CLSA-2026-1777378650 Fix CVE(s): CVE-2023-26604

SECURITY UPDATE: systemctl may pass arbitrary shell commands from a pager like more1 that does not honor LESSSECURE, allowing privilege escalation under sudo. - debian/patches/CVE-2023-26604.patch: set LESSSECURE=1 when invoking a pager, rename to SYSTEMDPAGERSECURE, gate insecure pagers behind...

systemd security and bug fix update

239-74.0.4.2 - Fix CVE-2023-26604 - pager: set whenver we invoke a pager [email protected] 2175624 - pager: make pager secure when under euid is changed or explicitly requested [email protected] 2175624 - pager: lets check SYSTEMDPAGERSECURE with securegetenv...

SUSE-SU-2015:1892-1 Security update for libvdpau

libvdpau was updated to use securegetenv instead of getenv for several variables so it can be more safely used in setuid applications. CVE-2015-5198: libvdpau: incorrect check for security transition bnc943967 CVE-2015-5199: libvdpau: directory traversal in dlopen bnc943968 CVE-2015-5200: libvdpa...

openssl security update

1.0.0-27.2 - fix for CVE-2013-0169 - SSL/TLS CBC timing attack 907589 - fix for CVE-2013-0166 - DoS in OCSP signatures checking 908052 - enable compression only if explicitly asked for or OPENSSLDEFAULTZLIB environment variable is set fixes CVE-2012-4929 857051 - use securegetenv everywhere inste...