Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 3 articles for you...
89
security advisoryFedoracritical fixFedora 38: FEDORA-2023-15deb2e32a critical: kernel-tools critical fix
The 6.6.3 stable kernel update contains a number of important fixes across the tree.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-15deb2e32a 2023-12-04 01:50:38.988373 -------------------------------------------------------------------------------- Name : kernel-tools Product : Fedora 38 Version : 6.6.3 Release : 100.fc38 URL : https://www.kernel.org/ Summary : Assortment of tools for the Linux kernel Description : This package contains the tools/ directory from the kernel source and the supporting documentation. -------------------------------------------------------------------------------- Update Information: The 6.6.3 stable kernel update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 28 2023 Justin M. Forbes - 6.6.3-100 - Linux v6.6.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2250105 - CVE-2023-6111 kernel: netfilter: use-after-free when removing catchall element in GC sync path https://bugzilla.redhat.com/show_bug.cgi?id=2250105 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-15deb2e32a' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Dec 04, 2023
•Critical
Fedora
100
security advisorymoderatesecurity improvementSUSE: 2021:3906-1 Moderate Salt Security Update Improvements Released
An update that solves one vulnerability and has 19 fixes is now available. . SUSE Security Update: Security Beta update for Salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3906-1 Rating: moderate References: #1164192 #1167586 #1168327 #1180650 #1184659 #1185131 #1186287 #1186310 #1186674 #1187787 #1187813 #1188170 #1188641 #1188647 #1189040 #1189043 #1190114 #1190265 #1190446 #1191412 Cross-References: CVE-2021-21996 CVSS scores: CVE-2021-21996 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Manager Tools 12-BETA ______________________________________________________________________________ An update that solves one vulnerability and has 19 fixes is now available. Description: This update fixes the following issues: salt: - Remove wrong _parse_cpe_name from grains.core - Prevent tracebacks if directory for cookie is missing - Fix file.find tracebacks with non utf8 file names (bsc#1190114) - Fix ip6_interface grain to not leak secondary IPv4 aliases (bsc#1191412) - Do not consider skipped targets as failed for ansible.playbooks state (bsc#1190446) - Fix traceback.*_exc() calls - Fix the regression of docker_container state module - Support querying for JSON data in external sql pillar - Exclude the full path of a download URL to prevent injection of malicious code (bsc#1190265) (CVE-2021-21996) - Fix wrong relative paths resolution with Jinja renderer when importing subdirectories - Fix python-MarkupSafe dependency (bsc#1189043) - Add missing aarch64 to rpm package architectures - Consolidate some state requisites (bsc#1188641) - Fix failing unit test for systemd - Fix error handling in openscap module (bsc#1188647) - Better handling of bad public keys from minions (bsc#1189040) - Define license macro as doc in spec file if not existing - Add standalone formulas configuration for salt minion and remove salt-master requirement (bsc#1168327) - Do noop for services states when running systemd in offline mode (bsc#1187787) - Transactional_updates: do not execute states in parallel but use a queue (bsc#1188170) - Handle "master tops" data when states are applied by "transactional_update" (bsc#1187787) - Enhance openscap module: add "xccdf_eval" call - Virt: pass emulator when getting domain capabilities from libvirt - Implementation of held/unheld functions for state pkg (bsc#1187813) - Fix exception in yumpkg.remove for not installed package - Fix save for iptables state module (bsc#1185131) - Virt: use /dev/kvm to detect KVM - Zypperpkg: improve logic for handling vendorchange flags - Add bundled provides for tornado to the spec file - Enhance logging when inotify beacon is missing pyinotify (bsc#1186310) - Add "python3-pyinotify" as a recommended package for Salt in SUSE/openSUSE distros - Check if dpkgnotify is executable (bsc#1186674) - Detect Python version to use inside container (bsc#1167586) (bsc#1164192) - Handle volumes on stopped pools in virt.vm_info (bsc#1186287) - Grains.extra: support old non-intel kernels (bsc#1180650) - Fix missing minion returns in batch mode (bsc#1184659) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-12-BETA-2021-3906=1 Package List: - SUSE Manager Tools 12-BETA (aarch64 ppc64le s390x x86_64): python-MarkupSafe-0.23-6.5.1 python-MarkupSafe-debuginfo-0.23-6.5.1 python-MarkupSafe-debugsource-0.23-6.5.1 python-PyYAML-5.1.2-29.5.1 python-PyYAML-debuginfo-5.1.2-29.5.1 python-PyYAML-debugsource-5.1.2-29.5.1 python-msgpack-python-0.4.6-11.5.1 python-msgpack-python-debuginfo-0.4.6-11.5.1 python-msgpack-python-debugsource-0.4.6-11.5.1 python-psutil-5.2.2-18.5.1 python-psutil-debuginfo-5.2.2-18.5.1 python-psutil-debugsource-5.2.2-18.5.1 python-pycrypto-2.6.1-13.5.1 python-pyzmq-14.0.0-12.5.1 python-pyzmq-debuginfo-14.0.0-12.5.1 python-pyzmq-debugsource-14.0.0-12.5.1 python2-salt-3000-49.38.2 python3-MarkupSafe-0.23-6.5.1 python3-PyYAML-5.1.2-29.5.1 python3-msgpack-python-0.4.6-11.5.1 python3-psutil-5.2.2-18.5.1 python3-pycrypto-2.6.1-13.5.1 python3-pyzmq-14.0.0-12.5.1 python3-salt-3000-49.38.2 salt-3000-49.38.2 salt-doc-3000-49.38.2 salt-minion-3000-49.38.2 - SUSE Manager Tools 12-BETA (ppc64le s390x x86_64): python-pycrypto-debuginfo-2.6.1-13.5.1 - SUSE Manager Tools 12-BETA (noarch): python-Jinja2-2.8-22.5.1 python-singledispatch-3.4.0.3-4.8.1 python3-Jinja2-2.8-22.5.1 References: https://www.suse.com/security/cve/CVE-2021-21996.html https://bugzilla.suse.com/1164192 https://bugzilla.suse.com/1167586 https://bugzilla.suse.com/1168327 https://bugzilla.suse.com/1180650 https://bugzilla.suse.com/1184659 https://bugzilla.suse.com/1185131 https://bugzilla.suse.com/1186287 https://bugzilla.suse.com/1186310 https://bugzilla.suse.com/1186674 https://bugzilla.suse.com/1187787 https://bugzilla.suse.com/1187813 https://bugzilla.suse.com/1188170 https://bugzilla.suse.com/1188641 https://bugzilla.suse.com/1188647 https://bugzilla.suse.com/1189040 https://bugzilla.suse.com/1189043 https://bugzilla.suse.com/1190114 https://bugzilla.suse.com/1190265 https://bugzilla.suse.com/1190446 https://bugzilla.suse.com/1191412 . SUSE releases a preliminary Security Patch for Salt, targeting one specific vulnerability while also delivering 19 crucial enhancements.. SUSE ManagerTools, Salt Security Update, System Update. . LinuxSecurity.com Team
Dec 03, 2021
SuSE
172
security advisoryremote accesssambaUbuntu 20.04 LTS: USN-4559-1 Moderate: Samba Authentication Issue
Several security improvements were added to Samba.. =========================================================================Ubuntu Security Notice USN-4559-1 September 30, 2020 samba update ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security improvements were added to Samba. Software Description: - samba: SMB/CIFS file, print, and login server for Unix Details: Tom Tervoort discovered that the Netlogon protocol implemented by Samba incorrectly handled the authentication scheme. A remote attacker could use this issue to forge an authentication token and steal the credentials of the domain admin. While a previous security update fixed the issue by changing the "server schannel" setting to default to "yes", instead of "auto", which forced a secure netlogon channel, this update provides additional improvements. For compatibility reasons with older devices, Samba now allows specifying an insecure netlogon configuration per machine. See the following link for examples: In addition, this update adds additional server checks for the protocol attack in the client-specified challenge to provide some protection when 'server schannel = no/auto' and avoid the false-positive results when running the proof-of-concept exploit. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: samba 2:4.11.6+dfsg-0ubuntu1.5 Ubuntu 18.04 LTS: samba 2:4.7.6+dfsg~ubuntu-0ubuntu2.20 Ubuntu 16.04 LTS: samba 2:4.3.11+dfsg-0ubuntu0.16.04.31 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4559-1 CVE-2020-1472 Package Information: https://launchpad.net/ubuntu/+source/samba/2:4.11.6+dfsg-0ubuntu1.5 https://launchpad.net/ubuntu/+source/samba/2:4.7.6+dfsg~ubuntu-0ubuntu2.20 https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.16.04.31 . Multiple patches for Samba in Ubuntu boost defenses against potential remote intrusion vulnerabilities.. Ubuntu Samba Update, Authentication Security Improvement, Remote Access Security. . Severity: Important. LinuxSecurity.com Team
Sep 30, 2020
•Important
Ubuntu
89
security advisoryFedoraupdate informationFedora 31: FEDORA-2020-46d0f456a9 Critical Security Enhancements for php
## 1.4.3 (12, Nov 2019) ### Security Improvements: - Insure only a single SignedInfo element exists within a signature during verification. Refs [CVE-2019-3465](https://nvd.nist.gov/vuln/detail/CVE-2019-3465).. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-46d0f456a9 2020-04-13 17:24:06.773966 --------------------------------------------------------------------------------Name : php-robrichards-xmlseclibs1 Product : Fedora 31 Version : 1.4.3 Release : 1.fc31 URL : https://github.com/robrichards/xmlseclibs Summary : A PHP library for XML Security (version 1) Description : xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. NOTE: php-mcrypt will not be automatically installed as a dependency of this package so it will need to be "manually" installed if it is required --specifically for the following XMLSecurityKey encryption types: - XMLSecurityKey::AES128_CBC - XMLSecurityKey::AES192_CBC - XMLSecurityKey::AES256_CBC - XMLSecurityKey::TRIPLEDES_CBC Autoloader: /usr/share/php/robrichards-xmlseclibs/autoload.php --------------------------------------------------------------------------------Update Information: ## 1.4.3 (12, Nov 2019) ### Security Improvements: - Insure only a single SignedInfo element exists within a signature during verification. Refs [CVE-2019-3465](https://nvd.nist.gov/vuln/detail/CVE-2019-3465). --------------------------------------------------------------------------------ChangeLog: * Sun Apr 5 2020 Shawn Iwinski - 1.4.3-1 - Update to 1.4.3 (RHBZ #1771533, CVE-2019-3465) - https://nvd.nist.gov/vuln/detail/CVE-2019-3465 * Thu Jan 30 2020 Fedora Release Engineering - 1.4.2-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1771533 - php-robrichards-xmlseclibs1-1.4.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1771533 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-46d0f456a9' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Apr 13, 2020
•Critical
Fedora
172
security advisoryUbuntusecurity improvementUbuntu 18.04 LTS USN-3784-1 Moderate: AppArmor Policy Improvements
Use a more restrictive blacklist in several policy abstractions.. =========================================================================Ubuntu Security Notice USN-3784-1 October 04, 2018 AppArmor update ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Use a more restrictive blacklist in several policy abstractions. Software Description: - apparmor: Linux security system Details: As a security improvement, this update adjusts the private-files abstraction to disallow writing to thumbnailer configuration files. Additionally adjust the private-files, private-files-strict and user-files abstractions to disallow writes on parent directories of sensitive files. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: apparmor 2.12-4ubuntu5.1 Ubuntu 16.04 LTS: apparmor 2.10.95-0ubuntu2.10 Ubuntu 14.04 LTS: apparmor 2.10.95-0ubuntu2.6~14.04.4 In general, a standard system update will make all the necessary changes. References: https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1788929, https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1794848 Package Information: https://launchpad.net/ubuntu/+source/apparmor/2.12-4ubuntu5.1 https://launchpad.net/ubuntu/+source/apparmor/2.10.95-0ubuntu2.10 https://launchpad.net/ubuntu/+source/apparmor/2.10.95-0ubuntu2.6~14.04.4 . The Ubuntu Security Notice USN-3784-1 outlines a significant AppArmor enhancement aimed at bolstering security in various Ubuntu LTS distributions.. AppArmor Update, Ubuntu Security Notice, Policy Adjustments. . Severity: Important. LinuxSecurity.com Team
Oct 04, 2018
•Important
Ubuntu
100
security advisorybuffer overflowsecurity improvementSUSE: 2017:1248-1 Important: MozillaFirefox Security Fixes
An update that fixes 29 vulnerabilities is now available. An update that fixes 29 vulnerabilities is now available. An update that fixes 29 vulnerabilities is now available.. SUSE Security Update: Security update for MozillaFirefox, mozilla-nss, mozilla-nspr, java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1248-1 Rating: important References: #1015499 #1015547 #1021636 #1026102 #1030071 #1035082 #983639 Cross-References: CVE-2016-1950 CVE-2016-2834 CVE-2016-8635 CVE-2016-9574 CVE-2017-5429 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5437 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5448 CVE-2017-5459 CVE-2017-5460 CVE-2017-5461 CVE-2017-5462 CVE-2017-5464 CVE-2017-5465 CVE-2017-5469 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server for SAP 12 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that fixes 29 vulnerabilities is now available. Description: Mozilla Firefox was updated to the Firefox ESR release 45.9. Mozilla NSS was updated to support TLS 1.3 (close to release draft) and various new ciphers,PRFs, Diffie Hellman key agreement and support for more hashes. Security issues fixed in Firefox (bsc#1035082) - MFSA 2017-11/CVE-2017-5469: Potential Buffer overflow in flex-generated code - MFSA 2017-11/CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 - MFSA 2017-11/CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing - MFSA 2017-11/CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing - MFSA 2017-11/CVE-2017-5437: Vulnerabilities in Libevent library - MFSA 2017-11/CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2 - MFSA 2017-11/CVE-2017-5435: Use-after-free during transaction processing in the editor - MFSA 2017-11/CVE-2017-5434: Use-after-free during focus handling - MFSA 2017-11/CVE-2017-5433: Use-after-free in SMIL animation functions - MFSA 2017-11/CVE-2017-5432: Use-after-free in text input selection - MFSA 2017-11/CVE-2017-5464: Memory corruption with accessibility and DOM manipulation - MFSA 2017-11/CVE-2017-5465: Out-of-bounds read in ConvolvePixel - MFSA 2017-11/CVE-2017-5460: Use-after-free in frame selection - MFSA 2017-11/CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor - MFSA 2017-11/CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data - MFSA 2017-11/CVE-2017-5447: Out-of-bounds read during glyph processing - MFSA 2017-11/CVE-2017-5444: Buffer overflow while parsing application/http-index-format content - MFSA 2017-11/CVE-2017-5445: Uninitialized values used while parsing application/http-index-format content - MFSA 2017-11/CVE-2017-5442: Use-after-free during style changes - MFSA 2017-11/CVE-2017-5443: Out-of-bounds write during BinHex decoding - MFSA 2017-11/CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing - MFSA 2017-11/CVE-2017-5441: Use-after-free with selection during scroll events -MFSA 2017-11/CVE-2017-5459: Buffer overflow in WebGL Mozilla NSS was updated to 3.29.5, bringing new features and fixing bugs: - Update to NSS 3.29.5: * MFSA 2017-11/CVE-2017-5461: Rare crashes in the base 64 decoder and encoder were fixed. * MFSA 2017-11/CVE-2017-5462: A carry over bug in the RNG was fixed. * CVE-2016-9574: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA (bsc#1015499). * requires NSPR > = 4.13.1 - Update to NSS 3.29.3 * enables TLS 1.3 by default - Fixed a bug in hash computation (and build with GCC 7 which complains about shifts of boolean values). (bsc#1030071, bmo#1348767) - Update to NSS 3.28.3 This is a patch release to fix binary compatibility issues. - Update to NSS 3.28.1 This is a patch release to update the list of root CA certificates. * The following CA certificates were Removed CN = Buypass Class 2 CA 1 CN = Root CA Generalitat Valenciana OU = RSA Security 2048 V3 * The following CA certificates were Added OU = AC RAIZ FNMT-RCM CN = Amazon Root CA 1 CN = Amazon Root CA 2 CN Amazon Root CA 3 CN = Amazon Root CA 4 CN = LuxTrust Global Root 2 CN Symantec Class 1 Public Primary Certification Authority - G4 CN = Symantec Class 1 Public Primary Certification Authority - G6 CN = Symantec Class 2 Public Primary Certification Authority - G4 CN = Symantec Class 2 Public Primary Certification Authority - G6 * The version number of the updated root CA list has been set to 2.11 - Update to NSS 3.28 New functionality: * NSS includes support for TLS 1.3 draft -18. This includes a number of improvements to TLS 1.3: - The signed certificate timestamp, used in certificate transparency, is supported in TLS 1.3. - Key exporters for TLS 1.3 are supported. This includes the early key exporter, which can be used if 0-RTT is enabled. Note that there is a difference betweenTLS 1.3 and key exporters in older versions of TLS. TLS 1.3 does not distinguish between an empty context and no context. - The TLS 1.3 (draft) protocol can be enabled, by defining NSS_ENABLE_TLS_1_3=1 when building NSS. - NSS includes support for the X25519 key exchange algorithm, which is supported and enabled by default in all versions of TLS. Notable Changes: * NSS can no longer be compiled with support for additional elliptic curves. This was previously possible by replacing certain NSS source files. * NSS will now detect the presence of tokens that support additional elliptic curves and enable those curves for use in TLS. Note that this detection has a one-off performance cost, which can be avoided by using the SSL_NamedGroupConfig function to limit supported groups to those that NSS provides. * PKCS#11 bypass for TLS is no longer supported and has been removed. * Support for "export" grade SSL/TLS cipher suites has been removed. * NSS now uses the signature schemes definition in TLS 1.3. This also affects TLS 1.2. NSS will now only generate signatures with the combinations of hash and signature scheme that are defined in TLS 1.3, even when negotiating TLS 1.2. - This means that SHA-256 will only be used with P-256 ECDSA certificates, SHA-384 with P-384 certificates, and SHA-512 with P-521 certificates. SHA-1 is permitted (in TLS 1.2 only) with any certificate for backward compatibility reasons. - NSS will now no longer assume that default signature schemes are supported by a peer if there was no commonly supported signature scheme. * NSS will now check if RSA-PSS signing is supported by the token that holds the private key prior to using it for TLS. * The certificate validation code contains checks to no longer trust certificates that are issued by old WoSign and StartCom CAsafter October 21, 2016. This is equivalent to the behavior that Mozilla will release with Firefox 51. - Update to NSS 3.27.2 * Fixed SSL_SetTrustAnchors leaks (bmo#1318561) - raised the minimum softokn/freebl version to 3.28 as reported in (boo#1021636) - Update to NSS 3.26.2 New Functionality: * the selfserv test utility has been enhanced to support ALPN (HTTP/1.1) and 0-RTT * added support for the System-wide crypto policy available on Fedora Linux see http://fedoraproject.org/wiki/Changes/CryptoPolicy * introduced build flag NSS_DISABLE_LIBPKIX that allows compilation of NSS without the libpkix library Notable Changes: * The following CA certificate was Added CN = ISRG Root X1 * NPN is disabled and ALPN is enabled by default * the NSS test suite now completes with the experimental TLS 1.3 code enabled * several test improvements and additions, including a NIST known answer test Changes in 3.26.2 * MD5 signature algorithms sent by the server in CertificateRequest messages are now properly ignored. Previously, with rare server configurations, an MD5 signature algorithm might have been selected for client authentication and caused the client to abort the connection soon after. - Update to NSS 3.25 New functionality: * Implemented DHE key agreement for TLS 1.3 * Added support for ChaCha with TLS 1.3 * Added support for TLS 1.2 ciphersuites that use SHA384 as the PRF * In previous versions, when using client authentication with TLS 1.2, NSS only supported certificate_verify messages that used the same signature hash algorithm as used by the PRF. This limitation has been removed. Notable changes: * An SSL socket can no longer be configured to allow both TLS 1.3 and SSLv3 * Regression fix: NSS no longer reports a failure if an application attempts to disable the SSLv2protocol. * The list of trusted CA certificates has been updated to version 2.8 * The following CA certificate was Removed Sonera Class1 CA * The following CA certificates were Added Hellenic Academic and Research Institutions RootCA 2015 Hellenic Academic and Research Institutions ECC RootCA 2015 Certplus Root CA G1 Certplus Root CA G2 OpenTrust Root CA G1 OpenTrust Root CA G2 OpenTrust Root CA G3 - Update to NSS 3.24 New functionality: * NSS softoken has been updated with the latest National Institute of Standards and Technology (NIST) guidance (as of 2015): - Software integrity checks and POST functions are executed on shared library load. These checks have been disabled by default, as they can cause a performance regression. To enable these checks, you must define symbol NSS_FORCE_FIPS when building NSS. - Counter mode and Galois/Counter Mode (GCM) have checks to prevent counter overflow. - Additional CSPs are zeroed in the code. - NSS softoken uses new guidance for how many Rabin-Miller tests are needed to verify a prime based on prime size. * NSS softoken has also been updated to allow NSS to run in FIPS Level 1 (no password). This mode is triggered by setting the database password to the empty string. In FIPS mode, you may move from Level 1 to Level 2 (by setting an appropriate password), but not the reverse. * A SSL_ConfigServerCert function has been added for configuring SSL/TLS server sockets with a certificate and private key. Use this new function in place of SSL_ConfigSecureServer, SSL_ConfigSecureServerWithCertChain, SSL_SetStapledOCSPResponses, and SSL_SetSignedCertTimestamps. SSL_ConfigServerCert automatically determines the certificate type from the certificate and private key. The caller is no longer required to use SSLKEAType explicitly to select a "slot" into which the certificate isconfigured (which incorrectly identifies a key agreement type rather than a certificate). Separate functions for configuring Online Certificate Status Protocol (OCSP) responses or Signed Certificate Timestamps are not needed, since these can be added to the optional SSLExtraServerCertData struct provided to SSL_ConfigServerCert. Also, partial support for RSA Probabilistic Signature Scheme (RSA-PSS) certificates has been added. Although these certificates can be configured, they will not be used by NSS in this version. * Deprecate the member attribute authAlgorithm of type SSLCipherSuiteInfo. Instead, applications should use the newly added attribute authType. * Add a shared library (libfreeblpriv3) on Linux platforms that define FREEBL_LOWHASH. * Remove most code related to SSL v2, including the ability to actively send a SSLv2-compatible client hello. However, the server-side implementation of the SSL/TLS protocol still supports processing of received v2-compatible client hello messages. * Disable (by default) NSS support in optimized builds for logging SSL/TLS key material to a logfile if the SSLKEYLOGFILE environment variable is set. To enable the functionality in optimized builds, you must define the symbol NSS_ALLOW_SSLKEYLOGFILE when building NSS. * Update NSS to protect it against the Cachebleed attack. * Disable support for DTLS compression. * Improve support for TLS 1.3. This includes support for DTLS 1.3. Note that TLS 1.3 support is experimental and not suitable for production use. - Update to NSS 3.23 New functionality: * ChaCha20/Poly1305 cipher and TLS cipher suites now supported * Experimental-only support TLS 1.3 1-RTT mode (draft-11). This code is not ready for production use. Notable changes: * The list of TLS extensions sent in the TLS handshake has been reordered to increasecompatibility of the Extended Master Secret with with servers * The build time environment variable NSS_ENABLE_ZLIB has been renamed to NSS_SSL_ENABLE_ZLIB * The build time environment variable NSS_DISABLE_CHACHAPOLY was added, which can be used to prevent compilation of the ChaCha20/Poly1305 code. * The following CA certificates were Removed - Staat der Nederlanden Root CA - NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado - NetLock Kozjegyzoi (Class A) Tanusitvanykiado - NetLock Uzleti (Class B) Tanusitvanykiado - NetLock Expressz (Class C) Tanusitvanykiado - VeriSign Class 1 Public PCA - G2 - VeriSign Class 3 Public PCA - VeriSign Class 3 Public PCA - G2 - CA Disig * The following CA certificates were Added + SZAFIR ROOT CA2 + Certum Trusted Network CA 2 * The following CA certificate had the Email trust bit turned on + Actalis Authentication Root CA Security fixes: * CVE-2016-2834: Memory safety bugs (boo#983639) MFSA-2016-61 bmo#1206283 bmo#1221620 bmo#1241034 bmo#1241037 - Update to NSS 3.22.3 * Increase compatibility of TLS extended master secret, don't send an empty TLS extension last in the handshake (bmo#1243641) * Fixed a heap-based buffer overflow related to the parsing of certain ASN.1 structures. An attacker could create a specially-crafted certificate which, when parsed by NSS, would cause a crash or execution of arbitrary code with the permissions of the user. (CVE-2016-1950, bmo#1245528) - Update to NSS 3.22.2 New functionality: * RSA-PSS signatures are now supported (bmo#1215295) * Pseudorandom functions based on hashes other than SHA-1 are now supported * Enforce an External Policy on NSS from a config file (bmo#1009429) - CVE-2016-8635: Fix for DH small subgroup confinement attack (bsc#1015547) Mozilla NSPR was updated to version 4.13.1: The previously released version 4.13 had changed pipes to be nonblocking by default, and as a consequence, PollEvent was changed to not block on clear. The NSPR development team received reports that these changes caused regressions in some applications that use NSPR, and it has been decided to revert the changes made in NSPR 4.13. NSPR 4.13.1 restores the traditional behavior of pipes and PollEvent. Mozilla NSPR update to version 4.13 had these changes: - PL_strcmp (and others) were fixed to return consistent results when one of the arguments is NULL. - PollEvent was fixed to not block on clear. - Pipes are always nonblocking. - PR_GetNameForIdentity: added thread safety lock and bound checks. - Removed the PLArena freelist. - Avoid some integer overflows. - fixed several comments. This update also contains java-1_8_0-openjdk that needed to be rebuilt against the new mozilla-nss version. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-748=1 - SUSE Linux Enterprise Software Development Kit 12-SP1: zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-748=1 - SUSE Linux Enterprise Server for SAP 12: zypper in -t patch SUSE-SLE-SAP-12-2017-748=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-748=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-748=1 - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-748=1 - SUSE Linux Enterprise Server 12-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-2017-748=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-748=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patchSUSE-SLE-DESKTOP-12-SP1-2017-748=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-45.9.0esr-105.1 MozillaFirefox-debugsource-45.9.0esr-105.1 MozillaFirefox-devel-45.9.0esr-105.1 mozilla-nspr-debuginfo-4.13.1-18.1 mozilla-nspr-debugsource-4.13.1-18.1 mozilla-nspr-devel-4.13.1-18.1 mozilla-nss-debuginfo-3.29.5-57.1 mozilla-nss-debugsource-3.29.5-57.1 mozilla-nss-devel-3.29.5-57.1 - SUSE Linux Enterprise Software Development Kit 12-SP1 (ppc64le s390x x86_64): MozillaFirefox-debuginfo-45.9.0esr-105.1 MozillaFirefox-debugsource-45.9.0esr-105.1 MozillaFirefox-devel-45.9.0esr-105.1 mozilla-nspr-debuginfo-4.13.1-18.1 mozilla-nspr-debugsource-4.13.1-18.1 mozilla-nspr-devel-4.13.1-18.1 mozilla-nss-debuginfo-3.29.5-57.1 mozilla-nss-debugsource-3.29.5-57.1 mozilla-nss-devel-3.29.5-57.1 - SUSE Linux Enterprise Server for SAP 12 (x86_64): MozillaFirefox-45.9.0esr-105.1 MozillaFirefox-debuginfo-45.9.0esr-105.1 MozillaFirefox-debugsource-45.9.0esr-105.1 MozillaFirefox-devel-45.9.0esr-105.1 MozillaFirefox-translations-45.9.0esr-105.1 libfreebl3-3.29.5-57.1 libfreebl3-32bit-3.29.5-57.1 libfreebl3-debuginfo-3.29.5-57.1 libfreebl3-debuginfo-32bit-3.29.5-57.1 libfreebl3-hmac-3.29.5-57.1 libfreebl3-hmac-32bit-3.29.5-57.1 libsoftokn3-3.29.5-57.1 libsoftokn3-32bit-3.29.5-57.1 libsoftokn3-debuginfo-3.29.5-57.1 libsoftokn3-debuginfo-32bit-3.29.5-57.1 libsoftokn3-hmac-3.29.5-57.1 libsoftokn3-hmac-32bit-3.29.5-57.1 mozilla-nspr-32bit-4.13.1-18.1 mozilla-nspr-4.13.1-18.1 mozilla-nspr-debuginfo-32bit-4.13.1-18.1 mozilla-nspr-debuginfo-4.13.1-18.1 mozilla-nspr-debugsource-4.13.1-18.1 mozilla-nspr-devel-4.13.1-18.1 mozilla-nss-3.29.5-57.1 mozilla-nss-32bit-3.29.5-57.1 mozilla-nss-certs-3.29.5-57.1 mozilla-nss-certs-32bit-3.29.5-57.1 mozilla-nss-certs-debuginfo-3.29.5-57.1 mozilla-nss-certs-debuginfo-32bit-3.29.5-57.1 mozilla-nss-debuginfo-3.29.5-57.1 mozilla-nss-debuginfo-32bit-3.29.5-57.1 mozilla-nss-debugsource-3.29.5-57.1 mozilla-nss-devel-3.29.5-57.1 mozilla-nss-sysinit-3.29.5-57.1 mozilla-nss-sysinit-32bit-3.29.5-57.1 mozilla-nss-sysinit-debuginfo-3.29.5-57.1 mozilla-nss-sysinit-debuginfo-32bit-3.29.5-57.1 mozilla-nss-tools-3.29.5-57.1 mozilla-nss-tools-debuginfo-3.29.5-57.1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): MozillaFirefox-45.9.0esr-105.1 MozillaFirefox-debuginfo-45.9.0esr-105.1 MozillaFirefox-debugsource-45.9.0esr-105.1 MozillaFirefox-translations-45.9.0esr-105.1 java-1_8_0-openjdk-1.8.0.121-23.4 java-1_8_0-openjdk-debuginfo-1.8.0.121-23.4 java-1_8_0-openjdk-debugsource-1.8.0.121-23.4 java-1_8_0-openjdk-demo-1.8.0.121-23.4 java-1_8_0-openjdk-demo-debuginfo-1.8.0.121-23.4 java-1_8_0-openjdk-devel-1.8.0.121-23.4 java-1_8_0-openjdk-devel-debuginfo-1.8.0.121-23.4 java-1_8_0-openjdk-headless-1.8.0.121-23.4 java-1_8_0-openjdk-headless-debuginfo-1.8.0.121-23.4 libfreebl3-3.29.5-57.1 libfreebl3-debuginfo-3.29.5-57.1 libfreebl3-hmac-3.29.5-57.1 libsoftokn3-3.29.5-57.1 libsoftokn3-debuginfo-3.29.5-57.1 libsoftokn3-hmac-3.29.5-57.1 mozilla-nspr-4.13.1-18.1 mozilla-nspr-debuginfo-4.13.1-18.1 mozilla-nspr-debugsource-4.13.1-18.1 mozilla-nss-3.29.5-57.1 mozilla-nss-certs-3.29.5-57.1 mozilla-nss-certs-debuginfo-3.29.5-57.1 mozilla-nss-debuginfo-3.29.5-57.1 mozilla-nss-debugsource-3.29.5-57.1 mozilla-nss-sysinit-3.29.5-57.1 mozilla-nss-sysinit-debuginfo-3.29.5-57.1 mozilla-nss-tools-3.29.5-57.1 mozilla-nss-tools-debuginfo-3.29.5-57.1 - SUSE LinuxEnterprise Server 12-SP2 (aarch64 ppc64le x86_64): MozillaFirefox-45.9.0esr-105.1 MozillaFirefox-debuginfo-45.9.0esr-105.1 MozillaFirefox-debugsource-45.9.0esr-105.1 MozillaFirefox-translations-45.9.0esr-105.1 java-1_8_0-openjdk-1.8.0.121-23.4 java-1_8_0-openjdk-debuginfo-1.8.0.121-23.4 java-1_8_0-openjdk-debugsource-1.8.0.121-23.4 java-1_8_0-openjdk-demo-1.8.0.121-23.4 java-1_8_0-openjdk-demo-debuginfo-1.8.0.121-23.4 java-1_8_0-openjdk-devel-1.8.0.121-23.4 java-1_8_0-openjdk-devel-debuginfo-1.8.0.121-23.4 java-1_8_0-openjdk-headless-1.8.0.121-23.4 java-1_8_0-openjdk-headless-debuginfo-1.8.0.121-23.4 libfreebl3-3.29.5-57.1 libfreebl3-debuginfo-3.29.5-57.1 libfreebl3-hmac-3.29.5-57.1 libsoftokn3-3.29.5-57.1 libsoftokn3-debuginfo-3.29.5-57.1 libsoftokn3-hmac-3.29.5-57.1 mozilla-nspr-4.13.1-18.1 mozilla-nspr-debuginfo-4.13.1-18.1 mozilla-nspr-debugsource-4.13.1-18.1 mozilla-nss-3.29.5-57.1 mozilla-nss-certs-3.29.5-57.1 mozilla-nss-certs-debuginfo-3.29.5-57.1 mozilla-nss-debuginfo-3.29.5-57.1 mozilla-nss-debugsource-3.29.5-57.1 mozilla-nss-sysinit-3.29.5-57.1 mozilla-nss-sysinit-debuginfo-3.29.5-57.1 mozilla-nss-tools-3.29.5-57.1 mozilla-nss-tools-debuginfo-3.29.5-57.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libfreebl3-32bit-3.29.5-57.1 libfreebl3-debuginfo-32bit-3.29.5-57.1 libfreebl3-hmac-32bit-3.29.5-57.1 libsoftokn3-32bit-3.29.5-57.1 libsoftokn3-debuginfo-32bit-3.29.5-57.1 libsoftokn3-hmac-32bit-3.29.5-57.1 mozilla-nspr-32bit-4.13.1-18.1 mozilla-nspr-debuginfo-32bit-4.13.1-18.1 mozilla-nss-32bit-3.29.5-57.1 mozilla-nss-certs-32bit-3.29.5-57.1 mozilla-nss-certs-debuginfo-32bit-3.29.5-57.1 mozilla-nss-debuginfo-32bit-3.29.5-57.1 mozilla-nss-sysinit-32bit-3.29.5-57.1 mozilla-nss-sysinit-debuginfo-32bit-3.29.5-57.1 - SUSE LinuxEnterprise Server 12-SP1 (ppc64le s390x x86_64): MozillaFirefox-45.9.0esr-105.1 MozillaFirefox-debuginfo-45.9.0esr-105.1 MozillaFirefox-debugsource-45.9.0esr-105.1 MozillaFirefox-translations-45.9.0esr-105.1 java-1_8_0-openjdk-1.8.0.121-23.4 java-1_8_0-openjdk-debuginfo-1.8.0.121-23.4 java-1_8_0-openjdk-debugsource-1.8.0.121-23.4 java-1_8_0-openjdk-demo-1.8.0.121-23.4 java-1_8_0-openjdk-demo-debuginfo-1.8.0.121-23.4 java-1_8_0-openjdk-devel-1.8.0.121-23.4 java-1_8_0-openjdk-headless-1.8.0.121-23.4 java-1_8_0-openjdk-headless-debuginfo-1.8.0.121-23.4 libfreebl3-3.29.5-57.1 libfreebl3-debuginfo-3.29.5-57.1 libfreebl3-hmac-3.29.5-57.1 libsoftokn3-3.29.5-57.1 libsoftokn3-debuginfo-3.29.5-57.1 libsoftokn3-hmac-3.29.5-57.1 mozilla-nspr-4.13.1-18.1 mozilla-nspr-debuginfo-4.13.1-18.1 mozilla-nspr-debugsource-4.13.1-18.1 mozilla-nss-3.29.5-57.1 mozilla-nss-certs-3.29.5-57.1 mozilla-nss-certs-debuginfo-3.29.5-57.1 mozilla-nss-debuginfo-3.29.5-57.1 mozilla-nss-debugsource-3.29.5-57.1 mozilla-nss-sysinit-3.29.5-57.1 mozilla-nss-sysinit-debuginfo-3.29.5-57.1 mozilla-nss-tools-3.29.5-57.1 mozilla-nss-tools-debuginfo-3.29.5-57.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): libfreebl3-32bit-3.29.5-57.1 libfreebl3-debuginfo-32bit-3.29.5-57.1 libfreebl3-hmac-32bit-3.29.5-57.1 libsoftokn3-32bit-3.29.5-57.1 libsoftokn3-debuginfo-32bit-3.29.5-57.1 libsoftokn3-hmac-32bit-3.29.5-57.1 mozilla-nspr-32bit-4.13.1-18.1 mozilla-nspr-debuginfo-32bit-4.13.1-18.1 mozilla-nss-32bit-3.29.5-57.1 mozilla-nss-certs-32bit-3.29.5-57.1 mozilla-nss-certs-debuginfo-32bit-3.29.5-57.1 mozilla-nss-debuginfo-32bit-3.29.5-57.1 mozilla-nss-sysinit-32bit-3.29.5-57.1 mozilla-nss-sysinit-debuginfo-32bit-3.29.5-57.1 - SUSE Linux Enterprise Server 12-LTSS (ppc64le s390x x86_64): MozillaFirefox-45.9.0esr-105.1 MozillaFirefox-debuginfo-45.9.0esr-105.1 MozillaFirefox-debugsource-45.9.0esr-105.1 MozillaFirefox-devel-45.9.0esr-105.1 MozillaFirefox-translations-45.9.0esr-105.1 libfreebl3-3.29.5-57.1 libfreebl3-debuginfo-3.29.5-57.1 libfreebl3-hmac-3.29.5-57.1 libsoftokn3-3.29.5-57.1 libsoftokn3-debuginfo-3.29.5-57.1 libsoftokn3-hmac-3.29.5-57.1 mozilla-nspr-4.13.1-18.1 mozilla-nspr-debuginfo-4.13.1-18.1 mozilla-nspr-debugsource-4.13.1-18.1 mozilla-nspr-devel-4.13.1-18.1 mozilla-nss-3.29.5-57.1 mozilla-nss-certs-3.29.5-57.1 mozilla-nss-certs-debuginfo-3.29.5-57.1 mozilla-nss-debuginfo-3.29.5-57.1 mozilla-nss-debugsource-3.29.5-57.1 mozilla-nss-devel-3.29.5-57.1 mozilla-nss-sysinit-3.29.5-57.1 mozilla-nss-sysinit-debuginfo-3.29.5-57.1 mozilla-nss-tools-3.29.5-57.1 mozilla-nss-tools-debuginfo-3.29.5-57.1 - SUSE Linux Enterprise Server 12-LTSS (s390x x86_64): libfreebl3-32bit-3.29.5-57.1 libfreebl3-debuginfo-32bit-3.29.5-57.1 libfreebl3-hmac-32bit-3.29.5-57.1 libsoftokn3-32bit-3.29.5-57.1 libsoftokn3-debuginfo-32bit-3.29.5-57.1 libsoftokn3-hmac-32bit-3.29.5-57.1 mozilla-nspr-32bit-4.13.1-18.1 mozilla-nspr-debuginfo-32bit-4.13.1-18.1 mozilla-nss-32bit-3.29.5-57.1 mozilla-nss-certs-32bit-3.29.5-57.1 mozilla-nss-certs-debuginfo-32bit-3.29.5-57.1 mozilla-nss-debuginfo-32bit-3.29.5-57.1 mozilla-nss-sysinit-32bit-3.29.5-57.1 mozilla-nss-sysinit-debuginfo-32bit-3.29.5-57.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): MozillaFirefox-45.9.0esr-105.1 MozillaFirefox-debuginfo-45.9.0esr-105.1 MozillaFirefox-debugsource-45.9.0esr-105.1 MozillaFirefox-translations-45.9.0esr-105.1 java-1_8_0-openjdk-1.8.0.121-23.4 java-1_8_0-openjdk-debuginfo-1.8.0.121-23.4 java-1_8_0-openjdk-debugsource-1.8.0.121-23.4 java-1_8_0-openjdk-headless-1.8.0.121-23.4 java-1_8_0-openjdk-headless-debuginfo-1.8.0.121-23.4 libfreebl3-3.29.5-57.1 libfreebl3-32bit-3.29.5-57.1 libfreebl3-debuginfo-3.29.5-57.1 libfreebl3-debuginfo-32bit-3.29.5-57.1 libsoftokn3-3.29.5-57.1 libsoftokn3-32bit-3.29.5-57.1 libsoftokn3-debuginfo-3.29.5-57.1 libsoftokn3-debuginfo-32bit-3.29.5-57.1 mozilla-nspr-32bit-4.13.1-18.1 mozilla-nspr-4.13.1-18.1 mozilla-nspr-debuginfo-32bit-4.13.1-18.1 mozilla-nspr-debuginfo-4.13.1-18.1 mozilla-nspr-debugsource-4.13.1-18.1 mozilla-nss-3.29.5-57.1 mozilla-nss-32bit-3.29.5-57.1 mozilla-nss-certs-3.29.5-57.1 mozilla-nss-certs-32bit-3.29.5-57.1 mozilla-nss-certs-debuginfo-3.29.5-57.1 mozilla-nss-certs-debuginfo-32bit-3.29.5-57.1 mozilla-nss-debuginfo-3.29.5-57.1 mozilla-nss-debuginfo-32bit-3.29.5-57.1 mozilla-nss-debugsource-3.29.5-57.1 mozilla-nss-sysinit-3.29.5-57.1 mozilla-nss-sysinit-32bit-3.29.5-57.1 mozilla-nss-sysinit-debuginfo-3.29.5-57.1 mozilla-nss-sysinit-debuginfo-32bit-3.29.5-57.1 mozilla-nss-tools-3.29.5-57.1 mozilla-nss-tools-debuginfo-3.29.5-57.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): MozillaFirefox-45.9.0esr-105.1 MozillaFirefox-debuginfo-45.9.0esr-105.1 MozillaFirefox-debugsource-45.9.0esr-105.1 MozillaFirefox-translations-45.9.0esr-105.1 java-1_8_0-openjdk-1.8.0.121-23.4 java-1_8_0-openjdk-debuginfo-1.8.0.121-23.4 java-1_8_0-openjdk-debugsource-1.8.0.121-23.4 java-1_8_0-openjdk-headless-1.8.0.121-23.4 java-1_8_0-openjdk-headless-debuginfo-1.8.0.121-23.4 libfreebl3-3.29.5-57.1 libfreebl3-32bit-3.29.5-57.1 libfreebl3-debuginfo-3.29.5-57.1 libfreebl3-debuginfo-32bit-3.29.5-57.1 libsoftokn3-3.29.5-57.1 libsoftokn3-32bit-3.29.5-57.1 libsoftokn3-debuginfo-3.29.5-57.1 libsoftokn3-debuginfo-32bit-3.29.5-57.1 mozilla-nspr-32bit-4.13.1-18.1 mozilla-nspr-4.13.1-18.1 mozilla-nspr-debuginfo-32bit-4.13.1-18.1 mozilla-nspr-debuginfo-4.13.1-18.1 mozilla-nspr-debugsource-4.13.1-18.1 mozilla-nss-3.29.5-57.1 mozilla-nss-32bit-3.29.5-57.1 mozilla-nss-certs-3.29.5-57.1 mozilla-nss-certs-32bit-3.29.5-57.1 mozilla-nss-certs-debuginfo-3.29.5-57.1 mozilla-nss-certs-debuginfo-32bit-3.29.5-57.1 mozilla-nss-debuginfo-3.29.5-57.1 mozilla-nss-debuginfo-32bit-3.29.5-57.1 mozilla-nss-debugsource-3.29.5-57.1 mozilla-nss-sysinit-3.29.5-57.1 mozilla-nss-sysinit-32bit-3.29.5-57.1 mozilla-nss-sysinit-debuginfo-3.29.5-57.1 mozilla-nss-sysinit-debuginfo-32bit-3.29.5-57.1 mozilla-nss-tools-3.29.5-57.1 mozilla-nss-tools-debuginfo-3.29.5-57.1 References: https://www.suse.com/security/cve/CVE-2016-1950.html https://www.suse.com/security/cve/CVE-2016-2834.html https://www.suse.com/security/cve/CVE-2016-8635.html https://www.suse.com/security/cve/CVE-2016-9574.html https://www.suse.com/security/cve/CVE-2017-5429.html https://www.suse.com/security/cve/CVE-2017-5432.html https://www.suse.com/security/cve/CVE-2017-5433.html https://www.suse.com/security/cve/CVE-2017-5434.html https://www.suse.com/security/cve/CVE-2017-5435.html https://www.suse.com/security/cve/CVE-2017-5436.html https://www.suse.com/security/cve/CVE-2017-5437.html https://www.suse.com/security/cve/CVE-2017-5438.html https://www.suse.com/security/cve/CVE-2017-5439.html https://www.suse.com/security/cve/CVE-2017-5440.html https://www.suse.com/security/cve/CVE-2017-5441.html https://www.suse.com/security/cve/CVE-2017-5442.html https://www.suse.com/security/cve/CVE-2017-5443.html https://www.suse.com/security/cve/CVE-2017-5444.html https://www.suse.com/security/cve/CVE-2017-5445.html https://www.suse.com/security/cve/CVE-2017-5446.html https://www.suse.com/security/cve/CVE-2017-5447.html https://www.suse.com/security/cve/CVE-2017-5448.html https://www.suse.com/security/cve/CVE-2017-5459.html https://www.suse.com/security/cve/CVE-2017-5460.html https://www.suse.com/security/cve/CVE-2017-5461.html https://www.suse.com/security/cve/CVE-2017-5462.html https://www.suse.com/security/cve/CVE-2017-5464.html https://www.suse.com/security/cve/CVE-2017-5465.html https://www.suse.com/security/cve/CVE-2017-5469.html https://bugzilla.suse.com/1015499 https://bugzilla.suse.com/1015547 https://bugzilla.suse.com/1021636 https://bugzilla.suse.com/1026102 https://bugzilla.suse.com/1030071 https://bugzilla.suse.com/1035082 https://bugzilla.suse.com/983639 . Critical fixes for MozillaFirefox and other packages are now available in the latest SUSE security update.. SUSE Security, MozillaFirefox Fixes, OpenJDK Update. . Severity: Important. LinuxSecurity.com Team
May 11, 2017
•Important
SuSE
89
security advisorysoftware updateFedoraFedora 21: ownCloud 8.0.9 Security Update - Critical Enhancements
This update provides the latest upstream release of ownCloud in the current minor series - 8.0.9 for all releases but EPEL 6, 7.0.11 for EPEL 6. These releases come with unspecified "security improvements", so updating quickly is recommended. As usual, a minor update should apply smoothly, but we advise you back up user data, configuration, and database contents before applying the. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-a117082cd2 2015-11-14 22:27:57.232391 -------------------------------------------------------------------------------- Name : owncloud Product : Fedora 21 Version : 8.0.9 Release : 1.fc21 URL : https://owncloud.com/ Summary : Private file sync and share server Description : ownCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing right on the web. ownCloud is extendable via a simple but powerful API for applications and plugins. -------------------------------------------------------------------------------- Update Information: This update provides the latest upstream release of ownCloud in the current minor series - 8.0.9 for all releases but EPEL 6, 7.0.11 for EPEL 6. These releases come with unspecified "security improvements", so updating quickly is recommended. As usual, a minor update should apply smoothly, but we advise you back up user data, configuration, and database contents before applying the update. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1278121 - owncloud: Unspecified security issues fixed in owncloud 7.0.11, 8.0.9 and 8.1.4 https://bugzilla.redhat.com/show_bug.cgi?id=1278121 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c'yum update owncloud' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Nov 15, 2015
•Critical
Fedora
89
security advisoryFedoradata backupFedora 22: 2015-85760004ca Moderate: ownCloud Security Improvements
This update provides the latest upstream release of ownCloud in the current minor series - 8.0.9 for all releases but EPEL 6, 7.0.11 for EPEL 6. These releases come with unspecified "security improvements", so updating quickly is recommended. As usual, a minor update should apply smoothly, but we advise you back up user data, configuration, and database contents before applying the. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-85760004ca 2015-11-14 22:28:08.990137 -------------------------------------------------------------------------------- Name : owncloud Product : Fedora 22 Version : 8.0.9 Release : 1.fc22 URL : https://owncloud.com/ Summary : Private file sync and share server Description : ownCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing right on the web. ownCloud is extendable via a simple but powerful API for applications and plugins. -------------------------------------------------------------------------------- Update Information: This update provides the latest upstream release of ownCloud in the current minor series - 8.0.9 for all releases but EPEL 6, 7.0.11 for EPEL 6. These releases come with unspecified "security improvements", so updating quickly is recommended. As usual, a minor update should apply smoothly, but we advise you back up user data, configuration, and database contents before applying the update. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1278121 - owncloud: Unspecified security issues fixed in owncloud 7.0.11, 8.0.9 and 8.1.4 https://bugzilla.redhat.com/show_bug.cgi?id=1278121 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c'yum update owncloud' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Nov 15, 2015
•Important
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!