Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 78 articles for you...
172

Ubuntu 25.04: PAM High Access Risk Spoofing Vulnerability USN-7761-1

PAM could allow unintended access to network services.. ========================================================================== Ubuntu Security Notice USN-7761-1 September 22, 2025 pam vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.04 LTS Summary: PAM could allow unintended access to network services. Software Description: - pam: Pluggable Authentication Modules Details: It was discovered that the PAM pam_access module incorrectly parsed certain rules as hostnames. An attacker could possibly use this issue to spoof hostnames and bypass access restrictions. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 libpam-modules 1.5.3-7ubuntu4.4 Ubuntu 24.04 LTS libpam-modules 1.5.3-5ubuntu5.5 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7761-1 CVE-2024-10963 Package Information: https://launchpad.net/ubuntu/+source/pam/1.5.3-7ubuntu4.4 https://launchpad.net/ubuntu/+source/pam/1.5.3-5ubuntu5.5 . A serious vulnerability in PAM could enable hostname spoofing, putting access controls at risk on Ubuntu installations that require updates.. Ubuntu Security Upgrades, PAM Access Control, Authentication Module Risks. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Sep 22, 2025 Important Ubuntu
198

Arch Linux: ASA-202506-3 CVE-2025-0620 low: samba access issue

The package samba before version 4.22.2-1 is vulnerable to access restriction bypass. . Arch Linux Security Advisory ASA-202506-3 ========================================= Severity: Low Date : 2025-06-06 CVE-ID : CVE-2025-0620 Package : samba Type : access restriction bypass Remote : Yes Link : https://security.archlinux.org/AVG-2892 Summary ======= The package samba before version 4.22.2-1 is vulnerable to access restriction bypass. Resolution ========== Upgrade to 4.22.2-1. # pacman -Syu "samba> =4.22.2-1" The problem has been fixed upstream in version 4.22.2. Workaround ========== None. Description =========== When using Kerberos authentication with SMB, smbd doesn't pick up group membership changes when re-authenticating an expired SMB session. Impact ====== A remote authenticated attacker may retain unintended access to file shares in Samba. References ========== https://nvd.nist.gov/vuln/detail/CVE-2025-0620 https://security.archlinux.org/CVE-2025-0620 . Debian Security Announcement DSA-202506-4 outlines a minor vulnerability in openSSH that may permit unauthorized access, issued on 2025-06-07.. Samba access bypass, Arch Linux security patch, samba update. . Severity: Low. LinuxSecurity.com Team

Calendar%202 Jun 13, 2025 Low ArchLinux
100

SUSE: 2024:1652-1 Moderate: PostgreSQL16 Access Restriction Fix

* bsc#1224038 * bsc#1224051 Cross-References: * CVE-2024-4317 . # Security update for postgresql16 Announcement ID: SUSE-SU-2024:1652-1 Rating: moderate References: * bsc#1224038 * bsc#1224051 Cross-References: * CVE-2024-4317 CVSS scores: * CVE-2024-4317 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for postgresql16 fixes the following issues: PostgreSQL upgrade to version 16.3 (bsc#1224051): * CVE-2024-4317: Fixed visibility restriction of pg_stats_ext and pg_stats_ext_exprs entries to the table owner (bsc#1224038). Bug fixes: * Fix incompatibility with LLVM 18. * Prepare for PostgreSQL 17. * Make sure all compilation and doc generation happens in %build. * Require LLVM

Calendar%202 May 15, 2024 SuSE
91

Gentoo: GLSA-202405-21 Normal: Commons-BeanUtils Code Execution Exploit

A vulnerability has been discovered in Commons-BeanUtils, which could lead to execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202405-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Commons-BeanUtils: Improper Access Restriction Date: May 08, 2024 Bugs: #739346 ID: 202405-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability has been discovered in Commons-BeanUtils, which could lead to execution of arbitrary code. Background ========== Commons-beanutils provides easy-to-use wrappers around Reflection and Introspection APIs Affected packages ================= Package Vulnerable Unaffected -------------------------- ------------ ------------ dev-java/commons-beanutils < 1.9.4 > = 1.9.4 Description =========== A vulnerability has been discovered in Commons-BeanUtils. Please review the CVE identifier referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Commons-BeanUtils users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-java/commons-beanutils-1.9.4" References ========== [ 1 ] CVE-2019-10086 https://nvd.nist.gov/vuln/detail/CVE-2019-10086 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202405-21 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concernsshould be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Gentoo Linux Notice GLSA 202405-22 highlights a moderate severity vulnerability in Commons-Configuration that permits unauthorized data access.. Commons-BeanUtils, Code Execution, Gentoo Security, Software Update, Access Control. . LinuxSecurity.com Team

Calendar%202 May 08, 2024 Gentoo
172

Ubuntu 23.04 USN-6125-1 Urgent: Snapd Access Vulnerability Warning

An intended access restriction in snapd could be bypassed by strict mode snaps.. =========================================================================Ubuntu Security Notice USN-6125-1 May 31, 2023 snapd vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: An intended access restriction in snapd could be bypassed by strict mode snaps. Software Description: - snapd: Daemon and tooling that enable snap packages Details: It was discovered that the snap sandbox did not restrict the use of the ioctl system call with a TIOCLINUX request. This could be exploited by a malicious snap to inject commands into the controlling terminal which would then be executed outside of the snap sandbox once the snap had exited. This could allow an attacker to execute arbitrary commands outside of the confined snap sandbox. Note: graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: snapd 2.59.1+23.04ubuntu1.1 Ubuntu 22.10: snapd 2.58+22.10.1 Ubuntu 22.04 LTS: snapd 2.58+22.04.1 Ubuntu 20.04 LTS: snapd 2.58+20.04.1 Ubuntu 18.04 LTS: snapd 2.58+18.04.1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): snapd 2.54.3+16.04.0ubuntu0.1~esm6 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6125-1 CVE-2023-1523 Package Information: https://launchpad.net/ubuntu/+source/snapd/2.59.1+23.04ubuntu1.1 https://launchpad.net/ubuntu/+source/snapd/2.58+22.10.1 https://launchpad.net/ubuntu/+source/snapd/2.58+22.04.1 https://launchpad.net/ubuntu/+source/snapd/2.58+20.04.1 https://launchpad.net/ubuntu/+source/snapd/2.58+18.04.1 . Perform an update on your Ubuntu installation to mitigate the snapd security flaw impacting various versions and avoid potential command execution risks.. Snapd Security Update, Ubuntu System Patching, Command Injection Prevention. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 31, 2023 Critical Ubuntu
172

Ubuntu 14.04 ESM USN-5484-1 Critical: Kernel Issues and Fixes

Several security issues were fixed in the Linux kernel.. =========================================================================Ubuntu Security Notice USN-5484-1 June 16, 2022 linux vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel Details: It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. (CVE-2022-21499) It was discovered that a race condition existed in the network scheduling subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-39713) It was discovered that some Intel processors did not completely perform cleanup actions on multi-core shared buffers. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21123) It was discovered that some Intel processors did not completely perform cleanup actions on microarchitectural fill buffers. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21125) It was discovered that some Intel processors did not properly perform cleanup during specific special register write operations. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21166) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: linux-image-3.13.0-190-generic 3.13.0-190.241 linux-image-3.13.0-190-lowlatency 3.13.0-190.241 linux-image-generic 3.13.0.190.199 linux-image-lowlatency 3.13.0.190.199 linux-image-server 3.13.0.190.199 linux-image-virtual 3.13.0.190.199 Please note that fully mitigating processor vulnerabilities requires corresponding processor microcode/firmware updates. After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-5484-1 CVE-2021-39713, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2022-21499 . Numerous updates addressing various Linux kernel vulnerabilities have been issued, affecting system security and stability; timely installation recommended.. Kernel Security Issues, Ubuntu Updates, Security Threat Management. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 16, 2022 Critical Ubuntu
172

Ubuntu 22.04 LTS USN-5469-1 Critical: Kernel Issues Exploitable

Several security issues were fixed in the Linux kernel.. =========================================================================Ubuntu Security Notice USN-5469-1 June 08, 2022 linux, linux-aws, linux-azure, linux-gcp, linux-gke, linux-ibm, linux-intel-iotg, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-gke: Linux kernel for Google Container Engine (GKE) systems - linux-ibm: Linux kernel for IBM cloud systems - linux-intel-iotg: Linux kernel for Intel IoT platforms - linux-kvm: Linux kernel for cloud environments - linux-lowlatency: Linux low latency kernel - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi: Linux kernel for Raspberry Pi systems Details: It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. (CVE-2022-21499) Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1966) Billy Jheng Bing Jhong discovered that the CIFS network file system implementation in the Linux kernel did not properly validate arguments to ioctl() in some situations. A local attacker could possibly use this to cause a denial of service (system crash).(CVE-2022-0168) Hu Jiahui discovered that multiple race conditions existed in the Advanced Linux Sound Architecture (ALSA) framework, leading to use-after-free vulnerabilities. A local attacker could use these to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1048) Qiuhao Li, Gaoning Pan and Yongkang Jia discovered that the KVM implementation in the Linux kernel did not properly perform guest page table updates in some situations. An attacker in a guest vm could possibly use this to crash the host OS. (CVE-2022-1158) It was discovered that the implementation of the 6pack and mkiss protocols in the Linux kernel did not handle detach events properly in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1195) Duoming Zhou discovered that the 6pack protocol implementation in the Linux kernel did not handle detach events properly in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-1198) Duoming Zhou discovered that the AX.25 amateur radio protocol implementation in the Linux kernel did not handle detach events properly in some situations. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1199) Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol implementation in the Linux kernel during device detach operations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1204) Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol implementation in the Linux kernel, leading to use-after-free vulnerabilities. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1205) Qiuhao Li, Gaoning Pan, and Yongkang Jia discovered that thekvm implementation in the Linux kernel did not handle releasing a virtual cpu properly. A local attacker in a guest VM coud possibly use this to cause a denial of service (host system crash). (CVE-2022-1263) It was discovered that the PF_KEYv2 implementation in the Linux kernel did not properly initialize kernel memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-1353) It was discovered that the implementation of X.25 network protocols in the Linux kernel did not terminate link layer sessions properly. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-1516) It was discovered that the ACRN Hypervisor Service Module implementation in the Linux kernel did not properly deallocate memory in some situations. A local privileged attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2022-1651) It was discovered that the RxRPC session socket implementation in the Linux kernel did not properly handle ioctls called when no security protocol is given. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2022-1671) Ziming Zhang discovered that the netfilter subsystem in the Linux kernel did not properly validate sets with multiple ranged fields. A local attacker could use this to cause a denial of service or execute arbitrary code. (CVE-2022-1972) 赵子轩 discovered that the 802.2 LLC type 2 driver in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could use this to cause a denial of service. (CVE-2022-28356) It was discovered that the 8 Devices USB2CAN interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-28388) It was discoveredthat the Microchip CAN BUS Analyzer interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-28389) It was discovered that the EMS CAN/USB interface implementation in the Linux kernel contained a double-free vulnerability when handling certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2022-28390) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: linux-image-5.15.0-1007-ibm 5.15.0-1007.8 linux-image-5.15.0-1008-gcp 5.15.0-1008.12 linux-image-5.15.0-1008-gke 5.15.0-1008.10 linux-image-5.15.0-1008-intel-iotg 5.15.0-1008.11 linux-image-5.15.0-1009-oracle 5.15.0-1009.12 linux-image-5.15.0-1010-azure 5.15.0-1010.12 linux-image-5.15.0-1010-kvm 5.15.0-1010.11 linux-image-5.15.0-1011-aws 5.15.0-1011.14 linux-image-5.15.0-1011-raspi 5.15.0-1011.13 linux-image-5.15.0-1011-raspi-nolpae 5.15.0-1011.13 linux-image-5.15.0-37-generic 5.15.0-37.39 linux-image-5.15.0-37-generic-64k 5.15.0-37.39 linux-image-5.15.0-37-generic-lpae 5.15.0-37.39 linux-image-5.15.0-37-lowlatency 5.15.0-37.39 linux-image-5.15.0-37-lowlatency-64k 5.15.0-37.39 linux-image-aws 5.15.0.1011.12 linux-image-azure 5.15.0.1010.10 linux-image-gcp 5.15.0.1008.8 linux-image-generic 5.15.0.37.39 linux-image-generic-64k 5.15.0.37.39 linux-image-generic-hwe-22.04 5.15.0.37.39 linux-image-generic-lpae 5.15.0.37.39 linux-image-generic-lpae-hwe-22.04 5.15.0.37.39 linux-image-gke 5.15.0.1008.12 linux-image-gke-5.15 5.15.0.1008.12 linux-image-ibm 5.15.0.1007.7 linux-image-intel-iotg 5.15.0.1008.9 linux-image-kvm 5.15.0.1010.9 linux-image-lowlatency 5.15.0.37.37 linux-image-lowlatency-64k 5.15.0.37.37 linux-image-lowlatency-64k-hwe-22.04 5.15.0.37.37 linux-image-lowlatency-hwe-22.04 5.15.0.37.37 linux-image-oem-20.04 5.15.0.37.39 linux-image-oracle 5.15.0.1009.8 linux-image-raspi 5.15.0.1011.10 linux-image-raspi-nolpae 5.15.0.1011.10 linux-image-virtual 5.15.0.37.39 linux-image-virtual-hwe-22.04 5.15.0.37.39 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-5469-1 CVE-2022-0168, CVE-2022-1048, CVE-2022-1158, CVE-2022-1195, CVE-2022-1198, CVE-2022-1199, CVE-2022-1204, CVE-2022-1205, CVE-2022-1263, CVE-2022-1353, CVE-2022-1516, CVE-2022-1651, CVE-2022-1671, CVE-2022-1966, CVE-2022-1972, CVE-2022-21499, CVE-2022-28356, CVE-2022-28388, CVE-2022-28389, CVE-2022-28390 Package Information: https://launchpad.net/ubuntu/+source/linux/5.15.0-37.39 https://launchpad.net/ubuntu/+source/linux-aws/5.15.0-1011.14 https://launchpad.net/ubuntu/+source/linux-azure/5.15.0-1010.12 https://launchpad.net/ubuntu/+source/linux-gcp/5.15.0-1008.12 https://launchpad.net/ubuntu/+source/linux-gke/5.15.0-1008.10 https://launchpad.net/ubuntu/+source/linux-ibm/5.15.0-1007.8 https://launchpad.net/ubuntu/+source/linux-intel-iotg/5.15.0-1008.11 https://launchpad.net/ubuntu/+source/linux-kvm/5.15.0-1010.11 https://launchpad.net/ubuntu/+source/linux-lowlatency/5.15.0-37.39 https://launchpad.net/ubuntu/+source/linux-oracle/5.15.0-1009.12 https://launchpad.net/ubuntu/+source/linux-raspi/5.15.0-1011.13 . A variety of vulnerabilities were addressed in the Linux kernel impacting various Ubuntu editions.. Linux Kernel Security, Ubuntu Kernel Update, Kernel Bugs Fix. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 08, 2022 Critical Ubuntu
172

Ubuntu 21.10: USN-5387-1 Critical Access Restriction in Barbican

Several security issues were fixed in barbican.. =========================================================================Ubuntu Security Notice USN-5387-1 April 25, 2022 barbican vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in barbican. Software Description: - barbican: OpenStack Key Management Service - API Server Details: Douglas Mendizábal discovered that Barbican incorrectly handled access restrictions. An authenticated attacker could possibly use this issue to consume protected resources and possibly cause a denial of service. (CVE-2022-23451, CVE-2022-23452) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: python3-barbican 2:13.0.0-0ubuntu1.2 Ubuntu 20.04 LTS: python3-barbican 1:10.1.0-0ubuntu2.1 Ubuntu 18.04 LTS: python-barbican 1:6.0.1-0ubuntu1.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5387-1 CVE-2022-23451, CVE-2022-23452 Package Information: https://launchpad.net/ubuntu/+source/barbican/2:13.0.0-0ubuntu1.2 https://launchpad.net/ubuntu/+source/barbican/1:10.1.0-0ubuntu2.1 https://launchpad.net/ubuntu/+source/barbican/1:6.0.1-0ubuntu1.1 . Multiple vulnerabilities were resolved in barbican for Ubuntu 21.10, 20.04 LTS, and 18.04 LTS. Ensure you update your system promptly.. Barbican Security, Ubuntu 21.10, Access Control, OpenStack Key Management. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Apr 25, 2022 Critical Ubuntu
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200