Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
89
security advisorydenial of servicefedoraFedora 41: civetweb Critical Denial of Service Advisory 2025-247b5416b4
civetweb-1.16, rhbz#2400165. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-247b5416b4 2025-10-08 01:15:30.970820+00:00 -------------------------------------------------------------------------------- Name : civetweb Product : Fedora 41 Version : 1.16 Release : 10.fc41 URL : https://github.com/civetweb/civetweb Summary : Embedded C/C++ web server Description : Civetweb is an easy to use, powerful, C (C/C++) embeddable web server with optional CGI, SSL and Lua support. CivetWeb can be used by developers as a library, to add web server functionality to an existing application. It can also be used by end users as a stand-alone web server running on a Windows or Linux PC. It is available as single executable, no installation is required. -------------------------------------------------------------------------------- Update Information: civetweb-1.16, rhbz#2400165 -------------------------------------------------------------------------------- ChangeLog: * Mon Sep 29 2025 Kaleb S. KEITHLEY - 1.16-10 - civetweb 1.16, rhbz#2400165 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2400165 - CVE-2025-9648 civetweb: Denial of Service in CivetWeb [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2400165 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-247b5416b4' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Oct 08, 2025
•Critical
Fedora
89
security advisorydenial of servicefedoraFedora 42: Civetweb Critical DoS Issue FEDORA-2025-1056ea31ed
civetweb-1.16, rhbz#240016. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-1056ea31ed 2025-10-08 01:01:00.828912+00:00 -------------------------------------------------------------------------------- Name : civetweb Product : Fedora 42 Version : 1.16 Release : 10.fc42 URL : https://github.com/civetweb/civetweb Summary : Embedded C/C++ web server Description : Civetweb is an easy to use, powerful, C (C/C++) embeddable web server with optional CGI, SSL and Lua support. CivetWeb can be used by developers as a library, to add web server functionality to an existing application. It can also be used by end users as a stand-alone web server running on a Windows or Linux PC. It is available as single executable, no installation is required. -------------------------------------------------------------------------------- Update Information: civetweb-1.16, rhbz#240016 -------------------------------------------------------------------------------- ChangeLog: * Mon Sep 29 2025 Kaleb S. KEITHLEY - 1.16-10 - civetweb 1.16, rhbz#2400166 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2400166 - CVE-2025-9648 civetweb: Denial of Service in CivetWeb [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2400166 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-1056ea31ed' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Oct 08, 2025
•Critical
Fedora
89
security advisorysecurity issuefedoraCentOS 8: Nginx Critical Security Update CENTOS-2023-a9f529c354
civetweb 1.16. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-ed25a8b170 2025-09-12 02:30:53.358171+00:00 -------------------------------------------------------------------------------- Name : civetweb Product : Fedora 41 Version : 1.16 Release : 9.fc41 URL : https://github.com/civetweb/civetweb Summary : Embedded C/C++ web server Description : Civetweb is an easy to use, powerful, C (C/C++) embeddable web server with optional CGI, SSL and Lua support. CivetWeb can be used by developers as a library, to add web server functionality to an existing application. It can also be used by end users as a stand-alone web server running on a Windows or Linux PC. It is available as single executable, no installation is required. -------------------------------------------------------------------------------- Update Information: civetweb 1.16 -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 3 2025 Kaleb S. KEITHLEY - 1.16-9 - civetweb 1.16, rhbz#2391892 * Wed Jul 23 2025 Fedora Release Engineering - 1.16-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Wed Jul 16 2025 Kaleb S. KEITHLEY - 1.16-7 - civetweb 1.16, rhbz#2380496 * Thu Jan 16 2025 Fedora Release Engineering - 1.16-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2391891 - CVE-2025-55763 civetweb: CivetWeb buffer overflow [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2391891 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-ed25a8b170' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Sep 12, 2025
•Critical
Fedora
89
security advisoryfedoraupdateFedora 42: civetweb Major Buffer Overflow Threat 2025-7ddaa1e0bd
civetweb 1.16, rhbz#2391892. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-7ddaa1e0bd 2025-09-12 02:06:02.138621+00:00 -------------------------------------------------------------------------------- Name : civetweb Product : Fedora 42 Version : 1.16 Release : 9.fc42 URL : https://github.com/civetweb/civetweb Summary : Embedded C/C++ web server Description : Civetweb is an easy to use, powerful, C (C/C++) embeddable web server with optional CGI, SSL and Lua support. CivetWeb can be used by developers as a library, to add web server functionality to an existing application. It can also be used by end users as a stand-alone web server running on a Windows or Linux PC. It is available as single executable, no installation is required. -------------------------------------------------------------------------------- Update Information: civetweb 1.16, rhbz#2391892 -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 3 2025 Kaleb S. KEITHLEY - 1.16-9 - civetweb 1.16, rhbz#2391892 * Wed Jul 23 2025 Fedora Release Engineering - 1.16-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Wed Jul 16 2025 Kaleb S. KEITHLEY - 1.16-7 - civetweb 1.16, rhbz#2380496 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2391892 - CVE-2025-55763 civetweb: CivetWeb buffer overflow [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2391892 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-7ddaa1e0bd' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the FedoraProject GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Sep 12, 2025
•Critical
Fedora
202
security advisorymoderateupdateopenSUSE 15.2: 2021:1424-1 Moderate: Civetweb File Upload Security
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for civetweb ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:1424-1 Rating: moderate References: #1191938 Cross-References: CVE-2020-27304 Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for civetweb fixes the following issues: Version 1.15: * boo#1191938 / CVE-2020-27304: missing uploaded filepath validation in the default form-based file upload mechanism * New configuration for URL decoding * Sanitize filenames in handle form * Example ???embedded_c.c???: Do not overwrite files (possible security issue) * Remove obsolete examples * Remove ???experimental??? label for some features * Remove MG_LEGACY_INTERFACE that have been declared obsolete in 2017 or earlier * Modifications to build scripts, required due to changes in the test environment * Unix domain socket support fixed * Fixes for NO_SSL_DL * Fixes for some warnings / static code analysis Version 1.14: * Change SSL default setting to use TLS 1.2 as minimum (set config if you need an earlier version) * Add local_uri_raw field (not sanitized URI) to request_info * Additional API functions and a callback after closing connections * Allow mbedTLS as OpenSSL alternative (basic functionality) * Add OpenSSL 3.0 support (OpenSSL 3.0 Alpha 13) * Support UNIX/Linux domain sockets * Fuzz tests and ossfuzz integration * Compression for websockets * Restructure some source files * Improve documentation * Fix HTTP range requests * Add some functions for Lua scripts/LSP * Build system specific fixes (CMake, MinGW) * Update 3rd party components (Lua, lfs, sqlite) * Allow Lua backgroundscript to use timers, format and filter logs * Remove WinCE code * Update version number Version 1.13: * Add arguments for CGI interpreters * Support multiple CGi interpreters * Buffering HTTP response headers, including API functions mg_response_header_* in C and Lua * Additional C API functions * Fix some memory leaks * Extended use of atomic operations (e.g., for server stats) * Add fuzz tests * Set OpenSSL 1.1 API as default (from 1.0) * Add Lua 5.4 support and deprecate Lua 5.1 * Provide additional Lua API functions * Fix Lua websocket memory leak when closing the server * Remove obsolete "file in memory" implementation * Improvements and fixes in documentation * Fixes from static source code analysis * Additional unit tests * Various small bug fixes * Experimental support for some HTTP2 features (not ready for production) * Experimental support for websocket compression * Remove legacy interfaces declared obsolete since more than 3 years Version 1.12 * See https://github.com/civetweb/civetweb/releases/tag/v1.12 for detailed changelog Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-1424=1 Package List: - openSUSE Leap 15.2 (x86_64): civetweb-1.15-lp152.2.3.1 civetweb-debuginfo-1.15-lp152.2.3.1 civetweb-debugsource-1.15-lp152.2.3.1 civetweb-devel-1.15-lp152.2.3.1 libcivetweb-cpp1_15_0-1.15-lp152.2.3.1 libcivetweb-cpp1_15_0-debuginfo-1.15-lp152.2.3.1 libcivetweb1_15_0-1.15-lp152.2.3.1 libcivetweb1_15_0-debuginfo-1.15-lp152.2.3.1 References: https://www.suse.com/security/cve/CVE-2020-27304.html https://bugzilla.suse.com/1191938 . A patch has been released for civetweb addressing a significant vulnerability related to fileupload checks on openSUSE 15.2. Secure your system immediately!. Civetweb Update, OpenSUSE Patch, File Upload Security, Moderate Fix. . LinuxSecurity.com Team
Oct 31, 2021
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!