Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
100
security advisorymoderatesecurity issueSUSE: 2024:2807-1 Moderate: Shadow Update for CVE-2013-4235
* bsc#1228770 Cross-References: * CVE-2013-4235 . # Security update for shadow Announcement ID: SUSE-SU-2024:2807-1 Rating: moderate References: * bsc#1228770 Cross-References: * CVE-2013-4235 CVSS scores: * CVE-2013-4235 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2013-4235 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves one vulnerability can now be installed. ## Description: This update for shadow fixes the following issues: * Fixed not copying of skel files (bsc#1228770) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-2807=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-2807=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * login_defs-4.8.1-150400.3.12.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * shadow-debuginfo-4.8.1-150400.3.12.1 * shadow-debugsource-4.8.1-150400.3.12.1 * shadow-4.8.1-150400.3.12.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * login_defs-4.8.1-150400.3.12.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * shadow-debuginfo-4.8.1-150400.3.12.1 * shadow-debugsource-4.8.1-150400.3.12.1 * shadow-4.8.1-150400.3.12.1 ## References: * https://www.suse.com/security/cve/CVE-2013-4235.html * https://bugzilla.suse.com/show_bug.cgi?id=1228770 . A recent security patch for SUSE shadow addresses a significant vulnerability impacting SUSE Linux Enterprise Server.. SUSE Shadow Update, Security Advisory SUSE, Moderate Security Fix, Linux Enterprise Micro. . Severity: Important. LinuxSecurity.com Team
Aug 07, 2024
•Important
SuSE
100
security advisorysecurity issueSUSESUSE: 2023:3390-1 Critical: bci/php-apache Security Update
The container bci/php-apache was updated. The following patches have been included in this update:. SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3387-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-8.9 Container Release : 8.9 Severity : important Type : security References : 1214806 1215859 1215888 1215889 CVE-2023-38545 CVE-2023-38546 CVE-2023-43655 CVE-2023-4641 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4024-1 Released: Tue Oct 10 13:24:40 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4041-1 Released: Tue Oct 10 18:28:16 2023 Summary: Security update for php-composer2 Type: security Severity: moderate References: 1215859,CVE-2023-43655 This update for php-composer2 fixes the following issues: - CVE-2023-43655: Fixed a remote code execution issue that could be triggered if users published a web-accessible composer.phar file (bsc#1215859). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4044-1 Released: Wed Oct 11 09:01:14 2023 Summary: Security update for curl Type: security Severity: important References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) Thefollowing package changes have been done: - login_defs-4.8.1-150400.10.12.1 updated - libcurl4-8.0.1-150400.5.32.1 updated - shadow-4.8.1-150400.10.12.1 updated - php-composer2-2.2.3-150400.3.6.1 updated - container:sles15-image-15.0.0-36.5.41 updated . Crucial security patch released for bci/php-apache tackling various flaws and significant concerns within SUSE environments.. SUSE Container Update,bci/php-apache security,security patches. . Severity: Important. LinuxSecurity.com Team
Oct 13, 2023
•Important
SuSE
202
security advisorylow severitypassword leakopenSUSE 15.x: SUSE-SU-2023:4024-1 Low: Shadow Password Leak
This update for shadow fixes the following issues: CVE-2023-4641: Fixed potential password leak (bsc#1214806).. # Security update for shadow Announcement ID: SUSE-SU-2023:4024-1 Rating: low References: * #1214806 Cross-References: * CVE-2023-4641 CVSS scores: * CVE-2023-4641 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for shadow fixes the following issues: * CVE-2023-4641: Fixed potential password leak (bsc#1214806). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4024=1 SUSE-2023-4024=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4024=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4024=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4024=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4024=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4024=1 ## Package List: * openSUSE Leap 15.4 (noarch) * login_defs-4.8.1-150400.10.12.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * shadow-debugsource-4.8.1-150400.10.12.1 * shadow-4.8.1-150400.10.12.1 * shadow-debuginfo-4.8.1-150400.10.12.1 * openSUSE Leap 15.5 (noarch) * login_defs-4.8.1-150400.10.12.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * shadow-debugsource-4.8.1-150400.10.12.1 * shadow-4.8.1-150400.10.12.1 * shadow-debuginfo-4.8.1-150400.10.12.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * login_defs-4.8.1-150400.10.12.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * shadow-debugsource-4.8.1-150400.10.12.1 * shadow-4.8.1-150400.10.12.1 * shadow-debuginfo-4.8.1-150400.10.12.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * login_defs-4.8.1-150400.10.12.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * shadow-debugsource-4.8.1-150400.10.12.1 * shadow-4.8.1-150400.10.12.1 * shadow-debuginfo-4.8.1-150400.10.12.1 * Basesystem Module 15-SP4 (noarch) * login_defs-4.8.1-150400.10.12.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * shadow-debugsource-4.8.1-150400.10.12.1 * shadow-4.8.1-150400.10.12.1 * shadow-debuginfo-4.8.1-150400.10.12.1 * Basesystem Module 15-SP5 (noarch) * login_defs-4.8.1-150400.10.12.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * shadow-debugsource-4.8.1-150400.10.12.1 * shadow-4.8.1-150400.10.12.1 * shadow-debuginfo-4.8.1-150400.10.12.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4641.html * https://bugzilla.suse.com/show_bug.cgi?id=1214806 . A recent patch addresses a minor vulnerability in shadow that may expose passwords. Ensure your system is protected by applying the latest updates.. SUSE Security Update, Password Leak Fix, Shadow Security Advisory. .Severity: Low. LinuxSecurity.com Team
Oct 10, 2023
•Low
OpenSUSE
100
security advisorySUSEcontainer updateSUSE: 2023:1549-1 Moderate: Rancher/Seedimage-Builder Container Security
The container rancher/seedimage-builder/5.3 was updated. The following patches have been included in this update:. SUSE Container Update Advisory: rancher/seedimage-builder/5.3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1549-1 Container Tags : rancher/seedimage-builder/5.3:1.2.2 , rancher/seedimage-builder/5.3:1.2.2-2.2.18 , rancher/seedimage-builder/5.3:latest Container Release : 2.2.18 Severity : moderate Type : security References : 1206513 1209713 1209714 1209918 1210135 1210411 1210412 1210434 1210507 CVE-2023-24593 CVE-2023-25180 CVE-2023-28484 CVE-2023-29383 CVE-2023-29469 CVE-2023-29491 ----------------------------------------------------------------- The container rancher/seedimage-builder/5.3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2060-1 Released: Thu Apr 27 17:04:25 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of servicecaused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) The following package changes have been done: - libz1-1.2.11-150000.3.42.1 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - libglib-2_0-0-2.70.5-150400.3.8.1 updated - libxml2-2-2.9.14-150400.5.16.1 updated - login_defs-4.8.1-150400.10.6.1 updated - shadow-4.8.1-150400.10.6.1 updated - container:sles15-image-15.0.0-27.14.60 updated . SUSE's latest update for rancher/seedimage-builder/5.3 enhances security and optimizes performance, addressing vulnerabilities to safeguard systems and improve reliability. SUSE Updates, Rancher Security, Container Fixes, Libxml2 Issues, Glib2 Vulnerabilities. .LinuxSecurity.com Team
May 12, 2023
SuSE
100
security advisorysecurity issuemoderate severitySUSE: 2023:1371-1 Moderate: Shadow Security Issue Report
The container suse/sles12sp4 was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1371-1 Container Tags : suse/sles12sp4:26.595 , suse/sles12sp4:latest Container Release : 26.595 Severity : moderate Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2069-1 Released: Fri Apr 28 13:55:42 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - base-container-licenses-3.0-1.345 updated - shadow-4.2.1-27.22.1 updated . Critical maintenance release for the suse/sles12sp4 image, incorporating essential fixes for flaws that impact security protocols.. Container Update, SUSE Security, Patch Management. . LinuxSecurity.com Team
Apr 30, 2023
SuSE
100
security advisorylocal escalationSUSE LinuxSUSE: 2021:3098-2 Critical: Privilege Escalation in Shadow
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for shadow ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:1997-1 Rating: important References: #1099310 Cross-References: CVE-2016-6252 Affected Products: SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Desktop 12-SP3 SUSE Enterprise Storage 4 SUSE CaaS Platform ALL OpenStack Cloud Magnum Orchestration 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for shadow fixes the following issues: - CVE-2016-6252: Incorrect integer handling could results in local privilege escalation (bsc#1099310) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1351=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2018-1351=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1351=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-1351=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1351=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-1351=1 - SUSE CaaS Platform ALL: To install this update, use the SUSE CaaS Platform Velum dashboard. It will informyou if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - OpenStack Cloud Magnum Orchestration 7: zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1351=1 Package List: - SUSE OpenStack Cloud 7 (s390x x86_64): shadow-4.2.1-27.9.1 shadow-debuginfo-4.2.1-27.9.1 shadow-debugsource-4.2.1-27.9.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): shadow-4.2.1-27.9.1 shadow-debuginfo-4.2.1-27.9.1 shadow-debugsource-4.2.1-27.9.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): shadow-4.2.1-27.9.1 shadow-debuginfo-4.2.1-27.9.1 shadow-debugsource-4.2.1-27.9.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): shadow-4.2.1-27.9.1 shadow-debuginfo-4.2.1-27.9.1 shadow-debugsource-4.2.1-27.9.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): shadow-4.2.1-27.9.1 shadow-debuginfo-4.2.1-27.9.1 shadow-debugsource-4.2.1-27.9.1 - SUSE Enterprise Storage 4 (x86_64): shadow-4.2.1-27.9.1 shadow-debuginfo-4.2.1-27.9.1 shadow-debugsource-4.2.1-27.9.1 - SUSE CaaS Platform ALL (x86_64): shadow-4.2.1-27.9.1 shadow-debuginfo-4.2.1-27.9.1 shadow-debugsource-4.2.1-27.9.1 - OpenStack Cloud Magnum Orchestration 7 (x86_64): shadow-4.2.1-27.9.1 shadow-debuginfo-4.2.1-27.9.1 shadow-debugsource-4.2.1-27.9.1 References: https://www.suse.com/security/cve/CVE-2016-6252.html https://bugzilla.suse.com/1099310 . Patch for Shadow launched addressing local privilege elevation vulnerability in multiple SUSE offerings. Refer to advisory for further information.. SUSE Linux Enterprise, Shadow Update, Security Patch, Local Escalation. . Severity: Critical. LinuxSecurity.com Team
Jul 19, 2018
•Critical
SuSE
217
security advisorysecurity fixlow severityEnterprise Linux 4 ELSA-2007-0276 Low Severity Shadow Update
The following updated rpms for Enterprise Linux 4 have been uploaded to the Unbreakable Linux Network: . Enterprise Linux Security Advisory ELSA-2007-0276 https://access.redhat.com/errata/RHSA-2007:0276.html The following updated rpms for Enterprise Linux 4 have been uploaded to the Unbreakable Linux Network: i386: shadow-utils-4.0.3-61.RHEL4.i386.rpm x86_64: shadow-utils-4.0.3-61.RHEL4.x86_64.rpm SRPMS: https://oss.oracle.com:443/el4/SRPMS-updates/shadow-utils-4.0.3-61.RHEL4.src.rpm Description of changes: [2:4.0.3-61.RHEL4] - fix comment in /etc/login.defs (#188263) - faster faillog reset (#177017) - do not strip binaries (#176949) - fix mailbox creation race condition (#193053) . Corporate Linux Security Update CLA-2007-0150 handles shadow configuration vulnerabilities on the Unyielding Linux Network.. Enterprise Linux Update, Shadow Fix, Security Patches, RPM Update. . Severity: Low. LinuxSecurity.com Team
May 17, 2007
•Low
Oracle
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!