Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -4 articles for you...
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedorasoftware update

Fedora 41: FEDORA-2025-7c4a6154e5 critical: trafficserver request smuggling

Resolves CVE-2024-53868. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-7c4a6154e5 2025-04-23 02:12:49.731411+00:00 -------------------------------------------------------------------------------- Name : trafficserver Product : Fedora 41 Version : 9.2.10 Release : 1.fc41 URL : https://trafficserver.apache.org/ Summary : Fast, scalable and extensible HTTP/1.1 and HTTP/2 caching proxy server Description : Traffic Server is a high-performance building block for cloud services. It's more than just a caching proxy server; it also has support for plugins to build large scale web applications. Key features: Caching - Improve your response time, while reducing server load and bandwidth needs by caching and reusing frequently-requested web pages, images, and web service calls. Proxying - Easily add keep-alive, filter or anonymize content requests, or add load balancing by adding a proxy layer. Fast - Scales well on modern SMP hardware, handling 10s of thousands of requests per second. Extensible - APIs to write your own plug-ins to do anything from modifying HTTP headers to handling ESI requests to writing your own cache algorithm. Proven - Handling over 400TB a day at Yahoo! both as forward and reverse proxies, Apache Traffic Server is battle hardened. -------------------------------------------------------------------------------- Update Information: Resolves CVE-2024-53868 -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 13 2025 Jered Floyd 9.2.10-1 - Update to upstream 9.2.10 - Resolves CVE-2024-53868 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2356761 - trafficserver-10.0.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=2356761 [ 2 ] Bug #2357159 - CVE-2024-53868 trafficserver: Apache Traffic Server: Malformed chunkedmessage body allows request smuggling [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2357159 [ 3 ] Bug #2357160 - CVE-2024-53868 trafficserver: Apache Traffic Server: Malformed chunked message body allows request smuggling [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2357160 [ 4 ] Bug #2357161 - CVE-2024-53868 trafficserver: Apache Traffic Server: Malformed chunked message body allows request smuggling [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2357161 [ 5 ] Bug #2357162 - CVE-2024-53868 trafficserver: Apache Traffic Server: Malformed chunked message body allows request smuggling [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2357162 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-7c4a6154e5' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: . The recent Fedora 41 update for Trafficserver addresses a severe vulnerability related to improper handling of chunked message bodies, ensuring enhanced security and stability.. TrafficServerUpdate, Fedora Security, HTTP Proxy Fixes. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Apr 23, 2025 Critical Fedora
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorycriticaldebian

Debian 10: DLA-3279-1 Critical: Trafficserver Input Validation Issues

Multiple vulnerabilities were found in trafficserver, a caching proxy server. CVE-2021-37150 . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3279-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Abhijith PA January 23, 2023 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : trafficserver Version : 8.0.2+ds-1+deb10u7 CVE ID : CVE-2021-37150 CVE-2022-25763 CVE-2022-28129 CVE-2022-31780 Multiple vulnerabilities were found in trafficserver, a caching proxy server. CVE-2021-37150 Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources CVE-2022-25763 Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks. CVE-2022-28129 Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers CVE-2022-31780 Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests. For Debian 10 buster, these problems have been fixed in version 8.0.2+ds-1+deb10u7. We recommend that you upgrade your trafficserver packages. For the detailed security status of trafficserver please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/trafficserver Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Several problems identified in trafficserver impacting its caching abilities and proxy functionality. A system upgrade is suggested to enhance security.. DebianTrafficserver Security, Proxy Server Issues, Input Validation Attacks. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jan 23, 2023 Critical Debian LTS
Banner 3 1028x280 1708121785 1771599793
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorycritical issuefedora

Fedora 37: 2022-62b61a8542 Critical: Trafficserver 9.1.4 DoS Risks

Traffic Server is a high-performance building block for cloud services. It's more than just a caching proxy server; it also has support for plugins to build large scale web applications. Key features: Caching - Improve your response time, while reducing server load and bandwidth needs by caching and reusing frequently-requested web pages,. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-62b61a8542 2022-12-29 01:09:28.690982 --------------------------------------------------------------------------------Name : trafficserver Product : Fedora 37 Version : 9.1.4 Release : 1.fc37 URL : https://trafficserver.apache.org/ Summary : Fast, scalable and extensible HTTP/1.1 and HTTP/2 caching proxy server Description : Traffic Server is a high-performance building block for cloud services. It's more than just a caching proxy server; it also has support for plugins to build large scale web applications. Key features: Caching - Improve your response time, while reducing server load and bandwidth needs by caching and reusing frequently-requested web pages, images, and web service calls. Proxying - Easily add keep-alive, filter or anonymize content requests, or add load balancing by adding a proxy layer. Fast - Scales well on modern SMP hardware, handling 10s of thousands of requests per second. Extensible - APIs to write your own plug-ins to do anything from modifying HTTP headers to handling ESI requests to writing your own cache algorithm. Proven - Handling over 400TB a day at Yahoo! both as forward and reverse proxies, Apache Traffic Server is battle hardened. --------------------------------------------------------------------------------Update Information: Update to 9.1.4, resolves CVE-2022-32749, CVE-2022-37392, CVE-2022-40743 --------------------------------------------------------------------------------ChangeLog: * Mon Dec 19 2022 Jered Floyd 9.1.4-1 - Update to 9.1.4,resolves CVE-2022-32749, CVE-2022-37392, CVE-2022-40743 --------------------------------------------------------------------------------References: [ 1 ] Bug #2154123 - trafficserver-9.1.4-rc0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2154123 [ 2 ] Bug #2154896 - CVE-2022-32749 trafficserver: server crash under certain conditions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2154896 [ 3 ] Bug #2154897 - CVE-2022-32749 trafficserver: server crash under certain conditions [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2154897 [ 4 ] Bug #2154899 - CVE-2022-37392 trafficserver: ATS is vulnerable to smuggle, cache poison, and DOS attacks [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2154899 [ 5 ] Bug #2154900 - CVE-2022-37392 trafficserver: ATS is vulnerable to smuggle, cache poison, and DOS attacks [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2154900 [ 6 ] Bug #2154902 - CVE-2022-40743 trafficserver: Security issues with the xdebug plugin [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2154902 [ 7 ] Bug #2154903 - CVE-2022-40743 trafficserver: Security issues with the xdebug plugin [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2154903 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-62b61a8542' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send anemail to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Fedora 37 security notice: trafficserver upgrade addresses severe vulnerabilities and boosts cloud application efficiency.. Traffic Server, Fedora Update, Cloud Services, Caching Proxy. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Dec 29, 2022 Critical Fedora
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedoraupdate

Fedora 35: 2022-9832c0c04b Medium: Trafficserver Input Validation

Update to 9.1.3, resolves CVE-2022-25763, CVE-2022-31779, CVE-2021-37150, CVE-2022-28129, CVE-2022-31780. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-9832c0c04b 2022-08-20 01:28:17.889519 --------------------------------------------------------------------------------Name : trafficserver Product : Fedora 35 Version : 9.1.3 Release : 1.fc35 URL : https://trafficserver.apache.org/ Summary : Fast, scalable and extensible HTTP/1.1 and HTTP/2 caching proxy server Description : Traffic Server is a high-performance building block for cloud services. It's more than just a caching proxy server; it also has support for plugins to build large scale web applications. Key features: Caching - Improve your response time, while reducing server load and bandwidth needs by caching and reusing frequently-requested web pages, images, and web service calls. Proxying - Easily add keep-alive, filter or anonymize content requests, or add load balancing by adding a proxy layer. Fast - Scales well on modern SMP hardware, handling 10s of thousands of requests per second. Extensible - APIs to write your own plug-ins to do anything from modifying HTTP headers to handling ESI requests to writing your own cache algorithm. Proven - Handling over 400TB a day at Yahoo! both as forward and reverse proxies, Apache Traffic Server is battle hardened. --------------------------------------------------------------------------------Update Information: Update to 9.1.3, resolves CVE-2022-25763, CVE-2022-31779, CVE-2021-37150, CVE-2022-28129, CVE-2022-31780 --------------------------------------------------------------------------------ChangeLog: * Thu Aug 11 2022 Jered Floyd 9.1.3-1 - Update to 9.1.3, resolves CVE-2022-25763, CVE-2022-31779, CVE-2021-37150, CVE-2022-28129, CVE-2022-31780 - Resolve glibc 2.36 (f37) header incompatibility that caused FTBFS RHBZ#2112282 * Mon Jul 11 2022 JeredFloyd 9.1.2-9 - Don't try to use Crypto Policies on RHEL 7 --------------------------------------------------------------------------------References: [ 1 ] Bug #2117275 - CVE-2022-25763 Apache Traffic Server: Improper input validation in HTTP/2 request validation. https://bugzilla.redhat.com/show_bug.cgi?id=2117275 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-9832c0c04b' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . The latest Fedora update for Traffic Server 9.1.3 brings essential security enhancements and performance upgrades, addressing multiple CVEs for user safety and efficiency. Traffic Server, Fedora Update, Input Validation, Cache Proxy. . Severity: Medium. LinuxSecurity.com Team

Calendar 2 Aug 19, 2022 Medium Fedora
Banner 3 1028x280 1708121785 1771599793
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorysecurity updatedebian

Debian 8: DLA-1847-1 Moderate: Squid3 Cross-Site Scripting Issues

It was discovered that there were multiple cross-site scripting vulnerabilities in the squid3 caching proxy server. For Debian 8 "Jessie", these issues have been fixed in squid3 . Package : squid3 Version : 3.4.8-6+deb8u7 CVE ID : CVE-2019-13345 Debian Bug : #931478 It was discovered that there were multiple cross-site scripting vulnerabilities in the squid3 caching proxy server. For Debian 8 "Jessie", these issues have been fixed in squid3 version 3.4.8-6+deb8u7. We recommend that you upgrade your squid3 packages. Regards, - -- ,'`. : :' : Chris Lamb `. `'` This email address is being protected from spambots. You need JavaScript enabled to view it. / chris-lamb.co.uk `- . Numerous cross-site scripting vulnerabilities in squid3 addressed in Debian 8; it is advisable to upgrade for enhanced security.. cross-site Scripting,squid3 security,Debian update,security fixes. . LinuxSecurity.com Team

Calendar 2 Jul 07, 2019 Debian LTS
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here