Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
100
security advisoryimportantsuseSUSE: 2022:590-2 Important Security Fix for Virt-Manager Released
The container suse/sles/15.4/virt-controller was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sles/15.4/virt-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:590-1 Container Tags : suse/sles/15.4/virt-controller:0.49.0 , suse/sles/15.4/virt-controller:0.49.0-150400.1.25 , suse/sles/15.4/virt-controller:0.49.0.12.2.235 Container Release : 12.2.235 Severity : important Type : security References : 1179416 1180125 1181805 1183543 1183545 1183659 1185299 1187670 1188548 1190824 1193711 1194883 1194968 1196093 1197024 1197459 CVE-2018-25032 CVE-2021-20266 CVE-2021-20271 CVE-2021-3421 ----------------------------------------------------------------- The container suse/sles/15.4/virt-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2682-1 Released: Thu Aug 12 20:06:19 2021 Summary: Security update for rpm Type: security Severity: important References: 1179416,1181805,1183543,1183545,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421 This update for rpm fixes the following issues: - Changed default package verification level to 'none' to be compatible to rpm-4.14.1 - Made illegal obsoletes a warning - Fixed a potential access of freed mem in ndb's glue code (bsc#1179416) - Added support for enforcing signature policy and payload verification step to transactions (jsc#SLE-17817) - Added :humansi and :hmaniec query formatters for human readable output - Added query selectors for whatobsoletes and whatconflicts - Added support for sorting caret higher than base version - rpm does no longer require the signature header to be in a contiguous region when signing (bsc#1181805) Security fixes: - CVE-2021-3421: A flaw was found in the RPM package in the readfunctionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity (bsc#1183543) - CVE-2021-20271: A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability (bsc#1183545) - CVE-2021-20266: A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3445-1 Released: Fri Oct 15 09:03:39 2021 Summary: Security update for rpm Type: security Severity: important References: 1183659,1185299,1187670,1188548 This update for rpm fixes the following issues: Security issues fixed: - PGP hardening changes (bsc#1185299) Maintaince issues fixed: - Fixed zstd detection (bsc#1187670) - Added ndb rofs support (bsc#1188548) - Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:96-1 Released: Tue Jan 18 05:14:44 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1190824,1193711 This update for rpm fixes the following issues: - Fix header check so that old rpms no longer get rejected (bsc#1190824) - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID:SUSE-RU-2022:520-1 Released: Fri Feb 18 12:45:19 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1194968 This update for rpm fixes the following issues: - Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library The following package changes have been done: - libssh-config-0.9.6-150400.1.2 updated - libzstd1-1.5.0-150400.1.56 updated - libuuid1-2.37.2-150400.6.10 updated -libsmartcols1-2.37.2-150400.6.10 updated - libsepol1-3.1-150400.1.52 updated - libeconf0-0.4.4+git20220104.962774f-150400.1.24 updated - libcom_err2-1.46.4-150400.1.64 updated - libbz2-1-1.0.8-150400.1.101 updated - libblkid1-2.37.2-150400.6.10 updated - libaudit1-3.0.6-150400.1.33 updated - libgcrypt20-1.9.4-150400.3.1 updated - libgcrypt20-hmac-1.9.4-150400.3.1 updated - libfdisk1-2.37.2-150400.6.10 updated - libz1-1.2.11-150000.3.30.1 updated - libopenssl1_1-1.1.1l-150400.4.5 updated - libopenssl1_1-hmac-1.1.1l-150400.4.5 updated - libelf1-0.185-150400.3.20 updated - libselinux1-3.1-150400.1.52 updated - libsystemd0-249.11-150400.4.5 updated - libreadline7-7.0-150400.25.8 updated - libdw1-0.185-150400.3.20 updated - libsemanage1-3.1-150400.1.49 updated - libmount1-2.37.2-150400.6.10 updated - krb5-1.19.2-150400.1.6 updated - bash-4.4-150400.25.8 updated - bash-sh-4.4-150400.25.8 updated - libssh4-0.9.6-150400.1.2 updated - login_defs-4.8.1-150400.8.40 updated - cpio-2.13-150400.1.82 updated - sles-release-15.4-150400.49.5 updated - rpm-config-SUSE-1-150400.12.23 updated - permissions-20201225-150400.2.1 updated - rpm-ndb-4.14.3-150300.46.1 updated - pam-1.3.0-150000.6.55.3 updated - shadow-4.8.1-150400.8.40 updated - sysuser-shadow-3.1-150400.1.17 updated - system-group-hardware-20170617-150400.22.15 updated - util-linux-2.37.2-150400.6.10 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - kubevirt-virt-controller-0.49.0-150400.1.25 updated - container:sles15-image-15.0.0-25.2.50 updated . SUSE Container refresh for suse/sles/15.4/virt-admin brings vital security updates aimed at safeguarding key software stability.. SUSE Container Update, Important Security Patches, Software Integrity, Virt-Controller, Container Advisory. . Severity: Important. LinuxSecurity.com Team
Apr 13, 2022
•Important
SuSE
100
security advisorymoderate severitySUSESUSE Linux 15-SP3: SUSE-SU-2022:0942-1 Moderate: Unicode Handling Issue
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0942-1 Rating: moderate References: #1186819 Cross-References: CVE-2021-3572 CVSS scores: CVE-2021-3572 (SUSE): 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python3 fixes the following issues: - CVE-2021-3572: Fixed an improper handling of unicode characters in pip (bsc#1186819). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-942=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-942=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): python3-core-debugsource-3.6.15-150300.10.21.1 python3-tools-3.6.15-150300.10.21.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390xx86_64): libpython3_6m1_0-3.6.15-150300.10.21.1 libpython3_6m1_0-debuginfo-3.6.15-150300.10.21.1 python3-3.6.15-150300.10.21.1 python3-base-3.6.15-150300.10.21.1 python3-base-debuginfo-3.6.15-150300.10.21.1 python3-core-debugsource-3.6.15-150300.10.21.1 python3-curses-3.6.15-150300.10.21.1 python3-curses-debuginfo-3.6.15-150300.10.21.1 python3-dbm-3.6.15-150300.10.21.1 python3-dbm-debuginfo-3.6.15-150300.10.21.1 python3-debuginfo-3.6.15-150300.10.21.1 python3-debugsource-3.6.15-150300.10.21.1 python3-devel-3.6.15-150300.10.21.1 python3-devel-debuginfo-3.6.15-150300.10.21.1 python3-idle-3.6.15-150300.10.21.1 python3-tk-3.6.15-150300.10.21.1 python3-tk-debuginfo-3.6.15-150300.10.21.1 References: https://www.suse.com/security/cve/CVE-2021-3572.html https://bugzilla.suse.com/1186819 . SUSE enhances Python3 to address a moderate risk vulnerability related to unicode handling, reinforcing the security of the system.. SUSE Security Update, Python3 Patch, Software Integrity, Unicode Issue. . LinuxSecurity.com Team
Mar 24, 2022
SuSE
89
security advisoryupdateFedoraFedora 35: FEDORA-2021-3dd1b66cbf moderate: XSS Security Risk
https://www.mediawiki.org/wiki/Release_notes/1.36#MediaWiki_1.36.2. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-3dd1b66cbf 2021-10-29 22:48:33.389445 --------------------------------------------------------------------------------Name : mediawiki Product : Fedora 35 Version : 1.36.2 Release : 1.fc35 URL : https://www.mediawiki.org/wiki/MediaWiki Summary : A wiki engine Description : MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances under /usr/share/doc/mediawiki/README.RPM. Remember to remove the config dir after completing the configuration. --------------------------------------------------------------------------------Update Information: --------------------------------------------------------------------------------ChangeLog: * Mon Oct 4 2021 Michael Cronenworth - 1.36.2-1 - Update to 1.36.2 - --------------------------------------------------------------------------------References: [ 1 ] Bug #1975446 - mediawiki-1.36.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1975446 [ 2 ] Bug #1980309 - CVE-2021-35197 mediawiki: blocked users are able to purge pages impacting Integrity [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1980309 [ 3 ] Bug #1995203 - CVE-2021-31556 mediawiki: MWOAuthConsumerSubmitControl.php does not ensure that the length of an RSA key will fit in a MySQL blob [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1995203 [ 4 ] Bug #2010198 - CVE-2021-41798 mediawiki: Cross-site scripting (XSS) in Special:Search [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2010198 [ 5 ] Bug #2010199 - CVE-2021-41800 mediawiki: improperaccess restrictions in PoolCounter protection of Special:Contributions. [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2010199 [ 6 ] Bug #2010201 - CVE-2021-41799 mediawiki: ApiQueryBacklinks can cause a full table scan and as a result DoS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2010201 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-3dd1b66cbf' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Oct 29, 2021
Fedora
89
security advisorykernel updateFedoraFedora Kernel Update: Correct MD5 Sums For Software Assurance
This posting gives the correct md5 sums for the previous kernel update.. The recent kernel update announcement contained md5sums of the unsigned kernels. After they were signed, the RPMs changed, which made the md5sums useless. Here is the list of correct md5sums. Apologies, Dave 589a54fd2cced8d92a56ae20ed45c4d0 x86_64/kernel-2.6.6-1.435.2.3.x86_64.rpm 892d973313300866b055f2bd34555036 x86_64/kernel-smp-2.6.6-1.435.2.3.x86_64.rpm 14a7b5561856a412d264350590f6d442 x86_64/kernel-debuginfo-2.6.6-1.435.2.3.x86_64.rpm 25571b4f821532794d0370e10b33fade noarch/kernel-sourcecode-2.6.6-1.435.2.3.noarch.rpm 899f693bad1197005b8294825141a2f7 noarch/kernel-doc-2.6.6-1.435.2.3.noarch.rpm 1781389f2359206f59ef5410ccecd278 ppc/kernel-2.6.6-1.435.2.3.ppc.rpm 71a19f0e0ab1c3c8d8a4342c4ea0bd5e ppc/kernel-debuginfo-2.6.6-1.435.2.3.ppc.rpm e3d8299729b73d85e6c538248d04719c SRPMS/kernel-2.6.6-1.435.2.3.src.rpm fa099f202ec122e59c585a13516ee5dd i586/kernel-2.6.6-1.435.2.3.i586.rpm 7a6f7e7a4240f69aaef161f9965c50a1 i586/kernel-smp-2.6.6-1.435.2.3.i586.rpm 1d87ad4cbf5718a60205a1cc3917e8f2 i586/kernel-debuginfo-2.6.6-1.435.2.3.i586.rpm 8a5eb4d627036d2fa1b012a2277faa3e i686/kernel-2.6.6-1.435.2.3.i686.rpm 5de1c6ae7c1dbc28e259d0ef0ce98993 i686/kernel-smp-2.6.6-1.435.2.3.i686.rpm d5afac6cc9ca2b644a56b070731dd405 i686/kernel-debuginfo-2.6.6-1.435.2.3.i686.rpm . Corrected sha256 checksums for the newest kernel version are provided to ensure software integrity and security.. Kernel Update, MD5 Checksum, Software Integrity, Fedora Security. . Severity: Informational. LinuxSecurity.com Team
Jul 08, 2004
•Informational
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!