Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 456
Alerts This Week
Warning Icon 1 456

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -4 articles for you...
100

SUSE: 2018:2595-1 Important Update: Spice Heap Corruption and Overflow

An update that fixes two vulnerabilities is now available. . SUSE Security Update: Security update for spice ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2595-1 Rating: important References: #1101295 #1104448 Cross-References: CVE-2018-10873 CVE-2018-10893 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Desktop 12-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for spice fixes the following issues: Security issues fixed: - CVE-2018-10873: Fix potential heap corruption when demarshalling (bsc#1104448) - CVE-2018-10893: Avoid buffer overflow on image lz checks (bsc#1101295) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1825=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1825=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1825=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): libspice-server-devel-0.12.8-6.1 spice-debugsource-0.12.8-6.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): libspice-server1-0.12.8-6.1 libspice-server1-debuginfo-0.12.8-6.1 spice-debugsource-0.12.8-6.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): libspice-server1-0.12.8-6.1 libspice-server1-debuginfo-0.12.8-6.1 spice-debugsource-0.12.8-6.1 References: https://www.suse.com/security/cve/CVE-2018-10873.html https://www.suse.com/security/cve/CVE-2018-10893.html https://bugzilla.suse.com/1101295 https://bugzilla.suse.com/1104448 _______________________________________________ sle-security-updates mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. http://lists.suse.com/mailman/listinfo/sle-security-updates . Update for spice addresses important security flaws in SUSE products, enhancing system protection and stability.. SUSE Security Update, spice Fix, SUSE Linux Update. . LinuxSecurity.com Team

Calendar%202 Sep 03, 2018 SuSE
100

SUSE Security Announcement 2017:1836-1 Critical Spice Buffer Overflow Fix

An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.. SUSE Security Update: Security update for spice ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:1836-1 Rating: important References: #1046779 Cross-References: CVE-2017-7506 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Desktop 12-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for spice fixes the following issues: - CVE-2017-7506: A possible buffer overflow via invalid monitor configurations (bsc#1046779) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1138=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1138=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1138=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 12-SP2 (x86_64): libspice-server-devel-0.12.7-10.3.1 spice-debugsource-0.12.7-10.3.1 - SUSE Linux Enterprise Server 12-SP2 (x86_64): libspice-server1-0.12.7-10.3.1 libspice-server1-debuginfo-0.12.7-10.3.1 spice-debugsource-0.12.7-10.3.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): libspice-server1-0.12.7-10.3.1 libspice-server1-debuginfo-0.12.7-10.3.1 spice-debugsource-0.12.7-10.3.1 References: https://www.suse.com/security/cve/CVE-2017-7506.html https://bugzilla.suse.com/1046779 . SUSE has released a security update for spice that rectifies a significant buffer overflow vulnerability, providing necessary patches.. SUSE Security Update, Buffer Overflow Fix, Spice Software Update. . LinuxSecurity.com Team

Calendar%202 Jul 11, 2017 SuSE
100

SUSE: 2017:0396-1 Important: Spice DoS and Buffer Overflow Fix

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.. SUSE Security Update: Security update for spice ______________________________________________________________________________ Announcement ID: SUSE-SU-2017:0396-1 Rating: important References: #1023078 #1023079 Cross-References: CVE-2016-9577 CVE-2016-9578 Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This security update for spice fixes the following issues: CVE-2016-9577: A buffer overflow in the spice server could have potentially been used by unauthenticated attackers to execute arbitrary code. (bsc#1023078) CVE-2016-9578: Unauthenticated attackers could have caused a denial of service via a crafted message. (bsc#1023079) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4: zypper in -t patch sdksp4-spice-12970=1 - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-spice-12970=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-spice-12970=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 x86_64): libspice-server-devel-0.12.4-8.1 - SUSE Linux Enterprise Server 11-SP4 (i586 x86_64): libspice-server1-0.12.4-8.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64): spice-debuginfo-0.12.4-8.1 spice-debugsource-0.12.4-8.1 References: https://www.suse.com/security/cve/CVE-2016-9577.html https://www.suse.com/security/cve/CVE-2016-9578.html https://bugzilla.suse.com/1023078 https://bugzilla.suse.com/1023079 . Critical security update released for spice components in SUSE Linux Enterprise. Implement the patch promptly to safeguard your systems.. SUSE Security Update, spice Vulnerability, SUSE Linux Patch. . LinuxSecurity.com Team

Calendar%202 Feb 06, 2017 SuSE
89

Fedora: 22 Advisory for Mingw-Spice-Gtk Critical Threats Fix

Update spice-gtk/spice-protocol/spice to new upstream releases. The spice update fixes CVE-2015-3247, CVE-2015-5260 and CVE-2015-5261. ---- Update to spice- gtk 0.29 ---- Update to release 0.12.7. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-7fcc957ba6 2015-11-01 18:14:58.632855 -------------------------------------------------------------------------------- Name : mingw-spice-gtk Product : Fedora 22 Version : 0.30 Release : 1.fc22 URL : Summary : A GTK+ widget for SPICE clients Description : Client libraries for SPICE desktop servers. -------------------------------------------------------------------------------- Update Information: Update spice-gtk/spice-protocol/spice to new upstream releases. The spice update fixes CVE-2015-3247, CVE-2015-5260 and CVE-2015-5261. ---- Update to spice- gtk 0.29 ---- Update to release 0.12.7 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update mingw-spice-gtk' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/admin/lists/package-announce.lists.fedoraproject.org/ . Address urgent vulnerabilities in spice-gtk and spice protocol for Fedora 22, incorporating numerous upgrades to boost security.. mingw-spice-gtk, security update, Fedora 22, upstream releases, spice protocol. . LinuxSecurity.com Team

Calendar%202 Nov 01, 2015 Fedora
89

Fedora 23 Mingw-Spice-Protocol Critical Update: Multiple Fixes

Update spice-gtk/spice-protocol/spice to new upstream releases. The spice update fixes CVE-2015-3247, CVE-2015-5260 and CVE-2015-5261.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-a78ebcc142 2015-10-11 16:01:25.357270 -------------------------------------------------------------------------------- Name : mingw-spice-protocol Product : Fedora 23 Version : 0.12.10 Release : 1.fc23 URL : https://www.spice-space.org/ Summary : Spice protocol header files Description : Header files describing the spice protocol and the para-virtual graphics card QXL. -------------------------------------------------------------------------------- Update Information: Update spice-gtk/spice-protocol/spice to new upstream releases. The spice update fixes CVE-2015-3247, CVE-2015-5260 and CVE-2015-5261. -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update mingw-spice-protocol' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/admin/lists/package-announce.lists.fedoraproject.org/ . Fedora 23 upgrades mingw-spice-protocol to address various vulnerabilities, improving overall system integrity with latest upstream versions.. Fedora 23, Mingw-Spice-Protocol, Security Update, Spice, Critical Fixes. . LinuxSecurity.com Team

Calendar%202 Oct 11, 2015 Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200