Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -4 articles for you...
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisorymoderateUbuntu

Ubuntu 14.04 LTS USN-6722-1 Moderate: Django Account Hijack Risk

Django accounts could be hijacked through password reset requests.. ========================================================================== Ubuntu Security Notice USN-6722-1 April 08, 2024 python-django vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS (Available with Ubuntu Pro) Summary: Django accounts could be hijacked through password reset requests. Software Description: - python-django: High-level Python web development framework Details: Simon Charette discovered that the password reset functionality in Django used a Unicode case insensitive query to retrieve accounts associated with an email address. An attacker could possibly use this to obtain password reset tokens and hijack accounts. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS (Available with Ubuntu Pro): python-django 1.6.11-0ubuntu1.3+esm7 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6722-1 CVE-2019-19844 . As cybersecurity threats evolve, Django developers must be vigilant about password reset vulnerabilities related to Ubuntu updates, ensuring secure token usage.. Django Vulnerability, Ubuntu 14.04, Password Reset Security. . LinuxSecurity.com Team

Calendar 2 Apr 08, 2024 Ubuntu
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisoryDebianDoS

Debian: DLA-2042-1 Moderate: Python-Django Account Hijack Issue

It was discovered that there was a potential account hijack vulnerabilility in Django, the Python-based web development framework. . Package : python-django Version : 1.7.11-1+deb8u8 CVE ID : CVE-2019-19844 Debian Bug : #946937 It was discovered that there was a potential account hijack vulnerabilility in Django, the Python-based web development framework. Django's password-reset form used a case-insensitive query to retrieve accounts matching the email address requesting the password reset. Because this typically involves explicit or implicit case transformations, an attacker who knew the email address associated with a user account could craft an email address which is distinct from the address associated with that account, but which -- due to the behavior of Unicode case transformations -- ceases to be distinct after case transformation, or which will otherwise compare equal given database case-transformation or collation behavior. In such a situation, the attacker can receive a valid password-reset token for the user account. To resolve this, two changes were made in Django: * After retrieving a list of potentially-matching accounts from the database, Django's password reset functionality now also checks the email address for equivalence in Python, using the recommended identifier-comparison process from Unicode Technical Report 36, section 2.11.2(B)(2). * When generating password-reset emails, Django now sends to the email address retrieved from the database, rather than the email address submitted in the password-reset request form. For more information, please see: https://www.djangoproject.com/weblog/2019/dec/18/security-releases/ For Debian 8 "Jessie", this issue has been fixed in python-django version 1.7.11-1+deb8u8. We recommend that you upgrade your python-django packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at:https://wiki.debian.org/LTS Regards, - -- ,'`. : :' : Chris Lamb `. `'` This email address is being protected from spambots. You need JavaScript enabled to view it. / chris-lamb.co.uk `- . Upgrade to Python-django version 1.7.11-1+deb8u8 to address vulnerabilities related to account takeover. This update ensures enhanced security protocols.. python-django, security update, Debian advisory, account hijack, Django framework. . LinuxSecurity.com Team

Calendar 2 Dec 18, 2019 Debian LTS
Banner 4 1028x280 1708121825 1771600306
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorycriticalremote

Debian: DSA-2851-1 Critical: Drupal6 Account Hijack Impersonation

Christian Mainka and Vladislav Mladenov reported a vulnerability in the OpenID module of Drupal, a fully-featured content management framework. A malicious user could exploit this flaw to log in as other users on the site, including administrators, and hijack their accounts. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-2851-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Salvatore Bonaccorso February 02, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : drupal6 Vulnerability : impersonation Problem type : remote Debian-specific: no CVE ID : CVE-2014-1475 Christian Mainka and Vladislav Mladenov reported a vulnerability in the OpenID module of Drupal, a fully-featured content management framework. A malicious user could exploit this flaw to log in as other users on the site, including administrators, and hijack their accounts. These fixes require extra updates to the database which can be done from the administration pages. For the oldstable distribution (squeeze), this problem has been fixed in version 6.30-1. We recommend that you upgrade your drupal6 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Alert regarding vulnerability in Drupal6 leading to potential account takeover. Immediate upgrade is essential to safeguard user information.. drupal6 security, debian advisory, account hijacking. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Feb 02, 2014 Critical Debian
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisorygentoovulnerability

Gentoo: GLSA-202309-18 Normal: NexusServer Security Vulnerability

Multiple vulnerabilities in Bitlbee may allow to bypass security restrictions and hijack accounts.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200809-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: BitlBee: Security bypass Date: September 23, 2008 Bugs: #236160 ID: 200809-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities in Bitlbee may allow to bypass security restrictions and hijack accounts. Background ========= BitlBee is an IRC to IM gateway that support multiple IM protocols. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-im/bitlbee < 1.2.3 > = 1.2.3 Description ========== Multiple unspecified vulnerabilities were reported, including a NULL pointer dereference. Impact ===== A remote attacker could exploit these vulnerabilities to overwrite existing IM accounts. Workaround ========= There is no known workaround at this time. Resolution ========= All BitlBee users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-im/bitlbee-1.2.3" References ========= [ 1 ] CVE-2008-3920 https://www.cve.org/CVERecord?id=CVE-2008-3920 [ 2 ] CVE-2008-3969 https://www.cve.org/CVERecord?id=CVE-2008-3969 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200809-14 Concerns? ======== Security is aprimary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . Weaknesses in BitlBee on Gentoo permit evasion of protections, enabling account takeovers. Immediate updates advised to maintain security.. BitlBee Security, Gentoo GLSA, Account Hijacking, Security Update, Security Bypass. . LinuxSecurity.com Team

Calendar 2 Sep 23, 2008 Gentoo
Banner 4 1028x280 1708121825 1771600306
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorysoftware updateFedora

Fedora 8: FEDORA-2009-8456 Critical: Bitlbee Account Hijack Fix

Upstream released Bitlbee 1.2.2 with the following changes to the former release: - Security bugfix: It was possible to hijack accounts (without gaining access to the old account, it's simply an overwrite) - Some more stability improvements. - Fixed bug where people with non-lowercase nicks couldn't drop their account. - Easier upgrades of non-forking daemon mode servers (using the DEAF command). - Can be cross-compiled for Win32 now! (No support for SSL yet though, which makes it less useful for now.) - Exponential backoff on auto-reconnect. - Changing passwords gives less confusing feedback ("password is empty") now. Finished 26 Aug 2008. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2008-7712 2008-09-05 11:02:52 -------------------------------------------------------------------------------- Name : bitlbee Product : Fedora 8 Version : 1.2.2 Release : 1.fc8 URL : https://www.bitlbee.org/main.php/news.r.html Summary : IRC to other chat networks gateway Description : Bitlbee is an IRC to other chat networks gateway. Bitlbee can be used as an IRC server which forwards everything you say to people on other chat networks like ICQ, MSN, Jabber or Yahoo! -------------------------------------------------------------------------------- Update Information: Upstream released Bitlbee 1.2.2 with the following changes to the former release: - Security bugfix: It was possible to hijack accounts (without gaining access to the old account, it's simply an overwrite) - Some more stability improvements. - Fixed bug where people with non-lowercase nicks couldn't drop their account. - Easier upgrades of non-forking daemon mode servers (using the DEAF command). - Can be cross-compiled for Win32 now! (No support for SSL yet though, which makes it less useful for now.) - Exponential backoff on auto-reconnect. - Changing passwords gives less confusing feedback ("password is empty") now. Finished 26 Aug2008 -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 27 2008 Robert Scheck 1.2.2-1 - Upgrade to 1.2.2 (#460355) * Mon Jul 7 2008 Robert Scheck 1.2.1-1 - Upgrade to 1.2.1 (thanks to Matěj Cepl) * Tue Apr 15 2008 Robert Scheck 1.2-1 - Upgrade to 1.2 (#439047, thanks to Matěj Cepl) * Sun Feb 10 2008 Robert Scheck 1.0.4-2 - Rebuilt against gcc 4.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #460355 - Bitlbee 1.2.2 was released, update required https://bugzilla.redhat.com/show_bug.cgi?id=460355 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update bitlbee' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Essential release for Bitlbee 1.2.2 focusing on resolving account theft vulnerabilities and enhancing reliability for Fedora 8 users.. Bitlbee Update,Fedora 8 Security,Account Hijack Fix,Stability Improvement. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Sep 10, 2008 Critical Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here