Explore top 10 tips to secure your open-source projects now. Read More
×An update that solves one vulnerability can now be installed.. # Security update for python-urllib3_1 Announcement ID: SUSE-SU-2026:2067-1 Release Date: 2026-05-26T07:29:10Z Rating: important References: * bsc#1265267 Cross-References: * CVE-2026-44431 CVSS scores: * CVE-2026-44431 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-44431 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-44431 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-44431 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: * openSUSE Leap 15.6 * Python 3 Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for python-urllib3_1 fixes the following issue * CVE-2026-44431: sensitive information disclosure due to sensitive headers being forwarded across origins in proxied low-level redirects (bsc#1265267). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-2067=1 * Python 3 Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-2067=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2067=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patchSUSE-SLE-Product-SLES_SAP-15-SP6-2026-2067=1 ## Package List: * openSUSE Leap 15.6 (noarch) * python311-urllib3_1-1.26.18-150600.3.9.1 * Python 3 Module 15-SP7 (noarch) * python311-urllib3_1-1.26.18-150600.3.9.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * python311-urllib3_1-1.26.18-150600.3.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * python311-urllib3_1-1.26.18-150600.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2026-44431.html * https://bugzilla.suse.com/show_bug.cgi?id=1265267 . SUSE releases security update for python-urllib3 addressing important information disclosure issue with CVE-2026-44431. . security update, python-urllib3 vulnerabilities, openSUSE security patch. . Severity: Important. LinuxSecurity.com Team
CERT Polska and nullcathedral discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not correctly process and sanitize requests. This would allow an attacker to perform CSS injection attacks, or leak sensitive information. For the oldstable distribution (bookworm), these problems have been fixed. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6137-1
* bsc#1232234 Cross-References: * CVE-2024-10041 . # Security update for pam Announcement ID: SUSE-SU-2025:1334-1 Release Date: 2025-04-17T07:03:26Z Rating: moderate References: * bsc#1232234 Cross-References: * CVE-2024-10041 CVSS scores: * CVE-2024-10041 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-10041 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-10041 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP6 * Development Tools Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for pam fixes the following issues: * CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-1334=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-1334=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-1334=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-1334=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patchSUSE-SLE-Micro-5.4-2025-1334=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2025-1334=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-1334=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-1334=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2025-1334=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-1334=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-1334=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * pam-extra-debuginfo-1.3.0-150000.6.76.1 * pam-debugsource-1.3.0-150000.6.76.1 * pam-extra-1.3.0-150000.6.76.1 * pam-devel-1.3.0-150000.6.76.1 * pam-1.3.0-150000.6.76.1 * pam-debuginfo-1.3.0-150000.6.76.1 * openSUSE Leap 15.6 (x86_64) * pam-devel-32bit-1.3.0-150000.6.76.1 * pam-extra-32bit-1.3.0-150000.6.76.1 * pam-extra-32bit-debuginfo-1.3.0-150000.6.76.1 * pam-32bit-1.3.0-150000.6.76.1 * pam-32bit-debuginfo-1.3.0-150000.6.76.1 * openSUSE Leap 15.6 (noarch) * pam-doc-1.3.0-150000.6.76.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * pam-1.3.0-150000.6.76.1 * pam-debuginfo-1.3.0-150000.6.76.1 * pam-debugsource-1.3.0-150000.6.76.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * pam-1.3.0-150000.6.76.1 * pam-debuginfo-1.3.0-150000.6.76.1 * pam-debugsource-1.3.0-150000.6.76.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * pam-1.3.0-150000.6.76.1 * pam-debuginfo-1.3.0-150000.6.76.1 * pam-debugsource-1.3.0-150000.6.76.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * pam-1.3.0-150000.6.76.1 * pam-debuginfo-1.3.0-150000.6.76.1 * pam-debugsource-1.3.0-150000.6.76.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) *pam-1.3.0-150000.6.76.1 * pam-debuginfo-1.3.0-150000.6.76.1 * pam-debugsource-1.3.0-150000.6.76.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * pam-extra-debuginfo-1.3.0-150000.6.76.1 * pam-debugsource-1.3.0-150000.6.76.1 * pam-extra-1.3.0-150000.6.76.1 * pam-devel-1.3.0-150000.6.76.1 * pam-1.3.0-150000.6.76.1 * pam-debuginfo-1.3.0-150000.6.76.1 * Basesystem Module 15-SP6 (noarch) * pam-doc-1.3.0-150000.6.76.1 * Basesystem Module 15-SP6 (x86_64) * pam-32bit-debuginfo-1.3.0-150000.6.76.1 * pam-extra-32bit-debuginfo-1.3.0-150000.6.76.1 * pam-extra-32bit-1.3.0-150000.6.76.1 * pam-32bit-1.3.0-150000.6.76.1 * Development Tools Module 15-SP6 (x86_64) * pam-32bit-debuginfo-1.3.0-150000.6.76.1 * pam-devel-32bit-1.3.0-150000.6.76.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * pam-1.3.0-150000.6.76.1 * pam-debuginfo-1.3.0-150000.6.76.1 * pam-debugsource-1.3.0-150000.6.76.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * pam-1.3.0-150000.6.76.1 * pam-debuginfo-1.3.0-150000.6.76.1 * pam-debugsource-1.3.0-150000.6.76.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * pam-1.3.0-150000.6.76.1 * pam-debuginfo-1.3.0-150000.6.76.1 * pam-debugsource-1.3.0-150000.6.76.1 ## References: * https://www.suse.com/security/cve/CVE-2024-10041.html * https://bugzilla.suse.com/show_bug.cgi?id=1232234 . Notice for security updates highlights a potential threat regarding sensitive information leakage during the login process on SUSE platforms.. SUSE Linux, pam security update, authentication risks, data exposure, Linux security advisory. . LinuxSecurity.com Team
* bsc#1232234 Cross-References: * CVE-2024-10041 . # Security update for pam Announcement ID: SUSE-SU-2025:1158-1 Release Date: 2025-04-07T13:25:23Z Rating: moderate References: * bsc#1232234 Cross-References: * CVE-2024-10041 CVSS scores: * CVE-2024-10041 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-10041 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-10041 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for pam fixes the following issues: * CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-1158=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * pam-32bit-1.1.8-24.64.1 * pam-devel-1.1.8-24.64.1 * pam-1.1.8-24.64.1 * pam-extra-debuginfo-32bit-1.1.8-24.64.1 * pam-debugsource-1.1.8-24.64.1 * pam-extra-32bit-1.1.8-24.64.1 * pam-debuginfo-32bit-1.1.8-24.64.1 * pam-extra-1.1.8-24.64.1 * pam-extra-debuginfo-1.1.8-24.64.1 * pam-debuginfo-1.1.8-24.64.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * pam-doc-1.1.8-24.64.1 ## References: * https://www.suse.com/security/cve/CVE-2024-10041.html * https://bugzilla.suse.com/show_bug.cgi?id=1232234 . An upgrade to the pam security framework addresses a moderate vulnerabilityrelated to sensitive data leaks that can occur during the authentication process, containing essential information.. SUSE Linux, Security Update, pam, Authentication Security, Data Exposure. . LinuxSecurity.com Team
An update that solves two vulnerabilities can now be installed.. # Security update for podman Announcement ID: SUSE-SU-2025:0579-1 Release Date: 2025-02-18T13:00:27Z Rating: moderate References: * bsc#1227052 * bsc#1236507 Cross-References: * CVE-2023-45288 * CVE-2024-6104 CVSS scores: * CVE-2023-45288 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2023-45288 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-6104 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N * CVE-2024-6104 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves two vulnerabilities can now be installed. ## Description: This update for podman fixes the following issues: * CVE-2024-6104: possible sensitive data exposure due to hashicorp/go- retryablehttp not sanitizing URLs when writing them to log files. (bsc#1227052) * CVE-2023-45288: possible excessive CPU consumption due to no limit being set on the number of CONTINUATION frames read for an HTTP/2 request in golang.org/x/net/http2. (bsc#1236507) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-579=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-579=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-579=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-579=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-579=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * podmansh-4.9.5-150400.4.38.1 * podman-remote-debuginfo-4.9.5-150400.4.38.1 * podman-debuginfo-4.9.5-150400.4.38.1 * podman-4.9.5-150400.4.38.1 * podman-remote-4.9.5-150400.4.38.1 * openSUSE Leap 15.4 (noarch) * podman-docker-4.9.5-150400.4.38.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * podman-4.9.5-150400.4.38.1 * podman-remote-4.9.5-150400.4.38.1 * podman-remote-debuginfo-4.9.5-150400.4.38.1 * podman-debuginfo-4.9.5-150400.4.38.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * podman-4.9.5-150400.4.38.1 * podman-remote-4.9.5-150400.4.38.1 * podman-remote-debuginfo-4.9.5-150400.4.38.1 * podman-debuginfo-4.9.5-150400.4.38.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * podman-4.9.5-150400.4.38.1 * podman-remote-4.9.5-150400.4.38.1 * podman-remote-debuginfo-4.9.5-150400.4.38.1 * podman-debuginfo-4.9.5-150400.4.38.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * podman-4.9.5-150400.4.38.1 * podman-remote-4.9.5-150400.4.38.1 * podman-remote-debuginfo-4.9.5-150400.4.38.1 * podman-debuginfo-4.9.5-150400.4.38.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45288.html * https://www.suse.com/security/cve/CVE-2024-6104.html * https://bugzilla.suse.com/show_bug.cgi?id=1227052 * https://bugzilla.suse.com/show_bug.cgi?id=1236507 . Container security patch SUSE-SU-2024:1415-1 targets moderate vulnerabilities in openSUSE and SUSE Enterprise Linux.. Podman Update, Security Advisory, SUSE Linux Enterprise, Data Exposure, CPU Consumption. . LinuxSecurity.com Team
* bsc#1227052 * bsc#1236507 Cross-References: * CVE-2023-45288 . # Security update for podman Announcement ID: SUSE-SU-2025:0579-1 Release Date: 2025-02-18T13:00:27Z Rating: moderate References: * bsc#1227052 * bsc#1236507 Cross-References: * CVE-2023-45288 * CVE-2024-6104 CVSS scores: * CVE-2023-45288 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2023-45288 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-6104 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N * CVE-2024-6104 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves two vulnerabilities can now be installed. ## Description: This update for podman fixes the following issues: * CVE-2024-6104: possible sensitive data exposure due to hashicorp/go- retryablehttp not sanitizing URLs when writing them to log files. (bsc#1227052) * CVE-2023-45288: possible excessive CPU consumption due to no limit being set on the number of CONTINUATION frames read for an HTTP/2 request in golang.org/x/net/http2. (bsc#1236507) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-579=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-579=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-579=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-579=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-579=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * podmansh-4.9.5-150400.4.38.1 * podman-remote-debuginfo-4.9.5-150400.4.38.1 * podman-debuginfo-4.9.5-150400.4.38.1 * podman-4.9.5-150400.4.38.1 * podman-remote-4.9.5-150400.4.38.1 * openSUSE Leap 15.4 (noarch) * podman-docker-4.9.5-150400.4.38.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * podman-4.9.5-150400.4.38.1 * podman-remote-4.9.5-150400.4.38.1 * podman-remote-debuginfo-4.9.5-150400.4.38.1 * podman-debuginfo-4.9.5-150400.4.38.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * podman-4.9.5-150400.4.38.1 * podman-remote-4.9.5-150400.4.38.1 * podman-remote-debuginfo-4.9.5-150400.4.38.1 * podman-debuginfo-4.9.5-150400.4.38.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * podman-4.9.5-150400.4.38.1 * podman-remote-4.9.5-150400.4.38.1 * podman-remote-debuginfo-4.9.5-150400.4.38.1 * podman-debuginfo-4.9.5-150400.4.38.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * podman-4.9.5-150400.4.38.1 * podman-remote-4.9.5-150400.4.38.1 * podman-remote-debuginfo-4.9.5-150400.4.38.1 * podman-debuginfo-4.9.5-150400.4.38.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45288.html * https://www.suse.com/security/cve/CVE-2024-6104.html * https://bugzilla.suse.com/show_bug.cgi?id=1227052 * https://bugzilla.suse.com/show_bug.cgi?id=1236507 . A recent security patch for container management tool podman tackles high CPU usage and potential data leaks. It is advisable to apply the suggested updates immediately!. podman security,SUSE updates,CPU issue,data exposure,security fixes. . LinuxSecurity.com Team
* bsc#1227056 * bsc#1236483 Cross-References: * CVE-2023-45288 . # Security update for skopeo Announcement ID: SUSE-SU-2025:0420-1 Release Date: 2025-02-11T10:27:29Z Rating: moderate References: * bsc#1227056 * bsc#1236483 Cross-References: * CVE-2023-45288 * CVE-2024-6104 CVSS scores: * CVE-2023-45288 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2023-45288 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-6104 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N * CVE-2024-6104 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.3 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for skopeo fixes the following issues: * CVE-2024-6104: possible sensitive data exposure due to hashicorp/go- retryablehttp not sanitizing URLs when writing them to log files. (bsc#1227056) * CVE-2023-45288: possible excessive CPU consumption due to no limit being set on the number of CONTINUATION frames read for an HTTP/2 request in golang.org/x/net/http2. (bsc#1236483) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2025-420=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-420=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-420=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-420=1 ## Package List: * SUSE LinuxEnterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * skopeo-debuginfo-1.14.4-150300.11.16.1 * skopeo-1.14.4-150300.11.16.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * skopeo-debuginfo-1.14.4-150300.11.16.1 * skopeo-1.14.4-150300.11.16.1 * Basesystem Module 15-SP6 (noarch) * skopeo-zsh-completion-1.14.4-150300.11.16.1 * skopeo-bash-completion-1.14.4-150300.11.16.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * skopeo-debuginfo-1.14.4-150300.11.16.1 * skopeo-1.14.4-150300.11.16.1 * openSUSE Leap 15.3 (noarch) * skopeo-zsh-completion-1.14.4-150300.11.16.1 * skopeo-fish-completion-1.14.4-150300.11.16.1 * skopeo-bash-completion-1.14.4-150300.11.16.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * skopeo-debuginfo-1.14.4-150300.11.16.1 * skopeo-1.14.4-150300.11.16.1 * openSUSE Leap 15.6 (noarch) * skopeo-zsh-completion-1.14.4-150300.11.16.1 * skopeo-fish-completion-1.14.4-150300.11.16.1 * skopeo-bash-completion-1.14.4-150300.11.16.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45288.html * https://www.suse.com/security/cve/CVE-2024-6104.html * https://bugzilla.suse.com/show_bug.cgi?id=1227056 * https://bugzilla.suse.com/show_bug.cgi?id=1236483 . This Ubuntu notice upgrades podman to resolve significant vulnerabilities impacting several variants. Immediate attention needed.. SUSE Updates,Skopeo Security Advisory,OpenSUSE Security Fix. . LinuxSecurity.com Team
Hibernate could be made to expose sensitive information.. ========================================================================== Ubuntu Security Notice USN-6845-1 June 24, 2024 libhibernate3-java vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Hibernate could be made to expose sensitive information. Software Description: - libhibernate3-java: Relational Persistence for Idiomatic Java Details: It was discovered that Hibernate incorrectly handled certain inputs with unsanitized literals. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS libhibernate3-java 3.6.10.Final-9+deb10u1build0.20.04.1 Ubuntu 18.04 LTS libhibernate3-java 3.6.10.Final-9ubuntu0.18.04.1~esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS libhibernate3-java 3.6.10.Final-4ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6845-1 CVE-2020-25638 Package Information: https://launchpad.net/ubuntu/+source/libhibernate3-java/3.6.10.Final-9+deb10u1build0.20.04.1 . Protect your Ubuntu platform from the potential threat of Hibernate's confidential information leak with this critical alert.. Hibernate, libhibernate3-java, Ubuntu Security, Sensitive Data, Vulnerability Update. . Severity: Critical. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.