Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
89
security advisoryupdateFedoraFedora 40: 2024-82a696ca59 high: python3.12 unbounded memory issues
Update to 3.12.8. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-82a696ca59 2024-12-24 01:40:42.154047+00:00 -------------------------------------------------------------------------------- Name : python3.12 Product : Fedora 40 Version : 3.12.8 Release : 2.fc40 URL : https://www.python.org/ Summary : Version 3.12 of the Python interpreter Description : Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. -------------------------------------------------------------------------------- Update Information: Update to 3.12.8 -------------------------------------------------------------------------------- ChangeLog: * Fri Dec 6 2024 Charalampos Stratakis - 3.12.8-2 - Security fix for CVE-2024-12254 - Fixes: rhbz#2330926 * Tue Dec 3 2024 Charalampos Stratakis - 3.12.8-1 - Update to 3.12.8 - Security fix for CVE-2024-9287 - Fixes: rhbz#2321656 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2321656 - CVE-2024-9287 python3.12: Virtual environment (venv) activation scripts don't quote paths [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2321656 [ 2 ] Bug #2330926 - CVE-2024-12254 python3.12: Unbounded memory buffering in SelectorSocketTransport.writelines() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2330926 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-82a696ca59' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages aresigned with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Dec 24, 2024
Fedora
100
security advisorysoftware updateimportantSUSE 15 SP6: 2024:4291-1 critical: python312 unbounded memory
* bsc#1231795 * bsc#1234290 Cross-References: * CVE-2024-12254 . # Security update for python312 Announcement ID: SUSE-SU-2024:4291-1 Release Date: 2024-12-11T11:24:51Z Rating: important References: * bsc#1231795 * bsc#1234290 Cross-References: * CVE-2024-12254 CVSS scores: * CVE-2024-12254 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-12254 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-12254 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.6 * Python 3 Module 15-SP6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for python312 fixes the following issues: * CVE-2024-12254: Fixed unbounded memory buffering in SelectorSocketTransport.writelines() (bsc#1234290) Other fixes: \- Updated to version 3.12.8 \- Remove -IVendor/ from python-config (bsc#1231795) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-4291=1 openSUSE-SLE-15.6-2024-4291=1 * Python 3 Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2024-4291=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * python312-doc-devhelp-3.12.8-150600.3.12.1 * python312-tools-3.12.8-150600.3.12.1 * libpython3_12-1_0-debuginfo-3.12.8-150600.3.12.1 *python312-dbm-debuginfo-3.12.8-150600.3.12.1 * python312-tk-3.12.8-150600.3.12.1 * python312-idle-3.12.8-150600.3.12.1 * python312-base-3.12.8-150600.3.12.1 * python312-curses-3.12.8-150600.3.12.1 * python312-testsuite-debuginfo-3.12.8-150600.3.12.1 * python312-debugsource-3.12.8-150600.3.12.1 * libpython3_12-1_0-3.12.8-150600.3.12.1 * python312-tk-debuginfo-3.12.8-150600.3.12.1 * python312-testsuite-3.12.8-150600.3.12.1 * python312-3.12.8-150600.3.12.1 * python312-curses-debuginfo-3.12.8-150600.3.12.1 * python312-doc-3.12.8-150600.3.12.1 * python312-base-debuginfo-3.12.8-150600.3.12.1 * python312-dbm-3.12.8-150600.3.12.1 * python312-debuginfo-3.12.8-150600.3.12.1 * python312-devel-3.12.8-150600.3.12.1 * python312-core-debugsource-3.12.8-150600.3.12.1 * openSUSE Leap 15.6 (x86_64) * python312-32bit-3.12.8-150600.3.12.1 * libpython3_12-1_0-32bit-debuginfo-3.12.8-150600.3.12.1 * libpython3_12-1_0-32bit-3.12.8-150600.3.12.1 * python312-base-32bit-debuginfo-3.12.8-150600.3.12.1 * python312-32bit-debuginfo-3.12.8-150600.3.12.1 * python312-base-32bit-3.12.8-150600.3.12.1 * openSUSE Leap 15.6 (aarch64_ilp32) * python312-64bit-debuginfo-3.12.8-150600.3.12.1 * libpython3_12-1_0-64bit-debuginfo-3.12.8-150600.3.12.1 * python312-64bit-3.12.8-150600.3.12.1 * python312-base-64bit-3.12.8-150600.3.12.1 * python312-base-64bit-debuginfo-3.12.8-150600.3.12.1 * libpython3_12-1_0-64bit-3.12.8-150600.3.12.1 * Python 3 Module 15-SP6 (aarch64 ppc64le s390x x86_64) * python312-dbm-debuginfo-3.12.8-150600.3.12.1 * python312-tk-debuginfo-3.12.8-150600.3.12.1 * python312-3.12.8-150600.3.12.1 * python312-curses-debuginfo-3.12.8-150600.3.12.1 * python312-debugsource-3.12.8-150600.3.12.1 * python312-tools-3.12.8-150600.3.12.1 * python312-tk-3.12.8-150600.3.12.1 * python312-devel-3.12.8-150600.3.12.1 * python312-curses-3.12.8-150600.3.12.1 *python312-base-debuginfo-3.12.8-150600.3.12.1 * libpython3_12-1_0-3.12.8-150600.3.12.1 * python312-idle-3.12.8-150600.3.12.1 * python312-dbm-3.12.8-150600.3.12.1 * python312-debuginfo-3.12.8-150600.3.12.1 * python312-core-debugsource-3.12.8-150600.3.12.1 * python312-base-3.12.8-150600.3.12.1 * libpython3_12-1_0-debuginfo-3.12.8-150600.3.12.1 ## References: * https://www.suse.com/security/cve/CVE-2024-12254.html * https://bugzilla.suse.com/show_bug.cgi?id=1231795 * https://bugzilla.suse.com/show_bug.cgi?id=1234290 . The recent security notice for python312 underscores significant vulnerabilities and enhancements for SUSE offerings, taking effect on December 11, 2024.. python312 security update,SUSE advisory,buffering issue fix,SUSE Linux application. . Severity: Critical. LinuxSecurity.com Team
Dec 11, 2024
•Critical
SuSE
89
security advisoryFedorasecurity fixFedora 41 python3.12 - Urgent Security Patch for CVE-2024-12254
Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable: the reference. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-340a4bdc5d 2024-12-10 01:22:52.138514+00:00 -------------------------------------------------------------------------------- Name : python3.12 Product : Fedora 41 Version : 3.12.8 Release : 2.fc41 URL : https://www.python.org/ Summary : Version 3.12 of the Python interpreter Description : Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable: the reference interpreter for the Python language, version 3. The majority of its standard library is provided in the python3.12-libs package, which should be installed automatically along with python3.12. The remaining parts of the Python standard library are broken out into the python3.12-tkinter and python3.12-test packages, which may need to be installed separately. Documentation for Python is provided in the python3.12-docs package. Packages containing additional libraries for Python are generally named with the "python3.12-" prefix. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2024-12254 Update to 3.12.8 -------------------------------------------------------------------------------- ChangeLog: * Fri Dec 6 2024 Charalampos Stratakis - 3.12.8-2 - Security fix for CVE-2024-12254 - Fixes: rhbz#2330926 * Tue Dec 3 2024 Charalampos Stratakis -3.12.8-1 - Update to 3.12.8 - Security fix for CVE-2024-9287 - Fixes: rhbz#2321656 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2321656 - CVE-2024-9287 python3.12: Virtual environment (venv) activation scripts don't quote paths [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2321656 [ 2 ] Bug #2330926 - CVE-2024-12254 python3.12: Unbounded memory buffering in SelectorSocketTransport.writelines() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2330926 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-340a4bdc5d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Dec 10, 2024
•Critical
Fedora
200
security advisoryimportant updateOpenJDKSciLinux: SLSA-2022-1440-1 Important: OpenJDK Security Issues Resolved
OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008) (CVE-2022-21476) * OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) (CVE-2022-21426) * OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) (CVE-2022-21434) * OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8 [More...]. Synopsis: Important: java-11-openjdk security, bug fix, and enhancement update Advisory ID: SLSA-2022:1440-1 Issue Date: 2022-04-20 CVE Numbers: CVE-2022-21426 CVE-2022-21443 CVE-2022-21434 CVE-2022-21476 CVE-2022-21496 -- The following packages have been upgraded to a later upstream version: java-11-openjdk (11.0.15.0.9). Security Fix(es): * OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008) (CVE-2022-21476) * OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504) (CVE-2022-21426) * OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672) (CVE-2022-21434) * OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151) (CVE-2022-21443) * OpenJDK: URI parsing inconsistencies (JNDI, 8278972) (CVE-2022-21496) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE -- SL7 x86_64 java-11-openjdk-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-debuginfo-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-headless-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-headless-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-demo-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-demo-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-devel-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-devel-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-javadoc-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-javadoc-zip-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-jmods-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-src-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-src-11.0.15.0.9-2.el7_9.x86_64.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.i686.rpm java-11-openjdk-static-libs-11.0.15.0.9-2.el7_9.x86_64.rpm - Scientific Linux Development Team . Important update for java-11-openjdk addresses various vulnerabilities including unrestrained memory usage and input verification errors.. Java 11 Security, OpenJDK Patch, Memory Allocation Issue. . Severity: Important. LinuxSecurity.com Team
Apr 20, 2022
•Important
Scientific Linux
98
security advisoryupdatered hatRedHat: RHSA-2019-2861-01 Important: OpenShift 4.1.18 gRPC Security Update
An update for gRPC, included in sriov-network-device-plugin-container, is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: OpenShift Container Platform 4.1.18 gRPC security update Advisory ID: RHSA-2019:2861-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2019:2861 Issue date: 2019-09-26 CVE Names: CVE-2019-9512 CVE-2019-9514 CVE-2019-9515 ==================================================================== 1. Summary: An update for gRPC, included in sriov-network-device-plugin-container, is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains updates gRPC in the sriov-network-device-plugin container in Red Hat OpenShift Container Platform 4.1.18. Security Fix(es): * HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512) * HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514) * HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the Referencessection. 3. Solution: For OpenShift Container Platform 4.1 see the following documentation, which will be updated shortly for release 4.1.18, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.1/html/release_notes/ocp-4-1-release-notes 4. Bugs fixed (https://bugzilla.redhat.com/): 1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth 1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth 1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth 5. References: https://access.redhat.com/security/cve/CVE-2019-9512 https://access.redhat.com/security/cve/CVE-2019-9514 https://access.redhat.com/security/cve/CVE-2019-9515 https://access.redhat.com/security/updates/classification/#important 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXYzzvtzjgjWX9erEAQi8sA/9FPXjks9f8plp1ShGo8U3Ji9rT7iWGLa+ OzkGYACB7W27T0bKwj5mOHVuqOtg+FZ+PGtfQ1wE4/yrAySrKAYy9zsLc0q89+lf XOPDdp3+Svh4PBOuhHpOuRg+g1qZF69HN3XGecyoIWvbXYE4Kken9hu3hpAfHL5v MAJwWRJGw1PCjb7Ip6Ocr0fblffE8J9rgGNelCiYO+oZ39lkvU3VrdPWoPEQ+vQ3 rgwelpNrr7U3U8GDd7L4xuyT3LIgpgMqn11yIyq4PcB9VPSRJBLBZMO6CtPzbDnW ZFDhCrfhacQn765g3Y/hDWcO6/Au9zaWK+JOwkPy24ozqZ8TGm9rS1q1nGhEiHsu 9pk9SlC9FEdtN2dajU4ReKA6M/VRm2GRiEofsavHWf9U+WBPnKYHlV0TdeH+IFvu xA4Rc7IrB2y/QTqiBHuaPs6TU4+S7u+nz9S3PEJbUxGVP+lucFRX0yh0PTpFX4Sa RcOL5no6jLPD+tqrZrK50W7yvK+ctTieTLp8RCDePFzbGQMi9XxjP5CVttNY6TjO Z0UHOBb9OeT+S6Oj7UTPEXZG9W8xwO0WINtL0+1jstDy/SNs6UZOW84KiWaxQhad aNchfqPYFhQ74dU+srN4YGJ+eG3H1/S3t0ib+A8hNFPC802rA7h/GJ5qiyaF3AGy XqdhMfCY5mU=kWUW -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Sep 26, 2019
•Important
Red Hat
202
security advisorydenial of serviceimportantopenSUSE: 2019:2000-1 Important: go1.12 Denial of Service Fix
An update that solves three vulnerabilities and has two fixes is now available.. openSUSE Security Update: Security update for go1.12 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:2000-1 Rating: important References: #1139210 #1141689 #1146111 #1146115 #1146123 Cross-References: CVE-2019-14809 CVE-2019-9512 CVE-2019-9514 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that solves three vulnerabilities and has two fixes is now available. Description: This update for go1.12 fixes the following issues: Security issues fixed: - CVE-2019-9512: Fixed HTTP/2 flood using PING frames that results in unbounded memory growth. (bsc#1146111) - CVE-2019-9514: Fixed HTTP/2 implementation is vulnerable to a reset flood, potentially leading to a denial of service. (bsc#1146115) - CVE-2019-14809: Fixed authorization bypass due to malformed hosts in URLs. (bsc#1146123) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2019-2000=1 Package List: - openSUSE Leap 15.1 (x86_64): go1.12-1.12.9-lp151.2.9.1 go1.12-doc-1.12.9-lp151.2.9.1 go1.12-race-1.12.9-lp151.2.9.1 References: https://www.suse.com/security/cve/CVE-2019-14809.html https://www.suse.com/security/cve/CVE-2019-9512.html https://www.suse.com/security/cve/CVE-2019-9514.html https://bugzilla.suse.com/1139210 https://bugzilla.suse.com/1141689 https://bugzilla.suse.com/1146111 https://bugzilla.suse.com/1146115 https://bugzilla.suse.com/1146123 -- . This release for Fedora resolves significant vulnerabilities inpython3.8, tackling remote code execution and privilege escalation.. openSUSE Security Update, go1.12 Patch, important Security Fix. . Severity: Important. LinuxSecurity.com Team
Aug 24, 2019
•Important
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!