Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -2 articles for you...
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisorycriticalOpenSUSE

openSUSE 2026-0760-1 Critical go1.25-openssl C Code Smuggling

An update that solves two vulnerabilities and contains one feature can now be installed.. # Security update for go1.25-openssl Announcement ID: SUSE-SU-2026:0760-1 Release Date: 2026-03-03T12:38:14Z Rating: critical References: * bsc#1256818 * bsc#1257692 * jsc#SLE-18320 Cross-References: * CVE-2025-61732 * CVE-2025-68121 CVSS scores: * CVE-2025-61732 ( SUSE ): 9.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-61732 ( SUSE ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2025-61732 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2025-68121 ( SUSE ): 7.6 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-68121 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-68121 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2025-68121 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * Development Tools Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities and contains one feature can now be installed. ## Description: This update for go1.25-openssl fixes the following issues: Update to version 1.25.7. Security issues fixed: * CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allows for C code smuggling (bsc#1257692). * CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain (bsc#1256818). Other updates and bugfixes: * version update to 1.25.7: * go#75844 cmd/compile: OOM killed on linux/arm64 *go#77323 crypto/x509: single-label excluded DNS name constraints incorrectly match all wildcard SANs * go#77425 crypto/tls: CL 737700 broke session resumption on macOS ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-760=1 openSUSE-SLE-15.6-2026-760=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-760=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-760=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-760=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * go1.25-openssl-doc-1.25.7-150600.13.12.1 * go1.25-openssl-debuginfo-1.25.7-150600.13.12.1 * go1.25-openssl-1.25.7-150600.13.12.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * go1.25-openssl-race-1.25.7-150600.13.12.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * go1.25-openssl-doc-1.25.7-150600.13.12.1 * go1.25-openssl-debuginfo-1.25.7-150600.13.12.1 * go1.25-openssl-1.25.7-150600.13.12.1 * go1.25-openssl-race-1.25.7-150600.13.12.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * go1.25-openssl-doc-1.25.7-150600.13.12.1 * go1.25-openssl-debuginfo-1.25.7-150600.13.12.1 * go1.25-openssl-1.25.7-150600.13.12.1 * go1.25-openssl-race-1.25.7-150600.13.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * go1.25-openssl-doc-1.25.7-150600.13.12.1 * go1.25-openssl-debuginfo-1.25.7-150600.13.12.1 * go1.25-openssl-1.25.7-150600.13.12.1 * go1.25-openssl-race-1.25.7-150600.13.12.1 ## References: * https://www.suse.com/security/cve/CVE-2025-61732.html *https://www.suse.com/security/cve/CVE-2025-68121.html * https://bugzilla.suse.com/show_bug.cgi?id=1256818 * https://bugzilla.suse.com/show_bug.cgi?id=1257692 * https://jira.suse.com/browse/SLE-18320 . Stay updated with critical security advisory for openSUSE on go1.25-openssl addressing C code smuggling and session keys.. openSUSE security advisory, go1.25-openssl update, critical patches, session ticket vulnerability. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Mar 03, 2026 Critical OpenSUSE
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorycriticalSuSE

SUSE go1.24 Critical Security Flaws and Fixes Advisory 2026-0426-1

An update that solves three vulnerabilities and has one security fix can now be installed.. # Security update for go1.24 Announcement ID: SUSE-SU-2026:0426-1 Release Date: 2026-02-11T08:31:19Z Rating: critical References: * bsc#1236217 * bsc#1256818 * bsc#1256820 * bsc#1257692 Cross-References: * CVE-2025-61732 * CVE-2025-68119 * CVE-2025-68121 CVSS scores: * CVE-2025-61732 ( SUSE ): 9.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-61732 ( SUSE ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2025-61732 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2025-68119 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-68119 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-68119 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-68121 ( SUSE ): 7.6 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-68121 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-68121 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-68121 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Affected Products: * Development Tools Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves three vulnerabilities and has one security fix can now be installed. ## Description: This update for go1.24 fixes the following issues: Update to version 1.24.13. Security issues fixed: * CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allows for C code smuggling (bsc#1257692). * CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain (bsc#1256818). * CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain (bsc1256820). Other updates and bugfixes: * version update to 1.24.13: * go#77323 crypto/x509: single-label excluded DNS name constraints incorrectly match all wildcard SANs * go#77424 crypto/tls: CL 737700 broke session resumption on macOS ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-426=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-426=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-426=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-426=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-426=1 * SUSE Linux Enterprise High Performance Computing LTSS 15SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-426=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-426=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-426=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-426=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-426=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-426=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-426=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * go1.24-race-1.24.13-150000.1.56.1 * go1.24-1.24.13-150000.1.56.1 * go1.24-doc-1.24.13-150000.1.56.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * go1.24-race-1.24.13-150000.1.56.1 * go1.24-1.24.13-150000.1.56.1 * go1.24-doc-1.24.13-150000.1.56.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * go1.24-race-1.24.13-150000.1.56.1 * go1.24-1.24.13-150000.1.56.1 * go1.24-doc-1.24.13-150000.1.56.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * go1.24-race-1.24.13-150000.1.56.1 * go1.24-1.24.13-150000.1.56.1 * go1.24-doc-1.24.13-150000.1.56.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * go1.24-race-1.24.13-150000.1.56.1 * go1.24-1.24.13-150000.1.56.1 * go1.24-doc-1.24.13-150000.1.56.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * go1.24-race-1.24.13-150000.1.56.1 * go1.24-1.24.13-150000.1.56.1 * go1.24-doc-1.24.13-150000.1.56.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64les390x x86_64) * go1.24-race-1.24.13-150000.1.56.1 * go1.24-1.24.13-150000.1.56.1 * go1.24-doc-1.24.13-150000.1.56.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * go1.24-race-1.24.13-150000.1.56.1 * go1.24-1.24.13-150000.1.56.1 * go1.24-doc-1.24.13-150000.1.56.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * go1.24-race-1.24.13-150000.1.56.1 * go1.24-1.24.13-150000.1.56.1 * go1.24-doc-1.24.13-150000.1.56.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * go1.24-race-1.24.13-150000.1.56.1 * go1.24-1.24.13-150000.1.56.1 * go1.24-doc-1.24.13-150000.1.56.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * go1.24-race-1.24.13-150000.1.56.1 * go1.24-1.24.13-150000.1.56.1 * go1.24-doc-1.24.13-150000.1.56.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * go1.24-race-1.24.13-150000.1.56.1 * go1.24-1.24.13-150000.1.56.1 * go1.24-doc-1.24.13-150000.1.56.1 ## References: * https://www.suse.com/security/cve/CVE-2025-61732.html * https://www.suse.com/security/cve/CVE-2025-68119.html * https://www.suse.com/security/cve/CVE-2025-68121.html * https://bugzilla.suse.com/show_bug.cgi?id=1236217 * https://bugzilla.suse.com/show_bug.cgi?id=1256818 * https://bugzilla.suse.com/show_bug.cgi?id=1256820 * https://bugzilla.suse.com/show_bug.cgi?id=1257692 . Critical go1.24 security update addresses three significant flaws with potential for code execution and session issues.. SUSE Security Update, go1.24 Critical Patch, Code Execution Flaw, TLS Session Expiration Fix. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Feb 11, 2026 Critical SuSE
Banner 4 1028x280 1708121825 1771600306
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryupdateFedora

Fedora 34: 2021-065371f385 Critical: Curl TLS Session Ticket Fix

- fix TLS 1.3 session ticket proxy host mixup (CVE-2021-22890) - prevent automatic referer from leaking credentials (CVE-2021-22876). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-065371f385 2021-04-06 00:14:52.001772 --------------------------------------------------------------------------------Name : curl Product : Fedora 34 Version : 7.76.0 Release : 1.fc34 URL : https://curl.se/ Summary : A utility for getting files from remote servers (FTP, HTTP, and others) Description : curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. --------------------------------------------------------------------------------Update Information: - fix TLS 1.3 session ticket proxy host mixup (CVE-2021-22890) - prevent automatic referer from leaking credentials (CVE-2021-22876) --------------------------------------------------------------------------------ChangeLog: * Wed Mar 31 2021 Kamil Dudka - 7.76.0-1 - new upstream release, which fixes the following vulnerabilities CVE-2021-22890 - TLS 1.3 session ticket proxy host mixup CVE-2021-22876 - Automatic referer leaks credentials --------------------------------------------------------------------------------References: [ 1 ] Bug #1945058 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1945058 [ 2 ] Bug #1945059 - CVE-2021-22890 curl: TLS 1.3 session ticket mix-up with HTTPS proxy host [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1945059 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-065371f385' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . Resolved TLS session ticket vulnerabilities and credential exposure in curl on Fedora. Protect your environment with this essential patch.. curl update, Fedora 34 patch, TLS security fix, critical update, curl vulnerabilities. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Apr 05, 2021 Critical Fedora
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisorymoderatesecurity update

openSUSE Leap 15.2: 2021:0510-1 Moderate: Curl Credential Leak

An update that fixes two vulnerabilities is now available. . openSUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:0510-1 Rating: moderate References: #1183933 #1183934 Cross-References: CVE-2021-22876 CVE-2021-22890 CVSS scores: CVE-2021-22876 (SUSE): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N CVE-2021-22890 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) This update was imported from the SUSE:SLE-15-SP2:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-510=1 Package List: - openSUSE Leap 15.2 (i586 x86_64): curl-7.66.0-lp152.3.15.1 curl-debuginfo-7.66.0-lp152.3.15.1 curl-debugsource-7.66.0-lp152.3.15.1 curl-mini-7.66.0-lp152.3.15.1 curl-mini-debuginfo-7.66.0-lp152.3.15.1 curl-mini-debugsource-7.66.0-lp152.3.15.1 libcurl-devel-7.66.0-lp152.3.15.1 libcurl-mini-devel-7.66.0-lp152.3.15.1 libcurl4-7.66.0-lp152.3.15.1 libcurl4-debuginfo-7.66.0-lp152.3.15.1 libcurl4-mini-7.66.0-lp152.3.15.1 libcurl4-mini-debuginfo-7.66.0-lp152.3.15.1 - openSUSE Leap 15.2 (x86_64): libcurl-devel-32bit-7.66.0-lp152.3.15.1 libcurl4-32bit-7.66.0-lp152.3.15.1 libcurl4-32bit-debuginfo-7.66.0-lp152.3.15.1 References: https://www.suse.com/security/cve/CVE-2021-22876.html https://www.suse.com/security/cve/CVE-2021-22890.html https://bugzilla.suse.com/1183933 https://bugzilla.suse.com/1183934 . Patch for curl addresses session token discrepancies and authentication credential vulnerabilities in openSUSE, improving overall security protocols.. openSUSE Update,Curl Fix,Session Security,Software Patch. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Apr 04, 2021 Important OpenSUSE
Banner 4 1028x280 1708121825 1771600306
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisoryimportantgnutls

openSUSE Leap 15.1: Important Update gnutls Session Ticket Issue Fix

An update that solves one vulnerability and has one errata is now available.. openSUSE Security Update: Security update for gnutls ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:0790-1 Rating: important References: #1172461 #1172506 Cross-References: CVE-2020-13777 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for gnutls fixes the following issues: - CVE-2020-13777: Fixed an insecure session ticket key construction which could have made the TLS server to not bind the session ticket encryption key with a value supplied by the application until the initial key rotation, allowing an attacker to bypass authentication in TLS 1.3 and recover previous conversations in TLS 1.2 (bsc#1172506). - Fixed an improper handling of certificate chain with cross-signed intermediate CA certificates (bsc#1172461). This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-790=1 Package List: - openSUSE Leap 15.1 (i586 x86_64): gnutls-3.6.7-lp151.2.18.1 gnutls-debuginfo-3.6.7-lp151.2.18.1 gnutls-debugsource-3.6.7-lp151.2.18.1 gnutls-guile-3.6.7-lp151.2.18.1 gnutls-guile-debuginfo-3.6.7-lp151.2.18.1 libgnutls-dane-devel-3.6.7-lp151.2.18.1 libgnutls-dane0-3.6.7-lp151.2.18.1 libgnutls-dane0-debuginfo-3.6.7-lp151.2.18.1 libgnutls-devel-3.6.7-lp151.2.18.1 libgnutls30-3.6.7-lp151.2.18.1 libgnutls30-debuginfo-3.6.7-lp151.2.18.1 libgnutls30-hmac-3.6.7-lp151.2.18.1 libgnutlsxx-devel-3.6.7-lp151.2.18.1 libgnutlsxx28-3.6.7-lp151.2.18.1 libgnutlsxx28-debuginfo-3.6.7-lp151.2.18.1 - openSUSE Leap 15.1 (x86_64): libgnutls-devel-32bit-3.6.7-lp151.2.18.1 libgnutls30-32bit-3.6.7-lp151.2.18.1 libgnutls30-32bit-debuginfo-3.6.7-lp151.2.18.1 libgnutls30-hmac-32bit-3.6.7-lp151.2.18.1 References: https://www.suse.com/security/cve/CVE-2020-13777.html https://bugzilla.suse.com/1172461 https://bugzilla.suse.com/1172506 -- . This patch resolves a critical issue within gnutls on openSUSE that impacts the integrity of TLS communications and session handling.. gnutls, openSUSE Leap, security update, session ticket, important. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jun 10, 2020 Important OpenSUSE
100
Ls Advisories Suse Esm H240
Price Tag 1security advisoryauthenticationgnutls

SUSE: 2020:1584-1 Important: GnuTLS Authentication Bypass Threat

An update that solves one vulnerability and has one errata is now available. . SUSE Security Update: Security update for gnutls ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1584-1 Rating: important References: #1172461 #1172506 Cross-References: CVE-2020-13777 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP1 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for gnutls fixes the following issues: - CVE-2020-13777: Fixed an insecure session ticket key construction which could have made the TLS server to not bind the session ticket encryption key with a value supplied by the application until the initial key rotation, allowing an attacker to bypass authentication in TLS 1.3 and recover previous conversations in TLS 1.2 (bsc#1172506). - Fixed an improper handling of certificate chain with cross-signed intermediate CA certificates (bsc#1172461). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-1584=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-1584=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patchSUSE-SLE-Module-Basesystem-15-SP2-2020-1584=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1584=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1584=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-1584=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): gnutls-3.6.7-6.29.1 gnutls-debuginfo-3.6.7-6.29.1 gnutls-debugsource-3.6.7-6.29.1 libgnutls-devel-3.6.7-6.29.1 libgnutls30-3.6.7-6.29.1 libgnutls30-debuginfo-3.6.7-6.29.1 libgnutls30-hmac-3.6.7-6.29.1 libgnutlsxx-devel-3.6.7-6.29.1 libgnutlsxx28-3.6.7-6.29.1 libgnutlsxx28-debuginfo-3.6.7-6.29.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libgnutls30-32bit-3.6.7-6.29.1 libgnutls30-32bit-debuginfo-3.6.7-6.29.1 libgnutls30-hmac-32bit-3.6.7-6.29.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): gnutls-3.6.7-6.29.1 gnutls-debuginfo-3.6.7-6.29.1 gnutls-debugsource-3.6.7-6.29.1 libgnutls-devel-3.6.7-6.29.1 libgnutls30-3.6.7-6.29.1 libgnutls30-debuginfo-3.6.7-6.29.1 libgnutls30-hmac-3.6.7-6.29.1 libgnutlsxx-devel-3.6.7-6.29.1 libgnutlsxx28-3.6.7-6.29.1 libgnutlsxx28-debuginfo-3.6.7-6.29.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): gnutls-3.6.7-6.29.1 gnutls-debuginfo-3.6.7-6.29.1 gnutls-debugsource-3.6.7-6.29.1 libgnutls-devel-3.6.7-6.29.1 libgnutls30-3.6.7-6.29.1 libgnutls30-debuginfo-3.6.7-6.29.1 libgnutls30-hmac-3.6.7-6.29.1 libgnutlsxx-devel-3.6.7-6.29.1 libgnutlsxx28-3.6.7-6.29.1 libgnutlsxx28-debuginfo-3.6.7-6.29.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libgnutls30-32bit-3.6.7-6.29.1 libgnutls30-32bit-debuginfo-3.6.7-6.29.1 libgnutls30-hmac-32bit-3.6.7-6.29.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): gnutls-3.6.7-6.29.1 gnutls-debuginfo-3.6.7-6.29.1 gnutls-debugsource-3.6.7-6.29.1 libgnutls-devel-3.6.7-6.29.1 libgnutls30-3.6.7-6.29.1 libgnutls30-debuginfo-3.6.7-6.29.1 libgnutls30-hmac-3.6.7-6.29.1 libgnutlsxx-devel-3.6.7-6.29.1 libgnutlsxx28-3.6.7-6.29.1 libgnutlsxx28-debuginfo-3.6.7-6.29.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libgnutls30-32bit-3.6.7-6.29.1 libgnutls30-32bit-debuginfo-3.6.7-6.29.1 libgnutls30-hmac-32bit-3.6.7-6.29.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): gnutls-3.6.7-6.29.1 gnutls-debuginfo-3.6.7-6.29.1 gnutls-debugsource-3.6.7-6.29.1 libgnutls-devel-3.6.7-6.29.1 libgnutls30-3.6.7-6.29.1 libgnutls30-debuginfo-3.6.7-6.29.1 libgnutls30-hmac-3.6.7-6.29.1 libgnutlsxx-devel-3.6.7-6.29.1 libgnutlsxx28-3.6.7-6.29.1 libgnutlsxx28-debuginfo-3.6.7-6.29.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libgnutls30-32bit-3.6.7-6.29.1 libgnutls30-32bit-debuginfo-3.6.7-6.29.1 libgnutls30-hmac-32bit-3.6.7-6.29.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): gnutls-3.6.7-6.29.1 gnutls-debuginfo-3.6.7-6.29.1 gnutls-debugsource-3.6.7-6.29.1 libgnutls-devel-3.6.7-6.29.1 libgnutls30-3.6.7-6.29.1 libgnutls30-debuginfo-3.6.7-6.29.1 libgnutls30-hmac-3.6.7-6.29.1 libgnutlsxx-devel-3.6.7-6.29.1 libgnutlsxx28-3.6.7-6.29.1 libgnutlsxx28-debuginfo-3.6.7-6.29.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libgnutls30-32bit-3.6.7-6.29.1 libgnutls30-32bit-debuginfo-3.6.7-6.29.1 libgnutls30-hmac-32bit-3.6.7-6.29.1 References: https://www.suse.com/security/cve/CVE-2020-13777.html https://bugzilla.suse.com/1172461 https://bugzilla.suse.com/1172506 _______________________________________________ sle-security-updates mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. http://lists.suse.com/mailman/listinfo/sle-security-updates . SUSE Security Patch resolves gnutls vulnerabilities, corrects authentication loophole and mitigates TLS 1.2 threats. Ensure your security!. SUSE Linux, GnuTLS Security, SUSE Update, Authentication Bypass. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jun 09, 2020 Important SuSE
Banner 4 1028x280 1708121825 1771600306
87
Ls Advisories Debian Esm H240
Price Tag 1security advisoryDebianman-in-the-middle

Debian DSA-4697-1: GnuTLS28 Security Update Critical: TLS Key Flaw

A flaw was reported in the TLS session ticket key construction in GnuTLS, a library implementing the TLS and SSL protocols. The flaw caused the TLS server to not securely construct a session ticket encryption key considering the application supplied secret, allowing a . - ------------------------------------------------------------------------- Debian Security Advisory DSA-4697-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Salvatore Bonaccorso June 06, 2020 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : gnutls28 CVE ID : CVE-2020-13777 Debian Bug : 962289 A flaw was reported in the TLS session ticket key construction in GnuTLS, a library implementing the TLS and SSL protocols. The flaw caused the TLS server to not securely construct a session ticket encryption key considering the application supplied secret, allowing a man-in-the-middle attacker to bypass authentication in TLS 1.3 and recover previous conversations in TLS 1.2. For the stable distribution (buster), this problem has been fixed in version 3.6.7-4+deb10u4. We recommend that you upgrade your gnutls28 packages. For the detailed security status of gnutls28 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/gnutls28 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . GnuTLS session ticket vulnerability addressed in Debian DSA-4698-2. Upgrade advised for improved security.. GnuTLS Security Fix, Debian Update, TLS Encryption Issue. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jun 06, 2020 Critical Debian
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here