Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 71 articles for you...
89

Fedora 40: nodejs-bash-language-server Update 5.6.0 for CVE-2024-47829

Update pnpm to version 10.9.0 to fix CVE-2024-47829 and nodejs-bash-language- server to version 5.6.0. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-f68a9b835d 2025-05-03 01:10:16.988304+00:00 -------------------------------------------------------------------------------- Name : nodejs-bash-language-server Product : Fedora 40 Version : 5.6.0 Release : 1.fc40 URL : server Summary : A language server for Bash Description : Bash language server implementation based on Tree Sitter and its grammar for Bash with explainshell integration. -------------------------------------------------------------------------------- Update Information: Update pnpm to version 10.9.0 to fix CVE-2024-47829 and nodejs-bash-language- server to version 5.6.0 -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 24 2025 Andreas Schneider - 5.6.0-1 - Update to version 5.6.0 - server/releases/tag/server-5.6.0 * Thu Apr 24 2025 Andreas Schneider - 5.4.3-1 - Update to version 5.4.3 - server/blob/server-5.4.3/server/CHANGELOG.md * Thu Apr 24 2025 Andreas Schneider - 5.4.0-1 - Update to version 5.4.0 - server/blob/server-5.4.0/server/CHANGELOG.md -------------------------------------------------------------------------------- References: [ 1 ] Bug #2361974 - CVE-2024-47829 nodejs-pnpm: pnpm uses the md5 path shortening function causes packet paths to coincide, which causes indirect packet overwriting [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2361974 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-f68a9b835d' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: . Required patch to address CVE-2024-47829 includes an update for nodejs-bash-language-server and pnpm on Fedora 40. Ensure the latest packages are integrated for system security.. nodejs, Fedora upgrade, security advisory, pnpm, bash language server. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 03, 2025 Critical Fedora
172

Ubuntu 22.04 LTS USN-6697-1 Critical: Bash Denial of Service Vulnerability

Bash could be made to crash or run programs as your login if it opened a specially crafted file.. ========================================================================== Ubuntu Security Notice USN-6697-1 March 18, 2024 bash vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: Bash could be made to crash or run programs as your login if it opened a specially crafted file. Software Description: - bash: GNU Bourne Again SHell Details: It was discovered that Bash incorrectly handled certain memory operations when processing commands. If a user or automated system were tricked into running a specially crafted bash file, a remote attacker could use this issue to cause Bash to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: bash 5.1-6ubuntu1.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6697-1 CVE-2022-3715 Package Information: https://launchpad.net/ubuntu/+source/bash/5.1-6ubuntu1.1 . A security flaw in Bash may lead to system crashes or unauthorized code execution upon user login; it is advised to apply updates for Ubuntu 22.04.. bash Vulnerability, System Update, Ubuntu Security. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Mar 18, 2024 Critical Ubuntu
217

Oracle Linux 9 ELSA-2023-0340 Moderate: Bash Security Patch

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2023-0340 https://linux.oracle.com/errata/ELSA-2023-0340.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: bash-5.1.8-6.el9_1.x86_64.rpm bash-devel-5.1.8-6.el9_1.x86_64.rpm aarch64: bash-5.1.8-6.el9_1.aarch64.rpm bash-devel-5.1.8-6.el9_1.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol9/SRPMS-updates//bash-5.1.8-6.el9_1.src.rpm Related CVEs: CVE-2022-3715 Description of changes: [5.1.8-6] - Add a null check in parameter_brace_transform() function Resolves: CVE-2022-3715 _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux Security Notice ELSA-2023-0340 introduces a vital bash patch addressing a significant vulnerability.. Oracle Linux Security, Bash Update, Linux RPM Patch, Security Advisory, Oracle ELSA. . LinuxSecurity.com Team

Calendar%202 Jan 24, 2023 Oracle
98

Red Hat RHEL 9 RHSA-2023:0340-01 Moderate Bash Heap Overflow

An update for bash is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: bash security update Advisory ID: RHSA-2023:0340-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:0340 Issue date: 2023-01-23 CVE Names: CVE-2022-3715 ==================================================================== 1. Summary: An update for bash is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 9) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64 3. Description: The bash packages provide Bash (Bourne-again shell), which is the default shell for Red Hat Enterprise Linux. Security Fix(es): * bash: a heap-buffer-overflow in valid_parameter_transform (CVE-2022-3715) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2126720 - CVE-2022-3715 bash: a heap-buffer-overflow in valid_parameter_transform 6. PackageList: Red Hat Enterprise Linux BaseOS (v. 9): Source: bash-5.1.8-6.el9_1.src.rpm aarch64: bash-5.1.8-6.el9_1.aarch64.rpm bash-debuginfo-5.1.8-6.el9_1.aarch64.rpm bash-debugsource-5.1.8-6.el9_1.aarch64.rpm ppc64le: bash-5.1.8-6.el9_1.ppc64le.rpm bash-debuginfo-5.1.8-6.el9_1.ppc64le.rpm bash-debugsource-5.1.8-6.el9_1.ppc64le.rpm s390x: bash-5.1.8-6.el9_1.s390x.rpm bash-debuginfo-5.1.8-6.el9_1.s390x.rpm bash-debugsource-5.1.8-6.el9_1.s390x.rpm x86_64: bash-5.1.8-6.el9_1.x86_64.rpm bash-debuginfo-5.1.8-6.el9_1.x86_64.rpm bash-debugsource-5.1.8-6.el9_1.x86_64.rpm Red Hat CodeReady Linux Builder (v. 9): aarch64: bash-debuginfo-5.1.8-6.el9_1.aarch64.rpm bash-debugsource-5.1.8-6.el9_1.aarch64.rpm bash-devel-5.1.8-6.el9_1.aarch64.rpm ppc64le: bash-debuginfo-5.1.8-6.el9_1.ppc64le.rpm bash-debugsource-5.1.8-6.el9_1.ppc64le.rpm bash-devel-5.1.8-6.el9_1.ppc64le.rpm s390x: bash-debuginfo-5.1.8-6.el9_1.s390x.rpm bash-debugsource-5.1.8-6.el9_1.s390x.rpm bash-devel-5.1.8-6.el9_1.s390x.rpm x86_64: bash-debuginfo-5.1.8-6.el9_1.x86_64.rpm bash-debugsource-5.1.8-6.el9_1.x86_64.rpm bash-devel-5.1.8-6.el9_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-3715 https://access.redhat.com/security/updates/classification#moderate https://access.redhat.com/security/cve/CVE-2022-3715 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBY863KNzjgjWX9erEAQhIZBAAo/lY8ek5dJ6LlRQ8351XJZLUfligGFh0 1bv+iPZVNZQRBuPV/Xeuw7sUdaWRYbU6K4AbfvhVIkg4ACULbdE+Y/kIHTjdVJps swV2+JTloh/66ogRemVatLoghmYnBjtviXz+GerKxLgy43FCtGrbh/i9tvdbEaEy 81boSU/rfbNFX5N8R90b4TSm6jtRXTnoMpvn+Bn71KrTMPEPmf8qfJX7xLOd6Ox2 ciA8Dzo++xS3L4LR/LEOlyb/gF6nnFzEkhxaGsGMy/yD3qGzyQPrK62AnsQ6l8B7 5kHCtio3YIrT5Ok3Gftm1oXu2RvcKBX/Uqv8ZptAvFd9Ish9mFa0P4eqs1rJnaDW moabz4QUywwjP2mx5qx/4N9Wni9/Sk2NKxJKsI6UVhzJuqLDsqTC8A9a+9p+8D1s XiksypV2DRPp++HTzVn+ttx8VUYKr7M7XvEcDAKFUSVyQ424/uwyzPjdPc5HlwgX qVbp8rtFjktkcmYEGc974nt2aNNCv3AjP/deNOIK51jG0q/BkSJryt/vPBa2FaSe SVz0EUb9sDbwnfQ6rmQ3lgpRZOfjX5IVZtLMztJBOC6E2UpPckveHxYWdeR/DOYA fJ4946krE+4vtXyA+2l6URsxTJAp8ZUrOzPXgOz1sRKFWnIu7P4IKVwWuKl0Lbu+ hZv7kALzBgY=c7wc -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Oracle has announced a critical Java update for JRE 17 aimed at resolving a significant security vulnerability recognized in CVE-2023-1234.. Red Hat Enterprise,bash security update,heap overflow. . LinuxSecurity.com Team

Calendar%202 Jan 23, 2023 Red Hat
219

Rocky Linux 9 RLSA-2023:0340 Moderate Bash Heap Overflow Fix

Moderate: bash security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2023:0340", "synopsis": "Moderate: bash security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for bash.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The bash packages provide Bash (Bourne-again shell), which is the default shell for Rocky Linux.\n\nSecurity Fix(es):\n\n* bash: a heap-buffer-overflow in valid_parameter_transform (CVE-2022-3715)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2126720", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2126720", "description": ""}], "cves": [{"name": "CVE-2022-3715", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2022-3715", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "cvss3BaseScore": "5.5", "cwe": "CWE-119-> CWE-787"}], "references": [], "publishedAt": "2023-01-23T14:30:41Z", "rpms": {"Rocky Linux 9": {"nvras": ["bash-0:5.1.8-6.el9_1.aarch64.rpm", "bash-0:5.1.8-6.el9_1.ppc64le.rpm", "bash-0:5.1.8-6.el9_1.s390x.rpm", "bash-0:5.1.8-6.el9_1.src.rpm", "bash-0:5.1.8-6.el9_1.x86_64.rpm", "bash-debuginfo-0:5.1.8-6.el9_1.aarch64.rpm", "bash-debuginfo-0:5.1.8-6.el9_1.ppc64le.rpm", "bash-debuginfo-0:5.1.8-6.el9_1.s390x.rpm", "bash-debuginfo-0:5.1.8-6.el9_1.x86_64.rpm", "bash-debugsource-0:5.1.8-6.el9_1.aarch64.rpm", "bash-debugsource-0:5.1.8-6.el9_1.ppc64le.rpm", "bash-debugsource-0:5.1.8-6.el9_1.s390x.rpm", "bash-debugsource-0:5.1.8-6.el9_1.x86_64.rpm", "bash-devel-0:5.1.8-6.el9_1.aarch64.rpm", "bash-devel-0:5.1.8-6.el9_1.ppc64le.rpm", "bash-devel-0:5.1.8-6.el9_1.s390x.rpm","bash-devel-0:5.1.8-6.el9_1.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. A crucial update for the Bash shell has been released for Rocky Linux 9, rectifying a significant heap overflow vulnerability that poses serious risks.. Rocky Linux Security Update, Bash Security Patch, Heap Overflow Issue. . LinuxSecurity.com Team

Calendar%202 Jan 23, 2023 Rocky Linux
203

Mageia 8 - MGASA-2022-0358 Moderate: Bash Null Check Update

Bash has been updated to version 5.1.16 using a patch from Fedora to fix a security issue by adding a null check in the parameter_brace_transform() function. References: . MGASA-2022-0358 - Updated bash packages fix security vulnerability Publication date: 05 Oct 2022 URL: https://advisories.mageia.org/MGASA-2022-0358.html Type: security Affected Mageia releases: 8 Bash has been updated to version 5.1.16 using a patch from Fedora to fix a security issue by adding a null check in the parameter_brace_transform() function. References: - https://bugs.mageia.org/show_bug.cgi?id=30919 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/74PP54LG2K7UGPIE2CEEQU7MJD4HBMS7/ SRPMS: - 8/core/bash-5.1-16.1.mga8 . The Bash shell has received an update to version 5.1.16, addressing a security vulnerability concerning null verification in parameter_brace_transform.. Bash Security Update,Mageia 8,Parameter Brace Transform,Software Patch. . LinuxSecurity.com Team

Calendar%202 Oct 05, 2022 Mageia
89

Fedora: 2022-5b644a935b Moderate: Bash Null Check Issue Resolved

Add a null check in parameter_brace_transform() function. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-5b644a935b 2022-10-05 01:03:41.175274 --------------------------------------------------------------------------------Name : bash Product : Fedora 35 Version : 5.1.8 Release : 3.fc35 URL : Summary : The GNU Bourne Again shell Description : The GNU Bourne Again shell (Bash) is a shell or command language interpreter that is compatible with the Bourne shell (sh). Bash incorporates useful features from the Korn shell (ksh) and the C shell (csh). Most sh scripts can be run by bash without modification. --------------------------------------------------------------------------------Update Information: Add a null check in parameter_brace_transform() function --------------------------------------------------------------------------------ChangeLog: * Mon Sep 26 2022 Siteshwar Vashisht - 5.1.8-3 - Add a null check in parameter_brace_transform() function Resolves: #2122331 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-5b644a935b' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Resolve the null check issue in the parameter_brace_transform() function with this Fedora bash update.. Fedora Bash Update, Shell Interpreter Upgrade, Null Check Fix. . LinuxSecurity.com Team

Calendar%202 Oct 04, 2022 Fedora
89

Fedora 36: FEDORA-2022-4ff296fe8e critical: Bash Function Check

Add a null check in parameter_brace_transform() function. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-4ff296fe8e 2022-09-30 01:18:38.677711 --------------------------------------------------------------------------------Name : bash Product : Fedora 36 Version : 5.1.16 Release : 3.fc36 URL : Summary : The GNU Bourne Again shell Description : The GNU Bourne Again shell (Bash) is a shell or command language interpreter that is compatible with the Bourne shell (sh). Bash incorporates useful features from the Korn shell (ksh) and the C shell (csh). Most sh scripts can be run by bash without modification. --------------------------------------------------------------------------------Update Information: Add a null check in parameter_brace_transform() function --------------------------------------------------------------------------------ChangeLog: * Mon Sep 26 2022 Siteshwar Vashisht - 5.1.16-3 - Add a null check in parameter_brace_transform() function Resolves: #2122331 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-4ff296fe8e' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Ubuntu 22.04 introduces a significant upgrade to Python, focusing on vital performance improvements to ensure reliability.. Fedora Update, Bash Shell, Parameter Check, Function Update, System Stability. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Sep 29, 2022 Critical Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200