Explore top 10 tips to secure your open-source projects now. Read More
×* bsc#1222548 Cross-References: * CVE-2024-2511 . # Security update for openssl-3 Announcement ID: SUSE-SU-2024:1634-1 Rating: moderate References: * bsc#1222548 Cross-References: * CVE-2024-2511 CVSS scores: * CVE-2024-2511 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-3 fixes the following issues: * CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-1634=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-1634=1 openSUSE-SLE-15.5-2024-1634=1 ## Package List: * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libopenssl3-3.0.8-150500.5.30.1 * openssl-3-3.0.8-150500.5.30.1 * libopenssl3-debuginfo-3.0.8-150500.5.30.1 * openssl-3-debugsource-3.0.8-150500.5.30.1 * libopenssl-3-devel-3.0.8-150500.5.30.1 * openssl-3-debuginfo-3.0.8-150500.5.30.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libopenssl3-3.0.8-150500.5.30.1 * openssl-3-3.0.8-150500.5.30.1 * libopenssl3-debuginfo-3.0.8-150500.5.30.1 * openssl-3-debugsource-3.0.8-150500.5.30.1 * libopenssl-3-devel-3.0.8-150500.5.30.1 * openssl-3-debuginfo-3.0.8-150500.5.30.1 * openSUSE Leap 15.5 (x86_64) * libopenssl3-32bit-3.0.8-150500.5.30.1 *libopenssl3-32bit-debuginfo-3.0.8-150500.5.30.1 * libopenssl-3-devel-32bit-3.0.8-150500.5.30.1 * openSUSE Leap 15.5 (noarch) * openssl-3-doc-3.0.8-150500.5.30.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libopenssl-3-devel-64bit-3.0.8-150500.5.30.1 * libopenssl3-64bit-3.0.8-150500.5.30.1 * libopenssl3-64bit-debuginfo-3.0.8-150500.5.30.1 ## References: * https://www.suse.com/security/cve/CVE-2024-2511.html * https://bugzilla.suse.com/show_bug.cgi?id=1222548 . SUSE releases a critical update for openssl-3 aimed at addressing session cache expansion in TLSv1.3 connections. Consult the installation guidelines.. SUSE Security Update, OpenSSL 3 Patch, TLSv1.3 Fix. . LinuxSecurity.com Team
Rebase gnutls to version 3.8.5 Rebase gnutls to version 3.8.4 - contains fixes for CVE-2024-28834 and CVE-2024-28835 Automatic update for gnutls-3.8.3-3.fc40.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-f69ecb0511 2024-04-19 21:20:20.798149 -------------------------------------------------------------------------------- Name : gnutls Product : Fedora 40 Version : 3.8.5 Release : 1.fc40 URL : http://www.gnutls.org/ Summary : A TLS protocol implementation Description : GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and other required structures. -------------------------------------------------------------------------------- Update Information: Rebase gnutls to version 3.8.5 Rebase gnutls to version 3.8.4 - contains fixes for CVE-2024-28834 and CVE-2024-28835 Automatic update for gnutls-3.8.3-3.fc40. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 4 2024 Zoltan Fridrich - 3.8.5-1 - [packit] 3.8.5 upstream release * Wed Mar 20 2024 Zoltan Fridrich - 3.8.4-1 - [packit] 3.8.4 upstream release - Resolves rhbz#2270320 * Thu Feb 22 2024 Zoltan Fridrich - 3.8.3-3 - Fix mingw build failure -------------------------------------------------------------------------------- References: [ 1 ] Bug #2270320 - gnutls-3.8.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2270320 [ 2 ] Bug #2273364 - gnutls-3.8.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=2273364 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade--advisory FEDORA-2024-f69ecb0511' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Multiple vulnerabilities were found in nss, a set of libraries designed to support cross-platform development of security-enabled client and server applications. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3757-1
The updated packages fix security vulnerabilities and a file conflict : Improper connection handling during TLS handshake. (CVE-2023-21930) Incorrect enqueue of references in garbage collector. (CVE-2023-21954) . MGASA-2023-0272 - Updated java packages fix security vulnerabilities Publication date: 30 Sep 2023 URL: https://advisories.mageia.org/MGASA-2023-0272.html Type: security Affected Mageia releases: 8, 9 CVE: CVE-2023-21930, CVE-2023-21954, CVE-2023-21967, CVE-2023-21939, CVE-2023-21938, CVE-2023-21937, CVE-2023-21968, CVE-2023-22045, CVE-2023-22049, CVE-2023-25193, CVE-2023-22006, CVE-2023-22036, CVE-2023-22044, CVE-2023-22041 The updated packages fix security vulnerabilities and a file conflict : Improper connection handling during TLS handshake. (CVE-2023-21930) Incorrect enqueue of references in garbage collector. (CVE-2023-21954) Certificate validation issue in TLS session negotiation. (CVE-2023-21967) Swing HTML parsing issue. (CVE-2023-21939) Incorrect handling of NULL characters in ProcessBuilder. (CVE-2023-21938) Missing string checks for NULL characters. (CVE-2023-21937) Missing check for slash characters in URI-to-path conversion. (CVE-2023-21968) Array indexing integer overflow issue. (CVE-2023-22045) Improper handling of slash characters in URI-to-path conversion. (CVE-2023-22049) O(n^2) growth via consecutive marks. (CVE-2023-25193) HTTP client insufficient file name validation. (CVE-2023-22006) ZIP file parsing infinite loop. (CVE-2023-22036) Modulo operator array indexing issue. (CVE-2023-22044) Weakness in AES implementation. (CVE-2023-22041) References: - https://bugs.mageia.org/show_bug.cgi?id=32203 - https://www.cve.org/CVERecord?id=CVE-2023-21930 - https://www.cve.org/CVERecord?id=CVE-2023-21954 - https://www.cve.org/CVERecord?id=CVE-2023-21967 - https://www.cve.org/CVERecord?id=CVE-2023-21939 - https://www.cve.org/CVERecord?id=CVE-2023-21938 - https://www.cve.org/CVERecord?id=CVE-2023-21937 -https://www.cve.org/CVERecord?id=CVE-2023-21968 - https://www.cve.org/CVERecord?id=CVE-2023-22045 - https://www.cve.org/CVERecord?id=CVE-2023-22049 - https://www.cve.org/CVERecord?id=CVE-2023-25193 - https://www.cve.org/CVERecord?id=CVE-2023-22006 - https://www.cve.org/CVERecord?id=CVE-2023-22036 - https://www.cve.org/CVERecord?id=CVE-2023-22044 - https://www.cve.org/CVERecord?id=CVE-2023-22041 - https://access.redhat.com/errata/RHSA-2023:1904 - https://access.redhat.com/errata/RHSA-2023:1880 - https://www.oracle.com/security-alerts/cpuapr2023.html#AppendixJAVA - https://access.redhat.com/errata/RHSA-2023:4178 - https://access.redhat.com/errata/RHBA-2023:4374 - https://access.redhat.com/errata/RHSA-2023:4169 - https://www.oracle.com/security-alerts/cpujul2023.html#AppendixJAVA - https://www.cve.org/CVERecord?id=CVE-2023-21930 - https://www.cve.org/CVERecord?id=CVE-2023-21954 - https://www.cve.org/CVERecord?id=CVE-2023-21967 - https://www.cve.org/CVERecord?id=CVE-2023-21939 - https://www.cve.org/CVERecord?id=CVE-2023-21938 - https://www.cve.org/CVERecord?id=CVE-2023-21937 - https://www.cve.org/CVERecord?id=CVE-2023-21968 - https://www.cve.org/CVERecord?id=CVE-2023-22045 - https://www.cve.org/CVERecord?id=CVE-2023-22049 - https://www.cve.org/CVERecord?id=CVE-2023-25193 - https://www.cve.org/CVERecord?id=CVE-2023-22006 - https://www.cve.org/CVERecord?id=CVE-2023-22036 - https://www.cve.org/CVERecord?id=CVE-2023-22044 - https://www.cve.org/CVERecord?id=CVE-2023-22041 SRPMS: - 9/core/java-1.8.0-openjdk-1.8.0.382.b05-1.mga9 - 9/core/java-11-openjdk-11.0.20.0.8-1.mga9 - 9/core/java-17-openjdk-17.0.8.0.7-1.mga9 - 9/core/java-latest-openjdk-20.0.2.0.9-1.rolling.2.mga9 - 8/core/java-1.8.0-openjdk-1.8.0.382.b05-1.mga8 - 8/core/java-11-openjdk-11.0.20.0.8-1.mga8 - 8/core/openjfx-11.0.9.2-4.mga8 . Java libraries enhanced to fix vulnerabilities, particularly concerning TLS issues in Mageia operating systems. Discover further details here.. Java Security Update,Mageia Vulnerabilities,TLS Issues,File Conflict Management. .LinuxSecurity.com Team
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: java-1.8.0-openjdk security update Advisory ID: RHSA-2023:1906-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:1906 Issue date: 2023-04-25 CVE Names: CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968 ==================================================================== 1. Summary: An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder EUS (v.8.6) - aarch64, ppc64le, x86_64 Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: improper connection handling during TLS handshake (8294474) (CVE-2023-21930) * OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939) * OpenJDK: incorrect enqueue of references in garbage collector (8298191) (CVE-2023-21954) * OpenJDK: certificate validation issue in TLS session negotiation (8298310) (CVE-2023-21967) * OpenJDK: missing string checks for NULL characters(8296622) (CVE-2023-21937) * OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304) (CVE-2023-21938) * OpenJDK: missing check for slash characters in URI-to-path conversion (8298667) (CVE-2023-21968) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2187435 - CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake (8294474) 2187441 - CVE-2023-21954 OpenJDK: incorrect enqueue of references in garbage collector (8298191) 2187704 - CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation (8298310) 2187724 - CVE-2023-21939 OpenJDK: Swing HTML parsing issue (8296832) 2187758 - CVE-2023-21938 OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304) 2187790 - CVE-2023-21937 OpenJDK: missing string checks for NULL characters (8296622) 2187802 - CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-path conversion (8298667) 6. Package List: Red Hat Enterprise Linux AppStream EUS(v.8.6): Source: java-1.8.0-openjdk-1.8.0.372.b07-1.el8_6.src.rpm aarch64: java-1.8.0-openjdk-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_6.aarch64.rpm noarch: java-1.8.0-openjdk-javadoc-1.8.0.372.b07-1.el8_6.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.372.b07-1.el8_6.noarch.rpm ppc64le: java-1.8.0-openjdk-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_6.ppc64le.rpm s390x: java-1.8.0-openjdk-1.8.0.372.b07-1.el8_6.s390x.rpm java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_6.s390x.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_6.s390x.rpm java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_6.s390x.rpm java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_6.s390x.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_6.s390x.rpm java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_6.s390x.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_6.s390x.rpm java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_6.s390x.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_6.s390x.rpm java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_6.s390x.rpm x86_64: java-1.8.0-openjdk-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.372.b07-1.el8_6.x86_64.rpm Red Hat CodeReady Linux Builder EUS(v.8.6): aarch64: java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-demo-fastdebug-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-demo-slowdebug-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-devel-fastdebug-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-devel-slowdebug-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-fastdebug-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-headless-fastdebug-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-headless-slowdebug-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-slowdebug-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-src-fastdebug-1.8.0.372.b07-1.el8_6.aarch64.rpm java-1.8.0-openjdk-src-slowdebug-1.8.0.372.b07-1.el8_6.aarch64.rpm ppc64le: java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-demo-fastdebug-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-demo-slowdebug-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-devel-fastdebug-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-devel-slowdebug-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-fastdebug-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-headless-fastdebug-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-headless-slowdebug-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-slowdebug-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-src-fastdebug-1.8.0.372.b07-1.el8_6.ppc64le.rpm java-1.8.0-openjdk-src-slowdebug-1.8.0.372.b07-1.el8_6.ppc64le.rpm x86_64: java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-debugsource-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-demo-fastdebug-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-demo-slowdebug-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-devel-fastdebug-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-devel-slowdebug-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-fastdebug-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-headless-fastdebug-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-headless-slowdebug-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-slowdebug-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-src-fastdebug-1.8.0.372.b07-1.el8_6.x86_64.rpm java-1.8.0-openjdk-src-slowdebug-1.8.0.372.b07-1.el8_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-21930 https://access.redhat.com/security/cve/CVE-2023-21937 https://access.redhat.com/security/cve/CVE-2023-21938 https://access.redhat.com/security/cve/CVE-2023-21939 https://access.redhat.com/security/cve/CVE-2023-21954 https://access.redhat.com/security/cve/CVE-2023-21967 https://access.redhat.com/security/cve/CVE-2023-21968 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details athttps://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZEdq8dzjgjWX9erEAQhfBBAAiyRmD6bsiVqSCbjbaRKe1zeqYVsZzfvB AZfMufFAjgkBsVQ7jUZ5u/Bcjne9DH2MO2K5FP7QgXDoV/vG13iKbi5YVWAt3mhM 0x3cDyN5WsKKo/lgaCi4GAKwM11CW082pH+hISbdlk6qxjDbbLJmkD+x9S7ntV80 QAxynMa3v6otAfqCD/Uj95pcrY3JhZuv3pcQcgDgjL5pyWmqB5EGFmahRMQzmgwd fJRwBoqi6xRDsYIjOB15TURLoT8CbScVrSvuDcevSQELp2emGmS6OpeXl9yCin/5 hJFTgqBbOE5CjW4iy7ZBMl0XwqhNgAwhTXzGTmPCUE6lO/Qxb6Y82xsi0lNA9B1x khBAYBWPcANN3X7hq4kqjIZDBrGMBVSXbQjiybQvfZ6BMbXl6KfkEgOOV5DX9NV3 TUwaXVQi++1ZPhJviej6tjGHwUJjFrMnaTbJ6AjWaPyZTmEocBF5qrICC2AGITI4 g4qRIuZKj5A1Pb3UTQI778tbFvwIWUPkJdu3Xl0acAxycZcKtzJhP2obsgxe0RIP 7IBmWhidBcHScTS+WhBWaYFT/wSVoBTroinckANHZTBr263cKk9axI2embLwKatP ecalaoE8Gnced2lGX3/PzIP1sNgfMwg2/TsaRg/xB57WQa/ctYnY/w7mhZeHQuFS V/G0qvDvl+k=MULa -----END PGP SIGNATURE----- -- RHSA-announce mailing list
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: java-1.8.0-openjdk security and bug fix update Advisory ID: RHSA-2023:1904-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:1904 Issue date: 2023-04-25 CVE Names: CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968 ==================================================================== 1. Summary: An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: improper connection handling during TLS handshake(8294474) (CVE-2023-21930) * OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939) * OpenJDK: incorrect enqueue of references in garbage collector (8298191) (CVE-2023-21954) * OpenJDK: certificate validation issue in TLS session negotiation (8298310) (CVE-2023-21967) * OpenJDK: missing string checks for NULL characters (8296622) (CVE-2023-21937) * OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304) (CVE-2023-21938) * OpenJDK: missing check for slash characters in URI-to-path conversion (8298667) (CVE-2023-21968) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Native code within the OpenJDK code base attempted to call close() on a file descriptor repeatedly if it returned the error code, EINTR. However, the close() native call is not restartable and this caused the virtual machine to crash. The close() call is now only made once. (RHBZ#2159458) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2159458 - Do not restart close if errno is EINTR [rhel-7.9.z] 2187435 - CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake (8294474) 2187441 - CVE-2023-21954 OpenJDK: incorrect enqueue of references in garbage collector (8298191) 2187704 - CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation (8298310) 2187724 - CVE-2023-21939 OpenJDK: Swing HTML parsing issue (8296832) 2187758 - CVE-2023-21938 OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304) 2187790 - CVE-2023-21937 OpenJDK: missing string checks for NULL characters (8296622) 2187802 - CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-pathconversion (8298667) 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el7_9.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.372.b07-1.el7_9.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.372.b07-1.el7_9.noarch.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-src-1.8.0.372.b07-1.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v.7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.372.b07-1.el7_9.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.372.b07-1.el7_9.noarch.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-src-1.8.0.372.b07-1.el7_9.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.src.rpm ppc64: java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.ppc64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.ppc64.rpm java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el7_9.ppc64.rpm java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el7_9.ppc64.rpm ppc64le: java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.ppc64le.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.ppc64le.rpm java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el7_9.ppc64le.rpm java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el7_9.ppc64le.rpm s390x: java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.s390x.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.s390x.rpm java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el7_9.s390x.rpm java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el7_9.s390x.rpm x86_64: java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el7_9.x86_64.rpm Red Hat Enterprise LinuxServer Optional (v. 7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.372.b07-1.el7_9.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.372.b07-1.el7_9.noarch.rpm ppc64: java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el7_9.ppc64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.ppc64.rpm java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el7_9.ppc64.rpm java-1.8.0-openjdk-src-1.8.0.372.b07-1.el7_9.ppc64.rpm ppc64le: java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el7_9.ppc64le.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.ppc64le.rpm java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el7_9.ppc64le.rpm java-1.8.0-openjdk-src-1.8.0.372.b07-1.el7_9.ppc64le.rpm s390x: java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el7_9.s390x.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.s390x.rpm java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el7_9.s390x.rpm java-1.8.0-openjdk-src-1.8.0.372.b07-1.el7_9.s390x.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-src-1.8.0.372.b07-1.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.src.rpm x86_64: java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-devel-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-headless-1.8.0.372.b07-1.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v.7): noarch: java-1.8.0-openjdk-javadoc-1.8.0.372.b07-1.el7_9.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.372.b07-1.el7_9.noarch.rpm x86_64: java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-accessibility-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-demo-1.8.0.372.b07-1.el7_9.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.372.b07-1.el7_9.i686.rpm java-1.8.0-openjdk-src-1.8.0.372.b07-1.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-21930 https://access.redhat.com/security/cve/CVE-2023-21937 https://access.redhat.com/security/cve/CVE-2023-21938 https://access.redhat.com/security/cve/CVE-2023-21939 https://access.redhat.com/security/cve/CVE-2023-21954 https://access.redhat.com/security/cve/CVE-2023-21967 https://access.redhat.com/security/cve/CVE-2023-21968 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBZEdq29zjgjWX9erEAQiy9A/8CDu49/+VKUO0AUxBYzo5zUSDNdonPLPy 5Ca5WKFB1Awx2+rj3zfdhaApgRZoLVn58itoNr3Yx3ZUJyWZftO24pPpkBnQWLZ7 o+hnPMbtN8eR6BjQ2Da0bJR3RC9JRohlA8ADDNzIE4F9HhXDyzyDTVMC6rq7tkvL TgOrgsDIf+pXWUtfV06VmpCVvMPqFJiUEyjI5VLq8rQmVu73Kw78pTtr8rIoaZRO NkQWWmt++UWQyFyaMtjvCwrNC/+dQwgr+VtGGX2g2koH2kpPBg9YV6tndLz6dxTR sOysPAIIiszvdfxq6tWMSk7TcT0wdEqKjHFXiUapGLJceL9k9Sf+fnca6njIAXbD ZnZvuVyQe+oa3oP6A69QvV+0lKfAcyKUZUnh3veP20k4xrkos66bm6tsozs+almX vkMEAJlbw+vFH1nBw25Om4TPnrxRY/cBX1gd2fY+SqGHxIZGw5ytono2OBYLSWpt aABmiFB1Pei8nIFXZxz7mtBshrxf6g9QpUy7mhOD3nKogR45zfmCY3DecY2AxDFz V/kUduHLzSK6pwZAXK3VfLSCJc0Jd4wbnmyIUTb5vv55Cyk35zFsivFOo8r7aCDb h8Ns/MBE65dCLtIayWyhdQqMWi+ttQ9+Jhxl5Hqs8br+rMY4skVv7eGkPTxb3Si5 37F/A+KirO0=BL4D -----END PGP SIGNATURE----- -- RHSA-announce mailing list
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for gfbgraph ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2876-1 Rating: important References: #1189850 Cross-References: CVE-2021-39358 CVSS scores: CVE-2021-39358 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-39358 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gfbgraph fixes the following issues: - CVE-2021-39358: Fixed missing TLS certificate verification (bsc#1189850). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2876=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-2876=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patchSUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2876=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): gfbgraph-debugsource-0.2.3-150000.3.5.1 gfbgraph-devel-0.2.3-150000.3.5.1 libgfbgraph-0_2-0-0.2.3-150000.3.5.1 libgfbgraph-0_2-0-debuginfo-0.2.3-150000.3.5.1 typelib-1_0-GFBGraph-0_2-0.2.3-150000.3.5.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): gfbgraph-debugsource-0.2.3-150000.3.5.1 gfbgraph-devel-0.2.3-150000.3.5.1 libgfbgraph-0_2-0-0.2.3-150000.3.5.1 libgfbgraph-0_2-0-debuginfo-0.2.3-150000.3.5.1 typelib-1_0-GFBGraph-0_2-0.2.3-150000.3.5.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): gfbgraph-debugsource-0.2.3-150000.3.5.1 gfbgraph-devel-0.2.3-150000.3.5.1 libgfbgraph-0_2-0-0.2.3-150000.3.5.1 libgfbgraph-0_2-0-debuginfo-0.2.3-150000.3.5.1 typelib-1_0-GFBGraph-0_2-0.2.3-150000.3.5.1 References: https://www.suse.com/security/cve/CVE-2021-39358.html https://bugzilla.suse.com/1189850 . Crucial SUSE Security Patch for gfbgraph Issued to Address TLS Authentication Issues. gfbgraph Security Update,TLS Verification Issue,SUSE Updates,Important Security Patch. . Severity: Important. LinuxSecurity.com Team
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0955-2 Rating: important References: #1183852 Cross-References: CVE-2021-3449 CVSS scores: CVE-2021-3449 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3449 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Certifications 15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Certifications 15-SP3: zypper in -t patch SUSE-SLE-Module-Certifications-15-SP3-2022-2389=1 Package List: - SUSE Linux Enterprise Module for Certifications 15-SP3 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1d-11.20.1 libopenssl1_1-1.1.1d-11.20.1 libopenssl1_1-debuginfo-1.1.1d-11.20.1 libopenssl1_1-hmac-1.1.1d-11.20.1 openssl-1_1-1.1.1d-11.20.1 openssl-1_1-debuginfo-1.1.1d-11.20.1 openssl-1_1-debugsource-1.1.1d-11.20.1 -SUSE Linux Enterprise Module for Certifications 15-SP3 (x86_64): libopenssl-1_1-devel-32bit-1.1.1d-11.20.1 libopenssl1_1-32bit-1.1.1d-11.20.1 libopenssl1_1-32bit-debuginfo-1.1.1d-11.20.1 libopenssl1_1-hmac-32bit-1.1.1d-11.20.1 - SUSE Linux Enterprise Module for Certifications 15-SP3 (noarch): openssl-1_1-doc-1.1.1d-11.20.1 References: https://www.suse.com/security/cve/CVE-2021-3449.html https://bugzilla.suse.com/1183852 . The latest openssl-1_1 update resolves major security vulnerabilities affecting SUSE Linux components. Crucial patches have been released.. SUSE Linux Updates, OpenSSL Security, Security Fixes, TLS Issue. . Severity: Important. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.