Stay Vigilant with Timely Linux Security Advisories

Refine advisories

X Clear Filters

Critical (1)

Important (1)

Dovecot (141)

debian (8034)

denial of service (18299)

important (27751)

information leak (1384)

security advisory (114945)

critical (18622)

gsasl (5)

security update (9017)

SuSE (3977)

Debian LTS (1)

Fedora (1)

OpenSUSE (3)

SuSE (3)

Published Date Range

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Linux Advisory Watch

Linux Security Week

Community Poll

More Polls

What got you started with Linux?

Message!

Self-taught through trial and error
Formal training or courses
A job that required it
Other

No answer selected. Please try again.

Please select either existing option or enter your own, however not both.

Please select minimum {0} answer(s).

Please select maximum {0} answer(s).

/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json

150

radio

Self-taught through trial and error (78.42%)

78.42% votes

Formal training or courses (4.32%)

4.32% votes

A job that required it (4.89%)

4.89% votes

Other (12.37%)

12.37% votes

[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

bottom 200

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

We found -1 articles for you...

197

security advisorydebianauthenticity

Debian LTS 2.4.9.4-0: DLA-4129-1 moderate: mod_auth_openidc security flaw

A vulnerability has been fixed in mod_auth_openidc, an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-4129-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Moritz Schlarb April 17, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : libapache2-mod-auth-openidc Version : 2.4.9.4-0+deb11u5 CVE ID : CVE-2025-31492 Debian Bug : 1102413 A vulnerability has been fixed in mod_auth_openidc, an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. The bug in mod_auth_openidc results in disclosure of protected content to unauthenticated users. The conditions for disclosure are the following directives: OIDCProviderAuthRequestMethod POST Require valid-user and there mustn't be any application-level gateway (or load balancer etc) protecting the server. When you request a protected resource, the response includes the HTTP status, the HTTP headers, the intended response (the self-submitting form), *and the protected resource (with no headers)*. The patch fixing this issue has been backported from mod_auth_openidc 2.4.16.11. For Debian 11 bullseye, this problem has been fixed in version 2.4.9.4-0+deb11u5. We recommend that you upgrade your libapache2-mod-auth-openidc packages. For the detailed security status of libapache2-mod-auth-openidc please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/libapache2-mod-auth-openidc Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questionscan be found at: https://wiki.debian.org/LTS . An essential patch for libapache2-mod-auth-openidc addresses a major security vulnerability concerning data exposure in Debian LTS.. libapache2-mod-auth-openidc, Debian LTS update, security patch, authentication module, content protection. . Severity: Important. LinuxSecurity.com Team

Apr 17, 2025 •Important Debian LTS

security advisorycriticalFedora

Fedora 34: 2021-83fdddca0f Critical: Curl Connection Issues

- fix TELNET stack contents disclosure again (CVE-2021-22925) - fix bad connection reuse due to flawed path name checks (CVE-2021-22924) - disable metalink support to fix the following vulnerabilities CVE-2021-22923 - metalink download sends credentials CVE-2021-22922 - wrong content via metalink not discarded. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-83fdddca0f 2021-07-23 01:03:07.021615 --------------------------------------------------------------------------------Name : curl Product : Fedora 34 Version : 7.76.1 Release : 7.fc34 URL : https://curl.se/ Summary : A utility for getting files from remote servers (FTP, HTTP, and others) Description : curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. --------------------------------------------------------------------------------Update Information: - fix TELNET stack contents disclosure again (CVE-2021-22925) - fix bad connection reuse due to flawed path name checks (CVE-2021-22924) - disable metalink support to fix the following vulnerabilities CVE-2021-22923 -metalink download sends credentials CVE-2021-22922 - wrong content via metalink not discarded --------------------------------------------------------------------------------ChangeLog: --------------------------------------------------------------------------------References: [ 1 ] Bug #1984325 - CVE-2021-22922 curl: wrong content via metalink is not being discarded [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1984325 [ 2 ] Bug #1984326 -CVE-2021-22923 curl: Metalink download sends credentials [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1984326 [ 3 ] Bug #1984327 - CVE-2021-22924 curl: bad connection reuse due to flawed path name checks [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1984327 [ 4 ] Bug #1984328 - CVE-2021-22925 curl: Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1984328 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-83fdddca0f' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . Fedora 34 users must urgently update the curl package to fix security vulnerabilities and bugs. Run 'sudo dnf update curl' to ensure security and performance.. Fedora Update, Curl Tool, Security Fix, Connection Issues, Content Disclosure. . Severity: Critical. LinuxSecurity.com Team

Jul 22, 2021 •Critical Fedora

202

security advisorymoderate threatcurl

openSUSE Leap 15.3: 2021:2439-1 Moderate: Curl Security Fixes

An update that fixes four vulnerabilities is now available. . openSUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:2439-1 Rating: moderate References: #1188217 #1188218 #1188219 #1188220 Cross-References: CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 CVSS scores: CVE-2021-22922 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2021-22923 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-22924 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2021-22925 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-2439=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): curl-7.66.0-4.22.1 curl-debuginfo-7.66.0-4.22.1 curl-debugsource-7.66.0-4.22.1 libcurl-devel-7.66.0-4.22.1 libcurl4-7.66.0-4.22.1 libcurl4-debuginfo-7.66.0-4.22.1 - openSUSE Leap 15.3 (x86_64): libcurl-devel-32bit-7.66.0-4.22.1 libcurl4-32bit-7.66.0-4.22.1 libcurl4-32bit-debuginfo-7.66.0-4.22.1 References: https://www.suse.com/security/cve/CVE-2021-22922.html https://www.suse.com/security/cve/CVE-2021-22923.html https://www.suse.com/security/cve/CVE-2021-22924.html https://www.suse.com/security/cve/CVE-2021-22925.html https://bugzilla.suse.com/1188217 https://bugzilla.suse.com/1188218 https://bugzilla.suse.com/1188219 https://bugzilla.suse.com/1188220 . The recent openSUSE update addresses four security flaws in curl, enhancing defenses against possible information leaks and strengthening encryption mechanisms.. openSUSE Security Update,curl vulnerabilities,security updates,moderate threat fixes. . LinuxSecurity.com Team

Jul 21, 2021 OpenSUSE

100

security advisorymoderateupdate

SUSE: 2021:1786-1 Moderate: curl Content Disclosure and Overflow

An update that solves 6 vulnerabilities and has one errata is now available. . SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1786-1 Rating: moderate References: #1175109 #1177976 #1179398 #1179399 #1179593 #1183933 #1186114 Cross-References: CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2021-22876 CVE-2021-22898 CVSS scores: CVE-2020-8231 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-8231 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2020-8284 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2020-8284 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2020-8285 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-8285 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-8286 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2020-8286 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N CVE-2021-22876 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-22876 (SUSE): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N CVE-2021-22898 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that solves 6 vulnerabilities and has one errata is now available. Description: This update for curl fixes the following issues: - CVE-2021-22898: TELNETstack contents disclosure (bsc#1186114) - CVE-2021-22876: The automatic referer leaks credentials (bsc#1183933) - CVE-2020-8286: Inferior OCSP verification (bsc#1179593) - CVE-2020-8285: FTP wildcard stack overflow (bsc#1179399) - CVE-2020-8284: Trusting FTP PASV responses (bsc#1179398) - CVE-2020-8231: libcurl will pick and use the wrong connection with multiple requests with libcurl's multi API and the 'CURLOPT_CONNECT_ONLY' option (bsc#1175109) - Fix: SFTP uploads result in empty uploaded files (bsc#1177976) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1786=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1786=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1786=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1786=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): curl-7.60.0-4.20.1 curl-debuginfo-7.60.0-4.20.1 curl-debugsource-7.60.0-4.20.1 libcurl4-32bit-7.60.0-4.20.1 libcurl4-7.60.0-4.20.1 libcurl4-debuginfo-32bit-7.60.0-4.20.1 libcurl4-debuginfo-7.60.0-4.20.1 - SUSE OpenStack Cloud 9 (x86_64): curl-7.60.0-4.20.1 curl-debuginfo-7.60.0-4.20.1 curl-debugsource-7.60.0-4.20.1 libcurl4-32bit-7.60.0-4.20.1 libcurl4-7.60.0-4.20.1 libcurl4-debuginfo-32bit-7.60.0-4.20.1 libcurl4-debuginfo-7.60.0-4.20.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): curl-7.60.0-4.20.1 curl-debuginfo-7.60.0-4.20.1 curl-debugsource-7.60.0-4.20.1 libcurl4-7.60.0-4.20.1 libcurl4-debuginfo-7.60.0-4.20.1 - SUSE Linux EnterpriseServer for SAP 12-SP4 (x86_64): libcurl4-32bit-7.60.0-4.20.1 libcurl4-debuginfo-32bit-7.60.0-4.20.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): curl-7.60.0-4.20.1 curl-debuginfo-7.60.0-4.20.1 curl-debugsource-7.60.0-4.20.1 libcurl4-7.60.0-4.20.1 libcurl4-debuginfo-7.60.0-4.20.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libcurl4-32bit-7.60.0-4.20.1 libcurl4-debuginfo-32bit-7.60.0-4.20.1 References: https://www.suse.com/security/cve/CVE-2020-8231.html https://www.suse.com/security/cve/CVE-2020-8284.html https://www.suse.com/security/cve/CVE-2020-8285.html https://www.suse.com/security/cve/CVE-2020-8286.html https://www.suse.com/security/cve/CVE-2021-22876.html https://www.suse.com/security/cve/CVE-2021-22898.html https://bugzilla.suse.com/1175109 https://bugzilla.suse.com/1177976 https://bugzilla.suse.com/1179398 https://bugzilla.suse.com/1179399 https://bugzilla.suse.com/1179593 https://bugzilla.suse.com/1183933 https://bugzilla.suse.com/1186114 . The latest SUSE Security Update resolves multiple vulnerabilities found in curl. This release enhances system protection and corrects possible threats.. SUSE Security Update,curl vulnerabilities,moderate threat,software update. . LinuxSecurity.com Team

May 27, 2021 SuSE

100

security advisorymoderate severitycurl security

DEBIAN: 2021:2054-2 Low: wget Security Vulnerability Resolution

An update that fixes one vulnerability, contains one feature is now available. . SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1762-1 Rating: moderate References: #1186114 SLE-17956 Cross-References: CVE-2021-22898 CVSS scores: CVE-2021-22898 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability, contains one feature is now available. Description: This update for curl fixes the following issues: - CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114). - Allow partial chain verification [jsc#SLE-17956] * Have intermediate certificates in the trust store be treated as trust-anchors, in the same way as self-signed root CA certificates are. This allows users to verify servers using the intermediate cert only, instead of needing the whole chain. * Set FLAG_TRUSTED_FIRST unconditionally. * Do not check partial chains with CRL check. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1762=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1762=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1762=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): curl-7.66.0-4.17.1 curl-debuginfo-7.66.0-4.17.1 curl-debugsource-7.66.0-4.17.1 libcurl4-7.66.0-4.17.1 libcurl4-debuginfo-7.66.0-4.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): curl-7.66.0-4.17.1 curl-debuginfo-7.66.0-4.17.1 curl-debugsource-7.66.0-4.17.1 libcurl-devel-7.66.0-4.17.1 libcurl4-7.66.0-4.17.1 libcurl4-debuginfo-7.66.0-4.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libcurl4-32bit-7.66.0-4.17.1 libcurl4-32bit-debuginfo-7.66.0-4.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): curl-7.66.0-4.17.1 curl-debuginfo-7.66.0-4.17.1 curl-debugsource-7.66.0-4.17.1 libcurl-devel-7.66.0-4.17.1 libcurl4-7.66.0-4.17.1 libcurl4-debuginfo-7.66.0-4.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libcurl4-32bit-7.66.0-4.17.1 libcurl4-32bit-debuginfo-7.66.0-4.17.1 References: https://www.suse.com/security/cve/CVE-2021-22898.html https://bugzilla.suse.com/1186114 . Security patch for wget focusing on mild severity vulnerabilities found in Red Hat distributions, providing resolutions and improvements.. SUSE Linux Enterprise,curl security update,SUSE patches,content disclosure fix,trust verification curl. . LinuxSecurity.com Team

May 26, 2021 SuSE

100

security advisorymoderateSUSE

SUSE: 2021:14735-2 Critical Security Update for OpenSSL Released

An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14735-1 Rating: moderate References: #1186114 Cross-References: CVE-2021-22898 CVSS scores: CVE-2021-22898 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Server 11-SECURITY ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for curl fixes the following issues: - CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-curl-14735=1 Package List: - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): curl-openssl1-7.37.0-70.63.1 libcurl4-openssl1-7.37.0-70.63.1 - SUSE Linux Enterprise Server 11-SECURITY (ppc64 s390x x86_64): libcurl4-openssl1-32bit-7.37.0-70.63.1 - SUSE Linux Enterprise Server 11-SECURITY (ia64): libcurl4-openssl1-x86-7.37.0-70.63.1 References: https://www.suse.com/security/cve/CVE-2021-22898.html https://bugzilla.suse.com/1186114 . Update Released for curl vulnerability: critical patch SUSE-SU-2021:14736-2 addressing curl's information leakage problem.. SUSE Update,Curl Security,Content Disclosure,Security Patch. . LinuxSecurity.com Team

May 26, 2021 SuSE

202

security advisorymoderatepatch

openSUSE: 2021:0227-1 Moderate Messagelib Content Disclosure Fix

An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for messagelib ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:0227-1 Rating: moderate References: #1131885 Cross-References: CVE-2019-10732 Affected Products: openSUSE Backports SLE-15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for messagelib fixes the following issues: - CVE-2019-10732: Prevented accidental disclosure of encrypted content when replying (boo#1131885). This update was imported from the openSUSE:Leap:15.1:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP1: zypper in -t patch openSUSE-2021-227=1 Package List: - openSUSE Backports SLE-15-SP1 (aarch64 x86_64): messagelib-18.12.3-bp151.3.3.1 messagelib-devel-18.12.3-bp151.3.3.1 - openSUSE Backports SLE-15-SP1 (noarch): messagelib-lang-18.12.3-bp151.3.3.1 References: https://www.suse.com/security/cve/CVE-2019-10732.html https://bugzilla.suse.com/1131885 . OpenSUSE Security Patch for messagelib addresses CVE-2019-10732 to mitigate the unintended exposure of encrypted data.. openSUSE Security Update,messagelib patch,content protection. . LinuxSecurity.com Team

Feb 02, 2021 OpenSUSE

202

security advisorymoderatefile protection

openSUSE: 2018:1900-1 Moderate: Git-Annex Security Patch Update

An update that fixes two vulnerabilities is now available.. openSUSE Security Update: Security update for git-annex ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:1897-1 Rating: moderate References: #1098062 #1098364 Cross-References: CVE-2018-10857 CVE-2018-10859 Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for git-annex to version 6.20180626 fixes the following issues: - CVE-2018-10857: Prevent file content disclosure by refusing to download content that cannot be verified with a hash, from encrypted special remotes and glacier (bsc#1098062). - CVE-2018-10859: Prevent local gpg encrypted file disclosure by refusing to download content that cannot be verified with a hash, from encrypted special remotes (bsc#1098364). This update brings many other bug fixes and new features. https://hackage.haskell.org/package/git-annex-6.20180626/changelog has a detailed list of changes. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Package Hub for SUSE Linux Enterprise 12: zypper in -t patch openSUSE-2018-697=1 Package List: - SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64): git-annex-6.20180626-7.1 git-annex-bash-completion-6.20180626-7.1 References: https://www.suse.com/security/cve/CVE-2018-10857.html https://www.suse.com/security/cve/CVE-2018-10859.html https://bugzilla.suse.com/1098062 https://bugzilla.suse.com/1098364 -- . Update for git-annex available on openSUSE addressing potential information leakage with filecontent. Detailed patching steps provided.. openSUSE Security, git-annex Fix, contingency measures, disclosure prevention. . LinuxSecurity.com Team

Jul 06, 2018 OpenSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Linux Advisory Watch

Linux Security Week

Community Poll

More Polls

What got you started with Linux?

Message!

Self-taught through trial and error
Formal training or courses
A job that required it
Other

No answer selected. Please try again.

Please select either existing option or enter your own, however not both.

Please select minimum {0} answer(s).

Please select maximum {0} answer(s).

/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json

150

radio

Self-taught through trial and error (78.42%)

78.42% votes

Formal training or courses (4.32%)

4.32% votes

A job that required it (4.89%)

4.89% votes

Other (12.37%)

12.37% votes

bottom 200

Stay Secure with the Latest Linux Advisories

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

Debian LTS 2.4.9.4-0: DLA-4129-1 moderate: mod_auth_openidc security flaw

Fedora 34: 2021-83fdddca0f Critical: Curl Connection Issues

openSUSE Leap 15.3: 2021:2439-1 Moderate: Curl Security Fixes

SUSE: 2021:1786-1 Moderate: curl Content Disclosure and Overflow

DEBIAN: 2021:2054-2 Low: wget Security Vulnerability Resolution

SUSE: 2021:14735-2 Critical Security Update for OpenSSL Released

openSUSE: 2021:0227-1 Moderate Messagelib Content Disclosure Fix

openSUSE: 2018:1900-1 Moderate: Git-Annex Security Patch Update

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Refine advisories

severity

Topics

Distro

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!