SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xen (SUSE-SU-2025:01703-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:01703-1 advisory. Update to Xen 4.18.5: Security fixes: - CVE-2024-28956: Fixed Intel CPU Indirect Target Selection ITS...

OPENSUSE-SU-2024:13071-1 ctdb-4.18.5+git.313.c8e274c7852-1.1 on GA media

These are all security issues fixed in the ctdb-4.18.5+git.313.c8e274c7852-1.1 package on the GA media of openSUSE Tumbleweed...

Samba Information Disclosure Vulnerability (CVE-2023-3347)

Samba is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:samba:samba";...

Samba 安全漏洞

Samba is the standard Windows interoperability program suite for Linux and Unix. A security vulnerability exists in Samba versions prior to 4.18.5, which originates from an unauthenticated attacker who can exploit a lack of type validation to trigger a process crash in a shared worker process...

SMB2 packet signing not enforced

Description SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. SMB2 packet signing is a mechanism that ensures the integrity and authenticity of data exchanged between a clien...

Samba Spotlight mdssvc RPC Request Infinite

Description When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function slunpackloop did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in ...

MAL-2023-1370 Malicious code in install-crypto (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6226d5b0f89ec8275730cc47b85f33998f62c7a555a51ae59917a445ffb9e1d1 The OpenSSF Package Analysis project identified 'install-crypto' @ 4.18.5 pypi as malicious. It is considered malicious because: - The package...

Malicious code in install-crypto (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6226d5b0f89ec8275730cc47b85f33998f62c7a555a51ae59917a445ffb9e1d1 The OpenSSF Package Analysis project identified 'install-crypto' @ 4.18.5 pypi as malicious. It is considered malicious because: - The package...