Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 0 articles for you...
100
security advisorybuffer overflowfile overwriteSUSE: 2025:0118-1 important: rsync heap overflow and file sync issues
* bsc#1234100 * bsc#1234101 * bsc#1234102 * bsc#1234103 * bsc#1234104 . # Security update for rsync Announcement ID: SUSE-SU-2025:0118-1 Release Date: 2025-01-15T09:08:02Z Rating: important References: * bsc#1234100 * bsc#1234101 * bsc#1234102 * bsc#1234103 * bsc#1234104 Cross-References: * CVE-2024-12084 * CVE-2024-12085 * CVE-2024-12086 * CVE-2024-12087 * CVE-2024-12088 CVSS scores: * CVE-2024-12084 ( SUSE ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-12084 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-12085 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-12085 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2024-12085 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-12086 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-12086 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2024-12086 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N * CVE-2024-12087 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-12087 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-12087 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2024-12088 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2024-12088 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2024-12088 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves five vulnerabilities can now be installed. ## Description: This update for rsync fixes the followingissues: * CVE-2024-12084: heap buffer overflow in checksum parsing. (bsc#1234100) * CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. (bsc#1234101) * CVE-2024-12086: leak of a client machine's file contents through the processing of checksum data. (bsc#1234102) * CVE-2024-12087: arbitrary file overwrite possible on clients when symlink syncing is enabled. (bsc#1234103) * CVE-2024-12088: bypass of the --safe-links flag may allow the placement of unsafe symlinks in a client. (bsc#1234104) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-118=1 SUSE-2025-118=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-118=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * rsync-debuginfo-3.2.7-150600.3.4.1 * rsync-debugsource-3.2.7-150600.3.4.1 * rsync-3.2.7-150600.3.4.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * rsync-debuginfo-3.2.7-150600.3.4.1 * rsync-debugsource-3.2.7-150600.3.4.1 * rsync-3.2.7-150600.3.4.1 ## References: * https://www.suse.com/security/cve/CVE-2024-12084.html * https://www.suse.com/security/cve/CVE-2024-12085.html * https://www.suse.com/security/cve/CVE-2024-12086.html * https://www.suse.com/security/cve/CVE-2024-12087.html * https://www.suse.com/security/cve/CVE-2024-12088.html * https://bugzilla.suse.com/show_bug.cgi?id=1234100 * https://bugzilla.suse.com/show_bug.cgi?id=1234101 * https://bugzilla.suse.com/show_bug.cgi?id=1234102 * https://bugzilla.suse.com/show_bug.cgi?id=1234103 * https://bugzilla.suse.com/show_bug.cgi?id=1234104 . SUSE has released a vital advisory regarding Rsync, addressing several urgent vulnerabilities. Take action now to enhance thesecurity of your systems promptly.. rsync security update, SUSE advisory, critical patch rsync, security fixes rsync. . Severity: Important. LinuxSecurity.com Team
Jan 15, 2025
•Important
SuSE
100
security advisoryfile overwriteimportantSUSE: 2025:0120-1 important: rsync file overwrite and bypass threat fixed
* bsc#1234101 * bsc#1234102 * bsc#1234103 * bsc#1234104 . # Security update for rsync Announcement ID: SUSE-SU-2025:0120-1 Release Date: 2025-01-15T09:08:20Z Rating: important References: * bsc#1234101 * bsc#1234102 * bsc#1234103 * bsc#1234104 Cross-References: * CVE-2024-12085 * CVE-2024-12086 * CVE-2024-12087 * CVE-2024-12088 CVSS scores: * CVE-2024-12085 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-12085 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2024-12085 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-12086 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-12086 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2024-12086 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N * CVE-2024-12087 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-12087 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-12087 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2024-12088 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2024-12088 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2024-12088 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for rsync fixes the following issues: * CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. (bsc#1234101) * CVE-2024-12086: leak of a client machine's file contents through the processing of checksum data. (bsc#1234102) * CVE-2024-12087: arbitrary file overwrite possible on clients when symlink syncing is enabled. (bsc#1234103) * CVE-2024-12088: bypass of the --safe-links flag may allow the placement of unsafe symlinks in a client. (bsc#1234104) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-120=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-120=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * rsync-debugsource-3.1.3-3.18.1 * rsync-debuginfo-3.1.3-3.18.1 * rsync-3.1.3-3.18.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * rsync-debugsource-3.1.3-3.18.1 * rsync-debuginfo-3.1.3-3.18.1 * rsync-3.1.3-3.18.1 ## References: * https://www.suse.com/security/cve/CVE-2024-12085.html * https://www.suse.com/security/cve/CVE-2024-12086.html * https://www.suse.com/security/cve/CVE-2024-12087.html * https://www.suse.com/security/cve/CVE-2024-12088.html * https://bugzilla.suse.com/show_bug.cgi?id=1234101 * https://bugzilla.suse.com/show_bug.cgi?id=1234102 * https://bugzilla.suse.com/show_bug.cgi?id=1234103 * https://bugzilla.suse.com/show_bug.cgi?id=1234104 . Crucial patch release for scp tackling various security flaws to strengthen overall system defenses.. rsync security, SUSE Linux, software updates, security patches. . Severity: Important. LinuxSecurity.com Team
Jan 15, 2025
•Important
SuSE
197
security advisorysoftware updatedebianDebian 10 Buster DLA-3458-1 Moderate: php7.3 Authentication Flaw
Niels Dossche and Tim Düsterhus discovered that PHP's implementation of the SOAP HTTP Digest authentication did not check for failures, which may result in a stack information leak. Furthermore, the code used an insufficient number of random bytes. . -------------------------------------------------------------------------Debian LTS Advisory DLA-3458-1
Jun 20, 2023
Debian LTS
87
security advisoryupdateDebianDebian: DSA-5425-1 Moderate PHP 8.2 Authentication Issue - Stack Leak Risk
It was discovered that PHP's implementation of SOAP HTTP Digest authentication performed insufficient error validation, which may result in a stack information leak or use of weak randomness. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5425-1
Jun 13, 2023
•Important
Debian
87
security advisoryupdatecriticalDebian 11: DSA-5424-1 Critical: PHP7.4 Stack Leak Issue
It was discovered that PHP's implementation of SOAP HTTP Digest authentication performed insufficient error validation, which may result in a stack information leak or use of weak randomness. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5424-1
Jun 13, 2023
•Critical
Debian
89
security advisorykernel updateFedoraFedora: 2021-9c0276e935 Moderate Stack Leak Vulnerability Report
The 5.11.9 stable kernel update contains a number of important fixes across the tree.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-9c0276e935 2021-05-13 01:22:50.345896 --------------------------------------------------------------------------------Name : kernel Product : Fedora 32 Version : 5.11.19 Release : 100.fc32 URL : https://www.kernel.org/ Summary : The Linux kernel Description : The kernel meta package --------------------------------------------------------------------------------Update Information: The 5.11.9 stable kernel update contains a number of important fixes across the tree. --------------------------------------------------------------------------------ChangeLog: * Fri May 7 2021 Justin M. Forbes [5.11.19-0] - Fedora-5.12: Make amd_pinctrl module builtin (Hans de Goede) - ALSA: hda/realtek: Fix silent headphone output on ASUS UX430UA (Takashi Iwai) - nitro_enclaves: Fix stale file descriptors on failed usercopy (Mathias Krause) --------------------------------------------------------------------------------References: [ 1 ] Bug #1957788 - CVE-2021-31829 kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory https://bugzilla.redhat.com/show_bug.cgi?id=1957788 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-9c0276e935' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 12, 2021
•Medium
Fedora
89
security advisoryFedoracritical updateFedora 30 FEDORA-2019-fe6d1fbffa Critical: Libu2f-Host Stack Leak Fix
Security fix for CVE-2019-9578. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-fe6d1fbffa 2019-04-09 00:01:39.900361 --------------------------------------------------------------------------------Name : libu2f-host Product : Fedora 30 Version : 1.1.8 Release : 1.fc30 URL : / Summary : Yubico Universal 2nd Factor (U2F) Host C Library Description : libu2f-host provides a C library that implements the host-side of the U2F protocol. There are APIs to talk to a U2F device and perform the U2F Register and U2F Authenticate operations. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2019-9578 --------------------------------------------------------------------------------References: [ 1 ] Bug #1685954 - CVE-2019-9578 libu2f-host: leak of uninitialized stack in devs.c https://bugzilla.redhat.com/show_bug.cgi?id=1685954 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-fe6d1fbffa' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Apr 08, 2019
•Critical
Fedora
89
security advisoryFedorahypervisorFedora 27: 2017-c432db2971 High: Xen Hypervisor Flaws Affect Stability
xen: various flaws (#1501391) multiple MSI mapping issues on x86 [XSA-237] DMOP map/unmap missing argument checks [XSA-238] hypervisor stack leak in x86 I/O intercept code [XSA-239] Unlimited recursion in linear pagetable de-typing [XSA-240] Stale TLB entry due to page type release race [XSA-241] page type reference leak on x86 [XSA-242] x86: Incorrect handling of self-linear shadow. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-c432db2971 2017-11-11 13:29:22.441877 --------------------------------------------------------------------------------Name : xen Product : Fedora 27 Version : 4.9.0 Release : 12.fc27 URL : https://xenproject.org/ Summary : Xen is a virtual machine monitor Description : This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor --------------------------------------------------------------------------------Update Information: xen: various flaws (#1501391) multiple MSI mapping issues on x86 [XSA-237] DMOP map/unmap missing argument checks [XSA-238] hypervisor stack leak in x86 I/O intercept code [XSA-239] Unlimited recursion in linear pagetable de-typing [XSA-240] Stale TLB entry due to page type release race [XSA-241] page type reference leak on x86 [XSA-242] x86: Incorrect handling of self-linear shadow mappings with translated guests [XSA-243] x86: Incorrect handling of IST settings during CPU hotplug [XSA-244] --------------------------------------------------------------------------------ChangeLog: --------------------------------------------------------------------------------References: [ 1 ] Bug #1499817 - CVE-2017-15590 xsa237 xen: multiple MSI mapping issues on x86 (XSA-237) https://bugzilla.redhat.com/show_bug.cgi?id=1499817 [ 2 ] Bug #1499818 - CVE-2017-15591 xsa238 xen: DMOP map/unmap missing argument checks (XSA-238) https://bugzilla.redhat.com/show_bug.cgi?id=1499818 [ 3 ] Bug #1499819 - CVE-2017-15589 xsa239 xen: hypervisor stack leak in x86 I/O intercept code (XSA-239) https://bugzilla.redhat.com/show_bug.cgi?id=1499819 [ 4 ] Bug #1499820 - CVE-2017-15595 xsa240 xen: Unlimited recursion in linear pagetable de-typing (XSA-240) https://bugzilla.redhat.com/show_bug.cgi?id=1499820 [ 5 ] Bug #1499821 - CVE-2017-15588 xsa241 xen: Stale TLB entry due to page type release race (XSA-241) https://bugzilla.redhat.com/show_bug.cgi?id=1499821 [ 6 ] Bug #1499822 - CVE-2017-15593 xsa242 xen: page type reference leak on x86 (XSA-242) https://bugzilla.redhat.com/show_bug.cgi?id=1499822 [ 7 ] Bug #1499823 - CVE-2017-15592 xsa243 xen: x86: Incorrect handling of self-linear shadow mappings with translated guests (XSA-243) https://bugzilla.redhat.com/show_bug.cgi?id=1499823 [ 8 ] Bug #1499824 - CVE-2017-15594 xsa244 xen: x86: Incorrect handling of IST settings during CPU hotplug (XSA-244) https://bugzilla.redhat.com/show_bug.cgi?id=1499824 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade xen' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Nov 11, 2017
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!