Category: LinuxSecurity.com – Hybrid RSS

SUSE: 2022:3826-1 important: hdf5

An update that fixes 11 vulnerabilities is now available. This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: SUSE: 2022:3826-1 important: hdf5

SUSE: 2022:3833-1 moderate: podofo

An update that fixes one vulnerability is now available. This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: SUSE: 2022:3833-1 moderate: podofo

SUSE: 2022:2792-1 bci/golang Security Update

The container bci/golang was updated. The following patches have been included in this update: This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: SUSE: 2022:2792-1 bci/golang Security Update

SUSE: 2022:2794-1 bci/openjdk Security Update

The container bci/openjdk was updated. The following patches have been included in this update: This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: SUSE: 2022:2794-1 bci/openjdk Security Update

SUSE: 2022:2779-1 suse/sles12sp4 Security Update

The container suse/sles12sp4 was updated. The following patches have been included in this update: This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: SUSE: 2022:2779-1 suse/sles12sp4 Security Update

SUSE: 2022:2780-1 suse/sles12sp5 Security Update

The container suse/sles12sp5 was updated. The following patches have been included in this update: This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: SUSE: 2022:2780-1 suse/sles12sp5 Security Update

SUSE: 2022:2785-1 bci/dotnet-aspnet Security Update

The container bci/dotnet-aspnet was updated. The following patches have been included in this update: This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: SUSE: 2022:2785-1 bci/dotnet-aspnet Security Update

Slackware: 2022-304-01: vim Security Update

New vim packages are available for Slackware 15.0 and -current to fix a security issue. This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: Slackware: 2022-304-01: vim Security Update

Slackware: 2022-304-02: php80/php81 Security Update

New php80/php81 packages are available for Slackware 15.0 and -current to fix security issues. This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: Slackware: 2022-304-02: php80/php81 Security Update

Gentoo: GLSA-202210-38: Expat: Denial of Service

A vulnerability has been found in Expat which could result in denial of service. This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: Gentoo: GLSA-202210-38: Expat: Denial of Service

Gentoo: GLSA-202210-39: libxml2: Multiple Vulnerabilities

Multiple vulnerabilities have been found in libxml2, the worst of which could result in arbitrary code execution. This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: Gentoo: GLSA-202210-39: libxml2: Multiple Vulnerabilities

Gentoo: GLSA-202210-40: SQLite: Multiple Vulnerabilities

Multiple vulnerabilities have been found in SQLite, the worst of which could result in arbitrary code execution. This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: Gentoo: GLSA-202210-40: SQLite: Multiple Vulnerabilities

openSUSE: 2022:10183-1 moderate: pyenv

An update that fixes one vulnerability is now available. This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: openSUSE: 2022:10183-1 moderate: pyenv

Ubuntu 5707-1: Libtasn1 vulnerability

Libtasn1 could cause a crash when processing certain inputs. This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: Ubuntu 5707-1: Libtasn1 vulnerability

SUSE: 2022:3819-1 moderate: podman

An update that fixes one vulnerability is now available. This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: SUSE: 2022:3819-1 moderate: podman

SUSE: 2022:3820-1 moderate: podman

An update that fixes one vulnerability is now available. This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: SUSE: 2022:3820-1 moderate: podman

openSUSE: 2022:10182-1 important: opera

An update that fixes 6 vulnerabilities is now available. This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: openSUSE: 2022:10182-1 important: opera

SUSE: 2022:3817-1 critical: libtasn1

An update that fixes one vulnerability is now available. This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: SUSE: 2022:3817-1 critical: libtasn1

openSUSE: 2022:10178-1 important: jhead

An update that fixes one vulnerability is now available. This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: openSUSE: 2022:10178-1 important: jhead

openSUSE: 2022:10181-1 important: opera

An update that fixes 6 vulnerabilities is now available. This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: openSUSE: 2022:10181-1 important: opera

openSUSE: 2022:10179-1 important: jhead

An update that fixes one vulnerability is now available. This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: openSUSE: 2022:10179-1 important: jhead

Debian LTS: DLA-3174-1: pysha3 security update

Nicky Mouha discovered a buffer overflow in ‘sha3’, a Python library for the SHA-3 hashing functions. For Debian 10 buster, this problem has been fixed in version This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original…

Gentoo: GLSA-202210-28: exif: Denial of Service

A vulnerability has been discovered in exif which could result in denial of service. This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: Gentoo: GLSA-202210-28: exif: Denial of Service

Gentoo: GLSA-202210-29: Net-SNMP: Multiple Vulnerabilities

Multiple vulnerabilities have been discovered in Net-SNMP, the worst of which could result in denial of service. This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: Gentoo: GLSA-202210-29: Net-SNMP: Multiple Vulnerabilities

Gentoo: GLSA-202210-31: OpenEXR: Multiple Vulnerabilities

Multiple vulnerabilities have been discovered in OpenEXR, the worst of which could result in arbitrary code execution. This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: Gentoo: GLSA-202210-31: OpenEXR: Multiple Vulnerabilities

Gentoo: GLSA-202210-33: Libtirpc: Denial of Service

A vulnerability has been discovered in Libtirpc which could result in denial of service. This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: Gentoo: GLSA-202210-33: Libtirpc: Denial of Service

Fedora 36: curl 2022-01ffde372c

– url: use IDN decoded names for HSTS checks (CVE-2022-42916) – http_proxy: restore the protocol pointer on error (CVE-2022-42915) – netrc: replace fgets with Curl_get_line (CVE-2022-35260) – fix POST following PUT confusion (CVE-2022-32221) This article has been indexed from LinuxSecurity.com…

openSUSE: 2022:10168-1 important: exim

An update that fixes one vulnerability is now available. This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: openSUSE: 2022:10168-1 important: exim

openSUSE: 2022:10169-1 important: libmad

An update that fixes one vulnerability is now available. This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: openSUSE: 2022:10169-1 important: libmad

Debian: DSA-5267-1: pysha3 security update

Nicky Mouha discovered a buffer overflow in ‘sha3’, a Python library for the SHA-3 hashing functions. For the stable distribution (bullseye), this problem has been fixed in This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original…

Debian LTS: DLA-3172-1: libxml2 security update

It was discovered that libxml2, the GNOME XML library, was vulnerable to integer overflows and memory corruption. CVE-2022-40303 This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: Debian LTS: DLA-3172-1: libxml2 security update

New Open-Source Tool Scans Public AWS S3 Buckets for Secrets

A new open-source ‘S3crets Scanner’ scanner allows researchers and red-teamers to search for ‘secrets’ mistakenly stored in publicly exposed or company’s Amazon AWS S3 storage buckets. This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article:…

Debian: DSA-5266-1: expat security update

A heap use-after-free vulnerability after overeager destruction of a shared DTD in the XML_ExternalEntityParserCreate function in Expat, an XML parsing C library, may result in denial of service or potentially the execution of arbitrary code. This article has been indexed…

Debian LTS: DLA-3170-1: thunderbird security update

Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For Debian 10 buster, these problems have been fixed in version This article has been indexed from LinuxSecurity.com – Hybrid…

Debian: DSA-5264-1: batik security update

It was discovered that Apache Batik, a SVG library for Java, allowed attackers to run arbitrary Java code by processing a malicious SVG file. For the stable distribution (bullseye), these problems have been fixed in This article has been indexed…

Debian: DSA-5265-1: tomcat9 security update

Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2021-43980 This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: Debian: DSA-5265-1: tomcat9 security update

Debian: DSA-5263-1: chromium security update

A security issue was discovered in Chromium, which could result in the execution of arbitrary code. For the stable distribution (bullseye), this problem has been fixed in This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original…

Debian LTS: DLA-3169-1: batik security update

It was discovered that Apache Batik, a SVG library for Java, allowed attackers to run arbitrary Java code by processing a malicious SVG file. For Debian 10 buster, these problems have been fixed in version This article has been indexed…

Debian LTS: DLA-3167-1: ncurses security update

An issue has been found in ncurses, a collection of shared libraries for terminal handling. This issue is about an out-of-bounds read in convert_strings in the This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article:…

Mageia 2022-0400: libreoffice security update

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme ‘vnd.libreoffice.command’ specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal…

Debian LTS: DLA-3164-1: python-django security update

Multiple vulnerabilities were discovered in Django, a popular Python-based web development framework: * CVE-2020-24583: Fix incorrect permissions on intermediate-level This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: Debian LTS: DLA-3164-1: python-django security update

SUSE: 2022:2767-1 bci/rust Security Update

The container bci/rust was updated. The following patches have been included in this update: This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: SUSE: 2022:2767-1 bci/rust Security Update

SUSE: 2022:2768-1 bci/rust Security Update

The container bci/rust was updated. The following patches have been included in this update: This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: SUSE: 2022:2768-1 bci/rust Security Update

SUSE: 2022:2769-1 bci/rust Security Update

The container bci/rust was updated. The following patches have been included in this update: This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: SUSE: 2022:2769-1 bci/rust Security Update

SUSE: 2022:2770-1 bci/rust Security Update

The container bci/rust was updated. The following patches have been included in this update: This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: SUSE: 2022:2770-1 bci/rust Security Update

SUSE: 2022:2771-1 bci/rust Security Update

The container bci/rust was updated. The following patches have been included in this update: This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: SUSE: 2022:2771-1 bci/rust Security Update

SUSE: 2022:2772-1 suse/sle15 Security Update

The container suse/sle15 was updated. The following patches have been included in this update: This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: SUSE: 2022:2772-1 suse/sle15 Security Update

SUSE: 2022:3807-1 important: libconfuse0

An update that fixes one vulnerability is now available. This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: SUSE: 2022:3807-1 important: libconfuse0

SUSE: 2022:2763-1 suse/pcp Security Update

The container suse/pcp was updated. The following patches have been included in this update: This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: SUSE: 2022:2763-1 suse/pcp Security Update

SUSE: 2022:2764-1 bci/python Security Update

The container bci/python was updated. The following patches have been included in this update: This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: SUSE: 2022:2764-1 bci/python Security Update

SUSE: 2022:2765-1 bci/python Security Update

The container bci/python was updated. The following patches have been included in this update: This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: SUSE: 2022:2765-1 bci/python Security Update

SUSE: 2022:2766-1 bci/ruby Security Update

The container bci/ruby was updated. The following patches have been included in this update: This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: SUSE: 2022:2766-1 bci/ruby Security Update

SUSE: 2022:2756-1 bci/golang Security Update

The container bci/golang was updated. The following patches have been included in this update: This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: SUSE: 2022:2756-1 bci/golang Security Update

Fedora 36: git 2022-8b58806840

Upstream update including security & bug fixes as well as feature enhancements. From the upstream [release notes](https://github.com/git/git/raw/v2.38.1/Documen tation/RelNotes/2.30.6.txt): CVE-2022-39253 ————– When relying on the `–local` clone optimization, Git dereferences symbolic links in the source repository before creating hardlinks (or copies)…

Fedora 36: dotnet6.0 2022-d80b1d2827

This is the monthly .NET 6 update for September 2022. It updates the .NET SDK to 6.0.109 and Runtime to 6.0.9. This includes a fix for CVE-2022-38013 This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original…

SUSE: 2022:2757-1 bci/bci-init Security Update

The container bci/bci-init was updated. The following patches have been included in this update: This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: SUSE: 2022:2757-1 bci/bci-init Security Update

SUSE: 2022:2738-1 suse/sle15 Security Update

The container suse/sle15 was updated. The following patches have been included in this update: This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: SUSE: 2022:2738-1 suse/sle15 Security Update

SUSE: 2022:2739-1 suse/sle15 Security Update

The container suse/sle15 was updated. The following patches have been included in this update: This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: SUSE: 2022:2739-1 suse/sle15 Security Update

Mageia 2022-0396: git security update

CVE-2022-39253: A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim’s machine. CVE-2022-39260: Allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes.…

Mageia 2022-0397: thunderbird security update

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. (CVE-2022-40674) References: – https://bugs.mageia.org/show_bug.cgi?id=30986 This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: Mageia 2022-0397: thunderbird security update

Mageia 2022-0398: nginx security update

Two security issues were identified in the ngx_http_mp4_module, which might allow an attacker to cause a worker process crash or worker process memory disclosure by using a specially crafted mp4 file, or might have potential other impact. (CVE-2022-41741, CVE-2022-41742) This…

Mageia 2022-0399: firefox security update

expat: a use-after-free in the doContent function in xmlparse.c (CVE-2022-40674) Fixes webrtc. References: This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: Mageia 2022-0399: firefox security update

Debian LTS: DLA-3166-1: ruby-sinatra security update

A file traversal vulnerability was discovered in src:ruby-sinatra, a popular web server often used with Ruby on Rails. We now validate that any expanded paths match the allowed `public_dir` when serving static files. This article has been indexed from LinuxSecurity.com…

Debian LTS: DLA-3165-1: expat security update

In src:expat, an XML parsing C library, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: Debian…

SUSE: 2022:3806-1 important: dbus-1

An update that solves three vulnerabilities and has one errata is now available. This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: SUSE: 2022:3806-1 important: dbus-1

SUSE: 2022:3801-1 important: openjpeg2

An update that fixes 5 vulnerabilities is now available. This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: SUSE: 2022:3801-1 important: openjpeg2

SUSE: 2022:3802-1 important: openjpeg2

An update that fixes 8 vulnerabilities is now available. This article has been indexed from LinuxSecurity.com – Hybrid RSS Read the original article: SUSE: 2022:3802-1 important: openjpeg2