Stay Vigilant with Timely Linux Security Advisories

Refine advisories

X Clear Filters

Critical (1)

Important (4)

Ubuntu (4930)

denial of service (18259)

moderate (19164)

python-pip (63)

security advisory (114756)

system update (1879)

GStreamer (100)

important (27647)

plugin issue (11)

MySQL (355)

Debian (1)

Fedora (2)

Published Date Range

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Linux Advisory Watch

Linux Security Week

Community Poll

More Polls

What got you started with Linux?

Message!

Self-taught through trial and error
Formal training or courses
A job that required it
Other

No answer selected. Please try again.

Please select either existing option or enter your own, however not both.

Please select minimum {0} answer(s).

Please select maximum {0} answer(s).

/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json

150

radio

Self-taught through trial and error (78.42%)

78.42% votes

Formal training or courses (4.32%)

4.32% votes

A job that required it (4.89%)

4.89% votes

Other (12.37%)

12.37% votes

[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

bottom 200

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

We found -3 articles for you...

security advisoryfedoracloud storage

Fedora 43 rust-sccache 0.14.0 Patch Addresses Security Issue CVE-2026-33056

Update to version 0.14.0 Rebuilt with rust-tar 0.4.45 for CVE-2026-33056. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-3c1918cbd5 2026-04-05 00:52:10.725680+00:00 -------------------------------------------------------------------------------- Name : rust-sccache Product : Fedora 43 Version : 0.14.0 Release : 2.fc43 URL : https://crates.io/crates/sccache Summary : Sccache is a ccache-like tool Description : Sccache is a ccache-like tool. It is used as a compiler wrapper and avoids compilation when possible. Sccache has the capability to utilize caching in remote storage environments, including various cloud storage options, or alternatively, in local storage. -------------------------------------------------------------------------------- Update Information: Update to version 0.14.0 Rebuilt with rust-tar 0.4.45 for CVE-2026-33056 -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 27 2026 Andreas Schneider - 0.14.0-1 - Update to version 0.14.0 * Mon Mar 23 2026 Benjamin A. Beasley - 0.13.0-4 - Rebuilt with rust-tar 0.4.45 for CVE-2026-33056 - Restore binary package License expression, lost in a previous update -------------------------------------------------------------------------------- References: [ 1 ] Bug #2438014 - rust-sccache-0.14.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2438014 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-3c1918cbd5' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Update to rust-sccache 0.14.0 for Fedora 43 addresses security risk CVE-2026-33056. Learn more about the fix.. rust-sccache update, Fedora 43 security, CVE-2026-33056, compiler tool, remote caching. . Severity: Important. LinuxSecurity.com Team

Apr 05, 2026 •Important Fedora

security advisoryfedoramemory exhaustion

Fedora 43: rclone 1.72.0 Critical CPU Memory Issues 2025-5e299f890a

Update to 1.72.0. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-5e299f890a 2025-12-03 00:52:00.122599+00:00 -------------------------------------------------------------------------------- Name : rclone Product : Fedora 43 Version : 1.72.0 Release : 1.fc43 URL : https://github.com/rclone/rclone Summary : Rsync for cloud storage Description : "rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Drive, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files. -------------------------------------------------------------------------------- Update Information: Update to 1.72.0 -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 24 2025 Mikel Olasagasti Uranga - 1.72.0-1 - Update to 1.72.0 - Closes rhbz#2397899 * Fri Oct 10 2025 Alejandro Sez - 1.71.0-2 - rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2408342 - CVE-2025-58189 rclone: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2408342 [ 2 ] Bug #2408741 - CVE-2025-61725 rclone: Excessive CPU consumption in ParseAddress in net/mail [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2408741 [ 3 ] Bug #2409815 - CVE-2025-61723 rclone: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2409815 [ 4 ] Bug #2410765 - CVE-2025-58185 rclone: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2410765 [ 5 ] Bug #2411661 - CVE-2025-58188 rclone: Panic when validating certificates with DSA public keys in crypto/x509 [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2411661 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-5e299f890a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Update to Fedora 43 rclone 1.72.0 addresses critical security issues related to cloud storage functionality.. rclone update, Fedora 43 security, cloud storage security, software updates. . Severity: Critical. LinuxSecurity.com Team

Dec 03, 2025 •Critical Fedora

security advisorysecurity updateimportant

Critical Security Advisory for Red Hat OpenStack Platform 13 & 16

An update for openstack-swift is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat OpenStack Platform (openstack-swift) security update Advisory ID: RHSA-2023:1277-01 Product: Red Hat OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2023:1277 Issue date: 2023-03-15 CVE Names: CVE-2022-47950 ==================================================================== 1. Summary: An update for openstack-swift is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 13.0 - ELS - noarch Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server - noarch Red Hat OpenStack Platform 16.1 - noarch Red Hat OpenStack Platform 16.2 - noarch 3. Description: OpenStack Object Storage (swift) aggregates commodity servers to work together in clusters for reliable, redundant, and large-scale storage of static objects. Objects are written to multiple hardware devices in the data center, with the OpenStack software responsible for ensuring data replication and integrity across the cluster. Storage clusters can scale horizontally by adding new nodes, which are automatically configured. Should a node fail, OpenStack works to replicate its content from other active nodes. Because OpenStack uses software logic to ensure data replication and distribution across different devices, inexpensive commodity hard drives andservers can be used in lieu of more expensive equipment. Security Fix(es): * Arbitrary file access through custom S3 XML entities (CVE-2022-47950) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2160618 - CVE-2022-47950 openstack-swift: Arbitrary file access through custom S3 XML entities 6. Package List: Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server: Source: openstack-swift-plugin-swift3-1.12.1-1.el7ost.src.rpm noarch: openstack-swift-plugin-swift3-1.12.1-1.el7ost.noarch.rpm Red Hat OpenStack Platform 13.0 - ELS: Source: openstack-swift-plugin-swift3-1.12.1-1.el7ost.src.rpm noarch: openstack-swift-plugin-swift3-1.12.1-1.el7ost.noarch.rpm Red Hat OpenStack Platform 16.1: Source: openstack-swift-2.23.2-1.20230201163512.eef87ee.el8ost.src.rpm noarch: openstack-swift-account-2.23.2-1.20230201163512.eef87ee.el8ost.noarch.rpm openstack-swift-container-2.23.2-1.20230201163512.eef87ee.el8ost.noarch.rpm openstack-swift-object-2.23.2-1.20230201163512.eef87ee.el8ost.noarch.rpm openstack-swift-proxy-2.23.2-1.20230201163512.eef87ee.el8ost.noarch.rpm python3-swift-2.23.2-1.20230201163512.eef87ee.el8ost.noarch.rpm Red Hat OpenStack Platform 16.2: Source: openstack-swift-2.23.4-2.20220422185313.2829195.el8ost.src.rpm noarch: openstack-swift-account-2.23.4-2.20220422185313.2829195.el8ost.noarch.rpm openstack-swift-container-2.23.4-2.20220422185313.2829195.el8ost.noarch.rpm openstack-swift-object-2.23.4-2.20220422185313.2829195.el8ost.noarch.rpm openstack-swift-proxy-2.23.4-2.20220422185313.2829195.el8ost.noarch.rpm python3-swift-2.23.4-2.20220422185313.2829195.el8ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on howto verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-47950 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZBI1RdzjgjWX9erEAQhRMw/8DHDgTPCWS06Nt5uj0+gIeydc5aahFYkY IjAJP8/rGGYaqsWAFTVyoWS9Inq/lWILm7+by5tthqlMC9QxRj+ZBp4FTdu9Vett VIll9T4zhG6b2kB0UxqpXvcj55Izd7Mrhds7oaHrMCIWm5UP/ln5shdK6r9shUSt Nr7MsN8vtffnpTP/5mR8AIevmHFAXNsHZZetnQ1cWRbviTEUmPQV3CLKexbqHj3q pAYXWKPtcb+yKwg4TS7at/cS8LRuNB0SdzpFFtJHQh0zwOl+jOg6BxDQUInMIyvB siyDeWwqhn+scFCkjsJETJRLMbxNoYge9UvTtFmIgTq2S7XOazhZY2XS7LhNnYPL S7+9A37xi78tNR1gJ9iV0SMtiLzjZ9GfPanvecDujyTntEAr2uJ4rXv2Jfl+ampv LpltVyJ/MIwDhptHN/zBUKMa5gLUe0wPSxl2exd9yrAEpgY2bxP2grgog0c6mo3N kXFR4VDiBSMZOFBIaDfl19o3l2SlLEy23PUVWutr+nnXbWGKj8vhjCBq9dXNOIL9 Vea+4QO/K7mXLDSrdNiz4qaejtXbcNbVcsT1lQe1FOO2t+BFLMIxMNlyl+TejHS3 gJcpZ07lUgZxo4ai0Jv6xCAfjB5Pj7rZZtE8PkkyPO2uAZ7vg6cSqEGP933WT/ke gDn9JuNohT4=9q28 -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Critical patch released for Red Hat OpenStack Suite tackling unauthorized entry in openstack-swift. Immediate action required!. Red Hat OpenStack, secure update, openstack-swift, access control, cloud security. . Severity: Important. LinuxSecurity.com Team

Mar 15, 2023 •Important Red Hat

security advisorysecurity fixarbitrary file access

Red Hat OpenStack 16.2: RHSA-2023-1279-01 Important: Arbitrary File Access

An update for openstack-cinder is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Synopsis: Red Hat OpenStack Platform (openstack-cinder) security update Advisory ID: RHSA-2023:1279-01 Product: Red Hat OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2023:1279 Issue date: 2023-03-15 CVE Names: CVE-2022-47951 ==================================================================== 1. Summary: An update for openstack-cinder is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenStack Platform 13.0 - ELS - noarch Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server - noarch Red Hat OpenStack Platform 16.1 - noarch Red Hat OpenStack Platform 16.2 - noarch 3. Description: Cinder is the replacement of nova-volume in Folsom and beyond, used for block storage. Security Fix(es): * Arbitrary file access through custom VMDK flat descriptor (CVE-2022-47951) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2161812 -CVE-2022-47951 openstack: Arbitrary file access through custom VMDK flat descriptor 6. Package List: Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server: Source: openstack-cinder-12.0.10-27.el7ost.src.rpm noarch: openstack-cinder-12.0.10-27.el7ost.noarch.rpm python-cinder-12.0.10-27.el7ost.noarch.rpm Red Hat OpenStack Platform 13.0 - ELS: Source: openstack-cinder-12.0.10-27.el7ost.src.rpm noarch: openstack-cinder-12.0.10-27.el7ost.noarch.rpm python-cinder-12.0.10-27.el7ost.noarch.rpm Red Hat OpenStack Platform 16.1: Source: openstack-cinder-15.4.0-1.20230206163350.58f0e73.el8ost.src.rpm noarch: openstack-cinder-15.4.0-1.20230206163350.58f0e73.el8ost.noarch.rpm python3-cinder-15.4.0-1.20230206163350.58f0e73.el8ost.noarch.rpm Red Hat OpenStack Platform 16.2: Source: openstack-cinder-15.6.1-2.20221003154726.87578a0.el8ost.src.rpm noarch: openstack-cinder-15.6.1-2.20221003154726.87578a0.el8ost.noarch.rpm python3-cinder-15.6.1-2.20221003154726.87578a0.el8ost.noarch.rpm Red Hat OpenStack Platform 16.1: Source: openstack-cinder-15.4.0-1.20230206163350.58f0e73.el8ost.src.rpm noarch: openstack-cinder-15.4.0-1.20230206163350.58f0e73.el8ost.noarch.rpm python3-cinder-15.4.0-1.20230206163350.58f0e73.el8ost.noarch.rpm Red Hat OpenStack Platform 16.2: Source: openstack-cinder-15.6.1-2.20221003154726.87578a0.el8ost.src.rpm noarch: openstack-cinder-15.6.1-2.20221003154726.87578a0.el8ost.noarch.rpm python3-cinder-15.6.1-2.20221003154726.87578a0.el8ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-47951 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBZBI1Q9zjgjWX9erEAQgWHA//fDrcgA8DihNs3YVBif6Uom/9FjQADyGo 69Sk7Cv171AEls5gqs0GZ+8Yu06+C1j9gpU0a1NsAje0blNeI7x3tKKWY9oNRhMa 1brx1gbeRlzCCpGz4NHOmTX0Zime8cH90iGbkKYw3J8/uDzW0Sgxt6jhyxKaT6fr UvrPIzh8SvjJV/IhU0r3sHr2p70iVsDH/FrJUfJL+RzvJSxfQMbOqBwZ96LRcqaQ gLlGQ9ZVPIlFouOSjpWEA3vOae21aYBwdW6vg42sqLmQjUvNDfexmQCYC8N7DtHx H8/Ans6lxsdIpNnxTgX3sANSuESI7awjgaN0Bf+kPvGKVYCIIXadAbAssz0atl4N uJ4K7m/8SCbx6OZdWj+VmxwbtvirXEC8Ob2tDWF+Hpp0n45uWio0l7mbthYKQACz +0jJ9QkBLg6ujqbq90XeTZvPGXkKnIbdk2U2ovpNn0N788aMhxODwD0pzY5zn3lJ VkEvt3crqXjWRrLdOOpYFg27qlz4eXZyxQyLVgW6SUI9CQeOFk7yYvJCC44qK1JW 0XdXvw/S0Eo3ozVjf6qU8/HCZIfsYrjbVI+VAFstE97UXIQw0tN0mNHvqyB9Sr9d 5/8tg8LQx+pAhi6xYXsuQJyd19Zt/04HiG6SII250MaAaH575mgeocXqaFl3l6nU H5vEvvCYiaY=loIU -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Red Hat OpenStack Platform announces a critical patch for openstack-cinder to rectify major security vulnerabilities. Discover further details.. Red Hat OpenStack, security update, openstack-cinder, important advisory. . Severity: Important. LinuxSecurity.com Team

Mar 15, 2023 •Important Red Hat

security advisorymoderatedebian

Debian: DSA-3245-1 Moderate: Nextcloud CSRF And Authentication Flaw

Multiple vulnerabilities were discovered in ownCloud, a cloud storage web service for files, music, contacts, calendars and many more. CVE-2015-3011 . - ------------------------------------------------------------------------- Debian Security Advisory DSA-3244-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Salvatore Bonaccorso May 02, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : owncloud CVE ID : CVE-2015-3011 CVE-2015-3012 CVE-2015-3013 Multiple vulnerabilities were discovered in ownCloud, a cloud storage web service for files, music, contacts, calendars and many more. CVE-2015-3011 Hugh Davenport discovered that the "contacts" application shipped with ownCloud is vulnerable to multiple stored cross-site scripting attacks. This vulnerability is effectively exploitable in any browser. CVE-2015-3012 Roy Jansen discovered that the "documents" application shipped with ownCloud is vulnerable to multiple stored cross-site scripting attacks. This vulnerability is not exploitable in browsers that support the current CSP standard. CVE-2015-3013 Lukas Reschke discovered a blacklist bypass vulnerability, allowing authenticated remote attackers to bypass the file blacklist and upload files such as the .htaccess files. An attacker could leverage this bypass by uploading a .htaccess and execute arbitrary PHP code if the /data/ directory is stored inside the web root and a web server that interprets .htaccess files is used. On default Debian installations the data directory is outside of the web root and thus this vulnerability is not exploitable by default. For the stable distribution (jessie), these problems have been fixed in version 7.0.4+dfsg-4~deb8u1. For the testing distribution (stretch), these problems have been fixed in version 7.0.4+dfsg-3. For the unstable distribution(sid), these problems have been fixed in version 7.0.4+dfsg-3. We recommend that you upgrade your owncloud packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Delve into critical security enhancements outlined in Debian Security Advisory DSA-3244-1 for ownCloud, addressing multiple vulnerabilities in the application framework.. ownCloud Security, Debian Advisory, Cross-Site Scripting, Upload Bypass, Cloud Storage Risks. . Severity: Important. LinuxSecurity.com Team

May 02, 2015 •Important Debian

security advisorysecurity updateRed Hat

Red Hat: RHSA-2015-0836-01 Moderate: OpenStack-Swift Metadata Issue

Updated openstack-swift packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: openstack-swift security update Advisory ID: RHSA-2015:0836-01 Product: Red Hat Enterprise Linux OpenStack Platform Advisory URL: https://access.redhat.com/errata/RHSA-2015:0836.html Issue date: 2015-04-16 CVE Names: CVE-2014-7960 ==================================================================== 1. Summary: Updated openstack-swift packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6 - noarch 3. Description: OpenStack Object Storage (swift) provides object storage in virtual containers, which allows users to store and retrieve files (arbitrary data). The service's distributed architecture supports horizontal scaling; redundancy as failure-proofing is provided through software-based data replication. Because Object Storage supports asynchronous eventual consistency replication, it is well suited to multiple data-center deployment. A flaw was found in the metadata constraints in OpenStack Object Storage (swift). By adding metadata in several separate calls, a malicious user could bypass the max_meta_count constraint, and store more metadata than allowed by the configuration. (CVE-2014-7960) All users of openstack-swift are advised toupgrade to these updated packages, which correct this issue. After installing this update, the OpenStack Object Storage services will be restarted automatically. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 6 runs on Red Hat Enterprise Linux 6.6. The Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 6 Release Notes contain the following: * An explanation of the way in which the provided components interact to form a working cloud computing environment. * Technology Previews, Recommended Practices, and Known Issues. * The channels required for Red Hat Enterprise Linux OpenStack Platform 5 for RHEL 6, including which channels need to be enabled and disabled. The Release Notes are linked to in the References section. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1150461 - CVE-2014-7960 openstack-swift: Swift metadata constraints are not correctly enforced 6. Package List: Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 6: Source: openstack-swift-1.13.1-4.el6ost.src.rpm noarch: openstack-swift-1.13.1-4.el6ost.noarch.rpm openstack-swift-account-1.13.1-4.el6ost.noarch.rpm openstack-swift-container-1.13.1-4.el6ost.noarch.rpm openstack-swift-doc-1.13.1-4.el6ost.noarch.rpm openstack-swift-object-1.13.1-4.el6ost.noarch.rpm openstack-swift-proxy-1.13.1-4.el6ost.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-7960 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iD8DBQFVMAYZXlSAg2UNWIIRAsjSAJ9lkm7lg+J8EP49N4tOb5GFWTlU2wCgugre 3N+q43dlG9LsgfUqn0mJ/1c=1Qbi -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Safety patch released for openstack-swift in Red Hat Enterprise Linux OpenStack Platform 5.0, rated with medium severity.. openstack swift update, Red Hat security fix, OpenStack security guidance. . LinuxSecurity.com Team

Apr 16, 2015 Red Hat

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Linux Advisory Watch

Linux Security Week

Community Poll

More Polls

What got you started with Linux?

Message!

Self-taught through trial and error
Formal training or courses
A job that required it
Other

No answer selected. Please try again.

Please select either existing option or enter your own, however not both.

Please select minimum {0} answer(s).

Please select maximum {0} answer(s).

/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json

150

radio

Self-taught through trial and error (78.42%)

78.42% votes

Formal training or courses (4.32%)

4.32% votes

A job that required it (4.89%)

4.89% votes

Other (12.37%)

12.37% votes

bottom 200

Stay Secure with the Latest Linux Advisories

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

Fedora 43 rust-sccache 0.14.0 Patch Addresses Security Issue CVE-2026-33056

Fedora 43: rclone 1.72.0 Critical CPU Memory Issues 2025-5e299f890a

Critical Security Advisory for Red Hat OpenStack Platform 13 & 16

Red Hat OpenStack 16.2: RHSA-2023-1279-01 Important: Arbitrary File Access

Debian: DSA-3245-1 Moderate: Nextcloud CSRF And Authentication Flaw

Red Hat: RHSA-2015-0836-01 Moderate: OpenStack-Swift Metadata Issue

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Refine advisories

severity

Topics

Distro

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!