Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

Stay Secure with the Latest Linux Advisories

Opensuse Large Esm H800
openSUSE

openSUSE Chromedriver Moderate Security Issues Fixed 2026-10958-1

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed libmozjs Moderate Update CVE-2025-70103

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed Perl HTML Parser Moderate CVE-2026-8829 Advisory

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H800
openSUSE

openSUSE Tumbleweed kernel-devel Moderate Security Issue 2026-10954-1

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed Gleam Moderate Threat Fixed 2026-10953-1

Calendar White Jun 08, 2026
moderate
Ubuntu Large Esm H900
Ubuntu

Ubuntu 25.10 Systemd Critical Arbitrary Code Exec DNS Issues USN-8402-1

Calendar White Jun 08, 2026
Critical
Opensuse Large Esm H800
openSUSE

openSUSE Epiphany Important Password Handling Issue CVE-2023-26081

Calendar White Jun 08, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS 8399-1 Pillow Denial of Service Risk CVE-2026-42308

Calendar White Jun 08, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS Poppler Critical DoS Code Execution Vuln USN-8400-1

Calendar White Jun 08, 2026
Critical
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -3 articles for you...
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedoracritical

Critical DoS Logging Vulnerabilities in ntpd-rs on Fedora 42 CVE-2025-58066

Update to version 1.6.2. Includes fixes for CVE-2025-58066 (potential DoS in the ntpd-rs server) and CVE-2025-58160 (potential tracing log pollution).. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-7fbf258406 2025-10-01 14:43:51.750525+00:00 -------------------------------------------------------------------------------- Name : ntpd-rs Product : Fedora 42 Version : 1.6.2 Release : 1.fc42 URL : https://github.com/pendulum-project/ntpd-rs Summary : Full-featured implementation of NTP with NTS support Description : Full-featured implementation of NTP with NTS support. -------------------------------------------------------------------------------- Update Information: Update to version 1.6.2. Includes fixes for CVE-2025-58066 (potential DoS in the ntpd-rs server) and CVE-2025-58160 (potential tracing log pollution). -------------------------------------------------------------------------------- ChangeLog: * Mon Sep 22 2025 Fabio Valentini - 1.6.2-1 - Update to version 1.6.2; Fixes RHBZ#2375009 * Thu Jul 24 2025 Fedora Release Engineering - 1.5.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2391952 - CVE-2025-58066 ntpd-rs: DoS Vulnerability in ntpd-rs [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2391952 [ 2 ] Bug #2392042 - CVE-2025-58160 ntpd-rs: Tracing log pollution [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2392042 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-7fbf258406' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packagesare signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Update for Fedora 42 addresses critical DoS and logging issues in ntpd-rs, enhancing overall system security.. ntpd-rs update, Fedora 42 security, DoS vulnerability, NTP server fix, tracing log issue. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Oct 01, 2025 Critical Fedora
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedoracritical

Fedora 43: Maturin Critical Tracing Log Pollution CVE-2025-58160 Fix

Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-39e043b93d 2025-09-12 19:20:52.461948+00:00 -------------------------------------------------------------------------------- Name : maturin Product : Fedora 43 Version : 1.8.7 Release : 2.fc43 URL : https://github.com/PyO3/maturin Summary : Build and publish Rust crates as Python packages Description : Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python packages. -------------------------------------------------------------------------------- Update Information: Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160. -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 2 2025 Fabio Valentini - 1.8.7-2 - Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2391972 - CVE-2025-58160 maturin: Tracing log pollution [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2391972 [ 2 ] Bug #2391999 - CVE-2025-58160 maturin: Tracing log pollution [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2391999 [ 3 ] Bug #2392038 - CVE-2025-58160 maturin: Tracing log pollution [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2392038 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-39e043b93d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . In response to CVE-2025-58160, the latest maturin release for Fedora enhances logging trace capabilities and bolsters overall security.. Fedora Update, maturin CVE-2025-58160, tracing-subscriber, security patch. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Sep 12, 2025 Critical Fedora
Banner 3 1028x280 1708121785 1771599793
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedoratracing

Fedora 41: Important Security Advisory for CVE-2025-58160 Released

Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-ff79e403f1 2025-09-11 01:18:51.472356+00:00 -------------------------------------------------------------------------------- Name : tuigreet Product : Fedora 41 Version : 0.9.1 Release : 4.fc41 URL : https://github.com/apognu/tuigreet Summary : Graphical console greeter for greetd Description : Graphical console greeter for greetd. -------------------------------------------------------------------------------- Update Information: Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160. -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 2 2025 Fabio Valentini - 0.9.1-4 - Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160 * Fri Jul 25 2025 Fedora Release Engineering - 0.9.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Sun Jan 19 2025 Fedora Release Engineering - 0.9.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2366580 - CVE-2025-4574 tuigreet: crossbeam-channel Vulnerable to Double Free on Drop [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2366580 [ 2 ] Bug #2392054 - CVE-2025-58160 tuigreet: Tracing log pollution [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2392054 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-ff79e403f1' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details onthe GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Update for tuigreet regarding CVE-2025-58160 now published in Fedora 41, targeting issues related to trace log contamination.. Fedora Tuigreet Security Rebuild CVE-2025-58160. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Sep 11, 2025 Important Fedora
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedoraupdate

Fedora 41: 2025-d9219c6a43 critical: chromium buffer overflow and more

Update to 132.0.6834.83 * High CVE-2025-0434: Out of bounds memory access in V8 * High CVE-2025-0435: Inappropriate implementation in Navigation * High CVE-2025-0436: Integer overflow in Skia * High CVE-2025-0437: Out of bounds read in Metrics. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-d9219c6a43 2025-01-17 01:25:27.857422+00:00 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 41 Version : 132.0.6834.83 Release : 1.fc41 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to 132.0.6834.83 * High CVE-2025-0434: Out of bounds memory access in V8 * High CVE-2025-0435: Inappropriate implementation in Navigation * High CVE-2025-0436: Integer overflow in Skia * High CVE-2025-0437: Out of bounds read in Metrics * High CVE-2025-0438: Stack buffer overflow in Tracing * Medium CVE-2025-0439: Race in Frames * Medium CVE-2025-0440: Inappropriate implementation in Fullscreen * Medium CVE-2025-0441: Inappropriate implementation in Fenced * Medium CVE-2025-0442: Inappropriate implementation in Payments * Medium CVE-2025-0443: Insufficient data validation in Extensions * Low CVE-2025-0446: Inappropriate implementation in Extensions * Low CVE-2025-0447: Inappropriate implementation in Navigation * Low CVE-2025-0448: Inappropriate implementation in Compositing -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 15 2025 Than Ngo - 132.0.6834.83-1 - Update to 132.0.6834.83 * High CVE-2025-0434: Out of bounds memory access in V8 * High CVE-2025-0435: Inappropriate implementation inNavigation * High CVE-2025-0436: Integer overflow in Skia * High CVE-2025-0437: Out of bounds read in Metrics * High CVE-2025-0438: Stack buffer overflow in Tracing * Medium CVE-2025-0439: Race in Frames * Medium CVE-2025-0440: Inappropriate implementation in Fullscreen * Medium CVE-2025-0441: Inappropriate implementation in Fenced * Medium CVE-2025-0442: Inappropriate implementation in Payments * Medium CVE-2025-0443: Insufficient data validation in Extensions * Low CVE-2025-0446: Inappropriate implementation in Extensions * Low CVE-2025-0447: Inappropriate implementation in Navigation * Low CVE-2025-0448: Inappropriate implementation in Compositing -------------------------------------------------------------------------------- References: [ 1 ] Bug #2336836 - CVE-2025-0291 chromium: Type Confusion in V8 [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2336836 [ 2 ] Bug #2336837 - CVE-2025-0291 chromium: Type Confusion in V8 [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2336837 [ 3 ] Bug #2338180 - CVE-2025-0437 chromium: Out of bounds read in Metrics [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2338180 [ 4 ] Bug #2338181 - CVE-2025-0437 chromium: Out of bounds read in Metrics [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2338181 [ 5 ] Bug #2338200 - CVE-2025-0438 chromium: Stack buffer overflow in Tracing [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2338200 [ 6 ] Bug #2338218 - CVE-2025-0434 chromium: Out of bounds memory access in V8 [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2338218 [ 7 ] Bug #2338230 - CVE-2025-0436 chromium: From CVEorg collector [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2338230 [ 8 ] Bug #2338231 - CVE-2025-0436 chromium: From CVEorg collector [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2338231 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-d9219c6a43' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Fedora 41 introduces crucial updates for Chromium, addressing critical vulnerabilities like severe buffer overflow issues to enhance user security against potential threats. Fedora 41, Chromium Security, High Severity Issue, Update Notification. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jan 17, 2025 Critical Fedora
Banner 3 1028x280 1708121785 1771599793
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorymoderatesecurity issue

Red Hat OpenShift 2.9 Moderate Advisory: Multiple Security Issues

Updated Red Hat OpenShift Distributed Tracing 2.9 container images are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat OpenShift Distributed Tracing 2.9.0 security update Advisory ID: RHSA-2023:4986-01 Product: Red Hat OpenShift distributed tracing Advisory URL: https://access.redhat.com/errata/RHSA-2023:4986 Issue date: 2023-09-06 CVE Names: CVE-2023-24534 CVE-2023-24536 CVE-2023-24537 CVE-2023-24538 ===================================================================== 1. Summary: Updated Red Hat OpenShift Distributed Tracing 2.9 container images are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: The Red Hat OpenShift Distributed Tracing 2.9 container images have been released. Users of Red Hat OpenShift Distributed Tracing 2.8 container images are advised to upgrade to these updated images, which contain backported patches to correct security issues, fix bugs, and include further enhancements. You can find images updated by this advisory in Red Hat Container Catalog (see References). Security Fix(es): * golang: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534) * golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption (CVE-2023-24536) * golang: go/parser: Infinite loop in parsing (CVE-2023-24537) * golang: html/template: backticks not treated as string delimiters (CVE-2023-24538) For moredetails about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 4. Bugs fixed (https://bugzilla.redhat.com/): 2184481 - CVE-2023-24538 golang: html/template: backticks not treated as string delimiters 2184482 - CVE-2023-24536 golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption 2184483 - CVE-2023-24534 golang: net/http, net/textproto: denial of service from excessive memory allocation 2184484 - CVE-2023-24537 golang: go/parser: Infinite loop in parsing 5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): TRACING-2968 - Wrong port is exposed for jaeger-production-query resulting in connection refused TRACING-3091 - Tempo operator with TLS does not work on OpenShift TRACING-3142 - Fix ServiceMonitor for gateway TRACING-3143 - tempostack_status_condition metric doesn't get updated in some cases TRACING-3147 - Improve tempo version detection TRACING-3173 - jaeger-operator pod restarting with OOMKilled with the default memory value TRACING-3190 - opentelemetry-operator-controller-manager crashlooping after receiving opentelemetry-operator.v0.74.0-5 TRACING-3204 - Remove resource limits for Tempo Operator but keepthe resource.requests TRACING-3213 - Validation webhooks panics for invalid tenant configuration TRACING-3243 - OpenTelemetry Collector version is not reported properly after a upgrading TRACING-3312 - When deploying Service Mesh on SNO in a disconnected environment , the Jaeger Pod frequently goes into Pending state TRACING-3322 - 16685 is not properly exposed in the Jaeger Operator TRACING-3396 - Operator monitoring only works when operator is installed in openshift-operators-redhat 6. References: https://access.redhat.com/security/cve/CVE-2023-24534 https://access.redhat.com/security/cve/CVE-2023-24536 https://access.redhat.com/security/cve/CVE-2023-24537 https://access.redhat.com/security/cve/CVE-2023-24538 https://access.redhat.com/security/updates/classification/#moderate 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJk+HnDAAoJENzjgjWX9erEvc4P/jZbTO/C8uzmwSl8LmYr7Vwx xrhwxYrcJfBmvdbJU8DNWoeZ9qFs+Oc6l63poxkK+7g+Y792wMYtF5rrUv8U//62 rLUkkZlqEFgcXzUEAVuqQGoDesk42wUDBviCgQtpCiiwaVB79LSXk4avxrh1U9QF BZyu8g2woKPzvlXFQX5a/6fwnZuuq9cIRYNu+ShJ+p3bjXZVurCb2kYuz1VHGHXo 7+OLWumtAxRxtw2CjvrEkDRSriYOgkJo72Cvf6wBj2Q4jI4nTVdZ5krc/eAWbzgk XlbDyPogUq4lqYGU8DLT+683RCTS3rVo3XXaf02dXFX/ykMHvJSoiwLzfeYCma9f dIVOBDJjui5Ry0OC/bZSdsIp7zl45EmWs2uNbmMP0d4AC32zVRUucYCqP8W8q7G1 bdTCVKPKh4bjSRV4qJk+mgBUFYyCUkbXWY1lmjs5zTh//zKXu/ysTwk6QCdSAemo p89j04oSrHxT/5c1MDAWZbtvrd0Rml07EdGqq5vZwPBO357Vdo2rWeoMea2LeQW4 eMYB3kskDJjEAeKceqsINnFxVmCZd8jnRkC80xWQGoCP8nuc73xTxFc6MpfWikPb 4IEcL+z0bIeo2HN2KjZh1oH3+bRvIlU80okc2pnca5/YTJSgUYPGE/GtsA9hWQYC /eiZjyHbkK1nB1Nc3bFG =1z74 -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . The latest Red Hat OpenShift Distributed Tracing 2.9 update brings improvements designed to address numerous security vulnerabilities for users upgrading container images. openShift Security, Tracing Updates, ContainerSecurity Patches, Red Hat Advisories. . LinuxSecurity.com Team

Calendar 2 Sep 06, 2023 Red Hat
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorymoderateRed Hat

Red Hat: RHSA-2022:0318-01 Moderate: OpenShift Tracing Security Update

An update is now available for Red Hat Openshit distributed tracing 2.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat OpenShift distributed tracing 2.1.0 security update Advisory ID: RHSA-2022:0318-01 Product: RHOSDT Advisory URL: https://access.redhat.com/errata/RHSA-2022:0318 Issue date: 2022-01-27 CVE Names: CVE-2019-5827 CVE-2019-13750 CVE-2019-13751 CVE-2019-17594 CVE-2019-17595 CVE-2019-18218 CVE-2019-19603 CVE-2019-20838 CVE-2020-12762 CVE-2020-13435 CVE-2020-14155 CVE-2020-16135 CVE-2020-24370 CVE-2021-3200 CVE-2021-3426 CVE-2021-3445 CVE-2021-3572 CVE-2021-3580 CVE-2021-3712 CVE-2021-3778 CVE-2021-3796 CVE-2021-3800 CVE-2021-20231 CVE-2021-20232 CVE-2021-20266 CVE-2021-22876 CVE-2021-22898 CVE-2021-22925 CVE-2021-27645 CVE-2021-28153 CVE-2021-29923 CVE-2021-33560 CVE-2021-33574 CVE-2021-35942 CVE-2021-36084 CVE-2021-36085 CVE-2021-36086 CVE-2021-36087 CVE-2021-36221 CVE-2021-42574 ==================================================================== 1. Summary: An update is now available for Red Hat Openshit distributed tracing 2.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Release of Red HatOpenShift distributed Tracing provides these changes: Security Fix(es): * golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923) * golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. The Red Hat OpenShift distributed tracing release notes provide information on the features and known issues: 3. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: 4. Bugs fixed (https://bugzilla.redhat.com/): 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic 5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): TRACING-2235 - Release RHOSDT 2.1 6.References: https://access.redhat.com/security/cve/CVE-2019-5827 https://access.redhat.com/security/cve/CVE-2019-13750 https://access.redhat.com/security/cve/CVE-2019-13751 https://access.redhat.com/security/cve/CVE-2019-17594 https://access.redhat.com/security/cve/CVE-2019-17595 https://access.redhat.com/security/cve/CVE-2019-18218 https://access.redhat.com/security/cve/CVE-2019-19603 https://access.redhat.com/security/cve/CVE-2019-20838 https://access.redhat.com/security/cve/CVE-2020-12762 https://access.redhat.com/security/cve/CVE-2020-13435 https://access.redhat.com/security/cve/CVE-2020-14155 https://access.redhat.com/security/cve/CVE-2020-16135 https://access.redhat.com/security/cve/CVE-2020-24370 https://access.redhat.com/security/cve/CVE-2021-3200 https://access.redhat.com/security/cve/CVE-2021-3426 https://access.redhat.com/security/cve/CVE-2021-3445 https://access.redhat.com/security/cve/CVE-2021-3572 https://access.redhat.com/security/cve/CVE-2021-3580 https://access.redhat.com/security/cve/CVE-2021-3712 https://access.redhat.com/security/cve/CVE-2021-3778 https://access.redhat.com/security/cve/CVE-2021-3796 https://access.redhat.com/security/cve/CVE-2021-3800 https://access.redhat.com/security/cve/CVE-2021-20231 https://access.redhat.com/security/cve/CVE-2021-20232 https://access.redhat.com/security/cve/CVE-2021-20266 https://access.redhat.com/security/cve/CVE-2021-22876 https://access.redhat.com/security/cve/CVE-2021-22898 https://access.redhat.com/security/cve/CVE-2021-22925 https://access.redhat.com/security/cve/CVE-2021-27645 https://access.redhat.com/security/cve/CVE-2021-28153 https://access.redhat.com/security/cve/CVE-2021-29923 https://access.redhat.com/security/cve/CVE-2021-33560 https://access.redhat.com/security/cve/CVE-2021-33574 https://access.redhat.com/security/cve/CVE-2021-35942 https://access.redhat.com/security/cve/CVE-2021-36084 https://access.redhat.com/security/cve/CVE-2021-36085 https://access.redhat.com/security/cve/CVE-2021-36086 https://access.redhat.com/security/cve/CVE-2021-36087 https://access.redhat.com/security/cve/CVE-2021-36221 https://access.redhat.com/security/cve/CVE-2021-42574 https://access.redhat.com/security/updates/classification/#moderate 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYfLisNzjgjWX9erEAQh6Uw/8CqKE03QduwcccdjdxHduBnzUMyYRNqkv mT02wqoxIAgEDj1ZdfX8+Wc3Q7M3TT2Jj2G29Xj7sz4BzqdqAP+dJy5KO6bKL8iR /N5idAy9mGgiTFZZqgJPO2JofMwqC7YuXKYOUJ2N/7tzcnZzpmlxXUywlwiEVGQq XPwgZi+rb8al7XzHqdo1x5hCdfrNYvdTYfVfW1mjCsTUIZZr3ahkuMoxFzEXbWTD STjakfdVQDrVL9/bmfB/7aYkjPtwhS/uNdyRBauXIqLZZJCmTD9j+6gS4ZhMWp5h 2yzI5l3k6ChLEoO4A9X89C3z+QQIU/q+X6gv/xTAHNXJv4zM5xBHE4UQgYxdg58g zrXkkCZAUghNEFUHf1X7kUqR7dB1IlZktptiAtRFV92qzzppowhM/t/j+4IOl8a+ rh8du9q93qsR9c69J5AOmFDDFiKYwzG6qfRV7jCGvo0XjnEXoU+/eYAg1SakEeHn hTSD1xhtnF1s1r6KYqWop2FFM+stxTcr/Lt1tYTgUM9KHKTfweLgRA3UeI2D6tGC lXuNMR+eCDBG2uTpFAHb3HT0RWt3zMYqfEz9emU0/XXPmndtFgwNGLYGGv/biwCl 8H39QqYv59khR65yxex8CL+Fabh9ST+vEAeX2bt2HgkiGL2SmxRhrnwwoNetFk4P uKM+ZSLaKV4=ByMp -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . A new release has been announced for Red Hat OpenShift distributed tracing version 2.1, classified as Moderate risk. Important security enhancements have been incorporated.. Red Hat OpenShift, security update, tracing system. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jan 27, 2022 Important Red Hat
Banner 3 1028x280 1708121785 1771599793
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here