Language Selection

English French German Italian Portuguese Spanish

LinuxSecurity.com Advisories

Syndicate content LinuxSecurity - Security Advisories
The central voice for Linux and Open Source security news.
Updated: 3 hours 12 min ago

RedHat: RHSA-2022-0181:05 Moderate: OpenShift Container Platform 4.6.54>

Thursday 27th of January 2022 06:18:32 AM
Red Hat OpenShift Container Platform release 4.6.54 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.6.

RedHat: RHSA-2022-0303:02 Important: httpd24-httpd security update>

Thursday 27th of January 2022 06:18:25 AM
An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

SUSE: 2022:98-1 caasp/v4/velero-plugin-for-microsoft-azure Security Update>

Thursday 27th of January 2022 05:07:20 AM
The container caasp/v4/velero-plugin-for-microsoft-azure was updated. The following patches have been included in this update:

SUSE: 2022:97-1 caasp/v4/velero-plugin-for-gcp Security Update>

Thursday 27th of January 2022 05:06:49 AM
The container caasp/v4/velero-plugin-for-gcp was updated. The following patches have been included in this update:

SUSE: 2022:96-1 caasp/v4/velero-plugin-for-aws Security Update>

Thursday 27th of January 2022 05:06:18 AM
The container caasp/v4/velero-plugin-for-aws was updated. The following patches have been included in this update:

SUSE: 2022:95-1 caasp/v4/velero Security Update>

Thursday 27th of January 2022 05:05:45 AM
The container caasp/v4/velero was updated. The following patches have been included in this update:

SUSE: 2022:94-1 caasp/v4/test-update Security Update>

Thursday 27th of January 2022 05:05:11 AM
The container caasp/v4/test-update was updated. The following patches have been included in this update:

SUSE: 2022:93-1 caasp/v4/skuba-tooling Security Update>

Thursday 27th of January 2022 05:03:39 AM
The container caasp/v4/skuba-tooling was updated. The following patches have been included in this update:

Gentoo: GLSA-202201-01: Polkit: Local privilege escalation>

Thursday 27th of January 2022 12:36:16 AM
A vulnerability in polkit could lead to local root privilege escalation.

Fedora 34: polkit 2022-1acf1bb522>

Wednesday 26th of January 2022 06:42:37 PM
Security fix for CVE-2021-4034

Fedora 34: cryptsetup 2022-61b55b6ebc>

Wednesday 26th of January 2022 06:40:21 PM
Security fix for CVE-2021-4122.

Mageia 2022-0038: virtualbox security update>

Wednesday 26th of January 2022 03:52:12 PM
Updated virtualbox packages fix security vulnerability: Vulnerability in the Oracle VM VirtualBoxp rior to 6.1.32 contains an easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise

CentOS: CESA-2022-0274: Important CentOS 7 polkit >

Wednesday 26th of January 2022 03:42:52 PM
Upstream details at : https://access.redhat.com/errata/RHSA-2022:0274

Debian: DSA-5063-1: uriparser security update>

Wednesday 26th of January 2022 02:52:52 PM
Two vulnerabilities were discovered in uriparser, a library that parses Uniform Resource Identifiers (URIs), which may result in denial of service or potentially in the the execution of arbitrary code.

Fedora 35: polkit 2022-da040e6b94>

Wednesday 26th of January 2022 01:41:50 PM
pkexec: argv overflow results in local privilege esc.

Fedora 35: flatpak-builder 2022-7e328bd66c>

Wednesday 26th of January 2022 01:41:43 PM
This is a regression fix update, reverting non-backwards-compatible behaviour changes in the solution previously chosen for [CVE-2022-21682](https://github.co m/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx)

Fedora 35: flatpak 2022-7e328bd66c>

Wednesday 26th of January 2022 01:41:42 PM
This is a regression fix update, reverting non-backwards-compatible behaviour changes in the solution previously chosen for [CVE-2022-21682](https://github.co m/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx)

RedHat: RHSA-2022-0288:02 Important: httpd:2.4 security update>

Wednesday 26th of January 2022 12:20:01 PM
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

RedHat: RHSA-2022-0289:04 Important: parfait:0.5 security update>

Wednesday 26th of January 2022 12:19:55 PM
An update for the parfait:0.5 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

RedHat: RHSA-2022-0291:04 Important: parfait:0.5 security update>

Wednesday 26th of January 2022 12:19:47 PM
An update for the parfait:0.5 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

More in Tux Machines

Security Leftovers

  • Malware Log Analysis: Don't Let the HTTP Code Fool You - ISPProtect

    An essential component of the analysis and cleanup of websites infected with malware is viewing and evaluating the log files. However, even here there are things to consider that might seem odd at first glance.

  • Security updates for Thursday [LWN.net]

    Security updates have been issued by CentOS (polkit), Debian (uriparser), Fedora (cryptsetup, flatpak, flatpak-builder, and polkit), Gentoo (polkit), Mageia (virtualbox), Red Hat (httpd24-httpd, httpd:2.4, and parfait:0.5), SUSE (clamav, log4j, python-numpy, and strongswan), and Ubuntu (vim).

  • FBI Releases PIN on Iranian Cyber Group Emennet Pasargad

    The Federal Bureau of Investigation (FBI) has released a Private Industry Notification (PIN) that provides a historical overview of Iran-based cyber company Emennet Pasargad’s tactics, techniques, and procedures to enable readers to identify and defend against the group’s malicious cyber activities.

  • [Slackware] Security updates for glibc and chromium

    Two reminders about security related package updates in my repositories.

  • Enterprise Linux Security Episode 16 - Library Poisoning - Invidious

    We've discussed supply-chain attacks in the past, and now it's time to see an actual example that happened recently. However, this particular incident is especially unique as the libraries in question were allegedly poisoned by the actual developer. In this episode, Joao and Jay discuss the recent sabotage regarding two very popular NPM libraries.

SUSE/OpenSUSE: Conference and More

  • IDG study “Cloud Native 2022”: Where do European companies stand in their digital transformation? [Ed: IDG as corporate propaganda platform, hardly even hiding it anymore]

    The modernisation of IT infrastructure is picking up speed, but most companies still see a lot of room for improvement in their digital transformation. This is the conclusion of a recent study conducted by IDG Research Services in collaboration with SUSE. Even if in some cases the extent of implementation differs significantly, the companies surveyed from Germany, France and the UK agree on one point: the time to deploy cloud-native technologies is now.

  • openSUSE Conference Design Contest Begins - openSUSE News

    openSUSE begins an image design contest for the openSUSE Conference 2022 today. The design will be used for the conference poster and t-shirt. Submitted images must meet certain requirements listed below and on the contest wiki page. Designers are encouraged to use open-source graphic editing software like Inkscape, Gimp or Krita. Submitted designs should be licensed under CC-BY-SA 4.0 and allow everyone to use it without attribution. Designs submitted must be original and should not include any third party materials conflicting with CC-BY-SA 4.0.

  • The Evolution of Linux: a success story from Fujitsu and SUSE | SUSE Communities [Ed: Revisionism that omits GNU]

    Technological innovations are often considered to be ideas and solutions that take off immediately. But the evolution of Linux tells a different story: From humble beginnings in the 1990s, Linux has grown slowly and steadily to become a leading operating system in the business world, and now a business-critical operating system to run SAP. During this time, Fujitsu and SUSE have continued to innovate together, helping businesses everywhere to realize the benefits of Linux by running their SAP applications on it. I caught up with Jürgen Ellwanger and Martin Werner at the Global Fujitsu SAP Competence Centre to find out more about how Fujitsu and SUSE supported the evolution of Linux through a partnership of collaboration and innovation.

Today in Techrights

Intel: Intel Alder Support in Linux

  • Alder Lake system features DDR5, six GbE ports, and 20Gbps USB 3.2 Gen2X2

    Neousys unveiled two embedded PCs based on Intel’s 12th Gen S-series with up to 64GB DDR5-4800: The “Nuvo-9000” has up to 6x GbE with optional PoE+, 5x USB 3.2 Gen2 (including a 2×2 port), M.2 with PCIe Gen4, and up to 2x PCIe x16. There is also a smaller, fanless “Nuvo-9531.” Neousys has announced two of the first embedded computers based on Intel’s 7nm 12th Gen Alder Lake processors. Both the PCIe x16 equipped Nuvo-9000 and more compact Nuvo-9531 use the high-end Alder Lake S-series processors.

  • Intel Alder Lake N Support Introduced For Mesa 22.0 - Phoronix

    In addition to this week seeing Raptor Lake S support added for Mesa 22.0, the Alder Lake N additions have also been merged for this quarter's Mesa update. Given the insignificant changes from the driver perspective for the existing Alder Lake (S) support, the Alder Lake N support is namely just adding new PCI IDs and identifying them as Alder Lake family while having "Display13" for the display capabilities.

  • Intel releases patch for Alder Lake's Thread Director Linux support to increase performance and energy efficiency

    With the release of Intel's 12th Gen Core Alder Lake series of CPUs, it was discovered that performance for the new CPUs was more efficient in Microsoft Windows 11 than in the Linux operating system. This is due to Linux not having adequate support for Intel's Thread Director technology that allows for the operating system to access high-performing Golden Cove cores and the energy-efficient Gracemont cores properly. Intel's Thread Director is created from the Enhanced Hardware Feedback Interface or HFI.