Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
100
security advisorysecurity fiximportantSUSE: 2022:180-1 Important Security Update for SLES12SP3 Container
The container suse/sles12sp3 was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:180-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.352 , suse/sles12sp3:latest Container Release : 24.352 Severity : important Type : security References : 1190354 1195054 1195217 CVE-2022-23852 CVE-2022-23990 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:495-1 Released: Fri Feb 18 10:40:22 2022 Summary: Security update for expat Type: security Severity: important References: 1195054,1195217,CVE-2022-23852,CVE-2022-23990 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:521-1 Released: Fri Feb 18 12:46:15 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1190354 This update for coreutils fixes the following issues: - Remove problematic special leaf optimization cases for XFS that can lead to du crashes. (bsc#1190354) The following package changes have been done: - expat-2.1.0-21.15.1 updated - coreutils-8.25-13.13.1 updated - libexpat1-2.1.0-21.15.1 updated . An upgrade for the SUSE Container suse/sles12sp3 implements essential fixes enhancing the safety of containers.. SUSE, SLES12SP3, Container Update, Expats, Security Fixes. . Severity: Important. LinuxSecurity.com Team
Feb 19, 2022
•Important
SuSE
100
security advisorysecurity fixlow severitySUSE: 2021:346-1 Low Severity: OpenSSL Patch for sles12sp3
The container suse/sles12sp3 was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:346-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.304 , suse/sles12sp3:latest Container Release : 24.304 Severity : low Type : security References : 1189521 CVE-2021-3712 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3144-1 Released: Mon Sep 20 07:57:55 2021 Summary: Security update for openssl Type: security Severity: low References: 1189521,CVE-2021-3712 This update for openssl fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). . SUSE Container Notification: suse/sles12sp3 update information, featuring security fixes for OpenSSL addressing low-risk vulnerabilities.. SUSE Container Update, OpenSSL Security, SLES 12 SP3 Advisory, SUSE Security Fix. . Severity: Low. LinuxSecurity.com Team
Sep 22, 2021
•Low
SuSE
100
security advisoryupdatesecuritySUSE: 2021:94-1 Important: suse/sles12sp3 Security Update
The container suse/sles12sp3 was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:94-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.237 , suse/sles12sp3:latest Container Release : 24.237 Severity : important Type : security References : 1116107 1159635 1174215 1175109 1178727 1178823 1178909 1178925 1178966 1179398 1179398 1179399 1179491 1180073 1181728 1182138 1182279 1182331 1182333 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 CVE-2019-19906 CVE-2020-1971 CVE-2020-25709 CVE-2020-25710 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8231 CVE-2020-8284 CVE-2020-8284 CVE-2020-8285 CVE-2021-23840 CVE-2021-23841 CVE-2021-27212 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3569-1 Released: Mon Nov 30 17:13:16 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1178727 This update for pam fixes the following issue: - Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3573-1 Released: Mon Nov 30 18:13:05 2020 Summary: Recommended update for sg3_utils Type: recommended Severity: low References: 1116107 This update for sg3_utils fixes thefollowing issues: - Fixed wrong device ID for devices using NAA extended format (bsc#1116107) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3763-1 Released: Fri Dec 11 14:17:32 2020 Summary: Security update for openssl Type: security Severity: important References: 1179491,CVE-2020-1971 This update for openssl fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3794-1 Released: Mon Dec 14 17:40:20 2020 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1174215,1178925,1178966 This update for libzypp, zypper fixes the following issues: Changes in zypper: - Fix typo in `list-patches` help. (bsc#1178925) The options for selecting issues matching the specified string is `--issue[=STRING]`, not `--issues[=STRING]`. Changes in libzypp: - Fix in repository manager for removing non-directory entries related to the cache. (bsc#1178966) - Remove from the logs the credentials available from the authorization header. (bsc#1174215) The authorization header may include base64 encoded credentials which could be restored from the log file. The credentials are now stripped from the log. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3800-1 Released: Mon Dec 14 18:55:59 2020 Summary: Security update for curl Type: security Severity: moderate References: 1175109,1179398,CVE-2020-8231,CVE-2020-8284 This update for curl fixes the following issues: - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). - CVE-2020-8231: Fixed an issue with trusting FTP PASV responses (bsc#1175109). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3876-1 Released: Fri Dec 18 16:45:252020 Summary: Security update for curl Type: security Severity: moderate References: 1179398,1179399,CVE-2020-8284,CVE-2020-8285 This update for curl fixes the following issue: - CVE-2020-8285: Fixed an FTP wildcard stack overflow (bsc#1179399). - CVE-2020-8284: Adjust trusting FTP PASV responses (bsc#1179398). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3939-1 Released: Mon Dec 28 14:29:41 2020 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1159635,CVE-2019-19906 This update for cyrus-sasl fixes the following issues: - CVE-2019-19906: Fixed an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet (bsc#1159635). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:26-1 Released: Tue Jan 5 14:18:00 2021 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation. (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:128-1 Released: Thu Jan 14 11:01:24 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). ----------------------------------------------------------------- Advisory ID:SUSE-RU-2021:588-1 Released: Thu Feb 25 06:10:02 2021 Summary: Recommended update for file Type: recommended Severity: moderate References: 1182138 This update for file fixes the following issues: - Fixed an issue when file is used with a string started with '80'. (bsc#1182138) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:693-1 Released: Wed Mar 3 18:13:33 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch-> bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial ofservice (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:939-1 Released: Wed Mar 24 12:24:38 2021 Summary: Security update for openssl Type: security Severity: moderate References: 1182331,1182333,CVE-2021-23840,CVE-2021-23841 This update for openssl fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:970-1 Released: Mon Mar 29 14:53:14 2021 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1181728 This update for apparmor fixes the following issues: - Add abstraction/base fix to apparmor-profile. (bsc#1181728) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1003-1 Released: Thu Apr 1 15:06:58 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) . SUSE Container updates include important security patches, fixes, and recommended updates to safeguard against threats.. SUSE Container Advisory, Security Updates, Patch Management, Software Enhancements. .Severity: Important. LinuxSecurity.com Team
Apr 03, 2021
•Important
SuSE
100
security advisoryimportantroot passwordSUSE: 2019:1368-1 Important: sles12sp3/sles12sp4 Images Security Advisory
An update that fixes one vulnerability is now available. . SUSE Security Update: Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:1368-1 Rating: important References: #1134524 Cross-References: CVE-2019-5021 Affected Products: SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues: - CVE-2019-5021: Include an invalidated root password by default, not an empty one (bsc#1134524) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2019-1368=1 - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-1368=1 Package List: - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): suse-sles12sp3-image-2.0.2-22.1 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): system-user-root-20190513-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-5021.html https://bugzilla.suse.com/1134524 _______________________________________________ sle-security-updates mailing list
May 28, 2019
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!