Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

Stay Secure with the Latest Linux Advisories

Opensuse Large Esm H800
openSUSE

openSUSE Chromedriver Moderate Security Issues Fixed 2026-10958-1

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed libmozjs Moderate Update CVE-2025-70103

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed Perl HTML Parser Moderate CVE-2026-8829 Advisory

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H800
openSUSE

openSUSE Tumbleweed kernel-devel Moderate Security Issue 2026-10954-1

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed Gleam Moderate Threat Fixed 2026-10953-1

Calendar White Jun 08, 2026
moderate
Ubuntu Large Esm H900
Ubuntu

Ubuntu 25.10 Systemd Critical Arbitrary Code Exec DNS Issues USN-8402-1

Calendar White Jun 08, 2026
Critical
Opensuse Large Esm H800
openSUSE

openSUSE Epiphany Important Password Handling Issue CVE-2023-26081

Calendar White Jun 08, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS 8399-1 Pillow Denial of Service Risk CVE-2026-42308

Calendar White Jun 08, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS Poppler Critical DoS Code Execution Vuln USN-8400-1

Calendar White Jun 08, 2026
Critical
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -4 articles for you...
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisoryupdatedebian

Debian LTS: DLA-4101-1: varnish Security Advisory Updates

A HTTP/1 client-side desync vulnerability has been fixed in Varnish, a caching HTTP reverse proxy. For Debian 11 bullseye, this problem has been fixed in version . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4101-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Adrian Bunk March 31, 2025 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : varnish Version : 6.5.1-1+deb11u4 CVE ID : CVE-2025-30346 A HTTP/1 client-side desync vulnerability has been fixed in Varnish, a caching HTTP reverse proxy. For Debian 11 bullseye, this problem has been fixed in version 6.5.1-1+deb11u4. We recommend that you upgrade your varnish packages. For the detailed security status of varnish please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/varnish Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Upgrade Varnish for Debian 11 to fix critical HTTP desync vulnerability with CVE-2025-30346. Stay secure!. http/1, client-side, desync, vulnerability, varnish, caching, reverse, proxy. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Mar 31, 2025 Critical Debian LTS
219
Ls Advisories Rockylinux Esm H240
Price Tag 1security advisorycriticalDoS

Rocky Linux 9 RLSA-2023:4099 Critical: BIND DoS Security Fix

Important: bind security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2023:4099", "synopsis": "Important: bind security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for bind.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es):\n\n* bind: named's configured cache size limit can be significantly exceeded (CVE-2023-2828)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2216227", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2216227", "description": ""}], "cves": [{"name": "CVE-2023-2828", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2023-2828", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "UNKNOWN"}], "references": [], "publishedAt": "2023-08-08T12:34:57.744690Z", "rpms": {"Rocky Linux 9": {"nvras": ["bind-devel-32:9.16.23-11.el9_2.1.aarch64.rpm", "bind-32:9.16.23-11.el9_2.1.aarch64.rpm", "bind-32:9.16.23-11.el9_2.1.ppc64le.rpm", "bind-32:9.16.23-11.el9_2.1.s390x.rpm", "bind-32:9.16.23-11.el9_2.1.src.rpm", "bind-32:9.16.23-11.el9_2.1.x86_64.rpm", "bind-chroot-32:9.16.23-11.el9_2.1.aarch64.rpm", "bind-chroot-32:9.16.23-11.el9_2.1.ppc64le.rpm", "bind-chroot-32:9.16.23-11.el9_2.1.s390x.rpm", "bind-chroot-32:9.16.23-11.el9_2.1.x86_64.rpm","bind-debuginfo-32:9.16.23-11.el9_2.1.aarch64.rpm", "bind-debuginfo-32:9.16.23-11.el9_2.1.ppc64le.rpm", "bind-debuginfo-32:9.16.23-11.el9_2.1.s390x.rpm", "bind-debuginfo-32:9.16.23-11.el9_2.1.x86_64.rpm", "bind-debugsource-32:9.16.23-11.el9_2.1.aarch64.rpm", "bind-debugsource-32:9.16.23-11.el9_2.1.ppc64le.rpm", "bind-debugsource-32:9.16.23-11.el9_2.1.s390x.rpm", "bind-debugsource-32:9.16.23-11.el9_2.1.x86_64.rpm", "bind-devel-32:9.16.23-11.el9_2.1.i686.rpm", "bind-devel-32:9.16.23-11.el9_2.1.ppc64le.rpm", "bind-devel-32:9.16.23-11.el9_2.1.s390x.rpm", "bind-devel-32:9.16.23-11.el9_2.1.x86_64.rpm", "bind-dnssec-doc-32:9.16.23-11.el9_2.1.noarch.rpm", "bind-dnssec-utils-32:9.16.23-11.el9_2.1.aarch64.rpm", "bind-dnssec-utils-32:9.16.23-11.el9_2.1.ppc64le.rpm", "bind-dnssec-utils-32:9.16.23-11.el9_2.1.s390x.rpm", "bind-dnssec-utils-32:9.16.23-11.el9_2.1.x86_64.rpm", "bind-dnssec-utils-debuginfo-32:9.16.23-11.el9_2.1.aarch64.rpm", "bind-dnssec-utils-debuginfo-32:9.16.23-11.el9_2.1.ppc64le.rpm", "bind-dnssec-utils-debuginfo-32:9.16.23-11.el9_2.1.s390x.rpm", "bind-dnssec-utils-debuginfo-32:9.16.23-11.el9_2.1.x86_64.rpm", "bind-doc-32:9.16.23-11.el9_2.1.noarch.rpm", "bind-libs-32:9.16.23-11.el9_2.1.aarch64.rpm", "bind-libs-32:9.16.23-11.el9_2.1.i686.rpm", "bind-libs-32:9.16.23-11.el9_2.1.ppc64le.rpm", "bind-libs-32:9.16.23-11.el9_2.1.s390x.rpm", "bind-libs-32:9.16.23-11.el9_2.1.x86_64.rpm", "bind-libs-debuginfo-32:9.16.23-11.el9_2.1.aarch64.rpm", "bind-libs-debuginfo-32:9.16.23-11.el9_2.1.ppc64le.rpm", "bind-libs-debuginfo-32:9.16.23-11.el9_2.1.s390x.rpm", "bind-libs-debuginfo-32:9.16.23-11.el9_2.1.x86_64.rpm", "bind-license-32:9.16.23-11.el9_2.1.noarch.rpm", "bind-utils-32:9.16.23-11.el9_2.1.aarch64.rpm", "bind-utils-32:9.16.23-11.el9_2.1.ppc64le.rpm", "bind-utils-32:9.16.23-11.el9_2.1.s390x.rpm", "bind-utils-32:9.16.23-11.el9_2.1.x86_64.rpm", "bind-utils-debuginfo-32:9.16.23-11.el9_2.1.aarch64.rpm", "bind-utils-debuginfo-32:9.16.23-11.el9_2.1.ppc64le.rpm", "bind-utils-debuginfo-32:9.16.23-11.el9_2.1.s390x.rpm","bind-utils-debuginfo-32:9.16.23-11.el9_2.1.x86_64.rpm", "python3-bind-32:9.16.23-11.el9_2.1.noarch.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Critical BIND security patch released for Rocky Linux 9 to resolve serious cache overflow vulnerabilities and improve overall system security.. BIND Update,Rack Linux Security,Cache Limit Issues,Security Update 2023,Rocky Linux Advisory. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Aug 08, 2023 Important Rocky Linux
Banner 3 1028x280 1708121785 1771599793
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorycriticaldebian

Debian 10 DLA-3164-1 Critical: Django Permissions And Cache Threats

Multiple vulnerabilities were discovered in Django, a popular Python-based web development framework: * CVE-2020-24583: Fix incorrect permissions on intermediate-level . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3164-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Chris Lamb October 28, 2022 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : python-django Version : 1:1.11.29-1+deb10u2 CVE IDs : CVE-2020-24583 CVE-2020-24584 CVE-2021-3281 CVE-2021-23336 CVE-2022-34265 Debian Bugs : 969367 981562 983090 1014541 Multiple vulnerabilities were discovered in Django, a popular Python-based web development framework: * CVE-2020-24583: Fix incorrect permissions on intermediate-level directories on Python 3.7+. FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files and to intermediate-level collected static directories when using the collectstatic management command. You should review and manually fix permissions on existing intermediate-level directories. * CVE-2020-24584: Correct permission escalation vulnerability in intermediate-level directories of the file system cache. On Python 3.7 and above, the intermediate-level directories of the file system cache had the system's standard umask rather than 0o077 (no group or others permissions). * CVE-2021-3281: Fix a potential directory-traversal exploit via archive.extract(). The django.utils.archive.extract() function, used by startapp --template and startproject --template, allowed directory traversal via an archive with absolute paths or relative paths with dot segments. * CVE-2021-23336: Prevent a web cache poisoning attack via "parameter cloaking". Django contains a copy ofurllib.parse.parse_qsl() which was added to backport some security fixes. A further security fix has been issued recently such that parse_qsl() no longer allows using ";" as a query parameter separator by default. * CVE-2022-34265: The Trunc() and Extract() database functions were subject to a potential SQL injection attach if untrusted data was used as a value for the "kind" or "lookup_name" parameters. Applications that constrain the choice to a known safe list were unaffected. For Debian 10 buster, these problems have been fixed in version 1:1.11.29-1+deb10u2. We recommend that you upgrade your python-django packages. For the detailed security status of python-django please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/python-django Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . A series of vulnerabilities in Django has been rectified in this Debian LTS release to bolster the protection of web applications.. Django Update, Python Framework Security, Debian Advisories. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Oct 28, 2022 Critical Debian LTS
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryFedorabug fix

Fedora 27: Critical Knot Resolver Update Addresses DNS Issues

Knot Resolver 2.1.0 (2018-02-16) changes -------------------- - stats: remove tracking of expiring records (predict uses another way) - systemd: re-use a single kresd.socket and kresd- tls.socket - ta_sentinel: implement protocol draft-ietf-dnsop-kskroll- sentinel-01 (our draft-ietf-dnsop-kskroll-sentinel-00 implementation had. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-fe5a6ed3b7 2018-02-27 17:16:42.082266 --------------------------------------------------------------------------------Name : knot-resolver Product : Fedora 27 Version : 2.1.0 Release : 1.fc27 URL : https://www.knot-resolver.cz/ Summary : Caching full DNS Resolver Description : The Knot DNS Resolver is a caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions. The package is pre-configured as local caching resolver. To start using it, start a single kresd instance: If you run into issues with activation of the service or its sockets, either update your selinux-policy package or turn off selinux (setenforce 0). https://bugzilla.redhat.com/show_bug.cgi?id=1366968 https://bugzilla.redhat.com/show_bug.cgi?id=1543049 --------------------------------------------------------------------------------Update Information: Knot Resolver 2.1.0 (2018-02-16) ================================ Incompatible changes -------------------- - stats: remove tracking of expiring records (predict uses another way) - systemd: re-use a single kresd.socket and kresd-tls.socket - ta_sentinel: implement protocol draft-ietf-dnsop-kskroll-sentinel-01 (our draft-ietf-dnsop-kskroll-sentinel-00 implementation had inverted logic) - libknot: require version 2.6.4 or newer to get bugfixes for DNS-over-TLS Bugfixes -------- - detect_time_jump module: don't clear cacheon suspend-resume (#284) - stats module: fix stats.list() returning nothing, regressed in 2.0.0 - policy.TLS_FORWARD: refusal when configuring with multiple IPs (#306) - cache: fix broken refresh of insecure records that were about to expire - fix the hints module on some systems, e.g. Fedora (came back on 2.0.0) - build with older gnutls (conditionally disable features) - fix the predict module to work with insecure records & cleanup code Knot Resolver 2.0.0 (2018-01-31) ================================ Incompatible changes -------------------- - systemd: change unit files to allow running multiple instances, deployments with single instance now must use `This email address is being protected from spambots. You need JavaScript enabled to view it.` instead of `kresd.service`; see kresd.systemd(7) for details - systemd: the directory for cache is now /var/cache/knot-resolver - unify default directory and user to `knot-resolver` - directory with trust anchor file specified by -k option must be writeable - policy module is now loaded by default to enforce RFC 6761; see documentation for policy.PASS if you use locally-served DNS zones -drop support for alternative cache backends memcached, redis, and for Lua bindings for some specific cache operations - REORDER_RR option is not implemented (temporarily) New features ------------ - aggressive caching of validated records (RFC 8198) for NSEC zones; thanks to ICANN for sponsoring this work. - forwarding over TLS, authenticated by SPKI pin or certificate. policy.TLS_FORWARD pipelines queries out-of-order over shared TLS connection Beware: Some resolvers do not support out-of-order query processing. TLS forwarding to such resolvers will lead to slower resolution or failures. - trust anchors: you may specify a read-only file via -K or --keyfile-ro - trust anchors: at build-time you may set KEYFILE_DEFAULT (read-only) - ta_sentinel module implements draft ietf-dnsop-kskroll-sentinel-00, enabled by default -serve_stale module is prototype, subject to change - extended API for Lua modules Bugfixes -------- -fix build on osx - regressed in 1.5.3 (different linker option name) ---- Knot Resolver 1.5.3 (2018-01-23) ================================ Bugfixes -------- - fix the hints module on some systems, e.g. Fedora. Symptom: `undefined symbol: engine_hint_root_file` Knot Resolver 1.5.2 (2018-01-22) ================================ Security -------- - fix CVE-2018-1000002: insufficient DNSSEC validation, allowing attackers to deny existence of some data by forging packets. Some combinations pointed out in RFC 6840 sections 4.1 and 4.3 were not taken into account. Bugfixes -------- - memcached: fix fallout from module rename in 1.5.1 Knot Resolver 1.5.1 (2017-12-12) ================================ Incompatible changes -------------------- - script supervisor.py was removed, please migrate to a real process manager - module ketcd was renamed to etcd for consistency -module kmemcached was renamed to memcached for consistency Bugfixes -------- -fix SIGPIPE crashes (#271) - tests: work around out-of-space for platforms with larger memory pages - lua: fix mistakes in bindings affecting 1.4.0 and 1.5.0 (and 1.99.1-alpha), potentially causing problems in dns64 and workarounds modules - predict module: various fixes (!399) Improvements ------------ - add priming module to implement RFC 8109, enabled by default (#220) - add modules helping with system time problems, enabled by default; for details see documentation of detect_time_skew and detect_time_jump --------------------------------------------------------------------------------References: [ 1 ] Bug #1537462 - CVE-2018-1000002 knot-resolver: Insufficient DNSSEC validation https://bugzilla.redhat.com/show_bug.cgi?id=1537462 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade knot-resolver' at the command line. For more information, refer to the dnf documentation availableat https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. . Knot Resolver release for Fedora 27 brings crucial patches and enhancements. Safeguard system integrity and optimize efficiency.. Knot Resolver Update, DNS Security Fixes, Fedora Software Update. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Feb 27, 2018 Critical Fedora
Banner 3 1028x280 1708121785 1771599793
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorymoderateFedora

Fedora 24: FEDORA-2017-081fc9ad77 Moderate: Knot Resolver Security Update

Update to upstream version 1.3.1.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-081fc9ad77 2017-07-20 13:50:14.517600 --------------------------------------------------------------------------------Name : knot-resolver Product : Fedora 24 Version : 1.3.1 Release : 1.fc24 URL : https://www.knot-resolver.cz/ Summary : Caching full DNS Resolver Description : The Knot DNS Resolver is a caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions. The package is pre-configured as local caching resolver. To start using it, just start the local DNS socket: BEWARE: Because of https://bugzilla.redhat.com/show_bug.cgi?id=1366968 you need to switch your system to SELinux permissive mode. --------------------------------------------------------------------------------Update Information: Update to upstream version 1.3.1. --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade knot-resolver' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. . Knot resolver upgraded to version 1.3.1 for improved security on Fedora 24 installations. Install using dnf upgrade command.. FedoraUpdate,knot resolver,security advisory. . LinuxSecurity.com Team

Calendar 2 Jul 20, 2017 Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here