Alerts This Week
Warning Icon 1 535
Alerts This Week
Warning Icon 1 535

Stay Secure with the Latest Linux Advisories

Fedora Large Esm H800
Fedora

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Calendar White Jun 02, 2026
Important
Oracle Large Esm H800
Oracle

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Calendar White Jun 02, 2026
moderate
Oracle Large Esm H900
Oracle

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Calendar White Jun 03, 2026
Critical
Ubuntu Large Esm H800
Ubuntu

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Calendar White Jun 03, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 4 articles for you...
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorybuffer overflowimportant

SUSE Linux Micro 6.0 Security Advisory 2026-20722-1 Curl Important Issues

An update that solves four vulnerabilities can now be installed.. # Security update for curl Announcement ID: SUSE-SU-2026:20722-1 Release Date: 2026-03-12T09:38:29Z Rating: important References: * bsc#1259362 * bsc#1259363 * bsc#1259364 * bsc#1259365 Cross-References: * CVE-2026-1965 * CVE-2026-3783 * CVE-2026-3784 * CVE-2026-3805 CVSS scores: * CVE-2026-1965 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N * CVE-2026-1965 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N * CVE-2026-1965 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-3783 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-3783 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-3783 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-3784 ( SUSE ): 1.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2026-3784 ( SUSE ): 4.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N * CVE-2026-3784 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-3805 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-3805 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-3805 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves four vulnerabilities can now be installed. ## Description: This update for curl fixes the following issues: * CVE-2026-1965: bad reuse of HTTP Negotiate connection (bsc#1259362). * CVE-2026-3783: token leak with redirect and netrc (bsc#1259363). * CVE-2026-3784: wrong proxy connection reuse with credentials (bsc#1259364). * CVE-2026-3805: use after free in SMB connection reuse (bsc#1259365). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-617=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * libcurl4-8.14.1-5.1 * curl-debugsource-8.14.1-5.1 * curl-debuginfo-8.14.1-5.1 * libcurl4-debuginfo-8.14.1-5.1 * curl-8.14.1-5.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1965.html * https://www.suse.com/security/cve/CVE-2026-3783.html * https://www.suse.com/security/cve/CVE-2026-3784.html * https://www.suse.com/security/cve/CVE-2026-3805.html * https://bugzilla.suse.com/show_bug.cgi?id=1259362 * https://bugzilla.suse.com/show_bug.cgi?id=1259363 * https://bugzilla.suse.com/show_bug.cgi?id=1259364 * https://bugzilla.suse.com/show_bug.cgi?id=1259365 . Important SUSE curl update addresses four vulnerabilities, enhancing security and stability for users. Install recommended patches.. SUSE curl security update, important patch curl, curl vulnerabilities fix. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Mar 19, 2026 Important SuSE
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorycode executionDebian

Debian 11: DLA-4163-1 critical: rubygems code execution risks

Multiple vulnerabilities were found in rubygems, which contains a package management framework for Ruby and a dependency manager for Ruby applications. CVE-2021-43809 . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4163-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Lucas Kanashiro May 12, 2025 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : rubygems Version : 3.2.5-2+deb11u1 CVE ID : CVE-2021-43809 CVE-2023-28755 CVE-2025-27221 Multiple vulnerabilities were found in rubygems, which contains a package management framework for Ruby and a dependency manager for Ruby applications. CVE-2021-43809 In bundler versions before 2.2.33, when working with untrusted and apparently harmless `Gemfile`'s, it is not expected that they lead to execution of external code, unless that's explicit in the ruby code inside the `Gemfile` itself. However, if the `Gemfile` includes `gem` entries that use the `git` option with invalid, but seemingly harmless, values with a leading dash, this can be false. To handle dependencies that come from a Git repository instead of a registry, Bundler uses various commands, such as `git clone`. These commands are being constructed using user input (e.g. the repository URL). When building the commands, Bundler versions before 2.2.33 correctly avoid Command Injection vulnerabilities by passing an array of arguments instead of a command string. However, there is the possibility that a user input starts with a dash (`-`) and is therefore treated as an optional argument instead of a positional one. This can lead to Code Execution because some of the commands have options that can be leveraged to run arbitrary executables. CVE-2023-28755 A ReDoS issue was discovered in the URI component through 0.12.0 inRuby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. CVE-2025-27221 The URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host. For Debian 11 bullseye, these problems have been fixed in version 3.2.5-2+deb11u1. We recommend that you upgrade your rubygems packages. For the detailed security status of rubygems please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/rubygems Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Numerous vulnerabilities discovered in gem packages pose threats of unauthorized execution and sensitive data exposure. Promptly upgrade for enhanced security.. rubygems security update, Debian advisory, code execution risks, Redos issue, authentication leakage. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 May 12, 2025 Critical Debian LTS
Banner 3 1028x280 1708121785 1771599793
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisoryDebianDoS

Debian 11: DLA-4082-1 critical: ruby2.7 DoS and ReDoS issues

Ruby a popular language was affected by multiple vulnerabilities CVE-2025-27219 . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4082-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Bastien Roucariès March 10, 2025 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : ruby2.7 Version : 2.7.4-1+deb11u5 CVE ID : CVE-2025-27219 CVE-2025-27220 CVE-2025-27221 Ruby a popular language was affected by multiple vulnerabilities CVE-2025-27219 In the CGI gem, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies CVE-2025-27220 In the CGI gem, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method. CVE-2025-27221 In the URI gem, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host. For Debian 11 bullseye, these problems have been fixed in version 2.7.4-1+deb11u5. We recommend that you upgrade your ruby2.7 packages. For the detailed security status of ruby2.7 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/ruby2.7 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Essential enhancements for ruby2.7 address multiple security issues, including Denial of Service vulnerabilities and authentication exposure.. ruby2.7 security, Debian updates, Denial of Service, vulnerabilitymanagement. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Mar 10, 2025 Critical Debian LTS
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorycritical issueFedora

Fedora 34: FEDORA-2021-b1bb3d3b20 Critical: Kerberos Auth Leak

Fix for CVE-2021-20208 Update to 6.13 cifs.upcall: fix regression in kerberos mount mount.cifs: fix crash when mount point does not exist ---- Fix for CVE-2021-20208: cifs.upcall kerberos auth leak in container. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-b1bb3d3b20 2021-10-01 01:26:46.607281 --------------------------------------------------------------------------------Name : cifs-utils Product : Fedora 34 Version : 6.13 Release : 3.fc34 URL : Summary : Utilities for mounting and managing CIFS mounts Description : The SMB/CIFS protocol is a standard file sharing protocol widely deployed on Microsoft Windows machines. This package contains tools for mounting shares on Linux using the SMB/CIFS protocol. The tools in this package work in conjunction with support in the kernel to allow one to mount a SMB/CIFS share onto a client and use it as if it were a standard Linux file system. --------------------------------------------------------------------------------Update Information: Fix for CVE-2021-20208 Update to 6.13 cifs.upcall: fix regression in kerberos mount mount.cifs: fix crash when mount point does not exist ---- Fix for CVE-2021-20208: cifs.upcall kerberos auth leak in container --------------------------------------------------------------------------------ChangeLog: * Thu Sep 23 2021 Bruno Wolff III - 6.13-3 - Actually use the patches * Thu Sep 23 2021 Bruno Wolff III - 6.13-2 - Pull in a couple of upstream fixes slotted for the next release - fix regression in kerberos mount - fix crash when mount point does not exist * Wed Sep 22 2021 Bruno Wolff III - 6.13-1 - Fix for CVE-2021-20208: cifs.upcall kerberos auth leak in container - get/setcifsacl tools are improved to support changing owner, group and SACLs * Wed Jul 21 2021 Fedora Release Engineering - 6.11-4 - Rebuilt forhttps://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-b1bb3d3b20' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . Urgent remedy for Kerberos security breach in cifs-utils affecting Fedora 34 post CVE-2021-20208 patch.. cifs-utils, kerberos, Fedora Update, authentication fix. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Sep 30, 2021 Critical Fedora
Banner 3 1028x280 1708121785 1771599793
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorysecurity issuecritical

Fedora: 2021-26a293c72b Critical: curl Authentication Issues

- fix TLS 1.3 session ticket proxy host mixup (CVE-2021-22890) - prevent automatic referer from leaking credentials (CVE-2021-22876). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-26a293c72b 2021-04-21 21:48:28.822973 --------------------------------------------------------------------------------Name : curl Product : Fedora 32 Version : 7.69.1 Release : 8.fc32 URL : https://curl.se/ Summary : A utility for getting files from remote servers (FTP, HTTP, and others) Description : curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. --------------------------------------------------------------------------------Update Information: - fix TLS 1.3 session ticket proxy host mixup (CVE-2021-22890) - prevent automatic referer from leaking credentials (CVE-2021-22876) --------------------------------------------------------------------------------ChangeLog: * Wed Mar 31 2021 Kamil Dudka - 7.69.1-8 - fix TLS 1.3 session ticket proxy host mixup (CVE-2021-22890) - prevent automatic referer from leaking credentials (CVE-2021-22876) --------------------------------------------------------------------------------References: [ 1 ] Bug #1945058 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1945058 [ 2 ] Bug #1945059 - CVE-2021-22890 curl: TLS 1.3 session ticket mix-up with HTTPS proxy host [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1945059 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-26a293c72b' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . Debian patch resolves wget vulnerabilities, boosting TLS performance and safeguarding user data from header leaks.. Fedora Security Update, curl Authentication Leak, TLS Proxy Fix, Fedora Advisories. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Apr 21, 2021 Critical Fedora
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorymoderateauthentication leak

SUSE Enterprise 15-SP2: 2021:1161-1 Moderate: cifs-utils Auth Leak

An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for cifs-utils ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1161-1 Rating: moderate References: #1183239 Cross-References: CVE-2021-20208 CVSS scores: CVE-2021-20208 (SUSE): 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cifs-utils fixes the following issues: - CVE-2021-20208: Fixed a potential kerberos auth leak escaping from container (bsc#1183239) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1161=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): cifs-utils-6.9-5.9.1 cifs-utils-debuginfo-6.9-5.9.1 cifs-utils-debugsource-6.9-5.9.1 cifs-utils-devel-6.9-5.9.1 References: https://www.suse.com/security/cve/CVE-2021-20208.html https://bugzilla.suse.com/1183239 . SUSE Security Patch for cifs-utils addresses a possible kerberos authentication vulnerability rated as moderate risk.. SUSE Security Update,cifs-utils update,security patch,SUSE vulnerability. . LinuxSecurity.com Team

Calendar 2 Apr 13, 2021 SuSE
Banner 3 1028x280 1708121785 1771599793
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorydenial of serviceRed Hat

Red Hat Enterprise Linux 7.4 RHSA-2020-0594-01 Moderate: curl Auth Leak

An update for curl is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: curl security update Advisory ID: RHSA-2020:0594-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:0594 Issue date: 2020-02-25 CVE Names: CVE-2018-1000007 CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 CVE-2018-1000301 ==================================================================== 1. Summary: An update for curl is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server TUS (v. 7.4) - x86_64 3. Description: The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: HTTP authentication leak in redirects (CVE-2018-1000007) * curl: FTP path trickery leads to NIL byte out of bounds write (CVE-2018-1000120) * curl: RTSP RTP buffer over-read (CVE-2018-1000122) * curl: Out-of-bounds heap read when missing RTSP headers allows information leak or denial of service(CVE-2018-1000301) * curl: LDAP NULL pointer dereference (CVE-2018-1000121) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1537125 - CVE-2018-1000007 curl: HTTP authentication leak in redirects 1552628 - CVE-2018-1000120 curl: FTP path trickery leads to NIL byte out of bounds write 1552631 - CVE-2018-1000121 curl: LDAP NULL pointer dereference 1553398 - CVE-2018-1000122 curl: RTSP RTP buffer over-read 1575536 - CVE-2018-1000301 curl: Out-of-bounds heap read when missing RTSP headers allows information leak or denial of service 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.4): Source: curl-7.29.0-42.el7_4.2.src.rpm x86_64: curl-7.29.0-42.el7_4.2.x86_64.rpm curl-debuginfo-7.29.0-42.el7_4.2.i686.rpm curl-debuginfo-7.29.0-42.el7_4.2.x86_64.rpm libcurl-7.29.0-42.el7_4.2.i686.rpm libcurl-7.29.0-42.el7_4.2.x86_64.rpm libcurl-devel-7.29.0-42.el7_4.2.i686.rpm libcurl-devel-7.29.0-42.el7_4.2.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.4): Source: curl-7.29.0-42.el7_4.2.src.rpm ppc64le: curl-7.29.0-42.el7_4.2.ppc64le.rpm curl-debuginfo-7.29.0-42.el7_4.2.ppc64le.rpm libcurl-7.29.0-42.el7_4.2.ppc64le.rpm libcurl-devel-7.29.0-42.el7_4.2.ppc64le.rpm x86_64: curl-7.29.0-42.el7_4.2.x86_64.rpm curl-debuginfo-7.29.0-42.el7_4.2.i686.rpm curl-debuginfo-7.29.0-42.el7_4.2.x86_64.rpm libcurl-7.29.0-42.el7_4.2.i686.rpm libcurl-7.29.0-42.el7_4.2.x86_64.rpm libcurl-devel-7.29.0-42.el7_4.2.i686.rpm libcurl-devel-7.29.0-42.el7_4.2.x86_64.rpm Red Hat Enterprise Linux Server TUS (v.7.4): Source: curl-7.29.0-42.el7_4.2.src.rpm x86_64: curl-7.29.0-42.el7_4.2.x86_64.rpm curl-debuginfo-7.29.0-42.el7_4.2.i686.rpm curl-debuginfo-7.29.0-42.el7_4.2.x86_64.rpm libcurl-7.29.0-42.el7_4.2.i686.rpm libcurl-7.29.0-42.el7_4.2.x86_64.rpm libcurl-devel-7.29.0-42.el7_4.2.i686.rpm libcurl-devel-7.29.0-42.el7_4.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2018-1000007 https://access.redhat.com/security/cve/CVE-2018-1000120 https://access.redhat.com/security/cve/CVE-2018-1000121 https://access.redhat.com/security/cve/CVE-2018-1000122 https://access.redhat.com/security/cve/CVE-2018-1000301 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXlUO3NzjgjWX9erEAQhtxBAAho+j68IWiQxxGiLXUP58B6e0LlnUoL6z DfKkSkhm9shi7kx1S0ip5B6PJlzXNAnN94BAPE+JGaVPSXQikbxQ+9OHZB9NfqZw 5SmONr7EwJPt+PVrY9EzbTmMTLf/WIPQlIR7rHdVkIcYAMbzPddkHlM+S1lOfiDL UHvUHWFj55oPo+KmFDSp7SdqF19qMi/9s2U8+QGq4y+CSRPpDevARmzUQiTlaRVw zlwdTGUCJniIHNsboLW4yT9Bj0TcNoXchVx1FWg2CuCS9rWbKZRRoGodIJlWMxA7 vA9z2zvYD5iriF452RpLDCfPe5OrlAzNoexqrQodjDg5C/rPXxkolflRIkdQrr0y dEsjl3WgQx0ujM7rcbe68ydfoFACUC22xA4TqZYGsiCKAnbRW/8dZD08+uICBjvu 4UNV62XXkS33sl58uu4NUhWZBTUxgWP6UB2J7dU9K25HJAJFVu1mvE05OME4FBD/ ErICKywpGpOmYmutCABbnER/tVeMvb4IvOBxwYkQws2fzPDk/7p9r0bjdRSOBvo0 o9RxkERObc/wmdUVFSRC/YundSDUi9E+jUDwGQp48UzwqE6cfO2EDiE+mTRVBZQ7 W49tDsiTEhOaN9XR/26thNYnITuYz8Hx0YM6CsaQoup9qAeWTNWKyUwr2HoG71Nt zv4M/1sQ+EQ=E/Sj -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . A new curl security patch has been released for Red Hat Enterprise Linux 7.4 which resolves multiple vulnerabilities and their associated risks.. curl SecurityUpdate, Red Hat Enterprise, Moderate Impact, Software Update. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Feb 25, 2020 Important Red Hat
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryFedoraupdate notification

Fedora 28: 2019-04-29 Moderate: aria2 Authentication Leak

Fix Password leak for HTTP based authentication CVE-2019-3500 (rhbz #1663991 #1663992 #1663993). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-8b8c774b84 2019-04-29 01:08:43.319939 --------------------------------------------------------------------------------Name : aria2 Product : Fedora 28 Version : 1.34.0 Release : 4.fc28 URL : http://aria2.github.io/ Summary : High speed download utility with resuming and segmented downloading Description : aria2 is a download utility with resuming and segmented downloading. Supported protocols are HTTP/HTTPS/FTP/BitTorrent. It also supports Metalink version 3.0. Currently it has following features: - HTTP/HTTPS GET support - HTTP Proxy support - HTTP BASIC authentication support - HTTP Proxy authentication support - FTP support(active, passive mode) - FTP through HTTP proxy(GET command or tunneling) - Segmented download - Cookie support - It can run as a daemon process. - BitTorrent protocol support with fast extension. - Selective download in multi-file torrent - Metalink version 3.0 support(HTTP/FTP/BitTorrent). - Limiting download/upload speed --------------------------------------------------------------------------------Update Information: Fix Password leak for HTTP based authentication CVE-2019-3500 (rhbz #1663991 #1663992 #1663993) --------------------------------------------------------------------------------ChangeLog: * Wed Mar 27 2019 Athmane Madjoudj - 1.34.0-4 - Fix Password leak for HTTP based authentication CVE-2019-3500 (rhbz #1663991 #1663992 #1663993) * Thu Jan 31 2019 Fedora Release Engineering - 1.34.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Thu Jul 12 2018 Fedora Release Engineering - 1.34.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Mon May 21 2018 Athmane Madjoudj - 1.34.0-1 - Update to 1.34.0 (rhbz#1580169) --------------------------------------------------------------------------------References: [ 1 ] Bug #1663991 - CVE-2019-3500 aria2: Password leak for HTTP based authentication https://bugzilla.redhat.com/show_bug.cgi?id=1663991 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-8b8c774b84' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Addressing the HTTP authentication vulnerability in aria2 for Fedora 28 enhances the safety of download tools.. aria2 Security,Fedora Update,Password Protection,HTTP Authentication,Update Notification. . LinuxSecurity.com Team

Calendar 2 Apr 28, 2019 Fedora
Banner 3 1028x280 1708121785 1771599793
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here