Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 58 articles for you...
89
security advisoryfedoracriticalFedora 41: PyPy Critical Path Traversal Fixes (FEDORA-2025-9b8da6ad7e)
Update to 7.3.20 Security fixes for CVE-2025-47273, CVE-2024-47081 and CVE-2025-50181 (in pip and setuptools wheels). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-9b8da6ad7e 2025-07-20 01:02:22.761430+00:00 -------------------------------------------------------------------------------- Name : pypy Product : Fedora 41 Version : 7.3.20 Release : 2.fc41 URL : https://pypy.org/ Summary : Python implementation with a Just-In-Time compiler Description : PyPy's implementation of Python, featuring a Just-In-Time compiler on some CPU architectures, and various optimized implementations of the standard types (strings, dictionaries, etc) This build of PyPy has JIT-compilation enabled. -------------------------------------------------------------------------------- Update Information: Update to 7.3.20 Security fixes for CVE-2025-47273, CVE-2024-47081 and CVE-2025-50181 (in pip and setuptools wheels) -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 10 2025 Charalampos Stratakis - 7.3.20-1 - Update to 7.3.20 - Fixes: rhbz#2376234 * Thu Jul 10 2025 Charalampos Stratakis - 7.3.19-2 - Security fixes for CVE-2025-47273, CVE-2024-47081 and CVE-2025-50181 - Fixes: rhbz#2367430, rhbz#2372476, rhbz#2373817 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2367430 - CVE-2025-47273 pypy: Path Traversal Vulnerability in setuptools PackageIndex [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2367430 [ 2 ] Bug #2372476 - CVE-2024-47081 pypy: Requests vulnerable to .netrc credentials leak via malicious URLs [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2372476 [ 3 ] Bug #2373817 - CVE-2025-50181 pypy: urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2373817 [ 4 ] Bug #2376234 - pypy-7.3.20 is available https://bugzilla.redhat.com/show_bug.cgi?id=2376234 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-9b8da6ad7e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jul 20, 2025
•Critical
Fedora
100
security advisoryimportant updateauthorization issueSUSE Linux Micro: 2025:20131-1 important: sssd authorization fix
* bsc#1223100 Cross-References: * CVE-2023-3758 . # Security update for sssd Announcement ID: SUSE-SU-2025:20131-1 Release Date: 2025-02-28T13:04:03Z Rating: important References: * bsc#1223100 Cross-References: * CVE-2023-3758 CVSS scores: * CVE-2023-3758 ( SUSE ): 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3758 ( NVD ): 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3758 ( NVD ): 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for sssd fixes the following issues: * CVE-2023-3758: Fixed race condition during authorization leading to GPO policies functioning inconsistently (bsc#1223100). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-220=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * libsss_certmap0-2.8.2-6.1 * sssd-ad-2.8.2-6.1 * libsss_nss_idmap0-2.8.2-6.1 * sssd-krb5-2.8.2-6.1 * sssd-ldap-2.8.2-6.1 * libsss_idmap0-2.8.2-6.1 * libsss_nss_idmap0-debuginfo-2.8.2-6.1 * sssd-ad-debuginfo-2.8.2-6.1 * sssd-krb5-debuginfo-2.8.2-6.1 * sssd-krb5-common-debuginfo-2.8.2-6.1 * sssd-2.8.2-6.1 * sssd-debugsource-2.8.2-6.1 * sssd-krb5-common-2.8.2-6.1 * libsss_idmap0-debuginfo-2.8.2-6.1 * sssd-ldap-debuginfo-2.8.2-6.1 * sssd-debuginfo-2.8.2-6.1 * libsss_certmap0-debuginfo-2.8.2-6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3758.html * https://bugzilla.suse.com/show_bug.cgi?id=1223100 . Investigate essential update for SUSE addressing permission vulnerabilities within sssd, boosting both security measures and operational effectiveness.. SUSE Linux Micro, sssd patch,security issues, patch instructions, software updated. . Severity: Important. LinuxSecurity.com Team
Jun 04, 2025
•Important
SuSE
172
security advisorysoftware updateUbuntuUbuntu 22.04 LTS USN-7161-2: critical Docker authorization issue
Several security issues were fixed in Docker.. ========================================================================== Ubuntu Security Notice USN-7161-2 February 18, 2025 Docker vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Docker. Software Description: - docker.io-app: Linux container runtime - docker.io: Linux container runtime Details: USN-7161-1 fixed CVE-2024-29018 in Ubuntu 24.04 LTS. This update fixes it in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. USN-7161-1 fixed CVE-2024-41110 in Ubuntu 24.10, Ubuntu 24.04 LTS, and Ubuntu 18.04 LTS. This updates fixes it in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Original advisory details: Yair Zak discovered that Docker could unexpectedly forward DNS requests from internal networks in an unexpected manner. An attacker could possibly use this issue to exfiltrate data by encoding information in DNS queries to controlled nameservers. This issue was only addressed in Ubuntu 24.04 LTS. (CVE-2024-29018) Cory Snider discovered that Docker did not properly handle authorization plugin request processing. An attacker could possibly use this issue to bypass authorization controls by forwarding API requests without their full body, leading to unauthorized actions. (CVE-2024-41110) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS docker.io 26.1.3-0ubuntu1~22.04.1+esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS docker.io 26.1.3-0ubuntu1~20.04.1+esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS docker.io 20.10.21-0ubuntu1~18.04.3+esm2 Available with Ubuntu Pro Ubuntu 16.04 LTS docker.io 18.09.7-0ubuntu1~16.04.9+esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7161-2 https://ubuntu.com/security/notices/USN-7161-1 CVE-2024-29018, CVE-2024-41110 . Recent Docker vulnerabilities in Ubuntu have impacted several versions. To address these security concerns, apply the necessary updates promptly.. Docker Security, Ubuntu Updates, Software Fix, Data Exfiltration, Authorization Issues. . Severity: Critical. LinuxSecurity.com Team
Feb 18, 2025
•Critical
Ubuntu
202
security advisorymoderatesecurity updateopenSUSE 15.6: SUSE-SU-2025:0425-1 moderate: wget Authorization Issue
An update that solves one vulnerability and has one security fix can now be installed.. # Security update for wget Announcement ID: SUSE-SU-2025:0425-1 Release Date: 2025-02-11T10:33:22Z Rating: moderate References: * bsc#1185551 * bsc#1230795 Cross-References: * CVE-2021-31879 CVSS scores: * CVE-2021-31879 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2021-31879 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for wget fixes the following issues: * CVE-2021-31879: Authorization header disclosed upon redirects to different origins. (bsc#1185551) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-425=1 openSUSE-SLE-15.6-2025-425=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-425=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * wget-debuginfo-1.20.3-150600.19.12.1 * wget-1.20.3-150600.19.12.1 * wget-debugsource-1.20.3-150600.19.12.1 * openSUSE Leap 15.6 (noarch) * wget-lang-1.20.3-150600.19.12.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * wget-debuginfo-1.20.3-150600.19.12.1 * wget-1.20.3-150600.19.12.1 * wget-debugsource-1.20.3-150600.19.12.1 ## References: * https://www.suse.com/security/cve/CVE-2021-31879.html * https://bugzilla.suse.com/show_bug.cgi?id=1185551 * https://bugzilla.suse.com/show_bug.cgi?id=1230795 . Awget upgrade addresses a permissions concern with forwarding on openSUSE. Apply the patch promptly for security.. SUSE Security Update, wget Authorization Fix, openSUSE Update, Software Patch. . LinuxSecurity.com Team
Feb 11, 2025
OpenSUSE
89
security advisoryFedoraupdate informationFedora 40 SimGear Advisory: Critical 2025-725bba93b2 Authorization Issue
Fix CVE-2025-0781. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-725bba93b2 2025-02-07 01:44:12.172435+00:00 -------------------------------------------------------------------------------- Name : SimGear Product : Fedora 40 Version : 2020.3.19 Release : 7.fc40 URL : Summary : Simulation library components Description : SimGear is a set of open-source libraries designed to be used as building blocks for quickly assembling 3d simulations, games, and visualization applications. -------------------------------------------------------------------------------- Update Information: Fix CVE-2025-0781 -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 23 2025 Fabrice Bellet - 2020.3.19-7 - cppbind: check I/O rules when auto-constructing an SGPath * Thu Jan 16 2025 Fedora Release Engineering - 2020.3.19-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Fri Jul 26 2024 Miroslav Suchý - 2020.3.19-5 - convert license to SPDX * Wed Jul 17 2024 Fedora Release Engineering - 2020.3.19-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2342620 - CVE-2025-0781 SimGear: Incorrect Authorization in SimGear [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2342620 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-725bba93b2' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- . The recent Fedora 40 upgrade for SimGear resolves CVE-2025-0782, mitigating significant security flaws in user permissions.. Fedora updates, SimGear library, critical issues, software security. . Severity: Critical. LinuxSecurity.com Team
Feb 07, 2025
•Critical
Fedora
89
security advisoryFedoraCVE fixFedora 40: FlightGear 2025-725bba93b2 critical: authorization fix
Fix CVE-2025-0781. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-725bba93b2 2025-02-07 01:44:12.172435+00:00 -------------------------------------------------------------------------------- Name : FlightGear Product : Fedora 40 Version : 2020.3.19 Release : 8.fc40 URL : http://www.flightgear.org/ Summary : The FlightGear Flight Simulator Description : The Flight Gear project is working to create a sophisticated flight simulator framework for the development and pursuit of interesting flight simulator ideas. We are developing a solid basic sim that can be expanded and improved upon by anyone interested in contributing -------------------------------------------------------------------------------- Update Information: Fix CVE-2025-0781 -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 23 2025 Fabrice Bellet - 2020.3.19-8 - NasalSGPath: move checkIORules() to SGPath::NasalIORulesChecker() * Thu Jan 16 2025 Fedora Release Engineering - 2020.3.19-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Thu Jul 25 2024 Miroslav Suchý - 2020.3.19-6 - convert license to SPDX * Wed Jul 17 2024 Fedora Release Engineering - 2020.3.19-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2342620 - CVE-2025-0781 SimGear: Incorrect Authorization in SimGear [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2342620 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-725bba93b2' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with theFedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Fedora 40 FlightGear has been updated to fix CVE-2025-0781, an authorization issue. The patch enhances security, protecting user permissions and preventing unauthorized access.. Fedora 40, FlightGear, CVE-2025-0781, security update, authorization fix. . Severity: Critical. LinuxSecurity.com Team
Feb 07, 2025
•Critical
Fedora
100
security advisorymoderateSUSESUSE: 2025:0380-1 moderate: wget authorization issue and patch
* bsc#1185551 * bsc#1230795 Cross-References: * CVE-2021-31879 . # Security update for wget Announcement ID: SUSE-SU-2025:0380-1 Release Date: 2025-02-06T14:44:25Z Rating: moderate References: * bsc#1185551 * bsc#1230795 Cross-References: * CVE-2021-31879 CVSS scores: * CVE-2021-31879 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2021-31879 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for wget fixes the following issues: * CVE-2021-31879: Authorization header disclosed upon redirects to different origins. (bsc#1185551) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-380=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * wget-debuginfo-1.14-21.22.1 * wget-1.14-21.22.1 * wget-debugsource-1.14-21.22.1 ## References: * https://www.suse.com/security/cve/CVE-2021-31879.html * https://bugzilla.suse.com/show_bug.cgi?id=1185551 * https://bugzilla.suse.com/show_bug.cgi?id=1230795 . SUSE Security Update for curl addresses a critical vulnerability. This patch corrects token leakage in HTTP responses. Discover the details today.. wget security, SUSE updates, authorization issue, software patch. . LinuxSecurity.com Team
Feb 06, 2025
SuSE
89
security advisoryupdateFedoraFedora 41 FlightGear Release: FEDORA-2025-b3322818a5 Moderate Auth Issue
Fix for CVE-2025-0781. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-b3322818a5 2025-02-06 01:41:43.313978+00:00 -------------------------------------------------------------------------------- Name : FlightGear Product : Fedora 41 Version : 2020.3.19 Release : 8.fc41 URL : http://www.flightgear.org/ Summary : The FlightGear Flight Simulator Description : The Flight Gear project is working to create a sophisticated flight simulator framework for the development and pursuit of interesting flight simulator ideas. We are developing a solid basic sim that can be expanded and improved upon by anyone interested in contributing -------------------------------------------------------------------------------- Update Information: Fix for CVE-2025-0781 -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 23 2025 Fabrice Bellet - 2020.3.19-8 - NasalSGPath: move checkIORules() to SGPath::NasalIORulesChecker() * Thu Jan 16 2025 Fedora Release Engineering - 2020.3.19-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Thu Jul 25 2024 Miroslav Suchý - 2020.3.19-6 - convert license to SPDX -------------------------------------------------------------------------------- References: [ 1 ] Bug #2342621 - CVE-2025-0781 SimGear: Incorrect Authorization in SimGear [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2342621 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-b3322818a5' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Fedora addresses CVE-2025-0781 in FlightGear through advisory releases, reinforcing safety measures for its user base.. Fedora security, FlightGear update, CVE-2025-0781 fix, flight simulator security, software update. . LinuxSecurity.com Team
Feb 06, 2025
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!