Alerts This Week
Warning Icon 1 535
Alerts This Week
Warning Icon 1 535

Stay Secure with the Latest Linux Advisories

Fedora Large Esm H800
Fedora

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Calendar White Jun 02, 2026
Important
Oracle Large Esm H800
Oracle

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Calendar White Jun 02, 2026
moderate
Oracle Large Esm H900
Oracle

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Calendar White Jun 03, 2026
Critical
Ubuntu Large Esm H800
Ubuntu

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Calendar White Jun 03, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -4 articles for you...
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorycritical issuesecurity update

Fedora 30: FEDORA-2019-1cfe24db5c Critical: Active Record Code Execution

Update Ruby on Rails to 5.2.3. Fixes CVE-2019-5418 CVE-2019-5419 CVE-2019-5420.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-1cfe24db5c 2019-05-10 00:46:38.157347 --------------------------------------------------------------------------------Name : rubygem-activerecord Product : Fedora 30 Version : 5.2.3 Release : 1.fc30 URL : https://rubyonrails.org/ Summary : Object-relational mapper framework (part of Rails) Description : Implements the ActiveRecord pattern (Fowler, PoEAA) for ORM. It ties database tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL. --------------------------------------------------------------------------------Update Information: Update Ruby on Rails to 5.2.3. Fixes CVE-2019-5418 CVE-2019-5419 CVE-2019-5420. --------------------------------------------------------------------------------ChangeLog: * Thu Mar 28 2019 Pavel Valena - 1:5.2.3-1 - Update to Active Record 5.2.3. * Thu Mar 14 2019 Pavel Valena - 1:5.2.2.1-1 - Update to Active Record 5.2.2.1. --------------------------------------------------------------------------------References: [ 1 ] Bug #1689161 - CVE-2019-5418 CVE-2019-5419 rubygem-actionview: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1689161 [ 2 ] Bug #1689155 - CVE-2019-5420 rubygem-rails: Weak secret token leading to possible code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1689155 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-1cfe24db5c' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with theFedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Django has released version 3.1.5, fixing significant vulnerabilities that could allow unauthorized access. Immediate upgrade recommended.. Ruby On Rails, Active Record Update, Fedora Security Patch. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 May 09, 2019 Critical Fedora
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorysecurity updatered hat

Red Hat Software Collections: RHSA-2014:1102-01 Important Active Record Fix

Updated ror40-rubygem-activerecord packages that fix one security issue are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: ror40-rubygem-activerecord security update Advisory ID: RHSA-2014:1102-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2014:1102.html Issue date: 2014-08-27 CVE Names: CVE-2014-3514 ==================================================================== 1. Summary: Updated ror40-rubygem-activerecord packages that fix one security issue are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4) - noarch Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7) - noarch 3. Description: Ruby on Rails is a model-view-controller (MVC) framework for web application development. Active Record implements object-relational mapping for accessing database entries using objects. It was discovered that Active Record's create_with method failed to properly check attributes passed to it. A remote attacker could possibly use this flaw to bypass the strong parameterprotection and modify arbitrary model attributes via mass assignment if an application using Active Record called create_with with untrusted values. (CVE-2014-3514) All ror40-rubygem-activerecord users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1131240 - CVE-2014-3514 rubygem-activerecord: Strong Parameter bypass with create_with 6. Package List: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6): Source: ror40-rubygem-activerecord-4.0.2-2.3.el6.src.rpm noarch: ror40-rubygem-activerecord-4.0.2-2.3.el6.noarch.rpm ror40-rubygem-activerecord-doc-4.0.2-2.3.el6.noarch.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4): Source: ror40-rubygem-activerecord-4.0.2-2.3.el6.src.rpm noarch: ror40-rubygem-activerecord-4.0.2-2.3.el6.noarch.rpm ror40-rubygem-activerecord-doc-4.0.2-2.3.el6.noarch.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6): Source: ror40-rubygem-activerecord-4.0.2-2.3.el6.src.rpm noarch: ror40-rubygem-activerecord-4.0.2-2.3.el6.noarch.rpm ror40-rubygem-activerecord-doc-4.0.2-2.3.el6.noarch.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7): Source: ror40-rubygem-activerecord-4.0.2-2.3.el7.src.rpm noarch: ror40-rubygem-activerecord-4.0.2-2.3.el7.noarch.rpm ror40-rubygem-activerecord-doc-4.0.2-2.3.el7.noarch.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7): Source: ror40-rubygem-activerecord-4.0.2-2.3.el7.src.rpm noarch: ror40-rubygem-activerecord-4.0.2-2.3.el7.noarch.rpm ror40-rubygem-activerecord-doc-4.0.2-2.3.el7.noarch.rpm Thesepackages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2014-3514 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT/essXlSAg2UNWIIRAnRtAJwO/bVMwfsjnC4jNqOFw8xgeMP18ACgqeeZ QrU4rqoVm+ElHHGmf8QFOO0=N8hH -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Oracle announces significant patch for app-5-javapackage-fix addressing major vulnerabilities in its technology.. Red Hat, Active Record, Security Update, Ruby on Rails, Software Security. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Aug 27, 2014 Important Red Hat
Banner 4 1028x280 1708121825 1771600306
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisoryremote exploitred hat

Red Hat Software Collections: RHSA-2014:1102-01 Important ActiveRecord Fix

Updated ror40-rubygem-activerecord packages that fix one security issue are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Important security [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Important: ror40-rubygem-activerecord security update Advisory ID: RHSA-2014:1102-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2014:1102.html Issue date: 2014-08-27 CVE Names: CVE-2014-3514 ==================================================================== 1. Summary: Updated ror40-rubygem-activerecord packages that fix one security issue are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4) - noarch Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7) - noarch 3. Description: Ruby on Rails is a model-view-controller (MVC) framework for web application development. Active Record implements object-relational mapping for accessing database entries using objects. It was discovered that Active Record's create_with method failed to properly check attributes passed to it. A remote attacker could possibly use this flaw to bypass the strong parameter protection and modify arbitrary model attributes via mass assignment if an application using Active Record calledcreate_with with untrusted values. (CVE-2014-3514) All ror40-rubygem-activerecord users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1131240 - CVE-2014-3514 rubygem-activerecord: Strong Parameter bypass with create_with 6. Package List: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6): Source: ror40-rubygem-activerecord-4.0.2-2.3.el6.src.rpm noarch: ror40-rubygem-activerecord-4.0.2-2.3.el6.noarch.rpm ror40-rubygem-activerecord-doc-4.0.2-2.3.el6.noarch.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4): Source: ror40-rubygem-activerecord-4.0.2-2.3.el6.src.rpm noarch: ror40-rubygem-activerecord-4.0.2-2.3.el6.noarch.rpm ror40-rubygem-activerecord-doc-4.0.2-2.3.el6.noarch.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6): Source: ror40-rubygem-activerecord-4.0.2-2.3.el6.src.rpm noarch: ror40-rubygem-activerecord-4.0.2-2.3.el6.noarch.rpm ror40-rubygem-activerecord-doc-4.0.2-2.3.el6.noarch.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7): Source: ror40-rubygem-activerecord-4.0.2-2.3.el7.src.rpm noarch: ror40-rubygem-activerecord-4.0.2-2.3.el7.noarch.rpm ror40-rubygem-activerecord-doc-4.0.2-2.3.el7.noarch.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7): Source: ror40-rubygem-activerecord-4.0.2-2.3.el7.src.rpm noarch: ror40-rubygem-activerecord-4.0.2-2.3.el7.noarch.rpm ror40-rubygem-activerecord-doc-4.0.2-2.3.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are availablefrom https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2014-3514 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2014 Red Hat, Inc. . Red Hat releases a vital security alert concerning the ror40-rubygem-activemodel update to enhance critical safeguarding.. Rubygem ActiveRecord, Red Hat Advisory, Software Update. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Aug 27, 2014 Important Red Hat
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorymoderatedebian

Debian 7 Wheezy DSA-2982-1 Moderate: ActiveRecord SQL Injection Risk

Sean Griffin discovered two vulnerabilities in the PostgreSQL adapter for Active Record which could lead to SQL injection. For the stable distribution (wheezy), these problems have been fixed in . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2982-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Moritz Muehlenhoff July 19, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ruby-activerecord-3.2 CVE ID : CVE-2014-3482 CVE-2014-3483 Sean Griffin discovered two vulnerabilities in the PostgreSQL adapter for Active Record which could lead to SQL injection. For the stable distribution (wheezy), these problems have been fixed in version 3.2.6-5+deb7u1. Debian provides two variants of "Ruby on Rails" in Wheezy (2.3 and 3.2). Support for the 2.3 variants had to be ceased at this point. This affects the following source packages: ruby-actionmailer-2.3, ruby-actionpack-2.3 ruby-activerecord-2.3, ruby-activeresource-2.3, ruby-activesupport-2.3 and ruby-rails-2.3. The version of Redmine in Wheezy still requires 2.3, you can use an updated version from backports.debian.org which is compatible with rails 3.2. For the unstable distribution (sid), these problems have been fixed in version 3.2.19-1 of the rails-3.2 source package. We recommend that you upgrade your ruby-activerecord-3.2 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Recent updates address two SQL injection vulnerabilities in ruby-activerecord-3.2, enhancing security for Debian's stable release. Users are encouraged to upgrade promptly.. Ruby ActiveRecord Security, Debian SQL Injection Fix,PostgreSQL Adapter Security. . LinuxSecurity.com Team

Calendar 2 Jul 19, 2014 Debian
Banner 4 1028x280 1708121825 1771600306
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisoryupdategentoo

Gentoo: GLSA 202302-18 Moderate: Enhanced Metadata Exposure Vulnerability

A vulnerability in Active Record could allow a remote attacker to inject SQL commands.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201401-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Active Record: SQL injection Date: January 21, 2014 Bugs: #449826 ID: 201401-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability in Active Record could allow a remote attacker to inject SQL commands. Background ========= Active Record is a Ruby gem that allows database entries to be manipulated as objects. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-ruby/activerecord < 2.3.14-r1 > = 2.3.14-r1 Description ========== An Active Record method parameter can mistakenly be used as a scope. Impact ===== A remote attacker could use specially crafted input to execute arbitrary SQL statements. Workaround ========= The vulnerability may be mitigated by converting the input to an expected value. This is accomplished by changing instances of 'Post.find_by_id(params[:id])' in code using Active Record to 'Post.find_by_id(params[:id].to_s)' Resolution ========= All Active Record users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v "> =dev-ruby/activerecord-2.3.14-r1" References ========= [ 1 ] CVE-2012-6496 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6496 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201401-22 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . Gentoo Linux Security Advisory GLSA 201401-23 tackles a minor severity XSS vulnerability in User Input Handler, improving defense mechanisms.. Gentoo Security Advisory, Active Record SQL Injection, Low Severity Fix. . Severity: Low. LinuxSecurity.com Team

Calendar 2 Jan 21, 2014 Low Gentoo
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here