Alerts This Week
Warning Icon 1 537
Alerts This Week
Warning Icon 1 537

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -6 articles for you...
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryFedoraTLS

Fedora 35: FEDORA-2021-eb3e3e87d3 Critical: OpenJDK 11 Security Fixes

# New in release OpenJDK 11.0.13 (2021-10-19): Live versions of these release notes can be found at: * https://mail.openjdk.org/pipermail/jdk-updates-dev/2021-October/009368.html * https://builds.shipilev.net/backports-monitor/release-notes-11.0.13.txt ## Security fixes - JDK-8163326, CVE-2021-35550: Update the default enabled cipher suites preference - JDK-8254967, CVE-2021-35565:. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-eb3e3e87d3 2021-10-29 22:48:33.394572 --------------------------------------------------------------------------------Name : java-11-openjdk Product : Fedora 35 Version : 11.0.13.0.8 Release : 1.fc35 URL : https://openjdk.org/ Summary : OpenJDK 11 Runtime Environment Description : The OpenJDK 11 runtime environment. --------------------------------------------------------------------------------Update Information: # New in release OpenJDK 11.0.13 (2021-10-19): Live versions of these release notes can be found at: * https://mail.openjdk.org/pipermail/jdk-updates-dev/2021-October/009368.html * https://builds.shipilev.net/backports-monitor/release-notes-11.0.13.txt ## Security fixes - JDK-8163326, CVE-2021-35550: Update the default enabled cipher suites preference - JDK-8254967, CVE-2021-35565: com.sun.net.HttpsServer spins on TLS session close - JDK-8263314: Enhance XML Dsig modes - JDK-8265167, CVE-2021-35556: Richer Text Editors - JDK-8265574: Improve handling of sheets - JDK-8265580, CVE-2021-35559: Enhanced style for RTF kit - JDK-8265776: Improve Stream handling for SSL - JDK-8266097, CVE-2021-35561: Better hashing support - JDK-8266103: Better specified spec values - JDK-8266109: More Resilient Classloading - JDK-8266115: More Manifest Jar Loading - JDK-8266137, CVE-2021-35564: Improve Keystore integrity - JDK-8266689, CVE-2021-35567: More Constrained Delegation - JDK-8267086: ArrayIndexOutOfBoundsException injava.security.KeyFactory.generatePublic -JDK-8267712: Better LDAP reference processing - JDK-8267729, CVE-2021-35578: Improve TLS client handshaking - JDK-8267735, CVE-2021-35586: Better BMP support - JDK-8268193: Improve requests of certificates - JDK-8268199: Correct certificate requests - JDK-8268205: Enhance DTLS client handshake -JDK-8268506: More Manifest Digests - JDK-8269618, CVE-2021-35603: Better session identification - JDK-8269624: Enhance method selection support -JDK-8270398: Enhance canonicalization - JDK-8270404: Better canonicalization ## Major Changes * [JDK-8271434](https://bugs.openjdk.org/browse/JDK-8271434): Removed IdenTrust Root Certificate * [JDK-8261922](https://bugs.openjdk.org/browse/JDK-8261922): Updated keytool to Create AKID From SKID of Issuing Certificate as Specified by RFC 5280 * [JDK-8210799](https://bugs.openjdk.org/browse/JDK-8210799): ChaCha20 and Poly1305 TLS Cipher Suites * [JDK-8219551](https://bugs.openjdk.org/browse/JDK-8219551): Updated the Default Enabled Cipher Suites Preference ## FIPS Mode Changes - The `SunPKCS11` provider in FIPS mode will now eagerly login to the NSS software token on initialisation - `keytool` in FIPS mode now supports importing plain private keys by the provider adding them to the NSS database. This can be disabled using `-Dcom.redhat.fips.plainKeySupport=false`. --------------------------------------------------------------------------------ChangeLog: * Wed Oct 13 2021 Andrew Hughes - 1:11.0.13.0.8-1 - Update to jdk-11.0.12.0+8 - Update release notes to 11.0.12.0+8 - Update tarball generation script to use git following OpenJDK 11u's move to github - Remove "-clean" suffix as no 11.0.13 builds are unclean. - Drop JDK-8269668 patch which is now applied upstream. - Extend the default security policy to accomodate PKCS11 accessing jdk.internal.misc. - Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false - Restructure the build so a minimal initial build is thenused for the final build (with docs) - This reduces pressure on the system JDK and ensures the JDK being built can do a full build * Tue Oct 5 2021 Martin Balao - 1:11.0.13.0.8-1 - Add patch to login to the NSS software token when in FIPS mode. - Add patch to allow plain key import. * Thu Sep 2 2021 Jiri Vanek - 1:11.0.13.0.8-1 - Added posttrans hook which persist sanity of dir-> symlink change in case of update from ancient versions - Minor cosmetic improvements to make spec more comparable between variants * Tue Aug 31 2021 Jiri Vanek - 1:11.0.12.0.7-3 - alternatives creation moved to posttrans - Thus fixing the old reisntall issue: - https://bugzilla.redhat.com/show_bug.cgi?id=1200302 - https://bugzilla.redhat.com/show_bug.cgi?id=1976053 * Mon Aug 9 2021 Andrew Hughes - 1:11.0.12.0.7-2 - Remove non-Free test from source tarball. * Wed Jul 28 2021 Severin Gehwolf - 1:11.0.12.0.7-1 - Add patch in order to fix java.library.path issue on aarch64 (JDK-8269668) - Resolves: rhbz#1977671 * Thu Jul 22 2021 Fedora Release Engineering - 1:11.0.12.0.7-0.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Tue Jul 13 2021 Andrew Hughes - 1:11.0.12.0.7-0 - Update to jdk-11.0.12.0+7 - Update release notes to 11.0.12.0+7 - Switch to GA mode for final release. * Thu Jul 8 2021 Andrew Hughes - 1:11.0.12.0.6-0.0.ea - Update to jdk-11.0.12.0+6 - Update release notes to 11.0.12.0+6 - Skip 11.0.12.0+5 as 11.0.12.0+6 only adds a test change * Thu Jul 8 2021 Andrew Hughes - 1:11.0.12.0.4-0.0.ea - Update to jdk-11.0.12.0+4 - Update release notes to 11.0.12.0+4 - Correct bug ID JDK-8264846 to intended ID of JDK-8264848 * Mon Jul 5 2021 Andrew Hughes - 1:11.0.12.0.3-0.0.ea - Update to jdk-11.0.12.0+3 - Update release notes to 11.0.12.0+3 * Fri Jul 2 2021 Andrew Hughes - 1:11.0.12.0.2-0.1.ea - Use the "reverse" build loop (debug first) as the main and only build loop to get more diagnostics. - Remove restriction on disabling product build, as debugpackages no longer have javadoc packages. * Fri Jul 2 2021 Andrew Hughes - 1:11.0.12.0.2-0.0.ea - Update to jdk-11.0.12.0+2 - Update release notes to 11.0.12.0+2 * Mon Jun 28 2021 Andrew Hughes - 1:11.0.12.0.1-0.0.ea - Update to jdk-11.0.12.0+1 - Update release notes to 11.0.12.0+1 - Switch to EA mode for 11.0.12 pre-release builds. - Update ECC patch following JDK-8226374 (bug ID yet to be confirmed) * Tue Jun 8 2021 Andrew Hughes - 1:11.0.11.0.9-5 - Minor code cleanups on FIPS detection patch and check for SECMOD_GetSystemFIPSEnabled in configure. - Remove unneeded Requires on NSS as it will now be dynamically linked and detected by RPM. * Tue Jun 8 2021 Martin Balao - 1:11.0.11.0.9-5 - Detect FIPS using SECMOD_GetSystemFIPSEnabled in the new libsystemconf JDK library. * Wed Jun 2 2021 Andrew John Hughes - 1:11.0.11.0.9-4 - Update RH1655466 FIPS patch with changes in OpenJDK 8 version. - SunPKCS11 runtime provider name is a concatenation of "SunPKCS11-" and the name in the config file. - Change nss.fips.cfg config name to "NSS-FIPS" to avoid confusion with nss.cfg. - No need to substitute path to nss.fips.cfg as java.security file supports a java.home variable. - Disable FIPS mode support unless com.redhat.fips is set to "true". - Enable alignment with FIPS crypto policy by default (-Dcom.redhat.fips=false to disable). - Add explicit runtime dependency on NSS for the PKCS11 provider in FIPS mode - Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs (RH1915071) - Resolves: rhbz#1830090 * Wed Jun 2 2021 Martin Balao - 1:11.0.11.0.9-4 - Support the FIPS mode crypto policy (RH1655466) - Use appropriate keystore types when in FIPS mode (RH1818909) - Disable TLSv1.3 when the FIPS crypto policy and the NSS-FIPS provider are in use (RH1860986) - Resolves: rhbz#1830090 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade--advisory FEDORA-2021-eb3e3e87d3' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . OpenJDK 17.0.2 launched with essential patches addressing security vulnerabilities, enhancing protocol preferences and session management.. Fedora Security Update, OpenJDK 11 Security, Java Cipher Suites, TLS Security Fixes, FIPS Mode Enhancements. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Oct 29, 2021 Critical Fedora
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryupdateFedora

Fedora 33: 2021-9a51a6f8b1 Moderate: Certificate Management Enhancements

# New in release OpenJDK 11.0.13 (2021-10-19): Live versions of these release notes can be found at: * https://mail.openjdk.org/pipermail/jdk-updates-dev/2021-October/009368.html * https://builds.shipilev.net/backports-monitor/release-notes-11.0.13.txt ## Security fixes - JDK-8163326, CVE-2021-35550: Update the default enabled cipher suites preference - JDK-8254967, CVE-2021-35565:. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-9a51a6f8b1 2021-10-28 19:30:48.377092 --------------------------------------------------------------------------------Name : java-11-openjdk Product : Fedora 33 Version : 11.0.13.0.8 Release : 1.fc33 URL : https://openjdk.org/ Summary : OpenJDK 11 Runtime Environment Description : The OpenJDK 11 runtime environment. --------------------------------------------------------------------------------Update Information: # New in release OpenJDK 11.0.13 (2021-10-19): Live versions of these release notes can be found at: * https://mail.openjdk.org/pipermail/jdk-updates-dev/2021-October/009368.html * https://builds.shipilev.net/backports-monitor/release-notes-11.0.13.txt ## Security fixes - JDK-8163326, CVE-2021-35550: Update the default enabled cipher suites preference - JDK-8254967, CVE-2021-35565: com.sun.net.HttpsServer spins on TLS session close - JDK-8263314: Enhance XML Dsig modes - JDK-8265167, CVE-2021-35556: Richer Text Editors - JDK-8265574: Improve handling of sheets - JDK-8265580, CVE-2021-35559: Enhanced style for RTF kit - JDK-8265776: Improve Stream handling for SSL - JDK-8266097, CVE-2021-35561: Better hashing support - JDK-8266103: Better specified spec values - JDK-8266109: More Resilient Classloading - JDK-8266115: More Manifest Jar Loading - JDK-8266137, CVE-2021-35564: Improve Keystore integrity - JDK-8266689, CVE-2021-35567: More Constrained Delegation - JDK-8267086: ArrayIndexOutOfBoundsException injava.security.KeyFactory.generatePublic -JDK-8267712: Better LDAP reference processing - JDK-8267729, CVE-2021-35578: Improve TLS client handshaking - JDK-8267735, CVE-2021-35586: Better BMP support - JDK-8268193: Improve requests of certificates - JDK-8268199: Correct certificate requests - JDK-8268205: Enhance DTLS client handshake -JDK-8268506: More Manifest Digests - JDK-8269618, CVE-2021-35603: Better session identification - JDK-8269624: Enhance method selection support -JDK-8270398: Enhance canonicalization - JDK-8270404: Better canonicalization ## Major Changes * [JDK-8271434](https://bugs.openjdk.org/browse/JDK-8271434): Removed IdenTrust Root Certificate * [JDK-8261922](https://bugs.openjdk.org/browse/JDK-8261922): Updated keytool to Create AKID From SKID of Issuing Certificate as Specified by RFC 5280 * [JDK-8210799](https://bugs.openjdk.org/browse/JDK-8210799): ChaCha20 and Poly1305 TLS Cipher Suites * [JDK-8219551](https://bugs.openjdk.org/browse/JDK-8219551): Updated the Default Enabled Cipher Suites Preference ## FIPS Mode Changes - The `SunPKCS11` provider in FIPS mode will now eagerly login to the NSS software token on initialisation - `keytool` in FIPS mode now supports importing plain private keys by the provider adding them to the NSS database. This can be disabled using `-Dcom.redhat.fips.plainKeySupport=false`. --------------------------------------------------------------------------------ChangeLog: * Wed Oct 13 2021 Andrew Hughes - 1:11.0.13.0.8-1 - Update to jdk-11.0.12.0+8 - Update release notes to 11.0.12.0+8 - Update tarball generation script to use git following OpenJDK 11u's move to github - Remove "-clean" suffix as no 11.0.13 builds are unclean. - Drop JDK-8269668 patch which is now applied upstream. - Extend the default security policy to accomodate PKCS11 accessing jdk.internal.misc. - Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false - Restructure the build so a minimal initial build is thenused for the final build (with docs) - This reduces pressure on the system JDK and ensures the JDK being built can do a full build * Tue Oct 5 2021 Martin Balao - 1:11.0.13.0.8-1 - Add patch to login to the NSS software token when in FIPS mode. - Add patch to allow plain key import. * Thu Sep 2 2021 Jiri Vanek - 1:11.0.13.0.8-1 - Added posttrans hook which persist sanity of dir-> symlink change in case of update from ancient versions - Minor cosmetic improvements to make spec more comparable between variants --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-9a51a6f8b1' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . The Fedora 33 upgrade for java-11-openjdk introduces critical security enhancements and optimizations in the management of cipher suites.. Java Update, OpenJDK Security, Fedora Security Fixes, Cipher Suite Updates, TLS Enhancements. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Oct 28, 2021 Important Fedora
Banner 4 1028x280 1708121825 1771600306
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisoryGentooaccess control

Gentoo: GLSA-200410-21 Low: Apache mod_ssl SSLCipherSuite Bypass Risk

In certain configurations, it can be possible to bypass restrictions set by the "SSLCipherSuite" directive of mod_ssl.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200410-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Apache 2, mod_ssl: Bypass of SSLCipherSuite directive Date: October 21, 2004 Bugs: #66807 ID: 200410-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= In certain configurations, it can be possible to bypass restrictions set by the "SSLCipherSuite" directive of mod_ssl. Background ========= The Apache HTTP server is one of the most popular web servers on the internet. mod_ssl provides SSL v2/v3 and TLS v1 support for Apache 1.3 and is also included in Apache 2. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-www/apache < 2.0.52 > = 2.0.52 < 2.0 2 net-www/mod_ssl < 2.8.20 > = 2.8.20 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description ========== A flaw has been found in mod_ssl where the "SSLCipherSuite" directive could be bypassed in certain configurations if it is used in a directory or location context to restrict the set of allowed cipher suites. Impact ===== A remote attacker could gain access to a location using any cipher suite allowedby the server/virtual host configuration, disregarding the restrictions by "SSLCipherSuite" for that location. Workaround ========= There is no known workaround at this time. Resolution ========= All Apache 2 users should upgrade to the latest version: # emerge sync # emerge -pv "> =net-www/apache-2.0.52" # emerge "> =net-www/apache-2.0.52" All mod_ssl users should upgrade to the latest version: # emerge sync # emerge -pv "> =net-www/mod_ssl-2.8.20" # emerge "> =net-www/mod_ssl-2.8.20" References ========= [ 1 ] CAN-2004-0885 https://www.cve.org/CVERecord?id=CAN-2004-0885 [ 2 ] Apache HTTPD Bug 31505 https://bz.apache.org/bugzilla/show_bug.cgi Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200410-21 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2004 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/1.0/ . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Adviso. certain, configurations, possible, bypass, restrictions, 'sslciphersuite'. . Severity: Low. LinuxSecurity.com Team

Calendar 2 Oct 21, 2004 Low Gentoo
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here