Explore top 10 tips to secure your open-source projects now. Read More
×PAM could allow unintended access to network services.. ========================================================================== Ubuntu Security Notice USN-7761-1 September 22, 2025 pam vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.04 LTS Summary: PAM could allow unintended access to network services. Software Description: - pam: Pluggable Authentication Modules Details: It was discovered that the PAM pam_access module incorrectly parsed certain rules as hostnames. An attacker could possibly use this issue to spoof hostnames and bypass access restrictions. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 libpam-modules 1.5.3-7ubuntu4.4 Ubuntu 24.04 LTS libpam-modules 1.5.3-5ubuntu5.5 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7761-1 CVE-2024-10963 Package Information: https://launchpad.net/ubuntu/+source/pam/1.5.3-7ubuntu4.4 https://launchpad.net/ubuntu/+source/pam/1.5.3-5ubuntu5.5 . A serious vulnerability in PAM could enable hostname spoofing, putting access controls at risk on Ubuntu installations that require updates.. Ubuntu Security Upgrades, PAM Access Control, Authentication Module Risks. . Severity: Important. LinuxSecurity.com Team
The package samba before version 4.22.2-1 is vulnerable to access restriction bypass. . Arch Linux Security Advisory ASA-202506-3 ========================================= Severity: Low Date : 2025-06-06 CVE-ID : CVE-2025-0620 Package : samba Type : access restriction bypass Remote : Yes Link : https://security.archlinux.org/AVG-2892 Summary ======= The package samba before version 4.22.2-1 is vulnerable to access restriction bypass. Resolution ========== Upgrade to 4.22.2-1. # pacman -Syu "samba> =4.22.2-1" The problem has been fixed upstream in version 4.22.2. Workaround ========== None. Description =========== When using Kerberos authentication with SMB, smbd doesn't pick up group membership changes when re-authenticating an expired SMB session. Impact ====== A remote authenticated attacker may retain unintended access to file shares in Samba. References ========== https://nvd.nist.gov/vuln/detail/CVE-2025-0620 https://security.archlinux.org/CVE-2025-0620 . Debian Security Announcement DSA-202506-4 outlines a minor vulnerability in openSSH that may permit unauthorized access, issued on 2025-06-07.. Samba access bypass, Arch Linux security patch, samba update. . Severity: Low. LinuxSecurity.com Team
* bsc#1224038 * bsc#1224051 Cross-References: * CVE-2024-4317 . # Security update for postgresql16 Announcement ID: SUSE-SU-2024:1652-1 Rating: moderate References: * bsc#1224038 * bsc#1224051 Cross-References: * CVE-2024-4317 CVSS scores: * CVE-2024-4317 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for postgresql16 fixes the following issues: PostgreSQL upgrade to version 16.3 (bsc#1224051): * CVE-2024-4317: Fixed visibility restriction of pg_stats_ext and pg_stats_ext_exprs entries to the table owner (bsc#1224038). Bug fixes: * Fix incompatibility with LLVM 18. * Prepare for PostgreSQL 17. * Make sure all compilation and doc generation happens in %build. * Require LLVM
A vulnerability has been discovered in Commons-BeanUtils, which could lead to execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202405-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Commons-BeanUtils: Improper Access Restriction Date: May 08, 2024 Bugs: #739346 ID: 202405-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability has been discovered in Commons-BeanUtils, which could lead to execution of arbitrary code. Background ========== Commons-beanutils provides easy-to-use wrappers around Reflection and Introspection APIs Affected packages ================= Package Vulnerable Unaffected -------------------------- ------------ ------------ dev-java/commons-beanutils < 1.9.4 > = 1.9.4 Description =========== A vulnerability has been discovered in Commons-BeanUtils. Please review the CVE identifier referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Commons-BeanUtils users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-java/commons-beanutils-1.9.4" References ========== [ 1 ] CVE-2019-10086 https://nvd.nist.gov/vuln/detail/CVE-2019-10086 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202405-21 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concernsshould be addressed to
An intended access restriction in snapd could be bypassed by strict mode snaps.. =========================================================================Ubuntu Security Notice USN-6125-1 May 31, 2023 snapd vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: An intended access restriction in snapd could be bypassed by strict mode snaps. Software Description: - snapd: Daemon and tooling that enable snap packages Details: It was discovered that the snap sandbox did not restrict the use of the ioctl system call with a TIOCLINUX request. This could be exploited by a malicious snap to inject commands into the controlling terminal which would then be executed outside of the snap sandbox once the snap had exited. This could allow an attacker to execute arbitrary commands outside of the confined snap sandbox. Note: graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: snapd 2.59.1+23.04ubuntu1.1 Ubuntu 22.10: snapd 2.58+22.10.1 Ubuntu 22.04 LTS: snapd 2.58+22.04.1 Ubuntu 20.04 LTS: snapd 2.58+20.04.1 Ubuntu 18.04 LTS: snapd 2.58+18.04.1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): snapd 2.54.3+16.04.0ubuntu0.1~esm6 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6125-1 CVE-2023-1523 Package Information: https://launchpad.net/ubuntu/+source/snapd/2.59.1+23.04ubuntu1.1 https://launchpad.net/ubuntu/+source/snapd/2.58+22.10.1 https://launchpad.net/ubuntu/+source/snapd/2.58+22.04.1 https://launchpad.net/ubuntu/+source/snapd/2.58+20.04.1 https://launchpad.net/ubuntu/+source/snapd/2.58+18.04.1 . Perform an update on your Ubuntu installation to mitigate the snapd security flaw impacting various versions and avoid potential command execution risks.. Snapd Security Update, Ubuntu System Patching, Command Injection Prevention. . Severity: Critical. LinuxSecurity.com Team
Several security issues were fixed in the Linux kernel.. =========================================================================Ubuntu Security Notice USN-5484-1 June 16, 2022 linux vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel Details: It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. (CVE-2022-21499) It was discovered that a race condition existed in the network scheduling subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-39713) It was discovered that some Intel processors did not completely perform cleanup actions on multi-core shared buffers. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21123) It was discovered that some Intel processors did not completely perform cleanup actions on microarchitectural fill buffers. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21125) It was discovered that some Intel processors did not properly perform cleanup during specific special register write operations. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21166) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: linux-image-3.13.0-190-generic 3.13.0-190.241 linux-image-3.13.0-190-lowlatency 3.13.0-190.241 linux-image-generic 3.13.0.190.199 linux-image-lowlatency 3.13.0.190.199 linux-image-server 3.13.0.190.199 linux-image-virtual 3.13.0.190.199 Please note that fully mitigating processor vulnerabilities requires corresponding processor microcode/firmware updates. After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-5484-1 CVE-2021-39713, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2022-21499 . Numerous updates addressing various Linux kernel vulnerabilities have been issued, affecting system security and stability; timely installation recommended.. Kernel Security Issues, Ubuntu Updates, Security Threat Management. . Severity: Critical. LinuxSecurity.com Team
Several security issues were fixed in the Linux kernel.. =========================================================================Ubuntu Security Notice USN-5469-1 June 08, 2022 linux, linux-aws, linux-azure, linux-gcp, linux-gke, linux-ibm, linux-intel-iotg, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-gke: Linux kernel for Google Container Engine (GKE) systems - linux-ibm: Linux kernel for IBM cloud systems - linux-intel-iotg: Linux kernel for Intel IoT platforms - linux-kvm: Linux kernel for cloud environments - linux-lowlatency: Linux low latency kernel - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi: Linux kernel for Raspberry Pi systems Details: It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. (CVE-2022-21499) Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1966) Billy Jheng Bing Jhong discovered that the CIFS network file system implementation in the Linux kernel did not properly validate arguments to ioctl() in some situations. A local attacker could possibly use this to cause a denial of service (system crash).(CVE-2022-0168) Hu Jiahui discovered that multiple race conditions existed in the Advanced Linux Sound Architecture (ALSA) framework, leading to use-after-free vulnerabilities. A local attacker could use these to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1048) Qiuhao Li, Gaoning Pan and Yongkang Jia discovered that the KVM implementation in the Linux kernel did not properly perform guest page table updates in some situations. An attacker in a guest vm could possibly use this to crash the host OS. (CVE-2022-1158) It was discovered that the implementation of the 6pack and mkiss protocols in the Linux kernel did not handle detach events properly in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1195) Duoming Zhou discovered that the 6pack protocol implementation in the Linux kernel did not handle detach events properly in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-1198) Duoming Zhou discovered that the AX.25 amateur radio protocol implementation in the Linux kernel did not handle detach events properly in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1199) Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol implementation in the Linux kernel during device detach operations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1204) Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol implementation in the Linux kernel, leading to use-after-free vulnerabilities. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1205) Qiuhao Li, Gaoning Pan, and Yongkang Jia discovered that thekvm implementation in the Linux kernel did not handle releasing a virtual cpu properly. A local attacker in a guest VM coud possibly use this to cause a denial of service (host system crash). (CVE-2022-1263) It was discovered that the PF_KEYv2 implementation in the Linux kernel did not properly initialize kernel memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-1353) It was discovered that the implementation of X.25 network protocols in the Linux kernel did not terminate link layer sessions properly. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1516) It was discovered that the ACRN Hypervisor Service Module implementation in the Linux kernel did not properly deallocate memory in some situations. A local privileged attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2022-1651) It was discovered that the RxRPC session socket implementation in the Linux kernel did not properly handle ioctls called when no security protocol is given. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2022-1671) Ziming Zhang discovered that the netfilter subsystem in the Linux kernel did not properly validate sets with multiple ranged fields. A local attacker could use this to cause a denial of service or execute arbitrary code. (CVE-2022-1972) 赵子轩 discovered that the 802.2 LLC type 2 driver in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could use this to cause a denial of service. (CVE-2022-28356) It was discovered that the 8 Devices USB2CAN interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-28388) It was discoveredthat the Microchip CAN BUS Analyzer interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-28389) It was discovered that the EMS CAN/USB interface implementation in the Linux kernel contained a double-free vulnerability when handling certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-28390) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: linux-image-5.15.0-1007-ibm 5.15.0-1007.8 linux-image-5.15.0-1008-gcp 5.15.0-1008.12 linux-image-5.15.0-1008-gke 5.15.0-1008.10 linux-image-5.15.0-1008-intel-iotg 5.15.0-1008.11 linux-image-5.15.0-1009-oracle 5.15.0-1009.12 linux-image-5.15.0-1010-azure 5.15.0-1010.12 linux-image-5.15.0-1010-kvm 5.15.0-1010.11 linux-image-5.15.0-1011-aws 5.15.0-1011.14 linux-image-5.15.0-1011-raspi 5.15.0-1011.13 linux-image-5.15.0-1011-raspi-nolpae 5.15.0-1011.13 linux-image-5.15.0-37-generic 5.15.0-37.39 linux-image-5.15.0-37-generic-64k 5.15.0-37.39 linux-image-5.15.0-37-generic-lpae 5.15.0-37.39 linux-image-5.15.0-37-lowlatency 5.15.0-37.39 linux-image-5.15.0-37-lowlatency-64k 5.15.0-37.39 linux-image-aws 5.15.0.1011.12 linux-image-azure 5.15.0.1010.10 linux-image-gcp 5.15.0.1008.8 linux-image-generic 5.15.0.37.39 linux-image-generic-64k 5.15.0.37.39 linux-image-generic-hwe-22.04 5.15.0.37.39 linux-image-generic-lpae 5.15.0.37.39 linux-image-generic-lpae-hwe-22.04 5.15.0.37.39 linux-image-gke 5.15.0.1008.12 linux-image-gke-5.15 5.15.0.1008.12 linux-image-ibm 5.15.0.1007.7 linux-image-intel-iotg 5.15.0.1008.9 linux-image-kvm 5.15.0.1010.9 linux-image-lowlatency 5.15.0.37.37 linux-image-lowlatency-64k 5.15.0.37.37 linux-image-lowlatency-64k-hwe-22.04 5.15.0.37.37 linux-image-lowlatency-hwe-22.04 5.15.0.37.37 linux-image-oem-20.04 5.15.0.37.39 linux-image-oracle 5.15.0.1009.8 linux-image-raspi 5.15.0.1011.10 linux-image-raspi-nolpae 5.15.0.1011.10 linux-image-virtual 5.15.0.37.39 linux-image-virtual-hwe-22.04 5.15.0.37.39 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-5469-1 CVE-2022-0168, CVE-2022-1048, CVE-2022-1158, CVE-2022-1195, CVE-2022-1198, CVE-2022-1199, CVE-2022-1204, CVE-2022-1205, CVE-2022-1263, CVE-2022-1353, CVE-2022-1516, CVE-2022-1651, CVE-2022-1671, CVE-2022-1966, CVE-2022-1972, CVE-2022-21499, CVE-2022-28356, CVE-2022-28388, CVE-2022-28389, CVE-2022-28390 Package Information: https://launchpad.net/ubuntu/+source/linux/5.15.0-37.39 https://launchpad.net/ubuntu/+source/linux-aws/5.15.0-1011.14 https://launchpad.net/ubuntu/+source/linux-azure/5.15.0-1010.12 https://launchpad.net/ubuntu/+source/linux-gcp/5.15.0-1008.12 https://launchpad.net/ubuntu/+source/linux-gke/5.15.0-1008.10 https://launchpad.net/ubuntu/+source/linux-ibm/5.15.0-1007.8 https://launchpad.net/ubuntu/+source/linux-intel-iotg/5.15.0-1008.11 https://launchpad.net/ubuntu/+source/linux-kvm/5.15.0-1010.11 https://launchpad.net/ubuntu/+source/linux-lowlatency/5.15.0-37.39 https://launchpad.net/ubuntu/+source/linux-oracle/5.15.0-1009.12 https://launchpad.net/ubuntu/+source/linux-raspi/5.15.0-1011.13 . A variety of vulnerabilities were addressed in the Linux kernel impacting various Ubuntu editions.. Linux Kernel Security, Ubuntu Kernel Update, Kernel Bugs Fix. . Severity: Critical. LinuxSecurity.com Team
Several security issues were fixed in barbican.. =========================================================================Ubuntu Security Notice USN-5387-1 April 25, 2022 barbican vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in barbican. Software Description: - barbican: OpenStack Key Management Service - API Server Details: Douglas Mendizábal discovered that Barbican incorrectly handled access restrictions. An authenticated attacker could possibly use this issue to consume protected resources and possibly cause a denial of service. (CVE-2022-23451, CVE-2022-23452) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: python3-barbican 2:13.0.0-0ubuntu1.2 Ubuntu 20.04 LTS: python3-barbican 1:10.1.0-0ubuntu2.1 Ubuntu 18.04 LTS: python-barbican 1:6.0.1-0ubuntu1.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5387-1 CVE-2022-23451, CVE-2022-23452 Package Information: https://launchpad.net/ubuntu/+source/barbican/2:13.0.0-0ubuntu1.2 https://launchpad.net/ubuntu/+source/barbican/1:10.1.0-0ubuntu2.1 https://launchpad.net/ubuntu/+source/barbican/1:6.0.1-0ubuntu1.1 . Multiple vulnerabilities were resolved in barbican for Ubuntu 21.10, 20.04 LTS, and 18.04 LTS. Ensure you update your system promptly.. Barbican Security, Ubuntu 21.10, Access Control, OpenStack Key Management. . Severity: Critical. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.