Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 3 articles for you...
89
security advisoryfedoraupdate processFedora 44 gstreamer1-plugins-bad-free Update 1.28.1 Advisory 2026
1.28.1. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-9cfb46ac78 2026-03-14 00:15:28.464474+00:00 -------------------------------------------------------------------------------- Name : gstreamer1-plugins-bad-free Product : Fedora 44 Version : 1.28.1 Release : 1.fc44 URL : http://gstreamer.freedesktop.org/ Summary : GStreamer streaming media framework "bad" plugins Description : GStreamer is a streaming media framework, based on graphs of elements which operate on media data. This package contains plug-ins that aren't tested well enough, or the code is not of good enough quality. -------------------------------------------------------------------------------- Update Information: 1.28.1 -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 26 2026 Gwyn Ciesla - 1.28.1-1 - 1.28.1 * Mon Feb 16 2026 Marcin Juszkiewicz - 1.28.0-5 - Disable onnx on riscv64 port * Fri Feb 6 2026 Yaakov Selkowitz - 1.28.0-4 - Move HIP plugin to main package -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-9cfb46ac78' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Mar 14, 2026 •Informational Fedora 89
security advisorysecurity issuecriticalFedora 41: FEDORA-2025-3dfc505946 critical: rpm-ostree use after free
Merge branch 'f42' into f41 Merge branch 'rawhide' into f41 Fix merge conflict. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-3dfc505946 2025-02-27 01:58:26.120865+00:00 -------------------------------------------------------------------------------- Name : rpm-ostree Product : Fedora 41 Version : 2025.5 Release : 2.fc41 URL : https://github.com/coreos/rpm-ostree Summary : Hybrid image/package system Description : rpm-ostree is a hybrid image/package system. It supports "composing" packages on a build server into an OSTree repository, which can then be replicated by client systems with atomic upgrades. Additionally, unlike many "pure" image systems, with rpm-ostree each client system can layer on additional packages, providing a "best of both worlds" approach. -------------------------------------------------------------------------------- Update Information: Merge branch 'f42' into f41 Merge branch 'rawhide' into f41 Fix merge conflict -------------------------------------------------------------------------------- ChangeLog: * Mon Feb 10 2025 Joseph Marrero Corchado - 2025.5-1 - Release 2025.5 * Thu Jan 30 2025 Joseph Marrero Corchado - 2025.4-1 - Release 2025.4 * Tue Jan 28 2025 Joseph Marrero Corchado - 2025.3-3 - spec: use autorelease on rawhide * Tue Jan 28 2025 Joseph Marrero Corchado - 2025.3-2 - spec: remove kernel_install conditional temporarily * Mon Jan 27 2025 Colin Walters - 2025.3-1 - Update to 2025.3, add a bcond for kernel-install * Fri Jan 24 2025 Joseph Marrero Corchado - 2025.2-2 - spec: Sync with upstream * Thu Jan 23 2025 Joseph Marrero Corchado - 2025.2-1 - Release 2025.2 * Thu Jan 16 2025 Joseph Marrero Corchado - 2025.1-2 - spec: package /lib/kernel/install.d/05-rpmostree.install * Thu Jan 16 2025 Joseph Marrero Corchado - 2025.1-1 - Rebase to rpm-ostree 2025.1 * Wed Jan 15 2025 Colin Walters - 2024.9-5 - Dropunused patch * Wed Jan 15 2025 Colin Walters - 2024.9-4 - Fast track https://github.com/coreos/rpm-ostree/pull/5224 * Tue Dec 10 2024 Colin Walters - 2024.9-3 - Flip bcond for ostree_ext off * Tue Dec 10 2024 Colin Walters - 2024.9-2 - Add a bcond for ostree_ext -------------------------------------------------------------------------------- References: [ 1 ] Bug #2342078 - dnf errors relating to kernel-install when updating kernel, rpm-ostree-2025.2-1 is installed https://bugzilla.redhat.com/show_bug.cgi?id=2342078 [ 2 ] Bug #2344556 - rpm-ostree: openssl: CVE-2025-0977 / RUSTSEC-2025-0004: ssl::select_next_proto use after free https://bugzilla.redhat.com/show_bug.cgi?id=2344556 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-3dfc505946' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Feb 27, 2025 •Critical Fedora 
202
security advisorybuffer overflowmoderate severityopenSUSE Leap 15.4: 2023:4910-1 Moderate: avahi Host Name Buffer Overflow
This update for avahi fixes the following issues: CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419).. # Security update for avahi Announcement ID: SUSE-SU-2023:4910-1 Rating: moderate References: * bsc#1215947 * bsc#1216419 Cross-References: * CVE-2023-38470 * CVE-2023-38473 CVSS scores: * CVE-2023-38470 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38470 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38473 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-38473 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for avahi fixes the following issues: * CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419). * CVE-2023-38470: Fixed that each label is at least one byte long (bsc#1215947). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4910=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4910=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4910=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4910=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4910=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patchSUSE-SUSE-MicroOS-5.2-2023-4910=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libavahi-ui0-0.7-150100.3.29.1 * libavahi-ui0-debuginfo-0.7-150100.3.29.1 * SUSE Manager Proxy 4.2 (x86_64) * avahi-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.29.1 * avahi-compat-howl-devel-0.7-150100.3.29.1 * libavahi-glib1-debuginfo-0.7-150100.3.29.1 * libhowl0-debuginfo-0.7-150100.3.29.1 * libavahi-gobject0-debuginfo-0.7-150100.3.29.1 * libavahi-gobject0-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * typelib-1_0-Avahi-0_6-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * avahi-utils-debuginfo-0.7-150100.3.29.1 * avahi-glib2-debugsource-0.7-150100.3.29.1 * libavahi-ui0-0.7-150100.3.29.1 * avahi-compat-mDNSResponder-devel-0.7-150100.3.29.1 * libdns_sd-debuginfo-0.7-150100.3.29.1 * avahi-utils-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * libavahi-ui0-debuginfo-0.7-150100.3.29.1 * libdns_sd-0.7-150100.3.29.1 * libavahi-glib1-0.7-150100.3.29.1 * libavahi-devel-0.7-150100.3.29.1 * libhowl0-0.7-150100.3.29.1 * avahi-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-0.7-150100.3.29.1 * libavahi-glib-devel-0.7-150100.3.29.1 * libavahi-client3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * libavahi-client3-32bit-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * SUSE Manager Proxy 4.2 (noarch) * avahi-lang-0.7-150100.3.29.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * avahi-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-debuginfo-0.7-150100.3.29.1 *libavahi-core7-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.29.1 * avahi-compat-howl-devel-0.7-150100.3.29.1 * libavahi-glib1-debuginfo-0.7-150100.3.29.1 * libhowl0-debuginfo-0.7-150100.3.29.1 * libavahi-gobject0-debuginfo-0.7-150100.3.29.1 * libavahi-gobject0-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * typelib-1_0-Avahi-0_6-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * avahi-utils-debuginfo-0.7-150100.3.29.1 * avahi-glib2-debugsource-0.7-150100.3.29.1 * libavahi-ui0-0.7-150100.3.29.1 * avahi-compat-mDNSResponder-devel-0.7-150100.3.29.1 * libdns_sd-debuginfo-0.7-150100.3.29.1 * avahi-utils-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * libavahi-ui0-debuginfo-0.7-150100.3.29.1 * libdns_sd-0.7-150100.3.29.1 * libavahi-glib1-0.7-150100.3.29.1 * libavahi-devel-0.7-150100.3.29.1 * libhowl0-0.7-150100.3.29.1 * avahi-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-0.7-150100.3.29.1 * libavahi-glib-devel-0.7-150100.3.29.1 * libavahi-client3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * libavahi-client3-32bit-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * avahi-lang-0.7-150100.3.29.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * avahi-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.29.1 * avahi-compat-howl-devel-0.7-150100.3.29.1 * libavahi-glib1-debuginfo-0.7-150100.3.29.1 * libhowl0-debuginfo-0.7-150100.3.29.1 * libavahi-gobject0-debuginfo-0.7-150100.3.29.1 * libavahi-gobject0-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * typelib-1_0-Avahi-0_6-0.7-150100.3.29.1 * libavahi-ui-gtk3-0-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * avahi-utils-debuginfo-0.7-150100.3.29.1 * avahi-glib2-debugsource-0.7-150100.3.29.1 * libavahi-ui0-0.7-150100.3.29.1 * avahi-compat-mDNSResponder-devel-0.7-150100.3.29.1 * libdns_sd-debuginfo-0.7-150100.3.29.1 * avahi-utils-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * libavahi-ui0-debuginfo-0.7-150100.3.29.1 * libdns_sd-0.7-150100.3.29.1 * libavahi-glib1-0.7-150100.3.29.1 * libavahi-devel-0.7-150100.3.29.1 * libhowl0-0.7-150100.3.29.1 * libavahi-glib-devel-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * SUSE Manager Server 4.2 (noarch) * avahi-lang-0.7-150100.3.29.1 * SUSE Manager Server 4.2 (x86_64) * avahi-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-0.7-150100.3.29.1 * libavahi-client3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-common3-32bit-debuginfo-0.7-150100.3.29.1 * libavahi-client3-32bit-0.7-150100.3.29.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * avahi-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * avahi-debuginfo-0.7-150100.3.29.1 * libavahi-client3-debuginfo-0.7-150100.3.29.1 * avahi-debugsource-0.7-150100.3.29.1 * libavahi-core7-0.7-150100.3.29.1 * libavahi-common3-debuginfo-0.7-150100.3.29.1 * libavahi-core7-debuginfo-0.7-150100.3.29.1 * libavahi-client3-0.7-150100.3.29.1 * libavahi-common3-0.7-150100.3.29.1 * avahi-0.7-150100.3.29.1 ## References: *https://www.suse.com/security/cve/CVE-2023-38470.html * https://www.suse.com/security/cve/CVE-2023-38473.html * https://bugzilla.suse.com/show_bug.cgi?id=1215947 * https://bugzilla.suse.com/show_bug.cgi?id=1216419 . Essential security patch for avahi tackles several vulnerabilities with accessible assertions to improve overall system protection.. Avahi Update, openSUSE Security, Security Advisory, SUSE Security Patch. . Severity: Important. LinuxSecurity.com Team
Dec 19, 2023 •Important OpenSUSE 89
security advisoryfedoracritical updateFedora 10: Security Alert SA-CORE-2009-002 Important Patch For Drupal 6.10
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-0653 2009-01-16 22:40:02 -------------------------------------------------------------------------------- Name : drupal Product : Fedora 10 Version : 6.9 Release : 1.fc10 URL : http://www.drupal.org Summary : An open-source content-management platform Description : Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. -------------------------------------------------------------------------------- Update Information: SA-CORE-2009-001 ( https:// ) Remember to log in to your site as the admin user before upgrading this package. After upgrading the package, browse to to run the upgrade script. -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 15 2009 Jon Ciesla - 6.9-1 - Upgrade to 6.9, DRUPAL-SA-CORE-2009-001. * Thu Dec 11 2008 Jon Ciesla - 6.7-1 - Upgrade to 6.7, SA-2008-073. -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update drupal' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list
Jul 30, 2023 •Important Fedora 98
security advisoryRed Hat Enterprise LinuxfirefoxRed Hat Enterprise Linux 9.0 RHSA-2023-0809-01 Important: Firefox Update
An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2023:0809-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:0809 Issue date: 2023-02-20 CVE Names: CVE-2023-0767 CVE-2023-25728 CVE-2023-25729 CVE-2023-25730 CVE-2023-25732 CVE-2023-25735 CVE-2023-25737 CVE-2023-25739 CVE-2023-25742 CVE-2023-25743 CVE-2023-25744 CVE-2023-25746 ==================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.8.0 ESR. Security Fix(es): * Mozilla: Arbitrary memory write via PKCS 12 in NSS (CVE-2023-0767) * Mozilla: Content security policy leak in violation reports using iframes (CVE-2023-25728) * Mozilla: Screen hijack via browser fullscreen mode (CVE-2023-25730) * Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-25735) * Mozilla: Invalid downcast inSVGUtils::SetupStrokeGeometry (CVE-2023-25737) * Mozilla: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext (CVE-2023-25739) * Mozilla: Fullscreen notification not shown in Firefox Focus (CVE-2023-25743) * Mozilla: Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8 (CVE-2023-25744) * Mozilla: Memory safety bugs fixed in Firefox ESR 102.8 (CVE-2023-25746) * Mozilla: Extensions could have opened external schemes without user knowledge (CVE-2023-25729) * Mozilla: Out of bounds memory write from EncodeInputStream (CVE-2023-25732) * Mozilla: Web Crypto ImportKey crashes tab (CVE-2023-25742) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2170374 - CVE-2023-25728 Mozilla: Content security policy leak in violation reports using iframes 2170375 - CVE-2023-25730 Mozilla: Screen hijack via browser fullscreen mode 2170376 - CVE-2023-25743 Mozilla: Fullscreen notification not shown in Firefox Focus 2170377 - CVE-2023-0767 Mozilla: Arbitrary memory write via PKCS 12 in NSS 2170378 - CVE-2023-25735 Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey 2170379 - CVE-2023-25737 Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry 2170381 - CVE-2023-25739 Mozilla: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext 2170382 - CVE-2023-25729 Mozilla: Extensions could have opened external schemes without user knowledge 2170383 - CVE-2023-25732 Mozilla: Out of bounds memory write from EncodeInputStream 2170390 - CVE-2023-25742 Mozilla: Web Crypto ImportKey crashes tab 2170391 - CVE-2023-25744 Mozilla: Memory safetybugs fixed in Firefox 110 and Firefox ESR 102.8 2170402 - CVE-2023-25746 Mozilla: Memory safety bugs fixed in Firefox ESR 102.8 6. Package List: Red Hat Enterprise Linux AppStream EUS (v.9.0): Source: firefox-102.8.0-2.el9_0.src.rpm aarch64: firefox-102.8.0-2.el9_0.aarch64.rpm firefox-debuginfo-102.8.0-2.el9_0.aarch64.rpm firefox-debugsource-102.8.0-2.el9_0.aarch64.rpm ppc64le: firefox-102.8.0-2.el9_0.ppc64le.rpm firefox-debuginfo-102.8.0-2.el9_0.ppc64le.rpm firefox-debugsource-102.8.0-2.el9_0.ppc64le.rpm s390x: firefox-102.8.0-2.el9_0.s390x.rpm firefox-debuginfo-102.8.0-2.el9_0.s390x.rpm firefox-debugsource-102.8.0-2.el9_0.s390x.rpm x86_64: firefox-102.8.0-2.el9_0.x86_64.rpm firefox-debuginfo-102.8.0-2.el9_0.x86_64.rpm firefox-debugsource-102.8.0-2.el9_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-0767 https://access.redhat.com/security/cve/CVE-2023-25728 https://access.redhat.com/security/cve/CVE-2023-25729 https://access.redhat.com/security/cve/CVE-2023-25730 https://access.redhat.com/security/cve/CVE-2023-25732 https://access.redhat.com/security/cve/CVE-2023-25735 https://access.redhat.com/security/cve/CVE-2023-25737 https://access.redhat.com/security/cve/CVE-2023-25739 https://access.redhat.com/security/cve/CVE-2023-25742 https://access.redhat.com/security/cve/CVE-2023-25743 https://access.redhat.com/security/cve/CVE-2023-25744 https://access.redhat.com/security/cve/CVE-2023-25746 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBY/NnmNzjgjWX9erEAQjgmA//UGUjNyaf3J0XFeDXzPwmJT36dRfx4ePM zDBghvMV5bCw7zqPxyone/aSgsMD2slK4d7l1LUAaFVwPoixJRpk2Xx7XXbOvlus gY+vH+l5YoTPTYxM+555PvQzROvhVAr6WqZt9dxjeMMyI10YdlghfDrMAu5+gK6M Zp/3oACu1x9WmZ2jOSEQEHnfYw1otaD2Cj3DwQszFshJWd+NsUwx3QoEddJIpWmf g1J3j4dEJwV/0txv5cblqgE9Hm0XHDevdqPjAhBhCmtIopSgIkmxNcVuf1Vi5awA 3HulGSQkmyR3JEe9fJv7Izi3tRdzUPnAoTsR2PIJBgD2ajEbtNoEAYtXFJq46d8s YxDoZaExwhe3CXCxHD3W8huy3ijcSr/pbZIEZ+mT79GjncAz5ZowNTV9/4WSU7yz l74Yu7U33b9cAcEU7qTngL2Zi6lieP1UrnymE37TW2/DFgktKgd37kW246qkW24M gs+31356dU+5j4gXSynjHgtEM7WpYtflaJXzPyA2F6oQ4TjWk7kmoJbL5fWcoGFZ ZCrlFz3/XfhIvhCTWjZFN6rxPXPpgdZonC+0BM8kJYyep/CBeaJ7dhVQ9ygZwGAF 9+s0h3rUyezZx25aP0zjU868CIyijgZysztoeWhX9EFp5QEuyAyH0fUIljXIn9rF coqKDjmrADw=rAob -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Feb 20, 2023 •Important Red Hat 100
security advisorymoderateupdate processSUSE: 2022:4289-1 Critical Security Update for PkgKit Software
An update that contains security fixes can now be installed. . SUSE Security Update: Security update for supportutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4278-1 Rating: moderate References: #1184689 #1188086 #1192252 #1192648 #1197428 #1200330 #1202269 #1202337 #1202417 #1203818 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for supportutils fixes the following issues: Security issues fixed: - Passwordscorrectly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818) Bug fixes: - Added lifecycle information - Fixed KVM virtualization detection on bare metal (bsc#1184689) - Added logging using journalctl (bsc#1200330) - Get current sar data before collecting files (bsc#1192648) - Collects everything in /etc/multipath/ (bsc#1192252) - Collects power management information in hardware.txt (bsc#1197428) - Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337) - Fixed conf_files and conf_text_files so y2log is gathered (bsc#1202269) - Update to nvme_info and block_info (bsc#1202417) - Added includedir directories from /etc/sudoers (bsc#1188086) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4278=1 - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4278=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4278=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4278=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4278=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4278=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4278=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4278=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4278=1 Package List: - openSUSE Leap Micro 5.3 (noarch): supportutils-3.1.21-150300.7.35.15.1 - openSUSE Leap Micro 5.2 (noarch): supportutils-3.1.21-150300.7.35.15.1 - openSUSE Leap 15.4(noarch): supportutils-3.1.21-150300.7.35.15.1 - openSUSE Leap 15.3 (noarch): supportutils-3.1.21-150300.7.35.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): supportutils-3.1.21-150300.7.35.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): supportutils-3.1.21-150300.7.35.15.1 - SUSE Linux Enterprise Micro 5.3 (noarch): supportutils-3.1.21-150300.7.35.15.1 - SUSE Linux Enterprise Micro 5.2 (noarch): supportutils-3.1.21-150300.7.35.15.1 - SUSE Linux Enterprise Micro 5.1 (noarch): supportutils-3.1.21-150300.7.35.15.1 References: https://bugzilla.suse.com/1184689 https://bugzilla.suse.com/1188086 https://bugzilla.suse.com/1192252 https://bugzilla.suse.com/1192648 https://bugzilla.suse.com/1197428 https://bugzilla.suse.com/1200330 https://bugzilla.suse.com/1202269 https://bugzilla.suse.com/1202337 https://bugzilla.suse.com/1202417 https://bugzilla.suse.com/1203818 . The latest security patch for supportutils resolves numerous vulnerabilities affecting a range of SUSE offerings; please adhere to the installation instructions provided.. SUSE Security, Supportutils Update, System Patching, Moderate Severity, Patch Installation. . LinuxSecurity.com Team
Nov 29, 2022 SuSE 98
security advisoryimportant securitysecurity impactRed Hat Ansible Automation Platform 2.0.1 Alert: CVE-2021-3620 Info Leak
An update is now available for Red Hat Ansible Automation Platform 2.0 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Ansible Automation Platform 2.0.1 Security and Bug fix Release Advisory ID: RHSA-2021:3874-01 Product: Red Hat Ansible Automation Platform Advisory URL: https://access.redhat.com/errata/RHSA-2021:3874 Issue date: 2021-10-14 CVE Names: CVE-2021-3620 ==================================================================== 1. Summary: An update is now available for Red Hat Ansible Automation Platform 2.0 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Ansible Automation Platform 2.0 for RHEL 8 - noarch, x86_64 3. Description: Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language. Security Fix(es): * ansible: ansible-connection module discloses sensitive info in traceback error message (CVE-2021-3620) For more details about the security issue(s), including the impact,a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: This update fixes various bugs and adds enhancements. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1975767 - CVE-2021-3620 Ansible: ansible-connection module discloses sensitive info in traceback error message 6. Package List: Red Hat Ansible Automation Platform 2.0 for RHEL 8: Source: ansible-2.9.27-1.el8ap.src.rpm ansible-core-2.11.6-1.el8ap.src.rpm noarch: ansible-2.9.27-1.el8ap.noarch.rpm x86_64: ansible-core-2.11.6-1.el8ap.x86_64.rpm ansible-test-2.11.6-1.el8ap.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3620 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYWiQ89zjgjWX9erEAQjSaxAAgmcJ8FF2UYkSqv1eK/LYkOpuvC58dNjW LnDen5G3CnPmlevQg4cX9TcRwB5qn1X/iiTovYtBoOquCFQYEgtpTKip3TZ4U7nK hOjFJOnLYWY6g6/0YkBsNU7WL48LCeyqu7ZvNkYFMowCzf2RjceTg0RjiJx4f7Hy eYEMqH12ITp6kJPRghRPjCW0MjTqsdUEPThxq0v39NDnaFLm/ap7CRtUhVflTTtz QxSNk/9h29BdJPXlBxCaRocc0a/PT4GDunry3EhFlKsdxLhRotxeUUsgH0itjvJf zj6WZN2bPKxTC4SUeX8cZasxa3/yFnw9YEbK4kLvLn5nqde96afJl4gntv5FPzQS D28wSsLsVXFeIEgqtN/7xXYS5r6lAx9orwiGjdTWyV2A741Wkhs2pZZo8onKu/fh yNXvZG1b8ShwImJWg1PZeWJOzxBca0ajQbwOfXftaJs6+1CzJeECa1Lq+yUePiuq SMMwvVdmnia7W8BV8a8Bqzb649n2BNHZlmOrPXtpi3sHFZlJ9BgDLPXnAoTwdXRx frHMVI08B3CbBshlcy8mrnIFEsDlZpHlQ4kxhRIDCi4rbGE2geH0g5m55b+HdC7w pQ2nT3nyOvIid6aXF5V4cTD9+Prn6byfsG4IEhtUQaH3U94ImPxBElbZVo3dSS3G BuXs+y5CxAg=w9hO -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Oct 14, 2021 •Important Red Hat 89
security advisoryFedoramemory corruptionFedora: 2016-294e0ed595 moderate: python-pillow integer overflow Threat
This update backports an overflow fix. ---- Backport fix for three memory disclosure/corruption bugs from insufficient parameter validation leading to integer overflow.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-294e0ed595 2016-10-09 18:48:59.139270 -------------------------------------------------------------------------------- Name : python-pillow Product : Fedora 24 Version : 3.2.0 Release : 3.fc24 URL : Summary : Python image processing library Description : Python image processing library, fork of the Python Imaging Library (PIL) This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk (tk interface), qt (PIL image wrapper for Qt), devel (development) and doc (documentation). -------------------------------------------------------------------------------- Update Information: This update backports an overflow fix. ---- Backport fix for three memory disclosure/corruption bugs from insufficient parameter validation leading to integer overflow. -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update python-pillow' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Oct 09, 2016 Fedora 
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!