Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 1 articles for you...
202
security advisorymoderatethreat issueopenSUSE Tumbleweed: SUSE-SU-2025:15152-1 moderate Python 3.11 Flask fix
An update that solves one vulnerability can now be installed.. # python311-Flask-3.1.1-1.1 on GA media Announcement ID: openSUSE-SU-2025:15152-1 Rating: moderate Cross-References: * CVE-2025-47278 CVSS scores: * CVE-2025-47278 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2025-47278 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the python311-Flask-3.1.1-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * python311-Flask 3.1.1-1.1 * python311-Flask-doc 3.1.1-1.1 * python312-Flask 3.1.1-1.1 * python312-Flask-doc 3.1.1-1.1 * python313-Flask 3.1.1-1.1 * python313-Flask-doc 3.1.1-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-47278.html . Enhancement for python311-Flask-3.1.1-1.1 on openSUSE resolving a medium level vulnerability that has been patched.. python311 Flask openSUSE security update CVE-2025-47278. . LinuxSecurity.com Team
May 24, 2025
OpenSUSE
202
security advisorysecurity updatekernelopenSUSE 15.3: SUSE-SU-2025:1262-1 important: Linux Kernel Patch
An update that solves five vulnerabilities can now be installed.. # Security update for the Linux Kernel (Live Patch 45 for SLE 15 SP3) Announcement ID: SUSE-SU-2025:1262-1 Release Date: 2025-04-15T08:03:51Z Rating: important References: * bsc#1228714 * bsc#1232818 * bsc#1235218 * bsc#1238788 * bsc#1238790 Cross-References: * CVE-2022-49014 * CVE-2022-49563 * CVE-2022-49564 * CVE-2024-41090 * CVE-2024-56600 CVSS scores: * CVE-2022-49014 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-49014 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-49563 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2022-49563 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-49563 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-49564 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2022-49564 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-49564 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-41090 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H * CVE-2024-56600 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-56600 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56600 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-56600 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_164 fixes severalissues. The following security issues were fixed: * CVE-2022-49014: net: tun: Fix use-after-free in tun_detach() (bsc#1232818). * CVE-2022-49563: crypto: qat - add param check for RSA (bsc#1238788). * CVE-2022-49564: crypto: qat - add param check for DH (bsc#1238790). * CVE-2024-41090: tap: add missing verification for short frame (bsc#1228714). * CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235218). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-1262=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2025-1262=1 ## Package List: * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_164-default-12-150300.2.1 * kernel-livepatch-5_3_18-150300_59_164-default-debuginfo-12-150300.2.1 * kernel-livepatch-SLE15-SP3_Update_45-debugsource-12-150300.2.1 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_164-preempt-12-150300.2.1 * kernel-livepatch-5_3_18-150300_59_164-preempt-debuginfo-12-150300.2.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_164-default-12-150300.2.1 ## References: * https://www.suse.com/security/cve/CVE-2022-49014.html * https://www.suse.com/security/cve/CVE-2022-49563.html * https://www.suse.com/security/cve/CVE-2022-49564.html * https://www.suse.com/security/cve/CVE-2024-41090.html * https://www.suse.com/security/cve/CVE-2024-56600.html * https://bugzilla.suse.com/show_bug.cgi?id=1228714 * https://bugzilla.suse.com/show_bug.cgi?id=1232818 * https://bugzilla.suse.com/show_bug.cgi?id=1235218 * https://bugzilla.suse.com/show_bug.cgi?id=1238788 * https://bugzilla.suse.com/show_bug.cgi?id=1238790 . An essential patch forthe Linux core in openSUSE resolving various significant vulnerabilities and instructions on how to implement it efficiently.. openSUSE kernel update, Linux security patch, important kernel vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Apr 15, 2025
•Important
OpenSUSE
100
security advisorymoderateupdateSUSE 15 SP6: 2025:0429-1 moderate: govulncheck-vulndb security update
* jsc#PED-11136 Cross-References: * CVE-2022-47930 * CVE-2024-10846 . # Security update for govulncheck-vulndb Announcement ID: SUSE-SU-2025:0429-1 Release Date: 2025-02-11T14:12:33Z Rating: moderate References: * jsc#PED-11136 Cross-References: * CVE-2022-47930 * CVE-2024-10846 * CVE-2024-11741 * CVE-2024-13484 * CVE-2024-35177 * CVE-2024-3727 * CVE-2024-45336 * CVE-2024-45339 * CVE-2024-45340 * CVE-2024-45341 * CVE-2024-47770 * CVE-2024-50354 * CVE-2024-9312 * CVE-2024-9313 * CVE-2025-0750 * CVE-2025-22865 * CVE-2025-22866 * CVE-2025-22867 * CVE-2025-23216 * CVE-2025-24366 * CVE-2025-24369 * CVE-2025-24371 * CVE-2025-24376 * CVE-2025-24784 * CVE-2025-24786 * CVE-2025-24787 * CVE-2025-24883 * CVE-2025-24884 CVSS scores: * CVE-2022-47930 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2022-47930 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2024-10846 ( SUSE ): 6.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H * CVE-2024-10846 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2024-10846 ( NVD ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H * CVE-2024-11741 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-11741 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2024-11741 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2024-13484 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2024-35177 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-3727 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2024-3727 ( NVD ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2024-45336 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2024-45339 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-45339 ( SUSE ): 7.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-45339 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2024-45340 ( SUSE ): 7.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L * CVE-2024-45340 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-45341 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2024-47770 ( NVD ): 4.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N * CVE-2024-50354 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-9312 ( NVD ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2024-9313 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-0750 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-22865 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-22865 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-22866 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-22866 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-22866 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-22867 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2025-22867 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-23216 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N * CVE-2025-24366 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-24369 ( NVD ): 2.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-24371 ( NVD ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-24376 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2025-24784 ( NVD ): 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2025-24786 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N * CVE-2025-24787 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N * CVE-2025-24883 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-24884 ( NVD ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP6 An update that solves 28 vulnerabilities and contains one feature can now be installed. ## Description: This update for govulncheck-vulndb fixes the following issues: * Update to version 0.0.20250207T224745 2025-02-07T22:47:45Z. Refs jsc#PED-11136 Go CVE Numbering Authority IDs added or updated with aliases: * GO-2025-3456 CVE-2025-24786 GHSA-9r4c-jwx3-3j76 * GO-2025-3457 CVE-2025-24787 GHSA-c7w4-9wv8-7x7c * GO-2025-3458 CVE-2025-24366 GHSA-vj7w-3m8c-6vpx * Update to version 0.0.20250206T175003 2025-02-06T17:50:03Z. Refs jsc#PED-11136 Go CVE Numbering Authority IDs added or updated with aliases: * GO-2023-1867 CVE-2022-47930 GHSA-c58h-qv6g-fw74 * GO-2024-3244 CVE-2024-50354 GHSA-cph5-3pgr-c82g * Update to version 0.0.20250206T165438 2025-02-06T16:54:38Z. Refs jsc#PED-11136 Go CVE Numbering Authority IDs added or updated with aliases: * GO-2025-3428 CVE-2025-22867 * GO-2025-3447 CVE-2025-22866 * Update to version 0.0.20250205T232745 2025-02-05T23:27:45Z. Refs jsc#PED-11136 Go CVE Numbering Authority IDs added or updated with aliases: * GO-2025-3408 * GO-2025-3448 GHSA-23qp-3c2m-xx6w * GO-2025-3449 GHSA-mx2j-7cmv-353c * GO-2025-3450 GHSA-w7wm-2425-7p2h * GO-2025-3454 GHSA-mj4v-hp69-27x5 * GO-2025-3455 GHSA-vqv5-385r-2hf8 * Update to version 0.0.20250205T003520 2025-02-05T00:35:20Z. Refs jsc#PED-11136 Go CVE Numbering Authority IDs added or updated with aliases: * GO-2025-3451 * Update to version 0.0.20250204T220613 2025-02-04T22:06:13Z. Refs jsc#PED-11136 Go CVE Numbering Authority IDs added or updated with aliases: * GO-2025-3431 CVE-2025-24884 GHSA-hcr5-wv4p-h2g2 * GO-2025-3433 CVE-2025-23216 GHSA-47g2-qmh2-749v * GO-2025-3434 CVE-2025-24376 GHSA-fc89-jghx-8pvg * GO-2025-3435 CVE-2025-24784 GHSA-756x-m4mj-q96c * GO-2025-3436 CVE-2025-24883 GHSA-q26p-9cq4-7fc2 * GO-2025-3437 GHSA-274v-mgcv-cm8j * GO-2025-3438 CVE-2024-11741 GHSA-wxcc-2f3q-4h58 * GO-2025-3442 CVE-2025-24371 GHSA-22qq-3xwm-r5x4 * GO-2025-3443 GHSA-r3r4-g7hq-pq4f * GO-2025-3444 CVE-2024-35177 * GO-2025-3445 CVE-2024-47770 * Use standard RPM macros to unpack the source and populate a working directory. Fixes build with RPM 4.20. * Update to version 0.0.20250130T185858 2025-01-30T18:58:58Z. Refs jsc#PED-11136 Go CVE Numbering Authority IDs added or updated with aliases: * GO-2024-2842 CVE-2024-3727 GHSA-6wvf-f2vw-3425 * GO-2024-3181 CVE-2024-9313 GHSA-x5q3-c8rm-w787 * GO-2024-3188 CVE-2024-9312 GHSA-4gfw-wf7c-w6g2 * GO-2025-3372 CVE-2024-45339 GHSA-6wxm-mpqj-6jpf * GO-2025-3373 CVE-2024-45341 * GO-2025-3383 CVE-2024-45340 * GO-2025-3408 * GO-2025-3412 CVE-2024-10846 GHSA-36gq-35j3-p9r9 * GO-2025-3420 CVE-2024-45336 * GO-2025-3421 CVE-2025-22865 * GO-2025-3424 CVE-2025-24369 * GO-2025-3426 CVE-2025-0750 GHSA-hp5j-2585-qx6g * GO-2025-3427 CVE-2024-13484 GHSA-58fx-7v9q-3g56 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP6 zypper in -t patchSUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-429=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-429=1 ## Package List: * SUSE Package Hub 15 15-SP6 (noarch) * govulncheck-vulndb-0.0.20250207T224745-150000.1.32.1 * openSUSE Leap 15.6 (noarch) * govulncheck-vulndb-0.0.20250207T224745-150000.1.32.1 ## References: * https://www.suse.com/security/cve/CVE-2022-47930.html * https://www.suse.com/security/cve/CVE-2024-10846.html * https://www.suse.com/security/cve/CVE-2024-11741.html * https://www.suse.com/security/cve/CVE-2024-13484.html * https://www.suse.com/security/cve/CVE-2024-35177.html * https://www.suse.com/security/cve/CVE-2024-3727.html * https://www.suse.com/security/cve/CVE-2024-45336.html * https://www.suse.com/security/cve/CVE-2024-45339.html * https://www.suse.com/security/cve/CVE-2024-45340.html * https://www.suse.com/security/cve/CVE-2024-45341.html * https://www.suse.com/security/cve/CVE-2024-47770.html * https://www.suse.com/security/cve/CVE-2024-50354.html * https://www.suse.com/security/cve/CVE-2024-9312.html * https://www.suse.com/security/cve/CVE-2024-9313.html * https://www.suse.com/security/cve/CVE-2025-0750.html * https://www.suse.com/security/cve/CVE-2025-22865.html * https://www.suse.com/security/cve/CVE-2025-22866.html * https://www.suse.com/security/cve/CVE-2025-22867.html * https://www.suse.com/security/cve/CVE-2025-23216.html * https://www.suse.com/security/cve/CVE-2025-24366.html * https://www.suse.com/security/cve/CVE-2025-24369.html * https://www.suse.com/security/cve/CVE-2025-24371.html * https://www.suse.com/security/cve/CVE-2025-24376.html * https://www.suse.com/security/cve/CVE-2025-24784.html * https://www.suse.com/security/cve/CVE-2025-24786.html * https://www.suse.com/security/cve/CVE-2025-24787.html * https://www.suse.com/security/cve/CVE-2025-24883.html * https://www.suse.com/security/cve/CVE-2025-24884.html *https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FPED-11136&page_caps=&user_role= . A recent security patch for govulncheck-vulndb addresses 28 vulnerabilities categorized as moderate severity, delivering essential updates for SUSE platforms.. govulncheck,vulnerability patch,SUSE update,security enhancement. . LinuxSecurity.com Team
Feb 11, 2025
SuSE
202
security advisorymoderatesecurity updateopenSUSE Leap 15.4: SUSE-SU-2023:0008-1 Moderate: ffmpeg-4 Null Pointer
An update that fixes one vulnerability is now available.. SUSE Security Update: Security update for ffmpeg-4 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0008-1 Rating: moderate References: #1206442 Cross-References: CVE-2022-3109 CVSS scores: CVE-2022-3109 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3109 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ffmpeg-4 fixes the following issues: - CVE-2022-3109: Fixed null pointer dereference in vp3_decode_frame() (bsc#1206442). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-8=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-8=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -tpatch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-8=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-8=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ffmpeg-4-4.4-150400.3.8.1 ffmpeg-4-debuginfo-4.4-150400.3.8.1 ffmpeg-4-debugsource-4.4-150400.3.8.1 ffmpeg-4-libavcodec-devel-4.4-150400.3.8.1 ffmpeg-4-libavdevice-devel-4.4-150400.3.8.1 ffmpeg-4-libavfilter-devel-4.4-150400.3.8.1 ffmpeg-4-libavformat-devel-4.4-150400.3.8.1 ffmpeg-4-libavresample-devel-4.4-150400.3.8.1 ffmpeg-4-libavutil-devel-4.4-150400.3.8.1 ffmpeg-4-libpostproc-devel-4.4-150400.3.8.1 ffmpeg-4-libswresample-devel-4.4-150400.3.8.1 ffmpeg-4-libswscale-devel-4.4-150400.3.8.1 ffmpeg-4-private-devel-4.4-150400.3.8.1 libavcodec58_134-4.4-150400.3.8.1 libavcodec58_134-debuginfo-4.4-150400.3.8.1 libavdevice58_13-4.4-150400.3.8.1 libavdevice58_13-debuginfo-4.4-150400.3.8.1 libavfilter7_110-4.4-150400.3.8.1 libavfilter7_110-debuginfo-4.4-150400.3.8.1 libavformat58_76-4.4-150400.3.8.1 libavformat58_76-debuginfo-4.4-150400.3.8.1 libavresample4_0-4.4-150400.3.8.1 libavresample4_0-debuginfo-4.4-150400.3.8.1 libavutil56_70-4.4-150400.3.8.1 libavutil56_70-debuginfo-4.4-150400.3.8.1 libpostproc55_9-4.4-150400.3.8.1 libpostproc55_9-debuginfo-4.4-150400.3.8.1 libswresample3_9-4.4-150400.3.8.1 libswresample3_9-debuginfo-4.4-150400.3.8.1 libswscale5_9-4.4-150400.3.8.1 libswscale5_9-debuginfo-4.4-150400.3.8.1 - openSUSE Leap 15.4 (x86_64): libavcodec58_134-32bit-4.4-150400.3.8.1 libavcodec58_134-32bit-debuginfo-4.4-150400.3.8.1 libavdevice58_13-32bit-4.4-150400.3.8.1 libavdevice58_13-32bit-debuginfo-4.4-150400.3.8.1 libavfilter7_110-32bit-4.4-150400.3.8.1 libavfilter7_110-32bit-debuginfo-4.4-150400.3.8.1 libavformat58_76-32bit-4.4-150400.3.8.1 libavformat58_76-32bit-debuginfo-4.4-150400.3.8.1 libavresample4_0-32bit-4.4-150400.3.8.1 libavresample4_0-32bit-debuginfo-4.4-150400.3.8.1 libavutil56_70-32bit-4.4-150400.3.8.1 libavutil56_70-32bit-debuginfo-4.4-150400.3.8.1 libpostproc55_9-32bit-4.4-150400.3.8.1 libpostproc55_9-32bit-debuginfo-4.4-150400.3.8.1 libswresample3_9-32bit-4.4-150400.3.8.1 libswresample3_9-32bit-debuginfo-4.4-150400.3.8.1 libswscale5_9-32bit-4.4-150400.3.8.1 libswscale5_9-32bit-debuginfo-4.4-150400.3.8.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): ffmpeg-4-debuginfo-4.4-150400.3.8.1 ffmpeg-4-debugsource-4.4-150400.3.8.1 libavformat58_76-4.4-150400.3.8.1 libavformat58_76-debuginfo-4.4-150400.3.8.1 libswscale5_9-4.4-150400.3.8.1 libswscale5_9-debuginfo-4.4-150400.3.8.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): ffmpeg-4-debuginfo-4.4-150400.3.8.1 ffmpeg-4-debugsource-4.4-150400.3.8.1 libavformat58_76-4.4-150400.3.8.1 libavformat58_76-debuginfo-4.4-150400.3.8.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): ffmpeg-4-debuginfo-4.4-150400.3.8.1 ffmpeg-4-debugsource-4.4-150400.3.8.1 libavcodec58_134-4.4-150400.3.8.1 libavcodec58_134-debuginfo-4.4-150400.3.8.1 libavutil56_70-4.4-150400.3.8.1 libavutil56_70-debuginfo-4.4-150400.3.8.1 libswresample3_9-4.4-150400.3.8.1 libswresample3_9-debuginfo-4.4-150400.3.8.1 References: https://www.suse.com/security/cve/CVE-2022-3109.html https://bugzilla.suse.com/1206442 . Update available for ffmpeg-4 on openSUSE addressing CVE-2022-3109 with moderate risk. Ensure version is updated to enhance system security.. openSUSE Security Update, FFmpeg Patch, Null Pointer Issue, Moderate Threat, Security Fix. . LinuxSecurity.com Team
Jan 02, 2023
OpenSUSE
202
security advisoryupdateimportantopenSUSE: 2019:1848-1 Critical Update: Chromium Security Patch Release
An update that fixes 16 vulnerabilities is now available.. openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:1848-1 Rating: important References: #1143492 #1144625 Cross-References: CVE-2019-5850 CVE-2019-5851 CVE-2019-5852 CVE-2019-5853 CVE-2019-5854 CVE-2019-5855 CVE-2019-5856 CVE-2019-5857 CVE-2019-5858 CVE-2019-5859 CVE-2019-5860 CVE-2019-5861 CVE-2019-5862 CVE-2019-5863 CVE-2019-5864 CVE-2019-5865 Affected Products: openSUSE Leap 15.0 ______________________________________________________________________________ An update that fixes 16 vulnerabilities is now available. Description: This update for chromium to version 76.0.3809.87 fixes the following issues: - CVE-2019-5850: Use-after-free in offline page fetcher (boo#1143492) - CVE-2019-5860: Use-after-free in PDFium (boo#1143492) - CVE-2019-5853: Memory corruption in regexp length check (boo#1143492) - CVE-2019-5851: Use-after-poison in offline audio context (boo#1143492) - CVE-2019-5859: res: URIs can load alternative browsers (boo#1143492) - CVE-2019-5856: Insufficient checks on filesystem: URI permissions (boo#1143492) - CVE-2019-5855: Integer overflow in PDFium (boo#1143492) - CVE-2019-5865: Site isolation bypass from compromised renderer (boo#1143492) - CVE-2019-5858: Insufficient filtering of Open URL service parameters (boo#1143492) - CVE-2019-5864: Insufficient port filtering in CORS for extensions (boo#1143492) - CVE-2019-5862: AppCache not robust to compromised renderers (boo#1143492) - CVE-2019-5861: Click location incorrectly checked (boo#1143492) - CVE-2019-5857: Comparison of -0 and null yields crash (boo#1143492) - CVE-2019-5854: Integer overflow in PDFium text rendering (boo#1143492) - CVE-2019-5852:Object leak of utility functions (boo#1143492) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.0: zypper in -t patch openSUSE-2019-1848=1 Package List: - openSUSE Leap 15.0 (x86_64): chromedriver-76.0.3809.87-lp150.224.1 chromedriver-debuginfo-76.0.3809.87-lp150.224.1 chromium-76.0.3809.87-lp150.224.1 chromium-debuginfo-76.0.3809.87-lp150.224.1 chromium-debugsource-76.0.3809.87-lp150.224.1 References: https://www.suse.com/security/cve/CVE-2019-5850.html https://www.suse.com/security/cve/CVE-2019-5851.html https://www.suse.com/security/cve/CVE-2019-5852.html https://www.suse.com/security/cve/CVE-2019-5853.html https://www.suse.com/security/cve/CVE-2019-5854.html https://www.suse.com/security/cve/CVE-2019-5855.html https://www.suse.com/security/cve/CVE-2019-5856.html https://www.suse.com/security/cve/CVE-2019-5857.html https://www.suse.com/security/cve/CVE-2019-5858.html https://www.suse.com/security/cve/CVE-2019-5859.html https://www.suse.com/security/cve/CVE-2019-5860.html https://www.suse.com/security/cve/CVE-2019-5861.html https://www.suse.com/security/cve/CVE-2019-5862.html https://www.suse.com/security/cve/CVE-2019-5863.html https://www.suse.com/security/cve/CVE-2019-5864.html https://www.suse.com/security/cve/CVE-2019-5865.html https://bugzilla.suse.com/1143492 https://bugzilla.suse.com/1144625 -- . A significant enhancement for Fedora tackles 12 vulnerabilities in Firefox, boosting performance and safeguarding user data.. openSUSE Security Update, Chromium Patch, Important Updates. . Severity: Important. LinuxSecurity.com Team
Aug 12, 2019
•Important
OpenSUSE
200
security advisorymoderatethreat issueScientific Linux 7: SLSA-2019-1884-1 Moderate: libssh2 Memory Issue
libssh2: Out-of-bounds memory comparison with specially crafted message channel request (CVE-2019-3862) SL7 x86_64 libssh2-1.4.3-12.el7_6.3.i686.rpm libssh2-1.4.3-12.el7_6.3.x86_64.rpm libssh2-debuginfo-1.4.3-12.el7_6.3.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.3.x86_64.rpm libssh2-devel-1.4.3-12.el7_6.3.i686.rpm libssh2-devel-1.4.3-12.el7_6.3.x86_64.rpm libssh2- [More...]. Synopsis: Moderate: libssh2 security update Advisory ID: SLSA-2019:1884-1 Issue Date: 2019-07-29 CVE Numbers: CVE-2019-3862 -- Security Fix(es): * libssh2: Out-of-bounds memory comparison with specially crafted message channel request (CVE-2019-3862) -- SL7 x86_64 libssh2-1.4.3-12.el7_6.3.i686.rpm libssh2-1.4.3-12.el7_6.3.x86_64.rpm libssh2-debuginfo-1.4.3-12.el7_6.3.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.3.x86_64.rpm libssh2-devel-1.4.3-12.el7_6.3.i686.rpm libssh2-devel-1.4.3-12.el7_6.3.x86_64.rpm libssh2-1.4.3-12.el7_6.3.src.rpm noarch libssh2-docs-1.4.3-12.el7_6.3.noarch.rpm - Scientific Linux Development Team . libssh2 vulnerability patch for SL7 resolves memory comparison problems associated with a specially crafted channel request. Discover further details now.. libssh2 security, memory issue, SLSA advisory, Scientific Linux update. . LinuxSecurity.com Team
Jul 29, 2019
Scientific Linux
202
security advisorydenial of serviceupdateopenSUSE 42.3 Update: openSUSE-SU-2018:3717-1 Moderate libarchive DoS
An update that fixes 7 vulnerabilities is now available.. openSUSE Security Update: Security update for libarchive ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:3717-1 Rating: moderate References: #1032089 #1037008 #1037009 #1057514 #1059100 #1059134 #1059139 Cross-References: CVE-2016-10209 CVE-2016-10349 CVE-2016-10350 CVE-2017-14166 CVE-2017-14501 CVE-2017-14502 CVE-2017-14503 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for libarchive fixes the following issues: - CVE-2016-10209: The archive_wstring_append_from_mbs function in archive_string.c allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file. (bsc#1032089) - CVE-2016-10349: The archive_le32dec function in archive_endian.h allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (bsc#1037008) - CVE-2016-10350: The archive_read_format_cab_read_header function in archive_read_support_format_cab.c allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (bsc#1037009) - CVE-2017-14166: libarchive allowed remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c. (bsc#1057514) - CVE-2017-14501: An out-of-bounds read flaw existed in parse_file_info in archive_read_support_format_iso9660.c when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header. (bsc#1059139) - CVE-2017-14502: read_header in archive_read_support_format_rar.c suffered from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. (bsc#1059134) - CVE-2017-14503: libarchive suffered from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16. (bsc#1059100) This update was imported from the SUSE:SLE-12:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-1366=1 Package List: - openSUSE Leap 42.3 (i586 x86_64): bsdtar-3.1.2-20.3.1 bsdtar-debuginfo-3.1.2-20.3.1 libarchive-debugsource-3.1.2-20.3.1 libarchive-devel-3.1.2-20.3.1 libarchive13-3.1.2-20.3.1 libarchive13-debuginfo-3.1.2-20.3.1 - openSUSE Leap 42.3 (x86_64): libarchive13-32bit-3.1.2-20.3.1 libarchive13-debuginfo-32bit-3.1.2-20.3.1 References: https://www.suse.com/security/cve/CVE-2016-10209.html https://www.suse.com/security/cve/CVE-2016-10349.html https://www.suse.com/security/cve/CVE-2016-10350.html https://www.suse.com/security/cve/CVE-2017-14166.html https://www.suse.com/security/cve/CVE-2017-14501.html https://www.suse.com/security/cve/CVE-2017-14502.html https://www.suse.com/security/cve/CVE-2017-14503.html https://bugzilla.suse.com/1032089 https://bugzilla.suse.com/1037008 https://bugzilla.suse.com/1037009 https://bugzilla.suse.com/1057514 https://bugzilla.suse.com/1059100 https://bugzilla.suse.com/1059134 https://bugzilla.suse.com/1059139 -- . By tackling six weaknesses, this Fedora patch for libarchive improvesboth the reliability and protection of the system.. libarchive Update, openSUSE Security Fix, Denial of Service Threat, Security Update. . LinuxSecurity.com Team
Nov 10, 2018
OpenSUSE
89
security advisoryfedoracriticalFedora 28 FEDORA-2018-2926fd93f4 Critical: Mingw-libid3tag Issues
Fix CVE-2017-11550 and CVE-2004-2779. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-2926fd93f4 2018-04-15 02:32:41.335876 --------------------------------------------------------------------------------Name : mingw-libid3tag Product : Fedora 28 Version : 0.15.1b Release : 24.fc28 URL : http://www.underbit.com/products/mad/ Summary : ID3 tag manipulation library Description : libid3tag is a library for reading and (eventually) writing ID3 tags, both ID3v1 and the various versions of ID3v2. --------------------------------------------------------------------------------Update Information: Fix CVE-2017-11550 and CVE-2004-2779 --------------------------------------------------------------------------------References: [ 1 ] Bug #1561983 - CVE-2004-2779 libid3tag: id3_utf16_deserialize() misparses ID3v2 tags with an odd number of bytes resulting in an endless loop https://bugzilla.redhat.com/show_bug.cgi?id=1561983 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade mingw-libid3tag' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Apr 15, 2018
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!