Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
100
security advisorysystem patchessuse slesSUSE SLES 15.5: SUSE-CU-2023:952-1 Moderate: Container Security Advisory
The container suse/sles/15.5/virt-exportserver was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sles/15.5/virt-exportserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:952-1 Container Tags : suse/sles/15.5/virt-exportserver:0.58.0 , suse/sles/15.5/virt-exportserver:0.58.0-150500.4.19 , suse/sles/15.5/virt-exportserver:0.58.0.1.217 Container Release : 1.217 Severity : moderate Type : security References : 1203537 1207571 1207957 1207975 1208358 1209209 1209210 1209211 1209212 1209214 1209533 CVE-2022-4899 CVE-2023-0687 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 ----------------------------------------------------------------- The container suse/sles/15.5/virt-exportserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features,check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1582-1 Released: Mon Mar 27 10:31:52 2023 Summary: Security update for curl Type: security Severity: moderate References: 1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1662-1 Released: Wed Mar 29 10:36:23 2023 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1203537 This update for patterns-base fixes the following issues: - change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1688-1 Released: Wed Mar 29 18:19:10 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fixavx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - libzstd1-1.5.0-150400.3.3.1 updated - libz1-1.2.13-150500.1.16 updated - libuuid1-2.37.4-150500.7.10 updated - libsmartcols1-2.37.4-150500.7.10 updated - libblkid1-2.37.4-150500.7.10 updated - libgcrypt20-1.9.4-150500.10.14 updated - libgcrypt20-hmac-1.9.4-150500.10.14 updated - libfdisk1-2.37.4-150500.7.10 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libopenssl1_1-1.1.1l-150500.13.5 updated - libopenssl1_1-hmac-1.1.1l-150500.13.5 updated - libmount1-2.37.4-150500.7.10 updated - patterns-base-fips-20200124-150400.20.4.1 updated - libcurl4-7.79.1-150400.5.18.1 updated - sles-release-15.5-150500.37.4 updated - util-linux-2.37.4-150500.7.10 updated - kubevirt-virt-exportserver-0.58.0-150500.4.19 updated - container:sles15-image-15.0.0-34.15 updated . SUSE Package Notification addresses the security patch for suse/sles/15.5/virt-database, outlining key improvements.. SUSE Container, security update advisory, curl security fix, system patches. . LinuxSecurity.com Team
Apr 05, 2023
SuSE
100
security advisorysecurity updatebuffer overflowSUSE SLES 15 SP4: 2022:1147-1 Important Security Update Overview
The container suse-sles-15-sp4-chost-byos-v20221215-hvm-ssd-x86_64 was updated. The following patches have been included in this update:. SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20221215-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:1147-1 Image Tags : suse-sles-15-sp4-chost-byos-v20221215-hvm-ssd-x86_64:20221215 Image Release : Severity : important Type : security References : 1179465 1184124 1184689 1186787 1187655 1188086 1188607 1189560 1190651 1191833 1192252 1192478 1192508 1192648 1196076 1197284 1197428 1197998 1198165 1198625 1198894 1199074 1200330 1200505 1200657 1200803 1200901 1200994 1201053 1202014 1202269 1202337 1202417 1202750 1202962 1203110 1203125 1203152 1203155 1203194 1203216 1203267 1203272 1203341 1203368 1203482 1203508 1203509 1203600 1203749 1203796 1203797 1203799 1203818 1203820 1203894 1203924 1203957 1204440 1204577 1204706 1204720 1204779 1204821 1204844 1205126 1205178 1205182 1205275 1206065 1206235 876845 877776 885007 896188 988954 CVE-2019-18348 CVE-2020-10735 CVE-2020-8492 CVE-2021-3928 CVE-2022-23471 CVE-2022-2601 CVE-2022-27191 CVE-2022-2980 CVE-2022-2982 CVE-2022-3037 CVE-2022-3099 CVE-2022-3134 CVE-2022-3153 CVE-2022-3234 CVE-2022-3235 CVE-2022-3278 CVE-2022-3296 CVE-2022-3297 CVE-2022-3324 CVE-2022-3352 CVE-2022-3705 CVE-2022-37454 CVE-2022-3775 CVE-2022-42898 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20221215-hvm-ssd-x86_64 was updated. The following patches have been included in thisupdate: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4141-1 Released: Mon Nov 21 09:28:07 2022 Summary: Security update for grub2 Type: security Severity: important References: 1205178,1205182,CVE-2022-2601,CVE-2022-3775 This update for grub2 fixes the following issues: - CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178). - CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182). Other: - Bump upstream SBAT generation to 3 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4160-1 Released: Tue Nov 22 10:10:37 2022 Summary: Recommended update for nfsidmap Type: recommended Severity: moderate References: 1200901 This update for nfsidmap fixes the following issues: - Various bugfixes and improvemes from upstream In particular, fixed a crashthat can happen when a 'static' mapping is configured. (bsc#1200901) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4162-1 Released: Tue Nov 22 10:56:10 2022 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1202014,1203267,1203368,1203749,1203894 This update for dracut fixes the following issues: - A series of fixes for NVMeoF boot to resolve wrong information that is added by dracut (bsc#1203368) - network-manager: always install the library plugins directory (bsc#1202014) - dmsquash-live: correct regression introduced with shellcheck changes (bsc#1203894) - systemd: add missing modprobe@.service (bsc#1203749) - i18n: do not fail if FONT in /etc/vconsole.conf has the file extension (bsc#1203267) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4217-1 Released: Fri Nov 25 07:23:35 2022 Summary: Recommended update for wget Type: recommended Severity: moderate References: 1204720 This update for wgetfixes the following issues: - Truncate long file names to prevent wget failures (bsc#1204720) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4226-1 Released: Fri Nov 25 18:16:59 2022 Summary: Recommended update for suseconnect-ng Type: recommended Severity: moderate References: 1196076,1198625,1200803,1200994,1203341,1204821 This update for suseconnect-ng fixes the following issues: - Fix System-Token support in ruby binding (bsc#1203341) - Use system-wide proxy settings (bsc#1200994) - Add timer for SUSEConnect --keepalive (bsc#1196076) - Added support for the System-Token header - Add Keepalive command line option - Print nested zypper errors (bsc#1200803) - Fix migration json error with SMT (bsc#1198625) - Packaging adjustments (bsc#1204821) - Add option to run local scc tests ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4227-1 Released: Fri Nov 25 18:17:31 2022 Summary: Recommended update for release-notes-sle-micro Type: recommended Severity: low References: 1204440 This update for samba fixes the following issue: - Make samba-tool available in the basesystem (bsc#1204440) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4262-1 Released: Tue Nov 29 05:45:23 2022 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1199074,1203216,1203482 This update for lvm2 fixes the following issues: - Fix terminated lvmlockd not clearing/adopting locks, leading to inability to start volume group (bsc#1203216) - Fix device-mapper rpm package versioning to prevent migration issues (bsc#1199074) - Fix lvmlockd to support sanlock (bsc#1203482) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4278-1 Released: Tue Nov 29 15:43:49 2022 Summary: Security update for supportutils Type: security Severity: moderate References: 1184689,1188086,1192252,1192648,1197428,1200330,1202269,1202337,1202417,1203818 This update for supportutils fixes the following issues: Security issues fixed: - Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818) Bug fixes: - Added lifecycle information - Fixed KVM virtualization detection on bare metal (bsc#1184689) - Added logging using journalctl (bsc#1200330) - Get current sar data before collecting files (bsc#1192648) - Collects everything in /etc/multipath/ (bsc#1192252) - Collects power management information in hardware.txt (bsc#1197428) - Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337) - Fixed conf_files and conf_text_files so y2log is gathered (bsc#1202269) - Update to nvme_info and block_info (bsc#1202417) - Added includedir directories from /etc/sudoers (bsc#1188086) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4281-1 Released: Tue Nov 29 15:46:10 2022 Summary: Securityupdate for python3 Type: security Severity: important References: 1188607,1203125,1204577,CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454 This update for python3 fixes the following issues: - CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577) - CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125) The following non-security bug was fixed: - Fixed a crash in the garbage collection (bsc#1188607). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4282-1 Released: Tue Nov 29 15:50:15 2022 Summary: Security update for vim Type: security Severity: important References: 1192478,1202962,1203110,1203152,1203155,1203194,1203272,1203508,1203509,1203796,1203797,1203799,1203820,1203924,1204779,CVE-2021-3928,CVE-2022-2980,CVE-2022-2982,CVE-2022-3037,CVE-2022-3099,CVE-2022-3134,CVE-2022-3153,CVE-2022-3234,CVE-2022-3235,CVE-2022-3278,CVE-2022-3296,CVE-2022-3297,CVE-2022-3324,CVE-2022-3352,CVE-2022-3705 This update for vim fixes the following issues: Updated to version 9.0 with patch level 0814: - CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478). - CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508). - CVE-2022-3235: Fixed use-after-free (bsc#1203509). - CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820). - CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779). - CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152). - CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796). - CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797). - CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110). - CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194). - CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272). - CVE-2022-3278: Fixed NULL pointer dereference ineval_next_non_blank() in eval.c (bsc#1203799). - CVE-2022-3352: Fixed use-after-free (bsc#1203924). - CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155). - CVE-2022-3037: Fixed use-after-free (bsc#1202962). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4312-1 Released: Fri Dec 2 11:16:47 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657,1203600 This update for tar fixes the following issues: - Fix unexpected inconsistency when making directory (bsc#1203600) - Update race condition fix (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4328-1 Released: Tue Dec 6 12:25:12 2022 Summary: Recommended update for audit-secondary Type: recommended Severity: moderate References: 1204844 This update for audit-secondary fixes the following issues: - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:4340-1 Released: Wed Dec 7 12:54:47 2022 Summary: Feature update for wicked Type: feature Severity: moderate References: 1184124,1186787,1187655,1189560,1192508,1198894,1200505,1201053,876845,877776,885007,896188,988954 This update for wicked fixes the following issues: - build: Ensure binaries are Position Independent Executable (PIE) (bsc#1184124) - client: Add release options to ifdown/ifreload (jsc#SLE-25048, jsc#SLE-10249) - client: Fix memory access violation (SEGV) on empty xpath results - dbus: Clear string array before append - dhcp4: Fix issues in reuse of last lease (bsc#1187655) - dhcp6: Add option to refresh lease (jsc#SLE-24310, jsc#SLE-9492, jsc#SLE-24307) - dhcp6: Consider ppp interfaces supported - dhcp6: Ignore lease release status - dhcp6: Remove address before release - firewall-ext: No config change on ifdown (bsc#1201053, bsc#1189560) - socket: Fix memory accessviolation (SEGV) on heavy socket restart errors (bsc#1192508) - systemd: Remove systemd-udev-settle dependency (bsc#1186787) - team: Fix to configure port priority in teamd (bsc#1200505) - wireless: Add support for WPA3 and PMF (bsc#1198894) - wireless: Fix memory access violation (SEGV) on supplicant restart - wireless: Remove libiw dependencies ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4370-1 Released: Thu Dec 8 17:19:14 2022 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1191833,1205275 This update for rsyslog fixes the following issues: - Parsing of legacy config syntax (bsc#1205275) - Remove $klogConsoleLogLevel setting from rsyslog.conf as this legacy setting from pre-systemd times is obsolete and can block important systemd messages (bsc#1191833) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4383-1 Released: Fri Dec 9 04:01:50 2022 Summary: Recommended update for iputils Type: recommended Severity: important References: 1203957 This update for iputils fixes the following issues: - Fix occasional memory access violation when using `ping` (bsc#1203957) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4412-1 Released: Tue Dec 13 04:47:03 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1204706 This update for suse-build-key fixes the following issues: - added /usr/share/pki/containers directory for container pem keys (cosign/sigstore style), put the SUSE Container signing PEM key there too (bsc#1204706) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4463-1 Released: Tue Dec 13 17:04:31 2022 Summary: Security update for containerd Type: security Severity: important References: 1197284,1206065,1206235,CVE-2022-23471,CVE-2022-27191 This update forcontainerd fixes the following issues: Update to containerd v1.6.12 including Docker v20.10.21-ce (bsc#1206065). Also includes the following fix: - CVE-2022-23471: host memory exhaustion through Terminal resize goroutine leak (bsc#1206235). - CVE-2022-27191: crash in a golang.org/x/crypto/ssh server (bsc#1197284). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4469-1 Released: Wed Dec 14 06:05:13 2022 Summary: Recommended update for sudo Type: recommended Severity: important References: 1197998 This update for sudo fixes the following issues: - Change sudo-ldap schema from ASCII to UTF8 to fix a regression introduced in a previous maintenance update (bsc#1197998) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4499-1 Released: Thu Dec 15 10:48:49 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1179465 This update for openssh fixes the following issues: - Make ssh connections update their dbus environment (bsc#1179465): * Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish The following package changes have been done: - audit-3.0.6-150400.4.6.1 updated - containerd-ctr-1.6.12-150000.79.1 updated - containerd-1.6.12-150000.79.1 updated - dracut-mkinitrd-deprecated-055+suse.323.gca0e74f0-150400.3.13.1 updated - dracut-055+suse.323.gca0e74f0-150400.3.13.1 updated - grub2-i386-pc-2.06-150400.11.17.1 updated - grub2-x86_64-efi-2.06-150400.11.17.1 updated - grub2-x86_64-xen-2.06-150400.11.17.1 updated - grub2-2.06-150400.11.17.1 updated - iputils-20211215-150400.3.3.2 updated - krb5-1.19.2-150400.3.3.1 updated - libdevmapper1_03-2.03.05_1.02.163-150400.185.1 updated - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libopenssl1_1-1.1.1l-150400.7.16.1 updated - libpython3_6m1_0-3.6.15-150300.10.37.2 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated -nfsidmap-0.26-150000.3.7.1 updated - openssh-clients-8.4p1-150300.3.15.4 updated - openssh-common-8.4p1-150300.3.15.4 updated - openssh-server-8.4p1-150300.3.15.4 updated - openssh-8.4p1-150300.3.15.4 updated - openssl-1_1-1.1.1l-150400.7.16.1 updated - python3-base-3.6.15-150300.10.37.2 updated - python3-3.6.15-150300.10.37.2 updated - rpm-ndb-4.14.3-150300.52.1 updated - rsyslog-8.2106.0-150400.5.11.1 updated - samba-client-libs-4.15.8+git.527.8d0c05d313e-150400.3.16.11 updated - sudo-1.9.9-150400.4.9.1 updated - supportutils-3.1.21-150300.7.35.15.1 updated - suse-build-key-12.0-150000.8.28.1 updated - suseconnect-ng-1.0.0~git0.faee7c196dc1-150400.3.7.3 updated - system-group-audit-3.0.6-150400.4.6.1 updated - tar-1.34-150000.3.22.3 updated - vim-data-common-9.0.0814-150000.5.28.1 updated - vim-9.0.0814-150000.5.28.1 updated - wget-1.20.3-150000.3.15.1 updated - wicked-service-0.6.70-150400.3.3.1 updated - wicked-0.6.70-150400.3.3.1 updated . The SUSE SLES 15 SP4 image upgrade introduces essential updates that tackle various critical vulnerabilities.. SUSE Update, Security Patch, Container Risk, Image Update, Threat Mitigation. . Severity: Important. LinuxSecurity.com Team
Dec 20, 2022
•Important
SuSE
100
security advisorymoderate severitysecurity patchesSUSE SLES 15.4 Security Update: SUSE-CU-2022:2343-1 Moderate Threat
The container suse/sles/15.4/virt-operator was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sles/15.4/virt-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2343-1 Container Tags : suse/sles/15.4/virt-operator:0.49.0 , suse/sles/15.4/virt-operator:0.49.0-150400.1.37 , suse/sles/15.4/virt-operator:0.49.0.16.29 Container Release : 16.29 Severity : moderate Type : security References : 1047178 1199140 CVE-2017-6512 ----------------------------------------------------------------- The container suse/sles/15.4/virt-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3271-1 Released: Wed Sep 14 06:45:39 2022 Summary: Security update for perl Type: security Severity: moderate References: 1047178,CVE-2017-6512 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). The following package changes have been done: - perl-base-5.26.1-150300.17.11.1 updated - libgcc_s1-11.3.0+git1637-150000.1.11.2 updated - libstdc++6-11.3.0+git1637-150000.1.11.2 updated - sles-release-15.5-150500.11.1 updated - container:sles15-image-15.0.0-31.15 updated . Updates for the SUSE virtualization Operator containers feature critical security fixes and enhancements for essential libraries.. SUSE Virt Operator Update, Container Security Update, SUSE Patches. . LinuxSecurity.com Team
Sep 23, 2022
SuSE
100
security advisorysecurity updatelocal privilege escalationSUSE SLES 9: 2009-056 Moderate: Local Privilege Escalation Issue
Several security issues and some bugs were fixed in the SUSE Linux Several security issues and some bugs were fixed in the SUSE Linux Enterprise 9 kernel. Enterprise 9 kernel. Following security bugs were fixed: CVE-2009-3547: A race condition in the pipe(2) system call could be used by local attackers to execute code and escalate privileges.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: kernel Announcement ID: SUSE-SA:2009:056 Date: Mon, 16 Nov 2009 13:00:00 +0000 Affected Products: SUSE SLES 9 Novell Linux Desktop 9 Novell Linux POS 9 Vulnerability Type: local privilege escalation Severity (1-10): 7 SUSE Default Package: yes Cross-References: CVE-2009-1192, CVE-2009-1633, CVE-2009-2848 CVE-2009-2909, CVE-2009-2910, CVE-2009-3002 CVE-2009-3547, CVE-2009-3726 Content of This Advisory: 1) Security Vulnerability Resolved: Linux kernel security update Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion Several security issues and some bugs were fixed in the SUSE Linux Enterprise 9 kernel. Following security bugs were fixed: CVE-2009-3547: A race condition in the pipe(2) system call could be used by local attackers to execute code and escalate privileges. CVE-2009-2910: On x86_64systems a information leak of high register contents (upper 32bit) was fixed. CVE-2009-1192: The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel do not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading these pages. CVE-2009-2909: Unsigned check in the ax25 socket handler could allow local attackers to potentially crash the kernel or even execute code. CVE-2009-2848: The execve function in the Linux kernel did not properly clear the current-> clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit. CVE-2009-3002: Fixed various socket handler getname leaks, which could disclose memory previously used by the kernel or other userland processes to the local attacker. CVE-2009-1633: Multiple buffer overflows in the cifs subsystem in the Linux kernel allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; or (2) long Unicode characters, related to fs/cifs/cifssmb.c and the cifs_readdir function in fs/cifs/readdir.c. CVE-2009-3726: The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which trigger attempted use of an open file that lacks NFSv4 state. For a complete list of changes, please refer to the RPM changelog. 2) Solution or Work-Around There is no known workaround, please install the updatepackages. 3) Special Instructions and Notes Reboot the machine after installing the update. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv to apply the update, replacing with the filename of the downloaded RPM package. Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: SUSE CORE 9 for IBM zSeries 64bit SUSE CORE 9 for IBM S/390 31bit SUSE CORE 9 for AMD64 and Intel EM64T SUSE CORE 9 for IBM POWER SUSE CORE 9 for Itanium Processor Family Novell Linux POS 9 SUSE SLES 9 SUSE CORE 9 for x86 Novell Linux Desktop 9 Novell Linux Desktop 9 for x86_64 ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify replacing with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team " where is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig to verify the signature of the package, replacing with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from
Nov 16, 2009
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!