Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -7 articles for you...
202
security advisorysecurity patchimportant updateopenSUSE: 2023:3507-1 Important: SAML Token Signature Bypass Fix
This update for open-vm-tools fixes the following issues: CVE-2023-20900: Fixed SAML token signature bypass vulnerability (bsc#1214566).. # Security update for open-vm-tools Announcement ID: SUSE-SU-2023:3507-1 Rating: important References: * #1214566 * PED-3421 Cross-References: * CVE-2023-20900 CVSS scores: * CVE-2023-20900 ( SUSE ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-20900 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability and containsone feature can now be installed. ## Description: This update for open-vm-tools fixes the following issues: * CVE-2023-20900: Fixed SAML token signature bypass vulnerability (bsc#1214566). This update also ships a open-vm-tools-containerinfo plugin. (jsc#PED-3421) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3507=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3507=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3507=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3507=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3507=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3507=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3507=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3507=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-3507=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-3507=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3507=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3507=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3507=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3507=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3507=1 * SUSE ManagerRetail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3507=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3507=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3507=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3507=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3507=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3507=1 ## Package List: * openSUSE Leap 15.4 (aarch64 x86_64) * libvmtools-devel-12.2.0-150300.33.1 * open-vm-tools-desktop-12.2.0-150300.33.1 * open-vm-tools-sdmp-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debuginfo-12.2.0-150300.33.1 * open-vm-tools-containerinfo-12.2.0-150300.33.1 * open-vm-tools-12.2.0-150300.33.1 * libvmtools0-12.2.0-150300.33.1 * open-vm-tools-desktop-debuginfo-12.2.0-150300.33.1 * open-vm-tools-sdmp-12.2.0-150300.33.1 * libvmtools0-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debugsource-12.2.0-150300.33.1 * open-vm-tools-containerinfo-debuginfo-12.2.0-150300.33.1 * openSUSE Leap 15.4 (x86_64) * open-vm-tools-salt-minion-12.2.0-150300.33.1 * openSUSE Leap 15.5 (aarch64 x86_64) * libvmtools-devel-12.2.0-150300.33.1 * open-vm-tools-desktop-12.2.0-150300.33.1 * open-vm-tools-sdmp-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debuginfo-12.2.0-150300.33.1 * open-vm-tools-containerinfo-12.2.0-150300.33.1 * open-vm-tools-12.2.0-150300.33.1 * libvmtools0-12.2.0-150300.33.1 * open-vm-tools-desktop-debuginfo-12.2.0-150300.33.1 * open-vm-tools-sdmp-12.2.0-150300.33.1 * libvmtools0-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debugsource-12.2.0-150300.33.1 * open-vm-tools-containerinfo-debuginfo-12.2.0-150300.33.1 * openSUSE Leap 15.5 (x86_64) * open-vm-tools-salt-minion-12.2.0-150300.33.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * open-vm-tools-debuginfo-12.2.0-150300.33.1 *open-vm-tools-12.2.0-150300.33.1 * libvmtools0-12.2.0-150300.33.1 * libvmtools0-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debugsource-12.2.0-150300.33.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * open-vm-tools-debuginfo-12.2.0-150300.33.1 * open-vm-tools-12.2.0-150300.33.1 * libvmtools0-12.2.0-150300.33.1 * libvmtools0-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debugsource-12.2.0-150300.33.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * open-vm-tools-debuginfo-12.2.0-150300.33.1 * open-vm-tools-12.2.0-150300.33.1 * libvmtools0-12.2.0-150300.33.1 * libvmtools0-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debugsource-12.2.0-150300.33.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * open-vm-tools-debuginfo-12.2.0-150300.33.1 * open-vm-tools-12.2.0-150300.33.1 * libvmtools0-12.2.0-150300.33.1 * libvmtools0-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debugsource-12.2.0-150300.33.1 * Basesystem Module 15-SP4 (aarch64 x86_64) * libvmtools-devel-12.2.0-150300.33.1 * open-vm-tools-sdmp-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debuginfo-12.2.0-150300.33.1 * open-vm-tools-containerinfo-12.2.0-150300.33.1 * open-vm-tools-12.2.0-150300.33.1 * libvmtools0-12.2.0-150300.33.1 * open-vm-tools-sdmp-12.2.0-150300.33.1 * libvmtools0-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debugsource-12.2.0-150300.33.1 * open-vm-tools-containerinfo-debuginfo-12.2.0-150300.33.1 * Basesystem Module 15-SP4 (x86_64) * open-vm-tools-salt-minion-12.2.0-150300.33.1 * Basesystem Module 15-SP5 (aarch64 x86_64) * open-vm-tools-sdmp-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debuginfo-12.2.0-150300.33.1 * open-vm-tools-containerinfo-12.2.0-150300.33.1 * open-vm-tools-12.2.0-150300.33.1 * libvmtools0-12.2.0-150300.33.1 * open-vm-tools-sdmp-12.2.0-150300.33.1 * libvmtools0-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debugsource-12.2.0-150300.33.1 * open-vm-tools-containerinfo-debuginfo-12.2.0-150300.33.1 * Basesystem Module 15-SP5 (x86_64) * libvmtools-devel-12.2.0-150300.33.1 *open-vm-tools-salt-minion-12.2.0-150300.33.1 * Desktop Applications Module 15-SP4 (aarch64 x86_64) * open-vm-tools-desktop-12.2.0-150300.33.1 * open-vm-tools-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debugsource-12.2.0-150300.33.1 * open-vm-tools-desktop-debuginfo-12.2.0-150300.33.1 * Desktop Applications Module 15-SP5 (aarch64 x86_64) * open-vm-tools-desktop-12.2.0-150300.33.1 * open-vm-tools-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debugsource-12.2.0-150300.33.1 * open-vm-tools-desktop-debuginfo-12.2.0-150300.33.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libvmtools-devel-12.2.0-150300.33.1 * open-vm-tools-desktop-12.2.0-150300.33.1 * open-vm-tools-sdmp-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debuginfo-12.2.0-150300.33.1 * open-vm-tools-containerinfo-12.2.0-150300.33.1 * open-vm-tools-salt-minion-12.2.0-150300.33.1 * open-vm-tools-12.2.0-150300.33.1 * libvmtools0-12.2.0-150300.33.1 * open-vm-tools-desktop-debuginfo-12.2.0-150300.33.1 * open-vm-tools-sdmp-12.2.0-150300.33.1 * libvmtools0-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debugsource-12.2.0-150300.33.1 * open-vm-tools-containerinfo-debuginfo-12.2.0-150300.33.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libvmtools-devel-12.2.0-150300.33.1 * open-vm-tools-desktop-12.2.0-150300.33.1 * open-vm-tools-sdmp-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debuginfo-12.2.0-150300.33.1 * open-vm-tools-containerinfo-12.2.0-150300.33.1 * open-vm-tools-12.2.0-150300.33.1 * libvmtools0-12.2.0-150300.33.1 * open-vm-tools-desktop-debuginfo-12.2.0-150300.33.1 * open-vm-tools-sdmp-12.2.0-150300.33.1 * libvmtools0-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debugsource-12.2.0-150300.33.1 * open-vm-tools-containerinfo-debuginfo-12.2.0-150300.33.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libvmtools-devel-12.2.0-150300.33.1 * open-vm-tools-desktop-12.2.0-150300.33.1 * open-vm-tools-sdmp-debuginfo-12.2.0-150300.33.1 *open-vm-tools-debuginfo-12.2.0-150300.33.1 * open-vm-tools-containerinfo-12.2.0-150300.33.1 * open-vm-tools-salt-minion-12.2.0-150300.33.1 * open-vm-tools-12.2.0-150300.33.1 * libvmtools0-12.2.0-150300.33.1 * open-vm-tools-desktop-debuginfo-12.2.0-150300.33.1 * open-vm-tools-sdmp-12.2.0-150300.33.1 * libvmtools0-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debugsource-12.2.0-150300.33.1 * open-vm-tools-containerinfo-debuginfo-12.2.0-150300.33.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libvmtools-devel-12.2.0-150300.33.1 * open-vm-tools-desktop-12.2.0-150300.33.1 * open-vm-tools-sdmp-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debuginfo-12.2.0-150300.33.1 * open-vm-tools-containerinfo-12.2.0-150300.33.1 * open-vm-tools-12.2.0-150300.33.1 * libvmtools0-12.2.0-150300.33.1 * open-vm-tools-desktop-debuginfo-12.2.0-150300.33.1 * open-vm-tools-sdmp-12.2.0-150300.33.1 * libvmtools0-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debugsource-12.2.0-150300.33.1 * open-vm-tools-containerinfo-debuginfo-12.2.0-150300.33.1 * SUSE Manager Proxy 4.2 (x86_64) * libvmtools-devel-12.2.0-150300.33.1 * open-vm-tools-debuginfo-12.2.0-150300.33.1 * open-vm-tools-12.2.0-150300.33.1 * libvmtools0-12.2.0-150300.33.1 * open-vm-tools-sdmp-12.2.0-150300.33.1 * libvmtools0-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debugsource-12.2.0-150300.33.1 * open-vm-tools-sdmp-debuginfo-12.2.0-150300.33.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libvmtools-devel-12.2.0-150300.33.1 * open-vm-tools-debuginfo-12.2.0-150300.33.1 * open-vm-tools-12.2.0-150300.33.1 * libvmtools0-12.2.0-150300.33.1 * open-vm-tools-sdmp-12.2.0-150300.33.1 * libvmtools0-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debugsource-12.2.0-150300.33.1 * open-vm-tools-sdmp-debuginfo-12.2.0-150300.33.1 * SUSE Manager Server 4.2 (x86_64) * libvmtools-devel-12.2.0-150300.33.1 * open-vm-tools-debuginfo-12.2.0-150300.33.1 * open-vm-tools-12.2.0-150300.33.1 * libvmtools0-12.2.0-150300.33.1 *open-vm-tools-sdmp-12.2.0-150300.33.1 * libvmtools0-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debugsource-12.2.0-150300.33.1 * open-vm-tools-sdmp-debuginfo-12.2.0-150300.33.1 * SUSE Enterprise Storage 7.1 (x86_64) * libvmtools-devel-12.2.0-150300.33.1 * open-vm-tools-desktop-12.2.0-150300.33.1 * open-vm-tools-sdmp-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debuginfo-12.2.0-150300.33.1 * open-vm-tools-containerinfo-12.2.0-150300.33.1 * open-vm-tools-salt-minion-12.2.0-150300.33.1 * open-vm-tools-12.2.0-150300.33.1 * libvmtools0-12.2.0-150300.33.1 * open-vm-tools-desktop-debuginfo-12.2.0-150300.33.1 * open-vm-tools-sdmp-12.2.0-150300.33.1 * libvmtools0-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debugsource-12.2.0-150300.33.1 * open-vm-tools-containerinfo-debuginfo-12.2.0-150300.33.1 * SUSE Linux Enterprise Micro 5.1 (x86_64) * open-vm-tools-debuginfo-12.2.0-150300.33.1 * open-vm-tools-12.2.0-150300.33.1 * libvmtools0-12.2.0-150300.33.1 * libvmtools0-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debugsource-12.2.0-150300.33.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * open-vm-tools-debuginfo-12.2.0-150300.33.1 * open-vm-tools-12.2.0-150300.33.1 * libvmtools0-12.2.0-150300.33.1 * libvmtools0-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debugsource-12.2.0-150300.33.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * open-vm-tools-debuginfo-12.2.0-150300.33.1 * open-vm-tools-12.2.0-150300.33.1 * libvmtools0-12.2.0-150300.33.1 * libvmtools0-debuginfo-12.2.0-150300.33.1 * open-vm-tools-debugsource-12.2.0-150300.33.1 ## References: * https://www.suse.com/security/cve/CVE-2023-20900.html * https://bugzilla.suse.com/show_bug.cgi?id=1214566 * . This crucial patch resolves the OAuth token validation flaw present in open-vm-tools across various RHEL systems.. open-vm-tools,SAML token,SUSE update,security patch,token signature. . Severity: Important. LinuxSecurity.com Team
Aug 31, 2023
•Important
OpenSUSE
98
security advisorysecurity issueimportant updateRed Hat Fuse 7.10.2.P1 RHSA-2022:4932-01 Important Token Signature Issue
A patch update (from 7.10.2 to 7.10.2.P1) is now available for Red Hat on OpenShift for EAP, Karaf, and Spring Boot. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Fuse 7.10.2.P1 security update Advisory ID: RHSA-2022:4932-01 Product: Red Hat JBoss Fuse Advisory URL: https://access.redhat.com/errata/RHSA-2022:4932 Issue date: 2022-06-07 CVE Names: CVE-2021-22573 ==================================================================== 1. Summary: A patch update (from 7.10.2 to 7.10.2.P1) is now available for Red Hat on OpenShift for EAP, Karaf, and Spring Boot. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: This release of Red Hat Fuse 7.10.1 serves as a replacement for Red Hat Fuse 7.10 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. Security Fix(es): * google-oauth-client: Token signature not verified [fuse-7] (CVE-2021-22573) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.10product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/ 4. Bugs fixed (https://bugzilla.redhat.com/): 2081879 - CVE-2021-22573 google-oauth-client: Token signature not verified 5. References: https://access.redhat.com/security/cve/CVE-2021-22573 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.10.2.P1 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYp9nUdzjgjWX9erEAQiNiBAAo4gtwYg3sju8sO7QX31IM928M0cM3QU3 Gj2l2kharF/WicDpc2xW9GZOJ09Z1D4F+UI9zqketdXQsS4Fbq9Rz0n0mQ8rDDvO xf02g3aXZWM1uItkzjjtQxGvd/vaQH/djRkBc3hO+ez9iBuE5sUHrUmAQ/aTE5Nq YzJ6XrO9QCxWpmwjnyC/kNs5Yds6DE27vxEHUqx8iDU9EUsybcZNbE45RMoHLx+m GyUiysRV0jCfRVggNt4GEqfjCOQJ/a3+ftWypW/oW42oOUarr8V1G/menlQLOWFO KmjcI+ISjvxQ51e+HVS50jHNgJPnxdrKb9ibiNSmUeYGPrjgRmNMOcUbUStCGj4o XZEB3mxsBZVQLKueygPIclnOiaitAVrJq+68ajS+V8at+XxA4U+2xZDieOxwAG6o 7HzTOLfuPHgssIDV2Qp0EixCw1rc/KIibCj1FN5y6FEvVzzlZzujXYTI/DybF6wQ ZgX4IYXCYDB+Il88L6l3MZR9e/n7JS8RBJKRlJgjudURX8L2/mjS1b1ZY99Lj8K0 lIP0IwDGobNwZnYk7pZ5Dvr8bKjni+yragiMZgezratObVySDzUIsHkhUrKTwk1M oK67Kc145gMbtEwHV3SV00fIHMBq4xumNBMpsI8SIIJsrZd+QSqI9xIV52c51pLb 28ICGYY235k=bKHz -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 07, 2022
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!