Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
203
security advisorycritical issueMageiaMageia 8: 2023-0046 Critical: libzen Null Pointer Dereference Advisory
A vulnerability classified as problematic has been found in MediaArea ZenLib up to 0.4.38. This affects the function Ztring::Date_From_Seconds_1970_Local of the file Source/ZenLib/Ztring.cpp. The manipulation of the argument Value leads to unchecked return value to null pointer dereference. (CVE-2020-36646) . MGASA-2023-0046 - Updated libzen packages fix security vulnerability Publication date: 14 Feb 2023 URL: https://advisories.mageia.org/MGASA-2023-0046.html Type: security Affected Mageia releases: 8 CVE: CVE-2020-36646 A vulnerability classified as problematic has been found in MediaArea ZenLib up to 0.4.38. This affects the function Ztring::Date_From_Seconds_1970_Local of the file Source/ZenLib/Ztring.cpp. The manipulation of the argument Value leads to unchecked return value to null pointer dereference. (CVE-2020-36646) References: - https://bugs.mageia.org/show_bug.cgi?id=31492 - https://lists.debian.org/debian-lts-announce/2023/01/msg00029.html - https://www.cve.org/CVERecord?id=CVE-2020-36646 SRPMS: - 8/core/libzen-0.4.38-1.1.mga8 . A significant security bulletin has been issued for Mageia, highlighting a severe vulnerability within libzen that compromises local date interpretation. Dive into the patch!. Mageia Libzen Security Update, MediaArea Vulnerability, Null Pointer Dereference, Security Issue Mitigation. . Severity: Critical. LinuxSecurity.com Team
Feb 14, 2023
•Critical
Mageia
89
security advisorymoderatefedoraFedora 36: FEDORA-2022-ea8f4e232d Moderate: Golang GitHub Hub Update
Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-ea8f4e232d 2022-07-30 01:52:05.591840 --------------------------------------------------------------------------------Name : golang-github-hub Product : Fedora 36 Version : 2.14.2 Release : 9.fc36 URL : https://github.com/mislav/hub Summary : A command-line tool that makes git easier to use with GitHub Description : A command-line tool that makes git easier to use with GitHub --------------------------------------------------------------------------------Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. --------------------------------------------------------------------------------ChangeLog: * Tue Jul 19 2022 Maxwell G - 2.14.2-9 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-ea8f4e232d' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list
Jul 29, 2022
Fedora
89
security advisorymoderateFedoraFedora 36: 2022-5ef0bd9a27 Moderate: Golang Aliyun OSS Update
Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-5ef0bd9a27 2022-07-30 01:52:05.591823 --------------------------------------------------------------------------------Name : golang-github-aliyun-ossutil Product : Fedora 36 Version : 1.7.9 Release : 4.fc36 URL : https://github.com/aliyun/ossutil Summary : Alibaba Cloud (Aliyun) Object Storage Service (OSS) CLI Description : Alibaba Cloud (Aliyun) Object Storage Service (OSS) CLI. --------------------------------------------------------------------------------Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. --------------------------------------------------------------------------------ChangeLog: * Tue Jul 19 2022 Maxwell G - 1.7.9-4 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-5ef0bd9a27' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list
Jul 29, 2022
Fedora
100
security advisorydenial of servicememory corruptionSUSE: 2022:1408-1 Important: Xen Denial Of Service Mitigations
An update that fixes 9 vulnerabilities is now available. . SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1408-1 Rating: important References: #1196915 #1197423 #1197425 #1197426 Cross-References: CVE-2021-26401 CVE-2022-0001 CVE-2022-0002 CVE-2022-26356 CVE-2022-26357 CVE-2022-26358 CVE-2022-26359 CVE-2022-26360 CVE-2022-26361 CVSS scores: CVE-2021-26401 (NVD) : 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-26401 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0001 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0001 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0002 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0002 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-26356 (NVD) : 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-26356 (SUSE): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-26357 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26357 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26358 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26358 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26359 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26359 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26360 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26360 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26361(NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26361 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server for SAP 12-SP3 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-26356: Fixed potential race conditions in dirty memory tracking that could cause a denial of service in the host (bsc#1197423). - CVE-2022-26357: Fixed a potential race condition in memory cleanup for hosts using VT-d IOMMU hardware, which could lead to a denial of service in the host (bsc#1197425). - CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361: Fixed various memory corruption issues for hosts using VT-d or AMD-Vi IOMMU hardware. These could be leveraged by an attacker to cause a denial of service in the host (bsc#1197426). - CVE-2022-0001, CVE-2022-0002, CVE-2021-26401: Added BHB speculation issue mitigations (bsc#1196915). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-1408=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-1408=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-1408=1 - SUSE LinuxEnterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-1408=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-1408=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-1408=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): xen-4.9.4_28-3.103.1 xen-debugsource-4.9.4_28-3.103.1 xen-doc-html-4.9.4_28-3.103.1 xen-libs-32bit-4.9.4_28-3.103.1 xen-libs-4.9.4_28-3.103.1 xen-libs-debuginfo-32bit-4.9.4_28-3.103.1 xen-libs-debuginfo-4.9.4_28-3.103.1 xen-tools-4.9.4_28-3.103.1 xen-tools-debuginfo-4.9.4_28-3.103.1 xen-tools-domU-4.9.4_28-3.103.1 xen-tools-domU-debuginfo-4.9.4_28-3.103.1 - SUSE OpenStack Cloud 8 (x86_64): xen-4.9.4_28-3.103.1 xen-debugsource-4.9.4_28-3.103.1 xen-doc-html-4.9.4_28-3.103.1 xen-libs-32bit-4.9.4_28-3.103.1 xen-libs-4.9.4_28-3.103.1 xen-libs-debuginfo-32bit-4.9.4_28-3.103.1 xen-libs-debuginfo-4.9.4_28-3.103.1 xen-tools-4.9.4_28-3.103.1 xen-tools-debuginfo-4.9.4_28-3.103.1 xen-tools-domU-4.9.4_28-3.103.1 xen-tools-domU-debuginfo-4.9.4_28-3.103.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): xen-4.9.4_28-3.103.1 xen-debugsource-4.9.4_28-3.103.1 xen-doc-html-4.9.4_28-3.103.1 xen-libs-32bit-4.9.4_28-3.103.1 xen-libs-4.9.4_28-3.103.1 xen-libs-debuginfo-32bit-4.9.4_28-3.103.1 xen-libs-debuginfo-4.9.4_28-3.103.1 xen-tools-4.9.4_28-3.103.1 xen-tools-debuginfo-4.9.4_28-3.103.1 xen-tools-domU-4.9.4_28-3.103.1 xen-tools-domU-debuginfo-4.9.4_28-3.103.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): xen-4.9.4_28-3.103.1 xen-debugsource-4.9.4_28-3.103.1 xen-doc-html-4.9.4_28-3.103.1 xen-libs-32bit-4.9.4_28-3.103.1 xen-libs-4.9.4_28-3.103.1 xen-libs-debuginfo-32bit-4.9.4_28-3.103.1 xen-libs-debuginfo-4.9.4_28-3.103.1 xen-tools-4.9.4_28-3.103.1 xen-tools-debuginfo-4.9.4_28-3.103.1 xen-tools-domU-4.9.4_28-3.103.1 xen-tools-domU-debuginfo-4.9.4_28-3.103.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): xen-4.9.4_28-3.103.1 xen-debugsource-4.9.4_28-3.103.1 xen-doc-html-4.9.4_28-3.103.1 xen-libs-32bit-4.9.4_28-3.103.1 xen-libs-4.9.4_28-3.103.1 xen-libs-debuginfo-32bit-4.9.4_28-3.103.1 xen-libs-debuginfo-4.9.4_28-3.103.1 xen-tools-4.9.4_28-3.103.1 xen-tools-debuginfo-4.9.4_28-3.103.1 xen-tools-domU-4.9.4_28-3.103.1 xen-tools-domU-debuginfo-4.9.4_28-3.103.1 - HPE Helion Openstack 8 (x86_64): xen-4.9.4_28-3.103.1 xen-debugsource-4.9.4_28-3.103.1 xen-doc-html-4.9.4_28-3.103.1 xen-libs-32bit-4.9.4_28-3.103.1 xen-libs-4.9.4_28-3.103.1 xen-libs-debuginfo-32bit-4.9.4_28-3.103.1 xen-libs-debuginfo-4.9.4_28-3.103.1 xen-tools-4.9.4_28-3.103.1 xen-tools-debuginfo-4.9.4_28-3.103.1 xen-tools-domU-4.9.4_28-3.103.1 xen-tools-domU-debuginfo-4.9.4_28-3.103.1 References: https://www.suse.com/security/cve/CVE-2021-26401.html https://www.suse.com/security/cve/CVE-2022-0001.html https://www.suse.com/security/cve/CVE-2022-0002.html https://www.suse.com/security/cve/CVE-2022-26356.html https://www.suse.com/security/cve/CVE-2022-26357.html https://www.suse.com/security/cve/CVE-2022-26358.html https://www.suse.com/security/cve/CVE-2022-26359.html https://www.suse.com/security/cve/CVE-2022-26360.html https://www.suse.com/security/cve/CVE-2022-26361.html https://bugzilla.suse.com/1196915 https://bugzilla.suse.com/1197423 https://bugzilla.suse.com/1197425 https://bugzilla.suse.com/1197426 . A new release for Xen has been issued, tackling 9 vulnerabilities, featuring crucial defenses against service interruption threats.. SUSE Update, Denial Of Service, Memory Issues, Important Fixes. . Severity: Important.LinuxSecurity.com Team
Apr 26, 2022
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!