Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
202
security advisorymoderatesoftware updateopenSUSE Tumbleweed: 2025:14989-1 moderate: flannel update
An update that solves one vulnerability can now be installed.. # flannel-0.26.6-1.1 on GA media Announcement ID: openSUSE-SU-2025:14989-1 Rating: moderate Cross-References: * CVE-2025-30204 CVSS scores: * CVE-2025-30204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-30204 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the flannel-0.26.6-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * flannel 0.26.6-1.1 * flannel-k8s-yaml 0.26.6-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-30204.html . The release of flannel-0.26.6-1.1 on openSUSE Tumbleweed tackles a noteworthy security vulnerability. It is advisable to install this update to enhance system protection.. openSUSE Tumbleweed, flannel update, security patch. . LinuxSecurity.com Team
Apr 15, 2025
OpenSUSE
100
security advisoryimportantsoftware issueSUSE: 2024:1774-1 Important: Python3 Security Update for Threats
* bsc#1219559 * bsc#1220664 * bsc#1221563 * bsc#1221854 * bsc#1222075 . # Security update for python3 Announcement ID: SUSE-SU-2024:1774-1 Rating: important References: * bsc#1219559 * bsc#1220664 * bsc#1221563 * bsc#1221854 * bsc#1222075 Cross-References: * CVE-2023-52425 * CVE-2024-0450 CVSS scores: * CVE-2023-52425 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52425 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-0450 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves two vulnerabilities and has three security fixes can now be installed. ## Description: This update for python3 fixes the following issues: * CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). * CVE-2024-0450: Fixed detecting the vulnerability of "quoted-overlap" zipbomb (bsc#1221854). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-1774=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-1774=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-1774=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-1774=1 ## Package List: * SUSE LinuxEnterprise Micro 5.1 (aarch64 s390x x86_64) * libpython3_6m1_0-3.6.15-150000.3.147.1 * libpython3_6m1_0-debuginfo-3.6.15-150000.3.147.1 * python3-3.6.15-150000.3.147.1 * python3-base-debuginfo-3.6.15-150000.3.147.1 * python3-debugsource-3.6.15-150000.3.147.1 * python3-debuginfo-3.6.15-150000.3.147.1 * python3-base-3.6.15-150000.3.147.1 * python3-core-debugsource-3.6.15-150000.3.147.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libpython3_6m1_0-3.6.15-150000.3.147.1 * libpython3_6m1_0-debuginfo-3.6.15-150000.3.147.1 * python3-curses-3.6.15-150000.3.147.1 * python3-curses-debuginfo-3.6.15-150000.3.147.1 * python3-3.6.15-150000.3.147.1 * python3-dbm-3.6.15-150000.3.147.1 * python3-devel-debuginfo-3.6.15-150000.3.147.1 * python3-base-debuginfo-3.6.15-150000.3.147.1 * python3-dbm-debuginfo-3.6.15-150000.3.147.1 * python3-tk-3.6.15-150000.3.147.1 * python3-tk-debuginfo-3.6.15-150000.3.147.1 * python3-debugsource-3.6.15-150000.3.147.1 * python3-debuginfo-3.6.15-150000.3.147.1 * python3-tools-3.6.15-150000.3.147.1 * python3-idle-3.6.15-150000.3.147.1 * python3-devel-3.6.15-150000.3.147.1 * python3-base-3.6.15-150000.3.147.1 * python3-core-debugsource-3.6.15-150000.3.147.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libpython3_6m1_0-3.6.15-150000.3.147.1 * libpython3_6m1_0-debuginfo-3.6.15-150000.3.147.1 * python3-curses-3.6.15-150000.3.147.1 * python3-curses-debuginfo-3.6.15-150000.3.147.1 * python3-3.6.15-150000.3.147.1 * python3-dbm-3.6.15-150000.3.147.1 * python3-devel-debuginfo-3.6.15-150000.3.147.1 * python3-base-debuginfo-3.6.15-150000.3.147.1 * python3-dbm-debuginfo-3.6.15-150000.3.147.1 * python3-tk-3.6.15-150000.3.147.1 * python3-tk-debuginfo-3.6.15-150000.3.147.1 * python3-debugsource-3.6.15-150000.3.147.1 * python3-debuginfo-3.6.15-150000.3.147.1 *python3-tools-3.6.15-150000.3.147.1 * python3-idle-3.6.15-150000.3.147.1 * python3-devel-3.6.15-150000.3.147.1 * python3-base-3.6.15-150000.3.147.1 * python3-core-debugsource-3.6.15-150000.3.147.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libpython3_6m1_0-3.6.15-150000.3.147.1 * libpython3_6m1_0-debuginfo-3.6.15-150000.3.147.1 * python3-curses-3.6.15-150000.3.147.1 * python3-curses-debuginfo-3.6.15-150000.3.147.1 * python3-3.6.15-150000.3.147.1 * python3-dbm-3.6.15-150000.3.147.1 * python3-devel-debuginfo-3.6.15-150000.3.147.1 * python3-base-debuginfo-3.6.15-150000.3.147.1 * python3-dbm-debuginfo-3.6.15-150000.3.147.1 * python3-tk-3.6.15-150000.3.147.1 * python3-tk-debuginfo-3.6.15-150000.3.147.1 * python3-debugsource-3.6.15-150000.3.147.1 * python3-debuginfo-3.6.15-150000.3.147.1 * python3-tools-3.6.15-150000.3.147.1 * python3-idle-3.6.15-150000.3.147.1 * python3-devel-3.6.15-150000.3.147.1 * python3-base-3.6.15-150000.3.147.1 * python3-core-debugsource-3.6.15-150000.3.147.1 ## References: * https://www.suse.com/security/cve/CVE-2023-52425.html * https://www.suse.com/security/cve/CVE-2024-0450.html * https://bugzilla.suse.com/show_bug.cgi?id=1219559 * https://bugzilla.suse.com/show_bug.cgi?id=1220664 * https://bugzilla.suse.com/show_bug.cgi?id=1221563 * https://bugzilla.suse.com/show_bug.cgi?id=1221854 * https://bugzilla.suse.com/show_bug.cgi?id=1222075 . SUSE's critical python3 security update outlines remedies for several vulnerabilities along with guidance on how to implement the updates.. SUSE Python Security, Python3 Advisory, Security Fixes, Linux Updates, Software Management. . Severity: Important. LinuxSecurity.com Team
May 24, 2024
•Important
SuSE
217
security advisorysoftware patchsecurity fixOracle Linux 7: ELSA-2023-12199 Critical: Kernel Security Update
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2023-12199 https://linux.oracle.com/errata/ELSA-2023-12199.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-4.14.35-2047.523.4.1.el7uek.x86_64.rpm kernel-uek-debug-4.14.35-2047.523.4.1.el7uek.x86_64.rpm kernel-uek-debug-devel-4.14.35-2047.523.4.1.el7uek.x86_64.rpm kernel-uek-devel-4.14.35-2047.523.4.1.el7uek.x86_64.rpm kernel-uek-tools-4.14.35-2047.523.4.1.el7uek.x86_64.rpm kernel-uek-doc-4.14.35-2047.523.4.1.el7uek.noarch.rpm SRPMS: https://oss.oracle.com:443/ol7/SRPMS-updates//kernel-uek-4.14.35-2047.523.4.1.el7uek.src.rpm Related CVEs: CVE-2022-2873 CVE-2022-45934 CVE-2022-3545 CVE-2022-41218 CVE-2022-45886 CVE-2022-45884 CVE-2022-45919 CVE-2022-45884 CVE-2022-45885 CVE-2023-0394 CVE-2022-47929 CVE-2023-23455 Description of changes: [4.14.35-2047.523.4.1.el7uek] - mm: kvmalloc does not fallback to vmalloc for incompatible gfp flags (Michal Hocko) [Orabug: 35164196] [4.14.35-2047.523.4.el7uek] - rds: ib: Keep IB MRs on clean_list unless we are tearing down the pool (HÃ¥kon Bugge) [Orabug: 34987235] - rds: ib: Add FRWR related statistics counters (HÃ¥kon Bugge) [Orabug: 34987235] - net/rds: The fast registration work queue is not destroyed (Ka-Cheong Poon) [Orabug: 25962452] [Orabug: 31712036] [4.14.35-2047.523.3.el7uek] - driver/soc/pensando: cap_pcie: refactor pciep_regrd32 (David Clear) [Orabug: 35089515] - mtd: spi-nor: Add support for Winbond w25q02nw flash. (David Clear) [Orabug: 35089515] - drivers/i2c: Lattice I2C driver update (David Clear) [Orabug: 35089515] - drivers/soc/pensando: Adding Elba sbus driver (David Clear) [Orabug: 35089515] - Arm64: Pensando: Enable ltc2978 driver for Ortano ADI cards (Austin Sehnert) [Orabug: 35080511] - scsi: target: core: Remove from tmr_list during LUN unlink (Dmitry Bogdanov) [Orabug: 35040145] [4.14.35-2047.523.2.el7uek] -RDMA/addr: Refresh neighbour entries upon rdma_resolve_addr() (Gerd Rausch) [Orabug: 35060577] - xfs: fix incorrect i_nlink caused by inode racing (Long Li) [Orabug: 35040849] [4.14.35-2047.523.1.el7uek] - x86/kexec: Do not reserve EFI setup_data in the kexec e820 table (Dave Young) [Orabug: 34966703] - xfs: make COW fork unwritten extent conversions more robust (Christoph Hellwig) [Orabug: 34390903] - scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan (Chandrakanth patil) [Orabug: 34242965] - scsi: megaraid_sas: Early detection of VD deletion through RaidMap update (Kashyap Desai) [Orabug: 34242965] - LTS version: v4.14.304 (Saeed Mirzamohammadi) - x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (YingChi Long) - gsmi: fix null-deref in gsmi_get_variable (Khazhismel Kumykov) - serial: atmel: fix incorrect baudrate setup (Tobias Schramm) - serial: pch_uart: Pass correct sg to dma_unmap_sg() (Ilpo Järvinen) - usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210 (Juhyung Park) - usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() (Maciej Å»enczykowski) - usb: gadget: g_webcam: Send color matching descriptor per frame (Daniel Scally) - usb: host: ehci-fsl: Fix module alias (Alexander Stein) - USB: serial: cp210x: add SCALANCE LPE-9000 device id (Michael Adler) - usb: core: hub: disable autosuspend for TI TUSB8041 (Flavio Suligoi) - USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100 (Greg Kroah-Hartman) - USB: serial: option: add Quectel EM05CN modem (Duke Xin(è¾å®æ)) - USB: serial: option: add Quectel EM05CN (SG) modem (Duke Xin(è¾å®æ)) - USB: serial: option: add Quectel EC200U modem (Ali Mirghasemi) - USB: serial: option: add Quectel EM05-G (RS) modem (Duke Xin(è¾å®æ)) - USB: serial: option: add Quectel EM05-G (CS) modem (Duke Xin(è¾å®æ)) - USB: serial: option: add Quectel EM05-G (GR) modem (Duke Xin(è¾å®æ)) - prlimit: do_prlimit needs tohave a speculation check (Greg Kroah-Hartman) - usb: xhci: Check endpoint is valid before dereferencing it (Jimmy Hu) - xhci-pci: set the dma max_seg_size (Ricardo Ribalda) - nilfs2: fix general protection fault in nilfs_btree_insert() (Ryusuke Konishi) - f2fs: let's avoid panic if extent_tree is not created (Jaegeuk Kim) - RDMA/srp: Move large values to a new enum for gcc13 (Jiri Slaby (SUSE)) - net/ethtool/ioctl: return -EOPNOTSUPP if we have no phy stats (Daniil Tatianin) - pNFS/filelayout: Fix coalescing test for single DS (Olga Kornievskaia) - LTS version: v4.14.303 (Saeed Mirzamohammadi) - Revert "usb: ulpi: defer ulpi_register on ulpi_read_id timeout" (Ferry Toth) - nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() (Minsuk Kang) - hvc/xen: lock console list traversal (Roger Pau Monne) - regulator: da9211: Use irq handler when ready (Ricardo Ribalda) - EDAC/device: Fix period calculation in edac_device_reset_delay_period() (Eliav Farber) - x86/boot: Avoid using Intel mnemonics in AT&T syntax asm (Peter Zijlstra) - netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function. (Gavrilov Ilia) - ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (Herbert Xu) [Orabug: 35005830] {CVE-2023-0394} - platform/x86: sony-laptop: Don't turn off 0x153 keyboard backlight during probe (Hans de Goede) - ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (Clement Lecigne) - net/ulp: prevent ULP without clone op from entering the LISTEN status (Paolo Abeni) - s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() (Heiko Carstens) - perf auxtrace: Fix address filter duplicate symbol selection (Adrian Hunter) - docs: Fix the docs build with Sphinx 6.0 (Jonathan Corbet) - net: sched: disallow noqueue for qdisc classes (Frederick Lawler) [Orabug: 35005793] {CVE-2022-47929} - ravb: Fix "failed to switch device to config mode" message during unbind (Biju Das) - driver core: Fix bus_type.match() error handling in __driver_attach()(Isaac J. Manjarres) - parisc: Align parisc MADV_XXX constants with all other architectures (Helge Deller) - hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (Linus Torvalds) - hfs/hfsplus: use WARN_ON for sanity check (Arnd Bergmann) - nfsd: fix handling of readdir in v4root vs. mount upcall timeout (Jeff Layton) - x86/bugs: Flush IBP in ib_prctl_set() (Rodrigo Branco) - udf: Fix extension of the last extent in the file (Jan Kara) - caif: fix memory leak in cfctrl_linkup_request() (Zhengchao Shao) - usb: rndis_host: Secure rndis_query check against int overflow (Szymon Heidrich) - net: sched: atm: dont intepret cls results when asked to drop (Jamal Hadi Salim) [Orabug: 34983615] {CVE-2023-23455} - net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe (Miaoqian Lin) - net: amd-xgbe: add missed tasklet_kill (Jiguang Xiao) - nfc: Fix potential resource leaks (Miaoqian Lin) - qlcnic: prevent -> dcb use-after-free on qlcnic_dcb_enable() failure (Daniil Tatianin) - bpf: pull before calling skb_postpull_rcsum() (Jakub Kicinski) - SUNRPC: ensure the matching upcall is in-flight upon downcall (minoura makoto) - ext4: allocate extended attribute value in vmalloc area (Ye Bin) - ext4: avoid unaccounted block allocation when expanding inode (Jan Kara) - ext4: initialize quota before expanding inode in setproject ioctl (Jan Kara) - ext4: fix inode leak in ext4_xattr_inode_create() on an error path (Ye Bin) - ext4: avoid BUG_ON when creating xattrs (Jan Kara) - ext4: fix error code return to user-space in ext4_get_branch() (LuÃs Henriques) - ext4: init quota for 'old.inode' in 'ext4_rename' (Ye Bin) - ext4: fix bug_on in __es_tree_search caused by bad boot loader inode (Baokun Li) - ext4: fix undefined behavior in bit shift for ext4_check_flag_values (Gaosheng Cui) - ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop (Baokun Li) - drm/vmwgfx: Validate the box size for the snooped cursor (Zack Rusin) - drm/connector: send hotpluguevent on connector cleanup (Simon Ser) - device_cgroup: Roll back to original exceptions after copy failure (Wang Weiyang) - parisc: led: Fix potential null-ptr-deref in start_task() (Shang XiaoJing) - iommu/amd: Fix ivrs_acpihid cmdline parsing code (Kim Phillips) - crypto: n2 - add missing hash statesize (Corentin Labbe) - PCI/sysfs: Fix double free in error path (Sascha Hauer) - PCI: Fix pci_device_is_present() for VFs by checking PF (Michael S. Tsirkin) - ima: Fix a potential NULL pointer access in ima_restore_measurement_list (Huaxin Lu) - cifs: fix confusing debug message (Paulo Alcantara) - media: dvb-core: Fix UAF due to refcount races at releasing (Takashi Iwai) [Orabug: 34820630] {CVE-2022-41218} - media: dvb-core: Fix double free in dvb_register_device() (Keita Suzuki) - ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod (Nick Desaulniers) - tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line (Yang Jihong) - x86/microcode/intel: Do not retry microcode reloading on the APs (Ashok Raj) - dm cache: set needs_check flag after aborting metadata (Mike Snitzer) - dm cache: Fix UAF in destroy() (Luo Meng) - dm thin: Fix UAF in run_timer_softirq() (Luo Meng) - dm thin: Use last transaction's pmd-> root when commit failed (Zhihao Cheng) - dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (Mike Snitzer) - selftests: Use optional USERCFLAGS and USERLDFLAGS (Mickaël Salaün) - ARM: ux500: do not directly dereference __iomem (Jason A. Donenfeld) - ktest.pl minconfig: Unset configs instead of just removing them (Steven Rostedt) - media: stv0288: use explicitly signed char (Jason A. Donenfeld) - tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak (Hanjun Guo) - tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak (Hanjun Guo) - mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING (Deren Wu) - md: fix a crash in mempool_free (Mikulas Patocka) - pnode: terminate at peers of source(Christian Brauner) - ALSA: line6: fix stack overflow in line6_midi_transmit (Artem Egorkine) - ALSA: line6: correct midi status byte when receiving data from podxt (Artem Egorkine) - hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (Aditya Garg) - HID: plantronics: Additional PIDs for double volume key presses quirk (Terry Junge) - powerpc/rtas: avoid scheduling in rtas_os_term() (Nathan Lynch) - powerpc/rtas: avoid device tree lookups in rtas_os_term() (Nathan Lynch) - media: dvbdev: fix refcnt bug (Lin Ma) [Orabug: 34983296] {CVE-2022-45886} {CVE-2022-45884} {CVE-2022-45919} {CVE-2022-45887} {CVE-2022-45885} - gcov: add support for checksum field (Rickard x Andersson) - iio: adc: ad_sigma_delta: do not use internal iio_dev lock (Nuno Sá) - reiserfs: Add missing calls to reiserfs_security_free() (Roberto Sassu) - HID: wacom: Ensure bootloader PID is usable in hidraw mode (Jason Gerecke) - usb: dwc3: core: defer probe on ulpi_read_id timeout (Ferry Toth) - pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES (John Stultz) - pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion (John Stultz) - ASoC: rt5670: Remove unbalanced pm_runtime_put() (Hans de Goede) - ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume() (Wang Jingjin) - ASoC: wm8994: Fix potential deadlock (Marek Szyprowski) - ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume() (Wang Jingjin) - ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe() (Wang Yufen) - orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string() (Zhang Xiaoxu) - drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid() (Nathan Chancellor) - drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid() (Nathan Chancellor) - clk: st: Fix memory leak in st_of_quadfs_setup() (Xiu Jianfeng) - media: si470x: Fix use-after-free in si470x_int_in_callback() (Shigeru Yoshida) - mmc: f-sdh30: Add quirks for broken timeout clock capability (Kunihiko Hayashi) - blk-mq: fix possible memleak when register 'hctx' failed (Ye Bin) - media: dvb-usb: fix memory leak in dvb_usb_adapter_init() (Mazin Al Haddad) - media: dvbdev: adopts refcnt to avoid UAF (Lin Ma) [Orabug: 34983296] {CVE-2022-45887} {CVE-2022-45885} {CVE-2022-45884} {CVE-2022-45886} {CVE-2022-45919} - media: dvb-frontends: fix leak of memory fw (Yan Lei) - ppp: associate skb with a device at tx (Stanislav Fomichev) - mrp: introduce active flags to prevent UAF when applicant uninit (Schspa Shi) - md/raid1: stop mdx_raid1 thread when raid1 array run failed (Jiang Li) - drm/sti: Use drm_mode_copy() (Ville Syrjälä) - s390/lcs: Fix return type of lcs_start_xmit() (Nathan Chancellor) - s390/netiucv: Fix return type of netiucv_tx() (Nathan Chancellor) - s390/ctcm: Fix return type of ctc{mp,}m_tx() (Nathan Chancellor) - igb: Do not free q_vector unless new one was allocated (Kees Cook) - wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() (Minsuk Kang) - hamradio: baycom_epp: Fix return type of baycom_send_packet() (Nathan Chancellor) - net: ethernet: ti: Fix return type of netcp_ndo_start_xmit() (Nathan Chancellor) - bpf: make sure skb-> len != 0 when redirecting to a tunneling device (Stanislav Fomichev) - ipmi: fix memleak when unload ipmi driver (Zhang Yuchen) - ASoC: codecs: rt298: Add quirk for KBL-R RVP platform (Amadeusz SÅawiÅski) - wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out (Shigeru Yoshida) - wifi: ath9k: verify the expected usb_endpoints are present (Fedor Pchelkin) - hfs: fix OOB Read in __hfs_brec_find (ZhangPeng) - acct: fix potential integer overflow in encode_comp_t() (Zheng Yejian) - nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset() (Ryusuke Konishi) - ACPICA: Fix error code path in acpi_ds_call_control_method() (Rafael J. Wysocki) - fs: jfs: fix shift-out-of-bounds in dbDiscardAG (Hoi Pok Wu) - udf: Avoid double brelse() inudf_rename() (Shigeru Yoshida) - fs: jfs: fix shift-out-of-bounds in dbAllocAG (Dongliang Mu) - binfmt_misc: fix shift-out-of-bounds in check_special_flags (Liu Shixin) - net: stream: purge sk_error_queue in sk_stream_kill_queues() (Eric Dumazet) - myri10ge: Fix an error handling path in myri10ge_probe() (Christophe JAILLET) - net_sched: reject TCF_EM_SIMPLE case for complex ematch module (Cong Wang) - skbuff: Account for tail adjustment during pull operations (Subash Abhinov Kasiviswanathan) - openvswitch: Fix flow lookup to use unmasked key (Eelco Chaudron) - r6040: Fix kmemleak in probe and remove (Li Zetao) - nfc: pn533: Clear nfc_target before being used (Minsuk Kang) - mISDN: hfcmulti: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - mISDN: hfcpci: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - mISDN: hfcsusb: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (Dan Aloni) - rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe() (Gaosheng Cui) - selftests/powerpc: Fix resource leaks (Miaoqian Lin) - powerpc/hv-gpci: Fix hv_gpci event list (Kajol Jain) - powerpc/83xx/mpc832x_rdb: call platform_device_put() in error case in of_fsl_spi_probe() (Yang Yingliang) - powerpc/perf: callchain validate kernel stack pointer bounds (Nicholas Piggin) - powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (Yang Yingliang) - cxl: Fix refcount leak in cxl_calc_capp_routing (Miaoqian Lin) - powerpc/52xx: Fix a resource leak in an error handling path (Christophe JAILLET) - macintosh/macio-adb: check the return value of ioremap() (Xie Shaowen) - macintosh: fix possible memory leak in macio_add_one_device() (Yang Yingliang) - iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe() (Yuan Can) - iommu/amd: Fix pci device refcount leak in ppr_notifier() (Yang Yingliang) - rtc: snvs: Allow a timedifference on clock register read (Stefan Eichenberger) - include/uapi/linux/swab: Fix potentially missing __always_inline (Matt Redfearn) - HSI: omap_ssi_core: Fix error handling in ssi_init() (Yuan Can) - power: supply: fix residue sysfs file in error handle route of __power_supply_register() (Zeng Heng) - HSI: omap_ssi_core: fix possible memory leak in ssi_probe() (Yang Yingliang) - HSI: omap_ssi_core: fix unbalanced pm_runtime_disable() (Yang Yingliang) - fbdev: uvesafb: Fixes an error handling path in uvesafb_probe() (Christophe JAILLET) - fbdev: vermilion: decrease reference count in error path (Xiongfeng Wang) - fbdev: via: Fix error in via_core_init() (Shang XiaoJing) - fbdev: pm2fb: fix missing pci_disable_device() (Yang Yingliang) - fbdev: ssd1307fb: Drop optional dependency (Andy Shevchenko) - usb: storage: Add check for kcalloc (Jiasheng Jiang) - i2c: ismt: Fix an out-of-bounds bug in ismt_access() (Zheyu Ma) [Orabug: 34555528] {CVE-2022-2873} - vme: Fix error not catched in fake_init() (Chen Zhongjin) - staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor() (YueHaibing) - staging: rtl8192u: Fix use after free in ieee80211_rx() (Dan Carpenter) - i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe (Hui Tang) - chardev: fix error handling in cdev_device_add() (Yang Yingliang) - mcb: mcb-parse: fix error handing in chameleon_parse_gdd() (Yang Yingliang) - drivers: mcb: fix resource leak in mcb_probe() (Zhengchao Shao) - cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter() (Yang Yingliang) - cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter() (Yang Yingliang) - misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os (Zheng Wang) - misc: tifm: fix possible memory leak in tifm_7xx1_switch_media() (ruanjinjie) - test_firmware: fix memory leak in test_firmware_init() (Zhengchao Shao) - serial: sunsab: Fix error handling in sunsab_init() (Yuan Can) - serial: pch: Fix PCIdevice refcount leak in pch_request_dma() (Xiongfeng Wang) - serial: amba-pl011: avoid SBSA UART accessing DMACR register (Jiamei Xie) - staging: vme_user: Fix possible UAF in tsi148_dma_list_add (Gaosheng Cui) - usb: fotg210-udc: Fix ages old endianness issues (Linus Walleij) - uio: uio_dmem_genirq: Fix deadlock between irq config and handling (Rafael Mendonca) - uio: uio_dmem_genirq: Fix missing unlock in irq configuration (Rafael Mendonca) - vfio: platform: Do not pass return buffer to ACPI _RST method (Rafael Mendonca) - class: fix possible memory leak in __class_register() (Yang Yingliang) - drivers: dio: fix possible memory leak in dio_init() (Yang Yingliang) - IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces (Dragos Tatulea) - hwrng: geode - Fix PCI device refcount leak (Xiongfeng Wang) - hwrng: amd - Fix PCI device refcount leak (Xiongfeng Wang) - crypto: img-hash - Fix variable dereferenced before check 'hdev-> req' (Gaosheng Cui) - orangefs: Fix sysfs not cleanup when dev init failed (Zhang Xiaoxu) - RDMA/hfi1: Fix error return code in parse_platform_config() (Wang Yufen) - scsi: snic: Fix possible UAF in snic_tgt_create() (Gaosheng Cui) - scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (Chen Zhongjin) - scsi: ipr: Fix WARNING in ipr_init() (Shang XiaoJing) - scsi: fcoe: Fix possible name leak when device_register() fails (Yang Yingliang) - scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (Yang Yingliang) - scsi: hpsa: Fix error handling in hpsa_add_sas_host() (Yang Yingliang) - RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed (Zhang Xiaoxu) - RDMA/hfi: Decrease PCI device reference count in error path (Xiongfeng Wang) - PCI: Check for alloc failure in pci_request_irq() (Zeng Heng) - apparmor: fix a memleak in multi_transaction_new() (Gaosheng Cui) - stmmac: fix potential division by 0 (Piergiorgio Beruto) - Bluetooth: RFCOMM: don't call kfree_skb() under spin_lock_irqsave() (Yang Yingliang) -Bluetooth: hci_core: don't call kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - Bluetooth: hci_bcsp: don't call kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - Bluetooth: hci_h5: don't call kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - Bluetooth: hci_qca: don't call kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - Bluetooth: btusb: don't call kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - ntb_netdev: Use dev_kfree_skb_any() in interrupt context (Eric Pilmore) - net: lan9303: Fix read error execution path (Jerry Ray) - net: amd-xgbe: Check only the minimum speed for active/passive cables (Tom Lendacky) - net: amd: lance: don't call dev_kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - hamradio: don't call dev_kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - net: ethernet: dnet: don't call dev_kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - net: emaclite: don't call dev_kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - net: apple: bmac: don't call dev_kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - net: apple: mace: don't call dev_kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - net/tunnel: wait until all sk_user_data reader finish before releasing the sock (Hangbin Liu) - net: farsync: Fix kmemleak when rmmods farsync (Li Zetao) - ethernet: s2io: don't call dev_kfree_skb() under spin_lock_irqsave() (Yang Yingliang) - drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init() (Yuan Can) - net: defxx: Fix missing err handling in dfx_init() (Yongqiang Liu) - net: vmw_vsock: vmci: Check memcpy_from_msg() (Artem Chernyshev) - blktrace: Fix output non-blktrace event when blk_classic option enabled (Yang Jihong) - wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware() (Wang Yufen) - wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h (Bitterblue Smith) - clk: samsung: Fix memory leak in _samsung_clk_register_pll() (Xiu Jianfeng) - media: coda: Add check for kmalloc(Jiasheng Jiang) - media: coda: Add check for dcoda_iram_alloc (Jiasheng Jiang) - media: c8sectpfe: Add of_node_put() when breaking out of loop (Liang He) - mmc: mmci: fix return value check of mmc_add_host() (Yang Yingliang) - mmc: wbsd: fix return value check of mmc_add_host() (Yang Yingliang) - mmc: via-sdmmc: fix return value check of mmc_add_host() (Yang Yingliang) - mmc: wmt-sdmmc: fix return value check of mmc_add_host() (Yang Yingliang) - mmc: vub300: fix return value check of mmc_add_host() (Yang Yingliang) - mmc: toshsd: fix return value check of mmc_add_host() (Yang Yingliang) - mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host() (Yang Yingliang) - mmc: mxcmmc: fix return value check of mmc_add_host() (Yang Yingliang) - mmc: moxart: fix return value check of mmc_add_host() (Yang Yingliang) - NFSv4.x: Fail client initialisation if state manager thread can't run (Trond Myklebust) - SUNRPC: Fix missing release socket in rpc_sockname() (Wang ShaoBo) - ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt (Gaosheng Cui) - media: saa7164: fix missing pci_disable_device() (Liu Shixin) - regulator: core: fix module refcount leak in set_supply() (Yang Yingliang) - bonding: uninitialized variable in bond_miimon_inspect() (Dan Carpenter) - ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe (Zhang Qilong) - drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios() (Xiongfeng Wang) - drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios() (Xiongfeng Wang) - ALSA: asihpi: fix missing pci_disable_device() (Liu Shixin) - NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (Trond Myklebust) - NFSv4.2: Fix a memory stomp in decode_attr_security_label (Trond Myklebust) - media: s5p-mfc: Add variant data for MFC v7 hardware for Exynos 3250 SoC (Aakarsh Jain) - media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() (Baisong Zhong) - pinctrl: pinconf-generic: add missing of_node_put() (ZhangPeng) - media: imon: fixa race condition in send_packet() (Gautam Menghani) - mtd: maps: pxa2xx-flash: fix memory leak in probe (Zheng Yongjun) - clk: rockchip: Fix memory leak in rockchip_clk_register_pll() (Xiu Jianfeng) - ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT (Baisong Zhong) - HID: hid-sensor-custom: set fixed size for custom attributes (Marcus Folkesson) - media: platform: exynos4-is: Fix error handling in fimc_md_init() (Yuan Can) - media: solo6x10: fix possible memory leak in solo_sysfs_init() (Yang Yingliang) - Input: elants_i2c - properly handle the reset GPIO when power is off (Douglas Anderson) - mtd: lpddr2_nvm: Fix possible null-ptr-deref (Hui Tang) - wifi: ath10k: Fix return value in ath10k_pci_init() (Xiu Jianfeng) - ima: Fix misuse of dereference of pointer in template_desc_init_fields() (Xiu Jianfeng) - regulator: core: fix unbalanced of node refcount in regulator_dev_lookup() (Yang Yingliang) - ASoC: pxa: fix null-pointer dereference in filter() (Zeng Heng) - drm/radeon: Add the missed acpi_put_table() to fix memory leak (Hanjun Guo) - media: camss: Clean up received buffers on failed start of streaming (Vladimir Zapolskiy) - mtd: Fix device name leak when register device failed in add_mtd_device() (Zhang Xiaoxu) - media: vivid: fix compose size exceed boundary (Liu Shixin) - spi: Update reference to struct spi_controller (Jonathan Neuschäfer) - media: i2c: ad5820: Fix error path (Ricardo Ribalda) - wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb() (Fedor Pchelkin) - wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs() (Fedor Pchelkin) - rapidio: devices: fix missing put_device in mport_cdev_open (Cai Xinchen) - hfs: Fix OOB Write in hfs_asc2mac (ZhangPeng) - eventfd: change int to __u64 in eventfd_signal() ifndef CONFIG_EVENTFD (Zhang Qilong) - rapidio: fix possible UAF when kfifo_alloc() fails (Wang Weiyang) - fs: sysv: Fix sysv_nblocks() returns wrong value (Chen Zhongjin) - MIPS: BCM63xx: Add checkfor NULL for clk in clk_enable (Anastasia Belova) - platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]() (Yu Liao) - x86/xen: Fix memory leak in xen_init_lock_cpu() (Xiu Jianfeng) - uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (Oleg Nesterov) - ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() (Li Zetao) - rapidio: rio: fix possible name leak in rio_register_mport() (Yang Yingliang) - rapidio: fix possible name leaks when rio_add_device() fails (Yang Yingliang) - lib/notifier-error-inject: fix error when writing -errno to debugfs file (Akinobu Mita) - libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (Akinobu Mita) - irqchip: gic-pm: Use pm_runtime_resume_and_get() in gic_probe() (Shang XiaoJing) - PNP: fix name memory leak in pnp_alloc_dev() (Yang Yingliang) - MIPS: vpe-cmp: fix possible memory leak while module exiting (Yang Yingliang) - MIPS: vpe-mt: fix possible memory leak while module exiting (Yang Yingliang) - ocfs2: fix memory leak in ocfs2_stack_glue_init() (Shang XiaoJing) - timerqueue: Use rb_entry_safe() in timerqueue_getnext() (Barnabás PÅcze) - perf: Fix possible memleak in pmu_dev_alloc() (Chen Zhongjin) - fs: don't audit the capability check in simple_xattr_list() (Ondrej Mosnacek) - PM: hibernate: Fix mistake in kerneldoc comment (xiongxin) - alpha: fix syscall entry in !AUDUT_SYSCALL case (Al Viro) - cpuidle: dt: Return the correct numbers of parsed idle states (Ulf Hansson) - tpm/tpm_crb: Fix error message in __crb_relinquish_locality() (Michael Kelley) - pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP (Stephen Boyd) - ARM: mmp: fix timer_read delay (Doug Brown) - pstore/ram: Fix error return code in ramoops_probe() (Wang Yufen) - ARM: dts: turris-omnia: Add switch port 6 node (Pali Rohár) - ARM: dts: turris-omnia: Add ethernet aliases (Pali Rohár) - ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port (Pali Rohár) - ARM: dts: armada-38x: Fix assigned-addresses for every PCIeRoot Port (Pali Rohár) - ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port (Pali Rohár) - ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port (Pali Rohár) - ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port (Pali Rohár) - ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port (Pali Rohár) - arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name (AngeloGioacchino Del Regno) - soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe (Zhang Qilong) - arm: dts: spear600: Fix clcd interrupt (Kory Maincent) - drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static (Chen Jiahao) - ARM: dts: qcom: apq8064: fix coresight compatible (Luca Weiss) - usb: musb: remove extra check in musb_gadget_vbus_draw (Ivaylo Dimitrov) - net: loopback: use NET_NAME_PREDICTABLE for name_assign_type (Rasmus Villemoes) - Bluetooth: L2CAP: Fix u8 overflow (Sungwoo Kim) [Orabug: 34880796] {CVE-2022-45934} - igb: Initialize mailbox message for VF reset (Tony Nguyen) - USB: serial: cp210x: add Kamstrup RF sniffer PIDs (Bruno Thomsen) - USB: serial: option: add Quectel EM05-G modem (Duke Xin) - usb: gadget: uvc: Prevent buffer overflow in setup handler (Szymon Heidrich) - udf: Fix extending file within last block (Jan Kara) - udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size (Jan Kara) - udf: Fix preallocation discarding at indirect extent boundary (Jan Kara) - udf: Drop unused arguments of udf_delete_aext() (Jan Kara) - udf: Discard preallocation before extending file with a hole (Jan Kara) - perf script python: Remove explicit shebang from tests/attr.c (Tony Jones) - ASoC: ops: Correct bounds check for second channel on SX controls (Charles Keepax) - can: mcba_usb: Fix termination command argument (Yasushi SHOJI) - can: sja1000: fix size of OCR_MODE_MASK define (Heiko Schocher) - ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() (Mark Brown) - nfp: fixuse-after-free in area_cache_get() (Jialiang Wang) [Orabug: 34719740] {CVE-2022-3545} - block: unhash blkdev part inode when the part is deleted (Ming Lei) - mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths (Jann Horn) - mm/khugepaged: fix GUP-fast interaction by sending IPI (Jann Horn) - once: add DO_ONCE_SLOW() for sleepable contexts (Eric Dumazet) - libtraceevent: Fix build with binutils 2.35 (Ben Hutchings) _______________________________________________ El-errata mailing list
Mar 17, 2023
•Critical
Oracle
202
security advisorysoftware updateimportantopenSUSE: 2022:10144-1 Important: GDCM and Orthanc Security Update
An update that fixes two vulnerabilities is now available. . openSUSE Security Update: Security update for gdcm, orthanc, orthanc-gdcm, orthanc-webviewer ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10144-1 Rating: important References: #1181400 Cross-References: CVE-2022-2119 CVE-2022-2120 CVSS scores: CVE-2022-2119 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-2120 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for gdcm, orthanc, orthanc-gdcm, orthanc-webviewer fixes the following issues: Changes in gdcm: - Provides/obsoletes moved to lbgdcm-package (Thx DimStar) - rename of gdcm-libgdcm3_0 to libgdcm3_0 (proposal S. Br??ns) - version 3.0.18 no changelog - version 3.0.12 * support for poppler 22.03 added - version 3.0.11 * Fix for a significant issue with JPEG-LS and RGB color space * tons of small bug fixes - version 3.0.10 (no changelog) Changes in orthanc-gdcm: - changed dependency gdcm-libgdcm3_0 -> libgdcm3_0 - Version 1.5 * Take the configuration option "RestrictTransferSyntaxes" into account not only for decoding, but also for transcoding * Upgrade to GDCM 3.0.10 for static builds- Changes in orthanc: - version 1.11.2 * Added support for RGBA64 images in tools/create-dicom and /preview * New configuration "MaximumStorageMode" to choose between recyling of old patients (default behavior) and rejection of new incoming data when the MaximumStorageSize has been reached. * New sample plugin: "DelayedDeletion" that will delete files from disk asynchronously to speed up deletion oflarge studies. * Lua: new "SetHttpTimeout" function * Lua: new "OnHeartBeat" callback called at regular interval provided that you have configured "LuaHeartBeatPeriod" > 0. * "ExtraMainDicomTags" configuration now accepts Dicom Sequences. Sequences are stored in a dedicated new metadata "MainDicomSequences". This should improve DicomWeb QIDO-RS and avoid warnings like "Accessing Dicom tags from storage when accessing series : 0040,0275". Main dicom sequences can now be returned in "MainDicomTags" and in "RequestedTags". * Fix the "Never" option of the "StorageAccessOnFind" that was sill accessing files (bug introduced in 1.11.0). * Fix the Storage Cache for compressed files (bug introduced in 1.11.1). * Fix the storage cache that was not used by the Plugin SDK. This fixes the DicomWeb plugin "/rendered" route performance issues. * DelayedDeletion plugin: Fix leaking of symbols * SQLite now closes and deletes WAL and SHM files on exit. This should improve handling of SQLite DB over network drives. * Fix static compilation of boost 1.69 on Ubuntu 22.04 * Upgraded dependencies for static builds: - boost 1.80.0 - dcmtk 3.6.7 (fixes CVE-2022-2119 and CVE-2022-2120) - openssl 3.0.5 * Housekeeper plugin: Fix resume of previous processing * Added missing MOVEPatientRootQueryRetrieveInformationModel in DicomControlUserConnection::SetupPresentationContexts() * Improved HttpClient error logging (add method + url) * API version upgraded to 18 * /system is now reporting "DatabaseServerIdentifier" * Added an Asynchronous mode to /modalities/../move. * "RequestedTags" option can now include DICOM sequences. * New function in the SDK: "OrthancPluginGetDatabaseServerIdentifier" * DicomMap::ParseMainDicomTags has been deprecated -> retrieve "full" tags and use DicomMap::FromDicomAsJson instead - version 1.11.0 * new APIversion 1.7 * new configuration parameter * for detailed changelog see NEWS - version 1.10.1 * for detailed changelog see NEWS - Version 1.9.7 * New configuration option "DicomAlwaysAllowMove" to disable verification of the remote modality in C-MOVE SCP * API version upgraded to 15 * Added "Level" option to POST /tools/bulk-modify * Added missing OpenAPI documentation of "KeepSource" in ".../modify" and ".../anonymize" * Added file CITATION.cff * Linux Standard Base (LSB) builds of Orthanc can load non-LSB builds of plugins * Fix upload of ZIP archives containing a DICOMDIR file * Fix computation of the estimated time of arrival in jobs * Support detection of windowing and rescale in Philips multiframe images Changes in orthanc-webviewer: - version 2.8 * Fix XSS inside DICOM in Orthanc Web Viewer (as reported by Stuart Kurutac, NCC Group) * framework190.diff removed (covered in actual version) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-10144=1 Package List: - openSUSE Backports SLE-15-SP3 (aarch64 ppc64le s390x x86_64): gdcm-3.0.19-bp153.2.8.1 gdcm-applications-3.0.19-bp153.2.8.1 gdcm-applications-debuginfo-3.0.19-bp153.2.8.1 gdcm-debuginfo-3.0.19-bp153.2.8.1 gdcm-debugsource-3.0.19-bp153.2.8.1 gdcm-devel-3.0.19-bp153.2.8.1 gdcm-examples-3.0.19-bp153.2.8.1 libgdcm3_0-3.0.19-bp153.2.8.1 libgdcm3_0-debuginfo-3.0.19-bp153.2.8.1 libsocketxx1_2-3.0.19-bp153.2.8.1 libsocketxx1_2-debuginfo-3.0.19-bp153.2.8.1 orthanc-gdcm-1.5-bp153.2.6.1 orthanc-gdcm-debuginfo-1.5-bp153.2.6.1 orthanc-gdcm-debugsource-1.5-bp153.2.6.1 orthanc-webviewer-2.8-bp153.2.3.1 orthanc-webviewer-debuginfo-2.8-bp153.2.3.1 orthanc-webviewer-debugsource-2.8-bp153.2.3.1 python3-gdcm-3.0.19-bp153.2.8.1 python3-gdcm-debuginfo-3.0.19-bp153.2.8.1 - openSUSE Backports SLE-15-SP3 (aarch64 ppc64le x86_64): orthanc-1.11.2-bp153.2.13.1 orthanc-debuginfo-1.11.2-bp153.2.13.1 orthanc-debugsource-1.11.2-bp153.2.13.1 orthanc-devel-1.11.2-bp153.2.13.1 orthanc-source-1.11.2-bp153.2.13.1 - openSUSE Backports SLE-15-SP3 (noarch): orthanc-doc-1.11.2-bp153.2.13.1 References: https://www.suse.com/security/cve/CVE-2022-2119.html https://www.suse.com/security/cve/CVE-2022-2120.html https://bugzilla.suse.com/1181400 . The latest Fedora release tackles significant vulnerabilities in gstreamer and flask frameworks to improve overall performance and reliability.. openSUSE Security Update, GDcm Patch, Orthanc Fixes, Threat Remediation. . Severity: Important. LinuxSecurity.com Team
Oct 12, 2022
•Important
OpenSUSE
100
security advisorypatchimportantSUSE 15-SP2: 2021:0941-1 Critical: Hawk2 Security Patch
An update that solves two vulnerabilities and has one errata is now available. . SUSE Security Update: Security update for hawk2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0941-1 Rating: important References: #1179999 #1182165 #1182166 Cross-References: CVE-2020-35459 CVE-2021-25314 CVSS scores: CVE-2020-35459 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-35459 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-25314 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for hawk2 fixes the following issues: - Update to version 2.6.3: * Remove hawk_invoke and use capture3 instead of runas (bsc#1179999)(CVE-2020-35459) * Remove unnecessary chmod (bsc#1182166)(CVE-2021-25314) * Sanitize filename to contains whitelist of alphanumeric (bsc#1182165) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-941=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-941=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2021-941=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64les390x x86_64): hawk2-2.6.3+git.1614684118.af555ad9-3.27.1 hawk2-debuginfo-2.6.3+git.1614684118.af555ad9-3.27.1 hawk2-debugsource-2.6.3+git.1614684118.af555ad9-3.27.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): hawk2-2.6.3+git.1614684118.af555ad9-3.27.1 hawk2-debuginfo-2.6.3+git.1614684118.af555ad9-3.27.1 hawk2-debugsource-2.6.3+git.1614684118.af555ad9-3.27.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): hawk2-2.6.3+git.1614684118.af555ad9-3.27.1 hawk2-debuginfo-2.6.3+git.1614684118.af555ad9-3.27.1 hawk2-debugsource-2.6.3+git.1614684118.af555ad9-3.27.1 References: https://www.suse.com/security/cve/CVE-2020-35459.html https://www.suse.com/security/cve/CVE-2021-25314.html https://bugzilla.suse.com/1179999 https://bugzilla.suse.com/1182165 https://bugzilla.suse.com/1182166 . A critical patch from SUSE addresses several vulnerabilities in hawk2. See SUSE-SU-2021:0942-1 for more information.. hawk2 security update,SUSE Linux patches,Linux software vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Mar 24, 2021
•Important
SuSE
100
security advisorymoderatesecurity updateSUSE: 2020:14263-1 Moderate: java-1_7_1-ibm Security Update
An update that fixes 11 vulnerabilities is now available. . SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:14263-1 Rating: moderate References: #1154212 #1158442 Cross-References: CVE-2019-2933 CVE-2019-2945 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for java-1_7_1-ibm fixes the following issues: - Update to 7.1 Service Refresh 4 Fix Pack 55 [bsc#1158442, bsc#1154212] * Security fixes: CVE-2019-2933 CVE-2019-2945 CVE-2019-2962 CVE-2019-2964 CVE-2019-2978 CVE-2019-2983 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 CVE-2019-2973 CVE-2019-2981 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-java-1_7_1-ibm-14263=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): java-1_7_1-ibm-1.7.1_sr4.55-26.47.1 java-1_7_1-ibm-devel-1.7.1_sr4.55-26.47.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.55-26.47.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64): java-1_7_1-ibm-alsa-1.7.1_sr4.55-26.47.1 java-1_7_1-ibm-plugin-1.7.1_sr4.55-26.47.1 References: https://www.suse.com/security/cve/CVE-2019-2933.html https://www.suse.com/security/cve/CVE-2019-2945.html https://www.suse.com/security/cve/CVE-2019-2962.html https://www.suse.com/security/cve/CVE-2019-2964.html https://www.suse.com/security/cve/CVE-2019-2973.html https://www.suse.com/security/cve/CVE-2019-2978.html https://www.suse.com/security/cve/CVE-2019-2981.html https://www.suse.com/security/cve/CVE-2019-2983.html https://www.suse.com/security/cve/CVE-2019-2989.html https://www.suse.com/security/cve/CVE-2019-2992.html https://www.suse.com/security/cve/CVE-2019-2999.html https://bugzilla.suse.com/1154212 https://bugzilla.suse.com/1158442 _______________________________________________ sle-security-updates mailing list
Jan 08, 2020
SuSE
172
security advisoryUbuntucritical updateUbuntu 18.04 LTS USN-3766-1 Critical: PHP Denial Of Service
Several security issues were fixed in PHP.. =========================================================================Ubuntu Security Notice USN-3766-1 September 18, 2018 php5, php7.0, php7.2 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in PHP. Software Description: - php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Details: It was discovered that PHP incorrectly handled restarting certain child processes when php-fpm is used. A remote attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 18.04 LTS. (CVE-2015-9253) It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2018-14851, CVE-2018-14883) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: libapache2-mod-php7.2 7.2.10-0ubuntu0.18.04.1 php7.2-cgi 7.2.10-0ubuntu0.18.04.1 php7.2-cli 7.2.10-0ubuntu0.18.04.1 php7.2-fpm 7.2.10-0ubuntu0.18.04.1 Ubuntu 16.04 LTS: libapache2-mod-php7.0 7.0.32-0ubuntu0.16.04.1 php7.0-cgi 7.0.32-0ubuntu0.16.04.1 php7.0-cli 7.0.32-0ubuntu0.16.04.1 php7.0-fpm 7.0.32-0ubuntu0.16.04.1 Ubuntu 14.04 LTS: libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.26 php5-cgi 5.5.9+dfsg-1ubuntu4.26 php5-cli 5.5.9+dfsg-1ubuntu4.26 php5-fpm 5.5.9+dfsg-1ubuntu4.26 In Ubuntu 16.04 LTS and Ubuntu 18.04 LTS, this update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-3766-1 CVE-2015-9253, CVE-2018-14851, CVE-2018-14883 Package Information: https://launchpad.net/ubuntu/+source/php7.2/7.2.10-0ubuntu0.18.04.1 https://launchpad.net/ubuntu/+source/php7.0/7.0.32-0ubuntu0.16.04.1 https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.26 . Essential upgrade for Python vulnerabilities in Debian halting potential DoS threats. Uncover the full release notes within.. PHP Security Update, Threat Mitigation, Denial of Service Fix. . Severity: Critical. LinuxSecurity.com Team
Sep 18, 2018
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!