Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 538
Alerts This Week
Warning Icon 1 538

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is application sandboxing truly safe?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/155-is-application-sandboxing-truly-safe?task=poll.vote&format=json
155
radio
0
[{"id":500,"title":"Malware still escapes container walls.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":501,"title":"Supply chains corrupt trusted packages.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":502,"title":"Convenience consistently compromises strict security.","votes":1,"type":"x","order":3,"pct":100,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -1 articles for you...
202

openSUSE Tumbleweed c3p0 Moderate CVE-2026-55223 Advisory 2026-11166-1

An update that solves one vulnerability can now be installed.. # c3p0-0.14.1-1.1 on GA media Announcement ID: openSUSE-SU-2026:11166-1 Rating: moderate Cross-References: * CVE-2026-55223 Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the c3p0-0.14.1-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * c3p0 0.14.1-1.1 * c3p0-javadoc 0.14.1-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-55223.html . An update for openSUSE Tumbleweed's c3p0-0.14.1-1.1 addresses a moderate security issue, CVE-2026-55223.. openSUSE,c3p0,security update,threat mitigation,software vulnerabilities. . LinuxSecurity.com Team

Calendar%202 Jul 02, 2026 OpenSUSE
202

openSUSE Leap 15.4 15.6 Important c3p0 mchange-commons Fix SUSE-2026-0855-1

An update that solves two vulnerabilities and has one security fix can now be installed.. # Security update for c3p0 and mchange-commons Announcement ID: SUSE-SU-2026:0855-1 Release Date: 2026-03-10T05:06:42Z Rating: important References: * bsc#1258913 * bsc#1258942 * bsc#1259313 Cross-References: * CVE-2026-27727 * CVE-2026-27830 CVSS scores: * CVE-2026-27727 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-27727 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-27727 ( NVD ): 8.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27830 ( SUSE ): 8.9 CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-27830 ( SUSE ): 8.0 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-27830 ( NVD ): 8.9 CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for c3p0 and mchange-commons fixes the following issues: c3p0: * Security issues fixed: * CVE-2026-27830: Fixed unsafe object deserialization (bsc#1258942) * Fix the null pointer exception in the userOverridesAsString method (bsc#1259313). mchange-commons: * Security issues fixed: * CVE-2026-27727: Disabled remote ClassLoading when dereferencing javax.naming.Reference instances (bsc#1258913) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patchSUSE-2026-855=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-855=1 ## Package List: * openSUSE Leap 15.4 (noarch) * c3p0-0.9.5.5-150400.3.5.1 * c3p0-javadoc-0.9.5.5-150400.3.5.1 * mchange-commons-javadoc-0.2.20-150400.3.3.1 * mchange-commons-0.2.20-150400.3.3.1 * openSUSE Leap 15.6 (noarch) * c3p0-0.9.5.5-150400.3.5.1 * c3p0-javadoc-0.9.5.5-150400.3.5.1 * mchange-commons-javadoc-0.2.20-150400.3.3.1 * mchange-commons-0.2.20-150400.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-27727.html * https://www.suse.com/security/cve/CVE-2026-27830.html * https://bugzilla.suse.com/show_bug.cgi?id=1258913 * https://bugzilla.suse.com/show_bug.cgi?id=1258942 * https://bugzilla.suse.com/show_bug.cgi?id=1259313 . Two important updates for c3p0 and mchange-commons address critical security issues on openSUSE systems.. openSUSE security update c3p0 mchange-commons. . LinuxSecurity.com Team

Calendar%202 Mar 10, 2026 OpenSUSE
202

openSUSE Tumbleweed c3p0 Moderate Vulnerability Patch 2026-10279-1

An update that solves one vulnerability can now be installed.. # c3p0-0.12.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10279-1 Rating: moderate Cross-References: * CVE-2026-27727 CVSS scores: * CVE-2026-27727 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-27727 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the c3p0-0.12.0-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * c3p0 0.12.0-1.1 * c3p0-javadoc 0.12.0-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-27727.html . Update for c3p0 0.12.0-1.1 on openSUSE Tumbleweed fixes moderate vulnerabilities with high CVSS scores.. openSUSE update,c3p0 security fix,openSUSE vulnerabilities,update package,c3p0 access control. . LinuxSecurity.com Team

Calendar%202 Mar 05, 2026 OpenSUSE
172

Ubuntu 21.10: USN-5294-1 Critical: c3p0 Vulnerability Mitigation

c3p0 could be made to crash if it opened a specially crafted file.. =========================================================================Ubuntu Security Notice USN-5293-1 February 21, 2022 c3p0 vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: c3p0 could be made to crash if it opened a specially crafted file. Software Description: - c3p0: JDBC Connection pooling library Details: Aaron Massey discovered that c3p0 could be made to crash when parsing certain input. An attacker able to modify the application's XML configuration file could cause a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: libc3p0-java 0.9.1.2-10ubuntu0.21.10.1 Ubuntu 20.04 LTS: libc3p0-java 0.9.1.2-10ubuntu0.20.04.1 Ubuntu 18.04 LTS: libc3p0-java 0.9.1.2-9+deb8u1ubuntu0.18.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5293-1 CVE-2019-5427 Package Information: https://launchpad.net/ubuntu/+source/c3p0/0.9.1.2-10ubuntu0.21.10.1 https://launchpad.net/ubuntu/+source/c3p0/0.9.1.2-10ubuntu0.20.04.1 https://launchpad.net/ubuntu/+source/c3p0/0.9.1.2-9+deb8u1ubuntu0.18.04.1 . A c3p0 security flaw may result in app failure when handling certain documents. Ensure you upgrade your system to remedy this issue.. Ubuntu Update,c3p0 Security Advisory,Denial Of Service Crash,XML Configuration Issue. . LinuxSecurity.com Team

Calendar%202 Feb 22, 2022 Ubuntu
203

Mageia 7: MGASA-2020-0051 Critical: c3p0 XML External Entity Issue

An XML external entity processing vulnerability was found in extractXmlConfigFromInputStream function in c3p0 (CVE-2018-20433). c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive . MGASA-2020-0051 - Updated c3p0 packages fix security vulnerabilities Publication date: 28 Jan 2020 URL: https://advisories.mageia.org/MGASA-2020-0051.html Type: security Affected Mageia releases: 7 CVE: CVE-2018-20433, CVE-2019-5427 An XML external entity processing vulnerability was found in extractXmlConfigFromInputStream function in c3p0 (CVE-2018-20433). c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration (CVE-2019-5427). References: - https://bugs.mageia.org/show_bug.cgi?id=25906 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/BFIVX6HOVNLAM7W3SUAMHYRNLCVQSAWR/ - https://www.cve.org/CVERecord?id=CVE-2018-20433 - https://www.cve.org/CVERecord?id=CVE-2019-5427 SRPMS: - 7/core/c3p0-0.9.5.4-1.mga7 . The latest c3p0 package updates target XML handling flaws in Mageia. Essential information within.. c3p0 Update, Mageia Security, XML Entity Processing, Security Advisories, Software Vulnerabilities. . LinuxSecurity.com Team

Calendar%202 Jan 28, 2020 Mageia
89

Fedora 29: 2019-063672154a Critical c3p0 XML DoS Vulnerability Patch

Update to version 0.9.5.4. Resolves CVE-2018-20433 and CVE-2019-5427.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-063672154a 2019-05-29 02:59:05.245232 --------------------------------------------------------------------------------Name : c3p0 Product : Fedora 29 Version : 0.9.5.4 Release : 1.fc29 URL : https://github.com/swaldman/c3p0 Summary : JDBC DataSources/Resource Pools Description : c3p0 is an easy-to-use library for augmenting traditional JDBC drivers with JNDI-bindable DataSources, including DataSources that implement Connection and Statement Pooling, as described by the jdbc3 spec and jdbc2 standard extension. --------------------------------------------------------------------------------Update Information: Update to version 0.9.5.4. Resolves CVE-2018-20433 and CVE-2019-5427. --------------------------------------------------------------------------------ChangeLog: * Tue May 14 2019 Alexander Scheel - 0.9.5.4-1 - Updated version number to match Fedora Packaging Standards - Rebase to upstream release 0.9.5.4 - Resolves rhbz#1709861 / CVE-2019-5427 --------------------------------------------------------------------------------References: [ 1 ] Bug #1664730 - CVE-2018-20433 c3p0: XML external entity processing in extractXmlConfigFromInputStream [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1664730 [ 2 ] Bug #1709861 - CVE-2019-5427 c3p0: loading XML configuration leads to denial of service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1709861 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-063672154a' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with theFedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Upgrading to c3p0 0.9.5.5 on Fedora 30 successfully resolves major security issues.. c3p0 Security Update,Fedora 29,Critical Update,Open Source Security. . LinuxSecurity.com Team

Calendar%202 May 28, 2019 Fedora
89

Fedora 30 c3p0 Security Update: Fixes for XML Processing Issues

Update to version 0.9.5.4. Resolves CVE-2018-20433 and CVE-2019-5427.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-cb14e234fc 2019-05-29 00:48:54.205181 --------------------------------------------------------------------------------Name : c3p0 Product : Fedora 30 Version : 0.9.5.4 Release : 1.fc30 URL : https://github.com/swaldman/c3p0 Summary : JDBC DataSources/Resource Pools Description : c3p0 is an easy-to-use library for augmenting traditional JDBC drivers with JNDI-bindable DataSources, including DataSources that implement Connection and Statement Pooling, as described by the jdbc3 spec and jdbc2 standard extension. --------------------------------------------------------------------------------Update Information: Update to version 0.9.5.4. Resolves CVE-2018-20433 and CVE-2019-5427. --------------------------------------------------------------------------------ChangeLog: * Tue May 14 2019 Alexander Scheel - 0.9.5.4-1 - Updated version number to match Fedora Packaging Standards - Rebase to upstream release 0.9.5.4 - Resolves rhbz#1709861 / CVE-2019-5427 --------------------------------------------------------------------------------References: [ 1 ] Bug #1709861 - CVE-2019-5427 c3p0: loading XML configuration leads to denial of service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1709861 [ 2 ] Bug #1664730 - CVE-2018-20433 c3p0: XML external entity processing in extractXmlConfigFromInputStream [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1664730 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-cb14e234fc' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with theFedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Fedora 30 releases enhancements to c3p0 addressing potential DoS threats linked to XML parsing flaws. Essential security protocols advised.. c3p0 Security Update, Fedora Security, Denial of Service Fix. . LinuxSecurity.com Team

Calendar%202 May 28, 2019 Fedora
197

Debian 8: DLA-1621-1 Critical: c3p0 XML External Entity Threat

A XML External Entity (XXE) vulnerability was discovered in c3p0, a library for JDBC connection pooling, that may be used to resolve information outside of the intended sphere of control. . Package : c3p0 Version : 0.9.1.2-9+deb8u1 CVE ID : CVE-2018-20433 Debian Bug : 917257 A XML External Entity (XXE) vulnerability was discovered in c3p0, a library for JDBC connection pooling, that may be used to resolve information outside of the intended sphere of control. For Debian 8 "Jessie", this problem has been fixed in version 0.9.1.2-9+deb8u1. We recommend that you upgrade your c3p0 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Package : c3p0 Version : 0.9.1.2-9+deb8u1 CVE ID : CVE-2018-20433 Debian Bug : 917257 A XML External. external, entity, (xxe), vulnerability, library, connection. . LinuxSecurity.com Team

Calendar%202 Dec 28, 2018 Debian LTS
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is application sandboxing truly safe?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/155-is-application-sandboxing-truly-safe?task=poll.vote&format=json
155
radio
0
[{"id":500,"title":"Malware still escapes container walls.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":501,"title":"Supply chains corrupt trusted packages.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":502,"title":"Convenience consistently compromises strict security.","votes":1,"type":"x","order":3,"pct":100,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200