Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 15 articles for you...
202
security advisorycriticalexecutionopenSUSE Leap 16.0 Go1.24 Critical Execution Risk 2026-20220-1
An update that solves 3 vulnerabilities and has 4 bug fixes can now be installed.. openSUSE security update: security update for go1.24 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20220-1 Rating: critical References: * bsc#1236217 * bsc#1256818 * bsc#1256820 * bsc#1257692 Cross-References: * CVE-2025-61732 * CVE-2025-68119 * CVE-2025-68121 CVSS scores: * CVE-2025-61732 ( SUSE ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2025-61732 ( SUSE ): 9.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-68119 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-68119 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-68121 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-68121 ( SUSE ): 7.6 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 3 vulnerabilities and has 4 bug fixes can now be installed. Description: This update for go1.24 fixes the following issues: Update to version 1.24.13. Security issues fixed: - CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allows for C code smuggling (bsc#1257692). - CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain (bsc#1256818). - CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain (bsc1256820). Other updates and bugfixes: - version update to 1.24.13: * go#77323 crypto/x509: single-label excluded DNS name constraints incorrectly match all wildcard SANs * go#77424 crypto/tls: CL 737700 broke session resumption on macOS Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_updateor "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-270=1 Package List: - openSUSE Leap 16.0: go1.24-1.24.13-160000.1.1 go1.24-doc-1.24.13-160000.1.1 go1.24-libstd-1.24.13-160000.1.1 go1.24-race-1.24.13-160000.1.1 References: * https://www.suse.com/security/cve/CVE-2025-61732.html * https://www.suse.com/security/cve/CVE-2025-68119.html * https://www.suse.com/security/cve/CVE-2025-68121.html . Install the critical openSUSE update for go1.24 that resolves multiple security issues and enhances stability.. openSUSE update, Go application, critical security issues. . Severity: Critical. LinuxSecurity.com Team
Feb 15, 2026
•Critical
OpenSUSE
172
security advisorydenial of serviceUbuntuUbuntu 24.04 LTS: Tomcat Moderate Auth Bypass Denial of Service USN-7705-1
Several security issues were fixed in Tomcat.. ========================================================================== Ubuntu Security Notice USN-7705-1 August 20, 2025 tomcat10 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.04 LTS Summary: Several security issues were fixed in Tomcat. Software Description: - tomcat10: Servlet and JSP engine Details: It was discovered that Tomcat did not correctly handle case sensitivity. An attacker could possibly use this issue to bypass authentication mechanisms. (CVE-2025-46701) Elysee Franchuk discovered that Tomcat did not correctly limit the number of attributes for a session. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 24.04 LTS. (CVE-2024-54677) It was discovered that Tomcat did not correctly sanitize certain URLs. An attacker could possibly use this issue to bypass authentication mechanisms. (CVE-2025-31651) It was discovered that Tomcat did not correctly handle certain malformed HTTP headers, which could lead to a memory leak. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 24.04 LTS. (CVE-2025-31650) It was discovered that Tomcat did not correctly handle concurrent operations under certain circumstances. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 24.04 LTS. (CVE-2024-50379) It was discovered that Tomcat did not correctly handle certain authentication errors. An attacker could possibly use this issue to bypass authentication mechanisms. This issue only affected Ubuntu 24.04 LTS. (CVE-2024-52316) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 libtomcat10-java 10.1.35-1ubuntu0.1 tomcat10 10.1.35-1ubuntu0.1 Ubuntu 24.04 LTS libtomcat10-java 10.1.16-1ubuntu0.1~esm3 Available with Ubuntu Pro tomcat10 10.1.16-1ubuntu0.1~esm3 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7705-1 CVE-2024-50379, CVE-2024-52317, CVE-2024-54677, CVE-2025-31650, CVE-2025-31651, CVE-2025-46701 Package Information: https://launchpad.net/ubuntu/+source/tomcat10/10.1.35-1ubuntu0.1 . Multiple vulnerabilities in Tomcat on Ubuntu patched, impacting security and performance. Upgrade immediately for safety.. Ubuntu security notices, Tomcat security issues, authentication bypass fixes. . Severity: Important. LinuxSecurity.com Team
Aug 20, 2025
•Important
Ubuntu
89
security advisorysecurity issueFedoraFedora 40: 2025-016ed44ddc moderate: nginx TLS session bypass
Changes with nginx 1.26.3 05 Feb 2025 *) Security: insufficient check in virtual servers handling with TLSv1.3 SNI allowed to reuse SSL sessions in a different virtual server, to bypass client SSL certificates verification (CVE-2025-23419). *) Bugfix: in the ngx_http_mp4_module.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-016ed44ddc 2025-02-15 02:22:06.812098+00:00 -------------------------------------------------------------------------------- Name : nginx-mod-fancyindex Product : Fedora 40 Version : 0.5.2 Release : 8.fc40 URL : Summary : Nginx FancyIndex module Description : The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: * Custom headers. Either local or stored remotely. * Custom footers. Either local or stored remotely. * Add you own CSS style rules. * Allow choosing to sort elements by name (default), modification time, or size; both ascending (default), or descending. -------------------------------------------------------------------------------- Update Information: Changes with nginx 1.26.3 05 Feb 2025 *) Security: insufficient check in virtual servers handling with TLSv1.3 SNI allowed to reuse SSL sessions in a different virtual server, to bypass client SSL certificates verification (CVE-2025-23419). *) Bugfix: in the ngx_http_mp4_module. Thanks to Nils Bars. *) Workaround: "gzip filter failed to use preallocated memory" alerts appeared in logs when using zlib-ng. *) Bugfix: nginx could not build libatomic library using the library sources if the --with-libatomic=DIR option was used. *) Bugfix: nginx now ignores QUIC version negotiation packets from clients. *) Bugfix: nginxcould not be built on Solaris 10 and earlier with the ngx_http_v3_module. *) Bugfixes in HTTP/3. -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 6 2025 Felix Kaechele - 0.5.2-8 - Rebuild for nginx 1.26.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2277663 - please switch to using systemd-sysusers to create the nginx user https://bugzilla.redhat.com/show_bug.cgi?id=2277663 [ 2 ] Bug #2344197 - CVE-2025-23419 nginx: TLS Session Resumption Vulnerability [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2344197 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-016ed44ddc' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Feb 15, 2025
Fedora
89
security advisorycriticalFedoraFedora 38: FEDORA-2024-39d50cc975 Critical: PHP Memory Leak Fixes
PHP version 8.2.18 (11 Apr 2024) Core: Fixed bug GH-13612 (Corrupted memory in destructor with weak references). (nielsdos) Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). (Remi). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-39d50cc975 2024-04-19 02:52:22.310679 -------------------------------------------------------------------------------- Name : php Product : Fedora 38 Version : 8.2.18 Release : 1.fc38 URL : http://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. -------------------------------------------------------------------------------- Update Information: PHP version 8.2.18 (11 Apr 2024) Core: Fixed bug GH-13612 (Corrupted memory in destructor with weak references). (nielsdos) Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). (Remi) Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor). (Arnaud) DOM: Add some missing ZPP checks. (nielsdos) Fix potential memory leak in XPath evaluation results. (nielsdos) Fix phpdoc for DOMDocument load methods. (VincentLanglet) FPM Fix incorrect check in fpm_shm_free(). (nielsdos) GD: Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). (Michael Orlitzky) Gettext: Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL. (David Carlier) MySQLnd: Fix GH-13452 (Fixed handshake response [mysqlnd]). (Saki Takamachi) Fix incorrect charset length in check_mb_eucjpms(). (nielsdos) Opcache: Fixed GH-13508 (JITedQM_ASSIGN may be optimized out when op1 is null). (Arnaud, Dmitry) Fixed GH-13712 (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded). (Bob) PDO: Fix various PDORow bugs. (Girgias) Random: Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes). (timwolla) Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used). (timwolla) Session: Fixed bug GH-13680 (Segfault with session_decode and compilation error). (nielsdos) Sockets: Fixed bug GH-13604 (socket_getsockname returns random characters in the end of the socket name). (David Carlier) SPL: Fixed bug GH-13531 (Unable to resize SplfixedArray after being unserialized in PHP 8.2.15). (nielsdos) Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). (nielsdos) Standard: Fixed bug GH-11808 (Live filesystem modified by tests). (nielsdos) Fixed GH-13402 (Added validation of \n in $additional_headers of mail()). (SakiTakamachi) Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows). (divinity76) Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka) Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos) Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096) (Jakub Zelenka) XML: Fixed bug GH-13517 (Multiple test failures when building with --with-expat). (nielsdos) -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 10 2024 Remi Collet - 8.2.18-1 - Update to 8.2.18 - http://www.php.net/releases/8_2_18.php -------------------------------------------------------------------------------- References: [ 1 ] Bug #2275058 - CVE-2024-2756 php: host/secure cookie bypass due to partial CVE-2022-31629 fix https://bugzilla.redhat.com/show_bug.cgi?id=2275058 [ 2 ] Bug #2275061 - CVE-2024-3096 php: password_verify can erroneously return true, opening ATO risk https://bugzilla.redhat.com/show_bug.cgi?id=2275061 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-39d50cc975' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Apr 19, 2024
•Critical
Fedora
203
security advisorysoftware updateXSSMageia 8 & 9: MGASA-2023-0352 critical: Fusiondirectory XSS fixes
The updated packages fix security vulnerabilities: Fusiondirectory 1.3 suffers from Improper Session Handling. (CVE-2022-36179) Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirectory/index.php?message=[injection], . MGASA-2023-0352 - Updated fusiondirectory packages fix security vulnerabilities Publication date: 19 Dec 2023 URL: https://advisories.mageia.org/MGASA-2023-0352.html Type: security Affected Mageia releases: 8, 9 CVE: CVE-2022-36179, CVE-2022-36180 The updated packages fix security vulnerabilities: Fusiondirectory 1.3 suffers from Improper Session Handling. (CVE-2022-36179) Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirectory/index.php?message=[injection], /fusiondirectory/index.php?message=invalidparameter&plug={Injection], /fusiondirectory/index.php?signout=1&message=[injection]&plug=106. (CVE-2022-36180) References: - https://bugs.mageia.org/show_bug.cgi?id=32092 - https://lists.debian.org/debian-lts-announce/2023/07/msg00009.html - https://www.cve.org/CVERecord?id=CVE-2022-36179 - https://www.cve.org/CVERecord?id=CVE-2022-36180 SRPMS: - 9/core/fusiondirectory-1.3.1-1.2.mga9 - 8/core/fusiondirectory-1.3.1-1.2.mga8 . A critical update for Fusiondirectory resolves important vulnerabilities related to session control and Cross-Site Scripting (XSS) for Mageia editions 8 and 9.. Fusiondirectory Security Update,Mageia Security Advisory,Cross Site Scripting,Improper Session Handling. . Severity: Critical. LinuxSecurity.com Team
Dec 19, 2023
•Critical
Mageia
100
security advisorymoderatesecurity fixSUSE: 2023:4873-1 moderate: fix for xrdp session handling issue
* bsc#1214805 * bsc#1215803 * bsc#1217759 Cross-References: . # Security update for xrdp Announcement ID: SUSE-SU-2023:4873-1 Rating: moderate References: * bsc#1214805 * bsc#1215803 * bsc#1217759 Cross-References: * CVE-2023-40184 * CVE-2023-42822 CVSS scores: * CVE-2023-40184 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2023-40184 ( NVD ): 2.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L * CVE-2023-42822 ( SUSE ): 4.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N * CVE-2023-42822 ( NVD ): 4.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for xrdp fixes the following issues: * CVE-2023-42822: Fixed unchecked access to font glyph info (bsc#1215803). * CVE-2023-40184: Fixed restriction bypass via improper session handling (bsc#1214805). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4873=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4873=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4873=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * xrdp-0.9.10-3.16.1 * xrdp-debugsource-0.9.10-3.16.1 * xrdp-debuginfo-0.9.10-3.16.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * xrdp-0.9.10-3.16.1 * xrdp-debugsource-0.9.10-3.16.1 * xrdp-debuginfo-0.9.10-3.16.1 * SUSELinux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * xrdp-0.9.10-3.16.1 * xrdp-debugsource-0.9.10-3.16.1 * xrdp-debuginfo-0.9.10-3.16.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40184.html * https://www.suse.com/security/cve/CVE-2023-42822.html * https://bugzilla.suse.com/show_bug.cgi?id=1214805 * https://bugzilla.suse.com/show_bug.cgi?id=1215803 * https://bugzilla.suse.com/show_bug.cgi?id=1217759 . A significant security upgrade for Xrdp has been released to tackle critical weaknesses. Adhere to the patch instructions to resolve. xrdp Patch,SUSE Security Update,Moderate Security Fix. . LinuxSecurity.com Team
Dec 14, 2023
SuSE
203
security advisorycritical patchsession handlingMageia: 2023-0276 Moderate: Xrdp Session Handling Bypass Risk
In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The `auth_start_session` function can return non-zero (1) value on, e.g., PAM error which may result in in session restrictions such as max concurrent sessions per user by PAM (ex ./etc/security/limits.conf) to . MGASA-2023-0276 - Updated xrdp packages fix security vulnerability Publication date: 30 Sep 2023 URL: https://advisories.mageia.org/MGASA-2023-0276.html Type: security Affected Mageia releases: 8, 9 CVE: CVE-2023-40184 In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The `auth_start_session` function can return non-zero (1) value on, e.g., PAM error which may result in in session restrictions such as max concurrent sessions per user by PAM (ex ./etc/security/limits.conf) to be bypassed. (CVE-2023-40184) References: - https://bugs.mageia.org/show_bug.cgi?id=32276 - https://www.cve.org/CVERecord?id=CVE-2023-40184 - https://lists.fedoraproject.org/archives/list/
Sep 30, 2023
Mageia
202
security advisorymoderatesoftware updateopenSUSE: 2023:3830-1 Moderate: Fix xrdp Session Handling Issue
This update for xrdp fixes the following issues: CVE-2023-40184: Fixed restriction bypass via improper session handling (bsc#1214805).. # Security update for xrdp Announcement ID: SUSE-SU-2023:3830-1 Rating: moderate References: * #1214805 Cross-References: * CVE-2023-40184 CVSS scores: * CVE-2023-40184 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2023-40184 ( NVD ): 2.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for xrdp fixes the following issues: * CVE-2023-40184: Fixed restriction bypass via improper session handling (bsc#1214805). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3830=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3830=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3830=1 * Basesystem Module 15-SP5 zypper in -t patchSUSE-SLE-Module-Basesystem-15-SP5-2023-3830=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3830=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3830=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3830=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * xrdp-debugsource-0.9.13.1-150200.4.24.1 * libpainter0-debuginfo-0.9.13.1-150200.4.24.1 * xrdp-debuginfo-0.9.13.1-150200.4.24.1 * xrdp-devel-0.9.13.1-150200.4.24.1 * libpainter0-0.9.13.1-150200.4.24.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.24.1 * xrdp-0.9.13.1-150200.4.24.1 * librfxencode0-0.9.13.1-150200.4.24.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * xrdp-debugsource-0.9.13.1-150200.4.24.1 * libpainter0-debuginfo-0.9.13.1-150200.4.24.1 * xrdp-debuginfo-0.9.13.1-150200.4.24.1 * xrdp-devel-0.9.13.1-150200.4.24.1 * libpainter0-0.9.13.1-150200.4.24.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.24.1 * xrdp-0.9.13.1-150200.4.24.1 * librfxencode0-0.9.13.1-150200.4.24.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * xrdp-debugsource-0.9.13.1-150200.4.24.1 * libpainter0-debuginfo-0.9.13.1-150200.4.24.1 * xrdp-debuginfo-0.9.13.1-150200.4.24.1 * xrdp-devel-0.9.13.1-150200.4.24.1 * libpainter0-0.9.13.1-150200.4.24.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.24.1 * xrdp-0.9.13.1-150200.4.24.1 * librfxencode0-0.9.13.1-150200.4.24.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * xrdp-debugsource-0.9.13.1-150200.4.24.1 * libpainter0-debuginfo-0.9.13.1-150200.4.24.1 * xrdp-debuginfo-0.9.13.1-150200.4.24.1 * xrdp-devel-0.9.13.1-150200.4.24.1 * libpainter0-0.9.13.1-150200.4.24.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.24.1 * xrdp-0.9.13.1-150200.4.24.1 *librfxencode0-0.9.13.1-150200.4.24.1 * SUSE Manager Proxy 4.2 (x86_64) * xrdp-debugsource-0.9.13.1-150200.4.24.1 * libpainter0-debuginfo-0.9.13.1-150200.4.24.1 * xrdp-debuginfo-0.9.13.1-150200.4.24.1 * xrdp-devel-0.9.13.1-150200.4.24.1 * libpainter0-0.9.13.1-150200.4.24.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.24.1 * xrdp-0.9.13.1-150200.4.24.1 * librfxencode0-0.9.13.1-150200.4.24.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * xrdp-debugsource-0.9.13.1-150200.4.24.1 * libpainter0-debuginfo-0.9.13.1-150200.4.24.1 * xrdp-debuginfo-0.9.13.1-150200.4.24.1 * xrdp-devel-0.9.13.1-150200.4.24.1 * libpainter0-0.9.13.1-150200.4.24.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.24.1 * xrdp-0.9.13.1-150200.4.24.1 * librfxencode0-0.9.13.1-150200.4.24.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * xrdp-debugsource-0.9.13.1-150200.4.24.1 * libpainter0-debuginfo-0.9.13.1-150200.4.24.1 * xrdp-debuginfo-0.9.13.1-150200.4.24.1 * xrdp-devel-0.9.13.1-150200.4.24.1 * libpainter0-0.9.13.1-150200.4.24.1 * librfxencode0-debuginfo-0.9.13.1-150200.4.24.1 * xrdp-0.9.13.1-150200.4.24.1 * librfxencode0-0.9.13.1-150200.4.24.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40184.html * https://bugzilla.suse.com/show_bug.cgi?id=1214805 . A critical patch for xrdp focusing on mitigating security loopholes related to access control on openSUSE platforms. Discover further details now!. xrdp Security Update, openSUSE Advisory, restriction bypass fix. . Severity: Important. LinuxSecurity.com Team
Sep 27, 2023
•Important
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!