Explore top 10 tips to secure your open-source projects now. Read More
×Several security issues were fixed in the Linux kernel.. ========================================================================== Ubuntu Security Notice USN-8098-8 March 25, 2026 linux-azure-fips vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-azure-fips: Linux kernel for Microsoft Azure Cloud systems with FIPS Details: Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module (LSM). An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information (kernel memory), local privilege escalation, or possibly escape a container. (LP: #2143853) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - x86 architecture; - GPIO subsystem; - GPU drivers; - BTRFS file system; - XFRM subsystem; - IPv4 networking; - IPv6 networking; - MAC80211 subsystem; - SMC sockets; (CVE-2021-47599, CVE-2022-48875, CVE-2022-49072, CVE-2024-49927, CVE-2024-56640, CVE-2025-21780, CVE-2025-40215) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS linux-image-5.4.0-1160-azure-fips 5.4.0-1160.166+fips1 Available with Ubuntu Pro linux-image-azure-fips 5.4.0.1160.97 Available with Ubuntu Pro linux-image-azure-fips-5.4 5.4.0.1160.97 Available with Ubuntu Pro After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updateshave been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-8098-8 https://ubuntu.com/security/notices/USN-8098-7 https://ubuntu.com/security/notices/USN-8098-6 https://ubuntu.com/security/notices/USN-8098-5 https://ubuntu.com/security/notices/USN-8098-4 https://ubuntu.com/security/notices/USN-8098-3 https://ubuntu.com/security/notices/USN-8098-2 https://ubuntu.com/security/notices/USN-8098-1 https://launchpad.net/bugs/2143853 CVE-2021-47599, CVE-2022-48875, CVE-2022-49072, CVE-2022-49267, CVE-2024-49927, CVE-2024-56640, CVE-2025-21780, CVE-2025-40215, Package Information: . Linux kernel security issues in Ubuntu 20.04 LTS addressed with important updates. Ensure system security compliance now.. Ubuntu Linux kernel security issues FIPS local privilege escalation. . LinuxSecurity.com Team
Several security issues were fixed in the Linux kernel.. ========================================================================== Ubuntu Security Notice USN-8096-2 March 16, 2026 linux-fips, linux-aws-fips, linux-gcp-fips vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-aws-fips: Linux kernel for Amazon Web Services (AWS) systems with FIPS - linux-fips: Linux kernel with FIPS - linux-gcp-fips: Linux kernel for Google Cloud Platform (GCP) systems with FIPS Details: Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module (LSM). An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information (kernel memory), local privilege escalation, or possibly escape a container. (LP: #2143853) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - ATM drivers; - Drivers core; - Network block device driver; - Bluetooth drivers; - Character device driver; - TPM device driver; - Data acquisition framework and drivers; - Counter interface drivers; - CPU frequency scaling framework; - Intel Stratix 10 firmware drivers; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - IIO subsystem; - InfiniBand drivers; - Input Device core drivers; - Input Device (Tablet) drivers; - ISDN/mISDN subsystem; - Macintosh device drivers; - Media drivers; - MOST (Media Oriented Systems Transport) drivers; - MTD block device drivers; - Networkdrivers; - Mellanox network drivers; - Texas Instruments network drivers; - Ethernet team driver; - MediaTek network drivers; - NVME drivers; - PA-RISC drivers; - PCI subsystem; - Chrome hardware platform drivers; - x86 platform drivers; - ARM PM domains; - Voltage and Current Regulator drivers; - S/390 drivers; - SCSI subsystem; - Texas Instruments SoC drivers; - SPI subsystem; - Realtek RTL8723BS SDIO drivers; - TCM subsystem; - Cadence USB3 driver; - DesignWare USB3 driver; - USB Gadget drivers; - USB Host Controller drivers; - Renesas USBHS Controller drivers; - USB Mass Storage drivers; - USB Type-C Connector System Software Interface driver; - Backlight driver; - Framebuffer layer; - Watchdog drivers; - BFS file system; - BTRFS file system; - Ext4 file system; - F2FS file system; - FUSE (File system in Userspace); - HFS+ file system; - Journaling layer for block devices (JBD2); - JFS file system; - Network file system (NFS) client; - Network file system (NFS) server daemon; - File system notification infrastructure; - NTFS3 file system; - OCFS2 file system; - OrangeFS file system; - Proc file system; - SMB network file system; - XFS file system; - BPF subsystem; - Ethernet bridge; - Memory management; - Network traffic control; - io_uring subsystem; - Locking primitives; - Scheduler infrastructure; - Shadow Call Stack mechanism; - Tracing infrastructure; - Bluetooth subsystem; - CAIF protocol; - CAN network layer; - Ceph Core library; - Networking core; - Ethtool driver; - HSR network protocol; - IPv4 networking; - IPv6 networking; - MAC80211 subsystem; - Multipath TCP; - Netfilter; - NET/ROM layer; - NFC subsystem; - Open vSwitch; - Rose network layer; - SCTP protocol; - Network sockets; - Sun RPC protocol; - TIPC protocol; - VMware vSockets driver; - Wireless networking; - Rustbindings mechanism; - Integrity Measurement Architecture(IMA) framework; - Key management; - Simplified Mandatory Access Control Kernel framework; - FireWire sound drivers; - Turtle Beach Wavefront ALSA driver; - STMicroelectronics SoC drivers; - USB sound devices; (CVE-2022-49465, CVE-2024-36903, CVE-2024-36927, CVE-2024-37354, CVE-2024-41014, CVE-2024-46830, CVE-2024-47666, CVE-2024-49968, CVE-2025-22022, CVE-2025-22111, CVE-2025-22121, CVE-2025-38022, CVE-2025-38129, CVE-2025-38556, CVE-2025-40040, CVE-2025-40083, CVE-2025-40110, CVE-2025-40211, CVE-2025-40248, CVE-2025-40252, CVE-2025-40253, CVE-2025-40254, CVE-2025-40257, CVE-2025-40258, CVE-2025-40259, CVE-2025-40261, CVE-2025-40262, CVE-2025-40263, CVE-2025-40264, CVE-2025-40269, CVE-2025-40271, CVE-2025-40272, CVE-2025-40273, CVE-2025-40275, CVE-2025-40277, CVE-2025-40278, CVE-2025-40279, CVE-2025-40280, CVE-2025-40281, CVE-2025-40282, CVE-2025-40283, CVE-2025-40304, CVE-2025-40306, CVE-2025-40308, CVE-2025-40309, CVE-2025-40312, CVE-2025-40313, CVE-2025-40314, CVE-2025-40315, CVE-2025-40317, CVE-2025-40319, CVE-2025-40321, CVE-2025-40322, CVE-2025-40324, CVE-2025-40331, CVE-2025-40342, CVE-2025-40343, CVE-2025-40345, CVE-2025-40360, CVE-2025-40363, CVE-2025-68168, CVE-2025-68176, CVE-2025-68177, CVE-2025-68185, CVE-2025-68191, CVE-2025-68192, CVE-2025-68194, CVE-2025-68200, CVE-2025-68204, CVE-2025-68217, CVE-2025-68220, CVE-2025-68227, CVE-2025-68229, CVE-2025-68238, CVE-2025-68241, CVE-2025-68244, CVE-2025-68245, CVE-2025-68254, CVE-2025-68255, CVE-2025-68257, CVE-2025-68258, CVE-2025-68261, CVE-2025-68264, CVE-2025-68266, CVE-2025-68282, CVE-2025-68284, CVE-2025-68285, CVE-2025-68286, CVE-2025-68287, CVE-2025-68288, CVE-2025-68289, CVE-2025-68290, CVE-2025-68295, CVE-2025-68301, CVE-2025-68302, CVE-2025-68303, CVE-2025-68308, CVE-2025-68312, CVE-2025-68321, CVE-2025-68325, CVE-2025-68327, CVE-2025-68328, CVE-2025-68330, CVE-2025-68331, CVE-2025-68332, CVE-2025-68335, CVE-2025-68336, CVE-2025-68337, CVE-2025-68339, CVE-2025-68344,CVE-2025-68346, CVE-2025-68349, CVE-2025-68354, CVE-2025-68362, CVE-2025-68364, CVE-2025-68366, CVE-2025-68367, CVE-2025-68372, CVE-2025-68724, CVE-2025-68727, CVE-2025-68728, CVE-2025-68732, CVE-2025-68733, CVE-2025-68734, CVE-2025-68740, CVE-2025-68746, CVE-2025-68757, CVE-2025-68758, CVE-2025-68759, CVE-2025-68764, CVE-2025-68765, CVE-2025-68767, CVE-2025-68769, CVE-2025-68771, CVE-2025-68774, CVE-2025-68776, CVE-2025-68777, CVE-2025-68780, CVE-2025-68782, CVE-2025-68783, CVE-2025-68785, CVE-2025-68787, CVE-2025-68788, CVE-2025-68795, CVE-2025-68796, CVE-2025-68797, CVE-2025-68799, CVE-2025-68800, CVE-2025-68801, CVE-2025-68803, CVE-2025-68804, CVE-2025-68808, CVE-2025-68813, CVE-2025-68814, CVE-2025-68815, CVE-2025-68816, CVE-2025-68818, CVE-2025-68819, CVE-2025-68820, CVE-2025-68821, CVE-2025-71064, CVE-2025-71066, CVE-2025-71068, CVE-2025-71069, CVE-2025-71075, CVE-2025-71077, CVE-2025-71078, CVE-2025-71079, CVE-2025-71081, CVE-2025-71082, CVE-2025-71083, CVE-2025-71084, CVE-2025-71085, CVE-2025-71086, CVE-2025-71087, CVE-2025-71091, CVE-2025-71093, CVE-2025-71094, CVE-2025-71096, CVE-2025-71097, CVE-2025-71098, CVE-2025-71102, CVE-2025-71104, CVE-2025-71105, CVE-2025-71108, CVE-2025-71111, CVE-2025-71112, CVE-2025-71113, CVE-2025-71114, CVE-2025-71116, CVE-2025-71118, CVE-2025-71120, CVE-2025-71121, CVE-2025-71125, CVE-2025-71127, CVE-2025-71131, CVE-2025-71132, CVE-2025-71133, CVE-2025-71136, CVE-2025-71137, CVE-2025-71147, CVE-2025-71154, CVE-2025-71180, CVE-2025-71182, CVE-2026-22976, CVE-2026-22977, CVE-2026-22978, CVE-2026-22980, CVE-2026-22982, CVE-2026-22984, CVE-2026-22990, CVE-2026-22991, CVE-2026-22992, CVE-2026-23019, CVE-2026-23020, CVE-2026-23021, CVE-2026-23047) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS linux-image-5.15.0-1103-aws-fips 5.15.0-1103.110+fips1 Available with Ubuntu Pro linux-image-5.15.0-1103-gcp-fips 5.15.0-1103.112+fips1 Available with Ubuntu Pro linux-image-5.15.0-173-fips 5.15.0-173.183+fips1 Available with Ubuntu Pro linux-image-aws-fips 5.15.0.1103.99 Available with Ubuntu Pro linux-image-aws-fips-5.15 5.15.0.1103.99 Available with Ubuntu Pro linux-image-fips 5.15.0.173.100 Available with Ubuntu Pro linux-image-fips-5.15 5.15.0.173.100 Available with Ubuntu Pro linux-image-gcp-fips 5.15.0.1103.93 Available with Ubuntu Pro linux-image-gcp-fips-5.15 5.15.0.1103.93 Available with Ubuntu Pro After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-8096-2 https://ubuntu.com/security/notices/USN-8096-1 https://launchpad.net/bugs/2143853 CVE-2022-49465, CVE-2024-36903, CVE-2024-36927, CVE-2024-37354, CVE-2024-41014, CVE-2024-46830, CVE-2024-47666, CVE-2024-49968, CVE-2025-22022, CVE-2025-22111, CVE-2025-22121, CVE-2025-38022, CVE-2025-38129, CVE-2025-38556, CVE-2025-40040, CVE-2025-40083, CVE-2025-40110, CVE-2025-40211, CVE-2025-40248, CVE-2025-40252, CVE-2025-40253, CVE-2025-40254, CVE-2025-40257, CVE-2025-40258, CVE-2025-40259, CVE-2025-40261, CVE-2025-40262, CVE-2025-40263, CVE-2025-40264, CVE-2025-40269, CVE-2025-40271, CVE-2025-40272, CVE-2025-40273,CVE-2025-40275, CVE-2025-40277, CVE-2025-40278, CVE-2025-40279, CVE-2025-40280, CVE-2025-40281, CVE-2025-40282, CVE-2025-40283, CVE-2025-40304, CVE-2025-40306, CVE-2025-40308, CVE-2025-40309, CVE-2025-40312, CVE-2025-40313, CVE-2025-40314, CVE-2025-40315, CVE-2025-40317, CVE-2025-40319, CVE-2025-40321, CVE-2025-40322, CVE-2025-40324, CVE-2025-40331, CVE-2025-40342, CVE-2025-40343, CVE-2025-40345, CVE-2025-40360, CVE-2025-40363, CVE-2025-68168, CVE-2025-68176, CVE-2025-68177, CVE-2025-68185, CVE-2025-68191, CVE-2025-68192, CVE-2025-68194, CVE-2025-68200, CVE-2025-68204, CVE-2025-68217, CVE-2025-68220, CVE-2025-68227, CVE-2025-68229, CVE-2025-68238, CVE-2025-68241, CVE-2025-68244, CVE-2025-68245, CVE-2025-68254, CVE-2025-68255, CVE-2025-68257, CVE-2025-68258, CVE-2025-68261, CVE-2025-68264, CVE-2025-68266, CVE-2025-68282, CVE-2025-68284, CVE-2025-68285, CVE-2025-68286, CVE-2025-68287, CVE-2025-68288, CVE-2025-68289, CVE-2025-68290, CVE-2025-68295, CVE-2025-68301, CVE-2025-68302, CVE-2025-68303, CVE-2025-68308, CVE-2025-68312, CVE-2025-68321, CVE-2025-68325, CVE-2025-68327, CVE-2025-68328, CVE-2025-68330, CVE-2025-68331, CVE-2025-68332, CVE-2025-68335, CVE-2025-68336, CVE-2025-68337, CVE-2025-68339, CVE-2025-68344, CVE-2025-68346, CVE-2025-68349, CVE-2025-68354, CVE-2025-68362, CVE-2025-68364, CVE-2025-68366, CVE-2025-68367, CVE-2025-68372, CVE-2025-68724, CVE-2025-68727, CVE-2025-68728, CVE-2025-68732, CVE-2025-68733, CVE-2025-68734, CVE-2025-68740, CVE-2025-68746, CVE-2025-68757, CVE-2025-68758, CVE-2025-68759, CVE-2025-68764, CVE-2025-68765, CVE-2025-68767, CVE-2025-68769, CVE-2025-68771, CVE-2025-68774, CVE-2025-68776, CVE-2025-68777, CVE-2025-68780, CVE-2025-68782, CVE-2025-68783, CVE-2025-68785, CVE-2025-68787, CVE-2025-68788, CVE-2025-68795, CVE-2025-68796, CVE-2025-68797, CVE-2025-68799, CVE-2025-68800, CVE-2025-68801, CVE-2025-68803, CVE-2025-68804, CVE-2025-68808, CVE-2025-68813, CVE-2025-68814, CVE-2025-68815,CVE-2025-68816, CVE-2025-68818, CVE-2025-68819, CVE-2025-68820, CVE-2025-68821, CVE-2025-71064, CVE-2025-71066, CVE-2025-71068, CVE-2025-71069, CVE-2025-71075, CVE-2025-71077, CVE-2025-71078, CVE-2025-71079, CVE-2025-71081, CVE-2025-71082, CVE-2025-71083, CVE-2025-71084, CVE-2025-71085, CVE-2025-71086, CVE-2025-71087, CVE-2025-71091, CVE-2025-71093, CVE-2025-71094, CVE-2025-71096, CVE-2025-71097, CVE-2025-71098, CVE-2025-71102, CVE-2025-71104, CVE-2025-71105, CVE-2025-71108, CVE-2025-71111, CVE-2025-71112, CVE-2025-71113, CVE-2025-71114, CVE-2025-71116, CVE-2025-71118, CVE-2025-71120, CVE-2025-71121, CVE-2025-71125, CVE-2025-71127, CVE-2025-71131, CVE-2025-71132, CVE-2025-71133, CVE-2025-71136, CVE-2025-71137, CVE-2025-71147, CVE-2025-71154, CVE-2025-71180, CVE-2025-71182, CVE-2026-22976, CVE-2026-22977, CVE-2026-22978, CVE-2026-22980, CVE-2026-22982, CVE-2026-22984, CVE-2026-22990, CVE-2026-22991, CVE-2026-22992, CVE-2026-23019, CVE-2026-23020, CVE-2026-23021, CVE-2026-23047 Package Information: . Ubuntu 22.04 LTS Linux kernel updates address multiple security issues, ensuring safer system operations.. Linux Kernel Security, Ubuntu 22.04, Denial of Service, Privilege Escalation. . LinuxSecurity.com Team
Several security issues were fixed in the Linux kernel.. ========================================================================== Ubuntu Security Notice USN-7939-2 December 16, 2025 linux-azure-fips vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-azure-fips: Linux kernel for Microsoft Azure Cloud systems with FIPS Details: Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this to expose sensitive information from the host OS. (CVE-2025-40300) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - ACPI drivers; - HSI subsystem; - I3C subsystem; - InfiniBand drivers; - Media drivers; - Network drivers; - Pin controllers subsystem; - AFS file system; - F2FS file system; - SMB network file system; - Padata parallel execution mechanism; - Timer subsystem; - Tracing infrastructure; - Memory management; - Appletalk network protocol; - Networking core; - Netfilter; (CVE-2022-49026, CVE-2022-49390, CVE-2023-52854, CVE-2024-35867, CVE-2024-47691, CVE-2024-49935, CVE-2024-50061, CVE-2024-50067, CVE-2024-50095, CVE-2024-50196, CVE-2024-53090, CVE-2024-53218, CVE-2024-56664, CVE-2025-21727, CVE-2025-21855, CVE-2025-37838, CVE-2025-37958, CVE-2025-38352, CVE-2025-38666, CVE-2025-39964, CVE-2025-39993, CVE-2025-40018) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS linux-image-5.4.0-1157-azure-fips 5.4.0-1157.164+fips1 Available with Ubuntu Pro linux-image-azure-fips 5.4.0.1157.94 Available with Ubuntu Pro linux-image-azure-fips-5.4 5.4.0.1157.94 Available with Ubuntu Pro After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-7939-2 https://ubuntu.com/security/notices/USN-7939-1 CVE-2022-49026, CVE-2022-49390, CVE-2023-52854, CVE-2024-35867, CVE-2024-47691, CVE-2024-49935, CVE-2024-50061, CVE-2024-50067, CVE-2024-50095, CVE-2024-50196, CVE-2024-53090, CVE-2024-53218, CVE-2024-56664, CVE-2025-21727, CVE-2025-21855, CVE-2025-37838, CVE-2025-37958, CVE-2025-38352, CVE-2025-38666, CVE-2025-39964, CVE-2025-39993, CVE-2025-40018, CVE-2025-40300 Package Information: . Several security issues in the Linux kernel for Azure FIPS highlight risks for sensitive data exposure.. Ubuntu Security Notices, Linux kernel issues, Azure FIPS vulnerabilities. . LinuxSecurity.com Team
Spring Framework could be made to run programs or expose sensitive information if it received specially crafted network traffic.. ========================================================================== Ubuntu Security Notice USN-7165-1 December 17, 2024 libspring-java vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Spring Framework could be made to run programs or expose sensitive information if it received specially crafted network traffic. Software Description: - libspring-java: Modular Java/J2EE application framework Details: It was discovered that the Spring Framework incorrectly handled web requests via data binding. An attacker could possibly use this issue to achieve remote code execution and obtain sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 libspring-aop-java 4.3.30-2ubuntu0.24.10.1 libspring-beans-java 4.3.30-2ubuntu0.24.10.1 libspring-context-java 4.3.30-2ubuntu0.24.10.1 libspring-context-support-java 4.3.30-2ubuntu0.24.10.1 libspring-core-java 4.3.30-2ubuntu0.24.10.1 libspring-expression-java 4.3.30-2ubuntu0.24.10.1 libspring-instrument-java 4.3.30-2ubuntu0.24.10.1 libspring-jdbc-java 4.3.30-2ubuntu0.24.10.1 libspring-jms-java 4.3.30-2ubuntu0.24.10.1 libspring-messaging-java 4.3.30-2ubuntu0.24.10.1 libspring-orm-java 4.3.30-2ubuntu0.24.10.1 libspring-oxm-java 4.3.30-2ubuntu0.24.10.1 libspring-transaction-java 4.3.30-2ubuntu0.24.10.1 libspring-web-java 4.3.30-2ubuntu0.24.10.1 libspring-web-portlet-java 4.3.30-2ubuntu0.24.10.1 libspring-web-servlet-java 4.3.30-2ubuntu0.24.10.1 Ubuntu 24.04 LTS libspring-aop-java 4.3.30-2ubuntu0.24.04.1~esm1 Available with Ubuntu Pro libspring-beans-java 4.3.30-2ubuntu0.24.04.1~esm1 Available with Ubuntu Pro libspring-context-java 4.3.30-2ubuntu0.24.04.1~esm1 Available with Ubuntu Pro libspring-context-support-java 4.3.30-2ubuntu0.24.04.1~esm1 Available with Ubuntu Pro libspring-core-java 4.3.30-2ubuntu0.24.04.1~esm1 Available with Ubuntu Pro libspring-expression-java 4.3.30-2ubuntu0.24.04.1~esm1 Available with Ubuntu Pro libspring-instrument-java 4.3.30-2ubuntu0.24.04.1~esm1 Available with Ubuntu Pro libspring-jdbc-java 4.3.30-2ubuntu0.24.04.1~esm1 Available with Ubuntu Pro libspring-jms-java 4.3.30-2ubuntu0.24.04.1~esm1 Available with Ubuntu Pro libspring-messaging-java 4.3.30-2ubuntu0.24.04.1~esm1 Available with Ubuntu Pro libspring-orm-java 4.3.30-2ubuntu0.24.04.1~esm1 Available with Ubuntu Pro libspring-oxm-java 4.3.30-2ubuntu0.24.04.1~esm1 Available with Ubuntu Pro libspring-transaction-java 4.3.30-2ubuntu0.24.04.1~esm1 Available with Ubuntu Pro libspring-web-java 4.3.30-2ubuntu0.24.04.1~esm1 Available with Ubuntu Pro libspring-web-portlet-java 4.3.30-2ubuntu0.24.04.1~esm1 Available with Ubuntu Pro libspring-web-servlet-java 4.3.30-2ubuntu0.24.04.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS libspring-aop-java 4.3.30-1ubuntu0.1~esm1 Available with Ubuntu Pro libspring-beans-java 4.3.30-1ubuntu0.1~esm1 Available with Ubuntu Pro libspring-context-java 4.3.30-1ubuntu0.1~esm1 Available with Ubuntu Pro libspring-context-support-java 4.3.30-1ubuntu0.1~esm1 Available with Ubuntu Pro libspring-core-java 4.3.30-1ubuntu0.1~esm1 Available with Ubuntu Pro libspring-expression-java 4.3.30-1ubuntu0.1~esm1 Available with Ubuntu Pro libspring-instrument-java 4.3.30-1ubuntu0.1~esm1 Available with Ubuntu Pro libspring-jdbc-java 4.3.30-1ubuntu0.1~esm1 Available with Ubuntu Pro libspring-jms-java 4.3.30-1ubuntu0.1~esm1 Available with Ubuntu Pro libspring-messaging-java 4.3.30-1ubuntu0.1~esm1 Available with Ubuntu Pro libspring-orm-java 4.3.30-1ubuntu0.1~esm1 Available with Ubuntu Pro libspring-oxm-java 4.3.30-1ubuntu0.1~esm1 Available with Ubuntu Pro libspring-transaction-java 4.3.30-1ubuntu0.1~esm1 Available with Ubuntu Pro libspring-web-java 4.3.30-1ubuntu0.1~esm1 Available with Ubuntu Pro libspring-web-portlet-java 4.3.30-1ubuntu0.1~esm1 Available with Ubuntu Pro libspring-web-servlet-java 4.3.30-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS libspring-aop-java 4.3.22-4ubuntu0.1~esm1 Available with Ubuntu Pro libspring-beans-java 4.3.22-4ubuntu0.1~esm1 Available with Ubuntu Pro libspring-context-java 4.3.22-4ubuntu0.1~esm1 Available with Ubuntu Pro libspring-context-support-java 4.3.22-4ubuntu0.1~esm1 Available with Ubuntu Pro libspring-core-java 4.3.22-4ubuntu0.1~esm1 Available with Ubuntu Pro libspring-expression-java 4.3.22-4ubuntu0.1~esm1 Available with Ubuntu Pro libspring-instrument-java 4.3.22-4ubuntu0.1~esm1 Available with Ubuntu Pro libspring-jdbc-java 4.3.22-4ubuntu0.1~esm1 Available with Ubuntu Pro libspring-jms-java 4.3.22-4ubuntu0.1~esm1 Available with Ubuntu Pro libspring-messaging-java 4.3.22-4ubuntu0.1~esm1 Available with Ubuntu Pro libspring-orm-java 4.3.22-4ubuntu0.1~esm1 Available with Ubuntu Pro libspring-oxm-java 4.3.22-4ubuntu0.1~esm1 Available with Ubuntu Pro libspring-transaction-java 4.3.22-4ubuntu0.1~esm1 Available with Ubuntu Pro libspring-web-java 4.3.22-4ubuntu0.1~esm1 Available with Ubuntu Pro libspring-web-portlet-java 4.3.22-4ubuntu0.1~esm1 Available withUbuntu Pro libspring-web-servlet-java 4.3.22-4ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS libspring-aop-java 4.3.22-1~18.04.1~esm1 Available with Ubuntu Pro libspring-beans-java 4.3.22-1~18.04.1~esm1 Available with Ubuntu Pro libspring-context-java 4.3.22-1~18.04.1~esm1 Available with Ubuntu Pro libspring-context-support-java 4.3.22-1~18.04.1~esm1 Available with Ubuntu Pro libspring-core-java 4.3.22-1~18.04.1~esm1 Available with Ubuntu Pro libspring-expression-java 4.3.22-1~18.04.1~esm1 Available with Ubuntu Pro libspring-instrument-java 4.3.22-1~18.04.1~esm1 Available with Ubuntu Pro libspring-jdbc-java 4.3.22-1~18.04.1~esm1 Available with Ubuntu Pro libspring-jms-java 4.3.22-1~18.04.1~esm1 Available with Ubuntu Pro libspring-messaging-java 4.3.22-1~18.04.1~esm1 Available with Ubuntu Pro libspring-orm-java 4.3.22-1~18.04.1~esm1 Available with Ubuntu Pro libspring-oxm-java 4.3.22-1~18.04.1~esm1 Available with Ubuntu Pro libspring-transaction-java 4.3.22-1~18.04.1~esm1 Available with Ubuntu Pro libspring-web-java 4.3.22-1~18.04.1~esm1 Available with Ubuntu Pro libspring-web-portlet-java 4.3.22-1~18.04.1~esm1 Available with Ubuntu Pro libspring-web-servlet-java 4.3.22-1~18.04.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7165-1 CVE-2022-22965 Package Information: . Ubuntu Security Announcement USN-7166-2 brings attention to a potential libspring-java weakness found in multiple Ubuntu releases. Prompt update is crucial!. libspring-java, Ubuntu Security Notice, remote code execution, security updates, sensitive information exposure. . LinuxSecurity.com Team
os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files. (CVE-2016-6153) . MGASA-2023-0208 - Updated sqlite packages fix security vulnerability Publication date: 28 Jun 2023 URL: https://advisories.mageia.org/MGASA-2023-0208.html Type: security Affected Mageia releases: 8 CVE: CVE-2016-6153, CVE-2018-8740 os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files. (CVE-2016-6153) In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare (CVE-2018-8740) References: - https://bugs.mageia.org/show_bug.cgi?id=32018 - https://lists.debian.org/debian-lts-announce/2023/05/msg00022.html - https://www.cve.org/CVERecord?id=CVE-2016-6153 - https://www.cve.org/CVERecord?id=CVE-2018-8740 SRPMS: - 8/core/sqlite-2.8.17-26.1.mga8 . Recent updates to sqlite packages for Mageia address problems related to the management of temporary directories, mitigating risks of data exposure.. sqlite Security Update, Mageia Security Advisory, Local Information Exposure. . LinuxSecurity.com Team
A new container image for Red Hat Ceph Storage 6.1 is now available in the Red Hat Ecosystem Catalog. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Ceph Storage 6.1 Container security and bug fix update Advisory ID: RHSA-2023:3642-01 Product: Red Hat Ceph Storage Advisory URL: https://access.redhat.com/errata/RHSA-2023:3642 Issue date: 2023-06-15 CVE Names: CVE-2021-42581 CVE-2022-1650 CVE-2022-1705 CVE-2022-2880 CVE-2022-21680 CVE-2022-21681 CVE-2022-24675 CVE-2022-24785 CVE-2022-26148 CVE-2022-27664 CVE-2022-28131 CVE-2022-28327 CVE-2022-29526 CVE-2022-30629 CVE-2022-30630 CVE-2022-30631 CVE-2022-30632 CVE-2022-30633 CVE-2022-30635 CVE-2022-31097 CVE-2022-31107 CVE-2022-31123 CVE-2022-31130 CVE-2022-32148 CVE-2022-32189 CVE-2022-32190 CVE-2022-35957 CVE-2022-39201 CVE-2022-39229 CVE-2022-39306 CVE-2022-39307 CVE-2022-39324 CVE-2022-41715 CVE-2022-41912 ==================================================================== 1. Summary: A new container image for Red Hat Ceph Storage 6.1 is now available in the Red Hat Ecosystem Catalog. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system witha Ceph management platform, deployment utilities, and support services. This new container image is based on Red Hat Ceph Storage 6.1 and Red Hat Enterprise Linux 9. Security Fix(es): * crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements (CVE-2022-41912) * eventsource: Exposure of Sensitive Information (CVE-2022-1650) * grafana: stored XSS vulnerability (CVE-2022-31097) * grafana: OAuth account takeover (CVE-2022-31107) * ramda: prototype poisoning (CVE-2021-42581) * golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705) * golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880) * marked: regular expression block.def may lead Denial of Service (CVE-2022-21680) * marked: regular expression inline.reflinkSearch may lead Denial of Service (CVE-2022-21681) * golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675) * Moment.js: Path traversal in moment.locale (CVE-2022-24785) * grafana: An information leak issue was discovered in Grafana through 7.3.4, when integrated with Zabbix (CVE-2022-26148) * golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664) * golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131) * golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327) * golang: syscall: faccessat checks wrong group (CVE-2022-29526) * golang: io/fs: stack exhaustion in Glob (CVE-2022-30630) * golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631) * golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632) * golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633) * golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635) * grafana: plugin signature bypass (CVE-2022-31123) * grafana: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins (CVE-2022-31130) * golang: net/http/httputil:NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148) * golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190) * grafana: Escalation from admin to server admin when auth proxy is used (CVE-2022-35957) * grafana: Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins (CVE-2022-39201) * grafana: using email as a username can block other users from signing in (CVE-2022-39229) * grafana: email addresses and usernames cannot be trusted (CVE-2022-39306) * grafana: User enumeration via forget password (CVE-2022-39307) * grafana: Spoofing of the originalUrl parameter of snapshots (CVE-2022-39324) * golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715) * golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629) * golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Space precludes documenting all of these changes in this advisory. Usersare directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes: All users of Red Hat Ceph Storage are advised to pull these new images from the Red Hat Ecosystem catalog, which provides numerous enhancements and bug fixes. 3. Solution: For details on how to apply this update, see Upgrade a Red Hat Ceph Storage cluster using cephadm in the Red Hat Storage Ceph Upgrade Guide.(https://docs.redhat.com/en/documentation/red_hat_ceph_storage/9) 4. Bugs fixed (https://bugzilla.redhat.com/): 2066563 - CVE-2022-26148 grafana: An information leak issue was discovered in Grafana through 7.3.4, when integrated with Zabbix 2072009 - CVE-2022-24785 Moment.js: Path traversal inmoment.locale 2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode 2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar 2082705 - CVE-2022-21680 marked: regular expression block.def may lead Denial of Service 2082706 - CVE-2022-21681 marked: regular expression inline.reflinkSearch may lead Denial of Service 2083778 - CVE-2021-42581 ramda: prototype poisoning 2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group 2085307 - CVE-2022-1650 eventsource: Exposure of Sensitive Information 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2104365 - CVE-2022-31097 grafana: stored XSS vulnerability 2104367 - CVE-2022-31107 grafana: OAuth account takeover 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob 2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode 2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip 2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal 2113814 - CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service 2124668 - CVE-2022-32190 golang: net/url: JoinPath does not strip relative path components in all circumstances 2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY 2125514 - CVE-2022-35957 grafana: Escalation from admin to server admin when auth proxy is used 2131146 - CVE-2022-31130 grafana: data source and plugin proxy endpoints leaking authentication tokens to some destination plugins 2131147 - CVE-2022-31123 grafana:plugin signature bypass 2131148 - CVE-2022-39201 grafana: Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins 2131149 - CVE-2022-39229 grafana: using email as a username can block other users from signing in 2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps 2138014 - CVE-2022-39306 grafana: email addresses and usernames cannot be trusted 2138015 - CVE-2022-39307 grafana: User enumeration via forget password 2148252 - CVE-2022-39324 grafana: Spoofing of the originalUrl parameter of snapshots 2149181 - CVE-2022-41912 crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements 2168965 - [cee/sd][rook-ceph]cephfs-top utility is not available under rook-ceph-oprator/tools pod 2174461 - add dbus-daemon binary - required for NFS in ODF 4.13 2174462 - add ceph-exporter pkg to RHCS 6.1 image 2186142 - [RHCS 6.1] [Deployment] Cephadm bootstrap failing with default image. 5.References: https://access.redhat.com/security/cve/CVE-2021-42581 https://access.redhat.com/security/cve/CVE-2022-1650 https://access.redhat.com/security/cve/CVE-2022-1705 https://access.redhat.com/security/cve/CVE-2022-2880 https://access.redhat.com/security/cve/CVE-2022-21680 https://access.redhat.com/security/cve/CVE-2022-21681 https://access.redhat.com/security/cve/CVE-2022-24675 https://access.redhat.com/security/cve/CVE-2022-24785 https://access.redhat.com/security/cve/CVE-2022-26148 https://access.redhat.com/security/cve/CVE-2022-27664 https://access.redhat.com/security/cve/CVE-2022-28131 https://access.redhat.com/security/cve/CVE-2022-28327 https://access.redhat.com/security/cve/CVE-2022-29526 https://access.redhat.com/security/cve/CVE-2022-30629 https://access.redhat.com/security/cve/CVE-2022-30630 https://access.redhat.com/security/cve/CVE-2022-30631 https://access.redhat.com/security/cve/CVE-2022-30632 https://access.redhat.com/security/cve/CVE-2022-30633 https://access.redhat.com/security/cve/CVE-2022-30635 https://access.redhat.com/security/cve/CVE-2022-31097 https://access.redhat.com/security/cve/CVE-2022-31107 https://access.redhat.com/security/cve/CVE-2022-31123 https://access.redhat.com/security/cve/CVE-2022-31130 https://access.redhat.com/security/cve/CVE-2022-32148 https://access.redhat.com/security/cve/CVE-2022-32189 https://access.redhat.com/security/cve/CVE-2022-32190 https://access.redhat.com/security/cve/CVE-2022-35957 https://access.redhat.com/security/cve/CVE-2022-39201 https://access.redhat.com/security/cve/CVE-2022-39229 https://access.redhat.com/security/cve/CVE-2022-39306 https://access.redhat.com/security/cve/CVE-2022-39307 https://access.redhat.com/security/cve/CVE-2022-39324 https://access.redhat.com/security/cve/CVE-2022-41715 https://access.redhat.com/security/cve/CVE-2022-41912 https://access.redhat.com/security/updates/classification#important 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZItdBNzjgjWX9erEAQiyZRAAmhxyXh2kCdMDgFSpVxuovk1ZU2IgC+f9 pl9fvoynyr8YD0AqysHrvrEt+l5djJ4BPwslreRYB/b46WAy34/80Tm2C9jmAeMV BuEYd6iAzjIQB+DgN3CPsuhXs5FIFAfntzJ0/z4RyA9dDwDDGjwsKyc79aCMOStf FQZLZ4Muz9i9zUDNDHcwBhDo2CsYxEU80i6ANA65aGqmZ/31XhU7mWU0r/k6vTH6 gwOpRfKp+UqSLUfmpuQ7jlMpJC5UGyIgenksBs/b+e2CQCgVaBnGj466XlfnUllr O6L5yb/xAdSgcrgg07Df8dutunO1lbMRavAgF1P2lQeZ1QVdS0NnB4fUG0C2c0NC 1cgqb20358d21rJkskb+DXtu8cV2hWrGUBZonAO2dy1wI1BjSqEDAeeMH89E/q3j gjg/zvmuoc22++ZmyNjgvLc5iAcBxhNw8TibkIBW3HYHqXAiVJ2hkO7So6QYpRpv PbxKcdTGBHw08vvS2zuEEqwYVOe0c5eMxIyQuZoC6KY8ACVXK/75kRj/WPaG4QEs KbhJhfmN6uFq2DmRlTGaUbWQSQoXnu7VDVanluvWCklKtc/aNL7/mnsy73l/l/I3 lZCM8EOH09za1ehL6xpjcTntBQHjba1gnmO8nmg0ZwxEYbvsmF8ruAOHqroQiZbo Bj8F2NJYnjY=lgpj -----END PGP SIGNATURE----- -- RHSA-announce mailing list
An update for git is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: git security and bug fix update Advisory ID: RHSA-2023:2859-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2859 Issue date: 2023-05-16 CVE Names: CVE-2022-24765 CVE-2022-29187 CVE-2022-39253 CVE-2022-39260 ==================================================================== 1. Summary: An update for git is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es): * git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree (CVE-2022-24765) * git: Bypass of safe.directory protections (CVE-2022-29187) *git: exposure of sensitive information to a malicious actor (CVE-2022-39253) * git: git shell function that splits command arguments can lead to arbitrary heap writes. (CVE-2022-39260) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2073414 - CVE-2022-24765 git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree 2107439 - CVE-2022-29187 git: Bypass of safe.directory protections 2137422 - CVE-2022-39253 git: exposure of sensitive information to a malicious actor 2137423 - CVE-2022-39260 git: git shell function that splits command arguments can lead to arbitrary heap writes. 2139378 - Rebase git to 2.39 version [rhel-8.8] 6. Package List: Red Hat Enterprise Linux AppStream (v.8): Source: git-2.39.1-1.el8.src.rpm aarch64: git-2.39.1-1.el8.aarch64.rpm git-core-2.39.1-1.el8.aarch64.rpm git-core-debuginfo-2.39.1-1.el8.aarch64.rpm git-credential-libsecret-2.39.1-1.el8.aarch64.rpm git-credential-libsecret-debuginfo-2.39.1-1.el8.aarch64.rpm git-daemon-2.39.1-1.el8.aarch64.rpm git-daemon-debuginfo-2.39.1-1.el8.aarch64.rpm git-debuginfo-2.39.1-1.el8.aarch64.rpm git-debugsource-2.39.1-1.el8.aarch64.rpm git-subtree-2.39.1-1.el8.aarch64.rpm noarch: git-all-2.39.1-1.el8.noarch.rpm git-core-doc-2.39.1-1.el8.noarch.rpm git-email-2.39.1-1.el8.noarch.rpm git-gui-2.39.1-1.el8.noarch.rpm git-instaweb-2.39.1-1.el8.noarch.rpm git-svn-2.39.1-1.el8.noarch.rpm gitk-2.39.1-1.el8.noarch.rpm gitweb-2.39.1-1.el8.noarch.rpm perl-Git-2.39.1-1.el8.noarch.rpm perl-Git-SVN-2.39.1-1.el8.noarch.rpm ppc64le: git-2.39.1-1.el8.ppc64le.rpm git-core-2.39.1-1.el8.ppc64le.rpm git-core-debuginfo-2.39.1-1.el8.ppc64le.rpm git-credential-libsecret-2.39.1-1.el8.ppc64le.rpm git-credential-libsecret-debuginfo-2.39.1-1.el8.ppc64le.rpm git-daemon-2.39.1-1.el8.ppc64le.rpm git-daemon-debuginfo-2.39.1-1.el8.ppc64le.rpm git-debuginfo-2.39.1-1.el8.ppc64le.rpm git-debugsource-2.39.1-1.el8.ppc64le.rpm git-subtree-2.39.1-1.el8.ppc64le.rpm s390x: git-2.39.1-1.el8.s390x.rpm git-core-2.39.1-1.el8.s390x.rpm git-core-debuginfo-2.39.1-1.el8.s390x.rpm git-credential-libsecret-2.39.1-1.el8.s390x.rpm git-credential-libsecret-debuginfo-2.39.1-1.el8.s390x.rpm git-daemon-2.39.1-1.el8.s390x.rpm git-daemon-debuginfo-2.39.1-1.el8.s390x.rpm git-debuginfo-2.39.1-1.el8.s390x.rpm git-debugsource-2.39.1-1.el8.s390x.rpm git-subtree-2.39.1-1.el8.s390x.rpm x86_64: git-2.39.1-1.el8.x86_64.rpm git-core-2.39.1-1.el8.x86_64.rpm git-core-debuginfo-2.39.1-1.el8.x86_64.rpm git-credential-libsecret-2.39.1-1.el8.x86_64.rpm git-credential-libsecret-debuginfo-2.39.1-1.el8.x86_64.rpm git-daemon-2.39.1-1.el8.x86_64.rpm git-daemon-debuginfo-2.39.1-1.el8.x86_64.rpm git-debuginfo-2.39.1-1.el8.x86_64.rpm git-debugsource-2.39.1-1.el8.x86_64.rpm git-subtree-2.39.1-1.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-24765 https://access.redhat.com/security/cve/CVE-2022-29187 https://access.redhat.com/security/cve/CVE-2022-39253 https://access.redhat.com/security/cve/CVE-2022-39260 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZGNwYNzjgjWX9erEAQjtOg/7B3yj4iBkSeM+y7MatCWlSr6fTLLtBCu/ +PbJT3MHc0j/E/ea3kzoSDHSW8tJ2UZGPFZWJqsHvOYe9lPaDiKcDHs+zvWkBgMc 54Jf4E0t09bAY9OCSVBNRWWfy3lH5pHCMB8Gs/1vGf/9xIiW+V+xCMxzLJiKeQZ+ dxKtA6CvrKOONsKc5zaBol3SP3afJAFwfGd0BZSeL5pmeQhV6DcfvNZRqUIlO/aD +nO8oPgFytf4zqFbEa808qWU2UGbo8DhWvxWBGPEjKJA9YC7KVKQKJep4I9UiwMQ upCi3P/azExIqHx8+H0oIh06+HYVMGin8hTzaunuHmJ9jt2hfla69MzM1qK+xw2H NFJhC/S5i5OdbUNATCVntGIzklfu49mZN21iYO7Op2RHSW8Agg8O1IexhFRWQ5VL Y8ZfiPWBiI6126bxt04nEjLNLMvi0P7jTXxSGPPsRDOPOWncTgu4s/mYQ/z4RLp9 gfXo41lwu0Y016aD9ad7sMjHLOkDWDfzUitmFvO/0rObkE1SN0IM31aCt5SEXYhl QhFtOHGRxIHZjTiHLUYj6nKeIXtk0XeSZYklnxfcqPA6+XahtH7b/aO9OyFGqBah VQqX+t+Z6zvuM1c+CVp8EwcxtHPrrj8FOGKhXIxppbwskLWcdOxRh/QPlbmxigvY LTKSL3ahkzo=TI8Z -----END PGP SIGNATURE----- -- RHSA-announce mailing list
libXdmcp could be made to expose sensitive information.. =========================================================================Ubuntu Security Notice USN-5690-1 October 19, 2022 libxdmcp vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: libXdmcp could be made to expose sensitive information. Software Description: - libxdmcp: X11 authorisation library (development headers) Details: It was discovered that libXdmcp was generating weak session keys. A local attacker could possibly use this issue to perform a brute force attack and obtain another user's key. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: libxdmcp6 1:1.1.2-1.1ubuntu0.1~esm1 Ubuntu 14.04 ESM: libxdmcp6 1:1.1.1-1ubuntu0.1~esm1 In general, a standard system update will make all the necessary changes. References: CVE-2017-2625 . The Ubuntu Security Advisory USN-5690-1 highlights a vulnerability in libXdmcp that could potentially leak confidential information. It is advised to apply the necessary updates.. libXdmcp,Sensitive Information,Local Attack,Ubuntu Security Notice. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.