSE Linux, OpenEXR, Security Patch, Critical Update, Buffer Overflow. . Severity: Important. LinuxSecurity.com Team
Feb 14, 2022
•Important
SuSE
98
security advisorysecurity updateRed HatOpen Liberty 21.0.0.6: RHSA-2021:2439-01 Critical: CSRF Vulnerability Fixes
Open Liberty 21.0.0.6 Runtime is now available from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Open Liberty 21.0.0.6 Runtime security update Advisory ID: RHSA-2021:2439-01 Product: Open Liberty Advisory URL: https://access.redhat.com/errata/RHSA-2021:2439 Issue date: 2021-06-15 ==================================================================== 1. Summary: Open Liberty 21.0.0.6 Runtime is now available from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Open Liberty is a lightweight open framework for building fast and efficient cloud-native Java microservices. This release of Open Liberty 21.0.0.6 serves as a replacement for Open Liberty 21.0.0.3, and includes a security fix and enhancements. For specific information about this release, see links in the References section. Security Fix(es): * myfaces: Cross-site request forgery vulnerability in Apache MyFaces (CVE-2021-26296) For more details about the security issue(s), see the IBM Security Bulletin links for each CVE, listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link (you must log in to download the update). 4. JIRA issues fixed ( IBMRT-133 - Create Errata(RHSA) for Open Liberty 5. References: https://access.redhat.com/security/updates/classification#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=open.liberty&downloadType=distributions&version=21.0.0.6 https://www.ibm.com/support/pages/node/6441433 https://access.redhat.com/articles/4544981 https://access.redhat.com/articles/5665881 https://access.redhat.com/articles/5665881 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYMimftzjgjWX9erEAQhrsA//Y0ojMf2eAgzAzR8wlmNm8WmzB57R2j4d 6NWTmOLcgxOtqah3YHlJwpNmd3TCnLewNZPvYWFHYtu/OlQThItno89xN6ttadQt xOVX+lI5f9Ks3xo0EyO/8RhmSHTs6goGVK3spjkgjNMh+Gb2BuReFxx+LKAySiyS QMMV90A46/HPfFlPYtlQTpVmISe1efeG2aCbvCFZDTUbm4luSxTThL1CsNpeE+1A /5d8RG64269/1VLN/z9SnkpOO/0mMPmNXroC3+Y9XBfVt1rdDlzKskvlQkdoifix 7mpyEu66Q1wL3K9qTuzf939Avd4Eha1V/gHQAcrBuwPVofm9OZ3Vkgog9Q1bXWmp UACXXfY+obV3eNveLqVpDdwt/DlUQKwWb1nbi8S43uYgXnaM03W1POgFoFTJ2QPT QKs2f1ZeAWVN1CuORY/Q8OTo79EDEeNgjia874uk87pdbHtoxe8VwUiTVIeL+049 kHlJbqwhk5Fp2G7qfaDrQT+J/Lo8KxRcSI+akhQGknPdK9OFNiUM1TcgINk3qsTQ znUfcqoHnsYFoEfcG3sWc7UWMp7WK6q83lNn8jf87xb4JTlr8qzjenNn55oTaCoe DqEn/kMPTbb3hqZ6i0Jjej4/RdiA/oM6IWAD7gZ5HZoUSU1GbwyGVPoYSb0brT1J W1Q0HnRVJlU=mOIE -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 15, 2021
•Important
Red Hat
98
security advisoryRed Hatimportant impactRedHat: RHSA-2020-2054-01 Important: Open Liberty Runtime Security Fix
Open Liberty 20.0.0.5 Runtime is now available from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Open Liberty 20.0.0.5 Runtime security update Advisory ID: RHSA-2020:2054-01 Product: Open Liberty Advisory URL: https://access.redhat.com/errata/RHSA-2020:2054 Issue date: 2020-05-11 CVE Names: CVE-2020-4329 CVE-2020-4421 ==================================================================== 1. Summary: Open Liberty 20.0.0.5 Runtime is now available from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Open Liberty is a lightweight open framework for building fast and efficient cloud-native Java microservices. This release of Open Liberty 20.0.0.5 serves as a replacement for Open Liberty 20.0.0.4 and includes security fixes, bug fixes, and enhancements. For specific information about this release, see links in the References section. Security Fix(es): * Information disclosure in WebSphere Application Server (CVE-2020-4329) * Potential spoofing attack in Webshere Application Server (CVE-2020-4421) For more details about the security issue(s), see the IBM Security Bulletin links for each CVE, listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratumcontains a download link (you must log in to download the update). 4. JIRA issues fixed ( IBMRT-26 - Release Open Liberty 20.0.0.5 5. References: https://access.redhat.com/security/cve/CVE-2020-4329 https://access.redhat.com/security/cve/CVE-2020-4421 https://access.redhat.com/security/updates/classification#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=open.liberty&downloadType=distributions&version=20.0.0.5 https://www.ibm.com/support/pages/node/6201862 https://www.ibm.com/support/pages/node/6205926 https://access.redhat.com/articles/4544981 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXrlVOtzjgjWX9erEAQi4RQ/+LkTDq1YwoWoLnZseiqm3LXmgBjrosXhC xAFG3VJgtRWw8GBsWda/Ayb5bhxudsGbNCXzxRAOLUTmE3RoGYdiX1ul/UQQ8UXU JVgECe/R2NLePYWPxoK8hTEPSN4YRwhq+laHoYvjJX0/dq6BblV4N4otG0f661cc HODThkkzPYaCQup7OIxz/OfM/UpiaXDwU5I+WeIDUjAxAeJfkHLKmU3YtENSFf+T qBUnjoE81qdqEjoSLIlIBhiMqNAopyPCSEwuA5AfZ8/ESnBeOECHLaqeM0kpxt35 f5H3SRYHnIQ0qjYYwWQJajLCgxu5lYVhZnS68hekHcsilCdEtojyaFmt674iHWOO AqHqDOyAcFMttP5+EGiawaRKKIN5cF0SGRBmQA3G9FWQPk5oDNXOvnt+42rJ35+O 4wErBjfCv8r/cnGkIbeECSparqKmYkU763lc+haurOr2dUnMk+2uawVFWxG/VFeP NAo/ju4o7tjrgOJWNyl3mxQ4xa6BX+nGZx9U+gdaVxVVSH0F4uXNgKyzkOqYHU0c gJ9gdz0QIjvvv0g/PGp4wi0xgTuCpZdme2hGauYuptqkZkr+cBzjrIBOAT1GVZ74 mVzDmZ3Rw09dUJ3EK9eKUsMwVIe5vvE08tpA7Zp3M4fxM+PHtS1ysSnk74dQfQ51 GsqdCwdtxCc=RzY1 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 11, 2020
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!