Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Stay Secure with the Latest Linux Advisories

Opensuse Large Esm H800
openSUSE

openSUSE Security Notice 2026-2328-1 Significant Updates on Four Xen Risks

Calendar White Jun 10, 2026
Important
Suse Large Esm H900
SuSE

openSUSE 2026-2328-1 Xen Important Buffer Overflow Patch

Calendar White Jun 10, 2026
Important
Opensuse Large Esm H900
openSUSE

openSUSE Leap 15.6 Important Xen Denial of Service Fix SUSE-SU-2026-2329-1

Calendar White Jun 10, 2026
Important
Suse Large Esm H800
SuSE

openSUSE Important xen Patch for Multiple Threats SUSE-2026-2329-1

Calendar White Jun 10, 2026
Important
Suse Large Esm H900
SuSE

SUSE MariaDB Critical Security Fix 12 Vulnerabilities 2026-2330-1

Calendar White Jun 10, 2026
Critical
Ubuntu Large Esm H900
Ubuntu

Ubuntu 22.04 LTS Exim4 Moderate Regression CVE-2023-42117

Calendar White Jun 10, 2026
Important
Suse Large Esm H800
SuSE

SUSE StrongSwan Important Double-Free CVE-2026-47895 Advisory 2026-2312-1

Calendar White Jun 10, 2026
Important
Suse Large Esm H900
SuSE

SUSE vim Important Command Injection Buffer Overflow Update 2026-2313-1

Calendar White Jun 10, 2026
Important
Suse Large Esm H900
SuSE

openSUSE Important libsoup HTTP Request Smuggling Vulnerability 2026-2314-1

Calendar White Jun 10, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":552,"type":"x","order":1,"pct":78.63,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.27,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.84,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.25,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -7 articles for you...
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedoracritical

Fedora 43: Critical Issue in RNP Session Key Decryption Found

Version 0.18.1 Security Fixed critical issue where PKESK (public-key encrypted) session keys were generated as all-zero, allowing trivial decryption of messages encrypted with public keys only (CVE-2025-13470, CVE-2025-13402). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-a96ccc98ca 2025-11-29 16:43:28.332695+00:00 -------------------------------------------------------------------------------- Name : rnp Product : Fedora 43 Version : 0.18.1 Release : 1.fc43 URL : https://github.com/rnpgp/rnp Summary : OpenPGP (RFC4880) tools Description : RNP is a set of OpenPGP (RFC4880) tools. -------------------------------------------------------------------------------- Update Information: Version 0.18.1 Security Fixed critical issue where PKESK (public-key encrypted) session keys were generated as all-zero, allowing trivial decryption of messages encrypted with public keys only (CVE-2025-13470, CVE-2025-13402) -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2025 Remi Collet - 0.18.1-1 - update to 0.18.1 for CVE-2025-13402 - disable gpg check reported as https://github.com/rnpgp/rnp/issues/2375 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2415870 - CVE-2025-13402 rnp: RNP PKESK Session Keys Generated as All\u2011Zero [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2415870 [ 2 ] Bug #2417035 - CVE-2025-13470 rnp: RNP: Confidentiality compromise due to uninitialized symmetric session key in Public-Key Encrypted Session Key (PKESK) packets [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2417035 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-a96ccc98ca' at the command line. For more information, refer to the dnf documentationavailable at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Critical security fix in Fedora 43 rnp addresses key generation flaws allowing decryption of messages.. Fedora 43,rnp,security fix,PKESK,openpgp. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Nov 29, 2025 Critical Fedora
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorybuffer overflowcritical

Red Hat Quay 3.6.0 RHSA-2021-3917-01 Critical: Multiple DoS Vulnerabilities

An update is now available for Red Hat Quay 3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Quay v3.6.0 security, bug fix and enhancement update Advisory ID: RHSA-2021:3917-01 Product: Red Hat Quay Advisory URL: https://access.redhat.com/errata/RHSA-2021:3917 Issue date: 2021-10-19 CVE Names: CVE-2017-16137 CVE-2017-16138 CVE-2018-1107 CVE-2018-1109 CVE-2018-3721 CVE-2018-3728 CVE-2018-3774 CVE-2018-16492 CVE-2018-21270 CVE-2019-20920 CVE-2019-20922 CVE-2019-1010266 CVE-2020-7608 CVE-2020-8203 CVE-2020-15366 CVE-2020-25648 CVE-2020-26237 CVE-2020-26291 CVE-2020-35653 CVE-2020-35654 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-23364 CVE-2021-23368 CVE-2021-23382 CVE-2021-25289 CVE-2021-25290 CVE-2021-25291 CVE-2021-25292 CVE-2021-25293 CVE-2021-27515 CVE-2021-27516 CVE-2021-27921 CVE-2021-27922 CVE-2021-27923 CVE-2021-34552 CVE-2021-36222 CVE-2021-37750 ==================================================================== 1. Summary: An update is now available for Red Hat Quay 3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Quay 3.6.0 release Security Fix(es): * nodejs-url-parse: incorrect hostname in url parsing(CVE-2018-3774) * python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c (CVE-2021-25289) * nodejs-urijs: mishandling certain uses of backslash may lead to confidentiality compromise (CVE-2021-27516) * nodejs-debug: Regular expression Denial of Service (CVE-2017-16137) * nodejs-mime: Regular expression Denial of Service (CVE-2017-16138) * nodejs-is-my-json-valid: ReDoS when validating JSON fields with email format (CVE-2018-1107) * nodejs-extend: Prototype pollution can allow attackers to modify object properties (CVE-2018-16492) * nodejs-stringstream: out-of-bounds read leading to uninitialized memory exposure (CVE-2018-21270) * nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution (CVE-2019-20920) * nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS (CVE-2019-20922) * nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203) * nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366) * nodejs-highlight-js: prototype pollution via a crafted HTML code block (CVE-2020-26237) * urijs: Hostname spoofing via backslashes in URL (CVE-2020-26291) * python-pillow: decoding crafted YCbCr files could result in heap-based buffer overflow (CVE-2020-35654) * browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) (CVE-2021-23364) * nodejs-postcss: Regular expression denial of service during source map parsing (CVE-2021-23368) * nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js (CVE-2021-23382) * python-pillow: negative-offset memcpy with an invalid size in TiffDecode.c (CVE-2021-25290) * python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c (CVE-2021-25291) * python-pillow: backtracking regex in PDF parser could be used as a DOS attack (CVE-2021-25292) * python-pillow: out-of-bounds read in SGIRleDecode.c(CVE-2021-25293) * nodejs-url-parse: mishandling certain uses of backslash may lead to confidentiality compromise (CVE-2021-27515) * python-pillow: reported size of a contained image is not properly checked for a BLP container (CVE-2021-27921) * python-pillow: reported size of a contained image is not properly checked for an ICNS container (CVE-2021-27922) * python-pillow: reported size of a contained image is not properly checked for an ICO container (CVE-2021-27923) * python-pillow: buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function (CVE-2021-34552) * nodejs-braces: Regular Expression Denial of Service (ReDoS) in lib/parsers.js (CVE-2018-1109) * lodash: Prototype pollution in utilities function (CVE-2018-3721) * hoek: Prototype pollution in utilities function (CVE-2018-3728) * lodash: uncontrolled resource consumption in Data handler causing denial of service (CVE-2019-1010266) * nodejs-yargs-parser: prototype pollution vulnerability (CVE-2020-7608) * python-pillow: decoding a crafted PCX file could result in buffer over-read (CVE-2020-35653) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 1500700 - CVE-2017-16138 nodejs-mime: Regular expression Denial of Service 1500705 - CVE-2017-16137 nodejs-debug: Regular expression Denial of Service 1545884 - CVE-2018-3721 lodash: Prototype pollution in utilities function 1545893 - CVE-2018-3728 hoek: Prototype pollution in utilities function 1546357 - CVE-2018-1107 nodejs-is-my-json-valid: ReDoS when validating JSON fields with email format 1547272 - CVE-2018-1109 nodejs-braces: Regular Expression Denial of Service (ReDoS) inlib/parsers.js 1608140 - CVE-2018-16492 nodejs-extend: Prototype pollution can allow attackers to modify object properties 1743096 - CVE-2019-1010266 lodash: uncontrolled resource consumption in Data handler causing denial of service 1840004 - CVE-2020-7608 nodejs-yargs-parser: prototype pollution vulnerability 1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function 1857977 - CVE-2020-15366 nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function 1882256 - CVE-2019-20922 nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS 1882260 - CVE-2019-20920 nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution 1901662 - CVE-2020-26237 nodejs-highlight-js: prototype pollution via a crafted HTML code block 1915257 - CVE-2020-26291 urijs: Hostname spoofing via backslashes in URL 1915420 - CVE-2020-35653 python-pillow: decoding a crafted PCX file could result in buffer over-read 1915424 - CVE-2020-35654 python-pillow: decoding crafted YCbCr files could result in heap-based buffer overflow 1927293 - CVE-2018-21270 nodejs-stringstream: out-of-bounds read leading to uninitialized memory exposure 1934470 - CVE-2021-27516 nodejs-urijs: mishandling certain uses of backslash may lead to confidentiality compromise 1934474 - CVE-2021-27515 nodejs-url-parse: mishandling certain uses of backslash may lead to confidentiality compromise 1934680 - CVE-2021-25289 python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c 1934685 - CVE-2021-25290 python-pillow: negative-offset memcpy with an invalid size in TiffDecode.c 1934692 - CVE-2021-25291 python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c 1934699 - CVE-2021-25292 python-pillow: backtracking regex in PDF parser could be used as a DOS attack 1934705 - CVE-2021-25293 python-pillow: out-of-bounds read in SGIRleDecode.c 1935384 - CVE-2021-27921 python-pillow: reported size of acontained image is not properly checked for a BLP container 1935396 - CVE-2021-27922 python-pillow: reported size of a contained image is not properly checked for an ICNS container 1935401 - CVE-2021-27923 python-pillow: reported size of a contained image is not properly checked for an ICO container 1940759 - CVE-2018-3774 nodejs-url-parse: incorrect hostname in url parsing 1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing 1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js 1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) 1982378 - CVE-2021-34552 python-pillow: buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function 5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): PROJQUAY-1417 - zstd compressed layersPROJQUAY-1449 - As a Quay admin I want to rely on the Operator to auto-scale all stateless parts of Quay PROJQUAY-1535 - As a user I can create and use nested repository name structures PROJQUAY-1583 - add "disconnected" annotation to operatorsPROJQUAY-1609 - Operator communicates status per managed component PROJQUAY-1610 - Operator does not make Quay deployment wait on Clair deployment PROJQUAY-1791 - v1beta CRD EOL PROJQUAY-1883 - Support OCP Re-encrypt routes PROJQUAY-1887 - allow either sha or tag in related images PROJQUAY-1926 - As an admin, I want an API to create first user, so I can automate deployment. PROJQUAY-1998 - note database deprecations in 3.6 Config Tool PROJQUAY-2050 - Support OCP Edge-Termination PROJQUAY-2100 - A customer can update the Operator from 3.3 to 3.6 directly PROJQUAY-2102 - add clair-4.2 enrichment data to quay UI PROJQUAY-672 - MutatingAdmissionWebhook Created Automatically for QBO During Install 6.References: https://access.redhat.com/security/cve/CVE-2017-16137 https://access.redhat.com/security/cve/CVE-2017-16138 https://access.redhat.com/security/cve/CVE-2018-1107 https://access.redhat.com/security/cve/CVE-2018-1109 https://access.redhat.com/security/cve/CVE-2018-3721 https://access.redhat.com/security/cve/CVE-2018-3728 https://access.redhat.com/security/cve/CVE-2018-3774 https://access.redhat.com/security/cve/CVE-2018-16492 https://access.redhat.com/security/cve/CVE-2018-21270 https://access.redhat.com/security/cve/CVE-2019-20920 https://access.redhat.com/security/cve/CVE-2019-20922 https://access.redhat.com/security/cve/CVE-2019-1010266 https://access.redhat.com/security/cve/CVE-2020-7608 https://access.redhat.com/security/cve/CVE-2020-8203 https://access.redhat.com/security/cve/CVE-2020-15366 https://access.redhat.com/security/cve/CVE-2020-25648 https://access.redhat.com/security/cve/CVE-2020-26237 https://access.redhat.com/security/cve/CVE-2020-26291 https://access.redhat.com/security/cve/CVE-2020-35653 https://access.redhat.com/security/cve/CVE-2020-35654 https://access.redhat.com/security/cve/CVE-2021-22922 https://access.redhat.com/security/cve/CVE-2021-22923 https://access.redhat.com/security/cve/CVE-2021-22924 https://access.redhat.com/security/cve/CVE-2021-23364 https://access.redhat.com/security/cve/CVE-2021-23368 https://access.redhat.com/security/cve/CVE-2021-23382 https://access.redhat.com/security/cve/CVE-2021-25289 https://access.redhat.com/security/cve/CVE-2021-25290 https://access.redhat.com/security/cve/CVE-2021-25291 https://access.redhat.com/security/cve/CVE-2021-25292 https://access.redhat.com/security/cve/CVE-2021-25293 https://access.redhat.com/security/cve/CVE-2021-27515 https://access.redhat.com/security/cve/CVE-2021-27516 https://access.redhat.com/security/cve/CVE-2021-27921 https://access.redhat.com/security/cve/CVE-2021-27922 https://access.redhat.com/security/cve/CVE-2021-27923 https://access.redhat.com/security/cve/CVE-2021-34552 https://access.redhat.com/security/cve/CVE-2021-36222 https://access.redhat.com/security/cve/CVE-2021-37750 https://access.redhat.com/security/updates/classification#important 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYW611tzjgjWX9erEAQj3QxAAkLd259XVhcYRMavTwTQ/qAFPEbosGo/S 5qU+jQyyzx6GotqYcLx354UifFxOu6C0FAeW9Hjc7xGuTUyUsBgBBgnN9btVNKOm o9UBt+QVPKr4J+6c+tVCjGfyiVqeMUSTlKsC+9IGss1yOMF1iXk5+a2cXeT5e9bT 0BTOGT8PEhOlyrhXE8H50A88Pav+16D1P6N1eZW5mzJJijFFxk3j25DZePBHvcjr ooDynB1HrDqxzikC/iZHU8HwnRY5nAA8Kn2ij5+nWTif7Fz7z6Ma+ZZ9k8V4VBdF 6Y8usTbovnG1JxbifKDMl8CrkSMI334lLIQ3ce/kq8/tXhX6e3IhzQHxFD1jhU9U tbNsMRAY5NjiFlBi5iDmmcd7MtT/YUaRW+60oOokGp/UWOKcSpyfg5Wcxiw8l7pi sNbZE1FKYTJ9kogwOTDZGC3VapbSlE1HJvYGGuaVmRH/QMf+UYwWt+1YJRcGkwSs pbPPOeJQHHN/bF+oC96SnOJggge7zIlNyzdBQoM716qK4oFt6I6rbqARScw2iTd8 f35aPX2eNSVEeAjJHDtNIiTIuBCjlfZKeoNz7zfjBN8eaeHe8gD9DvNyQzz/zTF3 31Hc4NBqIfwZn6+0XpZqqD2+2LQ50pPpnkpyViOSCYNqQMk2N95iOQXI1SSmJCT8 TF78u84S/UQ=JKGu -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Stay informed with the newest security patches for Red Hat Quay version 3.6.0, targeting significant vulnerabilities and essential troubleshooting updates.. Red Hat Quay Security, Bug Fix Update, Important Security Updates, Critical Bug Fixes. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Oct 19, 2021 Important Red Hat
Banner 3 1028x280 1708121785 1771599793
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":552,"type":"x","order":1,"pct":78.63,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.27,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.84,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.25,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here