SUSE-SU-2024:1652-1 Security update for postgresql16

This update for postgresql16 fixes the following issues: PostgreSQL upgrade to version 16.3 bsc1224051: - CVE-2024-4317: Fixed visibility restriction of pgstatsext and pgstatsextexprs entries to the table owner bsc1224038. Bug fixes: - Fix incompatibility with LLVM 18. - Prepare for PostgreSQL 17...

SUSE-SU-2024:1651-1 Security update for postgresql16

This update for postgresql16 fixes the following issues: PostgreSQL upgrade to version 16.3 bsc1224051: - CVE-2024-4317: Fixed visibility restriction of pgstatsext and pgstatsextexprs entries to the table owner bsc1224038. Bug fixes: - Fix incompatibility with LLVM 18. - Prepare for PostgreSQL 17...

Minor update (5) for Vivaldi Desktop Browser 6.7

Download Vivaldi The following improvements were made since the fourth 6.7 minor update: Chromium Upgraded 124.0.6367.219 CVE-2024-4761: NB. Chromium updates may include security enhancements or fixes, crash fixes, or website compatibility updates. Web Compatibility Auth does not work when link i...

Compatibility license - avoid mixed editions when renewing Universal HMC or Citrix for Private Cloud

What is the mixed edition problem? Mixed edition means combining Premium with Standard or Advanced editions, or Advanced with Standard editions on the same site. This also applies to mixing license types User/Device U/D and Concurrent CCU; for example Premium U/D with Premium CCU or Advanced U/D...

SUSE: Security Advisory (SUSE-SU-2024:1462-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2024:1525-1 Security update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - CVE-2024-22231: Prevent directory traversal when creating syndic cache directory on the master bsc1219430 - CVE-2024-22232: Prevent directory traversal attacks in the master's servefile method bsc1219431 - Convert oscap output to UTF-8 -...

SUSE-SU-2024:1518-1 Security update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Security issues fixed: CVE-2024-22231: Prevent directory traversal when creating syndic cache directory on the master bsc1219430 CVE-2024-22232: Prevent directory traversal attacks in the master's servefile method bsc1219431 - Bugs fixed...

The vulnerability of the DCH-compatible Thunderbolt driver, related to deficiencies in the deserialization mechanism, allows a hacker to trigger a service failure.

The vulnerability of the DCH-compatible Thunderbolt driver is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the DCH-compatible Thunderbolt driver relates to incorrect elimination of special elements in the output data, allowing attackers to increase their privileges.

The vulnerability of the DCH-compatible Thunderbolt driver is related to incorrect elimination of special elements in the output data. Exploiting this vulnerability can allow an attacker to increase their privileges...

Arbitrary memory address read vulnerability with Regex search

If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. We recommend to update the Ruby to version 3.3.1 or later. In order to ensure compatibility with older Ruby...

SUSE CVE-2024-30261

Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch, allowing fetch to accept requests as valid even if they have been tampered. This vulnerability was patched in versions 5.28.4 and 6.11.1...

SUSE-SU-2024:1145-1 Security update for buildah

This update for buildah fixes the following issues: - CVE-2024-1753: Fixed an issue to prevent a full container escape at build time. bsc1221677 - Update to version 1.34.1 for compatibility with Docker 25.0 which is not in SLES yet, but will eventually be bsc1219563. See the corresponding release...

SUSE-SU-2024:1144-1 Security update for buildah

This update for buildah fixes the following issues: - CVE-2024-1753: Fixed an issue to prevent a full container escape at build time. bsc1221677 - Update to version 1.34.1 for compatibility with Docker 25.0 which is not in SLES yet, but will eventually be bsc1219563. See the corresponding release...

SUSE-SU-2024:1143-1 Security update for buildah

This update for buildah fixes the following issues: - CVE-2024-1753: Fixed an issue to prevent a full container escape at build time. bsc1221677 - Update to version 1.34.1 for compatibility with Docker 25.0 which is not in SLES yet, but will eventually be bsc1219563. See the corresponding release...

SUSE CVE-2024-26678

In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat section The .compat section is a dummy PE section that contains the address of the 32-bit entrypoint of the 64-bit kernel image if it is bootable from 32-bit firmware...

UBUNTU-CVE-2024-26678

In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat section The .compat section is a dummy PE section that contains the address of the 32-bit entrypoint of the 64-bit kernel image if it is bootable from 32-bit firmware...

CVE-2024-26678 x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat section

In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat section The .compat section is a dummy PE section that contains the address of the 32-bit entrypoint of the 64-bit kernel image if it is bootable from 32-bit firmware...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a security issue with compat in x86/efistub...

SUSE-SU-2024:1074-1 Security update for qpid-proton

This update for qpid-proton fixes the following issues: - CVE-2019-0223: Fixed TLS Man in the Middle Vulnerability bsc1133158. The following non-security bugs were fixed: - Fix build with OpenSSL 3.0.0 bsc1172267 - Sort linked .o files to make package build reproducible bsc1041090 - Fix build wit...

The vulnerability of the SSL/TLS SSLwolf library, related to information disclosure due to incompatibilities, allows attackers to decrypt encrypted texts and forge signatures.

The vulnerability of the SSL/TLS SSL/TLS library wolfSSL is related to the disclosure of information due to incompatibility. Exploiting this vulnerability allows a malicious actor to decrypt encrypted texts except for the server’s secret key and forge signatures...