Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
100
security advisorysecurity issueimportantSUSE: 2025:01848-1 important: go1.23 critical sensitivity exposure
* bsc#1229122 * bsc#1244156 * bsc#1244157 Cross-References: . # Security update for go1.23 Announcement ID: SUSE-SU-2025:01848-1 Release Date: 2025-06-09T18:35:51Z Rating: important References: * bsc#1229122 * bsc#1244156 * bsc#1244157 Cross-References: * CVE-2025-0913 * CVE-2025-4673 CVSS scores: * CVE-2025-0913 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-0913 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2025-4673 ( SUSE ): 8.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N * CVE-2025-4673 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N Affected Products: * Development Tools Module 15-SP6 * Development Tools Module 15-SP7 * openSUSE Leap 15.6 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE LinuxEnterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for go1.23 fixes the following issues: go1.23.10 (released 2025-06-05) includes security fixes to the /http and os packages, as well as bug fixes to the linker. (bsc#1229122 go1.23 release tracking CVE-2025-0913 CVE-2025-4673) * CVE-2025-0913: os: inconsistent handling of O_CREATE|O_EXCL on Unix and Windows (bsc#1244157) * CVE-2025-4673: net/http: sensitive headers not cleared on cross-origin redirect (bsc#1244156) * runtime/debug: BuildSetting does not document DefaultGODEBUG * cmd/link: Go 1.24.3 and 1.23.9 regression - duplicated definition of symbol dlopen ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-1848=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-1848=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2025-1848=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1848=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1848=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1848=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1848=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1848=1 * SUSE LinuxEnterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1848=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1848=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1848=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1848=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1848=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1848=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-1848=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * go1.23-race-1.23.10-150000.1.34.1 * go1.23-doc-1.23.10-150000.1.34.1 * go1.23-1.23.10-150000.1.34.1 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * go1.23-race-1.23.10-150000.1.34.1 * go1.23-doc-1.23.10-150000.1.34.1 * go1.23-1.23.10-150000.1.34.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * go1.23-race-1.23.10-150000.1.34.1 * go1.23-doc-1.23.10-150000.1.34.1 * go1.23-1.23.10-150000.1.34.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * go1.23-race-1.23.10-150000.1.34.1 * go1.23-doc-1.23.10-150000.1.34.1 * go1.23-1.23.10-150000.1.34.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * go1.23-race-1.23.10-150000.1.34.1 * go1.23-doc-1.23.10-150000.1.34.1 * go1.23-1.23.10-150000.1.34.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * go1.23-race-1.23.10-150000.1.34.1 * go1.23-doc-1.23.10-150000.1.34.1 * go1.23-1.23.10-150000.1.34.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * go1.23-race-1.23.10-150000.1.34.1 * go1.23-doc-1.23.10-150000.1.34.1 * go1.23-1.23.10-150000.1.34.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * go1.23-race-1.23.10-150000.1.34.1 * go1.23-doc-1.23.10-150000.1.34.1 * go1.23-1.23.10-150000.1.34.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * go1.23-race-1.23.10-150000.1.34.1 * go1.23-doc-1.23.10-150000.1.34.1 * go1.23-1.23.10-150000.1.34.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * go1.23-race-1.23.10-150000.1.34.1 * go1.23-doc-1.23.10-150000.1.34.1 * go1.23-1.23.10-150000.1.34.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * go1.23-race-1.23.10-150000.1.34.1 * go1.23-doc-1.23.10-150000.1.34.1 * go1.23-1.23.10-150000.1.34.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * go1.23-race-1.23.10-150000.1.34.1 * go1.23-doc-1.23.10-150000.1.34.1 * go1.23-1.23.10-150000.1.34.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * go1.23-race-1.23.10-150000.1.34.1 * go1.23-doc-1.23.10-150000.1.34.1 * go1.23-1.23.10-150000.1.34.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * go1.23-race-1.23.10-150000.1.34.1 * go1.23-doc-1.23.10-150000.1.34.1 * go1.23-1.23.10-150000.1.34.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * go1.23-race-1.23.10-150000.1.34.1 * go1.23-doc-1.23.10-150000.1.34.1 * go1.23-1.23.10-150000.1.34.1 ## References: * https://www.suse.com/security/cve/CVE-2025-0913.html * https://www.suse.com/security/cve/CVE-2025-4673.html * https://bugzilla.suse.com/show_bug.cgi?id=1229122 * https://bugzilla.suse.com/show_bug.cgi?id=1244156 * https://bugzilla.suse.com/show_bug.cgi?id=1244157 . Discover the SUSE Go1.23 Update, enhancing security and performance while addressing critical vulnerabilities. Updatenow for a safer, more efficient experience. SUSE Security, go1.23 Update, System Vulnerability Fixes, Cross-Origin Issues. . Severity: Important. LinuxSecurity.com Team
Jun 09, 2025
•Important
SuSE
172
security advisorydenial of serviceUbuntuUbuntu 25.04/24.10: USN-7531-1 critical: openjdk-21-crac security issues
Several security issues were fixed in CRaC JDK 21.. ========================================================================== Ubuntu Security Notice USN-7531-1 May 26, 2025 openjdk-21-crac vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.10 Summary: Several security issues were fixed in CRaC JDK 21. Software Description: - openjdk-21-crac: Open Source Java implementation with Coordinated Restore at Checkpoints Details: Alicja Kario discovered that the JSSE component of CRaC JDK 21 incorrectly handled RSA padding. An Attacker could possibly use this issue to obtain sensitive information. (CVE-2025-21587) It was discovered that the Compiler component of CRaC JDK 21 incorrectly handled compiler transformations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30691) It was discovered that the 2D component of CRaC JDK 21 did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30698) In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://openjdk.org/groups/vulnerability/advisories/2025-04-15 Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 openjdk-21-crac-jdk 21.0.7+6.1-0ubuntu1~25.04 openjdk-21-crac-jdk-headless 21.0.7+6.1-0ubuntu1~25.04 openjdk-21-crac-jre 21.0.7+6.1-0ubuntu1~25.04 openjdk-21-crac-jre-headless 21.0.7+6.1-0ubuntu1~25.04 openjdk-21-crac-jre-zero 21.0.7+6.1-0ubuntu1~25.04 Ubuntu 24.10 openjdk-21-crac-jdk 21.0.7+6.1-0ubuntu1~24.10 openjdk-21-crac-jdk-headless 21.0.7+6.1-0ubuntu1~24.10 openjdk-21-crac-jre 21.0.7+6.1-0ubuntu1~24.10 openjdk-21-crac-jre-headless 21.0.7+6.1-0ubuntu1~24.10 openjdk-21-crac-jre-zero 21.0.7+6.1-0ubuntu1~24.10 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart Java applications to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7531-1 CVE-2025-21587, CVE-2025-30691, CVE-2025-30698 Package Information: https://launchpad.net/ubuntu/+source/openjdk-21-crac/21.0.7+6.1-0ubuntu1~25.04 https://launchpad.net/ubuntu/+source/openjdk-21-crac/21.0.7+6.1-0ubuntu1~24.10 . Critical vulnerabilities in openjdk-21-crac addressed, crucial for Ubuntu users on versions 25.04 and 24.10. Prompt update advised for protection!. openjdk security, Ubuntu Java vulnerabilities, Java update instructions. . Severity: Critical. LinuxSecurity.com Team
May 26, 2025
•Critical
Ubuntu
100
security advisorymoderateSUSE Linux EnterpriseSUSE: 2019:3393-1 Moderate: Python Azure Agent Sensitive Exposure
An update that solves one vulnerability and has one errata is now available. . SUSE Security Update: Security update for python-azure-agent ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:3393-1 Rating: moderate References: #1127838 #1159639 Cross-References: CVE-2019-0804 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for python-azure-agent fixes the following issues: Update to version 2.2.45 (jsc#ECO-80 bsc#1159639) + Add support for Gen2 VM resource disks + Use alternate systemd detection + Fix /proc/net/route requirement that causes errors on FreeBSD + Add cloud-init auto-detect to prevent multiple provisioning mechanisms from relying on configuration for coordination + Disable cgroups when daemon is setup incorrectly + Remove upgrade extension loop for the same goal state + Add container id for extension telemetry events + Be more exact when detecting IMDS service health + Changing add_event to start sending missing fields Update to version 2.2.44: + Remove outdated extension ZIP packages + Improved error handling when starting extensions using systemd + Reduce provisioning time of some custom images + Improve the handling of extension download errors + New API for extension authors to handle errors during extension update + Fix handling of errors in calls to openssl + Improve logic to determine current distro + Reduce verbosity of several logging statements Update to version 2.2.42: + Poll for artifact blob, addresses goal state procesing issue Update to version 2.2.41: + Rewriting the mechanism to start theextension using systemd-run for systems using systemd for managing + Refactoring of resource monitoring framework using cgroup for both systemd and non-systemd approaches [#1530, #1534] + Telemetry pipeline for resource monitoring data Update to version 2.2.40: + Fixed tracking of memory/cpu usage + Do not prevent extensions from running if setting up cgroups fails + Enable systemd-aware deprovisioning on all versions > = 18.04 + Add systemd support for Debian Jessie, Stretch, and Buster + Support for Linux Openwrt Update to version 2.2.38: + CVE-2019-0804: WALinuxAgent could be made to expose sensitive information. (bsc#1127838) + Add fixes for handling swap file and other nit fixes Update to version 2.2.37: + Improves re-try logic to handle errors while downloading extensions Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2019-3393=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-3393=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): python-azure-agent-2.2.45-7.9.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (noarch): python-azure-agent-test-2.2.45-7.9.1 References: https://www.suse.com/security/cve/CVE-2019-0804.html https://bugzilla.suse.com/1127838 https://bugzilla.suse.com/1159639 _______________________________________________ sle-security-updates mailing list
Dec 30, 2019
SuSE
172
security advisoryUbuntuman-in-the-middleUbuntu 12.04 LTS: USN-2127-1 Critical: GnuTLS Man-In-The-Middle Risk
Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet.. =========================================================================Ubuntu Security Notice USN-2127-1 March 04, 2014 gnutls26 vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.10 - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet. Software Description: - gnutls26: GNU TLS library Details: Nikos Mavrogiannopoulos discovered that GnuTLS incorrectly handled certificate verification functions. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited with specially crafted certificates to view sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.10: libgnutls26 2.12.23-1ubuntu4.2 Ubuntu 12.10: libgnutls26 2.12.14-5ubuntu4.6 Ubuntu 12.04 LTS: libgnutls26 2.12.14-5ubuntu3.7 Ubuntu 10.04 LTS: libgnutls26 2.8.5-2ubuntu0.5 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-2127-1 CVE-2014-0092 Package Information: https://launchpad.net/ubuntu/+source/gnutls26/2.12.23-1ubuntu4.2 https://launchpad.net/ubuntu/+source/gnutls26/2.12.14-5ubuntu4.6 https://launchpad.net/ubuntu/+source/gnutls26/2.12.14-5ubuntu3.7 https://launchpad.net/ubuntu/+source/gnutls26/2.8.5-2ubuntu0.5 . Ubuntu Security Update USN-2130-1 deals with a critical OpenSSL vulnerability that could lead to unauthorized access to confidential information via compromised keys.. GnuTLS Vulnerability, Ubuntu Security Update, CertificateExploitation. . Severity: Critical. LinuxSecurity.com Team
Mar 04, 2014
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!