Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 584
Alerts This Week
Warning Icon 1 584

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 24 articles for you...
197

Debian LTS DLA-4169-1: dropbear local command execution risk fixed

Marcin Nowak discovered that dbclient(1) hostname arguments with a comma (for multihop) are passed to the shell which could result in running arbitrary shell commands locally. That could be a security issue in situations where dbclient(1) is passed untrusted hostname arguments. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-4169-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Guilhem Moulin May 17, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : dropbear Version : 2020.81-3+deb11u3 CVE ID : CVE-2025-47203 Marcin Nowak discovered that dbclient(1) hostname arguments with a comma (for multihop) are passed to the shell which could result in running arbitrary shell commands locally. That could be a security issue in situations where dbclient(1) is passed untrusted hostname arguments. For Debian 11 bullseye, this problem has been fixed in version 2020.81-3+deb11u3. We recommend that you upgrade your dropbear packages. For the detailed security status of dropbear please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/dropbear Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Potential vulnerability in DBclient hostname parameters of dropbear could allow for local command execution. Debian users are advised to update.. Debian LTS, dropbear update, security patch, local commands, command execution. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 17, 2025 Important Debian LTS
87

Debian Bookworm: DSA-5871-1 Critical: emacs shell command execution

Two security vulnerabilities were discovered in Emacs: CVE-2024-53920 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5871-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff February 27, 2025 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : emacs CVE ID : CVE-2024-53920 CVE-2025-1244 Two security vulnerabilities were discovered in Emacs: CVE-2024-53920 Elisp byte-compilation ('elisp-flymake-byte-compile') in the Flymake mode is now disabled for untrusted files. CVE-2025-1244 An incomplete escaping of shell meta characters in the man reader component could potentially result in the execution of arbitrary shell commands. Discovered by Maxim Nikulin. For the stable distribution (bookworm), these problems have been fixed in version 1:28.2+1-15+deb12u4. We recommend that you upgrade your emacs packages. For the detailed security status of emacs please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/emacs Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Tackling several vulnerabilities in Emacs, users on Debian are advised to perform an update to safeguard their system's security and reliability.. Emacs Security Advisory, Debian Update, Shell Command Issue, Byte-Compilation Risk. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Feb 27, 2025 Critical Debian
89

Fedora 40: FEDORA-2024-c83208238d moderate: opentofu Attack Risk Mitigated

Update to 1.8.0 Fix for CVE-2024-6257 CVE-2024-6104 CVE-2024-24789. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-c83208238d 2024-08-08 02:40:51.386017 -------------------------------------------------------------------------------- Name : opentofu Product : Fedora 40 Version : 1.8.0 Release : 1.fc40 URL : https://github.com/opentofu/opentofu Summary : OpenTofu lets you declaratively manage your cloud infrastructure Description : OpenTofu lets you declaratively manage your cloud infrastructure. -------------------------------------------------------------------------------- Update Information: Update to 1.8.0 Fix for CVE-2024-6257 CVE-2024-6104 CVE-2024-24789 -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 29 2024 Mikel Olasagasti Uranga - 1.8.0-1 - Update to 1.8.0 - Closes rhbz#2300353 * Sat Jul 27 2024 Mikel Olasagasti Uranga - 1.7.3-3 - Fix for CVE-2024-6257 CVE-2024-6104 CVE-2024-24789 - Closes rhbz#2294255 rhbz#2294007 rhbz#2292714 * Thu Jul 18 2024 Fedora Release Engineering - 1.7.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2292714 - CVE-2024-24789 opentofu: golang: archive/zip: Incorrect handling of certain ZIP files [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2292714 [ 2 ] Bug #2294007 - CVE-2024-6104 opentofu: go-retryablehttp: url might write sensitive information to log file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2294007 [ 3 ] Bug #2294255 - CVE-2024-6257 opentofu: hashicorp/go-getter: Arbitrary command execution through local git config file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2294255 -------------------------------------------------------------------------------- This updatecan be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-c83208238d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: . The recent release of opentofu 1.8.0 addresses significant security vulnerabilities associated with multiple CVEs. Discover more information today!. opentofu security fixes, Fedora 40 updates, cloud infrastructure management. . LinuxSecurity.com Team

Calendar%202 Aug 08, 2024 Fedora
87

Debian Bullseye: DSA-5592-1 Critical Input Issue in Perl Module

It was discovered that missing input sanitising in libspreadsheet-parseexcel-perl, a Perl module to access information from Excel Spreadsheets, may result in the execution of arbitrary commands if a specially crafted document file is processed. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-5592-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Salvatore Bonaccorso December 30, 2023 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libspreadsheet-parseexcel-perl CVE ID : CVE-2023-7101 Debian Bug : 1059450 It was discovered that missing input sanitising in libspreadsheet-parseexcel-perl, a Perl module to access information from Excel Spreadsheets, may result in the execution of arbitrary commands if a specially crafted document file is processed. For the oldstable distribution (bullseye), this problem has been fixed in version 0.6500-1.1+deb11u1. For the stable distribution (bookworm), this problem has been fixed in version 0.6500-4~deb12u1. We recommend that you upgrade your libspreadsheet-parseexcel-perl packages. For the detailed security status of libspreadsheet-parseexcel-perl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/libspreadsheet-parseexcel-perl Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Revise libspreadsheet-parseexcel-perl to mitigate critical input security flaw allowing unapproved command execution.. libspreadsheet-parseexcel-perl, input sanitization, command exec. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Dec 30, 2023 Critical Debian
87

Debian 11 DSA-5314-1 Moderate: Emacs Input Sanitizing Issue Advisory

It was discovered that missing input sanitising in the ctags functionality of Emacs may result in the execution of arbitrary shell commands. For the stable distribution (bullseye), this problem has been fixed in . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5314-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff January 11, 2023 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : emacs CVE ID : CVE-2022-45939 Debian Bug : 1025009 It was discovered that missing input sanitising in the ctags functionality of Emacs may result in the execution of arbitrary shell commands. For the stable distribution (bullseye), this problem has been fixed in version 1:27.1+1-3.1+deb11u1. We recommend that you upgrade your emacs packages. For the detailed security status of emacs please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/emacs Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Unveil the latest security notice DSA-5314-1 pertaining to input vulnerabilities in Emacs that impact the Debian stable release.. Debian Security, Emacs Update, Input Issue, Software Fix. . LinuxSecurity.com Team

Calendar%202 Jan 11, 2023 Debian
172

Ubuntu 22.04: USN-5511-1 Critical: Git Command Execution Risk

Git could be made to run arbitrary commands as an administrator if it received specially crafted inputs.. =========================================================================Ubuntu Security Notice USN-5511-1 July 13, 2022 git vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Git could be made to run arbitrary commands as an administrator if it received specially crafted inputs. Software Description: - git: fast, scalable, distributed revision control system Details: Carlo Marcelo Arenas Belón discovered that an issue related to CVE-2022-24765 still affected Git. An attacker could possibly use this issue to run arbitrary commands as administrator. (CVE-2022-29187) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: git 1:2.34.1-1ubuntu1.4 Ubuntu 21.10: git 1:2.32.0-1ubuntu1.3 Ubuntu 20.04 LTS: git 1:2.25.1-1ubuntu3.5 Ubuntu 18.04 LTS: git 1:2.17.1-1ubuntu0.12 In general, a standard system update will make all the necessary changes. References: CVE-2022-29187 Package Information: https://launchpad.net/ubuntu/+source/git/1:2.34.1-1ubuntu1.4 https://launchpad.net/ubuntu/+source/git/1:2.32.0-1ubuntu1.3 https://launchpad.net/ubuntu/+source/git/1:2.25.1-1ubuntu3.5 https://launchpad.net/ubuntu/+source/git/1:2.17.1-1ubuntu0.12 . Ubuntu Security Notice USN-5512-1 addresses vulnerabilities in Samba that could lead to unauthorized access and data leakage through manipulated requests.. Ubuntu Security, Git Command Execution, Software Threats. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 13, 2022 Critical Ubuntu
87

Debian DSA-5139-1 OpenSSL Command Execution Risk Advisory

Elison Niven discovered that the c_rehash script included in OpenSSL did not sanitise shell meta characters which could result in the execution of arbitrary commands. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5139-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff May 17, 2022 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openssl CVE ID : CVE-2022-1292 Elison Niven discovered that the c_rehash script included in OpenSSL did not sanitise shell meta characters which could result in the execution of arbitrary commands. For the oldstable distribution (buster), this problem has been fixed in version 1.1.1n-0+deb10u2. For the stable distribution (bullseye), this problem has been fixed in version 1.1.1n-0+deb11u2. We recommend that you upgrade your openssl packages. For the detailed security status of openssl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/openssl Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian Security Advisory DSA-5140-2 deals with a vulnerability in libssl which affects its handling of SSL connections during cipher negotiation.. Debian Security, OpenSSL Issues, Command Execution Risks, Debian Updates, Security Advisories. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 17, 2022 Critical Debian
87

Debian: DSA-4742-1 Critical: Firejail Arbitrary Command Threat

Tim Starling discovered two vulnerabilities in firejail, a sandbox program to restrict the running environment of untrusted applications. CVE-2020-17367 . - ------------------------------------------------------------------------- Debian Security Advisory DSA-4742-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Salvatore Bonaccorso August 06, 2020 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : firejail CVE ID : CVE-2020-17367 CVE-2020-17368 Tim Starling discovered two vulnerabilities in firejail, a sandbox program to restrict the running environment of untrusted applications. CVE-2020-17367 It was reported that firejail does not respect the end-of-options separator ("--"), allowing an attacker with control over the command line options of the sandboxed application, to write data to a specified file. CVE-2020-17368 It was reported that firejail when redirecting output via --output or --output-stderr, concatenates all command line arguments into a single string that is passed to a shell. An attacker who has control over the command line arguments of the sandboxed application could take advantage of this flaw to run run arbitrary other commands. For the stable distribution (buster), these problems have been fixed in version 0.9.58.2-2+deb10u1. We recommend that you upgrade your firejail packages. For the detailed security status of firejail please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/firejail Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian Security Notice DSA-4742-1 highlights severe vulnerabilities in firejail; upgrade is advised for protection.. firejailvulnerabilities, Debian security update, sandbox security, command injection flaw, firejail advisory. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Aug 06, 2020 Critical Debian
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200