Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 29 articles for you...
89
security advisorysecurity issueFedoraFedora 42: workrave 2025-85867bd98f moderate: cross site scripting
Unretireing the package.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-85867bd98f 2025-04-17 18:59:47.310248+00:00 -------------------------------------------------------------------------------- Name : workrave Product : Fedora 42 Version : 1.11.0~rc.1 Release : 1.fc42 URL : https://workrave.org/ Summary : Program that assists in the recovery and prevention of RSI Description : Workrave is a program that assists in the recovery and prevention of Repetitive Strain Injury (RSI). The program frequently alerts you to take micro-pauses, rest breaks and restricts you to your daily limit. -------------------------------------------------------------------------------- Update Information: Unretireing the package. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 8 2025 Åukasz WojniÅowicz - 1.11.0~rc.1-1 - Unretirement import (fedora#2351398). -------------------------------------------------------------------------------- References: [ 1 ] Bug #2322802 - GNOME applet incompatible with GNOME 47 https://bugzilla.redhat.com/show_bug.cgi?id=2322802 [ 2 ] Bug #2328917 - CVE-2023-2142 workrave: Nunjucks autoescape bypass leads to cross site scripting [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2328917 [ 3 ] Bug #2328918 - CVE-2023-2142 workrave: Nunjucks autoescape bypass leads to cross site scripting [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2328918 [ 4 ] Bug #2351398 - Review Request: workrave - Program that assists in the recovery and prevention of RSI https://bugzilla.redhat.com/show_bug.cgi?id=2351398 [ 5 ] Bug #2358210 - F42FailsToInstall: workrave https://bugzilla.redhat.com/show_bug.cgi?id=2358210 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisoryFEDORA-2025-85867bd98f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Fedora 42 has released a vital update, bringing back the Workrave package and addressing significant security vulnerabilities with clear user instructions for updates.. workrave update, Fedora package management, software security fixes. . LinuxSecurity.com Team
Apr 17, 2025
Fedora
202
security advisorymoderatesecurity updateopenSUSE Tumbleweed: 2025:14852-1 moderate: firefox-esr security fix
An update that solves 10 vulnerabilities can now be installed.. # firefox-esr-128.8.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:14852-1 Rating: moderate Cross-References: * CVE-2024-43097 * CVE-2025-1930 * CVE-2025-1931 * CVE-2025-1932 * CVE-2025-1933 * CVE-2025-1934 * CVE-2025-1935 * CVE-2025-1936 * CVE-2025-1937 * CVE-2025-1938 CVSS scores: * CVE-2024-43097 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-43097 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-1930 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H * CVE-2025-1930 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-1931 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2025-1931 ( SUSE ): 7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-1932 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H * CVE-2025-1932 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-1933 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2025-1933 ( SUSE ): 7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-1934 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-1934 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-1935 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2025-1935 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-1936 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-1936 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-1937 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-1937 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-1938 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-1938 ( SUSE ): 8.6CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves 10 vulnerabilities can now be installed. ## Description: These are all security issues fixed in the firefox-esr-128.8.0-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * firefox-esr 128.8.0-1.1 * firefox-esr-branding-upstream 128.8.0-1.1 * firefox-esr-translations-common 128.8.0-1.1 * firefox-esr-translations-other 128.8.0-1.1 ## References: * https://www.suse.com/security/cve/CVE-2024-43097.html * https://www.suse.com/security/cve/CVE-2025-1930.html * https://www.suse.com/security/cve/CVE-2025-1931.html * https://www.suse.com/security/cve/CVE-2025-1932.html * https://www.suse.com/security/cve/CVE-2025-1933.html * https://www.suse.com/security/cve/CVE-2025-1934.html * https://www.suse.com/security/cve/CVE-2025-1935.html * https://www.suse.com/security/cve/CVE-2025-1936.html * https://www.suse.com/security/cve/CVE-2025-1937.html * https://www.suse.com/security/cve/CVE-2025-1938.html . Delve into essential security enhancements for openSUSE Tumbleweed's firefox-esr that rectify various vulnerabilities. Ensure your safety!. openSUSE Security, Firefox ESR Update, Software Vulnerability Management. . LinuxSecurity.com Team
Mar 05, 2025
OpenSUSE
89
security advisoryFedoraupdate informationFedora 41: FEDORA-2025-e035838041 moderate: buku update to 4.9
Update to 4.9. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-e035838041 2025-02-03 01:17:34.730753+00:00 -------------------------------------------------------------------------------- Name : buku Product : Fedora 41 Version : 4.9 Release : 1.fc41 URL : https://github.com/jarun/Buku Summary : Powerful command-line bookmark manager Description : Buku is a powerful bookmark manager written in Python3 and SQLite3. Buku fetches the title of a bookmarked web page and stores it along with any additional comments and tags. You can use your favourite editor to compose and update bookmarks. With multiple search options, including regex and a deep scan mode (particularly for URLs), it can find any bookmark instantly. Multiple search results can be opened in the browser at once. -------------------------------------------------------------------------------- Update Information: Update to 4.9 -------------------------------------------------------------------------------- ChangeLog: * Sat Jan 25 2025 Robert-André Mauchin - 4.9-1 - Update to 4.9 * Thu Jan 16 2025 Fedora Release Engineering - 4.8-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2273856 - buku-4.9 is available https://bugzilla.redhat.com/show_bug.cgi?id=2273856 [ 2 ] Bug #2298673 - CVE-2024-6345 buku: pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2298673 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-e035838041' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Keep updated on the recent Debian security notice related to buku, including guidance for upgrades and in-depth explanations.. Fedora updates, buku security, command line bookmark management, software update, security notifications. . LinuxSecurity.com Team
Feb 03, 2025
Fedora
100
security advisorykernel patchimportantSUSE: 2025:0146-1 important: kernel live patch 13 for SLE 15 SP5
* bsc#1223363 * bsc#1223683 * bsc#1225011 * bsc#1225012 * bsc#1225013 . # Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP5) Announcement ID: SUSE-SU-2025:0146-1 Release Date: 2025-01-16T15:03:42Z Rating: important References: * bsc#1223363 * bsc#1223683 * bsc#1225011 * bsc#1225012 * bsc#1225013 * bsc#1225099 * bsc#1225309 * bsc#1225311 * bsc#1225312 * bsc#1225429 * bsc#1225733 * bsc#1225739 * bsc#1225819 * bsc#1226325 * bsc#1226327 * bsc#1227471 * bsc#1228573 * bsc#1228786 * bsc#1229273 * bsc#1229553 * bsc#1232637 * bsc#1233712 Cross-References: * CVE-2021-47517 * CVE-2021-47598 * CVE-2022-48956 * CVE-2023-52752 * CVE-2023-52846 * CVE-2024-26828 * CVE-2024-26923 * CVE-2024-27398 * CVE-2024-35861 * CVE-2024-35862 * CVE-2024-35863 * CVE-2024-35864 * CVE-2024-35867 * CVE-2024-35905 * CVE-2024-35949 * CVE-2024-36899 * CVE-2024-36904 * CVE-2024-36964 * CVE-2024-40954 * CVE-2024-41059 * CVE-2024-43861 * CVE-2024-50264 CVSS scores: * CVE-2021-47517 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H * CVE-2021-47598 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47598 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48956 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48956 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52846 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52846 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26828 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26828 ( NVD ): 6.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H * CVE-2024-26923 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27398 ( SUSE ): 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35861 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35862 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35863 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35863 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35864 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35867 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35867 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35905 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35905 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-35949 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36899 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36904 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-36964 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-40954 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-41059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-41059 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2024-43861 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-43861 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-50264 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H *CVE-2024-50264 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-50264 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 22 vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_55_62 fixes several issues. The following security issues were fixed: * CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-> trans (bsc#1233712). * CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1232637). * CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool (bsc#1225429). * CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225733). * CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229553). * CVE-2024-35905: Fixed int overflow for stack access size (bsc#1226327). * CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1227471). * CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1229273). * CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1225011). * CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225819). * CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1225311). * CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1225012). * CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1225309). * CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1225312). * CVE-2024-36899: gpiolib: cdev: Fix use after free inlineinfo_changed_notify (bsc#1231353). * CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225739). * CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) * CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228573). * CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1226325). * CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225099). * CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1225013). * CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223683). * CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223363). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2025-146=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2025-146=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_13-debugsource-8-150500.11.6.1 * kernel-livepatch-5_14_21-150500_55_62-default-debuginfo-8-150500.11.6.1 * kernel-livepatch-5_14_21-150500_55_62-default-8-150500.11.6.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_13-debugsource-8-150500.11.6.1 * kernel-livepatch-5_14_21-150500_55_62-default-debuginfo-8-150500.11.6.1 * kernel-livepatch-5_14_21-150500_55_62-default-8-150500.11.6.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47517.html * https://www.suse.com/security/cve/CVE-2021-47598.html * https://www.suse.com/security/cve/CVE-2022-48956.html * https://www.suse.com/security/cve/CVE-2023-52752.html *https://www.suse.com/security/cve/CVE-2023-52846.html * https://www.suse.com/security/cve/CVE-2024-26828.html * https://www.suse.com/security/cve/CVE-2024-26923.html * https://www.suse.com/security/cve/CVE-2024-27398.html * https://www.suse.com/security/cve/CVE-2024-35861.html * https://www.suse.com/security/cve/CVE-2024-35862.html * https://www.suse.com/security/cve/CVE-2024-35863.html * https://www.suse.com/security/cve/CVE-2024-35864.html * https://www.suse.com/security/cve/CVE-2024-35867.html * https://www.suse.com/security/cve/CVE-2024-35905.html * https://www.suse.com/security/cve/CVE-2024-35949.html * https://www.suse.com/security/cve/CVE-2024-36899.html * https://www.suse.com/security/cve/CVE-2024-36904.html * https://www.suse.com/security/cve/CVE-2024-36964.html * https://www.suse.com/security/cve/CVE-2024-40954.html * https://www.suse.com/security/cve/CVE-2024-41059.html * https://www.suse.com/security/cve/CVE-2024-43861.html * https://www.suse.com/security/cve/CVE-2024-50264.html * https://bugzilla.suse.com/show_bug.cgi?id=1223363 * https://bugzilla.suse.com/show_bug.cgi?id=1223683 * https://bugzilla.suse.com/show_bug.cgi?id=1225011 * https://bugzilla.suse.com/show_bug.cgi?id=1225012 * https://bugzilla.suse.com/show_bug.cgi?id=1225013 * https://bugzilla.suse.com/show_bug.cgi?id=1225099 * https://bugzilla.suse.com/show_bug.cgi?id=1225309 * https://bugzilla.suse.com/show_bug.cgi?id=1225311 * https://bugzilla.suse.com/show_bug.cgi?id=1225312 * https://bugzilla.suse.com/show_bug.cgi?id=1225429 * https://bugzilla.suse.com/show_bug.cgi?id=1225733 * https://bugzilla.suse.com/show_bug.cgi?id=1225739 * https://bugzilla.suse.com/show_bug.cgi?id=1225819 * https://bugzilla.suse.com/show_bug.cgi?id=1226325 * https://bugzilla.suse.com/show_bug.cgi?id=1226327 * https://bugzilla.suse.com/show_bug.cgi?id=1227471 * https://bugzilla.suse.com/show_bug.cgi?id=1228573 * https://bugzilla.suse.com/show_bug.cgi?id=1228786 *https://bugzilla.suse.com/show_bug.cgi?id=1229273 * https://bugzilla.suse.com/show_bug.cgi?id=1229553 * https://bugzilla.suse.com/show_bug.cgi?id=1232637 * https://bugzilla.suse.com/show_bug.cgi?id=1233712 . Updates to the Linux Kernel address multiple concerns while enhancing both reliability and safety in SUSE systems. Find installation instructions within.. SUSE Linux Patch, Kernel Live Update, System Security Management. . Severity: Important. LinuxSecurity.com Team
Jan 16, 2025
•Important
SuSE
89
security advisoryfedoracritical updateFedora 38: FEDORA-2024-94e0390e4e Critical Update for Mingw-Python3
Update to python3.11.8, backport fix for CVE-2023-27043.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-94e0390e4e 2024-02-25 01:24:47.525729 -------------------------------------------------------------------------------- Name : mingw-python3 Product : Fedora 38 Version : 3.11.8 Release : 1.fc38 URL : https://www.python.org/ Summary : MinGW Windows python3 Description : MinGW Windows python3 -------------------------------------------------------------------------------- Update Information: Update to python3.11.8, backport fix for CVE-2023-27043. -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 16 2024 Sandro Mani - 3.11.8-1 - Update to 3.11.8 - Backport patch for CVE-2023-27043 * Thu Jan 25 2024 Fedora Release Engineering - 3.11.6-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sun Jan 21 2024 Fedora Release Engineering - 3.11.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2196185 - CVE-2023-27043 mingw-python3: python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2196185 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-94e0390e4e' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Feb 25, 2024
•Critical
Fedora
89
security advisorybuffer overflowFedoraFedora 38: 2023-ae05c3bca8 Critical: OptiPNG Buffer Overflow Risk
Update to 0.7.8 Security fix for CVE-2023-43907. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-ae05c3bca8 2023-11-14 01:55:09.715323 -------------------------------------------------------------------------------- Name : optipng Product : Fedora 38 Version : 0.7.8 Release : 1.fc38 URL : Summary : PNG optimizer and converter Description : OptiPNG is a PNG optimizer that recompresses image files to a smaller size, without losing any information. This program also converts external formats (BMP, GIF, PNM and TIFF) to optimized PNG, and performs PNG integrity checks and corrections. -------------------------------------------------------------------------------- Update Information: Update to 0.7.8 Security fix for CVE-2023-43907 -------------------------------------------------------------------------------- ChangeLog: * Sun Nov 5 2023 Peter Hanecak - 0.7.8-1 - Update to 0.7.8 * Thu Jul 20 2023 Fedora Release Engineering - 0.7.7-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2242461 - CVE-2023-43907 optipng: global buffer overflow via the 'buffer' variable at gifread.c. [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2242461 [ 2 ] Bug #2247874 - optipng-0.7.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=2247874 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-ae05c3bca8' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Nov 14, 2023
•Critical
Fedora
89
security advisorydenial of serviceupdateFedora 38 RUSTSEC-2023-0053 Moderate: Rust-Rustls-Webpki Denial Of Service
Update to version 0.100.2. This includes a fix for RUSTSEC-2023-0053 (denial- of-service via crafted certificate chains).. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-7cb316a73b 2023-09-01 01:28:16.436431 -------------------------------------------------------------------------------- Name : rust-rustls-webpki Product : Fedora 38 Version : 0.100.2 Release : 1.fc38 URL : Summary : Web PKI X.509 Certificate Verification Description : Web PKI X.509 Certificate Verification. -------------------------------------------------------------------------------- Update Information: Update to version 0.100.2. This includes a fix for RUSTSEC-2023-0053 (denial- of-service via crafted certificate chains). -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 23 2023 Fabio Valentini - 0.100.2-1 - Update to version 0.100.2 * Fri Jul 21 2023 Fedora Release Engineering - 0.100.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-7cb316a73b' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Sep 01, 2023
•Important
Fedora
89
security advisoryfedoraupdate informationFedora 36: 2022-5038c3236c Moderate: Shellz Security Mitigations
Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- Update to latest commit as of 20220719 ---- Added Experimental: nebula clients can be configured. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-5038c3236c 2022-07-31 01:30:22.784813 --------------------------------------------------------------------------------Name : shellz Product : Fedora 36 Version : 1.5.0 Release : 8.fc36 URL : https://github.com/evilsocket/shellz Summary : Utility to tracking and controlling shells and tunnels Description : Shellz is a small utility to track and control your ssh, telnet, web and custom shells and tunnels. --------------------------------------------------------------------------------Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- Update to latest commit as of 20220719 ---- Added Experimental: nebula clients can be configured to act as relays for other nebula clients. Primarily useful when stubborn NATs make a direct tunnel impossible. (#678) Configuration option to report manually specified ip:ports to lighthouses. (#650) Windows arm64 build. (#638) punchy and most lighthouse config options now support hot reloading. (#649) Changed Build against go 1.18. (#656) Promoted routines config from experimental to supported feature. (#702) Dependencies updated. (#664) Fixed Packets destined for the same host that sent it will be returned on MacOS. This matches the default behavior of other operating systems. (#501) unsafe_route configuration will no longer crash onWindows. (#648) A few panics that were introduced in 1.5.x. (#657, #658, #675) Security You can set listen.send_recv_error to control the conditions in which recv_error messages are sent. Sending these messages can expose the fact that Nebula is running on a host, but it speeds up re-handshaking. (#670) Removed x509 config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ----fix package dir listing ---- resolve build issues and list new shell completion files ---- Release of stargz snapshotter v0.12.0. Please see the release note for details: https://github.com/containerd/stargz-snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric --------------------------------------------------------------------------------ChangeLog: * Tue Jul 19 2022 Maxwell G - 1.5.0-8 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jul 30, 2022
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!