Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 28 articles for you...
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorydenial of servicedebian

Debian 11 LTS: DLA-4001-1 moderate: libxstream-java Denial of Service

XStream is a simple java library to serialize objects to XML and back again. Two vulnerabilities were fixed: CVE-2021-43859: . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4001-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Bastien Roucariès December 21, 2024 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : libxstream-java Version : 1.4.15-3+deb11u3 CVE ID : CVE-2021-43859 CVE-2024-47072 Debian Bug : 1087274 XStream is a simple java library to serialize objects to XML and back again. Two vulnerabilities were fixed: CVE-2021-43859: XStream can cause a Denial of Service (DoS) by injecting highly recursive collections or maps CVE-2024-47072 XStream was vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream For Debian 11 bullseye, this problem has been fixed in version 1.4.15-3+deb11u3. We recommend that you upgrade your libxstream-java packages. For the detailed security status of libxstream-java please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/libxstream-java Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Ubuntu Security Notice USN-5001-1 addresses vulnerabilities in libxstream-java. Users are urged to upgrade for improved protection.. libxstream-java, security advisory, DoS attack, debian updates, java serialization. . LinuxSecurity.com Team

Calendar 2 Dec 21, 2024 Debian LTS
100
Ls Advisories Suse Esm H240
Price Tag 1security advisoryimportantdoS

SUSE: 2024:4037-1 important: CVE-2024-47072 DoS risk fix

* bsc#1233085 Cross-References: * CVE-2024-47072 . # Security update for bea-stax, xstream Announcement ID: SUSE-SU-2024:4037-1 Release Date: 2024-11-19T08:49:45Z Rating: important References: * bsc#1233085 Cross-References: * CVE-2024-47072 CVSS scores: * CVE-2024-47072 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-47072 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-47072 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * Basesystem Module 15-SP6 * Development Tools Module 15-SP5 * Development Tools Module 15-SP6 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 *SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 Module 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for bea-stax, xstream fixes the following issues: * CVE-2024-47072: Fixed possible remote denial-of-service via a stack overflow (bsc#1233085). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-4037=1 * SUSE Manager Server 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2024-4037=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-4037=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-4037=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-4037=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-4037=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-4037=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-4037=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-4037=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4037=1 * SUSE Linux Enterprise Server for SAP Applications15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-4037=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-4037=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-4037=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-4037=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2024-4037=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-4037=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-4037=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-4037=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-4037=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-4037=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-4037=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-4037=1 ## Package List: * Development Tools Module 15-SP6 (noarch) * xstream-1.4.21-150200.3.28.1 * SUSE Manager Server 4.3 Module 4.3 (noarch) * xstream-1.4.21-150200.3.28.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * xstream-1.4.21-150200.3.28.1 * bea-stax-api-1.2.0-150200.11.3.1 * bea-stax-1.2.0-150200.11.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * xstream-1.4.21-150200.3.28.1 * bea-stax-api-1.2.0-150200.11.3.1 * bea-stax-1.2.0-150200.11.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * xstream-1.4.21-150200.3.28.1 * bea-stax-api-1.2.0-150200.11.3.1 * bea-stax-1.2.0-150200.11.3.1 * SUSE Linux Enterprise High Performance Computing LTSS15 SP4 (noarch) * xstream-1.4.21-150200.3.28.1 * bea-stax-api-1.2.0-150200.11.3.1 * bea-stax-1.2.0-150200.11.3.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch) * xstream-1.4.21-150200.3.28.1 * bea-stax-api-1.2.0-150200.11.3.1 * bea-stax-1.2.0-150200.11.3.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * xstream-1.4.21-150200.3.28.1 * bea-stax-api-1.2.0-150200.11.3.1 * bea-stax-1.2.0-150200.11.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * xstream-1.4.21-150200.3.28.1 * bea-stax-api-1.2.0-150200.11.3.1 * bea-stax-1.2.0-150200.11.3.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch) * xstream-1.4.21-150200.3.28.1 * bea-stax-api-1.2.0-150200.11.3.1 * bea-stax-1.2.0-150200.11.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * xstream-1.4.21-150200.3.28.1 * bea-stax-api-1.2.0-150200.11.3.1 * bea-stax-1.2.0-150200.11.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * xstream-1.4.21-150200.3.28.1 * bea-stax-api-1.2.0-150200.11.3.1 * bea-stax-1.2.0-150200.11.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * xstream-1.4.21-150200.3.28.1 * bea-stax-api-1.2.0-150200.11.3.1 * bea-stax-1.2.0-150200.11.3.1 * SUSE Manager Proxy 4.3 (noarch) * bea-stax-api-1.2.0-150200.11.3.1 * bea-stax-1.2.0-150200.11.3.1 * SUSE Manager Retail Branch Server 4.3 (noarch) * bea-stax-api-1.2.0-150200.11.3.1 * bea-stax-1.2.0-150200.11.3.1 * SUSE Manager Server 4.3 (noarch) * bea-stax-api-1.2.0-150200.11.3.1 * bea-stax-1.2.0-150200.11.3.1 * SUSE Enterprise Storage 7.1 (noarch) * xstream-1.4.21-150200.3.28.1 * bea-stax-api-1.2.0-150200.11.3.1 * bea-stax-1.2.0-150200.11.3.1 * openSUSE Leap 15.5 (noarch) * bea-stax-1.2.0-150200.11.3.1 * xstream-javadoc-1.4.21-150200.3.28.1 * bea-stax-api-1.2.0-150200.11.3.1 * xstream-benchmark-1.4.21-150200.3.28.1 *xstream-parent-1.4.21-150200.3.28.1 * xstream-1.4.21-150200.3.28.1 * openSUSE Leap 15.6 (noarch) * bea-stax-1.2.0-150200.11.3.1 * xstream-javadoc-1.4.21-150200.3.28.1 * bea-stax-api-1.2.0-150200.11.3.1 * xstream-benchmark-1.4.21-150200.3.28.1 * xstream-parent-1.4.21-150200.3.28.1 * xstream-1.4.21-150200.3.28.1 * Basesystem Module 15-SP5 (noarch) * bea-stax-api-1.2.0-150200.11.3.1 * bea-stax-1.2.0-150200.11.3.1 * Basesystem Module 15-SP6 (noarch) * bea-stax-api-1.2.0-150200.11.3.1 * bea-stax-1.2.0-150200.11.3.1 * Development Tools Module 15-SP5 (noarch) * xstream-1.4.21-150200.3.28.1 ## References: * https://www.suse.com/security/cve/CVE-2024-47072.html * https://bugzilla.suse.com/show_bug.cgi?id=1233085 . Urgent updates for bea-stax and xstream tackle remote DoS vulnerabilities in SUSE platforms.. bea-stax update, xstream vulnerability, SUSE patches, remote denial-of-service. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Nov 19, 2024 Important SuSE
Banner 2 1028x280 1708121730 1 1771599631
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryhigh severityFedora

Fedora 40 xstream 2024-129d8ca6fc High: Type Confusion Fixes

Change for system JDK from 17 to 21. upstream security release 122.0.6261.94 High CVE-2024-1938: Type Confusion in V8 High CVE-2024-1939: Type Confusion in V8 fixed bug with requires. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-129d8ca6fc 2024-03-07 22:24:39.963937 -------------------------------------------------------------------------------- Name : xstream Product : Fedora 40 Version : 1.4.20 Release : 6.fc40 URL : https://x-stream.github.io Summary : Java XML serialization library Description : XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for large object graphs or systems with high message throughput. No information is duplicated that can be obtained via reflection. This results in XML that is easier to read for humans and more compact than native Java serialization. XStream serializes internal fields, including private and final. Supports non-public and inner classes. Classes are not required to have default constructor. Duplicate references encountered in the object-model will be maintained. Supports circular references. By implementing an interface, XStream can serialize directly to/from any tree structure (not just XML). Strategies can be registered allowing customization of how particular types are represented as XML. When an exception occurs due to malformed XML, detailed diagnostics are provided to help isolate and fix the problem. -------------------------------------------------------------------------------- Update Information: Change for system JDK from 17 to 21. upstream security release 122.0.6261.94 High CVE-2024-1938: Type Confusion in V8 High CVE-2024-1939: Type Confusion in V8 fixed bug withrequires Automatic update for lucene-9.9.2-1.fc40. bump java source/target to 1.8, fixes 2266639 -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 2 2024 Jiri Vanek - 1.4.20-6 - Rebuilt for java-21-openjdk as system jdk * Tue Feb 27 2024 Jiri Vanek - 1.4.20-5 - Rebuilt for java-21-openjdk as system jdk -------------------------------------------------------------------------------- References: [ 1 ] Bug #2123726 - consoleImageViewer crashes at start https://bugzilla.redhat.com/show_bug.cgi?id=2123726 [ 2 ] Bug #2261062 - directory-maven-plugin: FTBFS in Fedora rawhide/f40 https://bugzilla.redhat.com/show_bug.cgi?id=2261062 [ 3 ] Bug #2266639 - directory-maven-plugin fails to build with java-21-openjdk https://bugzilla.redhat.com/show_bug.cgi?id=2266639 [ 4 ] Bug #2266934 - CVE-2024-1938 chromium: type confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266934 [ 5 ] Bug #2266937 - CVE-2024-1939 chromium: type confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266937 [ 6 ] Bug #2267486 - Include Java 21 as system Java Change in Fedora 40 Beta https://bugzilla.redhat.com/show_bug.cgi?id=2267486 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-129d8ca6fc' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Fedora 40 xstream enhancement addresses CVE-2024-1938 and CVE-2024-1939, bolstering security alongside compatibility with Java 21.. Fedora Update, xstream Security, Java XML Library, Type Confusion, Security Release. . LinuxSecurity.com Team

Calendar 2 Mar 07, 2024 Fedora
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisorydenial of servicesecurity update

openSUSE 15.3 & 15.4: 2022:0817-1 Moderate: xstream Denial of Service

An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for xstream ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0817-1 Rating: moderate References: #1195458 Cross-References: CVE-2021-43859 CVSS scores: CVE-2021-43859 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-43859 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xstream fixes the following issues: - CVE-2021-43859: Fixed a denial of service when unmarshalling highly recursive collections or maps (bsc#1195458). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-817=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-817=1 Package List: - openSUSE Leap 15.4 (noarch): xstream-1.4.19-3.18.2 xstream-benchmark-1.4.19-3.18.2 xstream-javadoc-1.4.19-3.18.2 xstream-parent-1.4.19-3.18.2 - openSUSE Leap 15.3 (noarch): xstream-1.4.19-3.18.2 xstream-benchmark-1.4.19-3.18.2 xstream-javadoc-1.4.19-3.18.2 xstream-parent-1.4.19-3.18.2 References: https://www.suse.com/security/cve/CVE-2021-43859.html https://bugzilla.suse.com/1195458 . openSUSE Security Patch for xstream resolves a significant stability concern, improving overall system reliability and efficiency.. openSUSE Xstream Update, Security Patch, Denial of Service Fix. . LinuxSecurity.comTeam

Calendar 2 Mar 14, 2022 OpenSUSE
Banner 2 1028x280 1708121730 1 1771599631
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorydenial of servicemoderate severity

SUSE Linux: 2022:0817-1 Moderate: Xstream Denial of Service Fix

An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for xstream ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0817-1 Rating: moderate References: #1195458 Cross-References: CVE-2021-43859 CVSS scores: CVE-2021-43859 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-43859 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xstream fixes the following issues: - CVE-2021-43859: Fixed a denial of service when unmarshalling highly recursive collections or maps (bsc#1195458). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-817=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patchSUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-817=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-817=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-817=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): xstream-1.4.19-3.18.2 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): xstream-1.4.19-3.18.2 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): xstream-1.4.19-3.18.2 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): xstream-1.4.19-3.18.2 References: https://www.suse.com/security/cve/CVE-2021-43859.html https://bugzilla.suse.com/1195458 . Important advisory for xstream resolves denial of service vulnerability on SUSE platforms. Ensure your server remains protected!. SUSE Security Update,xstream patch,denial of service fix,SUSE Linux. . LinuxSecurity.com Team

Calendar 2 Mar 14, 2022 SuSE
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorysecurity issueFedora

Fedora 35: xstream 1.4.19 Moderate: DoS Due to Recursive Collections

* New upstream release 1.4.19 * Security: Fix for CVE-2021-43859. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-983a78275c 2022-02-12 01:17:49.880759 --------------------------------------------------------------------------------Name : xstream Product : Fedora 35 Version : 1.4.19 Release : 1.fc35 URL : https://x-stream.github.io Summary : Java XML serialization library Description : XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for large object graphs or systems with high message throughput. No information is duplicated that can be obtained via reflection. This results in XML that is easier to read for humans and more compact than native Java serialization. XStream serializes internal fields, including private and final. Supports non-public and inner classes. Classes are not required to have default constructor. Duplicate references encountered in the object-model will be maintained. Supports circular references. By implementing an interface, XStream can serialize directly to/from any tree structure (not just XML). Strategies can be registered allowing customization of how particular types are represented as XML. When an exception occurs due to malformed XML, detailed diagnostics are provided to help isolate and fix the problem. --------------------------------------------------------------------------------Update Information: * New upstream release 1.4.19 * Security: Fix for CVE-2021-43859 --------------------------------------------------------------------------------ChangeLog: * Sat Jan 29 2022 Didik Supriadi - 1.4.19-1 - New upstream release 1.4.19 * Sat Jan 22 2022 Fedora Release Engineering - 1.4.18-3 - Rebuilt forhttps://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #2048135 - xstream-1.4.19 is available https://bugzilla.redhat.com/show_bug.cgi?id=2048135 [ 2 ] Bug #2049784 - CVE-2021-43859 xstream: Injecting highly recursive collections or maps can cause a DoS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2049784 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-983a78275c' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . The latest Fedora 35 update for xstream tackles the security vulnerability CVE-2021-43859 that impacts XML serialization protocols.. xstream Release, Software Security, Security Update, Fedora 35, Release Notification. . LinuxSecurity.com Team

Calendar 2 Feb 11, 2022 Fedora
Banner 2 1028x280 1708121730 1 1771599631
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorycriticalFedora

Fedora 34: FEDORA-2022-ad5cf1c0dd Critical Update for xstream DoS

* New upstream release 1.4.19 * Security: Fix for CVE-2021-43859. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-ad5cf1c0dd 2022-02-12 01:14:11.929311 --------------------------------------------------------------------------------Name : xstream Product : Fedora 34 Version : 1.4.19 Release : 1.fc34 URL : https://x-stream.github.io Summary : Java XML serialization library Description : XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for large object graphs or systems with high message throughput. No information is duplicated that can be obtained via reflection. This results in XML that is easier to read for humans and more compact than native Java serialization. XStream serializes internal fields, including private and final. Supports non-public and inner classes. Classes are not required to have default constructor. Duplicate references encountered in the object-model will be maintained. Supports circular references. By implementing an interface, XStream can serialize directly to/from any tree structure (not just XML). Strategies can be registered allowing customization of how particular types are represented as XML. When an exception occurs due to malformed XML, detailed diagnostics are provided to help isolate and fix the problem. --------------------------------------------------------------------------------Update Information: * New upstream release 1.4.19 * Security: Fix for CVE-2021-43859 --------------------------------------------------------------------------------ChangeLog: * Sat Jan 29 2022 Didik Supriadi - 1.4.19-1 - New upstream release 1.4.19 * Sat Jan 22 2022 Fedora Release Engineering - 1.4.18-3 - Rebuilt forhttps://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #2048135 - xstream-1.4.19 is available https://bugzilla.redhat.com/show_bug.cgi?id=2048135 [ 2 ] Bug #2049784 - CVE-2021-43859 xstream: Injecting highly recursive collections or maps can cause a DoS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2049784 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-ad5cf1c0dd' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . Update to xstream version 1.4.19 in Fedora resolves a critical denial of service vulnerability identified in CVE-2021-43859, enhancing system security.. xstream Security Fix,Fedora Update 2022,DoS Issue,Java XML Library,Critical Update. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Feb 11, 2022 Critical Fedora
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisorydenial of servicesoftware update

openSUSE Leap 15.2: 2021:1401-1 Important xstream Code Threats

An update that fixes 14 vulnerabilities is now available. . openSUSE Security Update: Security update for xstream ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:1401-1 Rating: important References: #1189798 Cross-References: CVE-2021-39139 CVE-2021-39140 CVE-2021-39141 CVE-2021-39144 CVE-2021-39145 CVE-2021-39146 CVE-2021-39147 CVE-2021-39148 CVE-2021-39149 CVE-2021-39150 CVE-2021-39151 CVE-2021-39152 CVE-2021-39153 CVE-2021-39154 CVSS scores: CVE-2021-39139 (NVD) : 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-39139 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-39140 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-39141 (NVD) : 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-39141 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-39144 (NVD) : 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-39144 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-39145 (NVD) : 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-39145 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-39146 (NVD) : 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-39146 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-39147 (NVD) : 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-39147 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-39148 (NVD) : 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-39148 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-39149 (NVD): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-39149 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-39150 (NVD) : 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-39150 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-39151 (NVD) : 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-39151 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-39152 (NVD) : 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-39152 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-39153 (NVD) : 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-39153 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-39154 (NVD) : 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-39154 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes 14 vulnerabilities is now available. Description: This update for xstream fixes the following issues: - Upgrade to 1.4.18 - CVE-2021-39139: Fixed an issue that allowed an attacker to execute arbitrary code execution by manipulating the processed input stream with type information. (bsc#1189798) - CVE-2021-39140: Fixed an issue that allowed an attacker to execute a DoS attack by manipulating the processed input stream. (bsc#1189798) - CVE-2021-39141: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39144: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39145: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) -CVE-2021-39146: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39147: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39148: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39149: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39150: Fixed an issue that allowed an attacker to access protected resources hosted within the intranet or in the host itself. (bsc#1189798) - CVE-2021-39151: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39152: Fixed an issue that allowed an attacker to access protected resources hosted within the intranet or in the host itself. (bsc#1189798) - CVE-2021-39153: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) - CVE-2021-39154: Fixed an issue that allowed an attacker to achieve arbitrary code execution. (bsc#1189798) This update was imported from the SUSE:SLE-15-SP2:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-1401=1 Package List: - openSUSE Leap 15.2 (noarch): xstream-1.4.18-lp152.2.12.1 xstream-benchmark-1.4.18-lp152.2.12.1 xstream-javadoc-1.4.18-lp152.2.12.1 xstream-parent-1.4.18-lp152.2.12.1 References: https://www.suse.com/security/cve/CVE-2021-39139.html https://www.suse.com/security/cve/CVE-2021-39140.html https://www.suse.com/security/cve/CVE-2021-39141.html https://www.suse.com/security/cve/CVE-2021-39144.html https://www.suse.com/security/cve/CVE-2021-39145.html https://www.suse.com/security/cve/CVE-2021-39146.html https://www.suse.com/security/cve/CVE-2021-39147.html https://www.suse.com/security/cve/CVE-2021-39148.html https://www.suse.com/security/cve/CVE-2021-39149.html https://www.suse.com/security/cve/CVE-2021-39150.html https://www.suse.com/security/cve/CVE-2021-39151.html https://www.suse.com/security/cve/CVE-2021-39152.html https://www.suse.com/security/cve/CVE-2021-39153.html https://www.suse.com/security/cve/CVE-2021-39154.html https://bugzilla.suse.com/1189798 . This revision addresses 12 critical vulnerabilities in xstream to boost protection protocols on openSUSE.. openSUSE,XStream,Security Update,Software Patch,Code Execution. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Oct 31, 2021 Important OpenSUSE
Banner 2 1028x280 1708121730 1 1771599631
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here