Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
172
security advisoryunauthorized accesscriticalUbuntu 20.04 Dogtag PKI Critical Access Renew Advisory USN-8158-1
Dogtag PKI could allow unintended access to network resources.. ========================================================================== Ubuntu Security Notice USN-8158-1 April 08, 2026 dogtag-pki vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Dogtag PKI could allow unintended access to network resources. Software Description: - dogtag-pki: Enterprise-class Certificate Authority Details: Fraser Tweedale and Geetika Kapoor discovered that Dogtag PKI could renew a certificate without proper authentication. An attacker could possibly use this to repeatedly renew a compromised certificate and maintain unauthorized access to a system or resource. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS dogtag-pki 10.8.3-1ubuntu1+esm1 Available with Ubuntu Pro libsymkey-java 10.8.3-1ubuntu1+esm1 Available with Ubuntu Pro libsymkey-jni 10.8.3-1ubuntu1+esm1 Available with Ubuntu Pro pki-base 10.8.3-1ubuntu1+esm1 Available with Ubuntu Pro pki-base-java 10.8.3-1ubuntu1+esm1 Available with Ubuntu Pro pki-ca 10.8.3-1ubuntu1+esm1 Available with Ubuntu Pro pki-console 10.8.3-1ubuntu1+esm1 Available with Ubuntu Pro pki-kra 10.8.3-1ubuntu1+esm1 Available with Ubuntu Pro pki-ocsp 10.8.3-1ubuntu1+esm1 Available with Ubuntu Pro pki-server 10.8.3-1ubuntu1+esm1 Available with Ubuntu Pro pki-tks 10.8.3-1ubuntu1+esm1 Available with Ubuntu Pro pki-tools 10.8.3-1ubuntu1+esm1 Available with Ubuntu Pro pki-tps 10.8.3-1ubuntu1+esm1 Available with Ubuntu Pro pki-tps-client 10.8.3-1ubuntu1+esm1 Available with Ubuntu Pro python3-pki-base 10.8.3-1ubuntu1+esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS dogtag-pki 10.6.0-1ubuntu2+esm1 Available with Ubuntu Pro libsymkey-java 10.6.0-1ubuntu2+esm1 Available with Ubuntu Pro libsymkey-jni 10.6.0-1ubuntu2+esm1 Available with Ubuntu Pro pki-base 10.6.0-1ubuntu2+esm1 Available with Ubuntu Pro pki-base-java 10.6.0-1ubuntu2+esm1 Available with Ubuntu Pro pki-ca 10.6.0-1ubuntu2+esm1 Available with Ubuntu Pro pki-console 10.6.0-1ubuntu2+esm1 Available with Ubuntu Pro pki-kra 10.6.0-1ubuntu2+esm1 Available with Ubuntu Pro pki-ocsp 10.6.0-1ubuntu2+esm1 Available with Ubuntu Pro pki-server 10.6.0-1ubuntu2+esm1 Available with Ubuntu Pro pki-tks 10.6.0-1ubuntu2+esm1 Available with Ubuntu Pro pki-tools 10.6.0-1ubuntu2+esm1 Available with Ubuntu Pro pki-tps 10.6.0-1ubuntu2+esm1 Available with Ubuntu Pro pki-tps-client 10.6.0-1ubuntu2+esm1 Available with Ubuntu Pro python3-pki-base 10.6.0-1ubuntu2+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8158-1 CVE-2021-20179 . Potential unintended access from Dogtag PKI vulnerabilities affects Ubuntu 20.04 and 18.04 LTS. Immediate updates suggested.. dogtag PKI access Ubuntu update security issue. . Severity: Critical. LinuxSecurity.com Team
Apr 08, 2026
•Critical
Ubuntu
202
security advisorymoderatesecurity updateopenSUSE Leap 15.2: 2021:1029-1 Moderate: Icinga2 API and Certificate Issue
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for icinga2 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:1029-1 Rating: moderate References: #1180147 Cross-References: CVE-2020-29663 CVSS scores: CVE-2020-29663 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2020-29663 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for icinga2 fixes the following issues: icinga2 was updated to 2.12.4 * Bugfixes - Fix a crash when notification objects are deleted using the API #8782 - Fix crashes that might occur during downtime scheduling if host or downtime objects are deleted using the API #8785 - Fix an issue where notifications may incorrectly be skipped after a downtime ends #8775 - Don't send reminder notification if the notification is still suppressed by a time period #8808 - Fix an issue where attempting to create a duplicate object using the API might result in the original object being deleted #8787 - IDO: prioritize program status updates #8809 - Improve exceptions handling, including a fix for an uncaught exception on Windows #8777 - Retry file rename operations on Windows to avoid intermittent locking issues #8771 - Update to 2.12.3 * Security - Fix that revoked certificates due for renewal will automatically be renewed ignoring the CRL (Advisory / CVE-2020-29663 - fixes boo#1180147 ) * Bugfixes - Improve config sync locking - resolves high load issues on Windows #8511 - Fix runtime configupdates being ignored for objects without zone #8549 - Use proper buffer size for OpenSSL error messages #8542 * Enhancements - On checkable recovery: re-check children that have a problem #8506 - Update to 2.12.2 * Bugfixes - Fix a connection leak with misconfigured agents #8483 - Properly sync changes of config objects in global zones done via the API #8474 #8470 - Prevent other clients from being disconnected when replaying the cluster log takes very long #8496 - Avoid duplicate connections between endpoints #8465 - Ignore incoming config object updates for unknown zones #8461 - Check timestamps before removing files in config sync #8495 * Enhancements - Include HTTP status codes in log #8467 Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-1029=1 Package List: - openSUSE Leap 15.2 (x86_64): icinga2-2.12.4-lp152.3.6.1 icinga2-bin-2.12.4-lp152.3.6.1 icinga2-bin-debuginfo-2.12.4-lp152.3.6.1 icinga2-common-2.12.4-lp152.3.6.1 icinga2-debuginfo-2.12.4-lp152.3.6.1 icinga2-debugsource-2.12.4-lp152.3.6.1 icinga2-doc-2.12.4-lp152.3.6.1 icinga2-ido-mysql-2.12.4-lp152.3.6.1 icinga2-ido-mysql-debuginfo-2.12.4-lp152.3.6.1 icinga2-ido-pgsql-2.12.4-lp152.3.6.1 icinga2-ido-pgsql-debuginfo-2.12.4-lp152.3.6.1 nano-icinga2-2.12.4-lp152.3.6.1 vim-icinga2-2.12.4-lp152.3.6.1 References: https://www.suse.com/security/cve/CVE-2020-29663.html https://bugzilla.suse.com/1180147 . A new version of icinga2 has been released to resolve a security vulnerability, along with numerous bug fixes and improvements.. icinga2 update, openSUSE security, moderate advisory, API issues, certificaterenewal. . LinuxSecurity.com Team
Jul 12, 2021
OpenSUSE
89
security advisorymoderateFedoraFedora 33 pki-core Update: CVE-2021-20179 Moderate Certificate Risk
Fix CVE-2021-20179: unprivileged users can renew any certificate. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-6c412a4601 2021-03-20 01:14:08.855760 --------------------------------------------------------------------------------Name : pki-core Product : Fedora 33 Version : 10.10.5 Release : 5.fc33 URL : https://www.dogtagpki.org Summary : Dogtag PKI Core Package Description : Dogtag PKI is an enterprise software system designed to manage enterprise Public Key Infrastructure deployments. PKI consists of the following components: * Automatic Certificate Management Environment (ACME) Responder * Certificate Authority (CA) * Key Recovery Authority (KRA) * Online Certificate Status Protocol (OCSP) Manager * Token Key Service (TKS) * Token Processing Service (TPS) --------------------------------------------------------------------------------Update Information: Fix CVE-2021-20179: unprivileged users can renew any certificate --------------------------------------------------------------------------------ChangeLog: * Fri Mar 12 2021 Dogtag PKI Team
Mar 19, 2021
•Important
Fedora
89
security advisorymoderateFedoraFedora 34: 2021-c0d6637ca5 Moderate: pki-core Certificate Issue
- Use tomcat instead of pki-servlet-engine in ELN and RHEL 9 - Drop dependency on esc for s390(x) architectures - build pki-core properly for ELN and RHEL 9 - Fix CVE-2021-20179: Unprivileged users can renew any certificate - Drop i686 architecture going forward. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-c0d6637ca5 2021-03-19 19:51:22.367631 --------------------------------------------------------------------------------Name : pki-core Product : Fedora 34 Version : 10.10.5 Release : 6.fc34 URL : https://www.dogtagpki.org Summary : Dogtag PKI Core Package Description : Dogtag PKI is an enterprise software system designed to manage enterprise Public Key Infrastructure deployments. PKI consists of the following components: * Automatic Certificate Management Environment (ACME) Responder * Certificate Authority (CA) * Key Recovery Authority (KRA) * Online Certificate Status Protocol (OCSP) Manager * Token Key Service (TKS) * Token Processing Service (TPS) --------------------------------------------------------------------------------Update Information: - Use tomcat instead of pki-servlet-engine in ELN and RHEL 9 - Drop dependency on esc for s390(x) architectures - build pki-core properly for ELN and RHEL 9 -Fix CVE-2021-20179: Unprivileged users can renew any certificate - Drop i686 architecture going forward --------------------------------------------------------------------------------ChangeLog: * Fri Mar 12 2021 Dogtag PKI Team
Mar 19, 2021
Fedora
98
security advisorysecurity issueupdateRed Hat Enterprise Linux: RHSA-2021:0819-01 Important XSS Flaws
An update for pki-core is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: pki-core security update Advisory ID: RHSA-2021:0819-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0819 Issue date: 2021-03-15 CVE Names: CVE-2019-10146 CVE-2019-10179 CVE-2019-10221 CVE-2020-1721 CVE-2020-25715 CVE-2021-20179 ==================================================================== 1. Summary: An update for pki-core is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6) - noarch, x86_64 Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.6) - noarch, ppc64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - noarch, ppc64le, s390x 3. Description: The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System. Security Fix(es): * pki-core: Unprivileged users can renew any certificate (CVE-2021-20179) * pki-core: XSS in the certificate search results (CVE-2020-25715) * pki-core: Reflected XSS in 'path length' constraintfield in CA's Agent page (CVE-2019-10146) * pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery tab (CVE-2019-10179) * pki-core: Reflected XSS in getcookies?url= endpoint in CA (CVE-2019-10221) * pki-core: KRA vulnerable to reflected XSS via the getPk12 page (CVE-2020-1721) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1695901 - CVE-2019-10179 pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery tab 1710171 - CVE-2019-10146 pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page 1732565 - CVE-2019-10221 pki-core: Reflected XSS in getcookies?url= endpoint in CA 1777579 - CVE-2020-1721 pki-core: KRA vulnerable to reflected XSS via the getPk12 page 1891016 - CVE-2020-25715 pki-core: XSS in the certificate search results 1914379 - CVE-2021-20179 pki-core: Unprivileged users can renew any certificate 6. Package List: Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6): Source: pki-core-10.5.9-15.el7_6.src.rpm noarch: pki-base-10.5.9-15.el7_6.noarch.rpm pki-base-java-10.5.9-15.el7_6.noarch.rpm pki-ca-10.5.9-15.el7_6.noarch.rpm pki-javadoc-10.5.9-15.el7_6.noarch.rpm pki-kra-10.5.9-15.el7_6.noarch.rpm pki-server-10.5.9-15.el7_6.noarch.rpm x86_64: pki-core-debuginfo-10.5.9-15.el7_6.x86_64.rpm pki-symkey-10.5.9-15.el7_6.x86_64.rpm pki-tools-10.5.9-15.el7_6.x86_64.rpm Red Hat Enterprise Linux Server EUS (v.7.6): Source: pki-core-10.5.9-15.el7_6.src.rpm noarch: pki-base-10.5.9-15.el7_6.noarch.rpm pki-base-java-10.5.9-15.el7_6.noarch.rpm pki-ca-10.5.9-15.el7_6.noarch.rpm pki-kra-10.5.9-15.el7_6.noarch.rpm pki-server-10.5.9-15.el7_6.noarch.rpm ppc64le: pki-core-debuginfo-10.5.9-15.el7_6.ppc64le.rpm pki-tools-10.5.9-15.el7_6.ppc64le.rpm x86_64: pki-core-debuginfo-10.5.9-15.el7_6.x86_64.rpm pki-symkey-10.5.9-15.el7_6.x86_64.rpm pki-tools-10.5.9-15.el7_6.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: pki-core-10.5.9-15.el7_6.src.rpm aarch64: pki-core-debuginfo-10.5.9-15.el7_6.aarch64.rpm pki-symkey-10.5.9-15.el7_6.aarch64.rpm pki-tools-10.5.9-15.el7_6.aarch64.rpm noarch: pki-base-10.5.9-15.el7_6.noarch.rpm pki-base-java-10.5.9-15.el7_6.noarch.rpm pki-ca-10.5.9-15.el7_6.noarch.rpm pki-kra-10.5.9-15.el7_6.noarch.rpm pki-server-10.5.9-15.el7_6.noarch.rpm ppc64le: pki-core-debuginfo-10.5.9-15.el7_6.ppc64le.rpm pki-tools-10.5.9-15.el7_6.ppc64le.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.6): Source: pki-core-10.5.9-15.el7_6.src.rpm noarch: pki-base-10.5.9-15.el7_6.noarch.rpm pki-base-java-10.5.9-15.el7_6.noarch.rpm pki-ca-10.5.9-15.el7_6.noarch.rpm pki-javadoc-10.5.9-15.el7_6.noarch.rpm pki-kra-10.5.9-15.el7_6.noarch.rpm pki-server-10.5.9-15.el7_6.noarch.rpm ppc64: pki-core-debuginfo-10.5.9-15.el7_6.ppc64.rpm pki-symkey-10.5.9-15.el7_6.ppc64.rpm pki-tools-10.5.9-15.el7_6.ppc64.rpm ppc64le: pki-core-debuginfo-10.5.9-15.el7_6.ppc64le.rpm pki-symkey-10.5.9-15.el7_6.ppc64le.rpm s390x: pki-core-debuginfo-10.5.9-15.el7_6.s390x.rpm pki-symkey-10.5.9-15.el7_6.s390x.rpm pki-tools-10.5.9-15.el7_6.s390x.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v.7): Source: pki-core-10.5.9-15.el7_6.src.rpm noarch: pki-base-10.5.9-15.el7_6.noarch.rpm pki-base-java-10.5.9-15.el7_6.noarch.rpm pki-ca-10.5.9-15.el7_6.noarch.rpm pki-javadoc-10.5.9-15.el7_6.noarch.rpm pki-kra-10.5.9-15.el7_6.noarch.rpm pki-server-10.5.9-15.el7_6.noarch.rpm ppc64le: pki-core-debuginfo-10.5.9-15.el7_6.ppc64le.rpm pki-symkey-10.5.9-15.el7_6.ppc64le.rpm s390x: pki-core-debuginfo-10.5.9-15.el7_6.s390x.rpm pki-symkey-10.5.9-15.el7_6.s390x.rpm pki-tools-10.5.9-15.el7_6.s390x.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2019-10146 https://access.redhat.com/security/cve/CVE-2019-10179 https://access.redhat.com/security/cve/CVE-2019-10221 https://access.redhat.com/security/cve/CVE-2020-1721 https://access.redhat.com/security/cve/CVE-2020-25715 https://access.redhat.com/security/cve/CVE-2021-20179 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYE9gttzjgjWX9erEAQj+YA//SvYfINtdT/EVLEbIEiDTRf5qCJ6nPTkr IGsj/Mmm5NW/2iOBUGztXlrolFuRKpCqAegbI+MD+hrJX27y7OJJajDEkgbSkYIu tqoRmMOhq2xK2qtKgQh4iDaYa3SMvifnPX4pyLcwNMsCEopn/oqkwmG/ED1wASLX ILOxU+8lGSIEJvutqFlbx4JrnWWcIBfw5yrOm5y2Pp4xLx3/8SED+T41j0z5Oy6O aSJHsNHs8Oy1XSCT0XQ6RrO8qMoOnQXRRc0zd1ZvIGKj6QS6/t9Zz0NcwgHc3maN 3j8b8NsJvOvt5odu7WsiHMsAnxGoKU8vdQTwvWJs/CrVyxvTPJsTY1D5c3yAvr3V tFReHZhR1eIFkDp8mEvL3AsNeWCUnghMRCKU2BXTM5T4PjTnVMU0mvbyOm6F1FNj wN2ObGUVzHtWRy2LIfP1Z8eLjI3q7HLOxRBEULQEx283DxUnyi1V9zkriaJ3ZCoK h+m0756dsDA2OJwSU9ejeMTcBj5G1iKYP3mHcdIwuBduFIw1qs7gE0uYJW5rCHs/ YSDIUxcLxB+7ai5FoQp1+u05QcOx9wVJ62le7aA233oz9xH1HC8aVEaSTCXUeFyj Nv7kQ/prmgFPc/qQ1ra4nfxUQ/zutED55R3ZeLkrIHXKx3BJMf6XxmPFZPgymWNo birbmCQH5ek=nDnI -----END PGPSIGNATURE----- -- RHSA-announce mailing list
Mar 15, 2021
•Important
Red Hat
197
security advisorymoderatesecurity updateDebian: DLA-2485-1 Moderate: Python-Certbot ACMEv2 Transition
Let's Encrypt's ACMEv1 API is deprecated and in the process of being shut down. Beginning with brownouts in January 2021, and ending with a total shutdown in June 2021, the Let's Encrypt APIs will become unavailable. To prevent users having disruptions to their certificate . - ----------------------------------------------------------------------- Debian LTS Advisory DLA-2484-1
Dec 08, 2020
•Important
Debian LTS
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!