Stay Vigilant with Timely Linux Security Advisories

security advisorysecurity issuecritical patch

SUSE: 2021:275-3 Critical: Kubernetes Node Security Update

The container ses/7/prometheus-webhook-snmp was updated. The following patches have been included in this update:. SUSE Container Update Advisory: ses/7/prometheus-webhook-snmp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:273-1 Container Tags : ses/7/prometheus-webhook-snmp:1.4 , ses/7/prometheus-webhook-snmp:1.4.1.282 , ses/7/prometheus-webhook-snmp:latest , ses/7/prometheus-webhook-snmp:sle15.2.octopus Container Release : 1.282 Severity : important Type : security References : 1029961 1040589 1047218 1047218 1050625 1078466 1084671 1099521 1106014 1125671 1140565 1141597 1146705 1153687 1154393 1154935 1155094 1157818 1158812 1158958 1158959 1158960 1159491 1159715 1159847 1159850 1160309 1160438 1160439 1161268 1161276 1164719 1167471 1169006 1171883 1172091 1172115 1172234 1172236 1172240 1172308 1172442 1172695 1173582 1173641 1174016 1174091 1174436 1174514 1174571 1174701 1174942 1175289 1175448 1175449 1175458 1175514 1175519 1175623 1176201 1176262 1176784 1176785 1177127 1177211 1177238 1177275 1177427 1177460 1177460 1177490 1177583 1178009 1178168 1178219 1178346 1178386 1178554 1178561 1178577 1178624 1178675 1178775 1178775 1178823 1178825 1178909 1178910 1178966 1179083 1179193 1179222 1179363 1179398 1179399 1179415 1179491 1179503 1179593 1179630 1179694 1179721 1179756 1179816 1179824 1179847 1179909 1180020 1180038 1180073 1180077 1180083 1180138 1180225 1180377 1180596 1180603 1180603 1180663 1180686 1180721 1180836 1180851 1180851 1180885 1181011 1181126 1181328 1181358 1181443 1181505 1181622 11818311181874 1181874 1181976 1182016 1182117 1182279 1182328 1182331 1182333 1182362 1182372 1182379 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182604 1182629 1182791 1182899 1182936 1182936 1182959 1183064 1183094 1183268 1183370 1183371 1183374 1183456 1183457 1183589 1183628 1183628 1183791 1183797 1183801 1183852 1183933 1183934 1184326 1184358 1184399 1184401 1184435 1184614 1184690 1184761 1184967 1184997 1184997 1184997 1185046 1185163 1185221 1185239 1185239 1185325 1185331 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185540 1185562 1185698 1185807 1185958 1186015 1186049 1186114 1186447 1186503 1186579 1186642 1186642 1186642 1187060 1187210 1187212 1187292 1187400 928700 928701 CVE-2015-3414 CVE-2015-3415 CVE-2017-9271 CVE-2019-16935 CVE-2019-18348 CVE-2019-19244 CVE-2019-19317 CVE-2019-19603 CVE-2019-19645 CVE-2019-19646 CVE-2019-19880 CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19926 CVE-2019-19959 CVE-2019-20218 CVE-2019-20907 CVE-2019-20916 CVE-2019-25013 CVE-2019-5010 CVE-2020-11080 CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-14343 CVE-2020-14422 CVE-2020-15358 CVE-2020-1971 CVE-2020-24370 CVE-2020-24371 CVE-2020-25659 CVE-2020-25709 CVE-2020-25710 CVE-2020-26116 CVE-2020-27618 CVE-2020-27619 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230CVE-2020-8025 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2020-8492 CVE-2020-9327 CVE-2021-20231 CVE-2021-20232 CVE-2021-20305 CVE-2021-22876 CVE-2021-22890 CVE-2021-22898 CVE-2021-23336 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3177 CVE-2021-3326 CVE-2021-33560 CVE-2021-3426 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 CVE-2021-3541 CVE-2021-3580 ----------------------------------------------------------------- The container ses/7/prometheus-webhook-snmp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3721-1 Released: Wed Dec 9 13:36:46 2020 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1179491,CVE-2020-1971 This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3735-1 Released: Wed Dec 9 18:19:24 2020 Summary: Security update for curl Type: security Severity: moderate References: 1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286 This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCPverification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount –a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3930-1 Released: Wed Dec 23 18:19:39 2020 Summary: Security update for python3 Type: security Severity: important References: 1155094,1174091,1174571,1174701,1177211,1178009,1179193,1179630,CVE-2019-16935,CVE-2019-18348,CVE-2019-20907,CVE-2019-5010,CVE-2020-14422,CVE-2020-26116,CVE-2020-27619,CVE-2020-8492 This update forpython3 fixes the following issues: - Fixed CVE-2020-27619 (bsc#1178009), where Lib/test/multibytecodec_support calls eval() on content retrieved via HTTP. - Change setuptools and pip version numbers according to new wheels - Handful of changes to make python36 compatible with SLE15 and SLE12 (jsc#ECO-2799, jsc#SLE-13738) - add triplets for mips-r6 and riscv - RISC-V needs CTYPES_PASS_BY_REF_HACK Update to 3.6.12 (bsc#1179193) * Ensure python3.dll is loaded from correct locations when Python is embedded * The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address). * Prevent http header injection by rejecting control characters in http.client.putrequest(…). * Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now UnpicklingError instead of crashing. * Avoid infinite loop when reading specially crafted TAR files using the tarfile module - This release also fixes CVE-2020-26116 (bsc#1177211) and CVE-2019-20907 (bsc#1174091). Update to 3.6.11: - Disallow CR or LF in email.headerregistry. Address arguments to guard against header injection attacks. - Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. (bsc#1155094) - CVE-2020-8492: The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3946-1 Released: Tue Dec 29 17:39:54 2020 Summary: Recommended update for python3 Type: recommended Severity: important References: 1180377 This update for python3 fixes the following issues: - A previous update inadvertently removed the 'PyFPE_jbuf' symbol from Python3, which caused regressions in several applications. (bsc#1180377) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignorelegacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend aptpackagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:179-1 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883,CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommendedupdate for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:301-1 Released: Thu Feb 4 08:46:27 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:529-1 Released: Fri Feb 19 14:53:47 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1176262,1179756,1180686,1181126,CVE-2019-20916,CVE-2021-3177 This update for python3 fixes the following issues: - CVE-2021-3177: Fixed buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution (bsc#1181126). - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:656-1 Released: Mon Mar 1 09:34:21 2021 Summary: Recommended update for protobuf Type: recommended Severity: moderate References: 1177127 This update for protobuf fixes the following issues: - Add missing dependency of python subpackages on python-six. (bsc#1177127) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resultingin denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch-> bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories(bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' > = 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:930-1 Released: Wed Mar 24 12:09:23 2021 Summary: Security update for nghttp2 Type: security Severity: important References: 1172442,1181358,CVE-2020-11080 This update for nghttp2 fixes the following issues: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue whichcould have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:947-1 Released: Wed Mar 24 14:30:58 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1182379,CVE-2021-23336 This update for python3 fixes the following issues: - python36 was updated to 3.6.13 - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator (bsc#1182379). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue.[bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:985-1 Released: Tue Mar 30 14:42:46 2021 Summary: Recommended update for the Azure SDK and CLI Type: recommended Severity: moderate References: 1125671,1140565,1154393,1174514,1175289,1176784,1176785,1178168,CVE-2020-14343,CVE-2020-25659 This update for the Azure SDK and CLI adds support for the AHB (Azure Hybrid Benefit). (bsc#1176784, jsc#ECO=3105) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- AdvisoryID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a useafter free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`.(bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1557-1 Released: Tue May 11 09:50:00 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1183374,CVE-2021-3426 This update for python3 fixes the following issues: - CVE-2021-3426: Fixed an information disclosure via pydoc (bsc#1183374) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update foropenldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal(bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1762-1 Released: Wed May 26 12:30:01 2021 Summary: Security update for curl Type: security Severity: moderate References: 1186114,CVE-2021-22898 This update for curl fixes the following issues: - CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114). - Allow partial chain verification [jsc#SLE-17956] * Have intermediate certificates in the trust store be treated as trust-anchors, in the same way as self-signed root CA certificates are. This allows users to verify servers using the intermediate cert only, instead of needing the whole chain. * Set FLAG_TRUSTED_FIRST unconditionally. * Do not check partial chains with CRL check. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1773-1 Released: Wed May 26 17:22:21 2021 Summary: Recommended update for python3 Type: recommended Severity: low References: This update for python3 fixes the following issues: - Make sure to close the import_failed.map file after the exception has been raised in order to avoid ResourceWarnings when the failing import is part of a try...except block. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1833-1 Released: Wed Jun 2 15:32:28 2021 Summary: Recommended update for zypper Type: recommended Severity: moderate References: 1153687,1180851,1181874,1182372,1182936,1183268,1183589,1183628,1184997,1185239 This update for zypper fixes the following issues: zypper was upgraded to 1.14.44: - man page: Recommend the needs-rebooting command to test whether a system reboot is suggested. - patch: Let a patch's reboot-needed flag overrule included packages. (bsc#1183268) - Quickfix setting 'openSUSE_Tumbleweed' as default platform for 'MicroOS'. (bsc#1153687) -Protect against strict/relaxed user umask via sudo. (bsc#1183589) - xml summary: Add solvables repository alias. (bsc#1182372) libzypp was upgraded from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1861-1 Released: Fri Jun 4 09:59:40 2021 Summary: Recommended update for gcc10 Type: recommended Severity: moderate References: 1029961,1106014,1178577,1178624,1178675,1182016 This update for gcc10 fixes the following issues: - Disable nvptx offloading for aarch64 again since it doesn't work - Fixed a build failure issue. (bsc#1182016) - Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577) - Fix 32bit 'libgnat.so' link. (bsc#1178675) - prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961) - Build complete set of multilibs for arm-none target. (bsc#1106014) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1879-1 Released: Tue Jun 8 09:16:09 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1184326,1184399,1184997,1185325 This update for libzypp, zypper fixes the following issues: libzypp was updated to 17.26.0: - Work around download.o.o broken https redirects. - Allow trusted repos to add additional signing keys (bsc#1184326) Repositories signed with a trusted gpg key may import additional package signing keys. This is needed if differentkeys were used to sign the the packages shipped by the repository. - MediaCurl: Fix logging of redirects. - Use 15.3 resolver problem and solution texts on all distros. - $ZYPP_LOCK_TIMEOUT: Let negative values wait forever for the zypp lock (bsc#1184399) Helps boot time services like 'zypper purge-kernels' to wait for the zypp lock until other services using zypper have completed. - Fix purge-kernels is broken in Leap 15.3 (bsc#1185325) Leap 15.3 introduces a new kernel package called kernel-flavour-extra, which contain kmp's. Currently kmp's are detected by name '.*-kmp(-.*)?' but this does not work which those new packages. This patch fixes the problem by checking packages for kmod(*) and ksym(*) provides and only falls back to name checking if the package in question does not provide one of those. - Introduce zypp-runpurge, a tool to run purge-kernels on testcases. zypper was updated to 1.14.45: - Fix service detection with cgroupv2 (bsc#1184997) - Add hints to 'trust GPG key' prompt. - Add report when receiving new package signing keys from a trusted repo (bsc#1184326) - Added translation using Weblate (Kabyle) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1917-1 Released: Wed Jun 9 14:48:05 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1186015,CVE-2021-3541 This update for libxml2 fixes the following issues: - CVE-2021-3541: Fixed exponential entity expansion attack bypasses all existing protection mechanisms. (bsc#1186015) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1937-1 Released: Thu Jun 10 10:47:09 2021 Summary: Recommended update for nghttp2 Type: recommended Severity: moderate References: 1186642 This update for nghttp2 fixes the following issue: - The (lib)nghttp2 packages had a lower release number in SUSE Linux Enterprise 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues.(bsc#1186642) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1953-1 Released: Thu Jun 10 16:18:50 2021 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1161268,1172308 This update for gpg2 fixes the following issues: - Fixed an issue where the gpg-agent's ssh-agent does not handle flags in signing requests properly (bsc#1161268 and bsc#1172308). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2001-1 Released: Thu Jun 17 16:54:07 2021 Summary: Recommended update for python-pycryptodome Type: recommended Severity: moderate References: 1186642 This update for python-pycryptodome fixes the following issue: - python-pycryptodome had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2096-1 Released: Mon Jun 21 13:35:38 2021 Summary: Recommended update for python-six Type: recommended Severity: moderate References: 1186642 This update for python-six fixes the following issue: - python-six had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2143-1 Released: Wed Jun 23 16:27:04 2021 Summary: Security update for libnettle Type: security Severity: important References: 1187060,CVE-2021-3580 This update for libnettle fixes the following issues: - CVE-2021-3580: Fixed a remote denial of service in the RSA decryption via manipulated ciphertext (bsc#1187060). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2157-1 Released: Thu Jun 24 15:40:14 2021 Summary: Security update for libgcrypt Type: security Severity: important References: 1187212,CVE-2021-33560 This update for libgcrypt fixes the following issues: - CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2173-1 Released: Mon Jun 28 14:59:45 2021 Summary: Recommended update for automake Type: recommended Severity: moderate References: 1040589,1047218,1182604,1185540,1186049 This update for automake fixes the following issues: - Implement generated autoconf makefiles reproducible (bsc#1182604) - Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848) - Avoid bashisms in test-driver script. (bsc#1185540) This update for pcre fixes the following issues: - Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589) This update for brp-check-suse fixes the following issues: - Add fixes to support reproducible builds. (bsc#1186049) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2196-1 Released: Tue Jun 29 09:41:39 2021 Summary: Security update for lua53 Type: security Severity: moderate References: 1175448,1175449,CVE-2020-24370,CVE-2020-24371 This update for lua53 fixes the following issues: Update to version 5.3.6: - CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449) - CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448) - Long brackets with a huge number of '=' overflow some internal buffer arithmetic. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2205-1 Released: Wed Jun 30 09:17:41 2021 Summary: Recommended update for openldap2 Type: recommended Severity: important References: 1187210 This update for openldap2 fixes the following issues: - Resolve issues in theidle / connection 'TTL' timeout implementation in OpenLDAP. (bsc#1187210) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2229-1 Released: Thu Jul 1 20:40:37 2021 Summary: Recommended update for release packages Type: recommended Severity: moderate References: 1099521,1185221 This update for the release packages provides the following fix: - Fix grub menu entries after migration from SLE-12*. (bsc#1099521) - Adjust the sles-release changelog to include an entry for the previous release that was reverting a broken change. (bsc#1185221) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2246-1 Released: Mon Jul 5 15:17:49 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1154935,1167471,1178561,1184761,1184967,1185046,1185331,1185807,1185958,1187292,1187400 This update for systemd fixes the following issues: cgroup: Parse infinity properly for memory protections. (bsc#1167471) cgroup: Make empty assignments reset to default. (bsc#1167471) cgroup: Support 0-value for memory protection directives. (bsc#1167471) core/cgroup: Fixed an issue with ignored parameter of 'MemorySwapMax=0'. (bsc#1154935) bus-unit-util: Add proper 'MemorySwapMax' serialization. core: Accept MemorySwapMax= properties that are scaled. execute: Make sure to call into PAM after initializing resource limits. (bsc#1184967) core: Rename 'ShutdownWatchdogSec' to 'RebootWatchdogSec'. (bsc#1185331) Return -EAGAIN instead of -EALREADY from unit_reload. (bsc#1185046) rules: Don't ignore Xen virtual interfaces anymore. (bsc#1178561) write_net_rules: Set execute bits. (bsc#1178561) udev: Rework network device renaming. Revert 'Revert 'udev: Network device renaming - immediately give up if the target name isn't available' mount-util: tape over name_to_handle_at() flakiness (#7517) (bsc#1184761) core: fix output (logging) for mount units (#7603)(bsc#1187400) udev requires systemd in its %post (bsc#1185958) cgroup: Parse infinity properly for memory protections (bsc#1167471) cgroup: Make empty assignments reset to default (bsc#1167471) cgroup: Support 0-value for memory protection directives (bsc#1167471) Create /run/lock/subsys again (bsc#1187292) The creation of this directory was mistakenly dropped when 'filesystem' package took the initialization of the generic paths over. Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:2249-1 Released: Mon Jul 5 15:40:46 2021 Summary: Optional update for gnutls Type: optional Severity: low References: 1047218,1186579 This update for gnutls does not fix any user visible issues. It is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2273-1 Released: Thu Jul 8 09:48:48 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1186447,1186503 This update for libzypp, zypper fixes the following issues: - Enhance XML output of repo GPG options - Add optional attributes showing the raw values actually present in the '.repo' file. - Link all executables with -PIE (bsc#1186447) - Ship an empty '/etc/zypp/needreboot' per default (jsc#PM-2645) - Add 'Solvable::isBlacklisted' as superset of retracted and ptf packages (bsc#1186503) - Fix segv if 'ZYPP_FULLOG' is set. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2320-1 Released: Wed Jul 14 17:01:06 2021 Summary: Security update for sqlite3 Type: security Severity: important References: 1157818,1158812,1158958,1158959,1158960,1159491,1159715,1159847,1159850,1160309,1160438,1160439,1164719,1172091,1172115,1172234,1172236,1172240,1173641,928700,928701,CVE-2015-3414,CVE-2015-3415,CVE-2019-19244,CVE-2019-19317,CVE-2019-19603,CVE-2019-19645,CVE-2019-19646,CVE-2019-19880,CVE-2019-19923,CVE-2019-19924,CVE-2019-19925,CVE-2019-19926,CVE-2019-19959,CVE-2019-20218,CVE-2020-13434,CVE-2020-13435,CVE-2020-13630,CVE-2020-13631,CVE-2020-13632,CVE-2020-15358,CVE-2020-9327 This update for sqlite3 fixes the following issues: - Update to version 3.36.0 - CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization (bsc#1173641) - CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator (bsc#1164719) - CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439) - CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438) - CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference (bsc#1160309) - CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850) - CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847) - CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c (bsc#1159715) - CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference (bsc#1159491) - CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name (bsc#1158960) - CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns (bsc#1158959) - CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views inconjunction with ALTER TABLE statements (bsc#1158958) - CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service (bsc#1158812) - CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818) - CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701) - CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700) - CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115) - CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow - CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236) - CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240) - CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091) . SUSE Container Update Notice: ses/7/prometheus-webhook-snmp features essential security enhancements and fixes.. prometheus webhook snmp, SUSE containers, security updates, linux patch management. . Severity: Important. LinuxSecurity.com Team

Jul 21, 2021 •Important SuSE

security advisoryred hatbug fix

Red Hat: RHSA-2020:5201-01 Important: Net-SNMP Privilege Management Issue

An update for net-snmp is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: net-snmp security and bug fix update Advisory ID: RHSA-2020:5201-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:5201 Issue date: 2020-11-24 CVE Names: CVE-2020-15862 ==================================================================== 1. Summary: An update for net-snmp is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream E4S (v. 8.0) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS E4S (v. 8.0) - aarch64, ppc64le, s390x, x86_64 3. Description: The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser. Security Fix(es): * net-snmp: Improper Privilege Management in EXTEND MIB may lead to privileged commands execution (CVE-2020-15862) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listedin the References section. Bug Fix(es): * net-snmp flood messages file with 'ipaddress_linux: could not open /proc/net/if_inet6: No such file or directory' if ipv6 is disabled on the system. (BZ#1755818) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1873038 - CVE-2020-15862 net-snmp: Improper Privilege Management in EXTEND MIB may lead to privileged commands execution 6. Package List: Red Hat Enterprise Linux AppStream E4S (v.8.0): aarch64: net-snmp-5.8-7.el8_0.4.aarch64.rpm net-snmp-agent-libs-5.8-7.el8_0.4.aarch64.rpm net-snmp-agent-libs-debuginfo-5.8-7.el8_0.4.aarch64.rpm net-snmp-debuginfo-5.8-7.el8_0.4.aarch64.rpm net-snmp-debugsource-5.8-7.el8_0.4.aarch64.rpm net-snmp-devel-5.8-7.el8_0.4.aarch64.rpm net-snmp-libs-debuginfo-5.8-7.el8_0.4.aarch64.rpm net-snmp-perl-debuginfo-5.8-7.el8_0.4.aarch64.rpm net-snmp-utils-5.8-7.el8_0.4.aarch64.rpm net-snmp-utils-debuginfo-5.8-7.el8_0.4.aarch64.rpm ppc64le: net-snmp-5.8-7.el8_0.4.ppc64le.rpm net-snmp-agent-libs-5.8-7.el8_0.4.ppc64le.rpm net-snmp-agent-libs-debuginfo-5.8-7.el8_0.4.ppc64le.rpm net-snmp-debuginfo-5.8-7.el8_0.4.ppc64le.rpm net-snmp-debugsource-5.8-7.el8_0.4.ppc64le.rpm net-snmp-devel-5.8-7.el8_0.4.ppc64le.rpm net-snmp-libs-debuginfo-5.8-7.el8_0.4.ppc64le.rpm net-snmp-perl-debuginfo-5.8-7.el8_0.4.ppc64le.rpm net-snmp-utils-5.8-7.el8_0.4.ppc64le.rpm net-snmp-utils-debuginfo-5.8-7.el8_0.4.ppc64le.rpm s390x: net-snmp-5.8-7.el8_0.4.s390x.rpm net-snmp-agent-libs-5.8-7.el8_0.4.s390x.rpm net-snmp-agent-libs-debuginfo-5.8-7.el8_0.4.s390x.rpm net-snmp-debuginfo-5.8-7.el8_0.4.s390x.rpm net-snmp-debugsource-5.8-7.el8_0.4.s390x.rpm net-snmp-devel-5.8-7.el8_0.4.s390x.rpm net-snmp-libs-debuginfo-5.8-7.el8_0.4.s390x.rpm net-snmp-perl-debuginfo-5.8-7.el8_0.4.s390x.rpm net-snmp-utils-5.8-7.el8_0.4.s390x.rpm net-snmp-utils-debuginfo-5.8-7.el8_0.4.s390x.rpm x86_64: net-snmp-5.8-7.el8_0.4.x86_64.rpm net-snmp-agent-libs-5.8-7.el8_0.4.i686.rpm net-snmp-agent-libs-5.8-7.el8_0.4.x86_64.rpm net-snmp-agent-libs-debuginfo-5.8-7.el8_0.4.i686.rpm net-snmp-agent-libs-debuginfo-5.8-7.el8_0.4.x86_64.rpm net-snmp-debuginfo-5.8-7.el8_0.4.i686.rpm net-snmp-debuginfo-5.8-7.el8_0.4.x86_64.rpm net-snmp-debugsource-5.8-7.el8_0.4.i686.rpm net-snmp-debugsource-5.8-7.el8_0.4.x86_64.rpm net-snmp-devel-5.8-7.el8_0.4.i686.rpm net-snmp-devel-5.8-7.el8_0.4.x86_64.rpm net-snmp-libs-debuginfo-5.8-7.el8_0.4.i686.rpm net-snmp-libs-debuginfo-5.8-7.el8_0.4.x86_64.rpm net-snmp-perl-debuginfo-5.8-7.el8_0.4.i686.rpm net-snmp-perl-debuginfo-5.8-7.el8_0.4.x86_64.rpm net-snmp-utils-5.8-7.el8_0.4.x86_64.rpm net-snmp-utils-debuginfo-5.8-7.el8_0.4.i686.rpm net-snmp-utils-debuginfo-5.8-7.el8_0.4.x86_64.rpm Red Hat Enterprise Linux BaseOS E4S (v. 8.0): Source: net-snmp-5.8-7.el8_0.4.src.rpm aarch64: net-snmp-agent-libs-debuginfo-5.8-7.el8_0.4.aarch64.rpm net-snmp-debuginfo-5.8-7.el8_0.4.aarch64.rpm net-snmp-debugsource-5.8-7.el8_0.4.aarch64.rpm net-snmp-libs-5.8-7.el8_0.4.aarch64.rpm net-snmp-libs-debuginfo-5.8-7.el8_0.4.aarch64.rpm net-snmp-perl-debuginfo-5.8-7.el8_0.4.aarch64.rpm net-snmp-utils-debuginfo-5.8-7.el8_0.4.aarch64.rpm ppc64le: net-snmp-agent-libs-debuginfo-5.8-7.el8_0.4.ppc64le.rpm net-snmp-debuginfo-5.8-7.el8_0.4.ppc64le.rpm net-snmp-debugsource-5.8-7.el8_0.4.ppc64le.rpm net-snmp-libs-5.8-7.el8_0.4.ppc64le.rpm net-snmp-libs-debuginfo-5.8-7.el8_0.4.ppc64le.rpm net-snmp-perl-debuginfo-5.8-7.el8_0.4.ppc64le.rpm net-snmp-utils-debuginfo-5.8-7.el8_0.4.ppc64le.rpm s390x: net-snmp-agent-libs-debuginfo-5.8-7.el8_0.4.s390x.rpm net-snmp-debuginfo-5.8-7.el8_0.4.s390x.rpm net-snmp-debugsource-5.8-7.el8_0.4.s390x.rpm net-snmp-libs-5.8-7.el8_0.4.s390x.rpm net-snmp-libs-debuginfo-5.8-7.el8_0.4.s390x.rpm net-snmp-perl-debuginfo-5.8-7.el8_0.4.s390x.rpm net-snmp-utils-debuginfo-5.8-7.el8_0.4.s390x.rpm x86_64: net-snmp-agent-libs-debuginfo-5.8-7.el8_0.4.i686.rpm net-snmp-agent-libs-debuginfo-5.8-7.el8_0.4.x86_64.rpm net-snmp-debuginfo-5.8-7.el8_0.4.i686.rpm net-snmp-debuginfo-5.8-7.el8_0.4.x86_64.rpm net-snmp-debugsource-5.8-7.el8_0.4.i686.rpm net-snmp-debugsource-5.8-7.el8_0.4.x86_64.rpm net-snmp-libs-5.8-7.el8_0.4.i686.rpm net-snmp-libs-5.8-7.el8_0.4.x86_64.rpm net-snmp-libs-debuginfo-5.8-7.el8_0.4.i686.rpm net-snmp-libs-debuginfo-5.8-7.el8_0.4.x86_64.rpm net-snmp-perl-debuginfo-5.8-7.el8_0.4.i686.rpm net-snmp-perl-debuginfo-5.8-7.el8_0.4.x86_64.rpm net-snmp-utils-debuginfo-5.8-7.el8_0.4.i686.rpm net-snmp-utils-debuginfo-5.8-7.el8_0.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verifythe signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-15862 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX7zbGtzjgjWX9erEAQicYA/7Bn0wcvaZDxmvEqG5YiZzjjO9CEenoNXE Yqlqq25DBeagOPEF/hEFX/U17wCwb05TjMuU9dvlqX8QGNiRqsD5Wh5hOflb+9Vq CMhCwjcbAOmbt0yd+Biw+Q6z6s+f+PmjLnAz5SSkUxlDPlYXY7myfA1tGjO9OTM7 FbJNZtNAgbWATErmOW8Jz0T8xYv/JjtW6NWADRtkvlWSAWIGg2sDQHmXDAmBpB2r HHhSx4VrhURvu7t+louKRXwM9FrnDES/n2OFJGACnoADPad5wm7xwKaxkVhB/IgS b3TzsXiwSpQ9H5k5y6jEzPERGqu2Id/GujZE/OhToJHX0fH3P2p6w8fNF/B417e4 XLSrBqMMt2x5mInum3aYe/OSNk+OHY4RgiJV5D1Ej8a9+FDJjHOsfQs0P1+0zk3i DpXWdU5DxHEBrbOTB4JwaB8Wme/vik9qLy+oyGjtz3v/Rv8E3MrQgbwHLSBfsSOg jPckcsqDsKoOenslUQm7+9uljKlCy5mzkprMt8MQdEj5XAwba9yz/sX7TneE579g D+Nq7nWENvzhMzFzRCMBlbkrmEZ7iiCppNzpTWyi1LWfQMxaLyVgE9LQFy2oNXo+ /Gvtb60q35HDCYPG2BTyxu5CZrUzjSt+zRxcDiUNpDLHG0CgdNV71ec3eAyOZpwR kFL4F2Arsc8=AFTz -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Red Hat has published a crucial advisory regarding a significant net-snmp update aimed at rectifying vulnerabilities and bugs within RHEL 8.. Red Hat Enterprise, SNMP Update, Network Management, Linux Security, Security Fix. . Severity: Important. LinuxSecurity.com Team

Nov 24, 2020 •Important Red Hat

Banner 2 1028x280 1708121730 1 1771599631

security advisorydenial of servicegentoo

Gentoo: GLSA-201507-17 Normal: SNMP Denial Of Service Advisory

A vulnerability in SNMP could lead to Denial of Service condition.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201507-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: SNMP: Denial of Service Date: July 10, 2015 Bugs: #522062 ID: 201507-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability in SNMP could lead to Denial of Service condition. Background ========= SNMP is a widely used protocol for monitoring the health and welfare of network equipment. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-analyzer/net-snmp < 5.7.3_pre5-r1 > = 5.7.3_pre5-r1 Description ========== A specially crafted trap message trigger a conversion to erronuous variable type in SNMP's snmplib/mib.c when the -OQ option is used. Impact ===== A remote attacker could possibly cause a Denial of Service condition. Workaround ========= There is no known workaround at this time. Resolution ========= All SNMP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v "> =net-analyzer/net-snmp-5.7.3_pre5-r1" References ========= [ 1 ] CVE-2014-3565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3565 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201507-17 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Anysecurity concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . An exploit in the SNMP protocol on Gentoo poses a critical risk that necessitates swift measures to safeguard network applications.. SNMP Vulnerability,Gentoo Advisory,Denial of Service,Network Security. . LinuxSecurity.com Team

Jul 10, 2015 Gentoo

security advisorymoderatesoftware update

Ubuntu 10.04 LTS: USN-1051-1 Moderate: SNMP Remote Code Execution

Sebastian Krahmer discovered that HPLIP incorrectly handled certain long SNMP responses. A remote attacker could send malicious SNMP replies to certain HPLIP tools and cause them to crash or possibly execute arbitrary code. [More...]. ==========================================================Ubuntu Security Notice USN-1051-1 January 25, 2011 hplip vulnerability CVE-2010-4267 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 9.10 Ubuntu 10.04 LTS Ubuntu 10.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: hplip 2.8.2-0ubuntu8.2 Ubuntu 9.10: hplip 3.9.8-1ubuntu2.1 Ubuntu 10.04 LTS: hplip 3.10.2-2ubuntu2.2 Ubuntu 10.10: hplip 3.10.6-1ubuntu10.2 In general, a standard system update will make all the necessary changes. Details follow: Sebastian Krahmer discovered that HPLIP incorrectly handled certain long SNMP responses. A remote attacker could send malicious SNMP replies to certain HPLIP tools and cause them to crash or possibly execute arbitrary code. Updated packages for Ubuntu 8.04 LTS: Source archives: Size/MD5: 78384 a609e82f554318d5bbdfd27632aac0d7 Size/MD5: 1958 41b1bf5566d664b0621eb6463feac578 Size/MD5: 14195737 ea57b92483622d3eae359994c5fd3dc3 Architecture independent packages: Size/MD5: 1529562 06996ed3451b696d402e86743be75aa6 Size/MD5: 7019388 12bbd8af2557985100184fa97d376c9f Size/MD5: 4167650 fe60550b24dd91ffa89056539f26931e Size/MD5: 128466 e18fa06397d94412b4df566915273f2c amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 382342 3cce7d39faddf51df4f7aab06f253ffb Size/MD5: 811700 58acebac939cd452a2661cefe9572a08 Size/MD5: 321006 24139fdee705999ee79118463bbe4912 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 374298 8ed6b85295c473b8aa62f52d6d3c499b Size/MD5: 788212 2ad39471fdbbe28865e6da6c2da629ca Size/MD5: 308746 82813ba1cc72945a104761b0c3bd9998 lpia architecture (Low Power Intel Architecture): Size/MD5: 377158 c673232d8aab4de7683b04dcf3d9fdfd Size/MD5: 794602 cbe69bf6dc2f2b7d999b95d8dcbfa619 Size/MD5: 307760 9075374da700578984bdcb6ffc0f3573 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 388460 50aaf8b7160ae90485d4c4c0345e970e Size/MD5: 824864 fd0b586edf940365ddfd00cbb62a2ac0 Size/MD5: 337010 83552e1c1c18617aa5bad08a141009a8 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 371608 e71a3697c81d7aea3f7b0ad28e573863 Size/MD5: 755986 e60ec90f9bf59b28dfebda6889dd82ba Size/MD5: 307220 b7399af191ff0d7995f5ebfd16f37daf Updated packages for Ubuntu 9.10: Source archives: Size/MD5: 91802 5c588019ec33661ddeaa748c9b2a00d7 Size/MD5: 2521 ac59f7004536feb2d8d2d30f2c74e44e Size/MD5: 15715640 cb1cf49c5f062993b78fc2768f531ed8 Architecture independent packages: Size/MD5: 308362 cc2a84ae2a962c39320cb7c6ecb966e5 Size/MD5: 8847894 0d2bc70e80b9896a089ed328b5f7e636 Size/MD5: 659248 3bba6850bc4f6a53468ee380776a3cfb Size/MD5: 60024 767ac4464e439bacb8b075e5c77c3721 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 410944 13068f9f9d09476e974ef90f989d5ead Size/MD5: 1350342 406288ad253c9c2a9e3f4a80e0ebe1d9 Size/MD5: 313942 c75a8ca4def517f54a0b3bcd1f91ec01 Size/MD5: 395960 bfb7f99f3d05d6d9d756438a87489107 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 4150666dfeca1c4ff381f28cda6bc023347bb9 Size/MD5: 1327412 b4d6e6dd5e846bf64182403f6c0af0f0 Size/MD5: 298200 6686e1dba0ce130f62b769493f41e015 Size/MD5: 399946 31c1a395abc45e59b6707683827ea719 armel architecture (ARM Architecture): Size/MD5: 390594 d7f88ab1d6e0e08000944f431a719c82 Size/MD5: 1369470 1ac89cb0f52cc55749fff203ad0b2bef Size/MD5: 299628 a9fda3c32bd3778b78aa3a5f9181b6ee Size/MD5: 374604 ef90b9c3cd241ce65ccf377f69a98a24 lpia architecture (Low Power Intel Architecture): Size/MD5: 413858 0cb8b40752150a97cddb53373e259d23 Size/MD5: 1333274 82e6e04d844bd8569e3c65006ec6b59b Size/MD5: 296024 9d610c1cd5948e6c451666b0c53328aa Size/MD5: 398908 bb379ccaa34eb74fc5771c940e98840f powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 411194 9f05f8df56d099c3890be0fe305e6162 Size/MD5: 1392554 7246c000eb426ebc4c9851b77dc88b5a Size/MD5: 317090 18f89b1b5a2144f90a8f7f2ab9b487b2 Size/MD5: 396898 be5981683d535c875084b112a273e83a sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 420496 80494bc0d13fa71a2295c8e331821423 Size/MD5: 1293066 06a2e1e84093a9bea3ba0c4534c483f9 Size/MD5: 294994 09f051e3f45630d7bb27d58ac5ba22c6 Size/MD5: 405314 d0d263dd7a53e62704b9a8b8adadcbfc Updated packages for Ubuntu 10.04 LTS: Source archives: Size/MD5: 92048 ce04ffbba2b3d38965c34e579f410a3e Size/MD5: 2623 02586d2ea60d91d22fd10725013de412 Size/MD5: 21446275 4df6f16c47ae7edd015bf2cf5155f26f Architecture independent packages: Size/MD5: 319110 b32621c71252bddc1d128f9f9d3cf80c Size/MD5: 11581990 75b73069dfdde419f4d8d41f278ded4d Size/MD5: 663284 85fdcf290b347d72a9d06492cbfae996 Size/MD5: 72448 8049320cfaa3d465fe88815b5d28d4fb amd64 architecture (Athlon64, Opteron, EM64TXeon): Size/MD5: 422754 27844a9376c6d57cb642e82e6b622801 Size/MD5: 1074856 06b1b710b4cdcfab0f9157f0247b7368 Size/MD5: 208774 e28f433c92b71258275bd300c610d5d8 Size/MD5: 67568 84eff03909e52858839e3b9bcd5d1221 Size/MD5: 167854 556c39ca942317e8292e38b4ece0a497 Size/MD5: 346874 a8660f6cbe9193a1146e793c388c31a4 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 426656 b76137dcd1a2e74636eb01c088408fd9 Size/MD5: 1050456 00ab1d1d98dbed01feeaf68b326ee528 Size/MD5: 201098 fc8fad531a8d5a4781f6773b70821884 Size/MD5: 67576 ddc321416da9b53c81cc41f0481ca4e2 Size/MD5: 161024 70ab57ee8ee5d18f0269bfeaafe9ea77 Size/MD5: 344088 a5b9c8921f22490fb5ca0ac34419d669 armel architecture (ARM Architecture): Size/MD5: 397034 c644c93ba048ff5db2ec9c2fad597386 Size/MD5: 1095526 a5194879a69263c79cb7e7d1d829146c Size/MD5: 203168 be73c5fb66d3e91591c3208fb838c351 Size/MD5: 67602 0464471ad4bf630459917951c853a43b Size/MD5: 152798 85477bfcb710ea266fa016e349813a2c Size/MD5: 334456 76311c380a34e190d6243565c0dadd0c powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 423642 2ad35853123be5899ccf380adef90be1 Size/MD5: 1103052 833c037e5d671c06fb4aa8fd16efe58a Size/MD5: 208346 59c661580d1f280cdb37d46c720e0041 Size/MD5: 67568 8e439e3ab24f8f99b04e0bf0f745ad08 Size/MD5: 171406 63b9f6909d7710da0c02684533171306 Size/MD5: 351398 d08072b21c415029c0c9fece2e99a559 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 426956 5a11d144a81f4f04e23042a10fcf55b1 Size/MD5: 1024362 f57af883919b57aa08e4a8d931d6e36d Size/MD5: 206980 2b32e924a23ebfe95c9f3d5e37d3a040 Size/MD5: 67570 2d8dc858ef91650164c4f11b022b9a18 Size/MD5: 159470 c12e844df2812be6e7e9031ab768b42e Size/MD5: 345148 66e5c40733808f6dad404ef7d581eaac Updated packages for Ubuntu 10.10: Source archives: Size/MD5: 121735 6a8836ea9fddd3df7a0c478ed75c77cd Size/MD5: 2694 28ed063134511e40bc8264ba01cd81fc Size/MD5: 21577342 96c36e3baf35e93cf9436a772f0c9ef4 Architecture independent packages: Size/MD5: 7638586 9c09bb04c9839003905c6c43334afd67 Size/MD5: 666354 3996b0c30337721ceff3e79942fb2acf Size/MD5: 329198 c166c4bb6ff8d98758e36b7d16c96685 Size/MD5: 79850 9beec8d6e3a3986d78bd8c58cea42876 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 424252 1690cb7620c393640d220a7c85e460a8 Size/MD5: 352134 b4000431030a6e3a6ea1bf91872ce5b1 Size/MD5: 1081464 ec67d7ceee868ec98c1faefd0c06cfb3 Size/MD5: 147550 4b60e418cdedc960fb52b8c770dbe09f Size/MD5: 71352 79e3d130606e99b0c2b2fc7e49066698 Size/MD5: 172000 28e70c82a040e134ecb4f60c97a8e32d Size/MD5: 173720 ebbfd02ca32f19ebcb14f7d76470b48a i386 architecture (x86 compatible Intel/AMD): Size/MD5: 428856 d7f951f3fb469092fa633ca5ffc20d89 Size/MD5: 350120 77366147cd40e9497ba438ed6106fc92 Size/MD5: 1053862 e1d631ffe2c691bec033bc3674acb2a4 Size/MD5: 139212 605a354205af4b49723316bb146880fa Size/MD5: 70748 2d158fe3e49af8d799aef0c415e06c8f Size/MD5: 164998 443a150f07a8e2d7dc6c4cf1e525f5be Size/MD5: 171456 785a59bffa29b50c5233047cdad3daa9 armel architecture (ARM Architecture): Size/MD5: 410230 0d586e8e76874fb953c1bb7b6a3b2f52 Size/MD5: 348692 a1d73ddc506e1e25d0a42c832c1334fc Size/MD5: 1116662 4bde1faec07cc9264f4d27512114fee0 Size/MD5: 143356 5841ccd044a49e4deb1922d5a139282a Size/MD5: 71388 470c0912bd2127e36bd7c80833600b47 Size/MD5: 178984 64fc878fe24ece9a2a7c1da439e1e877 Size/MD5: 173220 2b7c5c5bf8bb1de8e76287084a362403 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 426502 9ef9035d736148c5a8d7dfea4b3d6cb1 Size/MD5: 358454 308d75f1febd5873f86befd339c96d89 Size/MD5: 1107470 089f296d9f9661f41a3d26a66e5f1fc2 Size/MD5: 143676 40a0eed290d55d5910eaa21fb10e526c Size/MD5: 70754 5a1bad1103abde68de5ea77aca1ef88a Size/MD5: 176056 a50a89bd15746ed26ac6148fb4c322ae Size/MD5: 174482 7d20da9e6dc1d1cecb6413d66b145b56 . Ubuntu Security Advisory USN-1052-2 highlights vulnerabilities in OpenSSL, urging users to promptly update their systems to mitigate potential threats.. HPLIP Vulnerability, SNMP Exploit, Ubuntu Security Update. . Severity: Important. LinuxSecurity.com Team

Jan 25, 2011 •Important Ubuntu

security advisorysecurity updateRed Hat

Red Hat Enterprise Linux 3: RHSA-2009-0295 Moderate: SNMP Access Issues

Updated net-snmp packages that fix a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: net-snmp security update Advisory ID: RHSA-2009:0295-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2009:0295.html Issue date: 2009-03-26 CVE Names: CVE-2008-6123 ==================================================================== 1. Summary: Updated net-snmp packages that fix a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Description: The Simple Network Management Protocol (SNMP) is a protocol used for network management. It was discovered that the snmpd daemon did not use TCP wrappers correctly, causing network hosts access restrictions defined in "/etc/hosts.allow" and "/etc/hosts.deny" to not be honored. A remote attacker could use this flaw to bypass intended access restrictions. (CVE-2008-6123) This issue only affected configurations where hosts.allow and hosts.deny were used to limit access to the SNMP server. To obtain information from the server, the attacker would have to successfully authenticate, usually by providing a correct community string. All net-snmp users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the snmpd and snmptrapd daemons will be restartedautomatically. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 485211 - CVE-2008-6123 net-snmp: incorrect application of hosts access restrictions in hosts.{allow,deny} 6. Package List: Red Hat Enterprise Linux AS version3: Source: i386: net-snmp-5.0.9-2.30E.27.i386.rpm net-snmp-debuginfo-5.0.9-2.30E.27.i386.rpm net-snmp-devel-5.0.9-2.30E.27.i386.rpm net-snmp-libs-5.0.9-2.30E.27.i386.rpm net-snmp-perl-5.0.9-2.30E.27.i386.rpm net-snmp-utils-5.0.9-2.30E.27.i386.rpm ia64: net-snmp-5.0.9-2.30E.27.ia64.rpm net-snmp-debuginfo-5.0.9-2.30E.27.i386.rpm net-snmp-debuginfo-5.0.9-2.30E.27.ia64.rpm net-snmp-devel-5.0.9-2.30E.27.ia64.rpm net-snmp-libs-5.0.9-2.30E.27.i386.rpm net-snmp-libs-5.0.9-2.30E.27.ia64.rpm net-snmp-perl-5.0.9-2.30E.27.ia64.rpm net-snmp-utils-5.0.9-2.30E.27.ia64.rpm ppc: net-snmp-5.0.9-2.30E.27.ppc.rpm net-snmp-debuginfo-5.0.9-2.30E.27.ppc.rpm net-snmp-debuginfo-5.0.9-2.30E.27.ppc64.rpm net-snmp-devel-5.0.9-2.30E.27.ppc.rpm net-snmp-libs-5.0.9-2.30E.27.ppc.rpm net-snmp-libs-5.0.9-2.30E.27.ppc64.rpm net-snmp-perl-5.0.9-2.30E.27.ppc.rpm net-snmp-utils-5.0.9-2.30E.27.ppc.rpm s390: net-snmp-5.0.9-2.30E.27.s390.rpm net-snmp-debuginfo-5.0.9-2.30E.27.s390.rpm net-snmp-devel-5.0.9-2.30E.27.s390.rpm net-snmp-libs-5.0.9-2.30E.27.s390.rpm net-snmp-perl-5.0.9-2.30E.27.s390.rpm net-snmp-utils-5.0.9-2.30E.27.s390.rpm s390x: net-snmp-5.0.9-2.30E.27.s390x.rpm net-snmp-debuginfo-5.0.9-2.30E.27.s390.rpm net-snmp-debuginfo-5.0.9-2.30E.27.s390x.rpm net-snmp-devel-5.0.9-2.30E.27.s390x.rpm net-snmp-libs-5.0.9-2.30E.27.s390.rpm net-snmp-libs-5.0.9-2.30E.27.s390x.rpm net-snmp-perl-5.0.9-2.30E.27.s390x.rpm net-snmp-utils-5.0.9-2.30E.27.s390x.rpm x86_64: net-snmp-5.0.9-2.30E.27.x86_64.rpm net-snmp-debuginfo-5.0.9-2.30E.27.i386.rpm net-snmp-debuginfo-5.0.9-2.30E.27.x86_64.rpm net-snmp-devel-5.0.9-2.30E.27.x86_64.rpm net-snmp-libs-5.0.9-2.30E.27.i386.rpm net-snmp-libs-5.0.9-2.30E.27.x86_64.rpm net-snmp-perl-5.0.9-2.30E.27.x86_64.rpm net-snmp-utils-5.0.9-2.30E.27.x86_64.rpm Red Hat Desktop version3: Source: i386: net-snmp-5.0.9-2.30E.27.i386.rpm net-snmp-debuginfo-5.0.9-2.30E.27.i386.rpm net-snmp-devel-5.0.9-2.30E.27.i386.rpm net-snmp-libs-5.0.9-2.30E.27.i386.rpm net-snmp-perl-5.0.9-2.30E.27.i386.rpm net-snmp-utils-5.0.9-2.30E.27.i386.rpm x86_64: net-snmp-5.0.9-2.30E.27.x86_64.rpm net-snmp-debuginfo-5.0.9-2.30E.27.i386.rpm net-snmp-debuginfo-5.0.9-2.30E.27.x86_64.rpm net-snmp-devel-5.0.9-2.30E.27.x86_64.rpm net-snmp-libs-5.0.9-2.30E.27.i386.rpm net-snmp-libs-5.0.9-2.30E.27.x86_64.rpm net-snmp-perl-5.0.9-2.30E.27.x86_64.rpm net-snmp-utils-5.0.9-2.30E.27.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: i386: net-snmp-5.0.9-2.30E.27.i386.rpm net-snmp-debuginfo-5.0.9-2.30E.27.i386.rpm net-snmp-devel-5.0.9-2.30E.27.i386.rpm net-snmp-libs-5.0.9-2.30E.27.i386.rpm net-snmp-perl-5.0.9-2.30E.27.i386.rpm net-snmp-utils-5.0.9-2.30E.27.i386.rpm ia64: net-snmp-5.0.9-2.30E.27.ia64.rpm net-snmp-debuginfo-5.0.9-2.30E.27.i386.rpm net-snmp-debuginfo-5.0.9-2.30E.27.ia64.rpm net-snmp-devel-5.0.9-2.30E.27.ia64.rpm net-snmp-libs-5.0.9-2.30E.27.i386.rpm net-snmp-libs-5.0.9-2.30E.27.ia64.rpm net-snmp-perl-5.0.9-2.30E.27.ia64.rpm net-snmp-utils-5.0.9-2.30E.27.ia64.rpm x86_64: net-snmp-5.0.9-2.30E.27.x86_64.rpm net-snmp-debuginfo-5.0.9-2.30E.27.i386.rpm net-snmp-debuginfo-5.0.9-2.30E.27.x86_64.rpm net-snmp-devel-5.0.9-2.30E.27.x86_64.rpm net-snmp-libs-5.0.9-2.30E.27.i386.rpm net-snmp-libs-5.0.9-2.30E.27.x86_64.rpm net-snmp-perl-5.0.9-2.30E.27.x86_64.rpm net-snmp-utils-5.0.9-2.30E.27.x86_64.rpm Red Hat Enterprise Linux WS version3: Source: i386: net-snmp-5.0.9-2.30E.27.i386.rpm net-snmp-debuginfo-5.0.9-2.30E.27.i386.rpm net-snmp-devel-5.0.9-2.30E.27.i386.rpm net-snmp-libs-5.0.9-2.30E.27.i386.rpm net-snmp-perl-5.0.9-2.30E.27.i386.rpm net-snmp-utils-5.0.9-2.30E.27.i386.rpm ia64: net-snmp-5.0.9-2.30E.27.ia64.rpm net-snmp-debuginfo-5.0.9-2.30E.27.i386.rpm net-snmp-debuginfo-5.0.9-2.30E.27.ia64.rpm net-snmp-devel-5.0.9-2.30E.27.ia64.rpm net-snmp-libs-5.0.9-2.30E.27.i386.rpm net-snmp-libs-5.0.9-2.30E.27.ia64.rpm net-snmp-perl-5.0.9-2.30E.27.ia64.rpm net-snmp-utils-5.0.9-2.30E.27.ia64.rpm x86_64: net-snmp-5.0.9-2.30E.27.x86_64.rpm net-snmp-debuginfo-5.0.9-2.30E.27.i386.rpm net-snmp-debuginfo-5.0.9-2.30E.27.x86_64.rpm net-snmp-devel-5.0.9-2.30E.27.x86_64.rpm net-snmp-libs-5.0.9-2.30E.27.i386.rpm net-snmp-libs-5.0.9-2.30E.27.x86_64.rpm net-snmp-perl-5.0.9-2.30E.27.x86_64.rpm net-snmp-utils-5.0.9-2.30E.27.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CVE-2008-6123 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJy6PZXlSAg2UNWIIRAkgFAJ4uz3aVNODn0YXeiidw45fuXTIM0ACgwRxG OR2Eog4rwvYiNkPXeaJ5Pxo=95oa -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Critical patch release for lib-ssh packages resolving vulnerability concerns on Ubuntu Server installations.. Red Hat Updates, Network Management Security, Net-SNMP Patches. . LinuxSecurity.com Team

Mar 26, 2009 Red Hat

security advisorydenial of servicefedora

Fedora Core 3: 2005-562 Critical: net-snmp Denial of Service

Fixes DoS bug (#162908).. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-562 2005-07-13 ---------------------------------------------------------------------Product : Fedora Core 3 Name : net-snmp Version : 5.2.1.2 Release : FC3.1 Summary : A collection of SNMP protocol tools and libraries. Description : SNMP (Simple Network Management Protocol) is a protocol used for network management. The NET-SNMP project includes various SNMP tools: an extensible agent, an SNMP library, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl mib browser. This package contains the snmpd and snmptrapd daemons, documentation, etc. You will probably also want to install the net-snmp-utils package, which contains NET-SNMP utilities. Building option: --without tcp_wrappers : disable tcp_wrappers support ---------------------------------------------------------------------* Wed Jul 13 2005 Radek Vokal - CAN-2005-2177 new upstream version fixing DoS (#162908) - CAN-2005-1740 net-snmp insecure temporary file usage (#158770) - session free fixed, agentx modules build fine (#157851) - report gigabit Ethernet speeds using Ethtool (#152480) ---------------------------------------------------------------------This update can be downloaded from: 4b721f407f7e3f8328b55c221934a1c3 SRPMS/net-snmp-5.2.1.2-FC3.1.src.rpm b5e93da4d42a9ed378ade7a4dca53303 x86_64/net-snmp-5.2.1.2-FC3.1.x86_64.rpm 5c9b2a222c5b73d8574bfa73fa7a43db x86_64/net-snmp-utils-5.2.1.2-FC3.1.x86_64.rpm 0742d799d460c662ead52bc00cb5c0c4 x86_64/net-snmp-devel-5.2.1.2-FC3.1.x86_64.rpm 9f4058884731fb796989c070cc8daf79 x86_64/net-snmp-perl-5.2.1.2-FC3.1.x86_64.rpm 16e4b9661cd1877a7fe4c407defcfb59 x86_64/net-snmp-libs-5.2.1.2-FC3.1.x86_64.rpm 3172c8d4cd09a5aacaf07fe67838b3e0 x86_64/debug/net-snmp-debuginfo-5.2.1.2-FC3.1.x86_64.rpm 7b9f7d1d829c812906550f4788315d55 x86_64/net-snmp-libs-5.2.1.2-FC3.1.i386.rpm 592d67733a8b4dcaa2cae2aff855674d i386/net-snmp-5.2.1.2-FC3.1.i386.rpm 437282b8f6bf797286b55ab96021b27e i386/net-snmp-utils-5.2.1.2-FC3.1.i386.rpm ad465047964e37127328c5c260562d8a i386/net-snmp-devel-5.2.1.2-FC3.1.i386.rpm 8da7b9da314591bcc6ebf0f139cb79c1 i386/net-snmp-perl-5.2.1.2-FC3.1.i386.rpm 7b9f7d1d829c812906550f4788315d55 i386/net-snmp-libs-5.2.1.2-FC3.1.i386.rpm bdf494c06278cdb8bd7a029694403ff5 i386/debug/net-snmp-debuginfo-5.2.1.2-FC3.1.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. -----------------------------------------------------------------------fedora-announce-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Enhancement for net-snmp in Fedora Core 3 addressing service disruption vulnerability, improving overall network monitoring efficiency.. Fedora Core 3, Network Management Update, net-snmp DoS. . Severity: Critical. LinuxSecurity.com Team

Jul 13, 2005 •Critical Fedora

security advisorydenial of servicegentoo

Gentoo: GLSA-200410-15 Normal: Squid SNMP Denial of Service

Squid contains a vulnerability in the SNMP module which may lead to a denial of service.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200410-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Squid: Remote DoS vulnerability Date: October 18, 2004 Bugs: #67167 ID: 200410-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Squid contains a vulnerability in the SNMP module which may lead to a denial of service. Background ========= Squid is a full-featured Web proxy cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other URLs, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-proxy/squid < 2.5.7 > = 2.5.7 Description ========== A parsing error exists in the SNMP module of Squid where a specially-crafted UDP packet can potentially cause the server to restart, closing all current connections. This vulnerability only exists in versions of Squid compiled with the 'snmp' USE flag. Impact ===== An attacker can repeatedly send these malicious UDP packets to the Squid server, leading to a denial of service. Workaround ========= Disable SNMP support or filter the port that has SNMP processing (default is 3401) to allow only SNMP data from trusted hosts. To disable SNMP support put the entry snmp_port 0 in the squid.conf configuration file. To allow only the local interface to processSNMP, add the entry "snmp_incoming_address 127.0.0.1" in the squid.conf configuration file. Resolution ========= All Squid users should upgrade to the latest version: # emerge sync # emerge -pv "> =www-proxy/squid-2.5.7" # emerge "> =www-proxy/squid-2.5.7" References ========= [ 1 ] iDEFENSE Advisory ;type=vulnerabilities&flashstatus=true Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200410-15 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2004 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/1.0/ . Explore GLSA 200410-15 related to Squid's vulnerabilities on Gentoo, examining the criticality of the issues and the available fixes.. Gentoo Security Advisory,Squid Denial of Service,Remote Attack,SNMP Vulnerability. . LinuxSecurity.com Team

Oct 18, 2004 Gentoo

Community Poll

More Polls

Stay Secure with the Latest Linux Advisories

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

SUSE: 2021:275-3 Critical: Kubernetes Node Security Update

Red Hat: RHSA-2020:5201-01 Important: Net-SNMP Privilege Management Issue

Gentoo: GLSA-201507-17 Normal: SNMP Denial Of Service Advisory

Ubuntu 10.04 LTS: USN-1051-1 Moderate: SNMP Remote Code Execution

Red Hat Enterprise Linux 3: RHSA-2009-0295 Moderate: SNMP Access Issues

Fedora Core 3: 2005-562 Critical: net-snmp Denial of Service

Gentoo: GLSA-200410-15 Normal: Squid SNMP Denial of Service

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Refine advisories

severity

Topics

Distro

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!