Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 36 articles for you...
197
security advisorycriticaldebianDebian 11 Ansible Critical Code Execution Risk DLA-4502-1 CVE-2024-11079
A flaw was found in ansible, a configuration management, deployment, and task execution system. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4502-1
Mar 18, 2026
•Critical
Debian LTS
89
security advisorybuffer overflowFedoraFedora 42: augeas 2025-6b5c54bd05 Security Advisory Updates
CVE-2025-2588. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-6b5c54bd05 2025-03-28 00:15:35.878868+00:00 -------------------------------------------------------------------------------- Name : augeas Product : Fedora 42 Version : 1.14.2 Release : 0.4.20250324git4dffa3d.fc42 URL : https://github.com/rwmjones/augeas Summary : A library for changing configuration files Description : A library for programmatically editing configuration files. Augeas parses configuration files into a tree structure, which it exposes through its public API. Changes made through the API are written back to the initially read files. The transformation works very hard to preserve comments and formatting details. It is controlled by ``lens' definitions that describe the file format and the transformation into a tree. -------------------------------------------------------------------------------- Update Information: CVE-2025-2588 -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 24 2025 Alexander Bokovoy - 1.14.2-0.4 - rhbz#235444: CVE-2025-2588 * Mon Feb 24 2025 Richard W.M. Jones - 1.14.2-0.3 - Move to fork of Augeas which contains a small number of PRs: - lenses/tmpfiles.aug: Permit '$' character in /usr/lib/tmpfiles.d/*.conf - lenses/multipath.aug: Support all possible values for find_multipaths - lenses/systemd.aug: Allow "+"(fullprivileges) command flag -------------------------------------------------------------------------------- References: [ 1 ] Bug #2354446 - CVE-2025-2588 augeas: Hercules Augeas fa.c re_case_expand null pointer dereference [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2354446 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-6b5c54bd05' at thecommand line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Mar 28, 2025
•Important
Fedora
172
security advisorysoftware updateaccess controlUbuntu 20.04-14.04: USN-7330-1 critical: Ansible security issues
Several security issues were fixed in Ansible.. ========================================================================== Ubuntu Security Notice USN-7330-1 March 05, 2025 ansible vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Ansible. Software Description: - ansible: Configuration management, deployment, and task execution system Details: It was discovered that Ansible did not properly verify certain fields of X.509 certificates. An attacker could possibly use this issue to spoof SSL servers if they were able to intercept network communications. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-3908) Martin Carpenter discovered that certain connection plugins for Ansible did not properly restrict users. An attacker with local access could possibly use this issue to escape a restricted environment via symbolic links misuse. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-6240) Robin Schneider discovered that Ansible's apt_key module did not properly verify key fingerprints. A remote attacker could possibly use this issue to perform key injection, leading to the access of sensitive information. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-8614) It was discovered that Ansible would expose passwords in certain instances. An attacker could possibly use specially crafted input related to this issue to access sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-10206) It was discovered that Ansible incorrectly logged sensitive information. An attacker with local access could possibly use this issue to access sensitive information. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. (CVE-2019-14846) It wasdiscovered that Ansible's solaris_zone module accepted input without performing input checking. A remote attacker could possibly use this issue to enable the execution of arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-14904) It was discovered that Ansible did not generate sufficiently random values, which could lead to the exposure of passwords. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-10729) It was discovered that Ansible's svn module could disclose passwords to users within the same node. An attacker could possibly use this issue to access sensitive information. (CVE-2020-1739) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS ansible 2.9.6+dfsg-1ubuntu0.1~esm3 Available with Ubuntu Pro Ubuntu 18.04 LTS ansible 2.5.1+dfsg-1ubuntu0.1+esm5 Available with Ubuntu Pro Ubuntu 16.04 LTS ansible 2.0.0.2-2ubuntu1.3+esm5 Available with Ubuntu Pro ansible-fireball 2.0.0.2-2ubuntu1.3+esm5 Available with Ubuntu Pro ansible-node-fireball 2.0.0.2-2ubuntu1.3+esm5 Available with Ubuntu Pro Ubuntu 14.04 LTS ansible 1.5.4+dfsg-1ubuntu0.1~esm3 Available with Ubuntu Pro ansible-fireball 1.5.4+dfsg-1ubuntu0.1~esm3 Available with Ubuntu Pro ansible-node-fireball 1.5.4+dfsg-1ubuntu0.1~esm3 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7330-1 CVE-2015-3908, CVE-2015-6240, CVE-2016-8614, CVE-2019-10206, CVE-2019-14846, CVE-2019-14904, CVE-2020-10729, CVE-2020-1739 . A critical security alert from Ansible uncovers several threats necessitating prompt upgrades to protect Ubuntu installations.. ansible security, Ubuntu updates, security issues, configuration management, software vulnerabilities. . Severity: Critical. LinuxSecurity.com Team
Mar 06, 2025
•Critical
Ubuntu
197
security advisorymoderateDebianDebian 10 Buster DLA-3695-1 moderate: Ansible credential exposure
Ansible a configuration management, deployment, and task execution system was affected by multiple vulnerabilities. CVE-2019-10206 . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3695-1
Dec 28, 2023
Debian LTS
89
security advisoryFedorapackage updateFedora 39: 2023-3a0ce521ab Moderate: Ansible CVE-2023-5764
Latest round of ansible/ansible-core minor releases. Mitigates CVE-2023-5764. - package-9-1-0/2764. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-3a0ce521ab 2023-12-20 01:23:57.701255 -------------------------------------------------------------------------------- Name : ansible Product : Fedora 39 Version : 9.1.0 Release : 1.fc39 URL : https://www.redhat.com/en/ansible-collaborative?intcmp=7015Y000003t7aWQAQ/ Summary : Curated set of Ansible collections included in addition to ansible-core Description : Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. This package provides a curated set of Ansible collections included in addition to ansible-core. -------------------------------------------------------------------------------- Update Information: Latest round of ansible/ansible-core minor releases. Mitigates CVE-2023-5764. - package-9-1-0/2764 -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 6 2023 Maxwell G - 9.1.0-1 - Update to 9.1.0. * Tue Nov 21 2023 Maxwell G - 9.0.1-1 - Update to 9.0.1. -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-3a0ce521ab' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Dec 20, 2023
•Important
Fedora
89
security advisorycritical issueFedoraFedora 37: FEDORA-2023-abc1e3f789 Severe: Ansible-Core Upgrade
Update to 2.14.11. Mitigates CVE-2023-5115.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-cdc7db366e 2023-10-21 01:25:58.306187 -------------------------------------------------------------------------------- Name : ansible-core Product : Fedora 37 Version : 2.14.11 Release : 1.fc37 URL : https://www.redhat.com/en/ansible-collaborative?intcmp=7015Y000003t7aWQAQ/ Summary : A radically simple IT automation system Description : Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. This is the base part of ansible (the engine). -------------------------------------------------------------------------------- Update Information: Update to 2.14.11. Mitigates CVE-2023-5115. -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 12 2023 Maxwell G - 2.14.11-1 - Update to 2.14.11. -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-cdc7db366e' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Oct 21, 2023
•Critical
Fedora
89
security advisorymoderatebuffer overflowUbuntu 22.04: 2023-a5e67d10fc Critical: NetworkManager Security Patch
Rebase to 0.5.2 to fix CVE-2023-22652 and CVE-2023-30079. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-b4b77f950c 2023-09-13 01:34:55.169250 -------------------------------------------------------------------------------- Name : libeconf Product : Fedora 37 Version : 0.5.2 Release : 1.fc37 URL : https://github.com/openSUSE/libeconf Summary : Enhanced config file parser library Description : libeconf is a highly flexible and configurable library to parse and manage key=value configuration files. It reads configuration file snippets from different directories and builds the final configuration file from it. -------------------------------------------------------------------------------- Update Information: Rebase to 0.5.2 to fix CVE-2023-22652 and CVE-2023-30079 -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 28 2023 Iker Pedrosa - 0.5.2-1 - Update to 0.5.2 (RH#1980774) - Fix CVE-2023-22652 (RH#2212464) - Fix CVE-2023-30079 (RH#2235236) * Thu Jul 20 2023 Fedora Release Engineering - 0.4.0-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Thu Jan 19 2023 Fedora Release Engineering - 0.4.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1980774 - libeconf-0.5.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1980774 [ 2 ] Bug #2212464 - CVE-2023-22652 libeconf: stack-based buffer overflow in read_file() in lib/getfilecontents.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2212464 [ 3 ] Bug #2235236 - CVE-2023-30079 libeconf: Stack overflow in function read_file at atlibeconf/lib/getfilecontents.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2235236 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-b4b77f950c' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Sep 13, 2023
•Critical
Fedora
89
security advisorycriticalFedoraFedora 37: 2023-347891f014 Important Upgrade For Python-vkbasalt-tool
Update bottles to 51.6 and release final dependency vkbasalt-cli. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-328397d034 2023-05-29 01:07:00.470078 --------------------------------------------------------------------------------Name : python-vkbasalt-cli Product : Fedora 37 Version : 3.1.1.post1 Release : 1.fc37 URL : https://gitlab.com/TheEvilSkeleton/vkbasalt-cli Summary : Command line interface for vkBasalt Description : vkbasalt-cli is a CLI utility and library in conjunction with vkBasalt. This makes generating configuration files or running vkBasalt with games easier. This is mainly convenient in environments where integrating vkBasalt is wishful, for example a GUI application. Integrating vkbasalt-cli allows a front-end to easily generate and use specific configurations on the fly, without asking the user to manually write a configuration file. --------------------------------------------------------------------------------Update Information: Update bottles to 51.6 and release final dependency vkbasalt-cli --------------------------------------------------------------------------------ChangeLog: * Fri May 19 2023 Sandro - 3.1.1.post1-1 - Initial release (RHBZ#2188653) --------------------------------------------------------------------------------References: [ 1 ] Bug #2210444 - CVE-2023-22970 Bottles: YAML mishandling https://bugzilla.redhat.com/show_bug.cgi?id=2210444 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-328397d034' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 29, 2023
•Important
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!