Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
202
security advisorymoderateCactiopenSUSE Tumbleweed Cacti Moderate Security Issue CVE-2024-27355
An update that solves one vulnerability can now be installed.. # cacti-1.2.30+git457.e55c2aea-1.1 on GA media Announcement ID: openSUSE-SU-2026:10920-1 Rating: moderate Cross-References: * CVE-2024-27355 Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the cacti-1.2.30+git457.e55c2aea-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * cacti 1.2.30+git457.e55c2aea-1.1 ## References: * https://www.suse.com/security/cve/CVE-2024-27355.html . Install openSUSE Tumbleweed update for Cacti resolving moderate security issues and enhancing protection.. openSUSE Tumbleweed update, Cacti update, moderate security risk. . Severity: moderate. LinuxSecurity.com Team
Jun 05, 2026
•moderate
OpenSUSE
202
security advisorymoderatedenial of serviceopenSUSE Tumbleweed libngtcp2 Moderate Threat CVE-2026-40170 2026-10621-1
An update that solves one vulnerability can now be installed.. # libngtcp2-16-1.22.1-1.1 on GA media Announcement ID: openSUSE-SU-2026:10621-1 Rating: moderate Cross-References: * CVE-2026-40170 CVSS scores: * CVE-2026-40170 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-40170 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the libngtcp2-16-1.22.1-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * libngtcp2-16 1.22.1-1.1 * libngtcp2-16-32bit 1.22.0-2.1 * libngtcp2_crypto_gnutls-devel 1.22.1-1.1 * libngtcp2_crypto_gnutls8 1.22.1-1.1 * libngtcp2_crypto_gnutls8-32bit 1.22.0-2.1 * libngtcp2_crypto_ossl-devel 1.22.1-1.1 * libngtcp2_crypto_ossl0 1.22.1-1.1 * libngtcp2_crypto_ossl0-32bit 1.22.0-2.1 * ngtcp2-devel 1.22.1-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-40170.html . Update for openSUSE Tumbleweed addresses a moderate security issue in libngtcp2. Immediate action recommended for users.. openSUSE, libngtcp2, security issue, moderate threat, Tumbleweed solution. . LinuxSecurity.com Team
Apr 27, 2026
OpenSUSE
98
security advisorymoderatesecurity issuesRed Hat JBoss Enterprise Application Platform Moderate Security Advisory
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Enterprise Application Platform 7.3.10 security update Advisory ID: RHSA-2021:5154-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2021:5154 Issue date: 2021-12-15 CVE Names: CVE-2021-3629 CVE-2021-3642 CVE-2021-3717 CVE-2021-20289 CVE-2021-37714 CVE-2021-40690 ==================================================================== 1. Summary: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: This release of Red Hat JBoss Enterprise Application Platform 7.3.10 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.9, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.10 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * undertow: potential security issue in flow control over HTTP/2 may lead to DOS (CVE-2021-3629) * wildfly-elytron: possible timing attack in ScramServer (CVE-2021-3642) * wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users (CVE-2021-3717) * jsoup: Crafted input may cause the jsoup HTML and XML parser to getstuck (CVE-2021-37714) * xml-security: XPath Transform abuse allows for information disclosure (CVE-2021-40690) * resteasy: Error message exposes endpoint class information (CVE-2021-20289) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References sec 3. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1935927 - CVE-2021-20289 resteasy: Error message exposes endpoint class information 1977362 - CVE-2021-3629 undertow: potential security issue in flow control over HTTP/2 may lead to DOS 1981407 - CVE-2021-3642 wildfly-elytron: possible timing attack in ScramServer 1991305 - CVE-2021-3717 wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users1995259 - CVE-2021-37714 jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck 2011190 - CVE-2021-40690 xml-security: XPath Transform abuse allows for information disclosure 5. JIRA issues fixed (https://issues.redhat.com/): JBEAP-22314 - [GSS](7.3.z) Upgrade ironjacamar from 1.4.35.Final-redhat-00001 to 1.5.2.Final-redhat-00001 JBEAP-22332 - (7.3.z) Upgrade Elytron from 1.10.13.Final-redhat-00001 to 1.10.15.Final-redhat-00001 JBEAP-22343 - [GSS](7.3.z) Upgrade jboss-ejb-client from 4.0.39.SP1-redhat-00001 to 4.0.43.Final-redhat-00001 JBEAP-22363 - (7.3.z) Upgrade RESTEasy from 3.11.4.Final-redhat-00001 to 3.11.5.Final-redhat-00001 JBEAP-22490 - (7.3.z) Upgrade jakarta.el from 3.0.3.redhat-00006 to 3.0.3.redhat-00007 JBEAP-22501 - (7.3.z) Upgrade Apache CXF from 3.3.7 to 3.3.12 JBEAP-22523 - (7.3.z) Upgrade wss4j from 2.2.5.redhat-00001 to 2.2.7.redhat-00001 JBEAP-22734 - (7.3.z) Upgrade Ironjacamar from 1.5.2.Final-redhat-00001 to1.5.3.Final-redhat-00001 6. References: https://access.redhat.com/security/cve/CVE-2021-3629 https://access.redhat.com/security/cve/CVE-2021-3642 https://access.redhat.com/security/cve/CVE-2021-3717 https://access.redhat.com/security/cve/CVE-2021-20289 https://access.redhat.com/security/cve/CVE-2021-37714 https://access.redhat.com/security/cve/CVE-2021-40690 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=7.3 https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/ 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYbpUHdzjgjWX9erEAQhfmRAAgnyYoDwZE0CrcehOCnTe/GWMwtJyN8qh QLRw+d9C3FAat0/lqiuJFA1nURSi4lCsHp+adiFVOLkUZ4gT42ti5StPfFKmiOjR IyAoCGsvlRiFPPNNqKlIIheeIgfIHPKITs28OEHm/f5HVhgn5x4sTq7+jX86GE9c agflCxNWWZNooCvNJk/SpdSqXBsKqYDliNc2z/r5PbrqrrxDSvhFnsc1ykmgyZXR bDlffS3KoQbXUaadkc51rN+d2x7Ioj6Pc5MmCYQQI4DCmvDtQ/w1AwnDo2tss2bG pXU6gg7WGsZE+zU0gPuNTJNA8ZAwxAx/Jug0bssKDVJHt/TiYV0mY39zCmU76Myy JAcmOZHzVWCixxpQXWKNluYWuSPu1tygvW1v96QTMbST1aTLix0IHX9k/n9kCFmz 4+I4C+3RNEupInv9fZvGzZwmhyhkfA1Rt0QfEsRrK/uZJDCZaqMBCy/hQDiNnxpq 8lhv5dwnTs/p4/k5QJVRPRcYn3Y4gH/uVhXhZGon7D5LlViVjWYWz6YWRMtpFJmU iTXHxaVEXzQYb1DKRTP1Hvv5RPbrJclk5Lib8lRc8FO9S6le91yXVhChqSD4uofp xQTC+uZGE407pyojHZ1+nTob2M2ufzz94WXIN+M2uD+4X+C/ZRZfoMjF3q0ar75x GYFMrRcbe2c=SZPm -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Dec 15, 2021
Red Hat
100
security advisoryimportantsuseSUSE: 2021:2198-1 Important Security Update for Linux Kernel Live Patch
An update that solves 7 vulnerabilities and has one errata is now available. . SUSE Security Update: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2198-1 Rating: important References: #1183658 #1184710 #1184952 #1185796 #1185847 #1185856 #1185899 #1186285 Cross-References: CVE-2020-36322 CVE-2021-28660 CVE-2021-29154 CVE-2021-32399 CVE-2021-33034 CVE-2021-3489 CVE-2021-3490 CVSS scores: CVE-2020-36322 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-36322 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2021-28660 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28660 (SUSE): 8 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29154 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-29154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-32399 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-32399 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-33034 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33034 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2021-3489 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-3489 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3490 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-3490 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Live Patching15-SP3 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has one errata is now available. Description: This update for the Linux Kernel 5.3.18-57 fixes several issues. The following issues were fixed: - CVE-2021-3489: Fixed an issue where the eBPF RINGBUF bpf_ringbuf_reserve did not check that the allocated size was smaller than the ringbuf size (bsc#1185640). - CVE-2021-3490: Fixed an issue where the eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) did not update the 32-bit bounds (bsc#1185641). - CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values (bsc#1186111). - CVE-2021-32399: Fixed a race condition when removing the HCI controller (bsc#1184611). - CVE-2020-36322: Fixed an issue was discovered in FUSE filesystem implementation which could have caused a system crash (bsc#1184211). - CVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391). - CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593). - Fixed a data loss/data corruption that occurs if there is a write error on an md/raid array (bsc#1185847). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2021-2198=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-57-default-2-3.1 kernel-livepatch-5_3_18-57-default-debuginfo-2-3.1 kernel-livepatch-SLE15-SP3_Update_0-debugsource-2-3.1 References: https://www.suse.com/security/cve/CVE-2020-36322.html https://www.suse.com/security/cve/CVE-2021-28660.html https://www.suse.com/security/cve/CVE-2021-29154.html https://www.suse.com/security/cve/CVE-2021-32399.html https://www.suse.com/security/cve/CVE-2021-33034.html https://www.suse.com/security/cve/CVE-2021-3489.html https://www.suse.com/security/cve/CVE-2021-3490.html https://bugzilla.suse.com/1183658 https://bugzilla.suse.com/1184710 https://bugzilla.suse.com/1184952 https://bugzilla.suse.com/1185796 https://bugzilla.suse.com/1185847 https://bugzilla.suse.com/1185856 https://bugzilla.suse.com/1185899 https://bugzilla.suse.com/1186285 . SUSE has issued a security update for its Linux Kernel, responding to a range of critical security concerns and vulnerabilities that impact SLE 15 SP3.. Linux Kernel Patch, Security Update, SUSE Live Patching, Kernel Fixes, System Security. . Severity: Important. LinuxSecurity.com Team
Jun 30, 2021
•Important
SuSE
202
security advisorymoderate severitysolutionopenSUSE: 2019:1161-1 Moderate Update: Fix for TIFF Pointer Vulnerabilities
An update that fixes four vulnerabilities is now available.. openSUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:1161-1 Rating: moderate References: #1108606 #1115717 #1121626 #1125113 Cross-References: CVE-2018-17000 CVE-2018-19210 CVE-2019-6128 CVE-2019-7663 Affected Products: openSUSE Leap 15.0 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-19210: Fixed a NULL pointer dereference in TIFFWriteDirectorySec function (bsc#1115717). - CVE-2018-17000: Fixed a NULL pointer dereference in the _TIFFmemcmp function (bsc#1108606). - CVE-2019-6128: Fixed a memory leak in the TIFFFdOpen function in tif_unix.c (bsc#1121626). - CVE-2019-7663: Fixed an invalid address dereference in the TIFFWriteDirectoryTagTransfer function in libtiff/tif_dirwrite.c (bsc#1125113) This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.0: zypper in -t patch openSUSE-2019-1161=1 Package List: - openSUSE Leap 15.0 (i586 x86_64): libtiff-devel-4.0.9-lp150.4.16.1 libtiff5-4.0.9-lp150.4.16.1 libtiff5-debuginfo-4.0.9-lp150.4.16.1 tiff-4.0.9-lp150.4.16.1 tiff-debuginfo-4.0.9-lp150.4.16.1 tiff-debugsource-4.0.9-lp150.4.16.1 - openSUSE Leap 15.0 (x86_64): libtiff-devel-32bit-4.0.9-lp150.4.16.1 libtiff5-32bit-4.0.9-lp150.4.16.1 libtiff5-32bit-debuginfo-4.0.9-lp150.4.16.1 References: https://www.suse.com/security/cve/CVE-2018-17000.html https://www.suse.com/security/cve/CVE-2018-19210.html https://www.suse.com/security/cve/CVE-2019-6128.html https://www.suse.com/security/cve/CVE-2019-7663.html https://bugzilla.suse.com/1108606 https://bugzilla.suse.com/1115717 https://bugzilla.suse.com/1121626 https://bugzilla.suse.com/1125113 -- . The latest update for openSUSE resolves various concerns in the tiff library, tackling memory leak instances and pointer-related errors, thereby improving overall system security.. openSUSE Security, TIFF Patch, Memory Leak Fix, System Update. . LinuxSecurity.com Team
Apr 05, 2019
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!