Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

Stay Secure with the Latest Linux Advisories

Opensuse Large Esm H800
openSUSE

openSUSE Chromedriver Moderate Security Issues Fixed 2026-10958-1

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed libmozjs Moderate Update CVE-2025-70103

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed Perl HTML Parser Moderate CVE-2026-8829 Advisory

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H800
openSUSE

openSUSE Tumbleweed kernel-devel Moderate Security Issue 2026-10954-1

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed Gleam Moderate Threat Fixed 2026-10953-1

Calendar White Jun 08, 2026
moderate
Ubuntu Large Esm H900
Ubuntu

Ubuntu 25.10 Systemd Critical Arbitrary Code Exec DNS Issues USN-8402-1

Calendar White Jun 08, 2026
Critical
Opensuse Large Esm H800
openSUSE

openSUSE Epiphany Important Password Handling Issue CVE-2023-26081

Calendar White Jun 08, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS 8399-1 Pillow Denial of Service Risk CVE-2026-42308

Calendar White Jun 08, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS Poppler Critical DoS Code Execution Vuln USN-8400-1

Calendar White Jun 08, 2026
Critical
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -5 articles for you...
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisorysecurity updatesoftware patch

Ubuntu 24.04: USN-6844-1 Severe: CUPS Permission Modification Problem

CUPS could be made to arbitrary chmod paths with specially crafted configuration file.. ========================================================================== Ubuntu Security Notice USN-6844-1 June 24, 2024 cups vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: CUPS could be made to arbitrary chmod paths with specially crafted configuration file. Software Description: - cups: Common UNIX Printing System(tm) Details: Rory McNamara discovered that when starting the cupsd server with a Listen configuration item, the cupsd process fails to validate if bind call passed. An attacker could possibly trick cupsd to perform an arbitrary chmod of the provided argument, providing world-writable access to the target. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS cups 2.4.7-1.2ubuntu7.1 Ubuntu 23.10 cups 2.4.6-0ubuntu3.1 Ubuntu 22.04 LTS cups 2.4.1op1-1ubuntu4.9 Ubuntu 20.04 LTS cups 2.3.1-9ubuntu1.7 Ubuntu 18.04 LTS cups 2.2.7-1ubuntu2.10+esm4 Available with Ubuntu Pro Ubuntu 16.04 LTS cups 2.1.3-4ubuntu0.11+esm6 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6844-1 CVE-2024-35235 Package Information: https://launchpad.net/ubuntu/+source/cups/2.4.7-1.2ubuntu7.1 https://launchpad.net/ubuntu/+source/cups/2.4.6-0ubuntu3.1 https://launchpad.net/ubuntu/+source/cups/2.4.1op1-1ubuntu4.9 https://launchpad.net/ubuntu/+source/cups/2.3.1-9ubuntu1.7 .Ubuntu Security Notice USN-6845-1 pertains to a vulnerability in OpenSSH which could enable unauthorized account logins via manipulated settings.. CUPSSecurity, UbuntuUpdates, ArbitraryPermissions. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jun 25, 2024 Critical Ubuntu
203
Ls Advisories Mageia Esm H240
Price Tag 1security advisorysecurity issuecritical

Mageia 8: MGASA-2023-0222 High: Keepass Vulnerability in Cleartext Access

Allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. Disputed by vendor due to level of access required. (CVE-2023-24055) Possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running (CVE-2023-32784) . MGASA-2023-0221 - Updated keepass packages fix security vulnerability Publication date: 07 Jul 2023 URL: https://advisories.mageia.org/MGASA-2023-0221.html Type: security Affected Mageia releases: 8 CVE: CVE-2023-24055, CVE-2023-32784 Allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. Disputed by vendor due to level of access required. (CVE-2023-24055) Possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running (CVE-2023-32784) References: - https://bugs.mageia.org/show_bug.cgi?id=31935 - - https://www.cve.org/CVERecord?id=CVE-2023-24055 - https://www.cve.org/CVERecord?id=CVE-2023-32784 SRPMS: - 8/core/keepass-2.54-1.mga8 . Recent KeePass updates in Mageia 8 tackle vulnerabilities concerning the exposure of unencrypted passwords. Discover further details.. Keepass Security Update, Configuration File Vulnerability, Mageia Advisory. . LinuxSecurity.com Team

Calendar 2 Jul 07, 2023 Mageia
Banner 3 1028x280 1708121785 1771599793
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorydebianprivilege escalation

Debian 9 Stretch DLA-2918-1 Moderate: debian-edu-config Permission Threat

Marcel Neumann, Robert Altschaffel, Loris Guba and Dustin Hermann discovered that debian-edu-config, a set of configuration files used for the Debian Edu blend configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation. . - ----------------------------------------------------------------------- Debian LTS Advisory DLA-2918-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Utkarsh Gupta February 12, 2022 https://wiki.debian.org/LTS - ----------------------------------------------------------------------- Package : debian-edu-config Version : 1.929+deb9u5 CVE ID : CVE-2021-20001 Marcel Neumann, Robert Altschaffel, Loris Guba and Dustin Hermann discovered that debian-edu-config, a set of configuration files used for the Debian Edu blend configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation. If PHP functionality is needed for the user web shares, please refer to /usr/share/doc/debian-edu-config/README.public_html_with_PHP-CGI+suExec.md For Debian 9 stretch, this problem has been fixed in version 1.929+deb9u5. We recommend that you upgrade your debian-edu-config packages. For the detailed security status of debian-edu-config please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/debian-edu-config Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . The Ubuntu Security Notice USN-1234-1 addresses a vulnerability in ubuntu-config. Promptly updating is recommended to reduce exposure.. Debian Edu Security, Configuration Issues, Privilege Escalation. . LinuxSecurity.com Team

Calendar 2 Feb 11, 2022 Debian LTS
200
Ls Advisories Scientific Esm H240
Price Tag 1security advisoryaccess controllow severity

Scientific Linux 5: Low Dovecot Advisory CVE-2008-4577 Access Control Issue

Low: dovecot security and bug fix update. Date: Wed, 21 Jan 2009 16:10:10 -0600 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Low: dovecot on SL5.x i386/x86_64 Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it." Synopsis: Low: dovecot security and bug fix update Issue date: 2009-01-20 CVE Names: CVE-2008-4577 CVE-2008-4870 A flaw was found in Dovecot's ACL plug-in. The ACL plug-in treated negative access rights as positive rights, which could allow an attacker to bypass intended access restrictions. (CVE-2008-4577) A password disclosure flaw was found with Dovecot's configuration file. If a system had the "ssl_key_password" option defined, any local user could view the SSL key password. (CVE-2008-4870) Note: This flaw did not allow the attacker to acquire the contents of the SSL key. The password has no value without the key file which arbitrary users should not have read access to. To better protect even this value, however, the dovecot.conf file now supports the "!include_try" directive. The ssl_key_password option should be moved from dovecot.conf to a new file owned by, and only readable and writable by, root (ie 0600). This file should be referenced from dovecot.conf by setting the "!include_try [/path/to/password/file]" option. Additionally, this update addresses the following bugs: * the dovecot init script -- /etc/rc.d/init.d/dovecot -- did not check if the dovecot binary or configuration files existed. It also used the wrong pid file for checking the dovecot service's status. This update includes a new init script that corrects these errors. * the %files section of the dovecot spec file did not include "%dir %{ssldir}/private". As a consequence, the /etc/pki/private/ directory was not owned by dovecot. (Note: files inside /etc/pki/private/ were and are owned by dovecot.) With this update, the missing line has been added to the spec file, and the noted directory is now owned by dovecot. * in some previously releasedversions of dovecot, the authentication process accepted (and passed along un-escaped) passwords containing characters that had special meaning to dovecot's internal protocols. This updated release prevents such passwords from being passed back, instead returning the error, "Attempted login with password having illegal chars". Note: dovecot versions previously shipped with Scientific Linux 5 did not allow this behavior. This update addresses the issue above but said issue was only present in versions of dovecot not previously included with Scientific Linux 5. SL 5.x SRPMS: dovecot-1.0.7-7.el5.src.rpm i386: dovecot-1.0.7-7.el5.i386.rpm x86_64: dovecot-1.0.7-7.el5.x86_64.rpm -Connie Sieh -Troy Dawson . A minor severity update for Dovecot in Scientific Linux 5 addresses significant vulnerabilities related to access control lists and SSL key management.. Dovecot, Security Update, Scientific Linux, ACL Plug-in, Access Control. . Severity: Low. LinuxSecurity.com Team

Calendar 2 Jan 21, 2009 Low Scientific Linux
Banner 3 1028x280 1708121785 1771599793
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here