Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 7 articles for you...
219
Ls Advisories Rockylinux Esm H240
Price Tag 1security advisorysecurity issueimportant

Mountain OS 4.22 RFTN-3078-1458 dev-package-functions Flaw in IPV6 Handling

Important: go-rpm-macros security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:8840", "synopsis": "Important: go-rpm-macros security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for go-rpm-macros.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "This package provides build-stage rpm automation to simplify the creation of Go language (golang) packages. It does not need to be included in the default build root: go-srpm-macros will pull it in for Go packages only.\n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2445356", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "description": ""}], "cves": [{"name": "CVE-2026-25679", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-1286"}], "references": [], "publishedAt": "2026-04-21T12:07:14.176910Z", "rpms": {"Rocky Linux 10": {"nvras": ["go-filesystem-0:3.6.0-8.el10_1.x86_64.rpm", "go-rpm-macros-debuginfo-0:3.6.0-8.el10_1.x86_64.rpm", "go-srpm-macros-0:3.6.0-8.el10_1.noarch.rpm", "go-rpm-templates-0:3.6.0-8.el10_1.s390x.rpm", "go-rpm-macros-0:3.6.0-8.el10_1.src.rpm", "go-rpm-macros-0:3.6.0-8.el10_1.ppc64le.rpm", "go-filesystem-0:3.6.0-8.el10_1.ppc64le.rpm", "go-rpm-macros-debugsource-0:3.6.0-8.el10_1.s390x.rpm", "go-rpm-macros-0:3.6.0-8.el10_1.x86_64.rpm", "go-rpm-macros-debugsource-0:3.6.0-8.el10_1.ppc64le.rpm","go-rpm-macros-0:3.6.0-8.el10_1.s390x.rpm", "go-rpm-macros-debugsource-0:3.6.0-8.el10_1.x86_64.rpm", "go-rpm-macros-0:3.6.0-8.el10_1.aarch64.rpm", "go-filesystem-0:3.6.0-8.el10_1.s390x.rpm", "go-rpm-templates-0:3.6.0-8.el10_1.aarch64.rpm", "go-filesystem-0:3.6.0-8.el10_1.aarch64.rpm", "go-rpm-templates-0:3.6.0-8.el10_1.ppc64le.rpm", "go-rpm-macros-debuginfo-0:3.6.0-8.el10_1.ppc64le.rpm", "go-rpm-templates-0:3.6.0-8.el10_1.x86_64.rpm", "go-rpm-macros-debuginfo-0:3.6.0-8.el10_1.s390x.rpm", "go-rpm-macros-debugsource-0:3.6.0-8.el10_1.aarch64.rpm", "go-rpm-macros-debuginfo-0:3.6.0-8.el10_1.aarch64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. ], 'cves': [], 'references': [], 'publishedAt': '2026-04-21T12:07:14.176910Z', 'rpms': }, 'rebootSug. important, go-rpm-macros, security, update, 'cves', 'references', 'publishedat', '2026-04-21. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Apr 21, 2026 Important Rocky Linux
219
Ls Advisories Rockylinux Esm H240
Price Tag 1security advisorysecurity issueimportant

Alpine Linux 3.15 Update RLSB-2026-8855 Enhances Access/Linking Security

Important: go-rpm-macros security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:8841", "synopsis": "Important: go-rpm-macros security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for go-rpm-macros.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "This package provides build-stage rpm automation to simplify the creation of Go language (golang) packages. It does not need to be included in the default build root: go-srpm-macros will pull it in for Go packages only.\n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2445356", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "description": ""}], "cves": [{"name": "CVE-2026-25679", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-1286"}], "references": [], "publishedAt": "2026-04-21T12:03:54.560238Z", "rpms": {"Rocky Linux 9": {"nvras": ["go-filesystem-0:3.6.0-14.el9_7.aarch64.rpm", "go-filesystem-0:3.6.0-14.el9_7.ppc64le.rpm", "go-filesystem-0:3.6.0-14.el9_7.s390x.rpm", "go-filesystem-0:3.6.0-14.el9_7.x86_64.rpm", "go-rpm-macros-0:3.6.0-14.el9_7.aarch64.rpm", "go-rpm-macros-0:3.6.0-14.el9_7.ppc64le.rpm", "go-rpm-macros-0:3.6.0-14.el9_7.s390x.rpm", "go-rpm-macros-0:3.6.0-14.el9_7.src.rpm", "go-rpm-macros-0:3.6.0-14.el9_7.x86_64.rpm", "go-rpm-macros-debuginfo-0:3.6.0-14.el9_7.aarch64.rpm","go-rpm-macros-debuginfo-0:3.6.0-14.el9_7.ppc64le.rpm", "go-rpm-macros-debuginfo-0:3.6.0-14.el9_7.s390x.rpm", "go-rpm-macros-debuginfo-0:3.6.0-14.el9_7.x86_64.rpm", "go-rpm-macros-debugsource-0:3.6.0-14.el9_7.aarch64.rpm", "go-rpm-macros-debugsource-0:3.6.0-14.el9_7.ppc64le.rpm", "go-rpm-macros-debugsource-0:3.6.0-14.el9_7.s390x.rpm", "go-rpm-macros-debugsource-0:3.6.0-14.el9_7.x86_64.rpm", "go-rpm-templates-0:3.6.0-14.el9_7.noarch.rpm", "go-srpm-macros-0:3.6.0-14.el9_7.noarch.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Critical go-rpm-macros security updates available for Rocky Linux 9 to address parsing issues with IPv6 literals. Act now.. Rocky Linux 9. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Apr 21, 2026 Important Rocky Linux
Banner 4 1028x280 1708121825 1771600306
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedoraimportant

Fedora 41: 2025-dda04d7a84 important: selenium-manager browser update

Update to version 4.34.0. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-dda04d7a84 2025-07-13 02:56:45.883692+00:00 -------------------------------------------------------------------------------- Name : selenium-manager Product : Fedora 41 Version : 4.34.0 Release : 2.fc41 URL : https://github.com/SeleniumHQ/selenium Summary : Automated driver and browser management for Selenium Description : Selenium Manager is a command-line tool implemented in Rust that provides automated driver and browser management for Selenium. -------------------------------------------------------------------------------- Update Information: Update to version 4.34.0 -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 3 2025 tjuhasz - 4.34.0-1 - Update to version 4.34.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2364898 - CVE-2025-46551 selenium-manager: JRuby-OpenSSL has hostname verification disabled by default [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2364898 [ 2 ] Bug #2364899 - CVE-2025-46551 selenium-manager: JRuby-OpenSSL has hostname verification disabled by default [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2364899 [ 3 ] Bug #2368305 - selenium-manager-4.34.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2368305 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-dda04d7a84' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Selenium Manager sees significant improvements in Fedora 41, refining the handling of automated browsers. Discover the enhancements now!. Fedora update, selenium manager, browser automation. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jul 13, 2025 Important Fedora
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedoraimportant

Fedora 41: FEDORA-2025-90dfeac1234 critical: webdriver-manager upgrade

rust-which 8.0.0 Add new Sys trait to allow abstracting over the underlying filesystem. Particularly useful for wasm32-unknown-unknown targets. Thanks @dsherret for this contribution to which! Add more debug level tracing for otherwise silent I/O errors.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-785afc6856 2025-07-10 16:29:02.147541+00:00 -------------------------------------------------------------------------------- Name : selenium-manager Product : Fedora 41 Version : 4.32.0 Release : 5.fc41 URL : https://github.com/SeleniumHQ/selenium Summary : Automated driver and browser management for Selenium Description : Selenium Manager is a command-line tool implemented in Rust that provides automated driver and browser management for Selenium. -------------------------------------------------------------------------------- Update Information: rust-which 8.0.0 Add new Sys trait to allow abstracting over the underlying filesystem. Particularly useful for wasm32-unknown-unknown targets. Thanks @dsherret for this contribution to which! Add more debug level tracing for otherwise silent I/O errors. Call the NonFatalHandler in more places to catch previously ignored I/O errors. Remove use of the either dependency. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 26 2025 Benjamin A. Beasley - 4.32.0-4 - No longer patch the zip dependency version * Thu Jun 26 2025 Benjamin A. Beasley - 4.32.0-3 - Update License * Thu Jun 26 2025 Benjamin A. Beasley - 4.32.0-2 - Allow which 8 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2370374 - rust-which-8.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2370374 -------------------------------------------------------------------------------- This update can be installed with the "dnf" updateprogram. Use su -c 'dnf upgrade --advisory FEDORA-2025-785afc6856' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Critical upgrade for Fedora 41: selenium-manager enhances automation and browser management functionality.. Fedora 41 updates, selenium manager, browser automation, rust tools. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jul 10, 2025 Critical Fedora
Banner 4 1028x280 1708121825 1771600306
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorysoftware updatedebian

Debian 11: DLA-3963-1 moderate: Ansible sensitive data threat

Ansible is a command-line IT automation software application. It can configure systems, deploy software, and orchestrate advanced workflows to support application deployment, system updates, ... . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3963-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Bastien Roucariès November 23, 2024 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : ansible Version : 2.10.7+merged+base+2.10.17+dfsg-0+deb11u2 CVE ID : CVE-2024-8775 CVE-2024-9902 Debian Bug : 1082851 Ansible is a command-line IT automation software application. It can configure systems, deploy software, and orchestrate advanced workflows to support application deployment, system updates, ... Ansible was affected by two vulnerabilities: CVE-2024-8775 A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions. CVE-2024-9902 The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner. For Debian 11 bullseye, these problemshave been fixed in version 2.10.7+merged+base+2.10.17+dfsg-0+deb11u2. We recommend that you upgrade your ansible packages. For the detailed security status of ansible please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/ansible Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Debian LTS Advisory DLA-3963-2 addresses two recently discovered security flaws within Ansible that may lead to potential data leaks.. ansible automation, Debian security updates, software vulnerabilities, command-line application, system configuration. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Nov 24, 2024 Important Debian LTS
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorymoderateRed Hat

Red Hat: RHSA-2023-4692-01 Moderate DoS Issues in Ansible 2.4

An update is now available for Red Hat Ansible Automation Platform 2.4 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update Advisory ID: RHSA-2023:4692-01 Product: Red Hat Ansible Automation Platform Advisory URL: https://access.redhat.com/errata/RHSA-2023:4692 Issue date: 2023-08-21 CVE Names: CVE-2023-24580 CVE-2023-36053 ===================================================================== 1. Summary: An update is now available for Red Hat Ansible Automation Platform 2.4 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Ansible Automation Platform 2.4 for RHEL 8 - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Ansible Automation Platform 2.4 for RHEL 9 - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language. Security Fix(es): * automation-controller:python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator (CVE-2023-36053) * automation-controller: python-django: Potential denial-of-service vulnerability in file uploads (CVE-2023-24580) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional changes for automation controller: * automation-controller has been updated to 4.4.2 (AAP-14609) * Changing credential types using the dropdown list in the Launch prompt window no longer causes the screen to disappear. (AAP-11444) * Upgraded python dependencies which include an upgrade from Django 3.2 to 4.2.3, psycopg2 to psycopg3, additional libraries as needed. Also added a new setting in the UI exposing the ``CSRF_TRUSTED_ORIGIN`` settings. (AAP-12345) * Fixed slow database UPDATE statements on job events table which could cause a task manager timeout. (AAP-12586) * Adding new labels to a job through prompting now works as expected. (AAP-14204) * Added ``noopener`` and ``noreferrer`` to Controller UI links that were missing it. (AAP-14345) * Fixed the broken User Guide link in the Edit Subscription Details page. (AAP-14375) * Turned off auto-complete on remaining Controller UI forms that were missing that attribute. (AAP-14442) * The Add button on credentials is now accessible for users with correct permissions. (AAP-14525) * Fixed unexpected error with adding a new host while using a manifest with size 10. (AAP-14675) * Fixed the Trial toggle when using a manifest file. (AAP-14675) * Applied environment variables from the setting ``AWX_TASK_ENV`` when running credential lookup plugins. (AAP-14683) * Interrupted jobs (like canceled jobs) no longer clear facts from hosts, if the job ran on an execution node. (AAP-14878) * Using a license that is missing a "usage" attribute no longer returns a 400 error. (AAP-14880) * Fixed sub-keys under "data" from HashiCorp Vault SecretLookup responses to check for secrets, if found. (AAP-14946) * Fixed Ansible facts to retry saving to hosts if there is a database deadlock. (AAP-15021) 4. Solution: Red Hat Ansible Automation Platform 5. Bugs fixed (https://bugzilla.redhat.com/): 2169402 - CVE-2023-24580 python-django: Potential denial-of-service vulnerability in file uploads 2218004 - CVE-2023-36053 python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator 6. Package List: Red Hat Ansible Automation Platform 2.4 for RHEL 8: Source: automation-controller-4.4.2-1.el8ap.src.rpm aarch64: automation-controller-4.4.2-1.el8ap.aarch64.rpm automation-controller-venv-tower-4.4.2-1.el8ap.aarch64.rpm noarch: automation-controller-cli-4.4.2-1.el8ap.noarch.rpm automation-controller-server-4.4.2-1.el8ap.noarch.rpm automation-controller-ui-4.4.2-1.el8ap.noarch.rpm ppc64le: automation-controller-4.4.2-1.el8ap.ppc64le.rpm automation-controller-venv-tower-4.4.2-1.el8ap.ppc64le.rpm s390x: automation-controller-4.4.2-1.el8ap.s390x.rpm automation-controller-venv-tower-4.4.2-1.el8ap.s390x.rpm x86_64: automation-controller-4.4.2-1.el8ap.x86_64.rpm automation-controller-venv-tower-4.4.2-1.el8ap.x86_64.rpm Red Hat Ansible Automation Platform 2.4 for RHEL 9: Source: automation-controller-4.4.2-1.el9ap.src.rpm aarch64: automation-controller-4.4.2-1.el9ap.aarch64.rpm automation-controller-venv-tower-4.4.2-1.el9ap.aarch64.rpm noarch: automation-controller-cli-4.4.2-1.el9ap.noarch.rpm automation-controller-server-4.4.2-1.el9ap.noarch.rpm automation-controller-ui-4.4.2-1.el9ap.noarch.rpm ppc64le: automation-controller-4.4.2-1.el9ap.ppc64le.rpm automation-controller-venv-tower-4.4.2-1.el9ap.ppc64le.rpm s390x: automation-controller-4.4.2-1.el9ap.s390x.rpm automation-controller-venv-tower-4.4.2-1.el9ap.s390x.rpm x86_64: automation-controller-4.4.2-1.el9ap.x86_64.rpm automation-controller-venv-tower-4.4.2-1.el9ap.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how toverify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-24580 https://access.redhat.com/security/cve/CVE-2023-36053 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJk48byAAoJENzjgjWX9erEc1kP/1jKapZMWTu53xbtxprWEcRC XCdvFvPEzK9XcrjZSHU/2LBo8tWXGiQPmj4JzT0EmAzLvS04TnUjGlf6pqHPBCkE zO9PalVNodgEytIoMhwZo6yLccw+5NAOxVjHZiWqUyIk9hNKp2d/Qw88DJvyhPGs +/LDw8jDaiA4ty3Egnw6R932uLK0EhnWgi/3tT+M+RTY9piW9Xrz7XWe/BfrHy+V +XE99v0AWi+Et9KAVY6WUAJY8N9ZuJ4PUaSvoYzXWp9TQR1z+9bbts+4LvHgKkFU ePL/2ReKyI+MeiFxsCba2iOBBGUyD353lpOeVs7O4bWhcrbkBuZXmbVqeV1EECzL wxIbrhYzMfc2w+BpEotR9o7q2T7yiGWFCOCZOb4IaoTWuETtO3l+ALtfH3k0YlsI 1rFjuF4i5vNw8cHk1ARPMCBF/zkyem+QBIR9GXizfCXvZpw98r57IxYvuM9m4hTu G9tnTXtuwNZlK8SInQFx3WdE0cotK7rNpwZCekBqH2xum0Ylku9hkopIP6klJDN+ c7s1qlgOh3FwZDAaGM675709LPxpGJjC1bDK/3wrc1e7DkkQB+nJC6Rc89Ne5TvJ zRliBqogGbY0r2mCBMhMxS6cHLvCDNjwLPkEtKgUyaIoGZHtOy8+1Lhw8GEdqSlX itCQN8Eorq0Wbxr8JzHx =4vwd -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Critical Red Hat Security Update for Ansible Automation Solution 2.4, tackling vital vulnerabilities in enterprise automation tools.. Red Hat Security, Ansible Update, Automation Security, IT Automation, Security Advisory. . LinuxSecurity.com Team

Calendar 2 Aug 21, 2023 Red Hat
Banner 4 1028x280 1708121825 1771600306
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisoryRed Hatimportant

RedHat Ansible Automation Platform: RHSA-2022:5702-01 Important SQL Issues

An update is now available for Red Hat Ansible Automation Platform 2.1 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Ansible Automation Platform 2.1.2 security and bug fix update Advisory ID: RHSA-2022:5702-01 Product: Red Hat Ansible Automation Platform Advisory URL: https://access.redhat.com/errata/RHSA-2022:5702 Issue date: 2022-07-25 CVE Names: CVE-2022-28346 CVE-2022-28347 ==================================================================== 1. Summary: An update is now available for Red Hat Ansible Automation Platform 2.1 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Ansible Automation Platform 2.1 for RHEL 8 - noarch, x86_64 3. Description: Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language. Security Fix(es): * automation-controller: Django: SQL injection in QuerySet.annotate(),aggregate() and extra() (CVE-2022-28346) * automation-controller: Django: SQL injectionvia QuerySet.explain(options) on PostgreSQL (CVE-2022-28347) * python-django: Django: SQL injection in QuerySet.annotate(),aggregate() and extra() (CVE-2022-28346) * python-django: Django: SQL injection via QuerySet.explain(options) on PostgreSQL (CVE-2022-28347) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2072447 - CVE-2022-28346 Django: SQL injection in QuerySet.annotate(),aggregate() and extra() 2072459 - CVE-2022-28347 Django: SQL injection via QuerySet.explain(options) on PostgreSQL 6. Package List: Red Hat Ansible Automation Platform 2.1 for RHEL 8: Source: automation-controller-4.1.2-2.el8ap.src.rpm pulpcore-selinux-1.3.1-1.el8ap.src.rpm python-django-3.2.13-1.el8pc.src.rpm python-jinja2-3.0.3-1.el8pc.src.rpm python-markupsafe-2.0.1-2.el8pc.src.rpm python-naya-1.1.1-1.el8pc.src.rpm python-pulpcore-3.15.9-2.el8pc.src.rpm noarch: python38-django-3.2.13-1.el8pc.noarch.rpm python38-jinja2-3.0.3-1.el8pc.noarch.rpm python38-naya-1.1.1-1.el8pc.noarch.rpm python38-pulpcore-3.15.9-2.el8pc.noarch.rpm x86_64: automation-controller-4.1.2-2.el8ap.x86_64.rpm automation-controller-cli-4.1.2-2.el8ap.x86_64.rpm automation-controller-server-4.1.2-2.el8ap.x86_64.rpm automation-controller-ui-4.1.2-2.el8ap.x86_64.rpm automation-controller-venv-tower-4.1.2-2.el8ap.x86_64.rpm pulpcore-selinux-1.3.1-1.el8ap.x86_64.rpm python-markupsafe-debuginfo-2.0.1-2.el8pc.x86_64.rpm python-markupsafe-debugsource-2.0.1-2.el8pc.x86_64.rpm python3-markupsafe-debuginfo-2.0.1-2.el8pc.x86_64.rpm python38-markupsafe-2.0.1-2.el8pc.x86_64.rpm python38-markupsafe-debuginfo-2.0.1-2.el8pc.x86_64.rpm These packages are GPG signed by RedHat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-28346 https://access.redhat.com/security/cve/CVE-2022-28347 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIUAwUBYuFj7tzjgjWX9erEAQg9NA/3eg8EjEKICU1r1UMCuwM9zU3CUwBWAeM2 yK9e48JJcsxxkUpcWBYS6527T55vvk8daFvL9mpDdNl+BFomxR2pjubXcIkypc0R VpYnXcBgJbEuMfXYF202NExP27Mj/ZRKLdC4b2pYBBKDwVDATgjCzEXctIvJqC6m 2TD4ZaFar67054pBOsu6Ci+xoiwlbWzu29RC4ASK9NHitQMn1s4Z1kaUVPVQI44T IhQZTjKkqfhX/2yU/AxFKqoqIt/MZDDT/WkZV0tEsIdNlRbAG0+k8LS2gIx2f9+x diFVvLfmy6hZYK18QKB0ujcMTVWmEpT4C6dJ8im+4MgaIP1o5KHNTz37L44qhOhr GpkiQwTLTE0oj7uKkyGkG4v2d9XLllFQhAXhEbCOJeMcPzkc2/qhzx0dfWw8ZpiQ sR1PCfRumA4aBVMc9unDJwGp49NAPh3uH77kVKPJBAdYWZhay9NIgup1regTF+ba LMwyATdyiR8vya6SI/TlPyJ0EQJv6QC+TSiLN+pFdWCQ+yLGS1xIxDFeyxhrkFbq N37GahhPl/cPRIJJmzRGdWZQFU1Zmd0a0dTlsfyLWigMRe26E+yRwRJ2aJA9Gh2K nGxGor97QfjkU8aOsLZuBEIdmbRnRefmsIdNs7AX609jd5yfPpfvLux5ZEKlIvRm 4w6TUZS6wQ==GeUO -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Significant release out for Red Hat Ansible Automation Framework tackling urgent SQL injection vulnerabilities.. RedHat, Ansible Automation, Security Updates, SQL Attack, Important Fixes. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jul 27, 2022 Important Red Hat
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisoryRed Hatprivilege escalation

Red Hat: RHSA-2022-0474 Important: Ansible Automation Platform Update

An update is now available for ansible-runner for Red Hat Ansible Automation Platform 2.0 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Ansible Automation Platform 2.0 ansible-runner security update Advisory ID: RHSA-2022:0474-01 Product: Red Hat Ansible Automation Platform Advisory URL: https://access.redhat.com/errata/RHSA-2022:0474 Issue date: 2022-02-08 CVE Names: CVE-2021-4112 ==================================================================== 1. Summary: An update is now available for ansible-runner for Red Hat Ansible Automation Platform 2.0 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Ansible Automation Platform 2.0 for RHEL 8 - noarch 3. Description: Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language. Security Fix(es): * Ansible: ansible-runner: Privilege escalation via job isolation escape (CVE-2021-4112) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information,refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2028121 - CVE-2021-4112 ansible-tower: Privilege escalation via job isolation escape 6. Package List: Red Hat Ansible Automation Platform 2.0 for RHEL 8: Source: ansible-runner-2.0.3-3.el8ap.src.rpm noarch: ansible-runner-2.0.3-3.el8ap.noarch.rpm python38-ansible-runner-2.0.3-3.el8ap.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-4112 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYgKqB9zjgjWX9erEAQiruQ/+Of40bzWWttPgkHEmlYQi4GOjcevW28lb TThLpw334je3Y0DRRyXZymAJmQGdKlDCK4V7aHEVKQhCQpHfRJti5JcCiiqtCkgt SjibAsMf3e5Xa4R9e1lNLTC7zMHzbqtSbyWL4dmnVCIkIq/h/WB3UsFiHPpjPNEZ 4MJwaXTsoKHPm83OqqgccJuujzb3FTZ40qeTdz3olvflA0m0bTB377bFfm/XqK2a u3Mi4gmVxbxtK+ThAwroQx0fQkeZXFinOCxdes3FdJr4U9L5k4wITctn4NuzG5ML PH9E0QHTbN5dUjKbVDGaaeaprGB0yB7dnwCpwTl3okjmGVrMWfyjub30W30apWRn ITHK+CTDRe1T38e99tkk0Kkz5VkKyn1U3T6nMCJnQdEf8ifILSQaJ8EfXHhMshh2 sDcE9JekuaQTmDJTrnuY2RRyh7oDRcMr+Ux54WWNovAI2AXYkJBBbrFO+5gIJkjS Ifet0GioAI1DfPZXGRuZCf1hwMEMj+IAJrpRuGAMEguESYNYalfj4BmOCtgWBYUG ZN2ZZGiJSxv3IVvIbQee3wfYJHp1+3pQVq9gPd6l8zlc+ZGFSLaziuSrF0OwKYWi NRhaEb7hZa+qQY3rik6qaNZUVVIWwM5Pa2FiBo4E4Yv3m8umji+2my3ONp4XdcJp jSnjzDWTIX0=AVj3 -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . A critical patch resolves a privilege escalation vulnerability in Red Hat AnsibleAutomation Platform 2.0.. Red Hat Ansible, automation update, critical security patch. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Feb 08, 2022 Important Red Hat
Banner 4 1028x280 1708121825 1771600306
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here