Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
197
security advisorydebianimportantUbuntu LTS USN-4820-1 nginx Moderate Security Patch CVE-2026-27136
A vulnerabilitie was discovered in nghttp2, a server, proxy and client implementing HTTP/2. CVE-2026-27135 Fix missing iframe-> state validations to avoid assertion failure. As backported from upstream v1.68.1 (commit 5c7df8f), incl. upstream test case. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4581-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Lukas Märdian May 13, 2026 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : nghttp2 Version : 1.43.0-1+deb11u3 CVE ID : CVE-2026-27135 Debian Bug : 1131369 A vulnerabilitie was discovered in nghttp2, a server, proxy and client implementing HTTP/2. CVE-2026-27135 Fix missing iframe-> state validations to avoid assertion failure. As backported from upstream v1.68.1 (commit 5c7df8f), incl. upstream test case from commit c619c7be0737ac78051b1cacf4b1ce5467eb838d. For Debian 11 bullseye, this problem has been fixed in version 1.43.0-1+deb11u3. We recommend that you upgrade your nghttp2 packages. For the detailed security status of nghttp2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nghttp2 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . A critical security issue discovered in nghttp2 can lead to assertion failures; update recommended for Debian systems.. nghttp2 security update, Debian LTS advisory, HTTP/2 vulnerabilities. . Severity: Important. LinuxSecurity.com Team
May 13, 2026
•Important
Debian LTS
203
security advisoryremote accessimportantMageia 9 Avahi Critical CVE-2025-68276 Assertion Security Notice 2026-0016
MGASA-2026-0016 - Updated avahi packages fix security vulnerabilities. MGASA-2026-0016 - Updated avahi packages fix security vulnerabilities Publication date: 23 Jan 2026 URL: https://advisories.mageia.org/MGASA-2026-0016.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-68276, CVE-2025-68468, CVE-2025-68471 Description: Avahi has a reachable assertion in avahi_wide_area_scan_cache. (CVE-2025-68276) Avahi has a reachable assertion in lookup_multicast_callback. (CVE-2025-68468) Avahi has a reachable assertion in lookup_start. (CVE-2025-68471) References: - https://bugs.mageia.org/show_bug.cgi?id=34887 - https://lists.opensuse.org/archives/list/
Jan 23, 2026
•Important
Mageia
203
security advisorycriticalthreatMageia 9 MGASA-2024-0016 Critical: Avahi Assertion Threats
The updated packages fix security vulnerabilities: A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record. (CVE-2023-38469) A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function. (CVE-2023-38470) . MGASA-2024-0016 - Updated avahi packages fix security vulnerabilities Publication date: 25 Jan 2024 URL: https://advisories.mageia.org/MGASA-2024-0016.html Type: security Affected Mageia releases: 9 CVE: CVE-2023-38469, CVE-2023-38470, CVE-2023-38471, CVE-2023-38472, CVE-2023-38473 The updated packages fix security vulnerabilities: A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record. (CVE-2023-38469) A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function. (CVE-2023-38470) A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function. (CVE-2023-38471) A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function. (CVE-2023-38472) A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function. (CVE-2023-38473) References: - https://bugs.mageia.org/show_bug.cgi?id=32363 - https://www.cve.org/CVERecord?id=CVE-2023-38469 - https://www.cve.org/CVERecord?id=CVE-2023-38470 - https://www.cve.org/CVERecord?id=CVE-2023-38471 - https://www.cve.org/CVERecord?id=CVE-2023-38472 - https://www.cve.org/CVERecord?id=CVE-2023-38473 SRPMS: - 9/core/avahi-0.8-10.1.mga9 . New avahi upgrades for Mageia tackle several security flaws, boosting protective features for its user base.. Mageia Security Update, Avahi Threats, Critical System Fixes. . Severity: Critical. LinuxSecurity.com Team
Jan 25, 2024
•Critical
Mageia
89
security advisorydenial of serviceFedoraFedora 38: FEDORA-2023-e3e1f9dd4d Critical: Redis DoS & Assertion Trouble
**Redis 7.0.10** Released Mon Mar 20 16:00:00 IST 2023 Upgrade urgency: SECURITY, contains fixes to security issues. Security Fixes: * (**CVE-2023-28425**) Specially crafted MSETNX command can lead to assertion and denial-of-service Bug Fixes * Large blocks of replica client output buffer may lead to psync loops and unnecessary memory usage (#11666) * Fix CLIENT REPLY. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-e3e1f9dd4d 2023-03-30 00:18:30.537249 --------------------------------------------------------------------------------Name : redis Product : Fedora 38 Version : 7.0.10 Release : 1.fc38 URL : https://redis.io Summary : A persistent key-value database Description : Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Redis works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log. Redis also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth. Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Redis behave like a cache. You can use Redis from most programming languages also. --------------------------------------------------------------------------------Update Information: **Redis 7.0.10** Released Mon Mar 20 16:00:00 IST 2023 Upgrade urgency: SECURITY, contains fixes to securityissues. Security Fixes: * (**CVE-2023-28425**) Specially crafted MSETNX command can lead to assertion and denial-of-service Bug Fixes * Large blocks of replica client output buffer may lead to psync loops and unnecessary memory usage (#11666) * Fix CLIENT REPLY OFF|SKIP to not silence push notifications (#11875) * Trim excessive memory usage in stream nodes when exceeding `stream-node-max-bytes` (#11885) * Fix module RM_Call commands failing with OOM when maxmemory is changed to zero (#11319) --------------------------------------------------------------------------------ChangeLog: * Tue Mar 21 2023 Remi Collet - 7.0.10-1 - Upstream 7.0.10 release. --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-e3e1f9dd4d' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Mar 30, 2023
•Critical
Fedora
89
security advisoryFedorabindFedora 26 2017-f9f909a7b7 Critical: Bind DNS Assertion Issues
Security fix for CVE-2017-3136, CVE-2017-3137 and CVE-2017-3138. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-f9f909a7b7 2017-04-19 16:59:44.108313 --------------------------------------------------------------------------------Name : bind Product : Fedora 26 Version : 9.11.0 Release : 7.P5.fc26 URL : Summary : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server Description : BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2017-3136, CVE-2017-3137 and CVE-2017-3138 --------------------------------------------------------------------------------References: [ 1 ] Bug #1441125 - CVE-2017-3136 bind: Incorrect error handling causes assertion failure when using DNS64 with "break-dnssec yes;" https://bugzilla.redhat.com/show_bug.cgi?id=1441125 [ 2 ] Bug #1441133 - CVE-2017-3137 bind: Processing a response containing CNAME or DNAME with unusual order can crash resolver https://bugzilla.redhat.com/show_bug.cgi?id=1441133 [ 3 ] Bug #1441137 - CVE-2017-3138 bind: REQUIRE assertion failure when null command string on control channel is received https://bugzilla.redhat.com/show_bug.cgi?id=1441137 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade bind' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the FedoraProject GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Apr 19, 2017
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!