Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -7 articles for you...
100
security advisorycritical issueSUSE LinuxSUSE: 2024:0850-1 Critical: Python3 Symlink Bug Fix Released
* bsc#1219666 Cross-References: * CVE-2023-6597 . # Security update for python3 Announcement ID: SUSE-SU-2024:0850-1 Rating: important References: * bsc#1219666 Cross-References: * CVE-2023-6597 CVSS scores: * CVE-2023-6597 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability can now be installed. ## Description: This update for python3 fixes the following issues: * CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-850=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-850=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-850=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-850=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * python3-base-debuginfo-3.6.15-150000.3.141.1 * python3-debuginfo-3.6.15-150000.3.141.1 * python3-tools-3.6.15-150000.3.141.1 * python3-curses-debuginfo-3.6.15-150000.3.141.1 * python3-curses-3.6.15-150000.3.141.1 * python3-base-3.6.15-150000.3.141.1 * python3-dbm-3.6.15-150000.3.141.1 *python3-devel-debuginfo-3.6.15-150000.3.141.1 * python3-core-debugsource-3.6.15-150000.3.141.1 * python3-tk-3.6.15-150000.3.141.1 * python3-3.6.15-150000.3.141.1 * python3-dbm-debuginfo-3.6.15-150000.3.141.1 * python3-tk-debuginfo-3.6.15-150000.3.141.1 * libpython3_6m1_0-debuginfo-3.6.15-150000.3.141.1 * python3-devel-3.6.15-150000.3.141.1 * libpython3_6m1_0-3.6.15-150000.3.141.1 * python3-debugsource-3.6.15-150000.3.141.1 * python3-idle-3.6.15-150000.3.141.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * python3-base-debuginfo-3.6.15-150000.3.141.1 * python3-debuginfo-3.6.15-150000.3.141.1 * python3-tools-3.6.15-150000.3.141.1 * python3-curses-debuginfo-3.6.15-150000.3.141.1 * python3-curses-3.6.15-150000.3.141.1 * python3-base-3.6.15-150000.3.141.1 * python3-dbm-3.6.15-150000.3.141.1 * python3-devel-debuginfo-3.6.15-150000.3.141.1 * python3-core-debugsource-3.6.15-150000.3.141.1 * python3-tk-3.6.15-150000.3.141.1 * python3-3.6.15-150000.3.141.1 * python3-dbm-debuginfo-3.6.15-150000.3.141.1 * python3-tk-debuginfo-3.6.15-150000.3.141.1 * libpython3_6m1_0-debuginfo-3.6.15-150000.3.141.1 * python3-devel-3.6.15-150000.3.141.1 * libpython3_6m1_0-3.6.15-150000.3.141.1 * python3-debugsource-3.6.15-150000.3.141.1 * python3-idle-3.6.15-150000.3.141.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * python3-base-debuginfo-3.6.15-150000.3.141.1 * python3-debuginfo-3.6.15-150000.3.141.1 * python3-tools-3.6.15-150000.3.141.1 * python3-curses-debuginfo-3.6.15-150000.3.141.1 * python3-curses-3.6.15-150000.3.141.1 * python3-base-3.6.15-150000.3.141.1 * python3-dbm-3.6.15-150000.3.141.1 * python3-devel-debuginfo-3.6.15-150000.3.141.1 * python3-core-debugsource-3.6.15-150000.3.141.1 * python3-tk-3.6.15-150000.3.141.1 * python3-3.6.15-150000.3.141.1 * python3-dbm-debuginfo-3.6.15-150000.3.141.1 *python3-tk-debuginfo-3.6.15-150000.3.141.1 * libpython3_6m1_0-debuginfo-3.6.15-150000.3.141.1 * python3-devel-3.6.15-150000.3.141.1 * libpython3_6m1_0-3.6.15-150000.3.141.1 * python3-debugsource-3.6.15-150000.3.141.1 * python3-idle-3.6.15-150000.3.141.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * python3-base-debuginfo-3.6.15-150000.3.141.1 * python3-debuginfo-3.6.15-150000.3.141.1 * python3-base-3.6.15-150000.3.141.1 * python3-core-debugsource-3.6.15-150000.3.141.1 * python3-3.6.15-150000.3.141.1 * libpython3_6m1_0-debuginfo-3.6.15-150000.3.141.1 * libpython3_6m1_0-3.6.15-150000.3.141.1 * python3-debugsource-3.6.15-150000.3.141.1 ## References: * https://www.suse.com/security/cve/CVE-2023-6597.html * https://bugzilla.suse.com/show_bug.cgi?id=1219666 . Fixes address significant concerns in python3 impacting various SUSE distributions. Essential updates can now be installed.. SUSE Update, Python3 Security, System Patch, High Performance Computing, Linux Advisory. . Severity: Important. LinuxSecurity.com Team
Mar 12, 2024
•Important
SuSE
98
security advisorycross-site scriptingsecurity impactRed Hat OpenShift: RHSA-2022-5187-01 Important Security Fix for GitOps
An update is now available for Red Hat OpenShift GitOps 1.3 on OpenShift 4.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat OpenShift GitOps security update Advisory ID: RHSA-2022:5187-01 Product: Red Hat OpenShift GitOps Advisory URL: https://access.redhat.com/errata/RHSA-2022:5187 Issue date: 2022-06-24 CVE Names: CVE-2018-25032 CVE-2022-1271 CVE-2022-31016 CVE-2022-31034 CVE-2022-31035 CVE-2022-31036 ==================================================================== 1. Summary: An update is now available for Red Hat OpenShift GitOps 1.3 on OpenShift 4.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Security Fix(es): * argocd: vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or the UI. (CVE-2022-31034) * argocd: cross-site scripting (XSS) allow a malicious user to inject a javascript link in the UI (CVE-2022-31035) * argocd: vulnerable to an uncontrolled memory consumption bug (CVE-2022-31016) * argocd: vulnerable to a symlink following bug allowing a malicious user with repository write access (CVE-2022-31036) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For details on how to apply this update, whichincludes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2096278 - CVE-2022-31035 argocd: cross-site scripting (XSS) allow a malicious user to inject a javascript link in the UI 2096282 - CVE-2022-31034 argocd: vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or the UI. 2096283 - CVE-2022-31016 argocd: vulnerable to an uncontrolled memory consumption bug 2096291 - CVE-2022-31036 argocd: vulnerable to a symlink following bug allowing a malicious user with repository write access 5. References: https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/cve/CVE-2022-31016 https://access.redhat.com/security/cve/CVE-2022-31034 https://access.redhat.com/security/cve/CVE-2022-31035 https://access.redhat.com/security/cve/CVE-2022-31036 https://access.redhat.com/security/updates/classification/#important 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYrZYStzjgjWX9erEAQhr7BAAgkwBXxlhZvhp+y0mChTHSRpCDWIFv5CK CQc1Otk7kyhpeDftCLr6hNY/jcWRb3GtyuYd+vAVAkATAyG5ZueNND+k2V+k1QHW +b0ZdyjkRkAmH4qsCayCa1Y0T8smn7BKq83NbQY4staEBz7hHF5dj8UZ2mvQ5RPl g2mnu6p2ZPfmKYQ0hLjQgKf0L4y1U5OKIWOoqJlcjIYbb6AjEMIsHe2zSga/t4Ko u44FZO10E665conWWlqI0rMr+k8joiQap1//FxMad9pJv0Cs9Y/WNThsryHbNsiF cZKUDO2DDQClegtRqTeVG/s6pg1E7IlvxpbzI8288ZSOB/kb5LioTJ8Rb2RIbnd/ TtYBkDPDds5HnaNHVIpniyBtz8e2rd/knfkEfDh9eM5qIBOdsM5DBbRUN3ommYaV HgNxO+UGHa4QaFX1QPz65sjqe8ntjPq8jZWR9KF2gSmPoU1YkbVpQNfV37emCSrS WG2Y3LdWsMgcPGj7Dq6dV5tIcowiygHHjo1NF3A4XFFB13zm/RLQEvVwL3k1t07G QbWVqZ6DYIyBswIh9L408M5ydw8JVmzxCuwBqLv1K+mprTUvvFo63IMJYWOxPLvj x9i+AQ9e5NQsDFSXOUTVyVnZuaAjBPoC8bk2xvH/OuS0Uo5M2bBIFX6h5IF6PVlT +y9QAGpBsqc=WK5w -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 24, 2022
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!