Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
100
security advisorysoftware updateimportantSUSE: 2024:3306-1 Important: clamav Security Advisory Resolution
* bsc#1230161 * bsc#1230162 Cross-References: * CVE-2024-20505 . # Security update for clamav Announcement ID: SUSE-SU-2024:3306-1 Rating: important References: * bsc#1230161 * bsc#1230162 Cross-References: * CVE-2024-20505 * CVE-2024-20506 CVSS scores: * CVE-2024-20505 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-20505 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-20505 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-20505 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-20506 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2024-20506 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N * CVE-2024-20506 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2024-20506 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for clamav fixes the following issues: * Update to version 0.103.12 * CVE-2024-20506: Disable symlinks following to prevent an attacker to corrupt system files. (bsc#1230162) * CVE-2024-20505: Fixed possible out-of-bounds read bug in the PDF file parser. (bsc#1230161) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-3306=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-3306=1 openSUSE-SLE-15.6-2024-3306=1 ## Package List: * Basesystem Module15-SP6 (aarch64 ppc64le s390x x86_64) * clamav-devel-0.103.12-150600.18.3.1 * libclamav9-debuginfo-0.103.12-150600.18.3.1 * clamav-0.103.12-150600.18.3.1 * libfreshclam2-0.103.12-150600.18.3.1 * clamav-debugsource-0.103.12-150600.18.3.1 * libclamav9-0.103.12-150600.18.3.1 * clamav-debuginfo-0.103.12-150600.18.3.1 * libfreshclam2-debuginfo-0.103.12-150600.18.3.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * clamav-devel-0.103.12-150600.18.3.1 * libclamav9-debuginfo-0.103.12-150600.18.3.1 * clamav-0.103.12-150600.18.3.1 * libfreshclam2-0.103.12-150600.18.3.1 * clamav-debugsource-0.103.12-150600.18.3.1 * libclamav9-0.103.12-150600.18.3.1 * clamav-debuginfo-0.103.12-150600.18.3.1 * libfreshclam2-debuginfo-0.103.12-150600.18.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-20505.html * https://www.suse.com/security/cve/CVE-2024-20506.html * https://bugzilla.suse.com/show_bug.cgi?id=1230161 * https://bugzilla.suse.com/show_bug.cgi?id=1230162 . Urgent security update for clamav addresses significant vulnerabilities demanding swift action from SUSE customers.. clamav Update, SUSE Security Advisory, Important Fixes, Linux Threats, Software Management. . Severity: Important. LinuxSecurity.com Team
Sep 18, 2024
•Important
SuSE
100
security advisoryimportantclamavSUSE: 2024:3228-1 Important: Clamav Security Advisory Fixes DoS Issues
* bsc#1230161 * bsc#1230162 Cross-References: * CVE-2024-20505 . # Security update for clamav Announcement ID: SUSE-SU-2024:3228-1 Rating: important References: * bsc#1230161 * bsc#1230162 Cross-References: * CVE-2024-20505 * CVE-2024-20506 CVSS scores: * CVE-2024-20505 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-20505 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-20506 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2024-20506 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for clamav fixes the following issues: * Update to version 0.103.12 * CVE-2024-20506: Disable symlinks following to prevent an attacker to corrupt system files. (bsc#1230162) * CVE-2024-20505: Fixed possible out-of-bounds read bug in the PDF file parser. (bsc#1230161) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3228=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3228=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3228=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * clamav-0.103.12-3.33.1 * clamav-debugsource-0.103.12-3.33.1 * clamav-debuginfo-0.103.12-3.33.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) *clamav-0.103.12-3.33.1 * clamav-debugsource-0.103.12-3.33.1 * clamav-debuginfo-0.103.12-3.33.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * clamav-0.103.12-3.33.1 * clamav-debugsource-0.103.12-3.33.1 * clamav-debuginfo-0.103.12-3.33.1 ## References: * https://www.suse.com/security/cve/CVE-2024-20505.html * https://www.suse.com/security/cve/CVE-2024-20506.html * https://bugzilla.suse.com/show_bug.cgi?id=1230161 * https://bugzilla.suse.com/show_bug.cgi?id=1230162 . SUSE's important clamav patch addresses significant weaknesses, boosting overall security and system reliability.. clamav Security Update, SUSE Security Advisory, SUSE Linux Enterprise, Important Security Fixes, Symlink Vulnerability. . Severity: Important. LinuxSecurity.com Team
Sep 12, 2024
•Important
SuSE
203
security advisorylocal attackdata overwriteMageia: 2020-0048 Moderate: libqb IPC File Overwrite Risk
Insecure treatment of IPC temporary files which could allow a local attacker to overwrite privileged system files (CVE-2019-12779). References: - https://bugs.mageia.org/show_bug.cgi?id=25751 . MGASA-2020-0048 - Updated libqb packages fix security vulnerability Publication date: 28 Jan 2020 URL: https://advisories.mageia.org/MGASA-2020-0048.html Type: security Affected Mageia releases: 7 CVE: CVE-2019-12779 Insecure treatment of IPC temporary files which could allow a local attacker to overwrite privileged system files (CVE-2019-12779). References: - https://bugs.mageia.org/show_bug.cgi?id=25751 - - https://www.cve.org/CVERecord?id=CVE-2019-12779 SRPMS: - 7/core/libqb-1.0.5-1.mga7 . Recent libqb updates rectify critical IPC management vulnerabilities that enable unauthorized local file access by malicious actors in Mageia.. Mageia Security Update, IPC Vulnerability, libqb Advisory. . Severity: Important. LinuxSecurity.com Team
Jan 28, 2020
•Important
Mageia
202
security advisorymoderatelocal attackopenSUSE: 2019:1891-1 Moderate: libqb Local File Overwrite
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for libqb ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:1891-1 Rating: moderate References: #1137835 Cross-References: CVE-2019-12779 Affected Products: openSUSE Backports SLE-15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libqb fixes the following issue: Security issue fixed: - CVE-2019-12779: Fixed an insecure treatment of IPC temporary files which could have allowed a local attacker to overwrite privileged system files (bsc#1137835). This update was imported from the SUSE:SLE-15-SP1:Update update project. This update was imported from the openSUSE:Leap:15.1:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP1: zypper in -t patch openSUSE-2019-1891=1 Package List: - openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64): libqb-devel-1.0.3+20190326.a521604-bp151.2.3.1 libqb-tests-1.0.3+20190326.a521604-bp151.2.3.1 libqb-tools-1.0.3+20190326.a521604-bp151.2.3.1 libqb20-1.0.3+20190326.a521604-bp151.2.3.1 - openSUSE Backports SLE-15-SP1 (aarch64_ilp32): libqb-devel-64bit-1.0.3+20190326.a521604-bp151.2.3.1 libqb20-64bit-1.0.3+20190326.a521604-bp151.2.3.1 References: https://www.suse.com/security/cve/CVE-2019-12779.html https://bugzilla.suse.com/1137835 -- . This Fedora update resolves a significant vulnerability in libxyz that affects IPC temporary files under specific scenarios.. openSUSE Security Update, libqb vulnerability, local fileoverwrite, IPC files. . LinuxSecurity.com Team
Aug 14, 2019
OpenSUSE
202
security advisorymoderateupdateopenSUSE: 2019:1752-1 Moderate: Libqb Insecure IPC File Handling
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for libqb ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:1752-1 Rating: moderate References: #1137835 Cross-References: CVE-2019-12779 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libqb fixes the following issue: Security issue fixed: - CVE-2019-12779: Fixed an insecure treatment of IPC temporary files which could have allowed a local attacker to overwrite privileged system files (bsc#1137835). This update was imported from the SUSE:SLE-15-SP1:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2019-1752=1 Package List: - openSUSE Leap 15.1 (i586 x86_64): libqb-debugsource-1.0.3+20190326.a521604-lp151.2.3.1 libqb-devel-1.0.3+20190326.a521604-lp151.2.3.1 libqb-tests-1.0.3+20190326.a521604-lp151.2.3.1 libqb-tests-debuginfo-1.0.3+20190326.a521604-lp151.2.3.1 libqb-tools-1.0.3+20190326.a521604-lp151.2.3.1 libqb-tools-debuginfo-1.0.3+20190326.a521604-lp151.2.3.1 libqb20-1.0.3+20190326.a521604-lp151.2.3.1 libqb20-debuginfo-1.0.3+20190326.a521604-lp151.2.3.1 - openSUSE Leap 15.1 (x86_64): libqb-devel-32bit-1.0.3+20190326.a521604-lp151.2.3.1 libqb20-32bit-1.0.3+20190326.a521604-lp151.2.3.1 libqb20-32bit-debuginfo-1.0.3+20190326.a521604-lp151.2.3.1 References: https://www.suse.com/security/cve/CVE-2019-12779.html https://bugzilla.suse.com/1137835 -- . Fedora addressessignificant vulnerability in OpenSSL, enhancing cryptographic operations by streamlining key management processes.. openSUSE Security Update, libqb vulnerability, IPC files security, system file overwrite. . Severity: Important. LinuxSecurity.com Team
Jul 20, 2019
•Important
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!