Alerts This Week
Warning Icon 1 659
Alerts This Week
Warning Icon 1 659

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -4 articles for you...
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisoryremote attacklow

openSUSE Leap 15.4 php-composer2 Vulnerability Fixes SUSE-2026-0935-1

An update that solves one vulnerability can now be installed.. # Security update for php-composer2 Announcement ID: SUSE-SU-2026:0935-1 Release Date: 2026-03-20T07:46:36Z Rating: low References: * bsc#1255768 Cross-References: * CVE-2025-67746 CVSS scores: * CVE-2025-67746 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-67746 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-67746 ( NVD ): 1.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-67746 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Affected Products: * openSUSE Leap 15.4 An update that solves one vulnerability can now be installed. ## Description: This update for php-composer2 fixes the following issues: CVE-2025-67746: Fixed ANSI control characters injection in the terminal output of various Composer commands via attacker controlled remote sources. (bsc#1255768) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-935=1 ## Package List: * openSUSE Leap 15.4 (noarch) * php-composer2-2.2.3-150400.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2025-67746.html * https://bugzilla.suse.com/show_bug.cgi?id=1255768 . Update for php-composer2 in openSUSE addresses low severity ANSI injection issue affecting terminal outputs.. openSUSE php-composer2 security patch ANSI injection. . Severity: Low. LinuxSecurity.com Team

Calendar 2 Mar 20, 2026 Low OpenSUSE
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorylowOpenSUSE

openSUSE 15.4 SUSE-2026-0935-1 php-composer2 Minor ANSI Exploit Mitigation

An update that solves one vulnerability can now be installed.. # Security update for php-composer2 Announcement ID: SUSE-SU-2026:0935-1 Release Date: 2026-03-20T07:46:36Z Rating: low References: * bsc#1255768 Cross-References: * CVE-2025-67746 CVSS scores: * CVE-2025-67746 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-67746 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-67746 ( NVD ): 1.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-67746 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Affected Products: * openSUSE Leap 15.4 An update that solves one vulnerability can now be installed. ## Description: This update for php-composer2 fixes the following issues: CVE-2025-67746: Fixed ANSI control characters injection in the terminal output of various Composer commands via attacker controlled remote sources. (bsc#1255768) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-935=1 ## Package List: * openSUSE Leap 15.4 (noarch) * php-composer2-2.2.3-150400.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2025-67746.html * https://bugzilla.suse.com/show_bug.cgi?id=1255768 . SUSE security advisory regarding low severity ANSI character injection fix in php-composer2. Update recommended for users.. php-composer2 Security Advisory, OpenSUSE Update, ANSI Injection Fix. . Severity: Low. LinuxSecurity.com Team

Calendar 2 Mar 20, 2026 Low SuSE
Banner 3 1028x280 1708121785 1771599793
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorySuSElow

SUSE php-composer2 Vulnerability Fix for Low ANSI Injection CVE-2025-67746

An update that solves one vulnerability can now be installed.. # Security update for php-composer2 Announcement ID: SUSE-SU-2026:0825-1 Release Date: 2026-03-05T15:16:19Z Rating: low References: * bsc#1255768 Cross-References: * CVE-2025-67746 CVSS scores: * CVE-2025-67746 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-67746 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-67746 ( NVD ): 1.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-67746 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * Web and Scripting Module 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for php-composer2 fixes the following issues: CVE-2025-67746: Fixed ANSI control characters injection in the terminal output of various Composer commands via attacker controlled remote sources. (bsc#1255768) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-825=1 openSUSE-SLE-15.6-2026-825=1 * Web and Scripting Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP7-2026-825=1 ## Package List: * openSUSE Leap 15.6 (noarch) * php-composer2-2.6.4-150600.3.6.1 * Web and Scripting Module 15-SP7 (noarch) * php-composer2-2.6.4-150600.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2025-67746.html * https://bugzilla.suse.com/show_bug.cgi?id=1255768 . An update addressing a low severity ANSI injection issue in php-composer2 is nowavailable for SUSE users. Install it promptly.. SUSE php-composer2 patch CVE-2025-67746 ANSI injection. . Severity: Low. LinuxSecurity.com Team

Calendar 2 Mar 05, 2026 Low SuSE
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorydenial of servicefedora

Fedora 42: Composer Critical ANSI Injection Denial of Service Advisory

Version 2.9.3 - 2025-12-30 Security: Fixed ANSI sequence injection (GHSA-59pp-r3rg-353g / CVE-2025-67746) Fixed COMPOSER_NO_SECURITY_BLOCKING env var not being respected for updates done via the install command, and added --no-security-blocking flag to install as well (#12677). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-13b4dbe546 2026-01-14 01:09:41.794572+00:00 -------------------------------------------------------------------------------- Name : composer Product : Fedora 42 Version : 2.9.3 Release : 1.fc42 URL : https://getcomposer.org/ Summary : Dependency Manager for PHP Description : Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation: https://getcomposer.org/doc/ -------------------------------------------------------------------------------- Update Information: Version 2.9.3 - 2025-12-30 Security: Fixed ANSI sequence injection (GHSA-59pp-r3rg-353g / CVE-2025-67746) Fixed COMPOSER_NO_SECURITY_BLOCKING env var not being respected for updates done via the install command, and added --no-security-blocking flag to install as well (#12677) Fixed update --lock / update mirrors not working when locked packages contain vulnerabilities (#12645) Fixed client-certificate authentication implementation (#12667) Fixed php-ext schema not being validated in ValidatingArrayLoader (#12694) Fixed crash when --bump-after-update is used and the lock file is disabled (#12660) Fixed support for SecureTransport + LibreSSL on macOS (#12615) Fixed display of reasons for why advisories are ignored (#12668) Fixed compatibility issues when git has log.showSignature enabled (#12666) Fixed curl downloader not retrying when a timeout (err 28) failure occurs (#12662) Fixed EventDispatcher requiring a full Composer instance to function(#12629) -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 31 2025 Remi Collet - 2.9.3-1 - update to 2.9.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2428107 - CVE-2025-67746 composer: Composer: Terminal output manipulation leading to Denial of Service [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2428107 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-13b4dbe546' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Composer update on Fedora 42 addresses critical ANSI injection issues leading to DoS. Details inside!. Fedora, Composer, ANSI Injection, Security Update, DoS. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jan 14, 2026 Critical Fedora
Banner 3 1028x280 1708121785 1771599793
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorysoftware updatedebian

Debian 9: DLA-2339-1 Critical: Software-Properties Ansi Injection

Jason A. Donenfeld found an ansi escape sequence injection into software-properties, a manager for apt repository sources. An attacker could manipulate the screen of a user prompted to install an additional repository (PPA). . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2339-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ August 22, 2020 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : software-properties Version : 0.96.20.2-1+deb9u1 CVE ID : CVE-2020-15709 Debian Bug : 968850 Jason A. Donenfeld found an ansi escape sequence injection into software-properties, a manager for apt repository sources. An attacker could manipulate the screen of a user prompted to install an additional repository (PPA). For Debian 9 stretch, this problem has been fixed in version 0.96.20.2-1+deb9u1. We recommend that you upgrade your software-properties packages. For the detailed security status of software-properties please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/software-properties Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Ubuntu Security Notice USA-9874-1 highlights a severe buffer overflow vulnerability in network-manager software.. Debian LTS, Software-Properties Update, Security Flaw. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Aug 22, 2020 Critical Debian LTS
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here