Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
100
security advisorymoderatesecurity issueSUSE: kubernetes1.23 Moderate Security Update 2025:02423-1
* bsc#1194400 * bsc#1212493 * bsc#1219964 * bsc#1222539 * bsc#1229008 . # Security update for kubernetes1.23 Announcement ID: SUSE-SU-2025:02423-1 Release Date: 2025-07-21T08:36:42Z Rating: moderate References: * bsc#1194400 * bsc#1212493 * bsc#1219964 * bsc#1222539 * bsc#1229008 * bsc#1241865 Cross-References: * CVE-2021-25743 * CVE-2023-2431 * CVE-2024-0793 * CVE-2024-3177 * CVE-2025-22872 CVSS scores: * CVE-2021-25743 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2021-25743 ( NVD ): 3.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N * CVE-2023-2431 ( SUSE ): 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N * CVE-2023-2431 ( NVD ): 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N * CVE-2023-2431 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2024-0793 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-0793 ( NVD ): 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2024-3177 ( SUSE ): 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N * CVE-2024-3177 ( NVD ): 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N * CVE-2025-22872 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L * CVE-2025-22872 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L * CVE-2025-22872 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L Affected Products: * openSUSE Leap 15.3 An update that solves five vulnerabilities and has one security fix can now be installed. ## Description: This update for kubernetes1.23 fixes the following issues: * CVE-2021-25743: Escape terminal special characters in kubectl output (bsc#1194400). * CVE-2023-2431: Prevent pods to bypass the seccomp profile enforcement (bsc#1212493). * CVE-2024-0793: Advance autoscaling v2 as the preferred API version (bsc#1219964). * CVE-2024-3177: Prevent bypassing mountable secrets policy imposed by the ServiceAccount admission plugin (bsc#1222539). *CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value in foreign content (bsc#1241865). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-2423=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64) * kubernetes1.23-scheduler-1.23.17-150300.7.12.1 * kubernetes1.23-client-1.23.17-150300.7.12.1 * kubernetes1.23-kubelet-common-1.23.17-150300.7.12.1 * kubernetes1.23-controller-manager-1.23.17-150300.7.12.1 * kubernetes1.23-apiserver-1.23.17-150300.7.12.1 * kubernetes1.23-proxy-1.23.17-150300.7.12.1 * kubernetes1.23-kubelet-1.23.17-150300.7.12.1 * kubernetes1.23-client-common-1.23.17-150300.7.12.1 * kubernetes1.23-kubeadm-1.23.17-150300.7.12.1 * openSUSE Leap 15.3 (noarch) * kubernetes1.23-client-fish-completion-1.23.17-150300.7.12.1 * kubernetes1.23-client-bash-completion-1.23.17-150300.7.12.1 * openSUSE Leap 15.3 (ppc64le) * kubernetes1.23-controller-manager-debuginfo-1.23.17-150300.7.12.1 * kubernetes1.23-kubelet-debuginfo-1.23.17-150300.7.12.1 * kubernetes1.23-proxy-debuginfo-1.23.17-150300.7.12.1 * kubernetes1.23-kubeadm-debuginfo-1.23.17-150300.7.12.1 * kubernetes1.23-apiserver-debuginfo-1.23.17-150300.7.12.1 * kubernetes1.23-scheduler-debuginfo-1.23.17-150300.7.12.1 * kubernetes1.23-client-debuginfo-1.23.17-150300.7.12.1 ## References: * https://www.suse.com/security/cve/CVE-2021-25743.html * https://www.suse.com/security/cve/CVE-2023-2431.html * https://www.suse.com/security/cve/CVE-2024-0793.html * https://www.suse.com/security/cve/CVE-2024-3177.html * https://www.suse.com/security/cve/CVE-2025-22872.html * https://bugzilla.suse.com/show_bug.cgi?id=1194400 * https://bugzilla.suse.com/show_bug.cgi?id=1212493 * https://bugzilla.suse.com/show_bug.cgi?id=1219964 * https://bugzilla.suse.com/show_bug.cgi?id=1222539 * https://bugzilla.suse.com/show_bug.cgi?id=1229008 * https://bugzilla.suse.com/show_bug.cgi?id=1241865 . SUSE has issued a significant security enhancement for kubernetes1.23, addressing multiple security flaws along with detailed patching guidelines.. SUSE Security Update, Kubernetes Patch, OpenSUSE Advisory, Threat Management. . LinuxSecurity.com Team
Jul 21, 2025
SuSE
100
security advisoryupdatesoftware patchSUSE: 2021:0175-1 Moderate: PostgreSQL 13 Critical Security Update
An update that solves three vulnerabilities, contains one feature and has one errata is now available. . SUSE Security Update: Security update for postgresql, postgresql13 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0175-1 Rating: moderate References: #1178666 #1178667 #1178668 #1178961 ECO-3049 Cross-References: CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that solves three vulnerabilities, contains one feature and has one errata is now available. Description: This update for postgresql, postgresql13 fixes the following issues: This update ships postgresql13. Upgrade to version 13.1: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. (obsoletes postgresql-timetz.patch) * https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/ * https://www.postgresql.org/docs/13/release-13-1.html Initial packaging of PostgreSQL 13: *https://www.postgresql.org/about/news/postgresql-13-released-2077/ * https://www.postgresql.org/docs/13/release-13.html - bsc#1178961: %ghost the symlinks to pg_config and ecpg. Changes in postgresql wrapper package: - Bump major version to 13. - We also transfer PostgreSQL 9.4.26 to the new package layout in SLE12-SP2 and newer. Reflect this in the conflict with postgresql94. - Also conflict with PostgreSQL versions before 9. - Conflicting with older versions is not limited to SLE. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-175=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-175=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-175=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): libecpg6-13.1-5.3.15 libecpg6-debuginfo-13.1-5.3.15 postgresql13-contrib-13.1-5.3.15 postgresql13-contrib-debuginfo-13.1-5.3.15 postgresql13-debuginfo-13.1-5.3.15 postgresql13-debugsource-13.1-5.3.10 postgresql13-debugsource-13.1-5.3.15 postgresql13-devel-13.1-5.3.15 postgresql13-devel-debuginfo-13.1-5.3.15 postgresql13-plperl-13.1-5.3.15 postgresql13-plperl-debuginfo-13.1-5.3.15 postgresql13-plpython-13.1-5.3.15 postgresql13-plpython-debuginfo-13.1-5.3.15 postgresql13-pltcl-13.1-5.3.15 postgresql13-pltcl-debuginfo-13.1-5.3.15 postgresql13-server-13.1-5.3.15 postgresql13-server-debuginfo-13.1-5.3.15 postgresql13-server-devel-13.1-5.3.15 postgresql13-server-devel-debuginfo-13.1-5.3.15 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): postgresql-contrib-13-4.6.7 postgresql-devel-13-4.6.7 postgresql-docs-13-4.6.7 postgresql-plperl-13-4.6.7 postgresql-plpython-13-4.6.7 postgresql-pltcl-13-4.6.7 postgresql-server-13-4.6.7 postgresql-server-devel-13-4.6.7 postgresql13-docs-13.1-5.3.15 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): postgresql13-test-13.1-5.3.15 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (noarch): postgresql-test-13-4.6.7 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libpq5-13.1-5.3.15 libpq5-debuginfo-13.1-5.3.15 postgresql13-13.1-5.3.15 postgresql13-debuginfo-13.1-5.3.15 postgresql13-debugsource-13.1-5.3.10 postgresql13-debugsource-13.1-5.3.15 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): postgresql-13-4.6.7 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libpq5-32bit-13.1-5.3.15 libpq5-32bit-debuginfo-13.1-5.3.15 References: https://www.suse.com/security/cve/CVE-2020-25694.html https://www.suse.com/security/cve/CVE-2020-25695.html https://www.suse.com/security/cve/CVE-2020-25696.html https://bugzilla.suse.com/1178666 https://bugzilla.suse.com/1178667 https://bugzilla.suse.com/1178668 https://bugzilla.suse.com/1178961 . SUSE Security Patch for PostgreSQL 13 resolves various vulnerabilities and improves functionalities. Maintain your security!. SUSE Linux, PostgreSQL Security, Update Announcement, Software Patch. . LinuxSecurity.com Team
Jan 20, 2021
SuSE
100
security advisoryimportantupdate instructionsSUSE: 2020:2271-1 Important: PostgreSQL12 Security Update Details
An update that fixes two vulnerabilities is now available. . SUSE Security Update: Security update for postgresql12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2271-1 Rating: important References: #1175193 #1175194 Cross-References: CVE-2020-14349 CVE-2020-14350 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP1 SUSE Linux Enterprise Module for Basesystem 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for postgresql12 fixes the following issues: - update to 12.4: * CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers * CVE-2020-14350, bsc#1175194: Make contrib modules' installation scripts more secure. * https://www.postgresql.org/docs/12/release-12-4.html Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP1-2020-2271=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2271=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP1 (aarch64 ppc64le s390x x86_64): libecpg6-12.4-3.11.1 libecpg6-debuginfo-12.4-3.11.1 postgresql12-contrib-12.4-3.11.1 postgresql12-contrib-debuginfo-12.4-3.11.1 postgresql12-debuginfo-12.4-3.11.1 postgresql12-debugsource-12.4-3.11.1 postgresql12-devel-12.4-3.11.1 postgresql12-devel-debuginfo-12.4-3.11.1 postgresql12-plperl-12.4-3.11.1 postgresql12-plperl-debuginfo-12.4-3.11.1 postgresql12-plpython-12.4-3.11.1 postgresql12-plpython-debuginfo-12.4-3.11.1 postgresql12-pltcl-12.4-3.11.1 postgresql12-pltcl-debuginfo-12.4-3.11.1 postgresql12-server-12.4-3.11.1 postgresql12-server-debuginfo-12.4-3.11.1 postgresql12-server-devel-12.4-3.11.1 postgresql12-server-devel-debuginfo-12.4-3.11.1 - SUSE Linux Enterprise Module for Server Applications 15-SP1 (noarch): postgresql12-docs-12.4-3.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64): libpq5-12.4-3.11.1 libpq5-debuginfo-12.4-3.11.1 postgresql12-12.4-3.11.1 postgresql12-debuginfo-12.4-3.11.1 postgresql12-debugsource-12.4-3.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64): libpq5-32bit-12.4-3.11.1 libpq5-32bit-debuginfo-12.4-3.11.1 References: https://www.suse.com/security/cve/CVE-2020-14349.html https://www.suse.com/security/cve/CVE-2020-14350.html https://bugzilla.suse.com/1175193 https://bugzilla.suse.com/1175194 _______________________________________________ sle-security-updates mailing list
Aug 18, 2020
•Important
SuSE
89
security advisoryFedoracritical updateFedora 31: Critical Moby-Engine Update for CVE-2020-13401 Released
Update to upstream 19.03.11 to prevent CVE-2020-13401. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-5ba8c2d9d5 2020-06-19 01:04:58.922087 --------------------------------------------------------------------------------Name : moby-engine Product : Fedora 31 Version : 19.03.11 Release : 1.ce.git42e35e6.fc31 URL : https://www.docker.com Summary : The open-source application container engine Description : Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance and everything in between - and they don't require you to use a particular language, framework or packaging system. That makes them great building blocks for deploying and scaling web apps, databases, and backend services without depending on a particular stack or provider. --------------------------------------------------------------------------------Update Information: Update to upstream 19.03.11 to prevent CVE-2020-13401 --------------------------------------------------------------------------------ChangeLog: * Sun Jun 7 2020 Olivier Lemasle - 19.03.11-1.ce.git42e35e6 - Update to upstream 19.03.11 to prevent CVE-2020-13401 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-5ba8c2d9d5' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jun 18, 2020
•Critical
Fedora
98
security advisorysecurity issueupdate instructionsModerate Advisory RHSA-2016:1630-01: Threats in Red Hat Python34 Software
An update for rh-python34-python is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: rh-python34-python security update Advisory ID: RHSA-2016:1630-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2016:1630.html Issue date: 2016-08-18 CVE Names: CVE-2016-0772 CVE-2016-1000110 CVE-2016-5699 ==================================================================== 1. Summary: An update for rh-python34-python is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data typesand dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-1000110) * It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttls() function. A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the establishment of the TLS layer. (CVE-2016-0772) * It was found that the Python's httplib library (used by urllib, urllib2 and others) did not properly check HTTPConnection.putheader() function arguments. An attacker could use this flaw to inject additional headers in a Python application that allowed user provided header names or values. (CVE-2016-5699) Red Hat would like to thank Scott Geary (VendHQ) for reporting CVE-2016-1000110. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1303647 - CVE-2016-0772 python: smtplib StartTLS stripping attack 1303699 - CVE-2016-5699 python: http protocol steam injection attack 1357334 - CVE-2016-1000110 Python CGIHandler: sets environmental variable based on user supplied Proxy request header 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v.6): Source: rh-python34-python-3.4.2-14.el6.src.rpm x86_64: rh-python34-python-3.4.2-14.el6.x86_64.rpm rh-python34-python-debug-3.4.2-14.el6.x86_64.rpm rh-python34-python-debuginfo-3.4.2-14.el6.x86_64.rpm rh-python34-python-devel-3.4.2-14.el6.x86_64.rpm rh-python34-python-libs-3.4.2-14.el6.x86_64.rpm rh-python34-python-test-3.4.2-14.el6.x86_64.rpm rh-python34-python-tkinter-3.4.2-14.el6.x86_64.rpm rh-python34-python-tools-3.4.2-14.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: rh-python34-python-3.4.2-14.el6.src.rpm x86_64: rh-python34-python-3.4.2-14.el6.x86_64.rpm rh-python34-python-debug-3.4.2-14.el6.x86_64.rpm rh-python34-python-debuginfo-3.4.2-14.el6.x86_64.rpm rh-python34-python-devel-3.4.2-14.el6.x86_64.rpm rh-python34-python-libs-3.4.2-14.el6.x86_64.rpm rh-python34-python-test-3.4.2-14.el6.x86_64.rpm rh-python34-python-tkinter-3.4.2-14.el6.x86_64.rpm rh-python34-python-tools-3.4.2-14.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: rh-python34-python-3.4.2-14.el6.src.rpm x86_64: rh-python34-python-3.4.2-14.el6.x86_64.rpm rh-python34-python-debug-3.4.2-14.el6.x86_64.rpm rh-python34-python-debuginfo-3.4.2-14.el6.x86_64.rpm rh-python34-python-devel-3.4.2-14.el6.x86_64.rpm rh-python34-python-libs-3.4.2-14.el6.x86_64.rpm rh-python34-python-test-3.4.2-14.el6.x86_64.rpm rh-python34-python-tkinter-3.4.2-14.el6.x86_64.rpm rh-python34-python-tools-3.4.2-14.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-python34-python-3.4.2-14.el6.src.rpm x86_64: rh-python34-python-3.4.2-14.el6.x86_64.rpm rh-python34-python-debug-3.4.2-14.el6.x86_64.rpm rh-python34-python-debuginfo-3.4.2-14.el6.x86_64.rpm rh-python34-python-devel-3.4.2-14.el6.x86_64.rpm rh-python34-python-libs-3.4.2-14.el6.x86_64.rpm rh-python34-python-test-3.4.2-14.el6.x86_64.rpm rh-python34-python-tkinter-3.4.2-14.el6.x86_64.rpm rh-python34-python-tools-3.4.2-14.el6.x86_64.rpm Red HatSoftware Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-python34-python-3.4.2-13.el7.src.rpm x86_64: rh-python34-python-3.4.2-13.el7.x86_64.rpm rh-python34-python-debug-3.4.2-13.el7.x86_64.rpm rh-python34-python-debuginfo-3.4.2-13.el7.x86_64.rpm rh-python34-python-devel-3.4.2-13.el7.x86_64.rpm rh-python34-python-libs-3.4.2-13.el7.x86_64.rpm rh-python34-python-test-3.4.2-13.el7.x86_64.rpm rh-python34-python-tkinter-3.4.2-13.el7.x86_64.rpm rh-python34-python-tools-3.4.2-13.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: rh-python34-python-3.4.2-13.el7.src.rpm x86_64: rh-python34-python-3.4.2-13.el7.x86_64.rpm rh-python34-python-debug-3.4.2-13.el7.x86_64.rpm rh-python34-python-debuginfo-3.4.2-13.el7.x86_64.rpm rh-python34-python-devel-3.4.2-13.el7.x86_64.rpm rh-python34-python-libs-3.4.2-13.el7.x86_64.rpm rh-python34-python-test-3.4.2-13.el7.x86_64.rpm rh-python34-python-tkinter-3.4.2-13.el7.x86_64.rpm rh-python34-python-tools-3.4.2-13.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: rh-python34-python-3.4.2-13.el7.src.rpm x86_64: rh-python34-python-3.4.2-13.el7.x86_64.rpm rh-python34-python-debug-3.4.2-13.el7.x86_64.rpm rh-python34-python-debuginfo-3.4.2-13.el7.x86_64.rpm rh-python34-python-devel-3.4.2-13.el7.x86_64.rpm rh-python34-python-libs-3.4.2-13.el7.x86_64.rpm rh-python34-python-test-3.4.2-13.el7.x86_64.rpm rh-python34-python-tkinter-3.4.2-13.el7.x86_64.rpm rh-python34-python-tools-3.4.2-13.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v.7): Source: rh-python34-python-3.4.2-13.el7.src.rpm x86_64: rh-python34-python-3.4.2-13.el7.x86_64.rpm rh-python34-python-debug-3.4.2-13.el7.x86_64.rpm rh-python34-python-debuginfo-3.4.2-13.el7.x86_64.rpm rh-python34-python-devel-3.4.2-13.el7.x86_64.rpm rh-python34-python-libs-3.4.2-13.el7.x86_64.rpm rh-python34-python-test-3.4.2-13.el7.x86_64.rpm rh-python34-python-tkinter-3.4.2-13.el7.x86_64.rpm rh-python34-python-tools-3.4.2-13.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0772 https://access.redhat.com/security/cve/CVE-2016-1000110 https://access.redhat.com/security/cve/CVE-2016-5699 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXthqeXlSAg2UNWIIRAhb7AJ4gvzcaD2gEtNrihN/76uRNcyxx3wCgnJOd BBlG/xStvAR4OD6dXOJ4XCc=YZy2 -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Aug 18, 2016
Red Hat
200
security advisorymoderatesecurity updateScientific Linux SL5: SLSA-2014:1653-1 Moderate: OpenSSL Downgrade Threat
Moderate: openssl security update. Date: Thu, 16 Oct 2014 18:46:12 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Bonnie King Subject: Security ERRATA Moderate: openssl on SL5.x i386/x86_64 MIME-Version: 1.0 Synopsis: Moderate: openssl security update Advisory ID: SLSA-2014:1653-1 Issue Date: 2014-10-16 CVE Numbers: CVE-2014-3566 -- This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails. This can prevent a forceful downgrade of the communication to SSL 3.0. The SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining (CBC) mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication. For additional information about this flaw, see Upstream's Knowledgebase article at https://access.redhat.com/articles/1232123 For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. -- SL5 x86_64 openssl-0.9.8e-31.el5_11.i686.rpm openssl-0.9.8e-31.el5_11.x86_64.rpm openssl-debuginfo-0.9.8e-31.el5_11.i686.rpm openssl-debuginfo-0.9.8e-31.el5_11.x86_64.rpm openssl-perl-0.9.8e-31.el5_11.x86_64.rpm openssl-debuginfo-0.9.8e-31.el5_11.i386.rpm openssl-devel-0.9.8e-31.el5_11.i386.rpm openssl-devel-0.9.8e-31.el5_11.x86_64.rpm i386 openssl-0.9.8e-31.el5_11.i386.rpm openssl-0.9.8e-31.el5_11.i686.rpm openssl-debuginfo-0.9.8e-31.el5_11.i386.rpm openssl-debuginfo-0.9.8e-31.el5_11.i686.rpm openssl-perl-0.9.8e-31.el5_11.i386.rpm openssl-devel-0.9.8e-31.el5_11.i386.rpm - Scientific Linux Development Team . Enhance your OpenSSL security on Scientific Linux SL5.x against downgrade attacks by updating the SSL/TLS Fallback Signaling Cipher with these detailed steps. Scientific Linux, OpenSSL Update, Security Advisory, Moderate Threat, TLS Protocol. . LinuxSecurity.com Team
Oct 16, 2014
Scientific Linux
99
security advisorysecurity issuecriticalSlackware 14.0: SSA:2012-304-02 Critical: Seamonkey Security Fix
New seamonkey packages are available for Slackware 13.37, 14.0, and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] seamonkey (SSA:2012-304-02) New seamonkey packages are available for Slackware 13.37, 14.0, and -current to fix security issues. Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ patches/packages/seamonkey-solibs-2.13.2-i486-1_slack14.0.txz: Upgraded. patches/packages/seamonkey-2.13.2-i486-1_slack14.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/security/known-vulnerabilities/seamonkey/ (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated packages for Slackware 13.37: Updated packages for Slackware x86_64 13.37: Updated packages for Slackware 14.0: Updated packages for Slackware x86_64 14.0: Updated packages for Slackware -current: Updated packages for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 13.37 packages: 4f5d8f94ffc5e4e61ec4b953e728e474 seamonkey-2.13.2-i486-1_slack13.37.txz d3b2ab59a8ef3acd51a852c064f3f8ee seamonkey-solibs-2.13.2-i486-1_slack13.37.txz Slackware x86_64 13.37 packages: 1f152b948392f51fc7989aa9a4a94a88 seamonkey-2.13.2-x86_64-1_slack13.37.txz dfb179106fe1a32a9e16b971fbe7086c seamonkey-solibs-2.13.2-x86_64-1_slack13.37.txz Slackware 14.0 packages: e26767405af222b8d7fa50b4c406772c seamonkey-2.13.2-i486-1_slack14.0.txz b8e1678d4f654ebaa5b8a5f2299d2c4f seamonkey-solibs-2.13.2-i486-1_slack14.0.txz Slackware x86_64 14.0 packages: 794f242732d266ff9769d93af2d5f6d7 seamonkey-2.13.2-x86_64-1_slack14.0.txz 537b6e086e8b63a691e743241c15ca52 seamonkey-solibs-2.13.2-x86_64-1_slack14.0.txz Slackware -current packages: b58e06c626f7f8fc36325800773ed25c l/seamonkey-solibs-2.13.2-i486-1.txz 2495ff647fb7c7a1f06e9768f1e474ce xap/seamonkey-2.13.2-i486-1.txz Slackware x86_64 -current packages: a4919448b2bb9d311e643e135cf8c158 l/seamonkey-solibs-2.13.2-x86_64-1.txz d78666bff2c6366fbc45dd048454679a xap/seamonkey-2.13.2-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg seamonkey-solibs-2.13.2-i486-1_slack14.0.txz seamonkey-2.13.2-i486-1_slack14.0.txz +-----+ . Updated SeaMonkey versions are ready for Slackware, incorporating crucial security patches and enhancements.. Seamonkey Update, Slackware Security, Software Upgrade, Security Fixes. . Severity: Critical. LinuxSecurity.com Team
Oct 31, 2012
•Critical
Slackware
87
security advisoryupdatecriticalDebian 4.0 DSA-1724-1 Critical: Moodle Remote Code Execution Advisory
Several vulnerabilities have been discovered in Moodle, an online course management system. The Common Vulnerabilities and Exposures project identifies the following problems: . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1724-1
Feb 13, 2009
•Critical
Debian
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!