Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 1 articles for you...
202
security advisorymoderateserver applicationopenSUSE: curl Moderate Path Traversal CVE-2025-11563 Advisory 2025:4309-1
An update that solves one vulnerability can now be installed.. # Security update for curl Announcement ID: SUSE-SU-2025:4309-1 Release Date: 2025-11-28T15:40:08Z Rating: moderate References: * bsc#1253757 Cross-References: * CVE-2025-11563 CVSS scores: * CVE-2025-11563 ( SUSE ): 4.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-11563 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves one vulnerability can now be installed. ## Description: This update for curl fixes the following issues: * CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-4309=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-4309=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-4309=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-4309=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-4309=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2025-4309=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libcurl-devel-8.14.1-150400.5.72.1 * curl-debuginfo-8.14.1-150400.5.72.1 * curl-mini-debugsource-8.14.1-150400.5.72.1 * curl-8.14.1-150400.5.72.1 * libcurl4-debuginfo-8.14.1-150400.5.72.1 * libcurl-mini4-8.14.1-150400.5.72.1 *curl-debugsource-8.14.1-150400.5.72.1 * libcurl-mini4-debuginfo-8.14.1-150400.5.72.1 * libcurl4-8.14.1-150400.5.72.1 * openSUSE Leap 15.4 (noarch) * curl-zsh-completion-8.14.1-150400.5.72.1 * libcurl-devel-doc-8.14.1-150400.5.72.1 * curl-fish-completion-8.14.1-150400.5.72.1 * openSUSE Leap 15.4 (x86_64) * libcurl4-32bit-debuginfo-8.14.1-150400.5.72.1 * libcurl4-32bit-8.14.1-150400.5.72.1 * libcurl-devel-32bit-8.14.1-150400.5.72.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libcurl4-64bit-debuginfo-8.14.1-150400.5.72.1 * libcurl4-64bit-8.14.1-150400.5.72.1 * libcurl-devel-64bit-8.14.1-150400.5.72.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * curl-debuginfo-8.14.1-150400.5.72.1 * libcurl4-debuginfo-8.14.1-150400.5.72.1 * curl-8.14.1-150400.5.72.1 * curl-debugsource-8.14.1-150400.5.72.1 * libcurl4-8.14.1-150400.5.72.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * curl-debuginfo-8.14.1-150400.5.72.1 * libcurl4-debuginfo-8.14.1-150400.5.72.1 * curl-8.14.1-150400.5.72.1 * curl-debugsource-8.14.1-150400.5.72.1 * libcurl4-8.14.1-150400.5.72.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * curl-debuginfo-8.14.1-150400.5.72.1 * libcurl4-debuginfo-8.14.1-150400.5.72.1 * curl-8.14.1-150400.5.72.1 * curl-debugsource-8.14.1-150400.5.72.1 * libcurl4-8.14.1-150400.5.72.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * curl-debuginfo-8.14.1-150400.5.72.1 * libcurl4-debuginfo-8.14.1-150400.5.72.1 * curl-8.14.1-150400.5.72.1 * curl-debugsource-8.14.1-150400.5.72.1 * libcurl4-8.14.1-150400.5.72.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * curl-debuginfo-8.14.1-150400.5.72.1 * libcurl4-debuginfo-8.14.1-150400.5.72.1 * curl-8.14.1-150400.5.72.1 * curl-debugsource-8.14.1-150400.5.72.1 * libcurl4-8.14.1-150400.5.72.1 ## References: *https://www.suse.com/security/cve/CVE-2025-11563.html * https://bugzilla.suse.com/show_bug.cgi?id=1253757 . This advisory addresses a moderate security risk in curl related to path traversal, requiring action for several SUSE versions.. curl update, SUSE security fix, path traversal vulnerability. . LinuxSecurity.com Team
Nov 28, 2025
OpenSUSE
100
security advisorymoderateXSSSUSE Linux Server 15 SP7: 2025:01548-1 moderate: rabbitmq-server313 XSS
* bsc#1231656 * bsc#1234763 * bsc#1240071 Cross-References: . # Security update for rabbitmq-server313 Announcement ID: SUSE-SU-2025:01548-1 Release Date: 2025-06-11T12:47:31Z Rating: moderate References: * bsc#1231656 * bsc#1234763 * bsc#1240071 Cross-References: * CVE-2025-30219 CVSS scores: * CVE-2025-30219 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-30219 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:L * CVE-2025-30219 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:L Affected Products: * Server Applications Module 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability and has two security fixes can now be installed. ## Description: This update for rabbitmq-server313 fixes the following issues: * CVE-2025-30219: incorrectly escaped virtual hostname present in error message could lead to XSS attack. (bsc#1240071) Non-security fixes: * Require rabbitmq-server313-plugins rather then rabbitmq-server-plugins. (bsc#1231656, bsc#1234763) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2025-1548=1 ## Package List: * Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * rabbitmq-server313-3.13.1-150600.13.8.1 * rabbitmq-server313-plugins-3.13.1-150600.13.8.1 * erlang-rabbitmq-client313-3.13.1-150600.13.8.1 * Server Applications Module 15-SP7 (noarch) * rabbitmq-server313-bash-completion-3.13.1-150600.13.8.1 * rabbitmq-server313-zsh-completion-3.13.1-150600.13.8.1 ## References: * https://www.suse.com/security/cve/CVE-2025-30219.html *https://bugzilla.suse.com/show_bug.cgi?id=1231656 * https://bugzilla.suse.com/show_bug.cgi?id=1234763 * https://bugzilla.suse.com/show_bug.cgi?id=1240071 . The latest patch for rabbitmq-server313 mitigates an XSS vulnerability in SUSE Linux, categorized as moderate severity.. distributed server updates,rabbitmq security,SUSE patches,XSS vulnerabilities,server application fixes. . LinuxSecurity.com Team
Jun 11, 2025
SuSE
100
security advisoryupdateimportantSUSE 15-SP4/15-SP5: 2023:4430-1 Important: Apache2 Out Of Bounds Read
* bsc#1207399 * bsc#1214357 * bsc#1216424 Cross-References: . # Security update for apache2 Announcement ID: SUSE-SU-2023:4430-1 Rating: important References: * bsc#1207399 * bsc#1214357 * bsc#1216424 Cross-References: * CVE-2023-31122 CVSS scores: * CVE-2023-31122 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31122 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability and has two security fixes can now be installed. ## Description: This update for apache2 fixes the following issues: * CVE-2023-31122: Fixed an out of bounds read in mod_macro (bsc#1216424). Non-security fixes: * Fixed the content type handling in mod_proxy_http2 (bsc#1214357). * Fixed a floating point exception crash (bsc#1207399). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patchSUSE-2023-4430=1 openSUSE-SLE-15.4-2023-4430=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4430=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4430=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4430=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4430=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4430=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4430=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4430=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * apache2-worker-2.4.51-150400.6.14.1 * apache2-debugsource-2.4.51-150400.6.14.1 * apache2-event-2.4.51-150400.6.14.1 * apache2-prefork-debuginfo-2.4.51-150400.6.14.1 * apache2-2.4.51-150400.6.14.1 * apache2-example-pages-2.4.51-150400.6.14.1 * apache2-utils-2.4.51-150400.6.14.1 * apache2-prefork-2.4.51-150400.6.14.1 * apache2-utils-debuginfo-2.4.51-150400.6.14.1 * apache2-worker-debuginfo-2.4.51-150400.6.14.1 * apache2-event-debuginfo-2.4.51-150400.6.14.1 * apache2-debuginfo-2.4.51-150400.6.14.1 * apache2-devel-2.4.51-150400.6.14.1 * openSUSE Leap 15.4 (noarch) * apache2-doc-2.4.51-150400.6.14.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * apache2-worker-2.4.51-150400.6.14.1 * apache2-debugsource-2.4.51-150400.6.14.1 * apache2-event-2.4.51-150400.6.14.1 * apache2-prefork-debuginfo-2.4.51-150400.6.14.1 * apache2-2.4.51-150400.6.14.1 * apache2-example-pages-2.4.51-150400.6.14.1 * apache2-utils-2.4.51-150400.6.14.1 * apache2-prefork-2.4.51-150400.6.14.1 * apache2-utils-debuginfo-2.4.51-150400.6.14.1 * apache2-worker-debuginfo-2.4.51-150400.6.14.1 * apache2-event-debuginfo-2.4.51-150400.6.14.1 * apache2-debuginfo-2.4.51-150400.6.14.1 * apache2-devel-2.4.51-150400.6.14.1 * openSUSE Leap 15.5 (noarch) * apache2-doc-2.4.51-150400.6.14.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * apache2-debugsource-2.4.51-150400.6.14.1 * apache2-prefork-debuginfo-2.4.51-150400.6.14.1 * apache2-2.4.51-150400.6.14.1 * apache2-utils-2.4.51-150400.6.14.1 * apache2-prefork-2.4.51-150400.6.14.1 * apache2-utils-debuginfo-2.4.51-150400.6.14.1 * apache2-debuginfo-2.4.51-150400.6.14.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * apache2-debugsource-2.4.51-150400.6.14.1 * apache2-prefork-debuginfo-2.4.51-150400.6.14.1 * apache2-2.4.51-150400.6.14.1 * apache2-utils-2.4.51-150400.6.14.1 * apache2-prefork-2.4.51-150400.6.14.1 * apache2-utils-debuginfo-2.4.51-150400.6.14.1 * apache2-debuginfo-2.4.51-150400.6.14.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * apache2-event-2.4.51-150400.6.14.1 * apache2-debuginfo-2.4.51-150400.6.14.1 * apache2-debugsource-2.4.51-150400.6.14.1 * apache2-event-debuginfo-2.4.51-150400.6.14.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * apache2-event-2.4.51-150400.6.14.1 * apache2-debuginfo-2.4.51-150400.6.14.1 * apache2-debugsource-2.4.51-150400.6.14.1 * apache2-event-debuginfo-2.4.51-150400.6.14.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * apache2-worker-2.4.51-150400.6.14.1 * apache2-debugsource-2.4.51-150400.6.14.1 * apache2-worker-debuginfo-2.4.51-150400.6.14.1 * apache2-debuginfo-2.4.51-150400.6.14.1 * apache2-devel-2.4.51-150400.6.14.1 * Server Applications Module 15-SP4 (noarch) * apache2-doc-2.4.51-150400.6.14.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * apache2-worker-2.4.51-150400.6.14.1 * apache2-debugsource-2.4.51-150400.6.14.1 * apache2-worker-debuginfo-2.4.51-150400.6.14.1 *apache2-debuginfo-2.4.51-150400.6.14.1 * apache2-devel-2.4.51-150400.6.14.1 * Server Applications Module 15-SP5 (noarch) * apache2-doc-2.4.51-150400.6.14.1 ## References: * https://www.suse.com/security/cve/CVE-2023-31122.html * https://bugzilla.suse.com/show_bug.cgi?id=1207399 * https://bugzilla.suse.com/show_bug.cgi?id=1214357 * https://bugzilla.suse.com/show_bug.cgi?id=1216424 . Vital security patch for apache2 remedying significant vulnerabilities alongside comprehensive setup guidelines.. apache2 Security Fix, SUSE Update, Important Apache2 Patch, Server Module Update. . Severity: Important. LinuxSecurity.com Team
Nov 13, 2023
•Important
SuSE
100
security advisorysoftware updatemoderate severitySUSE: 2021:2801-1 Moderate: 389-ds Crypt Handling Issue
An update that solves one vulnerability and has one errata is now available. . SUSE Security Update: Security update for 389-ds ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2801-1 Rating: moderate References: #1188151 #1188455 Cross-References: CVE-2021-3652 CVSS scores: CVE-2021-3652 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for 389-ds fixes the following issues: - Update to 1.4.4.16 - CVE-2021-3652: Fixed crypt handling of locked accounts. (bsc#1188455) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-2801=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): 389-ds-1.4.4.16~git16.c1926dfc6-3.4.1 389-ds-debuginfo-1.4.4.16~git16.c1926dfc6-3.4.1 389-ds-debugsource-1.4.4.16~git16.c1926dfc6-3.4.1 389-ds-devel-1.4.4.16~git16.c1926dfc6-3.4.1 lib389-1.4.4.16~git16.c1926dfc6-3.4.1 libsvrcore0-1.4.4.16~git16.c1926dfc6-3.4.1 libsvrcore0-debuginfo-1.4.4.16~git16.c1926dfc6-3.4.1 References: https://www.suse.com/security/cve/CVE-2021-3652.html https://bugzilla.suse.com/1188151 https://bugzilla.suse.com/1188455 . SUSE has issued a security update for 389-ds, addressing a cryptographic vulnerability classified as having moderate severity. It is advised to perform the updatepromptly!. SUSE Linux Update, 389-ds Security, Server Application Patch. . LinuxSecurity.com Team
Aug 20, 2021
SuSE
100
security advisorysecurity fixlow severitySUSE: 2021:1597-1 Low Severity: Ibutils Security Patch for Servers
An update that contains security fixes can now be installed. . SUSE Security Update: Security update for ibutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1597-1 Rating: low References: #1184123 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for ibutils fixes the following issues: - Hardening: Link ibis executable with -pie (bsc#1184123). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2021-1597=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-1597=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): ibutils-1.5.7.0.2-10.3.1 ibutils-debuginfo-1.5.7.0.2-10.3.1 ibutils-debugsource-1.5.7.0.2-10.3.1 ibutils-devel-1.5.7.0.2-10.3.1 ibutils-ui-1.5.7.0.2-10.3.1 libibdm1-1.5.7.0.2-10.3.1 libibdm1-debuginfo-1.5.7.0.2-10.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): ibutils-1.5.7.0.2-10.3.1 ibutils-debuginfo-1.5.7.0.2-10.3.1 ibutils-debugsource-1.5.7.0.2-10.3.1 ibutils-devel-1.5.7.0.2-10.3.1 ibutils-ui-1.5.7.0.2-10.3.1 libibdm1-1.5.7.0.2-10.3.1 libibdm1-debuginfo-1.5.7.0.2-10.3.1 References: https://bugzilla.suse.com/1184123 . SUSE Protection Patch for ibutils addresses concerns with minimal impact. Acquire setup guidelines for your server programs.. SUSE Linux, Ibutils, Security Fix, Server Application, Update. . Severity: Low. LinuxSecurity.com Team
May 13, 2021
•Low
SuSE
100
security advisorysecurity issuecriticalSUSE: 2021:4420-1 Critical Patch for Salt Vulnerability Released Today
An update that solves three vulnerabilities and has 7 fixes is now available. . SUSE Security Update: Security update for salt ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3243-1 Rating: critical References: #1159670 #1175987 #1176024 #1176294 #1176397 #1177867 #1178319 #1178361 #1178362 #1178485 Cross-References: CVE-2020-16846 CVE-2020-17490 CVE-2020-25592 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Python2 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that solves three vulnerabilities and has 7 fixes is now available. Description: This update for salt fixes the following issues: - Avoid regression on "salt-master": set passphrase for salt-ssh keys to empty string (bsc#1178485) - Properly validate eauth credentials and tokens on SSH calls made by Salt API (bsc#1178319, bsc#1178362, bsc#1178361, CVE-2020-25592, CVE-2020-17490, CVE-2020-16846) - Fix disk.blkid to avoid unexpected keyword argument '__pub_user'. (bsc#1177867) - Ensure virt.update stop_on_reboot is updated with its default value. - Do not break package building for systemd OSes. - Drop wrong mock from chroot unit test. - Support systemd versions with dot. (bsc#1176294) - Fix for grains.test_core unit test. - Fix file/directory user and group ownership containing UTF-8 characters. (bsc#1176024) - Several changes to virtualization: * Fix virt update when cpu and memory are changed. * Memory Tuning GSoC. * Properly fix memory setting regression in virt.update. * Expose libvirt on_reboot in virt states. - Support transactional systems (MicroOS). - zypperpkg module ignores retcode104 for search(). (bsc#1159670) - Xen disk fixes. No longer generates volumes for Xen disks, but the corresponding file or block disk. (bsc#1175987) - Invalidate file list cache when cache file modified time is in the future. (bsc#1176397) - Prevent import errors when running test_btrfs unit tests Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-3243=1 - SUSE Linux Enterprise Module for Python2 15-SP1: zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2020-3243=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3243=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): salt-api-3000-6.51.1 salt-cloud-3000-6.51.1 salt-master-3000-6.51.1 salt-proxy-3000-6.51.1 salt-ssh-3000-6.51.1 salt-standalone-formulas-configuration-3000-6.51.1 salt-syndic-3000-6.51.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): salt-fish-completion-3000-6.51.1 - SUSE Linux Enterprise Module for Python2 15-SP1 (aarch64 ppc64le s390x x86_64): python2-salt-3000-6.51.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): python3-salt-3000-6.51.1 salt-3000-6.51.1 salt-doc-3000-6.51.1 salt-minion-3000-6.51.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch): salt-bash-completion-3000-6.51.1 salt-zsh-completion-3000-6.51.1 References: https://www.suse.com/security/cve/CVE-2020-16846.html https://www.suse.com/security/cve/CVE-2020-17490.html https://www.suse.com/security/cve/CVE-2020-25592.html https://bugzilla.suse.com/1159670 https://bugzilla.suse.com/1175987 https://bugzilla.suse.com/1176024 https://bugzilla.suse.com/1176294 https://bugzilla.suse.com/1176397 https://bugzilla.suse.com/1177867 https://bugzilla.suse.com/1178319 https://bugzilla.suse.com/1178361 https://bugzilla.suse.com/1178362 https://bugzilla.suse.com/1178485 . SUSE introduced an urgent security patch for salt that tackles various vulnerabilities while delivering essential enhancements and corrections.. SUSE Security Update,salt vulnerabilities,server applications,critical update. . Severity: Critical. LinuxSecurity.com Team
Nov 06, 2020
•Critical
SuSE
89
security advisorynetwork securityfedoraFedora 30: FEDORA-2020-68ab318468 Update for NSS Security Services
- New Firefox and NSS upstream update - More info at https://www.firefox.com/en-US/firefox/75.0/releasenotes/?redirect_source=mozilla-org . --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-68ab318468 2020-04-16 23:01:31.842020 --------------------------------------------------------------------------------Name : nss Product : Fedora 30 Version : 3.51.0 Release : 1.fc30 URL : https://firefox-source-docs.mozilla.org/security/nss/index.html Summary : Network Security Services Description : Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. --------------------------------------------------------------------------------Update Information: - New Firefox and NSS upstream update - More info at https://www.firefox.com/en-US/firefox/75.0/releasenotes/?redirect_source=mozilla-org --------------------------------------------------------------------------------ChangeLog: * Tue Apr 7 2020 Daiki Ueno - 3.51.0-1 - Update to NSS 3.51 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-68ab318468' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Apr 16, 2020
•Critical
Fedora
100
security advisoryinformation leakupdateSUSE Linux Enterprise 15 Important Libvirt Security Update
An update that fixes four vulnerabilities is now available. . SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1356-1 Rating: important References: #1111331 #1135273 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Affected Products: SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for libvirt fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. (bsc#1111331) - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130: Microarchitectural Load Port Data Sampling (MLPDS) - CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) These updates contain the libvirt adjustments, that pass through the new 'md-clear' CPU flag (bsc#1135273). For more information on this set of vulnerabilities, check out https://support.scc.suse.com/s/kb?language=en_US Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-1356=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patchSUSE-SLE-Module-Development-Tools-OBS-15-2019-1356=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1356=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 ppc64le s390x x86_64): libvirt-4.0.0-9.22.1 libvirt-admin-4.0.0-9.22.1 libvirt-admin-debuginfo-4.0.0-9.22.1 libvirt-client-4.0.0-9.22.1 libvirt-client-debuginfo-4.0.0-9.22.1 libvirt-daemon-4.0.0-9.22.1 libvirt-daemon-config-network-4.0.0-9.22.1 libvirt-daemon-config-nwfilter-4.0.0-9.22.1 libvirt-daemon-debuginfo-4.0.0-9.22.1 libvirt-daemon-driver-interface-4.0.0-9.22.1 libvirt-daemon-driver-interface-debuginfo-4.0.0-9.22.1 libvirt-daemon-driver-lxc-4.0.0-9.22.1 libvirt-daemon-driver-lxc-debuginfo-4.0.0-9.22.1 libvirt-daemon-driver-network-4.0.0-9.22.1 libvirt-daemon-driver-network-debuginfo-4.0.0-9.22.1 libvirt-daemon-driver-nodedev-4.0.0-9.22.1 libvirt-daemon-driver-nodedev-debuginfo-4.0.0-9.22.1 libvirt-daemon-driver-nwfilter-4.0.0-9.22.1 libvirt-daemon-driver-nwfilter-debuginfo-4.0.0-9.22.1 libvirt-daemon-driver-qemu-4.0.0-9.22.1 libvirt-daemon-driver-qemu-debuginfo-4.0.0-9.22.1 libvirt-daemon-driver-secret-4.0.0-9.22.1 libvirt-daemon-driver-secret-debuginfo-4.0.0-9.22.1 libvirt-daemon-driver-storage-4.0.0-9.22.1 libvirt-daemon-driver-storage-core-4.0.0-9.22.1 libvirt-daemon-driver-storage-core-debuginfo-4.0.0-9.22.1 libvirt-daemon-driver-storage-disk-4.0.0-9.22.1 libvirt-daemon-driver-storage-disk-debuginfo-4.0.0-9.22.1 libvirt-daemon-driver-storage-iscsi-4.0.0-9.22.1 libvirt-daemon-driver-storage-iscsi-debuginfo-4.0.0-9.22.1 libvirt-daemon-driver-storage-logical-4.0.0-9.22.1 libvirt-daemon-driver-storage-logical-debuginfo-4.0.0-9.22.1 libvirt-daemon-driver-storage-mpath-4.0.0-9.22.1 libvirt-daemon-driver-storage-mpath-debuginfo-4.0.0-9.22.1 libvirt-daemon-driver-storage-scsi-4.0.0-9.22.1 libvirt-daemon-driver-storage-scsi-debuginfo-4.0.0-9.22.1 libvirt-daemon-hooks-4.0.0-9.22.1 libvirt-daemon-lxc-4.0.0-9.22.1 libvirt-daemon-qemu-4.0.0-9.22.1 libvirt-debugsource-4.0.0-9.22.1 libvirt-devel-4.0.0-9.22.1 libvirt-doc-4.0.0-9.22.1 libvirt-lock-sanlock-4.0.0-9.22.1 libvirt-lock-sanlock-debuginfo-4.0.0-9.22.1 libvirt-nss-4.0.0-9.22.1 libvirt-nss-debuginfo-4.0.0-9.22.1 - SUSE Linux Enterprise Module for Server Applications 15 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-4.0.0-9.22.1 libvirt-daemon-driver-storage-rbd-debuginfo-4.0.0-9.22.1 - SUSE Linux Enterprise Module for Server Applications 15 (x86_64): libvirt-daemon-driver-libxl-4.0.0-9.22.1 libvirt-daemon-driver-libxl-debuginfo-4.0.0-9.22.1 libvirt-daemon-xen-4.0.0-9.22.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-4.0.0-9.22.1 wireshark-plugin-libvirt-4.0.0-9.22.1 wireshark-plugin-libvirt-debuginfo-4.0.0-9.22.1 - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-4.0.0-9.22.1 libvirt-libs-4.0.0-9.22.1 libvirt-libs-debuginfo-4.0.0-9.22.1 References: https://www.suse.com/security/cve/CVE-2018-12126.html https://www.suse.com/security/cve/CVE-2018-12127.html https://www.suse.com/security/cve/CVE-2018-12130.html https://www.suse.com/security/cve/CVE-2019-11091.html https://bugzilla.suse.com/1111331 https://bugzilla.suse.com/1135273 _______________________________________________ sle-security-updates mailing list
May 27, 2019
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!