Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 1 articles for you...
202
security advisoryfile overwriteimportantopenSUSE 15.2: umoci Important File Overwrite Fix SUSE:2021:0846-1
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for umoci =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F Announcement ID: openSUSE-SU-2021:0846-1 Rating: important References: #1184147 Cross-References: CVE-2021-29136 CVSS scores: CVE-2021-29136 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N= /S:U/C:N/I:H/A:N CVE-2021-29136 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R= /S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.2 =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F An update that fixes one vulnerability is now available. Description: This update for umoci fixes the following issues: Update to v0.4.7 (bsc#1184147). - CVE-2021-29136: Fixed overwriting of host files via malicious layer (bsc#1184147). This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended instal= lation methods like YaST online=5Fupdate or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-846=3D1 Package List: - openSUSE Leap 15.2 (x86=5F64): umoci-0.4.7-lp152.2.6.1 References: https://www.suse.com/security/cve/CVE-2021-29136.html https://bugzilla.suse.com/1184147 . A crucial software patch for openSUSE addresses CVE-2021-29136 concerning umoci, which poses risks to file reliability.. openSUSE umoci security patch CVE-2021-29136 file overwrite. . Severity: Important.LinuxSecurity.com Team
Sep 26, 2025
•Important
OpenSUSE
202
security advisorymoderatesecurity issueopenSUSE Leap 15.6 advisory: 2025:02282-1 moderate: umoci security issue
An update that solves one vulnerability can now be installed.. # Security update for umoci Announcement ID: SUSE-SU-2025:02282-1 Release Date: 2025-07-11T08:35:10Z Rating: moderate References: * bsc#1243388 Cross-References: * CVE-2021-41190 CVSS scores: * CVE-2021-41190 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N * CVE-2021-41190 ( NVD ): 3.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N Affected Products: * Basesystem Module 15-SP6 * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now beinstalled. ## Description: This update for umoci fixes the following issues: Update to umoci v0.5.0. Upstream changelog is available from bsc#1243388 A security flaw was found in the OCI image-spec, where it is possible to cause a blob with one media-type to be interpreted as a different media-type. As umoci is not a registry nor does it handle signatures, this vulnerability had no real impact on umoci but for safety we implemented the now-recommended media-type embedding and verification. CVE-2021-41190 Other changes in this release: * Several large reworks and API-related changes to the umoci's overlayfs support. This is only available to Go API users. * The runtime-spec config.json generated by umoci is updated to be more modern and work properly with modern runc versions. * The default gzip compression blocksize has been adjusted to match Docker. * zstd-compressed images are now fully supported. Users can explcitily request the compression algorithm for newly-generated layers with the \--compress option. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2282=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-2282=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-2282=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2282=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-2282=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2025-2282=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-2282=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-2282=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-2282=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-2282=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-2282=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-2282=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-2282=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-2282=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2282=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2282=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-2282=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-2282=1 ## Package List: * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * umoci-0.5.0-150000.3.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * umoci-0.5.0-150000.3.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * umoci-0.5.0-150000.3.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * umoci-0.5.0-150000.3.15.1 * SUSE Manager Proxy 4.3 (x86_64) * umoci-0.5.0-150000.3.15.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * umoci-0.5.0-150000.3.15.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) *umoci-0.5.0-150000.3.15.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * umoci-0.5.0-150000.3.15.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * umoci-0.5.0-150000.3.15.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * umoci-0.5.0-150000.3.15.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * umoci-0.5.0-150000.3.15.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * umoci-0.5.0-150000.3.15.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * umoci-0.5.0-150000.3.15.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * umoci-0.5.0-150000.3.15.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * umoci-0.5.0-150000.3.15.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * umoci-0.5.0-150000.3.15.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * umoci-0.5.0-150000.3.15.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * umoci-0.5.0-150000.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2021-41190.html * https://bugzilla.suse.com/show_bug.cgi?id=1243388 . Significant security revision disclosed for umoci in openSUSE tackling CVE-2021-41190 along with patch guidance.. openSUSE update, umoci security, CVE-2021-41190, security patch, Linux application. . LinuxSecurity.com Team
Jul 11, 2025
OpenSUSE
100
security advisorymoderateSuSESUSE Linux Enterprise Server: 2025:02282-1 moderate: umoci CVE-2021-41190
* bsc#1243388 Cross-References: * CVE-2021-41190 . # Security update for umoci Announcement ID: SUSE-SU-2025:02282-1 Release Date: 2025-07-11T08:35:10Z Rating: moderate References: * bsc#1243388 Cross-References: * CVE-2021-41190 CVSS scores: * CVE-2021-41190 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N * CVE-2021-41190 ( NVD ): 3.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N Affected Products: * Basesystem Module 15-SP6 * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ##Description: This update for umoci fixes the following issues: Update to umoci v0.5.0. Upstream changelog is available from bsc#1243388 A security flaw was found in the OCI image-spec, where it is possible to cause a blob with one media-type to be interpreted as a different media-type. As umoci is not a registry nor does it handle signatures, this vulnerability had no real impact on umoci but for safety we implemented the now-recommended media-type embedding and verification. CVE-2021-41190 Other changes in this release: * Several large reworks and API-related changes to the umoci's overlayfs support. This is only available to Go API users. * The runtime-spec config.json generated by umoci is updated to be more modern and work properly with modern runc versions. * The default gzip compression blocksize has been adjusted to match Docker. * zstd-compressed images are now fully supported. Users can explcitily request the compression algorithm for newly-generated layers with the \--compress option. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2282=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-2282=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-2282=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2282=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-2282=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2025-2282=1 * SUSE Manager Server 4.3 zypper in-t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-2282=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-2282=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-2282=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-2282=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-2282=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-2282=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-2282=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-2282=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2282=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2282=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-2282=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-2282=1 ## Package List: * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * umoci-0.5.0-150000.3.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * umoci-0.5.0-150000.3.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * umoci-0.5.0-150000.3.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * umoci-0.5.0-150000.3.15.1 * SUSE Manager Proxy 4.3 (x86_64) * umoci-0.5.0-150000.3.15.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * umoci-0.5.0-150000.3.15.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * umoci-0.5.0-150000.3.15.1 * SUSEEnterprise Storage 7.1 (aarch64 x86_64) * umoci-0.5.0-150000.3.15.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * umoci-0.5.0-150000.3.15.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * umoci-0.5.0-150000.3.15.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * umoci-0.5.0-150000.3.15.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * umoci-0.5.0-150000.3.15.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * umoci-0.5.0-150000.3.15.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * umoci-0.5.0-150000.3.15.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * umoci-0.5.0-150000.3.15.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * umoci-0.5.0-150000.3.15.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * umoci-0.5.0-150000.3.15.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * umoci-0.5.0-150000.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2021-41190.html * https://bugzilla.suse.com/show_bug.cgi?id=1243388 . SUSE notifies users about a security flaw in umoci, a key tool for OCI image management. Update promptly.. SUSE Linux Enterprise,umoci security update,openSUSE patch,OCI image management,security announcements. . LinuxSecurity.com Team
Jul 11, 2025
SuSE
202
security advisorymoderatesoftware updateopenSUSE Tumbleweed: 2025:15166-1 moderate: umoci-0.5.0-1.1 security fix
An update that solves one vulnerability can now be installed.. # umoci-0.5.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:15166-1 Rating: moderate Cross-References: * CVE-2021-41190 CVSS scores: * CVE-2021-41190 ( SUSE ): 5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the umoci-0.5.0-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * umoci 0.5.0-1.1 ## References: * https://www.suse.com/security/cve/CVE-2021-41190.html . The umoci-0.5.0-1.1 package has been updated in openSUSE Tumbleweed to rectify the identified CVE-2021-41190 vulnerability, which has been categorized with a moderate severity rating.. openSUSE Tumbleweed, umoci update, CVE-2021-41190, security patch, moderate severity. . LinuxSecurity.com Team
May 27, 2025
OpenSUSE
100
security advisorysecurity updatefile overwriteSUSE: 2021:1892-1 Critical: Umoci Security Flaw in File Handling
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for umoci ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1863-2 Rating: important References: #1184147 Cross-References: CVE-2021-29136 CVSS scores: CVE-2021-29136 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2021-29136 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for umoci fixes the following issues: Update to v0.4.7 (bsc#1184147). - CVE-2021-29136: Fixed overwriting of host files via malicious layer (bsc#1184147). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1863=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): umoci-0.4.7-3.12.1 References: https://www.suse.com/security/cve/CVE-2021-29136.html https://bugzilla.suse.com/1184147 . SUSE Security Patch for umoci addresses critical security issues, with detailed guidance on applying updates provided.. SUSE Linux, Umoci Security, Patch Instructions. . Severity: Important. LinuxSecurity.com Team
Jul 27, 2021
•Important
SuSE
202
security advisoryupdatefile overwriteopenSUSE Leap 15.3: 2021:1863-1 Important Umoci File Overwrite
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for umoci ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:1863-1 Rating: important References: #1184147 Cross-References: CVE-2021-29136 CVSS scores: CVE-2021-29136 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2021-29136 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for umoci fixes the following issues: Update to v0.4.7 (bsc#1184147). - CVE-2021-29136: Fixed overwriting of host files via malicious layer (bsc#1184147). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-1863=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): umoci-0.4.7-3.12.1 References: https://www.suse.com/security/cve/CVE-2021-29136.html https://bugzilla.suse.com/1184147 . A critical patch for umoci on openSUSE resolves a file replacement vulnerability. It’s essential to implement the correction immediately.. openSUSE umoci update security patch. . Severity: Important. LinuxSecurity.com Team
Jul 27, 2021
•Important
OpenSUSE
202
security advisoryfile overwriteimportantopenSUSE Leap 15.2: 2021:0846-1 Important: umoci File Overwrite
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for umoci ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:0846-1 Rating: important References: #1184147 Cross-References: CVE-2021-29136 CVSS scores: CVE-2021-29136 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2021-29136 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for umoci fixes the following issues: Update to v0.4.7 (bsc#1184147). - CVE-2021-29136: Fixed overwriting of host files via malicious layer (bsc#1184147). This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-846=1 Package List: - openSUSE Leap 15.2 (x86_64): umoci-0.4.7-lp152.2.6.1 References: https://www.suse.com/security/cve/CVE-2021-29136.html https://bugzilla.suse.com/1184147 . An update for umoci has been released to address critical vulnerabilities, among them the risk of file overwriting associated with CVE-2021-29136.. openSUSE Updates, umoci Security, System Patch, File Overwrite Fix. . Severity: Important. LinuxSecurity.com Team
Jun 07, 2021
•Important
OpenSUSE
100
security advisorycriticalfile overwriteSUSE: 2021:1863-1 Important: umoci File Overwrite Security Advisory
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for umoci ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1863-1 Rating: important References: #1184147 Cross-References: CVE-2021-29136 CVSS scores: CVE-2021-29136 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2021-29136 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Server 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for umoci fixes the following issues: - Update to v0.4.7 (bsc#1184147). - CVE-2021-29136: Fixed overwriting of host files via malicious layer (bsc#1184147). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1863=1 - SUSE Manager Retail Branch Server 4.0: zypper in -t patchSUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1863=1 - SUSE Manager Proxy 4.0: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1863=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1863=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1863=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1863=1 - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2021-1863=1 - SUSE Linux Enterprise Module for Containers 15-SP2: zypper in -t patch SUSE-SLE-Module-Containers-15-SP2-2021-1863=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1863=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1863=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2021-1863=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.0 (ppc64le s390x x86_64): umoci-0.4.7-3.12.1 - SUSE Manager Retail Branch Server 4.0 (x86_64): umoci-0.4.7-3.12.1 - SUSE Manager Proxy 4.0 (x86_64): umoci-0.4.7-3.12.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): umoci-0.4.7-3.12.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): umoci-0.4.7-3.12.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): umoci-0.4.7-3.12.1 - SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64): umoci-0.4.7-3.12.1 - SUSELinux Enterprise Module for Containers 15-SP2 (aarch64 ppc64le s390x x86_64): umoci-0.4.7-3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): umoci-0.4.7-3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): umoci-0.4.7-3.12.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): umoci-0.4.7-3.12.1 - SUSE CaaS Platform 4.0 (x86_64): umoci-0.4.7-3.12.1 References: https://www.suse.com/security/cve/CVE-2021-29136.html https://bugzilla.suse.com/1184147 . SUSE Security Patch resolves significant concerns in umoci, providing essential corrections and recommendations for deployment procedures.. SUSE Update, umoci Patch, Security Fix, File Overwrite Threat. . Severity: Important. LinuxSecurity.com Team
Jun 04, 2021
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!