openSUSE 15 Security Update : xen (openSUSE-SU-2021:2923-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2923-1 advisory. - Observable response discrepancy in some IntelR Processors may allow an authorized user to potentially enable information disclosure via...

SUSE SLED15: xen / xen-devel / xen-libs / xen-tools / xen-tools-domU / etc (SUSE-SU-2021:2922-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2922-1 advisory. Update to Xen 4.13.3 general bug fix release bsc1027519. Security issues fixed: - CVE-2021-28693: xen/arm: Boot modules are not scrubb...

SUSE SLES15 Security Update : xen (SUSE-SU-2021:2943-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2943-1 advisory. - CVE-2021-28698: long running loops in grant table handling XSA-380bsc1189378. - CVE-2021-28692: xen: inappropriate x86 IOMMU...

timeout_io (>=0.2.0 <=0.2.7) potentially affected by CVE-2020-36438 via tiny_future (=0.3.2)

tinyfuture CARGO version =0.3.2 is affected by a known vulnerability. The following packages have a transitive dependency on tinyfuture and may be impacted: - timeoutio =0.2.0, =0.2.7 Source cves: CVE-2020-36438 Source advisory: OSV:GHSA-FG42-VWXX-XX5J...

curl (>=0.4.7 <=0.4.8), dns-lookup (>=0.7.0 <=0.8.1) +5 more potentially affected by CVE-2020-35919 +1 more via socket2 (=0.2.4)

socket2 CARGO version =0.2.4 is affected by a known vulnerability. The following packages have a transitive dependency on socket2 and may be impacted: - curl =0.4.7, =0.7.0, =0.3.0, =0.1.0, =0.2.2, =0.2.4 - miow =0.3.0 Source cves: CVE-2020-35919, CVE-2020-35920 Source advisory:...

python-jinja2: ReDoS vulnerability in the urlize filter

A flaw was found in python-jinja2. The ReDOS vulnerability of the regex is mainly due to the sub-pattern a-zA-Z0-9.-+.a-zA-Z0-9.-+. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory...

Security update for tor (important)

openSUSE Security Update: Security update for tor Announcement ID: openSUSE-SU-2021:1169-1 Rating: important References: 1189489 Cross-References: CVE-2021-38385 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for tor fixes t...

kernel security, bug fix, and enhancement update

4.18.0-305.12.14.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...

Gateway session time out not working as expected

Gateway time session out configured in the session profile doesn't work as expected...

Xen Inappropriate x86 IOMMU Timeout Detection / Handling (XSA-372)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a vulnerability due to inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPUs issuing such commands. In the...

OPENSUSE-SU-2021:1087-1 Security update for crmsh

This update for crmsh fixes the following issues: Update to version 4.3.1+20210624.67223df2: - Fix: ocfs2: Skip verifying UUID for ocfs2 device on top of raid or lvm on the join node bsc1187553 - Fix: history: use Path.mkdir instead of mkdir commandbsc1179999, CVE-2020-35459 - Dev: crashtest: Add...

Security update for crmsh (moderate)

openSUSE Security Update: Security update for crmsh Announcement ID: openSUSE-SU-2021:1087-1 Rating: moderate References: 1163460 1175982 1179999 1184465 1185423 1187553 SLE-17979 Cross-References: CVE-2020-35459 CVSS scores: CVE-2020-35459 NVD : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H...

OPENSUSE-SU-2021:2435-1 Security update for crmsh

This update for crmsh fixes the following issues: Update to version 4.3.1+20210624.67223df2: - Fix: ocfs2: Skip verifying UUID for ocfs2 device on top of raid or lvm on the join node bsc1187553 - Fix: history: use Path.mkdir instead of mkdir commandbsc1179999, CVE-2020-35459 - Dev: crashtest: Add...

ruby:2.7 security, bug fix, and enhancement update

ruby 2.7.3-136 - Upgrade to Ruby 2.7.3. Resolves: rhbz1951999 - Resolv::DNS: timeouts if multiple IPv6 name servers are given and address contains leading zero Resolves: rhbz1952000 2.7.2-135 - Upgrade to Ruby 2.7.2. - Avoid possible timeout errors in TestBugReportertestbugreporteradd. 2.7.1-133 ...

SUSE-SU-2021:2239-1 Security update for crmsh

This update for crmsh fixes the following issues: Update to version 4.3.1+20210624.67223df2: - Fix: ocfs2: Skip verifying UUID for ocfs2 device on top of raid or lvm on the join node bsc1187553 - Fix: history: use Path.mkdir instead of mkdir commandbsc1179999, CVE-2020-35459 - Dev: crashtest: Add...

SUSE-SU-2021:2238-1 Security update for crmsh

This update for crmsh fixes the following issues: Update to version 4.3.1+20210624.67223df2: - Fix: ocfs2: Skip verifying UUID for ocfs2 device on top of raid or lvm on the join node bsc1187553 - Fix: history: use Path.mkdir instead of mkdir commandbsc1179999, CVE-2020-35459 - Dev: crashtest: Add...

ALPINE-CVE-2021-28692

inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPUs issuing such commands. In the current implementation in Xen, asynchronous notification of the completion of such commands is not used. Instead, the issuing CPU...

CVE-2021-28692

inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPUs issuing such commands. In the current implementation in Xen, asynchronous notification of the completion of such commands is not used. Instead, the issuing CPU...

DEBIAN-CVE-2021-28692

inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPUs issuing such commands. In the current implementation in Xen, asynchronous notification of the completion of such commands is not used. Instead, the issuing CPU...

CVE-2021-28692

inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPUs issuing such commands. In the current implementation in Xen, asynchronous notification of the completion of such commands is not used. Instead, the issuing CPU...