Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
100
security advisorycriticalprivilege escalationSUSE: 2022:2900-2 Critical: Major Attire Security Update Released
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for trousers______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2800-1 Rating: important References: #1164472 Cross-References: CVE-2020-24330 CVSS scores: CVE-2020-24330 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-24330 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for trousers fixes the following issues: - CVE-2020-24330: Fixed a potential tss user to root privilege escalation issue (bsc#1164472). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2800=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libtspi1-0.3.13-3.3.1 libtspi1-32bit-0.3.13-3.3.1 libtspi1-debuginfo-0.3.13-3.3.1 libtspi1-debuginfo-32bit-0.3.13-3.3.1 trousers-0.3.13-3.3.1 trousers-debuginfo-0.3.13-3.3.1 trousers-debugsource-0.3.13-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-24330.html https://bugzilla.suse.com/1164472 . SUSE Security Patch addresses a vulnerability concerning privilege escalation in trousers, essential for maintaining system security and integrity.. SUSE Security Update, Privilege Escalation, Trousers Patch. . Severity: Important. LinuxSecurity.com Team
Aug 12, 2022
•Important
SuSE
89
security advisoryupdateFedoraFedora 33: Security Advisory for Trousers Fixing Critical Access Issues
Security update for trousers. Fixes for the following CVEs, plus a fix for an annocheck warning. - Fix for CVE-2020-24330 (RHBZ#1874824) - Fix for CVE-2020-24331 (RHBZ#1870057) - Fix for CVE-2020-24332 (RHBZ#1870053). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-ab3dace708 2020-11-05 01:02:23.473495 --------------------------------------------------------------------------------Name : trousers Product : Fedora 33 Version : 0.3.14 Release : 4.fc33 URL : Summary : TCG's Software Stack v1.2 Description : TrouSerS is an implementation of the Trusted Computing Group's Software Stack (TSS) specification. You can use TrouSerS to write applications that make use of your TPM hardware. TPM hardware can create, store and use RSA keys securely (without ever being exposed in memory), verify a platform's software state using cryptographic hashes and more. --------------------------------------------------------------------------------Update Information: Security update for trousers. Fixes for the following CVEs, plus a fix for an annocheck warning. - Fix for CVE-2020-24330 (RHBZ#1874824) - Fix for CVE-2020-24331 (RHBZ#1870057) - Fix for CVE-2020-24332 (RHBZ#1870053) --------------------------------------------------------------------------------ChangeLog: * Thu Oct 29 2020 Jerry Snitselaar - 0.3.14-4 - Fix for CVE-2020-24330 (RHBZ#1874824) - Fix for CVE-2020-24331 (RHBZ#1870057) - Fix for CVE-2020-24332 (RHBZ#1870053) --------------------------------------------------------------------------------References: [ 1 ] Bug #1870053 - CVE-2020-24332 trousers: tss user can be used to create or corrupt existing files, this could lead to DoS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1870053 [ 2 ] Bug #1870057 - CVE-2020-24331 trousers: tss user still has read and write access to the /etc/tcsd.conf file if tcsd is started as root[fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1870057 [ 3 ] Bug #1874824 - CVE-2020-24330 trousers: fails to drop the root gid privilege when no longer needed [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1874824 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-ab3dace708' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Nov 04, 2020
•Critical
Fedora
202
security advisorymoderatepackage updateopenSUSE Leap 15.1: openSUSE-SU-2020:0744-1 Moderate: Trousers Local Attack
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for trousers______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:0744-1 Rating: moderate References: #1157651 Cross-References: CVE-2019-18898 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for trousers fixes the following issues: - CVE-2019-18898: Fixed a local symlink attack where a rogue tss user could have gain ownership of arbitrary files in the system during installation/update of the trousers package (bsc#1157651). This update was imported from the SUSE:SLE-15-SP1:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-744=1 Package List: - openSUSE Leap 15.1 (i586 x86_64): libtspi1-0.3.14-lp151.4.6.1 libtspi1-debuginfo-0.3.14-lp151.4.6.1 trousers-0.3.14-lp151.4.6.1 trousers-debuginfo-0.3.14-lp151.4.6.1 trousers-debugsource-0.3.14-lp151.4.6.1 trousers-devel-0.3.14-lp151.4.6.1 - openSUSE Leap 15.1 (x86_64): libtspi1-32bit-0.3.14-lp151.4.6.1 libtspi1-32bit-debuginfo-0.3.14-lp151.4.6.1 References: https://www.suse.com/security/cve/CVE-2019-18898.html https://bugzilla.suse.com/1157651 -- . A patch for Ubuntu addresses a significant remote vulnerability in gdm to enhance your device's security.. openSUSE Security Update, trousers vulnerability, package management. . LinuxSecurity.com Team
May 29, 2020
OpenSUSE
202
security advisorymoderatelocal attackopenSUSE 15.1: 2020:0015-1 Moderate: Trousers Security Update
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for trousers______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:0015-1 Rating: moderate References: #1157651 Cross-References: CVE-2019-18898 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for trousers fixes the following issues: - CVE-2019-18898: Fixed a local symlink attack where a rogue tss user could have gain ownership of arbitrary files in the system during installation/update of the trousers package (bsc#1157651). This update was imported from the SUSE:SLE-15-SP1:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-15=1 Package List: - openSUSE Leap 15.1 (i586 x86_64): libtspi1-0.3.14-lp151.4.3.1 libtspi1-debuginfo-0.3.14-lp151.4.3.1 trousers-0.3.14-lp151.4.3.1 trousers-debuginfo-0.3.14-lp151.4.3.1 trousers-debugsource-0.3.14-lp151.4.3.1 trousers-devel-0.3.14-lp151.4.3.1 - openSUSE Leap 15.1 (x86_64): libtspi1-32bit-0.3.14-lp151.4.3.1 libtspi1-32bit-debuginfo-0.3.14-lp151.4.3.1 References: https://www.suse.com/security/cve/CVE-2019-18898.html https://bugzilla.suse.com/1157651 -- . openSUSE Security Patch addresses moderate vulnerabilities in the trousers library, allowing potential local exploitation risks.. Security Update, System Patch, Threat Mitigation. . LinuxSecurity.com Team
Jan 13, 2020
OpenSUSE
87
security advisorydenial of servicedebianDebian 2012: DSA-2576-1 Critical: Trousers Denial Of Service
Andy Lutomirski discovered that tcsd (the TPM userspace daemon) was missing a of input validation. Using carefully crafted input, it can lead to a denial of service by making the daemon crash with a segmentation fault. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-2576-1
Nov 23, 2012
•Critical
Debian
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!