Alerts This Week
Warning Icon 1 664
Alerts This Week
Warning Icon 1 664

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -1 articles for you...
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorymoderatesecurity update

Debian 10: DLA-3735-1 Moderate: Runc Control Character And Breakout

runc is a command line client for running applications packaged according to the Open Container Format (OCF) and is a compliant implementation of the Open Container Project specification. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3735-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Daniel Leidert February 19, 2024 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : runc Version : 1.0.0~rc6+dfsg1-3+deb10u3 CVE ID : CVE-2021-43784 CVE-2024-21626 Debian Bug : runc is a command line client for running applications packaged according to the Open Container Format (OCF) and is a compliant implementation of the Open Container Project specification. CVE-2021-43784 A flaw has been detected that may lead to a possible length field overflow, allowing user-controlled data to be parsed as control characters. CVE-2024-21626 A flaw has been detected which allows several container breakouts due to internally leaked file descriptors. The patch includes fixes and hardening measurements against these types of issues/attacks. For Debian 10 buster, these problems have been fixed in version 1.0.0~rc6+dfsg1-3+deb10u3. We recommend that you upgrade your runc packages. For the detailed security status of runc please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/runc Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Enhance your runc installations on Debian 10 to mitigate recent vulnerabilities related to control characters and risks of container escape.. Debian Security,Runc Update,Container Security Updates,Linux Security. . LinuxSecurity.com Team

Calendar 2 Feb 19, 2024 Debian LTS
217
Ls Advisories Oracle Esm H240
Price Tag 1security advisorymoderatesecurity update

Oracle Linux 9 ELSA-2024-0811 Moderate: Sudo Control Character Update

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-0811 https://linux.oracle.com/errata/ELSA-2024-0811.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: sudo-1.9.5p2-10.el9_3.x86_64.rpm sudo-python-plugin-1.9.5p2-10.el9_3.x86_64.rpm aarch64: sudo-1.9.5p2-10.el9_3.aarch64.rpm sudo-python-plugin-1.9.5p2-10.el9_3.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol9/SRPMS-updates//sudo-1.9.5p2-10.el9_3.src.rpm Related CVEs: CVE-2023-28486 CVE-2023-28487 CVE-2023-42465 Description of changes: RHEL 9.3.0.Z ERRATUM [1.9.5p2-10] - CVE-2023-28487 sudo: Sudo does not escape control characters in sudoreplay output Resolves: RHEL-21834 - CVE-2023-28486 sudo: Sudo does not escape control characters in log messages Resolves: RHEL-21828 - CVE-2023-42465 sudo: Targeted Corruption of Register and Stack Variables Resolves: RHEL-21821 RHEL 8.9.0.Z ERRATUM [1.9.5p2-1] - Rebase to 1.9.5p2 - CVE-2023-28486 sudo: Sudo does not escape control characters in log messages Resolves: RHEL-21825 - CVE-2023-28487 sudo: Sudo does not escape control characters in sudoreplay output Resolves: RHEL-21831 - CVE-2023-42465 sudo: Targeted Corruption of Register and Stack Variables Resolves: RHEL-21820 _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux Security Notice regarding sudo highlights crucial vulnerabilities related to control characters and stack corruption. Discover further details!. Oracle Linux Security Update, Sudo Patch, ELSA-2024-0811. . LinuxSecurity.com Team

Calendar 2 Feb 16, 2024 Oracle
Banner 1 1028x280 1708121660 1771599717
203
Ls Advisories Mageia Esm H240
Price Tag 1security advisorymoderatesecurity issue

Mageia 8: MGASA-2023-0133 Moderate: Sudo Control Character Escaping

Sudo before 1.9.13 does not escape control characters in log messages. (CVE-2023-28486) Sudo before 1.9.13 does not escape control characters in sudoreplay output. (CVE-2023-28487) . MGASA-2023-0133 - Updated sudo packages fix security vulnerability Publication date: 11 Apr 2023 URL: https://advisories.mageia.org/MGASA-2023-0133.html Type: security Affected Mageia releases: 8 CVE: CVE-2023-28486, CVE-2023-28487 Sudo before 1.9.13 does not escape control characters in log messages. (CVE-2023-28486) Sudo before 1.9.13 does not escape control characters in sudoreplay output. (CVE-2023-28487) References: - https://bugs.mageia.org/show_bug.cgi?id=31738 - https://lists.suse.com/pipermail/sle-security-updates/2023-March/014226.html - https://www.cve.org/CVERecord?id=CVE-2023-28486 - https://www.cve.org/CVERecord?id=CVE-2023-28487 SRPMS: - 8/core/sudo-1.9.5p2-2.3.mga8 . Recent updates to the sudo packages address security vulnerabilities within Mageia 8 related to the improper handling of control character escaping prior to version 1.9.13.. Sudo Security Update, Mageia Security Advisory, Control Characters, Security Vulnerability, Linux Update. . LinuxSecurity.com Team

Calendar 2 Apr 11, 2023 Mageia
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorymoderatesudo

SUSE: 2023:873-1 Moderate: Toolbox Security Update for Sudo

The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:873-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-3.2.83 , suse/sle-micro/5.4/toolbox:latest Container Release : 3.2.83 Severity : moderate Type : security References : 1203201 1206483 1206772 1207853 1208595 1209361 1209362 CVE-2023-27320 CVE-2023-28486 CVE-2023-28487 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1636-1 Released: Tue Mar 28 13:26:02 2023 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1207853 This update for suse-module-tools fixes the following issues: - Update to version 15.4.16: * modprobe.conf: s390x: remove softdep on fbcon (bsc#1207853) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1665-1 Released: Wed Mar 29 12:55:13 2023 Summary: Security update for sudo Type: security Severity: moderate References: 1203201,1206483,1206772,1208595,1209361,1209362,CVE-2023-27320,CVE-2023-28486,CVE-2023-28487 This update for sudo fixes the following issue: Security issues: - CVE-2023-28486: Fixed sudo does not escape control characters in log messages. (bsc#1209362) - CVE-2023-28487: Fixed sudo does not escape control characters in sudoreplay output. (bsc#1209361) - CVE-2023-27320: Fixed a potential security issue with a double free with per-command chroot sudoers rules (bsc#1208595). Bug fixes: - Fix a situation where 'sudo -U otheruser -l' would dereference aNULL pointer (bsc#1206483) - If NOPASSWD is specified, don't ask for password if command is not found (bsc#1206772). - Do not re-enable the reader when flushing the buffers as part of pty_finish() (bsc#1203201). The following package changes have been done: - sudo-1.9.9-150400.4.26.1 updated - suse-module-tools-15.4.16-150400.3.8.1 updated . SUSE Container security enhancement introduces vital updates for toolbox and sudo, rectifying vulnerabilities related to control character management.. SUSE Security Update, Toolbox Security, Sudo Update. . LinuxSecurity.com Team

Calendar 2 Mar 31, 2023 SuSE
Banner 1 1028x280 1708121660 1771599717
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorylow severitySUSE Linux

SUSE: 2022:4004-2 Medium Risk: wget Command Line Injection

An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3003-1 Rating: low References: #1202593 Cross-References: CVE-2022-35252 CVSS scores: CVE-2022-35252 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service (bsc#1202593). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3003=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3003=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): curl-7.79.1-150400.5.6.1 curl-debuginfo-7.79.1-150400.5.6.1 curl-debugsource-7.79.1-150400.5.6.1 libcurl-devel-7.79.1-150400.5.6.1 libcurl4-7.79.1-150400.5.6.1 libcurl4-debuginfo-7.79.1-150400.5.6.1 - openSUSE Leap 15.4 (x86_64): libcurl-devel-32bit-7.79.1-150400.5.6.1 libcurl4-32bit-7.79.1-150400.5.6.1 libcurl4-32bit-debuginfo-7.79.1-150400.5.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): curl-7.79.1-150400.5.6.1 curl-debuginfo-7.79.1-150400.5.6.1 curl-debugsource-7.79.1-150400.5.6.1 libcurl-devel-7.79.1-150400.5.6.1 libcurl4-7.79.1-150400.5.6.1 libcurl4-debuginfo-7.79.1-150400.5.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libcurl4-32bit-7.79.1-150400.5.6.1 libcurl4-32bit-debuginfo-7.79.1-150400.5.6.1 References: https://www.suse.com/security/cve/CVE-2022-35252.html https://bugzilla.suse.com/1202593 . SUSE has issued a Security Update for curl, addressing a minor severity issue related to control character injection, to improve application security and integrity. SUSE Updates, Curl Security, Linux Desktop Security, Denial of Service, Patch Management. . Severity: Low. LinuxSecurity.com Team

Calendar 2 Sep 02, 2022 Low SuSE
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorysecurity updateSUSE

SUSE: 2021:0486-1 Moderate: Python-Urllib3 Control Character Injection

An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for python-urllib3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0486-1 Rating: moderate References: #1177211 Cross-References: CVE-2020-26116 CVSS scores: CVE-2020-26116 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N CVE-2020-26116 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-urllib3 fixes the following issues: - CVE-2020-26116: Raise ValueError if method contains control characters and thus prevent CRLF injection into URLs (bsc#1177211). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-486=1 Package List: - SUSE OpenStack Cloud 7 (noarch): python-urllib3-1.16-3.15.1 References: https://www.suse.com/security/cve/CVE-2020-26116.html https://bugzilla.suse.com/1177211 . New patch released for python-urllib3 mitigating control character injection threats. Resolve security issue in line with SUSE advisory.. SUSE Update, Python Urllib3, Security Patch, Moderate Risk, Control Characters Fix. . LinuxSecurity.com Team

Calendar 2 Feb 16, 2021 SuSE
Banner 1 1028x280 1708121660 1771599717
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorymoderateSUSE Linux

SUSE: 2021:0457-1 Important: python-requests Security Vulnerability Notice

An update that solves one vulnerability and has one errata is now available. . SUSE Security Update: Security update for python-urllib3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0341-1 Rating: moderate References: #1177211 #1181571 Cross-References: CVE-2020-26116 CVSS scores: CVE-2020-26116 (NVD) Base Score: 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N CVE-2020-26116 (SUSE) Base Score: 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for python-urllib3 fixes the following issues: - CVE-2020-26116: Raise ValueError if method contains control characters and thus prevent CRLF injection into URLs (bsc#1177211). - Skip test for RECENT_DATE (bsc#1181571). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-341=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2021-341=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-341=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2021-341=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (noarch): python2-urllib3-1.22-6.12.1 python3-urllib3-1.22-6.12.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): python2-urllib3-1.22-6.12.1 python3-urllib3-1.22-6.12.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): python2-urllib3-1.22-6.12.1 python3-urllib3-1.22-6.12.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): python2-urllib3-1.22-6.12.1 python3-urllib3-1.22-6.12.1 References: https://www.suse.com/security/cve/CVE-2020-26116.html https://bugzilla.suse.com/1177211 https://bugzilla.suse.com/1181571 . A recent update for python-urllib3 tackles a moderate severity issue, specifically addressing a critical control character injection vulnerability that has been resolved.. SUSE Linux Enterprise, Python Urllib3 Update, Security Fix, Information Disclosure. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Feb 08, 2021 Important SuSE
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisorysecurity issuepatch

openSUSE: 2019:0239-1 Critical: python-python-gnupg Control Char Problem

An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for python-python-gnupg ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:0239-1 Rating: important References: #1123498 Cross-References: CVE-2019-6690 Affected Products: openSUSE Backports SLE-15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-python-gnupg to version 0.4.4 fixes the following issues: Security issue fixed: - CVE-2019-6690: Added a check to disallow certain control characters ('\r', '\n', NUL) in passphrases (boo#1123498). This update was imported from the openSUSE:Leap:15.0:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15: zypper in -t patch openSUSE-2019-239=1 Package List: - openSUSE Backports SLE-15 (noarch): python2-python-gnupg-0.4.4-bp150.2.3.1 python3-python-gnupg-0.4.4-bp150.2.3.1 References: https://www.suse.com/security/cve/CVE-2019-6690.html https://bugzilla.suse.com/1123498 -- . A recent update addresses a significant security vulnerability within python-python-gnupg for openSUSE Backports.. openSUSE Security Update, python-python-gnupg, important patch, security fixes, character control issues. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Feb 23, 2019 Important OpenSUSE
Banner 1 1028x280 1708121660 1771599717
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here