Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 3 articles for you...
89
security advisoryupdateFedoraFedora 41: 2025-ee55907675 critical: Thunderbird 128.10.2 update
Update to 128.10.2 https://www.thunderbird.net/en-US/thunderbird/128.10.2esr/releasenotes/ Update to 128.10.1 https://www.mozilla.org/en-US/security/advisories/mfsa2025-34/ https://www.thunderbird.net/en-US/thunderbird/128.10.1esr/releasenotes/. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-ee55907675 2025-05-24 01:46:25.887902+00:00 -------------------------------------------------------------------------------- Name : thunderbird Product : Fedora 41 Version : 128.10.2 Release : 1.fc41 URL : https://wiki.mozilla.org/Thunderbird:Home Summary : Mozilla Thunderbird mail/newsgroup client Description : Mozilla Thunderbird is a standalone mail and newsgroup client. -------------------------------------------------------------------------------- Update Information: Update to 128.10.2 https://www.thunderbird.net/en-US/thunderbird/128.10.2esr/releasenotes/ Update to 128.10.1 https://www.mozilla.org/en-US/security/advisories/mfsa2025-34/ https://www.thunderbird.net/en-US/thunderbird/128.10.1esr/releasenotes/ -------------------------------------------------------------------------------- ChangeLog: * Wed May 21 2025 Eike Rathke - 128.10.2-1 - Update to 128.10.2 * Mon May 19 2025 Eike Rathke - 128.10.1-1 - Update to 128.10.1 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-ee55907675' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
May 24, 2025
•Critical
Fedora
217
security advisoryupdateimportantOracle Linux 8 ELSA-2025-4459 Important: Node.js Security Update
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-4459 http://linux.oracle.com/errata/ELSA-2025-4459.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: nodejs-22.15.0-1.module+el8.10.0+90558+f3d29a46.x86_64.rpm nodejs-devel-22.15.0-1.module+el8.10.0+90558+f3d29a46.x86_64.rpm nodejs-docs-22.15.0-1.module+el8.10.0+90558+f3d29a46.noarch.rpm nodejs-full-i18n-22.15.0-1.module+el8.10.0+90558+f3d29a46.x86_64.rpm nodejs-libs-22.15.0-1.module+el8.10.0+90558+f3d29a46.x86_64.rpm nodejs-nodemon-3.0.1-1.module+el8.10.0+90558+f3d29a46.noarch.rpm nodejs-packaging-2021.06-4.module+el8.10.0+90558+f3d29a46.noarch.rpm nodejs-packaging-bundler-2021.06-4.module+el8.10.0+90558+f3d29a46.noarch.rpm npm-10.9.2-1.22.15.0.1.module+el8.10.0+90558+f3d29a46.x86_64.rpm v8-12.4-devel-12.4.254.21-1.22.15.0.1.module+el8.10.0+90558+f3d29a46.x86_64.rpm aarch64: nodejs-22.15.0-1.module+el8.10.0+90558+f3d29a46.aarch64.rpm nodejs-devel-22.15.0-1.module+el8.10.0+90558+f3d29a46.aarch64.rpm nodejs-docs-22.15.0-1.module+el8.10.0+90558+f3d29a46.noarch.rpm nodejs-full-i18n-22.15.0-1.module+el8.10.0+90558+f3d29a46.aarch64.rpm nodejs-libs-22.15.0-1.module+el8.10.0+90558+f3d29a46.aarch64.rpm nodejs-nodemon-3.0.1-1.module+el8.10.0+90558+f3d29a46.noarch.rpm nodejs-packaging-2021.06-4.module+el8.10.0+90558+f3d29a46.noarch.rpm nodejs-packaging-bundler-2021.06-4.module+el8.10.0+90558+f3d29a46.noarch.rpm npm-10.9.2-1.22.15.0.1.module+el8.10.0+90558+f3d29a46.aarch64.rpm v8-12.4-devel-12.4.254.21-1.22.15.0.1.module+el8.10.0+90558+f3d29a46.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//nodejs-22.15.0-1.module+el8.10.0+90558+f3d29a46.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//nodejs-nodemon-3.0.1-1.module+el8.10.0+90558+f3d29a46.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//nodejs-packaging-2021.06-4.module+el8.10.0+90558+f3d29a46.src.rpm RelatedCVEs: CVE-2025-3277 CVE-2025-31498 Description of changes: nodejs [1:22.15.0-1] - Update to 22.15.0 - Drop upstream patches [1:22.13.1-4] - Patch fix for sqlite CVE-2025-31498 Resolves: RHEL-87300 [1:22.13.1-3] - Update c-ares to newest version with fix for CVE-2025-31498 Resolves: RHEL-86581 _______________________________________________ El-errata mailing list
May 13, 2025
•Important
Oracle
217
security advisoryupdatefirefoxOracle7: ELSA-2025-2699: firefox security Important Security Advisory Updates
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-2699 http://linux.oracle.com/errata/ELSA-2025-2699.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: firefox-128.8.0-1.0.1.el7_9.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates//firefox-128.8.0-1.0.1.el7_9.src.rpm Related CVEs: CVE-2025-1930 CVE-2025-1931 CVE-2025-1932 CVE-2025-1933 CVE-2025-1934 CVE-2025-1935 CVE-2025-1936 CVE-2025-1937 CVE-2025-1938 Description of changes: [128.8.0-1.0.1] - Update to 128.8.0 build1 [Orabug: 37700882][CVE-2025-1930][CVE-2025-1931] [CVE-2025-1932][CVE-2025-1933][CVE-2025-1934][CVE-2025-1935][CVE-2025-1936] [CVE-2025-1937][CVE-2025-1938] _______________________________________________ El-errata mailing list
Mar 19, 2025
•Important
Oracle
202
security advisorymoderateunauthorized accessopenSUSE 15.6: 2025:0674-1 moderate: java-1_8_0-ibm unauthorized access
An update that solves two vulnerabilities and has one security fix can now be installed.. # Security update for java-1_8_0-ibm Announcement ID: SUSE-SU-2025:0674-1 Release Date: 2025-02-24T10:45:43Z Rating: moderate References: * bsc#1233296 * bsc#1236278 * bsc#1236470 Cross-References: * CVE-2024-10917 * CVE-2025-21502 CVSS scores: * CVE-2024-10917 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-10917 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-10917 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-10917 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2025-21502 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-21502 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-21502 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * Legacy Module 15-SP6 * openSUSE Leap 15.6 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This updatefor java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 40 (bsc#1236470): * CVE-2025-21502: unauthenticated attacker can obtain unauthorized read and write access to data through the Hotspot component API (bsc#1236278). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-674=1 * Legacy Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2025-674=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-674=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-674=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-674=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-674=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-674=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-674=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-674=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-674=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-674=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-674=1 ## Package List: * openSUSE Leap 15.6 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.40-150000.3.98.1 * openSUSE Leap 15.6 (x86_64) *java-1_8_0-ibm-devel-32bit-1.8.0_sr8.40-150000.3.98.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.40-150000.3.98.1 * java-1_8_0-ibm-32bit-1.8.0_sr8.40-150000.3.98.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.40-150000.3.98.1 * openSUSE Leap 15.6 (ppc64le s390x x86_64) * java-1_8_0-ibm-src-1.8.0_sr8.40-150000.3.98.1 * java-1_8_0-ibm-demo-1.8.0_sr8.40-150000.3.98.1 * java-1_8_0-ibm-devel-1.8.0_sr8.40-150000.3.98.1 * Legacy Module 15-SP6 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.40-150000.3.98.1 * Legacy Module 15-SP6 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.40-150000.3.98.1 * Legacy Module 15-SP6 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.40-150000.3.98.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.40-150000.3.98.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.40-150000.3.98.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.40-150000.3.98.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.40-150000.3.98.1 * java-1_8_0-ibm-devel-1.8.0_sr8.40-150000.3.98.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.40-150000.3.98.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.40-150000.3.98.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.40-150000.3.98.1 * java-1_8_0-ibm-devel-1.8.0_sr8.40-150000.3.98.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.40-150000.3.98.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.40-150000.3.98.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.40-150000.3.98.1 * java-1_8_0-ibm-devel-1.8.0_sr8.40-150000.3.98.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.40-150000.3.98.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (ppc64le s390xx86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.40-150000.3.98.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.40-150000.3.98.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.40-150000.3.98.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.40-150000.3.98.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.40-150000.3.98.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.40-150000.3.98.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.40-150000.3.98.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.40-150000.3.98.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.40-150000.3.98.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.40-150000.3.98.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.40-150000.3.98.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc ppc64le x86_64) * java-1_8_0-ibm-1.8.0_sr8.40-150000.3.98.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.40-150000.3.98.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.40-150000.3.98.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.40-150000.3.98.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (nosrc ppc64le x86_64) * java-1_8_0-ibm-1.8.0_sr8.40-150000.3.98.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.40-150000.3.98.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.40-150000.3.98.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.40-150000.3.98.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (nosrc ppc64le x86_64) *java-1_8_0-ibm-1.8.0_sr8.40-150000.3.98.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.40-150000.3.98.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.40-150000.3.98.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.40-150000.3.98.1 * SUSE Enterprise Storage 7.1 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.40-150000.3.98.1 * SUSE Enterprise Storage 7.1 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.40-150000.3.98.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.40-150000.3.98.1 * java-1_8_0-ibm-devel-1.8.0_sr8.40-150000.3.98.1 ## References: * https://www.suse.com/security/cve/CVE-2024-10917.html * https://www.suse.com/security/cve/CVE-2025-21502.html * https://bugzilla.suse.com/show_bug.cgi?id=1233296 * https://bugzilla.suse.com/show_bug.cgi?id=1236278 * https://bugzilla.suse.com/show_bug.cgi?id=1236470 . An enhancement patch for python-3_10_0-cp addresses three vulnerabilities with detailed guidelines. Launch Date: 2025-05-18.. Java Security Update, SUSE Security Advisory, IBM Java Fix. . LinuxSecurity.com Team
Feb 24, 2025
OpenSUSE
217
security advisorysecurity issuepackage updateOracle Linux 9 ELSA-2025-1443 critical: Nodejs multiple issues
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-1443 http://linux.oracle.com/errata/ELSA-2025-1443.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: nodejs-20.18.2-1.module+el9.5.0+90512+230358da.x86_64.rpm nodejs-devel-20.18.2-1.module+el9.5.0+90512+230358da.x86_64.rpm nodejs-docs-20.18.2-1.module+el9.5.0+90512+230358da.noarch.rpm nodejs-full-i18n-20.18.2-1.module+el9.5.0+90512+230358da.x86_64.rpm nodejs-nodemon-3.0.1-1.module+el9.3.0+90066+12d4a8d7.noarch.rpm nodejs-packaging-2021.06-4.module+el9.3.0+90066+12d4a8d7.noarch.rpm nodejs-packaging-bundler-2021.06-4.module+el9.3.0+90066+12d4a8d7.noarch.rpm npm-10.8.2-1.20.18.2.1.module+el9.5.0+90512+230358da.x86_64.rpm aarch64: nodejs-20.18.2-1.module+el9.5.0+90512+230358da.aarch64.rpm nodejs-devel-20.18.2-1.module+el9.5.0+90512+230358da.aarch64.rpm nodejs-docs-20.18.2-1.module+el9.5.0+90512+230358da.noarch.rpm nodejs-full-i18n-20.18.2-1.module+el9.5.0+90512+230358da.aarch64.rpm nodejs-nodemon-3.0.1-1.module+el9.3.0+90066+12d4a8d7.noarch.rpm nodejs-packaging-2021.06-4.module+el9.3.0+90066+12d4a8d7.noarch.rpm nodejs-packaging-bundler-2021.06-4.module+el9.3.0+90066+12d4a8d7.noarch.rpm npm-10.8.2-1.20.18.2.1.module+el9.5.0+90512+230358da.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates//nodejs-20.18.2-1.module+el9.5.0+90512+230358da.src.rpm http://oss.oracle.com/ol9/SRPMS-updates//nodejs-nodemon-3.0.1-1.module+el9.3.0+90066+12d4a8d7.src.rpm http://oss.oracle.com/ol9/SRPMS-updates//nodejs-packaging-2021.06-4.module+el9.3.0+90066+12d4a8d7.src.rpm Related CVEs: CVE-2025-22150 CVE-2025-23083 CVE-2025-23085 Description of changes: nodejs [1:20.18.2] - Update to version 20.18.2 Fixes: CVE-2025-23083 CVE-2025-23085 CVE-2025-22150 Resolves: RHEL-76363 RHEL-76554 RHEL-76540 [1:20.18.1-1] - Update to version20.18.1 nodejs-nodemon nodejs-packaging _______________________________________________ El-errata mailing list
Feb 17, 2025
•Critical
Oracle
100
security advisorymoderate severitysoftware advisoryopenSUSE 15.6: 2025:0279-1 moderate: java-21-openjdk array handling issue
* bsc#1236278 Cross-References: * CVE-2025-21502 . # Security update for java-21-openjdk Announcement ID: SUSE-SU-2025:0279-1 Release Date: 2025-01-28T23:47:05Z Rating: moderate References: * bsc#1236278 Cross-References: * CVE-2025-21502 CVSS scores: * CVE-2025-21502 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-21502 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-21502 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for java-21-openjdk fixes the following issues: Upgrade to upstream tag jdk-21.0.6+7 (January 2025 CPU) Security fixes: * CVE-2025-21502: Enhance array handling (JDK-8330045, bsc#1236278) Other changes: * JDK-6942632: Hotspot should be able to use more than 64 logical processors on Windows * JDK-8028127: Regtest java/security/Security/SynchronizedAccess.java is incorrect * JDK-8195675: Call to insertText with single character from custom Input Method ignored * JDK-8207908: JMXStatusTest.java fails assertion intermittently * JDK-8225220: When the Tab Policy is checked,the scroll button direction displayed incorrectly. * JDK-8240343: JDI stopListening/stoplis001 "FAILED: listening is successfully stopped without starting listening" * JDK-8283214: [macos] Screen magnifier does not show the magnified text for JComboBox * JDK-8296787: Unify debug printing format of X.509 cert serial numbers * JDK-8296972: [macos13] java/awt/Frame/MaximizedToIconified/MaximizedToIconified.java: getExtendedState() != 6 as expected. * JDK-8306446: java/lang/management/ThreadMXBean/Locks.javatransient failures * JDK-8308429: jvmti/StopThread/stopthrd007 failed with "NoClassDefFoundError: Could not initialize class jdk.internal.misc.VirtualThreads" * JDK-8309218: java/util/concurrent/locks/Lock/OOMEInAQS.java still times out with ZGC, Generational ZGC, and SerialGC * JDK-8311301: MethodExitTest may fail with stack buffer overrun * JDK-8311656: Shenandoah: Unused ShenandoahSATBAndRemarkThreadsClosure::_claim_token * JDK-8312518: [macos13] setFullScreenWindow() shows black screen on macOS 13 & above * JDK-8313374: --enable-ccache's CCACHE_BASEDIR breaks builds * JDK-8313878: Exclude two compiler/rtm/locking tests on ppc64le * JDK-8315701: [macos] Regression: KeyEvent has different keycode on different keyboard layouts * JDK-8316428: G1: Nmethod count statistics only count last code root set iterated * JDK-8316893: Compile without -fno-delete-null-pointer-checks * JDK-8316895: SeenThread::print_action_queue called on a null pointer * JDK-8316907: Fix nonnull-compare warnings * JDK-8317116: Provide layouts for multiple test UI in PassFailJFrame * JDK-8317575: AArch64: C2_MacroAssembler::fast_lock uses rscratch1 for cmpxchg result * JDK-8318105: [jmh] the test java.security.HSS failed with 2 active threads * JDK-8318442: java/net/httpclient/ManyRequests2.java fails intermittently on Linux * JDK-8319640: ClassicFormat::parseObject (from DateTimeFormatter) does not conform to the javadoc and may leak DateTimeException * JDK-8319673: Few security tests ignore VM flags * JDK-8319678: Several tests from corelibs areas ignore VM flags * JDK-8319960: RISC-V: compiler/intrinsics/TestInteger/LongUnsignedDivMod.java failed with "counts: Graph contains wrong number of nodes" * JDK-8319970: AArch64: enable tests compiler/intrinsics/Test(Long|Integer)UnsignedDivMod.java on aarch64 * JDK-8319973: AArch64: Save and restore FPCR in the call stub * JDK-8320192: SHAKE256 does not work correctly if n > = 137 * JDK-8320397: RISC-V:Avoid passing t0 as temp register to MacroAssembler:: cmpxchg_obj_header/cmpxchgptr * JDK-8320575: generic type information lost on mandated parameters of record's compact constructors * JDK-8320586: update manual test/jdk/TEST.groups * JDK-8320665: update jdk_core at open/test/jdk/TEST.groups * JDK-8320673: PageFormat/CustomPaper.java has no Pass/Fail buttons; multiple instructions * JDK-8320682: [AArch64] C1 compilation fails with "Field too big for insn" * JDK-8320892: AArch64: Restore FPU control state after JNI * JDK-8321299: runtime/logging/ClassLoadUnloadTest.java doesn't reliably trigger class unloading * JDK-8321470: ThreadLocal.nextHashCode can be static final * JDK-8321474: TestAutoCreateSharedArchiveUpgrade.java should be updated with JDK 21 * JDK-8321543: Update NSS to version 3.96 * JDK-8321550: Update several runtime/cds tests to use vm flags or mark as flagless * JDK-8321616: Retire binary test vectors in test/jdk/java/util/zip/ZipFile * JDK-8321940: Improve CDSHeapVerifier in handling of interned strings * JDK-8322166: Files.isReadable/isWritable/isExecutable expensive when file does not exist * JDK-8322754: click JComboBox when dialog about to close causes IllegalComponentStateException * JDK-8322809: SystemModulesMap::classNames and moduleNames arrays do not match the order * JDK-8322830: Add test case for ZipFile opening a ZIP with no entries * JDK-8323562: SaslInputStream.read() may return wrong value * JDK-8323688: C2: Fix UB of jlong overflow in PhaseIdealLoop::is_counted_loop() * JDK-8324841: PKCS11 tests still skip execution * JDK-8324861: Exceptions::wrap_dynamic_exception() doesn't have ResourceMark * JDK-8325038: runtime/cds/appcds/ProhibitedPackage.java can fail with UseLargePages * JDK-8325399: Add tests for virtual threads doing Selector operations * JDK-8325506: Ensure randomness is only read from provided SecureRandom object * JDK-8325525: Create jtreg test case for JDK-8325203 *JDK-8325610: CTW: Add StressIncrementalInlining to stress options * JDK-8325762: Use PassFailJFrame.Builder.splitUI() in PrintLatinCJKTest.java * JDK-8325851: Hide PassFailJFrame.Builder constructor * JDK-8325906: Problemlist vmTestbase/vm/mlvm/meth/stress/compiler/deoptimize/Test.java#id1 until JDK-8320865 is fixed * JDK-8326100: DeflaterDictionaryTests should use Deflater.getBytesWritten instead of Deflater.getTotalOut * JDK-8326121: vmTestbase/gc/g1/unloading/tests/unloading_keepRef_rootClass_inMemoryCompilation_keep_cl failed with Full gc happened. Test was useless. * JDK-8326611: Clean up vmTestbase/nsk/stress/stack tests * JDK-8326898: NSK tests should listen on loopback addresses only * JDK-8327924: Simplify TrayIconScalingTest.java * JDK-8328021: Convert applet test java/awt/List/SetFontTest/SetFontTest.html to main program * JDK-8328242: Add a log area to the PassFailJFrame * JDK-8328303: 3 JDI tests timed out with UT enabled * JDK-8328379: Convert URLDragTest.html applet test to main * JDK-8328402: Implement pausing functionality for the PassFailJFrame * JDK-8328619: sun/management/jmxremote/bootstrap/SSLConfigFilePermissionTest.java failed with BindException: Address already in use * JDK-8328665: serviceability/jvmti/vthread/PopFrameTest failed with a timeout * JDK-8328723: IP Address error when client enables HTTPS endpoint check on server socket * JDK-8329353: ResolvedReferencesNotNullTest.java failed with Incorrect resolved references array, quxString should not be archived * JDK-8329533: TestCDSVMCrash fails on libgraal * JDK-8330278: Have SSLSocketTemplate.doClientSide use loopback address * JDK-8330621: Make 5 compiler tests use ProcessTools.executeProcess * JDK-8331391: Enhance the keytool code by invoking the buildTrustedCerts method for essential options * JDK-8331393: AArch64: u32 _partial_subtype_ctr loaded/stored as 64 * JDK-8331864: Update Public Suffix List to 1cbd6e7 * JDK-8332112: Updatensk.share.Log to don't print summary during VM shutdown hook * JDK-8332340: Add JavacBench as a test case for CDS * JDK-8332461: ubsan : dependencies.cpp:906:3: runtime error: load of value 4294967295, which is not a valid value for type 'DepType' * JDK-8332724: x86 MacroAssembler may over-align code * JDK-8332777: Update JCStress test suite * JDK-8332866: Crash in ImageIO JPEG decoding when MEM_STATS in enabled * JDK-8332901: Select{Current,New}ItemTest.java for Choice don't open popup on macOS * JDK-8333098: ubsan: bytecodeInfo.cpp:318:59: runtime error: division by zero * JDK-8333108: Update vmTestbase/nsk/share/DebugeeProcess.java to don't use finalization * JDK-8333144: docker tests do not work when ubsan is configured * JDK-8333235: vmTestbase/nsk/jdb/kill/kill001/kill001.java fails with C1 * JDK-8333248: VectorGatherMaskFoldingTest.java failed when maximum vector bits is 64 * JDK-8333317: Test sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java failed with: Invalid ECDH ServerKeyExchange signature * JDK-8333427: langtools/tools/javac/newlines/NewLineTest.java is failing on Japanese Windows * JDK-8333728: ubsan: shenandoahFreeSet.cpp:1347:24: runtime error: division by zero * JDK-8333754: Add a Test against ECDSA and ECDH NIST Test vector * JDK-8333824: Unused ClassValue in VarHandles * JDK-8334057: JLinkReproducibleTest.java support receive test.tool.vm.opts * JDK-8334405: java/nio/channels/Selector/SelectWithConsumer.java#id0 failed in testWakeupDuringSelect * JDK-8334475: UnsafeIntrinsicsTest.java#ZGenerationalDebug assert(!assert_on_failure) failed: Has low-order bits set * JDK-8334560: [PPC64]: postalloc_expand_java_dynamic_call_sched does not copy all fields * JDK-8334562: Automate com/sun/security/auth/callback/TextCallbackHandler/Default.java test * JDK-8334567: [test] runtime/os/TestTracePageSizes move ppc handling * JDK-8334719: (se) Deferred close of SelectableChannel may result in a Selector doingthe final close before concurrent I/O on channel has completed * JDK-8335142: compiler/c1/TestTraceLinearScanLevel.java occasionally times out with -Xcomp * JDK-8335172: Add manual steps to run security/auth/callback/TextCallbackHandler/Password.java test * JDK-8335267: [XWayland] move screencast tokens from .awt to .java folder * JDK-8335344: test/jdk/sun/security/tools/keytool/NssTest.java fails to compile * JDK-8335428: Enhanced Building of Processes * JDK-8335449: runtime/cds/DeterministicDump.java fails with File content different at byte ... * JDK-8335530: Java file extension missing in AuthenticatorTest * JDK-8335664: Parsing jsr broken: assert(bci> = 0 && bci < c-> method()-> code_size()) failed: index out of bounds * JDK-8335709: C2: assert(!loop-> is_member(get_loop(useblock))) failed: must be outside loop * JDK-8335912, JDK-8337499: Add an operation mode to the jar command when extracting to not overwriting existing files * JDK-8336240: Test com/sun/crypto/provider/Cipher/DES/PerformanceTest.java fails with java.lang.ArithmeticException * JDK-8336257: Additional tests in jmxremote/startstop to match on PID not app name * JDK-8336315: tools/jpackage/windows/WinChildProcessTest.java Failed: Check is calculator process is alive * JDK-8336413: gtk headers : Fix typedef redeclaration of GMainContext and GdkPixbuf * JDK-8336564: Enhance mask blit functionality redux * JDK-8336640: Shenandoah: Parallel worker use in parallel_heap_region_iterate * JDK-8336854: CAInterop.java#actalisauthenticationrootca conflicted with /manual and /timeout * JDK-8336911: ZGC: Division by zero in heuristics after JDK-8332717 * JDK-8337066: Repeated call of StringBuffer.reverse with double byte string returns wrong result * JDK-8337067: Test runtime/classFileParserBug/Bad_NCDFE_Msg.java won't compile * JDK-8337320: Update ProblemList.txt with tests known to fail on XWayland * JDK-8337331: crash: pinned virtual thread will leadto jvm crash when running with the javaagent option * JDK-8337410: The makefiles should set problemlist and adjust timeout basing on the given VM flags * JDK-8337780: RISC-V: C2: Change C calling convention for sp to NS * JDK-8337810: ProblemList BasicDirectoryModel/LoaderThreadCount.java on Windows * JDK-8337826: Improve logging in OCSPTimeout and SimpleOCSPResponder to help diagnose JDK-8309754 * JDK-8337851: Some tests have name which confuse jtreg * JDK-8337876: [IR Framework] Add support for IR tests with @Stable * JDK-8337966: (fs) Files.readAttributes fails with Operation not permitted on older docker releases * JDK-8338058: map_or_reserve_memory_aligned Windows enhance remap assertion * JDK-8338101: remove old remap assertion in map_or_reserve_memory_aligned after JDK-8338058 * JDK-8338109: java/awt/Mouse/EnterExitEvents/ResizingFrameTest.java duplicate in ProblemList * JDK-8338110: Exclude Fingerprinter::do_type from ubsan checks * JDK-8338112: Test testlibrary_tests/ir_framework/tests/TestPrivilegedMode.java fails with release build * JDK-8338344: Test TestPrivilegedMode.java intermittent fails java.lang.NoClassDefFoundError: jdk/test/lib/Platform * JDK-8338380: Update TLSCommon/interop/AbstractServer to specify an interface to listen for connections * JDK-8338389: [JFR] Long strings should be added to the string pool * JDK-8338402: GHA: some of bundles may not get removed * JDK-8338449: ubsan: division by zero in sharedRuntimeTrans.cpp * JDK-8338550: Do libubsan1 installation in test container only if requested * JDK-8338748: [17u,21u] Test Disconnect.java compile error: cannot find symbol after JDK-8299813 * JDK-8338751: ConfigureNotify behavior has changed in KWin 6.2 * JDK-8338759: Add extra diagnostic to java/net/InetAddress/ptr/Lookup.java * JDK-8338924: C1: assert(0
Jan 29, 2025
SuSE
199
security advisorykernel updatemoderate severityCentOS 7: CESA-2022-5937 Moderate: Kernel Security Update
Upstream details at : https://access.redhat.com/errata/RHSA-2022:5937. CentOS Errata and Security Advisory 2022:5937 Moderate Upstream details at : https://access.redhat.com/errata/RHSA-2022:5937 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 7284d6fec357299a1772944305ca58f5d48637a3031733bcdd30849ec50f7a98 bpftool-3.10.0-1160.76.1.el7.x86_64.rpm 2a53fc6879935314c27af738cec3350d3ceb42d0ac3d7163f52ab94febb50dea kernel-3.10.0-1160.76.1.el7.x86_64.rpm 572ff1fa3f621ad26e4183404533f0d373eee24c0a12955ab2ab39ca102d691e kernel-abi-whitelists-3.10.0-1160.76.1.el7.noarch.rpm a895efeb08422b537678146fb9329ca6a9b3238f9291a15d091a5a70273cfab3 kernel-debug-3.10.0-1160.76.1.el7.x86_64.rpm a219dbccfdca9ac57c9b9064dffadc0044870709a425252ba874f86cfa15084c kernel-debug-devel-3.10.0-1160.76.1.el7.x86_64.rpm d41b5d8b6192712bf36a8ca2a106db94ce0b4451ac3b212fd91ab7cb0ed75e82 kernel-devel-3.10.0-1160.76.1.el7.x86_64.rpm 0b31fcea001c43db8cd9d635933b11a63756f99e56b454bbfd3b201a1ec4a077 kernel-doc-3.10.0-1160.76.1.el7.noarch.rpm 843def5f9cabf23dde3a6c7cc1d52f68406f3af88c42d2d84dfe7a35cca79197 kernel-headers-3.10.0-1160.76.1.el7.x86_64.rpm 57519dda2c881614316fc810027c0c66b31bab6e5e16dcd0d91cf84b6d63fc3a kernel-tools-3.10.0-1160.76.1.el7.x86_64.rpm c5f291e7ee7a541358f9f6a3957b58ba61670f95010f0fbfb4d6b94d30857d5c kernel-tools-libs-3.10.0-1160.76.1.el7.x86_64.rpm 3c1b09a234b987d0d6b7eeda50bfd65fdd56ba1cd18a3d7bfaf6c502e6a18295 kernel-tools-libs-devel-3.10.0-1160.76.1.el7.x86_64.rpm 1a13b258a98c48877d221312e7236468718d76e2db7278d2da0271a016036278 perf-3.10.0-1160.76.1.el7.x86_64.rpm 10c12fcdffb2b2b7e1abf077db33b288fdffac49a4e0acff89864f7742b7dd65 python-perf-3.10.0-1160.76.1.el7.x86_64.rpm Source: 95e78f5edbe47807975067e75d81465681a05595cc5ee26cedae1a370e6c106e kernel-3.10.0-1160.76.1.el7.src.rpm -- Johnny Hughes CentOS Project { https://www.centos.org/ } irc: hughesjr, #
Aug 15, 2022
•Important
CentOS
217
security advisorysecurity fixfirefoxOracle Linux 8 ELSA-2022-1287: Important Firefox Security Update
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2022-1287 https://linux.oracle.com/errata/ELSA-2022-1287.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: firefox-91.8.0-1.0.1.el8_5.x86_64.rpm aarch64: firefox-91.8.0-1.0.1.el8_5.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol8/SRPMS-updates/firefox-91.8.0-1.0.1.el8_5.src.rpm Related CVEs: CVE-2022-1097 CVE-2022-1196 CVE-2022-24713 CVE-2022-28281 CVE-2022-28282 CVE-2022-28285 CVE-2022-28286 CVE-2022-28289 Description of changes: [91.8.0-1.0.1] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [91.8.0-1] - Update to 91.8.0 _______________________________________________ El-errata mailing list
Apr 11, 2022
•Important
Oracle
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!