Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -7 articles for you...
100
security advisorymoderateSUSESUSE Linux 15-SP1: 2020:0440-1 Moderate: Python-Azure-Agent Data Leak
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for python-azure-agent ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0440-1 Rating: moderate References: #1127838 Cross-References: CVE-2019-0804 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-azure-agent fixes the following issues: python-azure-agent was updated to version 2.2.45 (jsc#ECO-80) + Add support for Gen2 VM resource disks + Use alternate systemd detection + Fix /proc/net/route requirement that causes errors on FreeBSD + Add cloud-init auto-detect to prevent multiple provisioning mechanisms from relying on configuration for coordination + Disable cgroups when daemon is setup incorrectly + Remove upgrade extension loop for the same goal state + Add container id for extension telemetry events + Be more exact when detecting IMDS service health + Changing add_event to start sending missing fields From 2.2.44 update: + Remove outdated extension ZIP packages + Improved error handling when starting extensions using systemd + Reduce provisioning time of some custom images + Improve the handling of extension download errors + New API for extension authors to handle errors during extension update + Fix handling of errors in calls to openssl + Improve logic to determine current distro + Reduce verbosity of several logging statements From 2.2.42 update: + Poll for artifact blob, addresses goal state procesing issue From 2.2.41 update: + Rewriting the mechanism to start the extension using systemd-run for systems usingsystemd for managing + Refactoring of resource monitoring framework using cgroup for both systemd and non-systemd approaches [#1530, #1534] + Telemetry pipeline for resource monitoring data From 2.2.40 update: + Fixed tracking of memory/cpu usage + Do not prevent extensions from running if setting up cgroups fails + Enable systemd-aware deprovisioning on all versions > = 18.04 + Add systemd support for Debian Jessie, Stretch, and Buster + Support for Linux Openwrt From 2.2.38 update: Security issue fixed: + CVE-2019-0804: An issue with swapfile handling in the agent creates a data leak situation that exposes system memory data. (bsc#1127838) + Add fixes for handling swap file and other nit fixes From 2.2.37 update: + Improves re-try logic to handle errors while downloading extensions Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-440=1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-440=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): python-azure-agent-2.2.45-3.3.1 - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (noarch): python-azure-agent-test-2.2.45-3.3.1 References: https://www.suse.com/security/cve/CVE-2019-0804.html https://bugzilla.suse.com/1127838 _______________________________________________ sle-security-updates mailing list
Feb 24, 2020
SuSE
98
security advisorymoderateRed HatRed Hat Enterprise Linux 8 RHSA-2019:1527-01 Moderate WALinuxAgent Issue
An update for WALinuxAgent is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: WALinuxAgent security update Advisory ID: RHSA-2019:1527-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:1527 Issue date: 2019-06-18 CVE Names: CVE-2019-0804 ==================================================================== 1. Summary: An update for WALinuxAgent is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - noarch 3. Description: The Windows Azure Linux Agent supports provisioning and running Linux virtual machines in the Microsoft Windows Azure cloud. Security Fix(es): * WALinuxAgent: swapfile created with weak permissions (CVE-2019-0804) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1684181 - CVE-2019-0804 WALinuxAgent: swapfile created with weak permissions 6. Package List: Red Hat Enterprise Linux AppStream (v.8): Source: WALinuxAgent-2.2.32-1.el8_0.1.src.rpm noarch: WALinuxAgent-2.2.32-1.el8_0.1.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-0804 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXQkeBNzjgjWX9erEAQhoEw/+LDwuGN2HjZdwoNa0D3TArB4Di1fPKKHj PgTh7RAg1WlH/ATGfm6tLt4OqFWahyBwDjnIE4QItfHTEqqCxb7LTfO+AYFi5zJs ZId53phmDlSWicQk5/VI6CCIc1cf2SOyYikCQPFsDAY1mUj+5cg+Lw7v6a2zvlvx BnrZmyBhXwXoIEnaUAsbZRPxn7XMi/N4+v0T8gCrtwDuZ+wwfSYP4pIIY3uK3eOR 6gshHvWYxTdVKixnbAdLRXmll8Ey+Y8OsiG6BePM85fOsq12VLls1grbDBjD0iAS wanuKgbVT1TRglk7n064HKHI0Hs9KdAcDdq0kxKObNII+zMY55GukEfx2AXvb7dn ZLJyC25p7eJhl9czbcd1RxZlKEO7Si9osqZmwjTxC17vZ0WVm1SVwg6Ad8MIMd9k NxGlkebw8+8SCRKIbq3f/SF3ntspkp1YprGJZ/QnlGAF5lyC8J+n6ZDnEzx5xkGY 7suKJeUQw5vBQ1FUzu27KsT60+B2t0g6XWjdW0PhGxemAvAURR4LS2Ofhe8ohdsO 8VfCr5M6BsKnRuGuXSUMjzXqWzcBrH9mio7cm9dr21mXzHLKm0Ok7fhE0vooxWwH I+oBfnPbebgB9Nj1qY5S/evzEay4N5/Z9mr5vQ8r5CeKKRwGfPTrjfCqFoFh1Rr+ vdfJlD6PpRQ=JyLL -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 18, 2019
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!