Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 14 articles for you...
197
security advisorydebianpackage updateDebian 11 DLA-4056-1: golang-glog Link Risk, Moderate Severity
The following vulnerability has been discovered in the glog package for Go: When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4056-1
Feb 17, 2025
Debian LTS
202
security advisorysoftware updatepatchopenSUSE 15.5: SUSE-SU-2023:2988-1 Important: Conmon Security Fix
This update for conmon fixes the following issues: conmon was updated to version 2.1.7:. # Security update for conmon Announcement ID: SUSE-SU-2023:2988-1 Rating: important References: * #1208737 * #1209307 Affected Products: * Containers Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has two fixes can now be installed. ## Description: This update for conmon fixes the following issues: conmon was updated to version 2.1.7: * Bumped go version to 1.19 (bsc#1209307). Bugfixes: * Fixed leaking symbolic links in the opt_socket_path directory * Fixed oom handling issues (bsc#1208737). * Fixed OOM watcher for cgroupv2 `oom_kill` events ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2988=1 openSUSE-SLE-15.5-2023-2988=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-2988=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * conmon-debuginfo-2.1.7-150500.9.3.1 * conmon-2.1.7-150500.9.3.1 * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * conmon-debuginfo-2.1.7-150500.9.3.1 * conmon-2.1.7-150500.9.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208737 * https://bugzilla.suse.com/show_bug.cgi?id=1209307 . The latest conmon release tackles critical problems by enhancing memory management and resolving issues related to symbolic link leakage.. Conmon Update,SUSE Updates,Bug Fixes,Security Advisory. . Severity: Important. LinuxSecurity.com Team
Jul 26, 2023
•Important
OpenSUSE
203
security advisorymoderateprivilege escalationMageia 8 MGASA-2022-0396 Moderate: Git Symbolic Link & Heap Threats
CVE-2022-39253: A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. CVE-2022-39260: Allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. . MGASA-2022-0396 - Updated git packages fix security vulnerability Publication date: 28 Oct 2022 URL: https://advisories.mageia.org/MGASA-2022-0396.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-39253, CVE-2022-39260, CVE-2022-29187 CVE-2022-39253: A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. CVE-2022-39260: Allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. CVE-2022-29187: privilege escalation References: - https://bugs.mageia.org/show_bug.cgi?id=30985 - - https://www.cve.org/CVERecord?id=CVE-2022-39253 - https://www.cve.org/CVERecord?id=CVE-2022-39260 - https://www.cve.org/CVERecord?id=CVE-2022-29187 SRPMS: - 8/core/git-2.30.6-1.mga8 . Mageia addresses vulnerabilities in git related to symbolic link exploitation and heap overflow issues, with a fix released on October 28, 2022.. Git Security Update, Mageia Advisory, Heap Overflow Fix, Privilege Escalation Patch. . LinuxSecurity.com Team
Oct 28, 2022
Mageia
100
security advisorymoderatesymbolic linkSUSE: 2022:1888-2 Low: Helm-Stream Symlink Vulnerability
An update that solves one vulnerability and has one errata is now available. . SUSE Security Update: Security update for helm-mirror ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1888-1 Rating: moderate References: #1156646 #1197728 Cross-References: CVE-2019-18658 CVSS scores: CVE-2019-18658 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-18658 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for helm-mirror fixes the following issues: - Updated to version 0.3.1: - CVE-2019-18658: Fixed a potential symbolic link issue in helm that could be used to leak sensitive files (bsc#1156646). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1888=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1888=1 - SUSE Linux Enterprise Module for Containers 15-SP4: zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-1888=1 - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-1888=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): helm-mirror-0.3.1-150000.1.13.1 helm-mirror-debuginfo-0.3.1-150000.1.13.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): helm-mirror-0.3.1-150000.1.13.1 helm-mirror-debuginfo-0.3.1-150000.1.13.1 - SUSE Linux Enterprise Module for Containers 15-SP4 (aarch64 ppc64le s390x x86_64): helm-mirror-0.3.1-150000.1.13.1 helm-mirror-debuginfo-0.3.1-150000.1.13.1 - SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64): helm-mirror-0.3.1-150000.1.13.1 helm-mirror-debuginfo-0.3.1-150000.1.13.1 References: https://www.suse.com/security/cve/CVE-2019-18658.html https://bugzilla.suse.com/1156646 https://bugzilla.suse.com/1197728 . SUSE Security Update for helm-mirror tackles a moderate vulnerability related to symbolic links, reinforcing overall system reliability.. helm mirror update, SUSE security patch, Linux server security. . Severity: Important. LinuxSecurity.com Team
May 31, 2022
•Important
SuSE
203
security advisoryupdatecriticalMageia 8: 2022-0060 Critical Updating of Libarchive Security Issues
Processing fixup entries may follow symbolic links. (CVE-2021-31566) libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block). (CVE-2021-36976) . MGASA-2022-0060 - Updated libarchive packages fix security vulnerability Publication date: 12 Feb 2022 URL: https://advisories.mageia.org/MGASA-2022-0060.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-31566, CVE-2021-36976 Processing fixup entries may follow symbolic links. (CVE-2021-31566) libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block). (CVE-2021-36976) References: - https://bugs.mageia.org/show_bug.cgi?id=30023 - https://github.com/libarchive/libarchive/releases/tag/v3.5.3 - https://www.cve.org/CVERecord?id=CVE-2021-31566 - https://www.cve.org/CVERecord?id=CVE-2021-36976 SRPMS: - 8/core/libarchive-3.5.3-1.mga8 . Recent updates to libarchive packages resolve various security vulnerabilities identified in multiple CVEs, crucial for preserving the security of the system.. Mageia Security, libarchive Update, Symbolic Link Flaws. . Severity: Critical. LinuxSecurity.com Team
Feb 12, 2022
•Critical
Mageia
203
security advisorysecurity issuesymbolic linkMageia 8: MGASA-2021-0430 Moderate: Libarchive Symlink Handling Issue
Fix handling of symbolic link ACLs on Linux. Never follow symlinks when setting file flags on Linux. Do not follow symlinks when processing the fixup list. . MGASA-2021-0430 - Updated libarchive packages fix security vulnerability Publication date: 23 Sep 2021 URL: https://advisories.mageia.org/MGASA-2021-0430.html Type: security Affected Mageia releases: 8 Fix handling of symbolic link ACLs on Linux. Never follow symlinks when setting file flags on Linux. Do not follow symlinks when processing the fixup list. References: - https://bugs.mageia.org/show_bug.cgi?id=29431 - https://github.com/libarchive/libarchive/releases/tag/v3.5.2 SRPMS: - 8/core/libarchive-3.5.2-1.mga8 . Enhanced libarchive builds in Mageia 8 fix problems related to symlink handling, ensuring that file attributes are handled with proper security measures.. libarchive security update,Mageia 8,security fixes,symbolic link handling. . LinuxSecurity.com Team
Sep 23, 2021
Mageia
203
security advisorymoderateremote code executionMageia 2021-0137 Moderate: Git Remote Code Execution Risk
On case-insensitive file systems with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters (such as Git LFS), Git could be fooled into running remote code during a clone (CVE-2021-21300). . MGASA-2021-0137 - Updated git packages fix a security vulnerability Publication date: 14 Mar 2021 URL: https://advisories.mageia.org/MGASA-2021-0137.html Type: security Affected Mageia releases: 7, 8 CVE: CVE-2021-21300 On case-insensitive file systems with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters (such as Git LFS), Git could be fooled into running remote code during a clone (CVE-2021-21300). References: - https://bugs.mageia.org/show_bug.cgi?id=28566 - https://lkml.org/lkml/2021/3/9/995 - https://www.cve.org/CVERecord?id=CVE-2021-21300 SRPMS: - 8/core/git-2.30.2-1.mga8 - 7/core/git-2.21.4-1.mga7 . Mageia 2021-0142 highlights a vulnerability in the Linux kernel that could permit unauthorized access to sensitive data on affected systems. Learn more.. Mageia Git Update, Code Execution Flaw, Git Security Fix. . Severity: Important. LinuxSecurity.com Team
Mar 14, 2021
•Important
Mageia
203
security advisorysecurity updatehigh severityMageia 7: MGASA-2021-0032 Critical SELinux Vulnerability Alert
Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing) (CVE-2018-1063). . MGASA-2021-0032 - Updated policycoreutils packages fix a security vulnerability Publication date: 17 Jan 2021 URL: https://advisories.mageia.org/MGASA-2021-0032.html Type: security Affected Mageia releases: 7 CVE: CVE-2018-1063 Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing) (CVE-2018-1063). References: - https://bugs.mageia.org/show_bug.cgi?id=22890 - https://access.redhat.com/errata/RHSA-2018:0913 - https://www.cve.org/CVERecord?id=CVE-2018-1063 SRPMS: - 7/core/policycoreutils-2.5-14.1.mga7 . Mageia 2021-0045 fixes a security flaw related to improper handling of memory in the kernel. Continue reading for further information.. Mageia Security Advisory, SELinux Context, Policycoreutils Update. . Severity: Critical. LinuxSecurity.com Team
Jan 17, 2021
•Critical
Mageia
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!