Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 2 articles for you...
89
security advisoryFedoraupdate informationFedora 42 Update: rust-zerovec Enhancements and Bugfixes
Update uv to 0.6.14, with various bugfixes and new features. Update rust-idna to 1.0.3 (fixing RUSTSEC-2024-0421), rust-url to 2.5.4, rust- adblock to 0.9.6, and rust-cookie_store to 0.21.1; adjust some reverse dependencies of rust-idna. Initial packages for many dependencies. Update rust-ron to 0.9.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-04847cb65d 2025-04-20 04:20:54.268638+00:00 -------------------------------------------------------------------------------- Name : rust-zerovec Product : Fedora 42 Version : 0.10.4 Release : 4.fc42 URL : https://crates.io/crates/zerovec Summary : Zero-copy vector backed by a byte array Description : Zero-copy vector backed by a byte array. -------------------------------------------------------------------------------- Update Information: Update uv to 0.6.14, with various bugfixes and new features. Update rust-idna to 1.0.3 (fixing RUSTSEC-2024-0421), rust-url to 2.5.4, rust- adblock to 0.9.6, and rust-cookie_store to 0.21.1; adjust some reverse dependencies of rust-idna. Initial packages for many dependencies. Update rust-ron to 0.9. Update rust-zip to 2.6.1, fixing GHSA-94vh-gphv-8pm8. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 8 2025 Benjamin A. Beasley - 0.10.4-4 - Stop packaging the bench feature, only relevant for CI -------------------------------------------------------------------------------- References: [ 1 ] Bug #2277901 - rust-adblock-0.9.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=2277901 [ 2 ] Bug #2291175 - rust-idna-1.0.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2291175 [ 3 ] Bug #2323618 - rust-url-2.5.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2323618 [ 4 ] Bug #2324926 - rust-cookie_store-0.21.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2324926 [ 5 ] Bug #2352783 - rust-zip-2.6.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2352783 [ 6 ] Bug #2358015 - Review Request: rust-write16 - UTF-16 analog of the Write trait https://bugzilla.redhat.com/show_bug.cgi?id=2358015 [ 7 ] Bug #2358018 - Review Request: rust-utf16_iter - Iterator by char over potentially-invalid UTF-16 in &[u16] https://bugzilla.redhat.com/show_bug.cgi?id=2358018 [ 8 ] Bug #2358020 - Review Request: rust-icu_locid - API for managing Unicode Language and Locale Identifiers https://bugzilla.redhat.com/show_bug.cgi?id=2358020 [ 9 ] Bug #2358105 - Review Request: rust-icu_provider_macros - Proc macros for ICU data providers https://bugzilla.redhat.com/show_bug.cgi?id=2358105 [ 10 ] Bug #2358290 - Review Request: rust-icu_provider - Trait and struct definitions for the ICU data provider https://bugzilla.redhat.com/show_bug.cgi?id=2358290 [ 11 ] Bug #2358292 - Review Request: rust-icu_locid_transform_data - Data for the icu_locid_transform crate https://bugzilla.redhat.com/show_bug.cgi?id=2358292 [ 12 ] Bug #2358507 - Review Request: rust-icu_locid_transform - API for Unicode Language and Locale Identifiers canonicalization https://bugzilla.redhat.com/show_bug.cgi?id=2358507 [ 13 ] Bug #2358521 - Review Request: rust-icu_properties_data - Data for the icu_properties crate https://bugzilla.redhat.com/show_bug.cgi?id=2358521 [ 14 ] Bug #2358522 - Review Request: rust-icu_normalizer_data - Data for the icu_normalizer crate https://bugzilla.redhat.com/show_bug.cgi?id=2358522 [ 15 ] Bug #2358527 - Review Request: rust-icu_properties - Definitions for Unicode properties https://bugzilla.redhat.com/show_bug.cgi?id=2358527 [ 16 ] Bug #2358606 - Review Request: rust-icu_normalizer - API for normalizing text into Unicode Normalization Forms https://bugzilla.redhat.com/show_bug.cgi?id=2358606 [17 ] Bug #2358642 - Review Request: rust-idna_adapter - Back end adapter for idna https://bugzilla.redhat.com/show_bug.cgi?id=2358642 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-04847cb65d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Apr 20, 2025
•Low
Fedora
98
security advisorysecurity updateRed HatRed Hat OpenShift 4.11: RHSA-2023:3914-01 Important Security Update
Red Hat OpenShift Container Platform release 4.11.44 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat OpenShift Enterprise security update Advisory ID: RHSA-2023:3914-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2023:3914 Issue date: 2023-07-06 CVE Names: CVE-2022-23772 CVE-2022-24675 CVE-2022-28327 CVE-2022-30629 CVE-2022-41717 CVE-2023-3089 CVE-2023-24540 ==================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.11.44 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Container Platform 4.11 - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.44. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHSA-2023:3915 Security Fix(es): * openshift: OCP & FIPS mode (CVE-2023-3089) * golang: html/template: improper handling ofJavaScript whitespace (CVE-2023-24540) * golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772) * golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675) * golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327) * golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717) * golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. All OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.11/html/updating_clusters/updating-cluster-cli 4. Solution: For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.11/html/release_notes/ocp-4-11-release-notes 5. Bugs fixed (https://bugzilla.redhat.com/): 2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString 2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode 2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests 2196027 - CVE-2023-24540 golang: html/template: improper handling ofJavaScript whitespace 2212085 - CVE-2023-3089 openshift: OCP & FIPS mode 6. Package List: Red Hat OpenShift Container Platform4.11: Source: buildah-1.23.4-3.rhaos4.11.el8.src.rpm conmon-2.1.2-3.rhaos4.11.el8.src.rpm containernetworking-plugins-1.0.1-6.rhaos4.11.el8.src.rpm cri-o-1.24.6-2.rhaos4.11.git4bfe15a.el8.src.rpm openshift-4.11.0-202306260054.p0.g990d55b.assembly.stream.el8.src.rpm openshift-ansible-4.11.0-202306230041.p0.g0a466d7.assembly.stream.el8.src.rpm openshift-clients-4.11.0-202306231116.p0.g2ae2303.assembly.stream.el8.src.rpm openshift-kuryr-4.11.0-202306280915.p0.gc732699.assembly.stream.el8.src.rpm podman-4.0.2-7.rhaos4.11.el8.src.rpm runc-1.1.2-2.rhaos4.11.el8.src.rpm skopeo-1.5.2-4.rhaos4.11.el8.src.rpm aarch64: buildah-1.23.4-3.rhaos4.11.el8.aarch64.rpm buildah-debuginfo-1.23.4-3.rhaos4.11.el8.aarch64.rpm buildah-debugsource-1.23.4-3.rhaos4.11.el8.aarch64.rpm buildah-tests-1.23.4-3.rhaos4.11.el8.aarch64.rpm buildah-tests-debuginfo-1.23.4-3.rhaos4.11.el8.aarch64.rpm conmon-2.1.2-3.rhaos4.11.el8.aarch64.rpm conmon-debuginfo-2.1.2-3.rhaos4.11.el8.aarch64.rpm conmon-debugsource-2.1.2-3.rhaos4.11.el8.aarch64.rpm containernetworking-plugins-1.0.1-6.rhaos4.11.el8.aarch64.rpm containernetworking-plugins-debuginfo-1.0.1-6.rhaos4.11.el8.aarch64.rpm containernetworking-plugins-debugsource-1.0.1-6.rhaos4.11.el8.aarch64.rpm cri-o-1.24.6-2.rhaos4.11.git4bfe15a.el8.aarch64.rpm cri-o-debuginfo-1.24.6-2.rhaos4.11.git4bfe15a.el8.aarch64.rpm cri-o-debugsource-1.24.6-2.rhaos4.11.git4bfe15a.el8.aarch64.rpm openshift-clients-4.11.0-202306231116.p0.g2ae2303.assembly.stream.el8.aarch64.rpm openshift-hyperkube-4.11.0-202306260054.p0.g990d55b.assembly.stream.el8.aarch64.rpm podman-4.0.2-7.rhaos4.11.el8.aarch64.rpm podman-catatonit-4.0.2-7.rhaos4.11.el8.aarch64.rpm podman-catatonit-debuginfo-4.0.2-7.rhaos4.11.el8.aarch64.rpm podman-debuginfo-4.0.2-7.rhaos4.11.el8.aarch64.rpm podman-debugsource-4.0.2-7.rhaos4.11.el8.aarch64.rpm podman-gvproxy-debuginfo-4.0.2-7.rhaos4.11.el8.aarch64.rpm podman-plugins-4.0.2-7.rhaos4.11.el8.aarch64.rpm podman-plugins-debuginfo-4.0.2-7.rhaos4.11.el8.aarch64.rpm podman-remote-4.0.2-7.rhaos4.11.el8.aarch64.rpm podman-remote-debuginfo-4.0.2-7.rhaos4.11.el8.aarch64.rpm podman-tests-4.0.2-7.rhaos4.11.el8.aarch64.rpm runc-1.1.2-2.rhaos4.11.el8.aarch64.rpm runc-debuginfo-1.1.2-2.rhaos4.11.el8.aarch64.rpm runc-debugsource-1.1.2-2.rhaos4.11.el8.aarch64.rpm skopeo-1.5.2-4.rhaos4.11.el8.aarch64.rpm skopeo-debuginfo-1.5.2-4.rhaos4.11.el8.aarch64.rpm skopeo-debugsource-1.5.2-4.rhaos4.11.el8.aarch64.rpm skopeo-tests-1.5.2-4.rhaos4.11.el8.aarch64.rpm noarch: openshift-ansible-4.11.0-202306230041.p0.g0a466d7.assembly.stream.el8.noarch.rpm openshift-ansible-test-4.11.0-202306230041.p0.g0a466d7.assembly.stream.el8.noarch.rpm openshift-kuryr-cni-4.11.0-202306280915.p0.gc732699.assembly.stream.el8.noarch.rpm openshift-kuryr-common-4.11.0-202306280915.p0.gc732699.assembly.stream.el8.noarch.rpm openshift-kuryr-controller-4.11.0-202306280915.p0.gc732699.assembly.stream.el8.noarch.rpm podman-docker-4.0.2-7.rhaos4.11.el8.noarch.rpm python3-kuryr-kubernetes-4.11.0-202306280915.p0.gc732699.assembly.stream.el8.noarch.rpm ppc64le: buildah-1.23.4-3.rhaos4.11.el8.ppc64le.rpm buildah-debuginfo-1.23.4-3.rhaos4.11.el8.ppc64le.rpm buildah-debugsource-1.23.4-3.rhaos4.11.el8.ppc64le.rpm buildah-tests-1.23.4-3.rhaos4.11.el8.ppc64le.rpm buildah-tests-debuginfo-1.23.4-3.rhaos4.11.el8.ppc64le.rpm conmon-2.1.2-3.rhaos4.11.el8.ppc64le.rpm conmon-debuginfo-2.1.2-3.rhaos4.11.el8.ppc64le.rpm conmon-debugsource-2.1.2-3.rhaos4.11.el8.ppc64le.rpm containernetworking-plugins-1.0.1-6.rhaos4.11.el8.ppc64le.rpm containernetworking-plugins-debuginfo-1.0.1-6.rhaos4.11.el8.ppc64le.rpm containernetworking-plugins-debugsource-1.0.1-6.rhaos4.11.el8.ppc64le.rpm cri-o-1.24.6-2.rhaos4.11.git4bfe15a.el8.ppc64le.rpm cri-o-debuginfo-1.24.6-2.rhaos4.11.git4bfe15a.el8.ppc64le.rpm cri-o-debugsource-1.24.6-2.rhaos4.11.git4bfe15a.el8.ppc64le.rpm openshift-clients-4.11.0-202306231116.p0.g2ae2303.assembly.stream.el8.ppc64le.rpm openshift-hyperkube-4.11.0-202306260054.p0.g990d55b.assembly.stream.el8.ppc64le.rpm podman-4.0.2-7.rhaos4.11.el8.ppc64le.rpm podman-catatonit-4.0.2-7.rhaos4.11.el8.ppc64le.rpm podman-catatonit-debuginfo-4.0.2-7.rhaos4.11.el8.ppc64le.rpm podman-debuginfo-4.0.2-7.rhaos4.11.el8.ppc64le.rpm podman-debugsource-4.0.2-7.rhaos4.11.el8.ppc64le.rpm podman-gvproxy-debuginfo-4.0.2-7.rhaos4.11.el8.ppc64le.rpm podman-plugins-4.0.2-7.rhaos4.11.el8.ppc64le.rpm podman-plugins-debuginfo-4.0.2-7.rhaos4.11.el8.ppc64le.rpm podman-remote-4.0.2-7.rhaos4.11.el8.ppc64le.rpm podman-remote-debuginfo-4.0.2-7.rhaos4.11.el8.ppc64le.rpm podman-tests-4.0.2-7.rhaos4.11.el8.ppc64le.rpm runc-1.1.2-2.rhaos4.11.el8.ppc64le.rpm runc-debuginfo-1.1.2-2.rhaos4.11.el8.ppc64le.rpm runc-debugsource-1.1.2-2.rhaos4.11.el8.ppc64le.rpm skopeo-1.5.2-4.rhaos4.11.el8.ppc64le.rpm skopeo-debuginfo-1.5.2-4.rhaos4.11.el8.ppc64le.rpm skopeo-debugsource-1.5.2-4.rhaos4.11.el8.ppc64le.rpm skopeo-tests-1.5.2-4.rhaos4.11.el8.ppc64le.rpm s390x: buildah-1.23.4-3.rhaos4.11.el8.s390x.rpm buildah-debuginfo-1.23.4-3.rhaos4.11.el8.s390x.rpm buildah-debugsource-1.23.4-3.rhaos4.11.el8.s390x.rpm buildah-tests-1.23.4-3.rhaos4.11.el8.s390x.rpm buildah-tests-debuginfo-1.23.4-3.rhaos4.11.el8.s390x.rpm conmon-2.1.2-3.rhaos4.11.el8.s390x.rpm conmon-debuginfo-2.1.2-3.rhaos4.11.el8.s390x.rpm conmon-debugsource-2.1.2-3.rhaos4.11.el8.s390x.rpm containernetworking-plugins-1.0.1-6.rhaos4.11.el8.s390x.rpm containernetworking-plugins-debuginfo-1.0.1-6.rhaos4.11.el8.s390x.rpm containernetworking-plugins-debugsource-1.0.1-6.rhaos4.11.el8.s390x.rpm cri-o-1.24.6-2.rhaos4.11.git4bfe15a.el8.s390x.rpm cri-o-debuginfo-1.24.6-2.rhaos4.11.git4bfe15a.el8.s390x.rpm cri-o-debugsource-1.24.6-2.rhaos4.11.git4bfe15a.el8.s390x.rpm openshift-clients-4.11.0-202306231116.p0.g2ae2303.assembly.stream.el8.s390x.rpm openshift-hyperkube-4.11.0-202306260054.p0.g990d55b.assembly.stream.el8.s390x.rpm podman-4.0.2-7.rhaos4.11.el8.s390x.rpm podman-catatonit-4.0.2-7.rhaos4.11.el8.s390x.rpm podman-catatonit-debuginfo-4.0.2-7.rhaos4.11.el8.s390x.rpm podman-debuginfo-4.0.2-7.rhaos4.11.el8.s390x.rpm podman-debugsource-4.0.2-7.rhaos4.11.el8.s390x.rpm podman-gvproxy-debuginfo-4.0.2-7.rhaos4.11.el8.s390x.rpm podman-plugins-4.0.2-7.rhaos4.11.el8.s390x.rpm podman-plugins-debuginfo-4.0.2-7.rhaos4.11.el8.s390x.rpm podman-remote-4.0.2-7.rhaos4.11.el8.s390x.rpm podman-remote-debuginfo-4.0.2-7.rhaos4.11.el8.s390x.rpm podman-tests-4.0.2-7.rhaos4.11.el8.s390x.rpm runc-1.1.2-2.rhaos4.11.el8.s390x.rpm runc-debuginfo-1.1.2-2.rhaos4.11.el8.s390x.rpm runc-debugsource-1.1.2-2.rhaos4.11.el8.s390x.rpm skopeo-1.5.2-4.rhaos4.11.el8.s390x.rpm skopeo-debuginfo-1.5.2-4.rhaos4.11.el8.s390x.rpm skopeo-debugsource-1.5.2-4.rhaos4.11.el8.s390x.rpm skopeo-tests-1.5.2-4.rhaos4.11.el8.s390x.rpm x86_64: buildah-1.23.4-3.rhaos4.11.el8.x86_64.rpm buildah-debuginfo-1.23.4-3.rhaos4.11.el8.x86_64.rpm buildah-debugsource-1.23.4-3.rhaos4.11.el8.x86_64.rpm buildah-tests-1.23.4-3.rhaos4.11.el8.x86_64.rpm buildah-tests-debuginfo-1.23.4-3.rhaos4.11.el8.x86_64.rpm conmon-2.1.2-3.rhaos4.11.el8.x86_64.rpm conmon-debuginfo-2.1.2-3.rhaos4.11.el8.x86_64.rpm conmon-debugsource-2.1.2-3.rhaos4.11.el8.x86_64.rpm containernetworking-plugins-1.0.1-6.rhaos4.11.el8.x86_64.rpm containernetworking-plugins-debuginfo-1.0.1-6.rhaos4.11.el8.x86_64.rpm containernetworking-plugins-debugsource-1.0.1-6.rhaos4.11.el8.x86_64.rpm cri-o-1.24.6-2.rhaos4.11.git4bfe15a.el8.x86_64.rpm cri-o-debuginfo-1.24.6-2.rhaos4.11.git4bfe15a.el8.x86_64.rpm cri-o-debugsource-1.24.6-2.rhaos4.11.git4bfe15a.el8.x86_64.rpm openshift-clients-4.11.0-202306231116.p0.g2ae2303.assembly.stream.el8.x86_64.rpm openshift-clients-redistributable-4.11.0-202306231116.p0.g2ae2303.assembly.stream.el8.x86_64.rpm openshift-hyperkube-4.11.0-202306260054.p0.g990d55b.assembly.stream.el8.x86_64.rpm podman-4.0.2-7.rhaos4.11.el8.x86_64.rpm podman-catatonit-4.0.2-7.rhaos4.11.el8.x86_64.rpm podman-catatonit-debuginfo-4.0.2-7.rhaos4.11.el8.x86_64.rpm podman-debuginfo-4.0.2-7.rhaos4.11.el8.x86_64.rpm podman-debugsource-4.0.2-7.rhaos4.11.el8.x86_64.rpm podman-gvproxy-debuginfo-4.0.2-7.rhaos4.11.el8.x86_64.rpm podman-plugins-4.0.2-7.rhaos4.11.el8.x86_64.rpm podman-plugins-debuginfo-4.0.2-7.rhaos4.11.el8.x86_64.rpm podman-remote-4.0.2-7.rhaos4.11.el8.x86_64.rpm podman-remote-debuginfo-4.0.2-7.rhaos4.11.el8.x86_64.rpm podman-tests-4.0.2-7.rhaos4.11.el8.x86_64.rpm runc-1.1.2-2.rhaos4.11.el8.x86_64.rpm runc-debuginfo-1.1.2-2.rhaos4.11.el8.x86_64.rpm runc-debugsource-1.1.2-2.rhaos4.11.el8.x86_64.rpm skopeo-1.5.2-4.rhaos4.11.el8.x86_64.rpm skopeo-debuginfo-1.5.2-4.rhaos4.11.el8.x86_64.rpm skopeo-debugsource-1.5.2-4.rhaos4.11.el8.x86_64.rpm skopeo-tests-1.5.2-4.rhaos4.11.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-23772 https://access.redhat.com/security/cve/CVE-2022-24675 https://access.redhat.com/security/cve/CVE-2022-28327 https://access.redhat.com/security/cve/CVE-2022-30629 https://access.redhat.com/security/cve/CVE-2022-41717 https://access.redhat.com/security/cve/CVE-2023-3089 https://access.redhat.com/security/cve/CVE-2023-24540 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2023-001 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIcBAEBCAAGBQJkpjt7AAoJENzjgjWX9erEnZsQAKRcM+y6BeZeJH1RawZcl0tP Cc7QM52GHXraQX4kFLN1kAUtJEkwcKRCJ6zCOf3R0wK/+BNvFI7FvxkH6bjCMGbx 5HEuJH1ouaAeDFkBh7CdBedre3+xRmPFtI7T6DMDhvFbpBexb7IvZ3fEE5iNG96G ysop1HLVxnm6Nq/bohbzRiYZGhEhRSlh797gjnFuRvExaaNvxja5a2PIfEoG8EMB hR+Ow1Rvv5zpNPMYyoNZY4VCjXCkMc4laXUj9YNTmh2G9RM3XMH7fgJ7tdceOP/X 0FHG9sz99ZYpPTUDvEgtzokxPfTfhTmSkU20iFC+SuNJRtZcX7W+HoCLabRl6VlQ ekpK2C0+sPxqy4U+y4Xwe8egibnXCPaKLTE/N1aoeZlClzHDbVJBr1T3IR5g8Lrj k9pcRXKbCb66frLfY2o4VqfxVor8VdmuLbrtCtyEe+D6Uh3PZ20ivoBqVb93hdLA ouBdFqCbsGe0DWg344jHBBJ9snL4AhmiiBC9gBDbhIUY7gOTn8epyCOKjurRaSLr rUeE81i9F1cvUncZN7Z7TTv6hWcv6tl973EgQJgxVP+jfGpPDFGoKvcEp8cCRtZd vf3KUFlIzucUSvvgDzmT3DuvDw8+3FOkPVHz/5WvK793YceK7CnX7pcvpdiJnxan rmvM20rgy7QP3CMlJ0dT =9l4S -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jul 06, 2023
•Important
Red Hat
100
security advisoryheap overflowSUSE LinuxSUSE Linux 12-SP5: SUSE-SU-2022:2314-1 Critical: Rsyslog Heap Overflow
An update that solves one vulnerability, contains one feature and has 11 fixes is now available. . SUSE Security Update: Security update for rsyslog ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2314-1 Rating: important References: #1051798 #1068678 #1080238 #1082318 #1101642 #1110456 #1160414 #1178288 #1178490 #1182653 #1188039 #1199061 SLE-23304 Cross-References: CVE-2022-24903 CVSS scores: CVE-2022-24903 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-24903 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves one vulnerability, contains one feature and has 11 fixes is now available. Description: This update for rsyslog fixes the following issues: - CVE-2022-24903: fix potential heap buffer overflow in modules for TCP syslog reception (bsc#1199061) Upgrade to rsyslog 8.2106.0 (bsc#1188039) * NOTE: the prime new feature is support for TLS and non-TLS connections via imtcp in parallel. Furthermore, most TLS parameters can now be overriden at the input() level. The notable exceptions are certificate files, something that is due to be implemented as next step. * 2021-06-14: new global option "parser.supportCompressionExtension" This permits to turn off rsyslog's single-message compression extension when it interferes with non-syslog message processing (the parser subsystem expects syslog messages, not generic text) closes https://github.com/rsyslog/rsyslog/issues/4598 * 2021-05-12: imtcp: add more override config params to input() It is now possible to override all module parameters at the input() level. Module parameters serve as defaults.Existing configs need no modification. * 2021-05-06: imtcp: add stream driver parameter to input() configuration This permits to have different inputs use different stream drivers and stream driver parameters. closes https://github.com/rsyslog/rsyslog/issues/3727 * 2021-04-29: imtcp: permit to run multiple inputs in parallel Previously, a single server was used to run all imtcp inputs. This had a couple of drawsbacks. First and foremost, we could not use different stream drivers in the varios inputs. This patch now provides a baseline to do that, but does still not implement the capability (in this sense it is a staging patch). Secondly, we now ensure that each input has at least one exclusive thread for processing, untangling the performance of multiple inputs from each other. see also: https://github.com/rsyslog/rsyslog/issues/3727 * 2021-04-27: tcpsrv bugfix: potential sluggishnes and hang on shutdown tcpsrv is used by multiple other modules (imtcp, imdiag, imgssapi, and, in theory, also others - even ones we do not know about). However, the internal synchornization did not properly take multiple tcpsrv users in consideration. As such, a single user could hang under some circumstances. This was caused by improperly awaking all users from a pthread condition wait. That in turn could lead to some sluggish behaviour and, in rare cases, a hang at shutdown. Note: it was highly unlikely to experience real problems with the officially provided modules. * 2021-04-22: refactoring of syslog/tcp driver parameter passing This has now been generalized to a parameter block, which makes it much cleaner and also easier to add new parameters in the future. * 2021-04-22: config script: add re_match_i() and re_extract_i() functions This provides case-insensitive regex functionality. closes https://github.com/rsyslog/rsyslog/issues/4429 - Update to rsyslog 8.2104.0: * rainerscript: call getgrnam_r repeatedly to get all group members * new contributed module imhiredis * new built-in function get_property() to access property vars * mmdblookup: add support for mmdb DB reload on HUP * script bugfix: empty array in foreach() improperly handled * imjournal bugfixes (handle leak, empty file) * new contributed function module fmunflatten * test bugfix: some tests did not work with newer TLS library versions * some improvements to project CI - Update to rsyslog 8.2102.0: * omfwd: add stats counter for sent bytes * omfwd: add error reporting configuration option * action stats counter bugfix: failure count was not properly incremented * action stats counter bugfix: resume count was not incremented * omfwd bugfix: segfault or error if port not given * lookup table bugfix: data race on lookup table reload * testbench modernization * testbench: fix invalid sequence of kafka tests runs * testbench: fix kafkacat issues * testbench: fix year-dependendt clickhouse test - Update to rsyslog 8.2012.0: * testbench bugfix: some tests did not work in make distcheck * immark: rewrite with many improvements * usability: re-phrase error message to help users better understand cause * add new system property $now-unixtimestamp * omfwd: add new rate limit option * omfwd bug: param "StreamDriver.PermitExpiredCerts" is not "off" by default - Update to rsyslog 8.2010.0: * gnutls TLS subsystem bugfix: handshake error handling * core/msg bugfix: memory leak * core/msg bugfix: segfault in jsonPathFindNext() when root not an object * openssl TLS subsystem: improvments of error and status messages * add 'exists()' script function to check if variable exists * core bugfix: do not create empty JSON objects on non-existent key access * gnutlssubsysem bugfix: potential hang on session closure * core/network bugfix: obey net.enableDNS=off when querying local hostname * core bugfix: potential segfault on query of PROGRAMNAME property * imtcp bugfix: broken connection not necessariy detected * new module: imhttp - http input * mmdarwin bugfix: potential zero uuid when reusing existing one * imdocker bugfix: build issue on some platforms * omudpspoof bugfix: make compatbile with Solaris build * testbench fix: python 3 incompatibility * core bugfix: segfault if disk-queue file cannot be created * cosmetic: fix dummy module name in debug output * config bugfix: intended warning emitted as error - Update to rsyslog 8.39.0 * imfile: improve truncation detection * imjournal: work around journald excessive reloading behavior * errmsg: remove no longer needed code * queue bugfix: invalid error message on queue startup * bugfix imrelp: regression with legacy configuration startup fail * bugfix imudp: stall of connection and/or potential segfault * bugfix gcry crypto driver: small memleak * fix potential misadressing in encryption subsystem * ksi subsystem changes * bugfix core: regex compile error messages could be incorrect * bugfix core: potential hang on rsyslog termination * bugfix imkafka: system hang when backgrounded * bugfix imfile: file change was not reliably detected * bugfix imrelp: do not fail build if librelp does not have relpSrvSetLstnAddr * bugfix queue subsystem: DA queue did ignore encryption settings * bugfix KSI: lmsig-ksils12 module skips signing the last block * bugfix fmhash: function hash64mod sometimes returned wrong result * bugfix core/debug: data written to random fd 2 under some debug settings - Update to rsyslog 8.38.0: * imfile: support for endmsg.regex * omhttp: new contribued module * imrelp: add support for seting address to bind to (#894) * ommysql: support mysql unix domain socket * omusrmsg: do not fall back to max username length of 8 * various bug fixes and minor updates to other modules and core * various fixes for memory leaks - Update to rsyslog 8.36.0: * Liblogging-stdlog deprecated * OpenSSL based TLS driver added in addition to GnuTLS * GnuTLS TLS driver: support intermediate certificates * imptcp: add ability to configure socket backlog * fmhash: new hash function module * updates and fixes to various modules * omfwd: add support for bind-to-address for UDP * mmkubernetes: new module - Update to rsyslog 8.33.1: * devcontainer: use some more sensible defaults * auto-detect if running inside a container (as pid 1) * config: add include() script object * template: add option to generate json "container" * core/template: add format jsonf to constant template entries * config: add ability to disable config parameter ("config.enable") * script: permit to use environment variables during configuration * new global config parameter "shutdown.enable.ctlc" * config optimizer: detect totally empty "if" statements and optimize them out * template: constant entry can now also be formatted as json field * omstdout: support for new-style configuration parameters added * core: set TZ on startup if not already set * imjournal bugfix: file handle leak during journal rotation * lmsig_ksils12 bugfix: dirOwner and dirGroup config was not respected * script bugfix: replace() function worked incorrectly in some cases * core bugfix: misadressing in external command parser * core bugfix: small memory leak in external command parser * core bugfix: string not properly terminated when RFC5424 MSGID is used * bugfix: strndup() compatibility layer func copies too much - Update to rsyslog 8.32.0 * libfastjson 0.99.8 required * libczmq > = 3.0.2 is now required for omczmq * libcurl isnow needed for rsyslog core * rsyslogd: add capability to specify that no pid file shall be written * core improvements and bug fixes * RainerScript improvements and bug fixes * build fixes, including gcc7 fixes * various bug fixes in multiple modules * imudp: fix segfault in ratelimit code - Update to rsyslog 8.30.0 * changed behaviour: all variables are now case-insensitive by default * core: handle (JSON) variables in case-insensitive way * imjournal: made switching to persistent journal in runtime possible * mmanon: complete refactor and enhancements * imfile: add "fileoffset" metadata * RainerScript: add ltrim and rtrim functions * core: report module name when suspending action * core: add ability to limit number of error messages going to stderr * tcpsrv subsystem: improvate clarity of some error messages * imptcp: include module name in error msg * imtcp: include module name in error msg * tls improvement: better error message if certificate file cannot be read * omfwd: slightly improved error messages during config parsing * ommysql improvements * ommysql bugfix: do not duplicate entries on failed transaction * imtcp bugfix: parameter priorityString was ignored * template/bugfix: invalid template option conflict detection * core/actions: fix handling of data-induced errors * core/action bugfix: no "action suspended" message during retry processing * core/action: if commitTransaction fails, try individual messages * core/ratelimit bugfix: race can lead to segfault * core bugfix: rsyslog aborts if errmsg is generated in early startup * core bugfix: informational messages was logged with error severity * core bugfix: --enable-debugless build was broken * queue bugfix: file write error message was incorrect * omrelp bugfix: segfault when rebindinterval parameter is used * omkafka bugfix: invalid load of failedmsg file onstartup if disabled * kafka bugfix: problem on invalid kafka configuration values * imudp bugfix: UDP oversize message not properly handled * core bugfix: memory corruption during configuration parsing * core bugfix: race on worker thread termination during shutdown * omelasticsearch: avoid ES5 warnings while sending json in bulkmode * omelasticsearch bugfix: incompatibility with newer ElasticSearch version * imptcp bugfix: invalid mutex addressing on some platforms * imptcp bugfix: do not accept missing port in legacy listener definition - Update to rsyslog 8.29.0: * imptcp: add experimental parameter "multiline" * imptcp: framing-related error messages now also indicate remote peer * imtcp: framing-related error messages now also indicate remote peer * imptcp: add session statistics conunter * imtcp: add ability to specify GnuTLS priority string * impstats: add new ressoure counter "openfiles" * pmnormalize: new parser module * core/queue: provide informational messages on thread startup and shutdown * omfwd/udp: improve error reporting, depricate maxerrormessages parameter * core: add parameters debug.file and debug.whitelist * core/net.c: improve UDP socket creation error messages * omfwd/udp: add "udp.sendbuf" parameter * core: make rsyslog internal message rate-limiter configurable * omelasticsearch bugfixes and changed ES5 API support + avoid 404 during health check + avoid ES5 warnings while sending json + bugfix for memomry leak while writing error file * imfile bugfix: wildcard detection issue on path wildcards * omfwd bugfix: always give reason for suspension * omfwd bugfix: configured compression level was not properly used * imptcp bugfix: potential socket leak on session shutdown * omfwd/omudpspoof bugfix: switch udp client sockets to nonblocking mode * imklog: fix permitnonkernelfacility not working * impstatsbugfix: impstats does not handle HUP * core bugfix: segfault after configuration errors * core/queue bugfixes * lmsig_ksi: removed pre-KSI_LS12 components - Update to rsyslog 8.28.0 * omfwd: add parameter "tcp_frameDelimiter" * omkafka: large refactor of kafka subsystem * imfile: improved handling of atomically renamed file (w/ wildcards) * imfile: add capability to truncate oversize messages or split into multiple * mmdblookup fixes and extensions * bugfix: fixed multiple memory leaks * imptcp: add new parameter "flowControl" * imrelp: add "maxDataSize" config parameter * multiple modules: gtls: improve error if certificate file can't be opened * omsnare: allow different tab escapes * omelasticsearch: converted to use libfastjson instead of json-c * imjournal: _PID fallback * added fallback for _PID proprety when SYSLOG_PID is not available * introduced new option "usepid" which sets which property should rsyslog use, it has 3 states system|syslog|both, default is both * deprecated "usepidfromsystem" option, still can be used and override the "usepid" * it is possible to revert previous default with usepid="syslog" * multiple modules: add better error messages when regcomp is failing * omhiredis: fix build warnings * imfile bugfix: files mv-ed in into directory were not handled * omprog bugfix: execve() incorrectly called * imfile bugfix: multiline timeout did not work if state file exists * lmsig_ksi-ls12 bugfix: build problems on some platforms * core bugfix: invalid object type assertion * regression fix: local hostname was not always detected properly... * bugfix: format security issues in zmq3 modules * bugfix build system: add libksi only to those binaries that need it * bugfix KSI ls12 components: invalid tree height calculation * bugfix imfile: fix multiline timeout code - Update to rsyslog 8.27.0 - imkafka: addmodule - imptcp enhancements: * optionally emit an error message if incoming messages are truncated * optionally emit connection tracking message (on connection create and close) * add "maxFrameSize" parameter to specify the maximum size permitted in octet-counted mode * add parameter "discardTruncatedMsg" to permit truncation of oversize messages * improve octect-counted mode detection: if the octet count is larger then the set frame size (or overly large in general), it is now assumed that octet-stuffing mode is used. This probably solves a number of issues seen in real deployments. - imtcp enhancements: * add parameter "discardTruncatedMsg" to permit truncation of oversize messages * add "maxFrameSize" parameter to specify the maximum size permitted in octet-counted mode - imfile bugfix: "file not found error" repeatedly being reported for configured non-existing file. In polling mode, this message appeared once in each polling cycle, causing a potentially very large amout of error messages. Note that they were usually emitted too infrequently to trigger the error message rate limiter, albeit often enough to be a major annoance. - imfile: in inotify mode, add error message if configured file cannot be found - imfile: add parameter "fileNotFoundError" to optinally disable "file not found" error messages - core: replaced gethostbyname() with getaddrinfo() call Gethostbyname() is generally considered obsolete, is not reentrant and cannot really work with IPv6. Changed the only place in rsyslog where this call remained. Thanks to github user jvymazal for the patch - omkafka: add "origin" field to stats output See also https://github.com/rsyslog/rsyslog/issues/1508 Thanks to Yury Bushmelev for providing the patch. - imuxsock: rate-limiting also uses process name both for the actual limit procesing as well as warning messages emitted seealso https://github.com/rsyslog/rsyslog/pull/1520 Thanks to github user jvymazal for the patch - Added new module: KSI log signing ver. 1.2 (lmsig_ksi_ls12) - rsylsog base functionality now builds on osx (Mac) Thanks to github user hdatma for his help in getting this done. - build now works on solaris again - imfile: fix cross-platform build issue see also https://github.com/rsyslog/rsyslog/issues/1494 Thanks to Felix Janda for bug report and solution suggestion. - bugfix core: segfault when no parser could parse message - core bugfix: memory leak when internal messages not processed internally - Update to rsyslog 8.26.0: * liblognorm 2.0.3 is required for mmnormalize * enable internal error messages at all times * core: added logging name of source of rate-limited messages * omfwd: omfwd: add support for network namespaces * imrelp: honor input name if provided when submitting to impstats * imptcp: add ability to set owner/group/access perms for uds * mmnormalize: add ability to load a rulebase from action() parameter * pmrfc3164 improvements + permit to ignore leading space in MSG + permit to use at-sign in host names + permit to require tag to end in colon * add new global parameter "umask" * core: make use of -T command line option more secure * omfile: add error if both file and dynafile are set * bugfix: build problem on MacOS (not a supported platform) * regression fix: in 8.25, str2num() returned error on empty string * bugfix omsnmp: improper handling of new-style configuration parameters * bugfix: rsyslog identifies itself as "liblogging-stdlog" in internal messages * bugfix imfile: wrong files were monitored when using multiple imfile inputs * bugfix: setting net.aclResolveHostname/net.acladdhostnameonfail segfaults * bugfix: immark emitted error messages with text "imuxsock" * bugfix tcpflood: build failed if RELP wasdisabled * fix gcc6 compiler warnings * the output module array passing interface has been removed - Update to rsyslog 8.25.0: * imfile: add support for wildcards in directory names * add new global option "parser.PermitSlashInProgramname" * mmdblookup: fix build issues, code cleanup * improved debug output for queue corruption cases * an error message is now displayed when a directory owner cannot be set * rainerscript: add new function ipv42num * rainerscript: add new function num2ipv4 * bugfix: ratelimiter does not work correctly is time is set back * core: fix potential message loss in old-style transactional interface * bugfix queue subsystem: queue corrupted if certain msg props are used * bugfix imjournal: fixed situation when time goes backwards * bugfix: bFlushOnTxEnd == 0 not honored when writing w/o async writer * bugfix core: str2num mishandling empty strings * bugfix rainerscript: set/unset statement do not check variable name validity * bugfix mmrm1stspace: last character of rawmsg property was doubled * bugfix imtcp: fix very small (cosmetic) memory leak * However, the leak breaks memleak checks in the testbench. * fix segfault in libc Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2314=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): rsyslog-8.2106.0-8.5.2 rsyslog-debuginfo-8.2106.0-8.5.2 rsyslog-debugsource-8.2106.0-8.5.2 rsyslog-diag-tools-8.2106.0-8.5.2 rsyslog-diag-tools-debuginfo-8.2106.0-8.5.2 rsyslog-doc-8.2106.0-8.5.2 rsyslog-module-gssapi-8.2106.0-8.5.2 rsyslog-module-gssapi-debuginfo-8.2106.0-8.5.2 rsyslog-module-gtls-8.2106.0-8.5.2 rsyslog-module-gtls-debuginfo-8.2106.0-8.5.2 rsyslog-module-mmnormalize-8.2106.0-8.5.2 rsyslog-module-mmnormalize-debuginfo-8.2106.0-8.5.2 rsyslog-module-mysql-8.2106.0-8.5.2 rsyslog-module-mysql-debuginfo-8.2106.0-8.5.2 rsyslog-module-pgsql-8.2106.0-8.5.2 rsyslog-module-pgsql-debuginfo-8.2106.0-8.5.2 rsyslog-module-relp-8.2106.0-8.5.2 rsyslog-module-relp-debuginfo-8.2106.0-8.5.2 rsyslog-module-snmp-8.2106.0-8.5.2 rsyslog-module-snmp-debuginfo-8.2106.0-8.5.2 rsyslog-module-udpspoof-8.2106.0-8.5.2 rsyslog-module-udpspoof-debuginfo-8.2106.0-8.5.2 References: https://www.suse.com/security/cve/CVE-2022-24903.html https://bugzilla.suse.com/1051798 https://bugzilla.suse.com/1068678 https://bugzilla.suse.com/1080238 https://bugzilla.suse.com/1082318 https://bugzilla.suse.com/1101642 https://bugzilla.suse.com/1110456 https://bugzilla.suse.com/1160414 https://bugzilla.suse.com/1178288 https://bugzilla.suse.com/1178490 https://bugzilla.suse.com/1182653 https://bugzilla.suse.com/1188039 https://bugzilla.suse.com/1199061 . SUSE Security Patch for nginx resolves severe buffer overflow vulnerability alongside key enhancements and additional functionalities incorporated.. rsyslog security update, heap buffer overflow, SUSE Linux enhancements. . Severity: Important. LinuxSecurity.com Team
Jul 07, 2022
•Important
SuSE
89
security advisoryupdateFedoraFedora 36: 2022-6746739d52 Moderate: Mupdf Mingw Subpackage Update
Add mingw subpackages.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-6746739d52 2022-03-26 14:56:28.650826 --------------------------------------------------------------------------------Name : mupdf Product : Fedora 36 Version : 1.19.0 Release : 7.fc36 URL : https://mupdf.com/ Summary : A lightweight PDF viewer and toolkit Description : MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on screen. MuPDF has a small footprint. A binary that includes the standard Roman fonts is only one megabyte. A build with full CJK support (including an Asian font) is approximately seven megabytes. MuPDF has support for all non-interactive PDF 1.7 features, and the toolkit provides a simple API for accessing the internal structures of the PDF document. Example code for navigating interactive links and bookmarks, encrypting PDF files, extracting fonts, images, and searchable text, and rendering pages to image files is provided. --------------------------------------------------------------------------------Update Information: Add mingw subpackages. --------------------------------------------------------------------------------ChangeLog: * Fri Feb 25 2022 Sandro Mani 1.19.0-7 - Bump as F36 needs another rebuild * Fri Feb 25 2022 Sandro Mani 1.19.0-6 - Rebuild (leptonica) --------------------------------------------------------------------------------References: [ 1 ] Bug #2060171 - F36FailsToInstall: mingw64-freeimage, mingw32-freeimage https://bugzilla.redhat.com/show_bug.cgi?id=2060171 [ 2 ] Bug #2060172 - F36FailsToInstall: mingw32-gdal, mingw64-gdal https://bugzilla.redhat.com/show_bug.cgi?id=2060172 [ 3 ]Bug #2060174 - F36FailsToInstall: mingw32-opencv, mingw64-opencv https://bugzilla.redhat.com/show_bug.cgi?id=2060174 [ 4 ] Bug #2060175 - F36FailsToInstall: mingw32-poppler, mingw64-poppler https://bugzilla.redhat.com/show_bug.cgi?id=2060175 [ 5 ] Bug #2060176 - F36FailsToInstall: mingw32-python3-shapely, mingw64-python3-shapely https://bugzilla.redhat.com/show_bug.cgi?id=2060176 [ 6 ] Bug #2060177 - F36FailsToInstall: mingw32-qtspell-qt5, mingw64-qtspell-qt5 https://bugzilla.redhat.com/show_bug.cgi?id=2060177 [ 7 ] Bug #2060358 - F36FailsToInstall: mingw32-python3-pyproj, mingw64-python3-pyproj https://bugzilla.redhat.com/show_bug.cgi?id=2060358 [ 8 ] Bug #2060816 - F36FailsToInstall: mingw64-SDL2_image, mingw32-SDL2_image https://bugzilla.redhat.com/show_bug.cgi?id=2060816 [ 9 ] Bug #2060818 - F36FailsToInstall: mingw32-qt5-qtimageformats, mingw64-qt5-qtimageformats https://bugzilla.redhat.com/show_bug.cgi?id=2060818 [ 10 ] Bug #2060819 - F36FailsToInstall: mingw32-qt5-qtwebkit, mingw64-qt5-qtwebkit https://bugzilla.redhat.com/show_bug.cgi?id=2060819 [ 11 ] Bug #2060820 - F36FailsToInstall: mingw32-qt6-qtimageformats, mingw64-qt6-qtimageformats https://bugzilla.redhat.com/show_bug.cgi?id=2060820 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-6746739d52' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Mar 26, 2022
Fedora
202
security advisoryupdateupdate informationopenSUSE Leap 15.2: openSUSE-SU-2021:0277-1 Important: Librepo Path Issue
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for librepo ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:0277-1 Rating: important References: #1175475 Cross-References: CVE-2020-14352 CVSS scores: CVE-2020-14352 (NVD) : 8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2020-14352 (SUSE): 8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for librepo fixes the following issues: - Upgrade to 1.12.1 + Validate path read from repomd.xml (bsc#1175475, CVE-2020-14352) - Changes from 1.12.0 + Prefer mirrorlist/metalink over baseurl (rh#1775184) + Decode package URL when using for local filename (rh#1817130) + Fix memory leak in lr_download_metadata() and lr_yum_download_remote() + Download sources work when at least one of specified is working (rh#1775184) This update was imported from the SUSE:SLE-15-SP2:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-277=1 Package List: - openSUSE Leap 15.2 (i586 x86_64): librepo-debuginfo-1.12.1-lp152.2.6.1 librepo-debugsource-1.12.1-lp152.2.6.1 librepo-devel-1.12.1-lp152.2.6.1 librepo0-1.12.1-lp152.2.6.1 librepo0-debuginfo-1.12.1-lp152.2.6.1 python3-librepo-1.12.1-lp152.2.6.1 python3-librepo-debuginfo-1.12.1-lp152.2.6.1 References: https://www.suse.com/security/cve/CVE-2020-14352.html https://bugzilla.suse.com/1175475 . An essential patch for librepo in openSUSE has been released to resolve CVE-2020-14352, with critical updates now accessible.. OpenSUSE Security Update, Librepo Fix, Important Update. . Severity: Important. LinuxSecurity.com Team
Feb 12, 2021
•Important
OpenSUSE
89
security advisorysecurity issueupdateFedora 24: 2017-48e59edf94 Moderate: Thunderbird Security Update
For changes see: https://www.thunderbird.net/en-US/thunderbird/45.7.0/releasenotes/. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2017-48e59edf94 2017-02-04 19:42:24.070820 -------------------------------------------------------------------------------- Name : thunderbird Product : Fedora 24 Version : 45.7.0 Release : 1.fc24 URL : https://wiki.mozilla.org/Thunderbird:Home_Page Summary : Mozilla Thunderbird mail/newsgroup client Description : Mozilla Thunderbird is a standalone mail and newsgroup client. -------------------------------------------------------------------------------- Update Information: For changes see: https://www.thunderbird.net/en-US/thunderbird/45.7.0/releasenotes/ -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade thunderbird' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Feb 04, 2017
•Important
Fedora
89
security advisoryfedoracritical updateFedora 22: FEDORA-2015-10459 Critical: Cups-x2go Enhancement Update
* New upstream version (3.0.1.2): - cups-x2go{,.conf}: port to File::Temp. Use Text::ParseWords to split up the ps2pdf command line correctly. Don't use system() but IPC::Open2::open2(). Capture the ps2pdf program's stdout and write it to the temporary file handle "manually". Should fix problems reported by Jan Bi on IRC. - cups-x2go: fix commented out second ps2pdf definition to output PDF da [More...]. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-10459 2015-06-22 04:41:29 -------------------------------------------------------------------------------- Name : cups-x2go Product : Fedora 22 Version : 3.0.1.3 Release : 1.fc22 URL : https://wiki.x2go.org/doku.php Summary : CUPS backend for printing from X2Go Description : X2Go is a server based computing environment with - session resuming - low bandwidth support - session brokerage support - client side mass storage mounting support - audio support - authentication by smartcard and USB stick CUPS backend for printing from X2Go. -------------------------------------------------------------------------------- Update Information: * New upstream version (3.0.1.2): - cups-x2go{,.conf}: port to File::Temp. Use Text::ParseWords to split up the ps2pdf command line correctly. Don't use system() but IPC::Open2::open2(). Capture the ps2pdf program's stdout and write it to the temporary file handle "manually". Should fix problems reported by Jan Bi on IRC. - cups-x2go: fix commented out second ps2pdf definition to output PDF data to stdout. * New upstream version (3.0.1.3): - cups-x2go: import tempfile() function from File::Temp module. - cups-x2go: only repeat the last X, not the whole ".pdfX" string (or the like.) - cups-x2go: actually print "real" executed command instead of the "original" one with placeholders. - cups-x2go: read output from ghostscript, don't write a filehandle to the temporaryfile. Fixes a hanging ghostscript call and... well... random junk, instead of a "real" PDF file. - cups-x2go: use parentheses around function arguments. - cups-x2go: fix binmode() call, :raw layer is implicit. - cups-x2go: fix print call... Does not allow to separate parameters with a comma. - cups-x2go: add correct :raw layer to binmode calls. - cups-x2go: fix tiny typo. - cups-x2go: read data from GS and STDIN in chunks of 8 kbytes, instead of everything at once. Handles large print jobs gracefully. - cups-x2go: add parentheses to close() calls. - cups-x2go: delete PDF and title temporary files automatically. - cups-x2go: unlink PS temporary file on-demand in END block. Also move closelog to END block, because we want to print diagnosis messages in the END block. - cups-x2go: don't use unlink() explicitly. Trust File::Temp and our END block to clean up correctly. - cups-x2go: there is no continue in perl for stepping forward a loop. Still not. I keep forgetting that. Use next. (Partly) Fixes: #887. - cups-x2go: use the same temp file template for PS, PDF and title files. Use appropriate suffixes if necessary when generating PDF and title temp files. (Fully) Fixes: #887. Update to 3.0.1.1: - Add a short README that provides some getting started information. Update to 3.0.1.1: - Add a short README that provides some getting started information. -------------------------------------------------------------------------------- ChangeLog: * Fri Jun 19 2015 Orion Poplawski - 3.0.1.3-1 - Update to 3.0.1.3 * Wed Jun 17 2015 Fedora Release Engineering - 3.0.1.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild * Wed Feb 11 2015 Orion Poplawski - 3.0.1.1-1 - Update to 3.0.1.1 - Require openssh-clients -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update cups-x2go' at the command line. For more information, refer to"Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Jun 30, 2015
•Critical
Fedora
89
security advisorysecurity updatecriticalFedora 20: 2015-8138 Important Security Update for Firefox Released
Update to new upstream.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-8138 2015-05-14 06:03:40 -------------------------------------------------------------------------------- Name : firefox Product : Fedora 20 Version : 38.0 Release : 4.fc20 URL : Summary : Mozilla Firefox Web browser Description : Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. -------------------------------------------------------------------------------- Update Information: Update to new upstream. -------------------------------------------------------------------------------- ChangeLog: * Mon May 11 2015 Martin Stransky - 38.0-4 - Update to 38.0 Build 3 - Added fix for rhbz#1219542 * Wed May 6 2015 Martin Stransky - 38.0-2 - Added fix for mozbz#1161056 - combobox background color * Tue May 5 2015 Martin Stransky - 38.0-1 - Update to 38.0 Build 2 * Wed Apr 22 2015 Martin Stransky - 37.0.2-3 - Fedora-bookmarks rebuild (rhbz#1210474) * Thu Apr 16 2015 Martin Stransky - 37.0.2-2 - Update to 37.0.2 * Tue Apr 7 2015 Martin Stransky - 37.0.1-2 - Fixed debug builds * Tue Apr 7 2015 Martin Stransky - 37.0.1-1 - Update to 37.0.1 * Mon Apr 6 2015 Tom Callaway - 37.0-4 - rebuild for libvpx 1.4.0 * Tue Mar 31 2015 Marcin Juszkiewicz - 37.0-3 - Fix build on AArch64 (based on upstream skia changes) * Fri Mar 27 2015 Martin Stransky - 37.0-2 - Added tooltip patch (mozbz#1144643) * Fri Mar 27 2015 Martin Stransky - 37.0-1 - Update to 37.0 Build 2 * Thu Mar 26 2015 Richard Hughes - 36.0.4-2 - Add an AppData file for the software center * Sat Mar 21 2015 Martin Stransky - 36.0.4-1 - Update to 36.0.4 * Fri Mar 20 2015 Martin Stransky - 36.0.3-1 - Update to 36.0.3 * Tue Mar 17 2015 Martin Stransky - 36.0.1-6 - Fixed rhbz#1201527 - [GTK3] Scrollbars in Firefox are not consistent with the rest of the desktop * Tue Mar 10 2015 Martin Stransky -36.0.1-5 - Arm build fix * Mon Mar 9 2015 Jan Horak - 36.0.1-1 - Update to 36.0.1 * Fri Mar 6 2015 Martin Stransky - 36.0-4 - ppc64le build fix * Thu Mar 5 2015 Martin Stransky - 36.0-3 - Added back the removed "-remote" option - Fixed rhbz#1198965 - mozilla-xremote-client has been removed, langpack installation may be broken * Tue Mar 3 2015 Martin Stransky - 36.0-2 - Enable Skia for all arches (rhbz#1197007) * Fri Feb 20 2015 Jan Horak - 36.0-1 - Update to 36.0 * Mon Feb 9 2015 Martin Stransky - 35.0.1-5 - Fixed rhbz#1190774 - update usear agent string for Fedora * Wed Feb 4 2015 Petr Machata - 35.0.1-4 - Bump for rebuild. * Tue Jan 27 2015 Martin Stransky - 35.0.1-3 - Backed out the flash click-to-play setup * Mon Jan 26 2015 David Tardon - 35.0.1-2 - rebuild for ICU 54.1 * Fri Jan 23 2015 Martin Stransky - 35.0.1-1 - New upstream version * Thu Jan 22 2015 Martin Stransky - 35.0-7 - Updated hiDPI patch to upstream version (mozbz#975919) * Thu Jan 22 2015 Martin Stransky - 35.0-6 - Disabled flash by default because of 0day live flash exploit (see https://isc.sans.edu/diary/Flash+0-Day+Exploit+Used+by+Angler+Exploit+Kit/19213) * Mon Jan 19 2015 Martin Stransky - 35.0-5 - Enable release build config - Gtk3 - added patch for HiDPI support (mozbz#975919) * Mon Jan 19 2015 Martin Stransky - 35.0-4 - Gtk3 - fixed tabs rendering * Wed Jan 14 2015 Martin Stransky - 35.0-3 - Gtk3 - replaced obsoleted focus properties - Make start.fedoraproject.org the homepage * Mon Jan 12 2015 Martin Stransky - 35.0-2 - Update to 35.0 Build 3 - Gtk3 - added fix for button/entry box sizes - Gtk3 - added fix for button/entry focus sizes - Spec clean-up (by
May 19, 2015
•Important
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!