Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 19 articles for you...
202

openSUSE Cacti Moderate User Enumeration Flaw CVE-2024-27355

An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for cacti ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0189-1 Rating: moderate References: Cross-References: CVE-2024-27355 Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cacti fixes the following issues: - Update to version 1.2.30+git457.e55c2aea: * docs(changelog): add security fix refs for 1.2.31 (#7170) * fix: Upgrade DOMPurify again for additional hardening (#7168) * security: Ensure that reports does not work as guest (#7167) * Update translation files * security: GHSA-m7v2-f3xw-3qh7 - User Enumeration via Error Messages (#7166) * chore: Move around developers, rest in peace my friend (#7165) * Import undefined variable (#7164) * fix: guard api_plugin_moveup/movedown against NULL prior/next id (1.2.x backport) (#7158) * fix(correctness): loop-state leaks, chunk-aware poller CRC, header-suppression and tree false-guards (1.2.x) (#7151) * fix: Remove composer.lock (#7156) * test: source-pattern coverage backfill for PR 7148, 7149, 7150 (#7153) * fix: CVE-2024-27355 in phpseclib (#7155) * chore: Update ChangeLogs (#7152) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2026-189=1 Package List: - openSUSE Backports SLE-15-SP7 (noarch): cacti-1.2.30+git457.e55c2aea-bp157.2.12.1 References: https://www.suse.com/security/cve/CVE-2024-27355.html . Update for openSUSECacti resolves moderate security issue from CVE-2024-27355 and enhances software stability.. openSUSE security, Cacti update, CVE-2024-27355, software vulnerability, moderate severity. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jun 05, 2026 moderate OpenSUSE
202

openSUSE Cacti Moderate User Enumeration Issue Vuln 2026-0189-1

An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for cacti ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0189-1 Rating: moderate References: Cross-References: CVE-2024-27355 Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cacti fixes the following issues: - Update to version 1.2.30+git457.e55c2aea: * docs(changelog): add security fix refs for 1.2.31 (#7170) * fix: Upgrade DOMPurify again for additional hardening (#7168) * security: Ensure that reports does not work as guest (#7167) * Update translation files * security: GHSA-m7v2-f3xw-3qh7 - User Enumeration via Error Messages (#7166) * chore: Move around developers, rest in peace my friend (#7165) * Import undefined variable (#7164) * fix: guard api_plugin_moveup/movedown against NULL prior/next id (1.2.x backport) (#7158) * fix(correctness): loop-state leaks, chunk-aware poller CRC, header-suppression and tree false-guards (1.2.x) (#7151) * fix: Remove composer.lock (#7156) * test: source-pattern coverage backfill for PR 7148, 7149, 7150 (#7153) * fix: CVE-2024-27355 in phpseclib (#7155) * chore: Update ChangeLogs (#7152) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2026-189=1 Package List: - openSUSE Backports SLE-15-SP7 (noarch): cacti-1.2.30+git457.e55c2aea-bp157.2.12.1 References: https://www.suse.com/security/cve/CVE-2024-27355.html . A security update foropenSUSE provides a fix for a moderate risk issue in Cacti, addressing user enumeration vulnerabilities.. openSUSE security patch, Cacti security fix, PHPseclib update. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jun 05, 2026 moderate OpenSUSE
203

Mageia 9: MGASA-2025-0039 critical: python-django DoS threats

An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets. (CVE-2024-38875) An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before . MGASA-2025-0039 - Updated python-django packages fix security vulnerabilities Publication date: 05 Feb 2025 URL: https://advisories.mageia.org/MGASA-2025-0039.html Type: security Affected Mageia releases: 9 CVE: CVE-2024-56374, CVE-2024-38875, CVE-2024-39329, CVE-2024-39330, CVE-2024-39614, CVE-2024-41989, CVE-2024-41990, CVE-2024-41991, CVE-2024-42005, CVE-2024-45230, CVE-2024-45231, CVE-2024-53907, CVE-2024-53908 An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets. (CVE-2024-38875) An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password. (CVE-2024-39329) An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (CVE-2024-39330) An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters. (CVE-2024-39614) An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a stringrepresentation of a number in scientific notation with a large exponent. (CVE-2024-41989) An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. (CVE-2024-41990) An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. (CVE-2024-41991) An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg. (CVE-2024-42005) An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. (CVE-2024-45230) An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing). (CVE-2024-45231) An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities. (CVE-2024-53907) An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection ifuntrusted data is used as an lhs value. (CVE-2024-53908) An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (CVE-2024-56374) References: - https://bugs.mageia.org/show_bug.cgi?id=33919 - https://bugs.mageia.org/show_bug.cgi?id=33387 - https://bugs.mageia.org/show_bug.cgi?id=33507 - https://www.openwall.com/lists/oss-security/2024/07/09/3 - https://www.djangoproject.com/weblog/2024/jul/09/security-releases/ - https://openwall.com/lists/oss-security/2024/08/06/2 - https://www.openwall.com/lists/oss-security/2024/09/03/3 - https://openwall.com/lists/oss-security/2024/12/04/3 - https://www.openwall.com/lists/oss-security/2025/01/14/2 - https://ubuntu.com/security/notices/USN-7205-1 - https://www.cve.org/CVERecord?id=CVE-2024-56374 - https://www.cve.org/CVERecord?id=CVE-2024-38875 - https://www.cve.org/CVERecord?id=CVE-2024-39329 - https://www.cve.org/CVERecord?id=CVE-2024-39330 - https://www.cve.org/CVERecord?id=CVE-2024-39614 - https://www.cve.org/CVERecord?id=CVE-2024-41989 - https://www.cve.org/CVERecord?id=CVE-2024-41990 - https://www.cve.org/CVERecord?id=CVE-2024-41991 - https://www.cve.org/CVERecord?id=CVE-2024-42005 - https://www.cve.org/CVERecord?id=CVE-2024-45230 - https://www.cve.org/CVERecord?id=CVE-2024-45231 - https://www.cve.org/CVERecord?id=CVE-2024-53907 - https://www.cve.org/CVERecord?id=CVE-2024-53908 SRPMS: - 9/core/python-django-4.1.13-1.2.mga9 . Revised python-django libraries address several urgent vulnerabilities, notably risks of Denial of Service and unauthorized user enumeration.. Django Security, Mageia, Python Updates, Denial Of Service. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Feb 05, 2025 Critical Mageia
100

SUSE: 2024:3161-1 Important: Python-Django Security Update

* bsc#1229823 * bsc#1229824 Cross-References: * CVE-2024-45230 . # Security update for python-Django Announcement ID: SUSE-SU-2024:3161-1 Rating: important References: * bsc#1229823 * bsc#1229824 Cross-References: * CVE-2024-45230 * CVE-2024-45231 CVSS scores: * CVE-2024-45230 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45231 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for python-Django fixes the following issues: * CVE-2024-45230: Fixed potential denial-of-service vulnerability in django.utils.html.urlize(). (bsc#1229823) * CVE-2024-45231: Fixed potential user email enumeration via response status on password reset. (bsc#1229824) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-3161=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-3161=1 openSUSE-SLE-15.6-2024-3161=1 ## Package List: * SUSE Package Hub 15 15-SP6 (noarch) * python311-Django-4.2.11-150600.3.9.1 * openSUSE Leap 15.6 (noarch) * python311-Django-4.2.11-150600.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2024-45230.html * https://www.suse.com/security/cve/CVE-2024-45231.html * https://bugzilla.suse.com/show_bug.cgi?id=1229823 * https://bugzilla.suse.com/show_bug.cgi?id=1229824 . Notices regarding Django release tackle denial-of-service vulnerabilities alongside user enumeration concerns.Significant updates specific to SUSE environments.. python-Django Security Advisory, SUSE Linux Updates, Denial-of-Service Vulnerability. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Sep 06, 2024 Important SuSE
202

openSUSE: 2024:0282-1 Important: Python-Django DoS and Enumeration Threats

An update that fixes two vulnerabilities is now available. . openSUSE Security Update: Security update for python-Django ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0282-1 Rating: important References: #1229823 #1229824 Cross-References: CVE-2024-45230 CVE-2024-45231 CVSS scores: CVE-2024-45230 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-45231 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python-Django fixes the following issues: * CVE-2024-45230: Fixed Potential denial-of-service vulnerability in django.utils.html.urlize() (boo#1229823) * CVE-2024-45231: Potential user email enumeration via response status on password reset (boo#1229824) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2024-282=1 Package List: References: https://www.suse.com/security/cve/CVE-2024-45230.html https://www.suse.com/security/cve/CVE-2024-45231.html https://bugzilla.suse.com/1229823 https://bugzilla.suse.com/1229824 . Urgent notice from openSUSE regarding the update of python-Django and potential security vulnerabilities.. python-Django security fix, openSUSE advisory, SLE-15-SP5 update. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Sep 06, 2024 Important OpenSUSE
100

SUSE: 2024:3139-1 Important: python-Django Denial-Of-Service Issues

* bsc#1229823 * bsc#1229824 Cross-References: * CVE-2024-45230 . # Security update for python-Django Announcement ID: SUSE-SU-2024:3139-1 Rating: important References: * bsc#1229823 * bsc#1229824 Cross-References: * CVE-2024-45230 * CVE-2024-45231 CVSS scores: * CVE-2024-45230 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45231 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: * openSUSE Leap 15.5 An update that solves two vulnerabilities can now be installed. ## Description: This update for python-Django fixes the following issues: * CVE-2024-45230: Fixed potential denial-of-service vulnerability in django.utils.html.urlize(). (bsc#1229823) * CVE-2024-45231: Fixed potential user email enumeration via response status on password reset. (bsc#1229824) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3139=1 ## Package List: * openSUSE Leap 15.5 (noarch) * python3-Django-2.0.7-150000.1.33.1 ## References: * https://www.suse.com/security/cve/CVE-2024-45230.html * https://www.suse.com/security/cve/CVE-2024-45231.html * https://bugzilla.suse.com/show_bug.cgi?id=1229823 * https://bugzilla.suse.com/show_bug.cgi?id=1229824 . SUSE-SU-2024:3140-2 resolves critical security vulnerabilities in python-Flask impacting openSUSE Leap 15.5.. python-django, openSUSE Leap, security advisory, software update, denial of service. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Sep 04, 2024 Important SuSE
197

Debian 10 Buster DLA-3390-1 Moderate: Zabbix User Enumeration Security Fix

Several security vulnerabilities have been discovered in zabbix, a network monitoring solution, potentially allowing User Enumeration, Cross-Site-Scripting or Cross-Site Request Forgery. . -------------------------------------------------------------------------Debian LTS Advisory DLA-3390-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Tobias Frost April 12, 2023 https://wiki.debian.org/LTS -------------------------------------------------------------------------Package : zabbix Version : 1:4.0.4+dfsg-1+deb10u1 CVE ID : CVE-2019-15132 CVE-2020-15803 CVE-2021-27927 CVE-2022-24349 CVE-2022-24917 CVE-2022-24919 CVE-2022-35229 CVE-2022-35230 Debian Bug : 935027 966146 1014992 1014994 Several security vulnerabilities have been discovered in zabbix, a network monitoring solution, potentially allowing User Enumeration, Cross-Site-Scripting or Cross-Site Request Forgery. CVE-2019-15132 Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just blocking for a number of seconds). This affects both api_jsonrpc.php and index.php. CVE-2020-15803 Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget. CVE-2021-27927 In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5.2.x before 5.2.6rc1, and 5.4.0alpha1 before 5.4.0beta2, the CControllerAuthenticationUpdate controller lacks a CSRF protection mechanism. The code inside this controller calls diableSIDValidation inside the init() method. An attacker doesn't have to know Zabbix user login credentials, but has to know the correct Zabbix URL and contact information of an existing user withsufficient privileges. CVE-2022-24349 An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attack can be implemented with the help of social engineering and expiration of a number of factors - an attacker should have authorized access to the Zabbix Frontend and allowed network connection between a malicious server and victim’s computer, understand attacked infrastructure, be recognized by the victim as a trustee and use trusted communication channel. CVE-2022-24917 An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks. CVE-2022-24919 An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks. CVE-2022-35229 An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. CVE-2022-35230 Anauthenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. For Debian 10 buster, these problems have been fixed in version 1:4.0.4+dfsg-1+deb10u1. We recommend that you upgrade your zabbix packages. For the detailed security status of zabbix please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/zabbix Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . The latest Zabbix security patch fixes flaws in Debian LTS, improving defenses against user enumeration and cross-site scripting.. Debian LTS Security,Zabbix Update,Network Monitoring Solution,Security Advisory. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Apr 12, 2023 Important Debian LTS
202

openSUSE: 2022:0089-1 Moderate: Nextcloud User Issues Detected

An update that fixes three vulnerabilities is now available. . openSUSE Security Update: Security update for nextcloud ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0089-1 Rating: moderate References: #1196905 #1196908 #1196952 Cross-References: CVE-2021-41239 CVE-2021-41241 CVE-2021-41741 CVSS scores: CVE-2021-41239 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-41239 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-41241 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-41241 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Package Hub for SUSE Linux Enterprise 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for nextcloud fixes the following issues: nextcloud was updated to 21.0.9: - CVE-2021-41239 (CWE-200): user enumeration setting not obeyed in User Status API (boo#1196905) - CVE-2021-41241 (CWE-863): groupfolders advanced permissions is not obeyed for subfolders (boo#1196908) - CVE-2021-41741 (CWE-400): High memory usage for generating preview of broken image(boo#1196952) - For more changes see https://nextcloud.com/changelog/#21-0-9 Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Package Hub for SUSE Linux Enterprise 12: zypper in -t patch openSUSE-2022-89=1 Package List: - SUSE Package Hub for SUSE Linux Enterprise 12 (noarch): nextcloud-21.0.9-37.1 nextcloud-apache-21.0.9-37.1 References: https://www.suse.com/security/cve/CVE-2021-41239.html https://www.suse.com/security/cve/CVE-2021-41241.html https://www.suse.com/security/cve/CVE-2021-41741.html https://bugzilla.suse.com/1196905 https://bugzilla.suse.com/1196908 https://bugzilla.suse.com/1196952 . New release addresses several vulnerabilities in Nextcloud, improving security measures and elevating overall platform efficiency.. Nextcloud Security Update, openSUSE Vulnerability Fix, Update Instructions. . LinuxSecurity.com Team

Calendar%202 Mar 23, 2022 OpenSUSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200