Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 5 articles for you...
172
security advisoryUbuntuimportantUbuntu Evolution Data Server Key File Deletion Vulnerability USN-8055-2
Evolution Data Server could be made to remove files.. ========================================================================== Ubuntu Security Notice USN-8055-2 June 01, 2026 evolution-data-server vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Evolution Data Server could be made to remove files. Software Description: - evolution-data-server: Evolution suite data server Details: USN-8055-1 fixed a vulnerability in Evolution Data Server. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that Evolution Data Server incorrectly handled removing local cache files. An attacker could possibly use this issue to cause Evolution Data Server to remove arbitrary files. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS evolution-data-server 3.36.5-0ubuntu1+esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS evolution-data-server 3.28.5-0ubuntu0.18.04.3+esm1 Available with Ubuntu Pro After a standard system update you need to restart your session to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8055-2 https://ubuntu.com/security/notices/USN-8055-1 CVE-2026-2604 . The Ubuntu 8055-2 advisory details an important vulnerability in Evolution Data Server that could allow file removal.. Ubuntu Security, Evolution Data Server, file handling, security update. . Severity: Important. LinuxSecurity.com Team
Jun 01, 2026
•Important
Ubuntu
89
security advisoryfedorabuffer overflowFedora 42: Update for Git 2.50.1 Fixes Critical Buffer Overflow Issue
update to 2.50.1 . -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-b5fe483928 2025-07-11 00:48:32.309953+00:00 -------------------------------------------------------------------------------- Name : git Product : Fedora 42 Version : 2.50.1 Release : 1.fc42 URL : https://git-scm.com/ Summary : Fast Version Control System Description : Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages, including tools for integrating with other SCMs, install the git-all meta-package. -------------------------------------------------------------------------------- Update Information: update to 2.50.1 -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 8 2025 Ond\u0159ej Poho\u0159elsk - 2.50.1-1 - update to 2.50.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2378819 - CVE-2025-48384 git: Git arbitrary code execution [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2378819 [ 2 ] Bug #2378823 - CVE-2025-48386 git: Git buffer overflow [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2378823 [ 3 ] Bug #2378827 - CVE-2025-48385 git: Git arbitrary file writes [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2378827 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-b5fe483928' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label Allpackages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Important Git 2.50.1 patch for Fedora 42 addresses critical security vulnerabilities, such as potential code execution and buffer overrun weaknesses.. Fedora, Git Update, Code Execution, Buffer Overflow. . Severity: Critical. LinuxSecurity.com Team
Jul 11, 2025
•Critical
Fedora
172
security advisorymoderateubuntuUbuntu 22.04 LTS USN-7030-1 Moderate: py7zr Path Traversal Risk
py7zr could be made to create arbitrary files when extracting the contents of a specially crafted 7z archive.. ========================================================================== Ubuntu Security Notice USN-7030-1 September 24, 2024 py7zr vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: py7zr could be made to create arbitrary files when extracting the contents of a specially crafted 7z archive. Software Description: - py7zr: Pure Python 7-zip library Details: It was discovered that py7zr was vulnerable to path traversal attacks. If a user or automated system were tricked into extracting a specially crafted 7z archive, an attacker could possibly use this issue to write arbitrary files outside the target directory on the host. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS python3-py7zr 0.11.3+dfsg-4ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7030-1 CVE-2022-44900 Package Information: https://launchpad.net/ubuntu/+source/py7zr/0.11.3+dfsg-4ubuntu0.1 . To bolster your Ubuntu system's security, tackle the py7zr vulnerability that might permit unauthorized file creation. Run the following commands to update and resolve this issue. py7zr, Ubuntu Security, Path Traversal, File Extraction. . LinuxSecurity.com Team
Sep 24, 2024
Ubuntu
100
security advisorysecurity fixSUSESUSE: 2024:1469-1 Important: Docker Security Issues Resolved
* bsc#1219267 * bsc#1219268 * bsc#1219438 * bsc#1223409 . # Security update for docker Announcement ID: SUSE-SU-2024:1469-1 Rating: important References: * bsc#1219267 * bsc#1219268 * bsc#1219438 * bsc#1223409 Cross-References: * CVE-2024-23651 * CVE-2024-23652 * CVE-2024-23653 CVSS scores: * CVE-2024-23651 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23651 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2024-23652 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2024-23652 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2024-23653 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-23653 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Containers Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves three vulnerabilities and has one security fix can now be installed. ## Description: This update for docker fixes the following issues: * CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts (bsc#1219267) * CVE-2024-23652: Fixed insufficient validation of parent directory on mount (bsc#1219268) * CVE-2024-23653: Fixed insufficient validation on entitlement on container creation via buildkit (bsc#1219438) Other fixes: \- Update to Docker 25.0.5-ce (bsc#1223409) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Containers Module 12 zypper in -t patch SUSE-SLE-Module-Containers-12-2024-1469=1 ## Package List: * Containers Module 12 (ppc64le s390x x86_64) * docker-25.0.5_ce-98.112.1 * docker-debuginfo-25.0.5_ce-98.112.1 ## References: * https://www.suse.com/security/cve/CVE-2024-23651.html * https://www.suse.com/security/cve/CVE-2024-23652.html * https://www.suse.com/security/cve/CVE-2024-23653.html * https://bugzilla.suse.com/show_bug.cgi?id=1219267 * https://bugzilla.suse.com/show_bug.cgi?id=1219268 * https://bugzilla.suse.com/show_bug.cgi?id=1219438 * https://bugzilla.suse.com/show_bug.cgi?id=1223409 . This critical announcement for Kubernetes addresses major vulnerabilities, enhancing pod protection significantly. Discover further details here.. SUSE Docker Update, Container Security, Important Security Fix. . Severity: Important. LinuxSecurity.com Team
Apr 29, 2024
•Important
SuSE
89
security advisoryfedoracriticalUbuntu 24: 2024-abcd12ef456 Major: Markdown Vulnerability Exploit
Security fix for CVE-2023-35936 and CVE-2023-38745 pandoc: backport fixes for CVE-2023-35936 and CVE-2023-38745 base64 now packaged in Fedora. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-6ad6b9f417 2024-03-31 01:53:51.907786 -------------------------------------------------------------------------------- Name : patat Product : Fedora 38 Version : 0.8.8.0 Release : 2.fc38 URL : https://hackage.haskell.org/package/patat Summary : Terminal-based presentations using Pandoc Description : Terminal-based presentations using Pandoc. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2023-35936 and CVE-2023-38745 pandoc: backport fixes for CVE-2023-35936 and CVE-2023-38745 base64 now packaged in Fedora -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 22 2024 Jens Petersen - 0.8.8.0-2 - rebuild * Fri Mar 22 2024 Jens Petersen - 0.8.8.0-1 - Revert to 0.8.8.0 * Thu Sep 28 2023 Jens Petersen - 0.9.2.0-1 - https://hackage.haskell.org/package/patat-0.9.2.0/changelog * Thu Jul 27 2023 Jens Petersen - 0.8.9.0-1 - https://hackage.haskell.org/package/patat-0.8.9.0/changelog * Thu Jul 20 2023 Fedora Release Engineering - 0.8.8.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2163472 - Review Request: ghc-base64 - A modern RFC 4648-compliant Base64 library https://bugzilla.redhat.com/show_bug.cgi?id=2163472 [ 2 ] Bug #2220873 - TRIAGE pandoc: TRIAGE_CVE-2023-35936 pandoc: allows attacker to create or overwrite arbitrary files on the system [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2220873 [ 3 ] Bug #2227034 - CVE-2023-38745 pandoc: allows attacker to create or overwrite arbitrary files onthe system [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2227034 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-6ad6b9f417' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Mar 31, 2024
•Critical
Fedora
197
security advisorymoderatedebianDebian 10 DLA-3643-1 Moderate Pmix Arbitrary File Overwrite
It was discovered that there was an arbitrary file overwrite vulnerability in pmix, a library used in parallel/cluster computing. Attackers could have obtained ownership of arbitrary files via a . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3643-1
Oct 31, 2023
Debian LTS
87
security advisorydebiancritical threatDebian: DSA-5347-1 Critical: Imagemagick PNG Content Embedding Risk
Bryan Gonzalez discovered that the PNG support in Imagemagick could be tricked into embedding the content of an arbitrary file when converting an image file. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5347-1
Feb 13, 2023
•Critical
Debian
172
security advisoryfile overwriteubuntuUbuntu 21.10: USN-5378-1 Moderate: Gzip File Overwrite Risk
Gzip could be made to overwrite arbitrary files.. =========================================================================Ubuntu Security Notice USN-5378-1 April 13, 2022 gzip vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Gzip could be made to overwrite arbitrary files. Software Description: - gzip: GNU compression utilities Details: Cleemy Desu Wayo discovered that Gzip incorrectly handled certain filenames. If a user or automated system were tricked into performing zgrep operations with specially crafted filenames, a remote attacker could overwrite arbitrary files. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: gzip 1.10-4ubuntu1.1 Ubuntu 20.04 LTS: gzip 1.10-0ubuntu4.1 Ubuntu 18.04 LTS: gzip 1.6-5ubuntu1.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5378-1 CVE-2022-1271 Package Information: https://launchpad.net/ubuntu/+source/gzip/1.10-4ubuntu1.1 https://launchpad.net/ubuntu/+source/gzip/1.10-0ubuntu4.1 https://launchpad.net/ubuntu/+source/gzip/1.6-5ubuntu1.2 . A security flaw in Gzip could lead to file overwrites on Ubuntu 18.04 LTS and newer versions. It's important to apply updates to protect your environment.. Gzip Vulnerability, Ubuntu Security, File Overwrite Issue. . LinuxSecurity.com Team
Apr 13, 2022
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!