Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
89
security advisorylocal root exploitfedoraFedora 42: Local Root Exploit and Configuration Update Announcement
Update default config options for build. New upstream release 5.0.1 . -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-f055a0d751 2025-07-19 21:31:40.396395+00:00 -------------------------------------------------------------------------------- Name : screen Product : Fedora 42 Version : 5.0.1 Release : 4.fc42 URL : http://www.gnu.org/software/screen Summary : A screen manager that supports multiple logins on one terminal Description : The screen utility allows you to have multiple logins on just one terminal. Screen is useful for users who telnet into a machine or are connected via a dumb terminal, but want to use more than just one login. Install the screen package if you need a screen manager that can support multiple logins on one terminal. -------------------------------------------------------------------------------- Update Information: Update default config options for build. New upstream release 5.0.1 -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 30 2025 Josef Ridky - 5.0.1-4 - Modify configuration options to reflect changes in version 5.0.1 * Sat Jun 28 2025 Charles R. Anderson - 5.0.1-3 - Add --enable-socket-dir - Resolves: rhbz#2375347 * Wed Jun 25 2025 Josef Ridky - 5.0.1-2 - Unify patch name * Thu May 29 2025 Dick Marinus - 5.0.1-1 - New upstream release 5.0.1 (#2366507) * Tue Feb 11 2025 Zbigniew J\u0119drzejewski-Szmek - 5.0.0-4 - Add sysusers.d config file to allow rpm to create users/groups automatically * Sat Feb 1 2025 Bjrn Esser - 5.0.0-3 - Add explicit BR: libxcrypt-devel -------------------------------------------------------------------------------- References: [ 1 ] Bug #2362065 - [abrt] screen: strncpy(): screen killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=2362065 [ 2 ] Bug #2366507 - screen-5.0.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2366507 [ 3 ] Bug #2367169 - Backport to F42: Add sysusers.d config file to allow rpm to create users/groups automatically https://bugzilla.redhat.com/show_bug.cgi?id=2367169 [ 4 ] Bug #2368500 - CVE-2025-46803 screen: Screen by Default Creates World Writable PTYs [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2368500 [ 5 ] Bug #2368501 - CVE-2025-46803 screen: Screen by Default Creates World Writable PTYs [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2368501 [ 6 ] Bug #2368503 - CVE-2025-46802 screen: TTY Hijacking while Attaching to a Multiuser Session [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2368503 [ 7 ] Bug #2368504 - CVE-2025-46802 screen: TTY Hijacking while Attaching to a Multiuser Session [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2368504 [ 8 ] Bug #2374606 - CVE-2025-23395 screen: Local Root Exploit via `logfile_reopen()` [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2374606 [ 9 ] Bug #2375347 - screen changed location of sockets--now in $HOME/.screen rather than /run/screen https://bugzilla.redhat.com/show_bug.cgi?id=2375347 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-f055a0d751' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Fedora 42 release tackles security vulnerabilities and settings adjustments in the screen tool. Prompt upgrade advised.. Fedora 42, screen utility, system security fixes, softwareupdate. . Severity: Important. LinuxSecurity.com Team
Jul 19, 2025
•Important
Fedora
89
security advisoryfedorastack overflowFedora 31: FEDORA-2019-4c69fb4cd7 Moderate: Mosquitto Config Crash Fix
1.6.7 Fix potential crash when reloading config. Client library: * Don't use / in autogenerated client ids, to avoid confusing with topics. * Fix mosquitto_max_inflight_messages_set() and mosquitto_int_option(..., MOSQ_OPT_*_MAX, ...) behaviour. * Fix regression on use of. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-4c69fb4cd7 2019-10-04 20:02:51.623142 --------------------------------------------------------------------------------Name : mosquitto Product : Fedora 31 Version : 1.6.7 Release : 1.fc31 URL : https://mosquitto.org/ Summary : An Open Source MQTT v3.1/v3.1.1 Broker Description : Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power sensors or mobile devices such as phones, embedded computers or micro-controllers like the Arduino. --------------------------------------------------------------------------------Update Information: 1.6.7 ===== Broker: * Add workaround for working with libwebsockets 3.2.0. * Fix potential crash when reloading config. Client library: * Don't use / in autogenerated client ids, to avoid confusing with topics. * Fix mosquitto_max_inflight_messages_set() and mosquitto_int_option(..., MOSQ_OPT_*_MAX, ...) behaviour. * Fix regression on use of mosquitto_connect_async() not working. Clients: * mosquitto_sub: Fix -E incorrectly not working unless -d was also specified. * Updated documentation around automatic client ids. 1.6.6 ===== Security: * CVE-2019-11779 * Restrict topic hierarchy to 200 levels to prevent possible stack overflow. Broker: * Restrict topic hierarchy to 200 levels to prevent possible stack overflow. * mosquitto_passwd now returns 1 when attempting to update a user that does notexist. 1.6.5 ===== Broker: * Fix v5 DISCONNECT packets with remaining length == 2 being treated as a protocol error. * Fix support for libwebsockets 3.x. * Fix slow websockets performance when sending large messages. * Fix bridges potentially not connecting on Windows. * Fix clients authorised using `use_identity_as_username` or `use_subject_as_username` being disconnected on SIGHUP. * Improve error messages in some situations when clients disconnect. Reduces the number of "Socket error on client X, disconnecting" messages. * Fix Will for v5 clients not being sent if will delay interval was greater than the session expiry interval. * Fix CRL file not being reloaded on HUP. * Fix repeated "Error in poll" messages on Windows when only websockets listeners are defined. Client library: * Fix reconnect backoff for the situation where connections are dropped rather than refused. * Fix missing locks on `mosq-> state`. Documentation: * Improve details on global/per listener options in the mosquitto.conf man page. * Clarify behaviour when clients exceed the `message_size_limit`. * Improve documentation for `max_inflight_bytes`, `max_inflight_messages`, and `max_queued_messages`. --------------------------------------------------------------------------------References: [ 1 ] Bug #1753846 - CVE-2019-11779 mosquitto: malicious MQTT sends SUBSCRIBE packet leads to stack over flow https://bugzilla.redhat.com/show_bug.cgi?id=1753846 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-4c69fb4cd7' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Oct 04, 2019
•Important
Fedora
87
security advisorycriticaldebianDebian 4.0: DSA-1516-1 Critical: Dovecot Privilege Escalation Fix
Prior to this update, the default configuration for Dovecot used by Debian runs the server daemons with group mail privileges. This means that users with write access to their mail directory by other means (for example, through an SSH login) could read mailboxes owned by other users for which they do not have direct write access (CVE-2008-1199). In addition, an internal interpretation conflict in password handling has been addressed proactively, even though it is not known to be exploitable.. - ----------------------------------------------------------------------Debian Security Advisory DSA-1516-1
Mar 14, 2008
•Critical
Debian
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!