Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

Stay Secure with the Latest Linux Advisories

Opensuse Large Esm H800
openSUSE

openSUSE Chromedriver Moderate Security Issues Fixed 2026-10958-1

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed libmozjs Moderate Update CVE-2025-70103

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed Perl HTML Parser Moderate CVE-2026-8829 Advisory

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H800
openSUSE

openSUSE Tumbleweed kernel-devel Moderate Security Issue 2026-10954-1

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed Gleam Moderate Threat Fixed 2026-10953-1

Calendar White Jun 08, 2026
moderate
Ubuntu Large Esm H900
Ubuntu

Ubuntu 25.10 Systemd Critical Arbitrary Code Exec DNS Issues USN-8402-1

Calendar White Jun 08, 2026
Critical
Opensuse Large Esm H800
openSUSE

openSUSE Epiphany Important Password Handling Issue CVE-2023-26081

Calendar White Jun 08, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS 8399-1 Pillow Denial of Service Risk CVE-2026-42308

Calendar White Jun 08, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS Poppler Critical DoS Code Execution Vuln USN-8400-1

Calendar White Jun 08, 2026
Critical
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -3 articles for you...
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorycriticalFedora

Fedora 38: 2023-151d5b3da1 Critical cjose Security Update - AES GCM Issue

Security fix for CVE-2023-37464. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-151d5b3da1 2023-09-10 01:18:51.874158 -------------------------------------------------------------------------------- Name : cjose Product : Fedora 38 Version : 0.6.2.2 Release : 2.fc38 URL : https://github.com/OpenIDC/cjose Summary : C library implementing the Javascript Object Signing and Encryption (JOSE) Description : Implementation of JOSE for C/C++ -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2023-37464 -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 1 2023 Tomas Halman - 0.6.2.2-2 - migrated to SPDX license * Wed Jul 26 2023 Tomas Halman - 0.6.2.2-1 - Rebase to version 0.6.2.2. Solves CVE-2023-37464. Resolves: rhbz#2223330 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2223330 - TRIAGE-CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2223330 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-151d5b3da1' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribesend an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Debian 12 launched with security enhancements to OpenSSL addressing vulnerability classified under CVE-2023-55555, ensuring robust handling of TLS connections.. Fedora 38,CJOSE Security Fix,Critical Update,AES GCM. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Sep 10, 2023 Critical Fedora
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorycriticalFedora

Fedora 37: CJOSec Fix for Critical Authentication Issue CVE-2023-37464

Security fix for CVE-2023-37464. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-cf01e05114 2023-09-10 01:18:52.422961 -------------------------------------------------------------------------------- Name : cjose Product : Fedora 37 Version : 0.6.2.2 Release : 2.fc37 URL : https://github.com/OpenIDC/cjose Summary : C library implementing the Javascript Object Signing and Encryption (JOSE) Description : Implementation of JOSE for C/C++ -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2023-37464 -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 1 2023 Tomas Halman - 0.6.2.2-2 - migrated to SPDX license * Wed Jul 26 2023 Tomas Halman - 0.6.2.2-1 - Rebase to version 0.6.2.2. Solves CVE-2023-37464. Resolves: rhbz#2223330 * Wed Jul 20 2022 Fedora Release Engineering - 0.6.1-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Wed Jan 19 2022 Fedora Release Engineering - 0.6.1-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Tue Sep 14 2021 Sahana Prasad - 0.6.1-9 - Rebuilt with OpenSSL 3.0.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2223330 - TRIAGE-CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2223330 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-cf01e05114' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPGkey. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Fedora 37 tackles a significant AES GCM encryption flaw by implementing a security patch for cjose.. Fedora 37,cjose library,encryption security,authentication issue,security patch. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Sep 10, 2023 Critical Fedora
Banner 1 1028x280 1708121660 1771599717
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisorydenial of serviceubuntu

Ubuntu 23.04: 6307-1 Moderate: CJose Denial Of Service Crash

JOSE for C/C++ could be made to crash if it received specially crafted input.. ========================================================================== Ubuntu Security Notice USN-6307-1 August 24, 2023 cjose vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS (Available with Ubuntu Pro) Summary: JOSE for C/C++ could be made to crash if it received specially crafted input. Software Description: - cjose: C library implementing the JOSE standard (development files) Details: It was discovered that JOSE for C/C++ AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. An attacker could use this to cause a denial of service (system crash) or might expose sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: libcjose0 0.6.2.1-1ubuntu0.1 Ubuntu 22.04 LTS: libcjose0 0.6.1+dfsg1-3ubuntu1.1 Ubuntu 20.04 LTS: libcjose0 0.6.1+dfsg1-1ubuntu0.1 Ubuntu 18.04 LTS (Available with Ubuntu Pro): libcjose0 0.6.0+dfsg1-1ubuntu0.1~esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6307-1 CVE-2023-37464 Package Information: https://launchpad.net/ubuntu/+source/cjose/0.6.2.1-1ubuntu0.1 https://launchpad.net/ubuntu/+source/cjose/0.6.1+dfsg1-3ubuntu1.1 https://launchpad.net/ubuntu/+source/cjose/0.6.1+dfsg1-1ubuntu0.1 . The cjose vulnerability, CVE-2023-1234, impacts several Ubuntu releases using the C-JOSE library, allowing remote code execution and unauthorized access. C/C++ Security, Ubuntu Vulnerability, CJose Denial Service. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Aug 24, 2023 Important Ubuntu
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorycriticaldebian

Debian Security Advisory DSA-5472-1: Critical cjose Decryption Flaw

It was discovered that an incorrect implementation of AES GCM decryption in cjose, a C library implementing the JOSE standard may allow an attacker to provide a truncated Authentication Tag and modify the JWE object. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5472-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff August 08, 2023 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : cjose CVE ID : CVE-2023-37464 Debian Bug : 1041423 It was discovered that an incorrect implementation of AES GCM decryption in cjose, a C library implementing the JOSE standard may allow an attacker to provide a truncated Authentication Tag and modify the JWE object. For the oldstable distribution (bullseye), this problem has been fixed in version 0.6.1+dfsg1-1+deb11u1. For the stable distribution (bookworm), this problem has been fixed in version 0.6.2.1-1+deb12u1. We recommend that you upgrade your cjose packages. For the detailed security status of cjose please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/cjose Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Important announcement regarding the AES GCM decryption vulnerability in cjose for Debian platforms. Solutions are provided for every version.. Debian Security, AES GCM Issue, JOSE Standard, cjose Library Update. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Aug 08, 2023 Critical Debian
Banner 1 1028x280 1708121660 1771599717
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorysecurity issuecritical

Debian 10: DLA-3515-1 Critical Security Issue in Cjose Integrity

An incorrect Authentication Tag length usage was discovered in cjose, a C library implementing the Javascript Object Signing and Encryption (JOSE) standard, which could lead to integrity compromise. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3515-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Guilhem Moulin August 04, 2023 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : cjose Version : 0.6.1+dfsg1-1+deb10u1 CVE ID : CVE-2023-37464 Debian Bug : 1041423 An incorrect Authentication Tag length usage was discovered in cjose, a C library implementing the Javascript Object Signing and Encryption (JOSE) standard, which could lead to integrity compromise. The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag as provided in the JSON Web Encryption (JWE) object, while the specification says that a fixed length of 16 octets must be applied. This could allows an attacker to provide a truncated Authentication Tag and to modify the JWE accordingly. For Debian 10 buster, this problem has been fixed in version 0.6.1+dfsg1-1+deb10u1. We recommend that you upgrade your cjose packages. For the detailed security status of cjose please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/cjose Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Debian LTS Advisory DLA-3516-1 highlights security vulnerabilities in libjpeg library. Users are urged to perform updates.. Debian Security, Integrity Compromise, Cjose Library Updates, Security Advisory. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Aug 04, 2023 Critical Debian LTS
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisoryRed Hat Enterprise Linuximportant

RedHat Enterprise Linux 9 RHSA-2023:4411-01 Important: CJOSecurity Update

An update for cjose is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: cjose security update Advisory ID: RHSA-2023:4411-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:4411 Issue date: 2023-08-01 CVE Names: CVE-2023-37464 ===================================================================== 1. Summary: An update for cjose is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 3. Description: CJose is C library implementing the Javascript Object Signing and Encryption (JOSE). Security Fix(es): * cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE (CVE-2023-37464) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2223295 - CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE 6. PackageList: Red Hat Enterprise Linux AppStream (v. 9): Source: cjose-0.6.1-13.el9_2.src.rpm aarch64: cjose-0.6.1-13.el9_2.aarch64.rpm cjose-debuginfo-0.6.1-13.el9_2.aarch64.rpm cjose-debugsource-0.6.1-13.el9_2.aarch64.rpm ppc64le: cjose-0.6.1-13.el9_2.ppc64le.rpm cjose-debuginfo-0.6.1-13.el9_2.ppc64le.rpm cjose-debugsource-0.6.1-13.el9_2.ppc64le.rpm s390x: cjose-0.6.1-13.el9_2.s390x.rpm cjose-debuginfo-0.6.1-13.el9_2.s390x.rpm cjose-debugsource-0.6.1-13.el9_2.s390x.rpm x86_64: cjose-0.6.1-13.el9_2.i686.rpm cjose-0.6.1-13.el9_2.x86_64.rpm cjose-debuginfo-0.6.1-13.el9_2.i686.rpm cjose-debuginfo-0.6.1-13.el9_2.x86_64.rpm cjose-debugsource-0.6.1-13.el9_2.i686.rpm cjose-debugsource-0.6.1-13.el9_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2023-37464 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJkyRWiAAoJENzjgjWX9erEjIMP/0xpQ635s+ITt24tEptoI16V Y6xpeZQCgk7yv0YGHO7mHRtQVBOYhitZNEtFiglX/bT/wVitem4aVzh8LnW/7dit mzjIYYUYGDM7Z3lHF2blO2AGV/PSx7z87LXbqznqx4YNzD7r8Rrb9t5s/fhlIDDl 6n5BevMdRfrb4ra3syzkqulvB4qvPfDMnimWipcJXT/LDSpCOPSeDi9SmhqJdWBT xyrNe9sr6KtXOyHAg93qHlZZ+aXjsI1hIQlmgeZqPIKtoeUbX/ubGugertip0NC8 ve6XggZxWSomkQ9iFMA42of2kjnvkJbv8hmzezbIUZKGpU8A7Ul8bsqWrs/zpoo8 pOLIcP10IyjzNQ1iT4TrM4sq9ML0RZFQW/5xGy5mBXS/O0NnpxjwTblg1/dIQaua oajhFyPay4o3gv9oPATngtIhdR1Icn/N8nEGkU2dvgmvwlxcd4c/fqBLtEfEQi2z hBCO8iVudQ6BCwruLFQY4wU1eVLaJf3MqHA7rAhuVDvczwK84Ra+O+o+D2B5l68t +ksIiX5mdIz8kmDOA///sF7PHjp/Zd+6I3O6Y+D4DjYhGr25h+lBXWL/MzSpSFzH IMnugRvf3T4fnNLFao8r4ozmWJZBGtOw9kyKkQbIBWNWumdxWvqoslTvuJVsklqR sKRaew4iVLV3I23QYfhy =KqMX -----END PGP SIGNATURE----- -- RHSA-announce mailinglist This email address is being protected from spambots. You need JavaScript enabled to view it. . The latest CJOS patch tackles essential security flaws within Red Hat Enterprise Linux 9. Ensure the integrity of your systems by applying this update.. cjose update, enterprise linux security, security patch, linux security fix, red hat advisory. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Aug 01, 2023 Important Red Hat
Banner 1 1028x280 1708121660 1771599717
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here