Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
100
security advisoryimportantsnakeyamlSUSE: 2024:2568-1 Important: Fixes for Zip Slip Threat in TestNG
* bsc#1205628 Cross-References: * CVE-2022-4065 . # Security update for mockito, snakeyaml, testng Announcement ID: SUSE-SU-2024:2568-1 Rating: important References: * bsc#1205628 Cross-References: * CVE-2022-4065 CVSS scores: * CVE-2022-4065 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-4065 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-4065 ( NVD ): 5.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L Affected Products: * Development Tools Module 15-SP5 * Development Tools Module 15-SP6 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 Module 4.3 * SUSE Package Hub 15 15-SP6 An update that solves one vulnerability can now be installed. ## Description: This update for mockito, snakeyaml, testng fixes the following issues: mockito was updated to version 5.11.0: * Added bundle manifest to the mockito-core artifact * Mockito 5 is making core changes to ensure compatibility with future JDK versions. * Switch the Default MockMaker to mockito-inline (not applicable to mockito- android) * Mockito 2.7.6 introduced the mockito-inline mockmaker based on the "inline bytecode" principle, offering compatibility advantages over the subclass mockmaker * This change avoids JDK restrictions, such as violating module boundaries and leaking subclass creation * Legitimate use cases for the subclass mockmaker: * Scenarios where the inline mockmaker does not function, such as on Graal VM's native image * If avoiding mocking final classes, the subclass mockmaker remains a viable option, although issues may arise on JDK 17+ * Mockito aims to support both mockmakers, allowing users to choose based on their requirements. * Update the Minimum Supported Java Version to 11 * Mockito 5 raised the minimum supported Java version to 11 * Community member @reta contributed to this change. * Users still on JDK 8 can continue using Mockito 4, with minimal API differences between versions * New type() Method on ArgumentMatcher * The ArgumentMatcher interface now includes a new type() method to support varargs methods, addressing previous limitations * Users can now differentiate between matching calls with any exact number of arguments or match any number of arguments * Mockito 5 provides a default implementation of the new method, ensuring backward compatibility. * No obligation for users to implement the new method; Mockito 5 considers Void.type by default for varargs handling * ArgumentCaptor is now fullytype-aware, enabling capturing specific subclasses on a generic method. * byte-buddy does not bundle asm, but uses objectweb-asm as external library snake-yaml was updated to version 2.2: * Changes of version 2.2: * Define default scalar style as PLAIN (for polyglot Maven) * Add missing 'exports org.yaml.snakeyaml.inspector' to module-info.java * Changes of version 2.1: * Heavy Allocation in Emitter.analyzeScalar(String) due to Regex Overhead * Use identity in toString() for sequences to avoid OutOfMemoryError * NumberFormatException from SnakeYAML due to int overflow for corrupt YAML version * Document size limit should be applied to single document notthe whole input stream * Detect invalid Unicode code point (thanks to Tatu Saloranta) * Remove Trusted*Inspector classes from main sources tree * Changes of version 2.0: * Rollback to Java 7 target * Add module-info.java * Migrate to Java 8 * Remove many deprecated constructors * Remove long deprecated methods in FlowStyle * Do not allow global tags by default * Yaml.LoadAs() signature to support Class
Jul 22, 2024
•Important
SuSE
202
security advisorymoderateupdateopenSUSE 15-SP1: openSUSE-SU-2020:0440-1 Moderate: python-nltk Zip Slip
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for python-nltk ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:0440-1 Rating: moderate References: #1146427 Cross-References: CVE-2019-14751 Affected Products: openSUSE Backports SLE-15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-nltk fixes the following issues: Update to 3.4.5 (boo#1146427, CVE-2019-14751): * CVE-2019-14751: Fixed Zip slip vulnerability in downloader for the unlikely situation where a user configures their downloader to use a compromised server (boo#1146427) Update to 3.4.4: * fix bug in plot function (probability.py) * add improved PanLex Swadesh corpus reader * add Text.generate() * add QuadgramAssocMeasures * add SSP to tokenizers * return confidence of best tag from AveragedPerceptron * make plot methods return Axes objects * don't require list arguments to PositiveNaiveBayesClassifier.train * fix Tree classes to work with native Python copy library * fix inconsistency for NomBank * fix random seeding in LanguageModel.generate * fix ConditionalFreqDist mutation on tabulate/plot call * fix broken links in documentation * fix misc Wordnet issues * update installation instructions Version update to 3.4.1: * add chomsky_normal_form for CFGs * add meteor score * add minimum edit/Levenshtein distance based alignment function * allow access to collocation list via text.collocation_list() * support corenlp server options * drop support for Python 3.4 * other minor fixes Update to v3.4: * Support Python 3.7 * New Language Modeling package * Cistem Stemmer for German * Support Russian National Corpus incl POS tag model * KrippendorfAlpha inter-rater reliability test * Comprehensive code clean-ups * Switch continuous integration from Jenkins to Travis Updated to v3.3: * Support Python 3.6 * New interface to CoreNLP * Support synset retrieval by sense key * Minor fixes to CoNLL Corpus Reader * AlignedSent * Fixed minor inconsistencies in APIs and API documentation * Better conformance to PEP8 * Drop Moses Tokenizer (incompatible license) This update was imported from the openSUSE:Leap:15.1:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP1: zypper in -t patch openSUSE-2020-440=1 Package List: - openSUSE Backports SLE-15-SP1 (noarch): python2-nltk-3.4.5-bp151.4.3.1 python3-nltk-3.4.5-bp151.4.3.1 References: https://www.suse.com/security/cve/CVE-2019-14751.html https://bugzilla.suse.com/1146427 -- . Addresses a vulnerability involving zip slip in python-nltk for openSUSE classified as moderate in the recent security patch.. openSUSE Security, Python NLTK, Zip Slip, Software Update. . LinuxSecurity.com Team
Apr 01, 2020
OpenSUSE
202
security advisorymoderatesoftware updateopenSUSE: 2020:0436-1 Moderate: Python-NLTK Zip Slip Fix
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for python-nltk ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:0436-1 Rating: moderate References: #1146427 Cross-References: CVE-2019-14751 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-nltk fixes the following issues: Update to 3.4.5 (boo#1146427, CVE-2019-14751): * CVE-2019-14751: Fixed Zip slip vulnerability in downloader for the unlikely situation where a user configures their downloader to use a compromised server (boo#1146427) Update to 3.4.4: * fix bug in plot function (probability.py) * add improved PanLex Swadesh corpus reader * add Text.generate() * add QuadgramAssocMeasures * add SSP to tokenizers * return confidence of best tag from AveragedPerceptron * make plot methods return Axes objects * don't require list arguments to PositiveNaiveBayesClassifier.train * fix Tree classes to work with native Python copy library * fix inconsistency for NomBank * fix random seeding in LanguageModel.generate * fix ConditionalFreqDist mutation on tabulate/plot call * fix broken links in documentation * fix misc Wordnet issues * update installation instructions Version update to 3.4.1: * add chomsky_normal_form for CFGs * add meteor score * add minimum edit/Levenshtein distance based alignment function * allow access to collocation list via text.collocation_list() * support corenlp server options * drop support for Python 3.4 * other minor fixes Update to v3.4: * Support Python 3.7 * New Language Modeling package * Cistem Stemmer for German * Support Russian National Corpus incl POS tag model * Krippendorf Alphainter-rater reliability test * Comprehensive code clean-ups * Switch continuous integration from Jenkins to Travis Updated to v3.3: * Support Python 3.6 * New interface to CoreNLP * Support synset retrieval by sense key * Minor fixes to CoNLL Corpus Reader * AlignedSent * Fixed minor inconsistencies in APIs and API documentation * Better conformance to PEP8 * Drop Moses Tokenizer (incompatible license) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-436=1 Package List: - openSUSE Leap 15.1 (noarch): python2-nltk-3.4.5-lp151.4.3.1 python3-nltk-3.4.5-lp151.4.3.1 References: https://www.suse.com/security/cve/CVE-2019-14751.html https://bugzilla.suse.com/1146427 -- . openSUSE releases a critical patch for python-nltk that resolves a zip slip vulnerability and enhances performance. Upgrade today!. Python NLTK, openSUSE Security Update, Zip Slip Fix. . LinuxSecurity.com Team
Mar 31, 2020
OpenSUSE
89
security advisoryupdatecriticalFedora 28: FEDORA-2018-0c586e5178 Critical: Quazip Zip Slip
* 2018-06-13 0.7.6 * Fixed the Zip Slip vulnerability in JlCompress * Renamed crypt.h to minizip_crypt.h to avoid conflicts * 2018-05-20 0.7.5 * Fixed target_link_libraries call in CMakeLists * Worked around a Qt 4.6 bug (QTBUG-15421) screwing up hidden files handling in JlCompress::compressDir() * Removed Q_FOREACH uses to avoid conflicts. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-0c586e5178 2018-08-14 21:06:35.949062 --------------------------------------------------------------------------------Name : quazip Product : Fedora 28 Version : 0.7.6 Release : 1.fc28 URL : https://github.com/stachenov/quazip Summary : Qt/C++ wrapper for the minizip library Description : QuaZIP is a simple C++ wrapper over Gilles Vollant's ZIP/UNZIP package that can be used to access ZIP archives. It uses Trolltech's Qt toolkit. QuaZIP allows you to access files inside ZIP archives using QIODevice API, and - yes! - that means that you can also use QTextStream, QDataStream or whatever you would like to use on your zipped files. QuaZIP provides complete abstraction of the ZIP/UNZIP API, for both reading from and writing to ZIP archives. --------------------------------------------------------------------------------Update Information: * 2018-06-13 0.7.6 * Fixed the Zip Slip vulnerability in JlCompress * Renamed crypt.h to minizip_crypt.h to avoid conflicts * 2018-05-20 0.7.5 * Fixed target_link_libraries call in CMakeLists * Worked around a Qt 4.6 bug (QTBUG-15421) screwing up hidden files handling in JlCompress::compressDir() * Removed Q_FOREACH uses to avoid conflicts (SF patch #32) * 2017-02-05 0.7.4 * Static analysis patch from Intel Deutschland GmbH * Replaced UNUSED with QUAZIP_UNUSED to avoid name clashes * Minor bugfixes --------------------------------------------------------------------------------ChangeLog: * Tue Jul 17 2018 Nicolas Chauvet - 0.7.6-1 - Update to 0.7.6 * Sat Jul 14 2018 Fedora Release Engineering - 0.7.3-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1593012 - CVE-2018-1002209 quazip: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1593012 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-0c586e5178' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Aug 14, 2018
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!