Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 518
Alerts This Week
Warning Icon 1 518

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 30 articles for you...
89

Fedora 41: FEDORA-2025-510a78f439 moderate: vyper update notifications

A few fixes. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-510a78f439 2025-05-25 02:12:06.542038+00:00 -------------------------------------------------------------------------------- Name : vyper Product : Fedora 41 Version : 0.4.1 Release : 4.fc41 URL : https://vyperlang.org Summary : Pythonic Smart Contract Language for the EVM Description : Pythonic Smart Contract Language for the EVM. -------------------------------------------------------------------------------- Update Information: A few fixes -------------------------------------------------------------------------------- ChangeLog: * Fri May 16 2025 Peter Lemenkov - 0.4.1-4 - Address two issues * Thu Apr 24 2025 Romain Geissler - 0.4.1-3 - Relax asttokens version dependency. * Mon Mar 31 2025 Peter Lemenkov - 0.4.1-2 - F41+: Use the provisional declarative buildsystem -------------------------------------------------------------------------------- References: [ 1 ] Bug #2366718 - CVE-2025-47774 vyper: Vyper: Slice Length Zero Side-Effect Elision [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2366718 [ 2 ] Bug #2366719 - CVE-2025-47774 vyper: Vyper: Slice Length Zero Side-Effect Elision [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2366719 [ 3 ] Bug #2366742 - CVE-2025-47285 vyper: Vyper: Zero-Length Bytestring Side-Effect Skipping [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2366742 [ 4 ] Bug #2366743 - CVE-2025-47285 vyper: Vyper: Zero-Length Bytestring Side-Effect Skipping [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2366743 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-510a78f439' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . The latest Fedora 41 upgrade for vyper brings numerous critical improvements and modifications aimed at boosting efficiency.. Fedora Update, Vyper Language, Security Improvements, Update Notification. . LinuxSecurity.com Team

Calendar%202 May 25, 2025 Fedora
100

SUSE: 2025:0011-1 moderate: Manager Client Tools security advisory

* bsc#1229079 * bsc#1229104 * bsc#1231497 * bsc#1231568 * bsc#1231759 . # Security update for SUSE Manager Client Tools Announcement ID: SUSE-SU-202501:15288-1 Release Date: 2025-02-14T07:19:41Z Rating: moderate References: * bsc#1229079 * bsc#1229104 * bsc#1231497 * bsc#1231568 * bsc#1231759 * bsc#1232575 * bsc#1232769 * bsc#1232817 * bsc#1233202 * bsc#1233279 * bsc#1233630 * bsc#1233660 * bsc#1234123 * jsc#MSQA-914 Cross-References: * CVE-2024-22037 CVSS scores: * CVE-2024-22037 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:L * CVE-2024-22037 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-22037 ( NVD ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-22037 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Manager Client Tools for Ubuntu 24.04 2404 An update that solves one vulnerability, contains one feature and has 12 security fixes can now be installed. ## Description: This update fixes the following issues: spacecmd was updated to version 5.0.11-0: * Updated translation strings uyuni-tools was updated from version 0.1.23-0 to 0.1.27-0: * Security issues fixed: * CVE-2024-22037: Use podman secret to store the database credentials (bsc#1231497) * Other changes and bugs fixed: * Version 0.1.27-0 * Bump the default image tag to 5.0.3 * IsInstalled function fix * Run systemctl daemon-reload after changing the container image config (bsc#1233279) * Coco-replicas-upgrade * Persist search server indexes (bsc#1231759) * Sync deletes files during migration (bsc#1233660) * Ignore coco and hub images when applying PTF if they are not ailable (bsc#1229079) * Add --registry back to mgrpxy (bsc#1233202) * Only add java.hostname on migrated server if notpresent * Consider the configuration file to detect the coco or hub api images should be pulled (bsc#1229104) * Only raise an error if cloudguestregistryauth fails for PAYG (bsc#1233630) * Add registry.suse.com login to mgradm upgrade podman list (bsc#1234123) * Version 0.1.26-0 * Ignore all zypper caches during migration (bsc#1232769) * Use the uyuni network for all podman containers (bsc#1232817) * Version 0.1.25-0 * Don't migrate enabled systemd services, recreate them (bsc#1232575) * Version 0.1.24-0 * Redact JSESSIONID and pxt-session-cookie values from logs and console output (bsc#1231568) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for Ubuntu 24.04 2404 zypper in -t patch suse-ubu244ct-client-tools-202501-15288=1 ## Package List: * SUSE Manager Client Tools for Ubuntu 24.04 2404 (all) * mgrctl-bash-completion-0.1.28-2.6.2 * mgrctl-fish-completion-0.1.28-2.6.2 * spacecmd-5.0.11-2.6.1 * mgrctl-zsh-completion-0.1.28-2.6.2 * SUSE Manager Client Tools for Ubuntu 24.04 2404 (amd64) * mgrctl-0.1.28-2.6.2 ## References: * https://www.suse.com/security/cve/CVE-2024-22037.html * https://bugzilla.suse.com/show_bug.cgi?id=1229079 * https://bugzilla.suse.com/show_bug.cgi?id=1229104 * https://bugzilla.suse.com/show_bug.cgi?id=1231497 * https://bugzilla.suse.com/show_bug.cgi?id=1231568 * https://bugzilla.suse.com/show_bug.cgi?id=1231759 * https://bugzilla.suse.com/show_bug.cgi?id=1232575 * https://bugzilla.suse.com/show_bug.cgi?id=1232769 * https://bugzilla.suse.com/show_bug.cgi?id=1232817 * https://bugzilla.suse.com/show_bug.cgi?id=1233202 * https://bugzilla.suse.com/show_bug.cgi?id=1233279 * https://bugzilla.suse.com/show_bug.cgi?id=1233630 * https://bugzilla.suse.com/show_bug.cgi?id=1233660 *https://bugzilla.suse.com/show_bug.cgi?id=1234123 * https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FMSQA-914&page_caps=&user_role= . SUSE Manager Client Tools security bulletin issued, addressing a fix for a specific vulnerability revealed on March 10, 2026.. SUSE Manager Update, Client Tools Security, Linux Patch Management, SUSE Security Advisory. . LinuxSecurity.com Team

Calendar%202 Feb 14, 2025 SuSE
217

Oracle Linux 8 ELSA-2024-8838 Moderate: python3.11 Security Advisory

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-8838 http://linux.oracle.com/errata/ELSA-2024-8838.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: python3.11-3.11.10-1.0.1.el8_10.x86_64.rpm python3.11-3.11.10-1.0.1.el8_10.i686.rpm python3.11-devel-3.11.10-1.0.1.el8_10.i686.rpm python3.11-devel-3.11.10-1.0.1.el8_10.x86_64.rpm python3.11-libs-3.11.10-1.0.1.el8_10.i686.rpm python3.11-libs-3.11.10-1.0.1.el8_10.x86_64.rpm python3.11-rpm-macros-3.11.10-1.0.1.el8_10.noarch.rpm python3.11-tkinter-3.11.10-1.0.1.el8_10.x86_64.rpm python3.11-debug-3.11.10-1.0.1.el8_10.i686.rpm python3.11-debug-3.11.10-1.0.1.el8_10.x86_64.rpm python3.11-idle-3.11.10-1.0.1.el8_10.i686.rpm python3.11-idle-3.11.10-1.0.1.el8_10.x86_64.rpm python3.11-test-3.11.10-1.0.1.el8_10.i686.rpm python3.11-test-3.11.10-1.0.1.el8_10.x86_64.rpm python3.11-tkinter-3.11.10-1.0.1.el8_10.i686.rpm aarch64: python3.11-3.11.10-1.0.1.el8_10.aarch64.rpm python3.11-devel-3.11.10-1.0.1.el8_10.aarch64.rpm python3.11-libs-3.11.10-1.0.1.el8_10.aarch64.rpm python3.11-rpm-macros-3.11.10-1.0.1.el8_10.noarch.rpm python3.11-tkinter-3.11.10-1.0.1.el8_10.aarch64.rpm python3.11-debug-3.11.10-1.0.1.el8_10.aarch64.rpm python3.11-idle-3.11.10-1.0.1.el8_10.aarch64.rpm python3.11-test-3.11.10-1.0.1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//python3.11-3.11.10-1.0.1.el8_10.src.rpm Related CVEs: CVE-2024-6232 Description of changes: [3.11.10-1.0.1] - Update rpm-macros description [Orabug: 36024572] [3.11.10-1] - Update to 3.11.10 Resolves: RHEL-57400 _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux ELSA-2024-8839 releases addressing moderate-risk vulnerabilities in python have now been issued on the Unbreakable Linux Network.. Oracle Linux Security, Python Updates, RPMModifications, ELSA Advisories, Linux Security Release. . LinuxSecurity.com Team

Calendar%202 Nov 08, 2024 Oracle
100

SUSE: 2024:2862-1 Important: Bind Denial of Service Advisory

* bsc#1228256 * bsc#1228257 * bsc#1228258 Cross-References: . # Security update for bind Announcement ID: SUSE-SU-2024:2862-1 Rating: important References: * bsc#1228256 * bsc#1228257 * bsc#1228258 Cross-References: * CVE-2024-1737 * CVE-2024-1975 * CVE-2024-4076 CVSS scores: * CVE-2024-1737 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-1975 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-4076 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for bind fixes the following issues: Update to 9.16.50: * Bug Fixes: * A regression in cache-cleaning code enabled memory use to grow significantly more quickly than before, until the configured max-cache-size limit was reached. This has been fixed. * Using rndc flush inadvertently caused cache cleaning to become less effective. This could ultimately lead to the configured max-cache-size limit being exceeded and has now been fixed. * The logic for cleaning up expired cached DNS records was tweaked to be more aggressive. This change helps with enforcing max-cache-ttl and max-ncache- ttl in a timely manner. * It was possible to trigger a use-after-free assertion when the overmem cache cleaning was initiated. This has been fixed. New Features: * Added RESOLVER.ARPA to the built in empty zones. * Security Fixes: * It is possible to craft excessively large numbers of resource record types for a given owner name, which has the effect of slowingdown database processing. This has been addressed by adding a configurable limit to the number of records that can be stored per name and type in a cache or zone database. The default is 100, which can be tuned with the new max-types-per- name option. (CVE-2024-1737, bsc#1228256) * Validating DNS messages signed using the SIG(0) protocol (RFC 2931) could cause excessive CPU load, leading to a denial-of-service condition. Support for SIG(0) message validation was removed from this version of named. (CVE-2024-1975, bsc#1228257) * When looking up the NS records of parent zones as part of looking up DS records, it was possible for named to trigger an assertion failure if serve- stale was enabled. This has been fixed. (CVE-2024-4076, bsc#1228258) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-2862=1 openSUSE-SLE-15.5-2024-2862=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-2862=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-2862=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2024-2862=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * bind-debuginfo-9.16.50-150500.8.21.1 * bind-debugsource-9.16.50-150500.8.21.1 * bind-utils-9.16.50-150500.8.21.1 * bind-9.16.50-150500.8.21.1 * bind-utils-debuginfo-9.16.50-150500.8.21.1 * openSUSE Leap 15.5 (noarch) * bind-doc-9.16.50-150500.8.21.1 * python3-bind-9.16.50-150500.8.21.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * bind-utils-9.16.50-150500.8.21.1 * bind-utils-debuginfo-9.16.50-150500.8.21.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * python3-bind-9.16.50-150500.8.21.1 * SUSE Linux Enterprise Micro 5.5 (x86_64) * bind-debugsource-9.16.50-150500.8.21.1 * bind-debuginfo-9.16.50-150500.8.21.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * bind-debugsource-9.16.50-150500.8.21.1 * bind-utils-9.16.50-150500.8.21.1 * bind-utils-debuginfo-9.16.50-150500.8.21.1 * bind-debuginfo-9.16.50-150500.8.21.1 * Basesystem Module 15-SP5 (noarch) * python3-bind-9.16.50-150500.8.21.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * bind-debugsource-9.16.50-150500.8.21.1 * bind-9.16.50-150500.8.21.1 * bind-debuginfo-9.16.50-150500.8.21.1 * Server Applications Module 15-SP5 (noarch) * bind-doc-9.16.50-150500.8.21.1 ## References: * https://www.suse.com/security/cve/CVE-2024-1737.html * https://www.suse.com/security/cve/CVE-2024-1975.html * https://www.suse.com/security/cve/CVE-2024-4076.html * https://bugzilla.suse.com/show_bug.cgi?id=1228256 * https://bugzilla.suse.com/show_bug.cgi?id=1228257 * https://bugzilla.suse.com/show_bug.cgi?id=1228258 . A critical safety notice outlining improvements to bind, encompassing resolutions for service interruption flaws.. SUSE Security Update, Bind Security Advisory, Denial of Service Fixes, Software Security Updates. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Aug 09, 2024 Important SuSE
217

Oracle Linux 7 ELSA-2024-12408 Important: EDK2 Security Fixes Released

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-12408 http://linux.oracle.com/errata/ELSA-2024-12408.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: aarch64: AAVMF-1.7.0-5.el7.noarch.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates//edk2-1.7.0-5.el7.src.rpm Related CVEs: CVE-2023-45229 CVE-2023-45230 CVE-2023-45231 CVE-2023-45232 CVE-2023-45233 CVE-2023-45234 CVE-2023-45235 CVE-2022-36763 CVE-2022-36764 CVE-2022-36765 Description of changes: * Tue Feb 27 2024 Aaron Young - Create new 1.7.0 release for OL7 which includes the following fixed CVEs: {CVE-2023-45229} {CVE-2023-45230} {CVE-2023-45231} {CVE-2023-45232} {CVE-2023-45233} {CVE-2023-45234} {CVE-2023-45235} {CVE-2022-36763} {CVE-2022-36764} {CVE-2022-36765} - Update to OpenSSL 3.0.10 which includes the following fixed CVEs: {CVE-2023-2975} {CVE-2023-1255} {CVE-2023-0401} {CVE-2023-0217} {CVE-2023-0216} {CVE-2023-0215} {CVE-2022-4203} {CVE-2022-3996} {CVE-2022-3602} {CVE-2022-3786} {CVE-2022-3358} {CVE-2022-2274} {CVE-2022-1473} {CVE-2022-1434} {CVE-2022-1343} {CVE-2021-4044} {CVE-2021-23839} * Tue Aug 22 2023 Aaron Young - Create new 1.6.6.cvm release for OL7 * Mon Aug 21 2023 Aaron Young - Create new 1.6.6 release for OL7 which includes the following fixed CVEs: {CVE-2019-14560} - Update to OpenSSL 1.1.1v which includes the following fixed CVEs: {CVE-2023-3817} {CVE-2023-3446} {CVE-2023-2650} {CVE-2023-0465} {CVE-2023-0466} {CVE-2023-0464} {CVE-2023-0286} {CVE-2023-0215} {CVE-2022-4450} {CVE-2022-4304} {CVE-2022-2097} {CVE-2022-2068} {CVE-2022-1292} {CVE-2022-0778} {CVE-2021-4160} {CVE-2021-3712} {CVE-2021-3711} {CVE-2021-3450} {CVE-2021-3449} {CVE-2021-23841} {CVE-2021-23840} {CVE-2020-1971} {CVE-2020-1967} {CVE-2019-1551} {CVE-2019-1563} {CVE-2019-1549} {CVE-2019-1547} {CVE-2019-1552} {CVE-2019-1543} {CVE-2018-0734} {CVE-2018-0735} * Tue Jun 13 2023 Aaron Young - Createnew 1.6.5.cvm release for OL7 * Mon Feb 27 2023 Aaron Young - Create new 1.6.4.cvm release for OL7 which includes the following fixed CVEs: {CVE-2021-38578} * Tue Jun 28 2022 Aaron Young - Create new 1.6.3 release for OL7 * Wed Jun 01 2022 Aaron Young - Create new 1.6.2 release for OL7 * Wed May 11 2022 Aaron Young - Create new 1.6.1 release for OL7 * Wed Apr 06 2022 Aaron Young - Create new 1.6.0 release for OL7 which includes the following fixed CVEs: {CVE-2022-0778} * Tue Nov 23 2021 Aaron Young - Create new 1.5.1 release for OL7 * Wed Jun 16 2021 Aaron Young - Create new 1.5.0 release for OL7 which includes the following fixed CVEs: {CVE-2021-23840} {CVE-2021-23841} {CVE-2021-38575} * Thu Feb 18 2021 Aaron Young - Create new 1.4.3 release for OL7 * Wed Jan 20 2021 Aaron Young - Create new 1.4.2 release for OL7 * Thu Dec 03 2020 Aaron Young - Create new 1.4.1 release for OL7 * Wed Nov 18 2020 Aaron Young - Create new 1.4.0 release for OL7 which includes the following fixed CVEs: {CVE-2019-14584} {CVE-2019-14562} {CVE-2019-11098} {CVE-2019-14559} {CVE-2019-14575} {CVE-2019-14559} {CVE-2019-14587} {CVE-2019-14558} {CVE-2019-14586} {CVE-2019-14563} * Sat Oct 10 2020 Aaron Young - Create new 1.3.4 release for OL7 * Wed Oct 07 2020 Aaron Young - Create new 1.3.3 release for OL7 * Fri Jul 31 2020 Aaron Young - Create new 1.3.2 release for OL7 * Fri May 01 2020 Aaron Young - Create new 1.3.1 release for OL7 * Wed Feb 05 2020 Aaron Young - Create new 1.3 release for OL7 which includes the following fixed CVEs: {CVE-2018-12182} {CVE-2019-13224} {CVE-2019-13225} {CVE-2019-14553} * Fri May 17 2019 Aaron Young - Create new 1.2 release for OL7 which includes the following fixed CVEs: {CVE-2017-5715} {CVE-2017-5731} {CVE-2017-5732} {CVE-2017-5733} {CVE-2017-5734} {CVE-2017-5735} {CVE-2017-5753} {CVE-2018-12178} {CVE-2018-12180} {CVE-2018-12181} {CVE-2018-3630} _______________________________________________ El-errata mailinglist This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux 7 enhancements feature edk2 security patches and critical upgrades tackling multiple security issues.. Oracle Linux Updates, ELSA-2024-12408, edk2 Security Fixes. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 05, 2024 Important Oracle
217

Oracle Linux 8 ELSA-2024-3259 Important: Golang Security Fixes

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-3259 http://linux.oracle.com/errata/ELSA-2024-3259.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: delve-1.21.2-3.0.1.module+el8.10.0+90307+cdf2b281.x86_64.rpm golang-1.21.9-1.module+el8.10.0+90336+233c4160.x86_64.rpm golang-bin-1.21.9-1.module+el8.10.0+90336+233c4160.x86_64.rpm golang-docs-1.21.9-1.module+el8.10.0+90336+233c4160.noarch.rpm golang-misc-1.21.9-1.module+el8.10.0+90336+233c4160.noarch.rpm golang-src-1.21.9-1.module+el8.10.0+90336+233c4160.noarch.rpm golang-tests-1.21.9-1.module+el8.10.0+90336+233c4160.noarch.rpm go-toolset-1.21.9-1.module+el8.10.0+90336+233c4160.x86_64.rpm aarch64: delve-1.21.2-3.0.1.module+el8.10.0+90307+cdf2b281.aarch64.rpm golang-1.21.9-1.module+el8.10.0+90336+233c4160.aarch64.rpm golang-bin-1.21.9-1.module+el8.10.0+90336+233c4160.aarch64.rpm golang-docs-1.21.9-1.module+el8.10.0+90336+233c4160.noarch.rpm golang-misc-1.21.9-1.module+el8.10.0+90336+233c4160.noarch.rpm golang-src-1.21.9-1.module+el8.10.0+90336+233c4160.noarch.rpm golang-tests-1.21.9-1.module+el8.10.0+90336+233c4160.noarch.rpm go-toolset-1.21.9-1.module+el8.10.0+90336+233c4160.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//delve-1.21.2-3.0.1.module+el8.10.0+90307+cdf2b281.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//golang-1.21.9-1.module+el8.10.0+90336+233c4160.src.rpm http://oss.oracle.com/ol8/SRPMS-updates//go-toolset-1.21.9-1.module+el8.10.0+90336+233c4160.src.rpm Related CVEs: CVE-2023-45288 CVE-2023-45289 CVE-2023-45290 CVE-2024-24783 CVE-2024-24784 CVE-2024-24785 Description of changes: delve golang [1.21.9-1] - Fix CVE-2023-45288 - Resolves: RHEL-31915 go-toolset [1.21.9-1] - Fix CVE-2023-45288 - Resolves: RHEL-31915 _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . OracleLinux Security Notification ELSA-2024-3286 highlights significant enhancements for Python and python-toolset resolving vulnerabilities.. Oracle Linux, Software Updates, Golang Tools, Security Fixes, Important Advisory. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 03, 2024 Important Oracle
89

Fedora 39: 2024-40ee18b2e7 Moderate: Rust-sevctl Denial of Service

This update contains builds from a mini-mass-rebuild for Rust applications (and some C-style libraries). Rebuilding with the Rust 1.78 toolchain should fix incomplete debug information for the Rust standard library (and the resulting low-quality stack traces). Additionally, builds will have picked up fixes for some minor low-priority. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-40ee18b2e7 2024-06-02 03:36:56.060441 -------------------------------------------------------------------------------- Name : rust-sevctl Product : Fedora 39 Version : 0.4.3 Release : 4.fc39 URL : Summary : Administrative utility for AMD SEV Description : Administrative utility for AMD SEV. -------------------------------------------------------------------------------- Update Information: This update contains builds from a mini-mass-rebuild for Rust applications (and some C-style libraries). Rebuilding with the Rust 1.78 toolchain should fix incomplete debug information for the Rust standard library (and the resulting low-quality stack traces). Additionally, builds will have picked up fixes for some minor low-priority security and / or safety fixes in crate dependencies that had not yet been handled via a separate (targeted) rebuild: h2 v0.3.26+ (denial-of-service): https://rustsec.org/advisories/RUSTSEC-2024-0332.html glib v0.19.4+ and backports (UB): core/pull/1343 hashbrown v0.14.5+ (UB): https://github.com/rust-lang/hashbrown/pull/511 rustls v0.22.4+, v0.21.11+ (denial-of-service): https://rustsec.org/advisories/RUSTSEC-2024-0336.html -------------------------------------------------------------------------------- ChangeLog: * Thu May 23 2024 Fabio Valentini - 0.4.3-4 - Rebuild with Rust 1.78 to fix incomplete debuginfo and backtraces. * Sat Jan 27 2024 Fedora Release Engineering - 0.4.3-3 - Rebuilt forhttps://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-40ee18b2e7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Delve into the security advisory issued by Fedora concerning rust-sevctl, which outlines the latest patches and resolutions for minor vulnerabilities after a recent rebuild.. Fedora Security,Rust Update,Administrative Utility,Denial of Service,Software Fixes. . LinuxSecurity.com Team

Calendar%202 Jun 02, 2024 Fedora
217

Oracle Linux 9 ELSA-2024-0249 critical Java security fix for CVE-2024-20918

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-0249 https://linux.oracle.com/errata/ELSA-2024-0249.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable LinuxNetwork: x86_64: java-21-openjdk-21.0.2.0.13-1.0.1.el9.x86_64.rpm java-21-openjdk-demo-21.0.2.0.13-1.0.1.el9.x86_64.rpm java-21-openjdk-devel-21.0.2.0.13-1.0.1.el9.x86_64.rpm java-21-openjdk-headless-21.0.2.0.13-1.0.1.el9.x86_64.rpm java-21-openjdk-javadoc-21.0.2.0.13-1.0.1.el9.x86_64.rpm java-21-openjdk-javadoc-zip-21.0.2.0.13-1.0.1.el9.x86_64.rpm java-21-openjdk-jmods-21.0.2.0.13-1.0.1.el9.x86_64.rpm java-21-openjdk-src-21.0.2.0.13-1.0.1.el9.x86_64.rpm java-21-openjdk-static-libs-21.0.2.0.13-1.0.1.el9.x86_64.rpm java-21-openjdk-demo-fastdebug-21.0.2.0.13-1.0.1.el9.x86_64.rpm java-21-openjdk-demo-slowdebug-21.0.2.0.13-1.0.1.el9.x86_64.rpm java-21-openjdk-devel-fastdebug-21.0.2.0.13-1.0.1.el9.x86_64.rpm java-21-openjdk-devel-slowdebug-21.0.2.0.13-1.0.1.el9.x86_64.rpm java-21-openjdk-fastdebug-21.0.2.0.13-1.0.1.el9.x86_64.rpm java-21-openjdk-headless-fastdebug-21.0.2.0.13-1.0.1.el9.x86_64.rpm java-21-openjdk-headless-slowdebug-21.0.2.0.13-1.0.1.el9.x86_64.rpm java-21-openjdk-jmods-fastdebug-21.0.2.0.13-1.0.1.el9.x86_64.rpm java-21-openjdk-jmods-slowdebug-21.0.2.0.13-1.0.1.el9.x86_64.rpm java-21-openjdk-slowdebug-21.0.2.0.13-1.0.1.el9.x86_64.rpm java-21-openjdk-src-fastdebug-21.0.2.0.13-1.0.1.el9.x86_64.rpm java-21-openjdk-src-slowdebug-21.0.2.0.13-1.0.1.el9.x86_64.rpm java-21-openjdk-static-libs-fastdebug-21.0.2.0.13-1.0.1.el9.x86_64.rpm java-21-openjdk-static-libs-slowdebug-21.0.2.0.13-1.0.1.el9.x86_64.rpm aarch64: java-21-openjdk-21.0.2.0.13-1.0.1.el9.aarch64.rpm java-21-openjdk-demo-21.0.2.0.13-1.0.1.el9.aarch64.rpm java-21-openjdk-devel-21.0.2.0.13-1.0.1.el9.aarch64.rpm java-21-openjdk-headless-21.0.2.0.13-1.0.1.el9.aarch64.rpm java-21-openjdk-javadoc-21.0.2.0.13-1.0.1.el9.aarch64.rpm java-21-openjdk-javadoc-zip-21.0.2.0.13-1.0.1.el9.aarch64.rpm java-21-openjdk-jmods-21.0.2.0.13-1.0.1.el9.aarch64.rpm java-21-openjdk-src-21.0.2.0.13-1.0.1.el9.aarch64.rpm java-21-openjdk-static-libs-21.0.2.0.13-1.0.1.el9.aarch64.rpm java-21-openjdk-demo-fastdebug-21.0.2.0.13-1.0.1.el9.aarch64.rpm java-21-openjdk-demo-slowdebug-21.0.2.0.13-1.0.1.el9.aarch64.rpm java-21-openjdk-devel-fastdebug-21.0.2.0.13-1.0.1.el9.aarch64.rpm java-21-openjdk-devel-slowdebug-21.0.2.0.13-1.0.1.el9.aarch64.rpm java-21-openjdk-fastdebug-21.0.2.0.13-1.0.1.el9.aarch64.rpm java-21-openjdk-headless-fastdebug-21.0.2.0.13-1.0.1.el9.aarch64.rpm java-21-openjdk-headless-slowdebug-21.0.2.0.13-1.0.1.el9.aarch64.rpm java-21-openjdk-jmods-fastdebug-21.0.2.0.13-1.0.1.el9.aarch64.rpm java-21-openjdk-jmods-slowdebug-21.0.2.0.13-1.0.1.el9.aarch64.rpm java-21-openjdk-slowdebug-21.0.2.0.13-1.0.1.el9.aarch64.rpm java-21-openjdk-src-fastdebug-21.0.2.0.13-1.0.1.el9.aarch64.rpm java-21-openjdk-src-slowdebug-21.0.2.0.13-1.0.1.el9.aarch64.rpm java-21-openjdk-static-libs-fastdebug-21.0.2.0.13-1.0.1.el9.aarch64.rpm java-21-openjdk-static-libs-slowdebug-21.0.2.0.13-1.0.1.el9.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol9/SRPMS-updates//java-21-openjdk-21.0.2.0.13-1.0.1.el9.src.rpm Related CVEs: CVE-2024-20918 CVE-2024-20919 CVE-2024-20921 CVE-2024-20945 CVE-2024-20952 Description of changes: [1:21.0.2.0.13-1.0.1] - Add Oracle vendor bug URL [1:21.0.2.0.13-1] - Rebase to 21.0.2.0.13 _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . An essential update for Oracle Linux 9 Java components resolves significant security vulnerabilities. Explore its impacts and remediation strategies.. Java Update, Oracle Linux, Critical Fixes, Security Update. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jan 23, 2024 Critical Oracle
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200