Alerts This Week
Warning Icon 1 664
Alerts This Week
Warning Icon 1 664

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -4 articles for you...
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorycritical threatSUSE Linux

SUSE: 2023:3401-1 Critical Security Flaw in Ruby3.0 Cookie Spoofing

An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for ruby2.5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3292-1 Rating: moderate References: #1193081 Cross-References: CVE-2021-41819 CVSS scores: CVE-2021-41819 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2021-41819 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ruby2.5 fixes the following issues: - CVE-2021-41819: Fixed cookie prefix spoofing in CGI::Cookie.parse (bsc#1193081). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installationmethods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3292=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3292=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3292=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3292=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libruby2_5-2_5-2.5.9-150000.4.26.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.26.1 ruby2.5-2.5.9-150000.4.26.1 ruby2.5-debuginfo-2.5.9-150000.4.26.1 ruby2.5-debugsource-2.5.9-150000.4.26.1 ruby2.5-devel-2.5.9-150000.4.26.1 ruby2.5-devel-extra-2.5.9-150000.4.26.1 ruby2.5-doc-2.5.9-150000.4.26.1 ruby2.5-stdlib-2.5.9-150000.4.26.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.26.1 - openSUSE Leap 15.4 (noarch): ruby2.5-doc-ri-2.5.9-150000.4.26.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libruby2_5-2_5-2.5.9-150000.4.26.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.26.1 ruby2.5-2.5.9-150000.4.26.1 ruby2.5-debuginfo-2.5.9-150000.4.26.1 ruby2.5-debugsource-2.5.9-150000.4.26.1 ruby2.5-devel-2.5.9-150000.4.26.1 ruby2.5-devel-extra-2.5.9-150000.4.26.1 ruby2.5-doc-2.5.9-150000.4.26.1 ruby2.5-stdlib-2.5.9-150000.4.26.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.26.1 - openSUSE Leap 15.3 (noarch): ruby2.5-doc-ri-2.5.9-150000.4.26.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libruby2_5-2_5-2.5.9-150000.4.26.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.26.1 ruby2.5-2.5.9-150000.4.26.1 ruby2.5-debuginfo-2.5.9-150000.4.26.1 ruby2.5-debugsource-2.5.9-150000.4.26.1 ruby2.5-devel-2.5.9-150000.4.26.1 ruby2.5-devel-extra-2.5.9-150000.4.26.1 ruby2.5-stdlib-2.5.9-150000.4.26.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.26.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libruby2_5-2_5-2.5.9-150000.4.26.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.26.1 ruby2.5-2.5.9-150000.4.26.1 ruby2.5-debuginfo-2.5.9-150000.4.26.1 ruby2.5-debugsource-2.5.9-150000.4.26.1 ruby2.5-devel-2.5.9-150000.4.26.1 ruby2.5-devel-extra-2.5.9-150000.4.26.1 ruby2.5-stdlib-2.5.9-150000.4.26.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.26.1 References: https://www.suse.com/security/cve/CVE-2021-41819.html https://bugzilla.suse.com/1193081 . SUSE Security Notification resolves moderate vulnerabilities in ruby2.5 related to cookie prefix impersonation. Apply the suggested updates.. SUSE Linux, Ruby Update, Security Patch, Threat Management. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Sep 16, 2022 Important SuSE
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorydenial of serviceRed Hat Enterprise Linux

Red Hat Enterprise Linux 8 RHSA-2022-5779-01 Moderate: Ruby Update

An update for the ruby:2.5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: ruby:2.5 security update Advisory ID: RHSA-2022:5779-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:5779 Issue date: 2022-08-01 CVE Names: CVE-2021-41817 CVE-2021-41819 ==================================================================== 1. Summary: An update for the ruby:2.5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): * ruby: Regular expression denial of service vulnerability of Date parsing methods (CVE-2021-41817) * ruby: Cookie prefix spoofing in CGI::Cookie.parse (CVE-2021-41819) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2025104 - CVE-2021-41817 ruby: Regularexpression denial of service vulnerability of Date parsing methods 2026757 - CVE-2021-41819 ruby: Cookie prefix spoofing in CGI::Cookie.parse 6. Package List: Red Hat Enterprise Linux AppStream (v.8): Source: ruby-2.5.9-110.module+el8.6.0+15956+aa803fc1.src.rpm rubygem-abrt-0.3.0-4.module+el8.1.0+3656+f80bfa1d.src.rpm rubygem-bson-4.3.0-2.module+el8.1.0+3656+f80bfa1d.src.rpm rubygem-bundler-1.16.1-4.module+el8.6.0+14229+2452087f.src.rpm rubygem-mongo-2.5.1-2.module+el8.1.0+3656+f80bfa1d.src.rpm rubygem-mysql2-0.4.10-4.module+el8.1.0+3656+f80bfa1d.src.rpm rubygem-pg-1.0.0-2.module+el8.1.0+3656+f80bfa1d.src.rpm aarch64: ruby-2.5.9-110.module+el8.6.0+15956+aa803fc1.aarch64.rpm ruby-debuginfo-2.5.9-110.module+el8.6.0+15956+aa803fc1.aarch64.rpm ruby-debugsource-2.5.9-110.module+el8.6.0+15956+aa803fc1.aarch64.rpm ruby-devel-2.5.9-110.module+el8.6.0+15956+aa803fc1.aarch64.rpm ruby-libs-2.5.9-110.module+el8.6.0+15956+aa803fc1.aarch64.rpm ruby-libs-debuginfo-2.5.9-110.module+el8.6.0+15956+aa803fc1.aarch64.rpm rubygem-bigdecimal-1.3.4-110.module+el8.6.0+15956+aa803fc1.aarch64.rpm rubygem-bigdecimal-debuginfo-1.3.4-110.module+el8.6.0+15956+aa803fc1.aarch64.rpm rubygem-bson-4.3.0-2.module+el8.1.0+3656+f80bfa1d.aarch64.rpm rubygem-bson-debuginfo-4.3.0-2.module+el8.1.0+3656+f80bfa1d.aarch64.rpm rubygem-bson-debugsource-4.3.0-2.module+el8.1.0+3656+f80bfa1d.aarch64.rpm rubygem-io-console-0.4.6-110.module+el8.6.0+15956+aa803fc1.aarch64.rpm rubygem-io-console-debuginfo-0.4.6-110.module+el8.6.0+15956+aa803fc1.aarch64.rpm rubygem-json-2.1.0-110.module+el8.6.0+15956+aa803fc1.aarch64.rpm rubygem-json-debuginfo-2.1.0-110.module+el8.6.0+15956+aa803fc1.aarch64.rpm rubygem-mysql2-0.4.10-4.module+el8.1.0+3656+f80bfa1d.aarch64.rpm rubygem-mysql2-debuginfo-0.4.10-4.module+el8.1.0+3656+f80bfa1d.aarch64.rpm rubygem-mysql2-debugsource-0.4.10-4.module+el8.1.0+3656+f80bfa1d.aarch64.rpm rubygem-openssl-2.1.2-110.module+el8.6.0+15956+aa803fc1.aarch64.rpm rubygem-openssl-debuginfo-2.1.2-110.module+el8.6.0+15956+aa803fc1.aarch64.rpm rubygem-pg-1.0.0-2.module+el8.1.0+3656+f80bfa1d.aarch64.rpm rubygem-pg-debuginfo-1.0.0-2.module+el8.1.0+3656+f80bfa1d.aarch64.rpm rubygem-pg-debugsource-1.0.0-2.module+el8.1.0+3656+f80bfa1d.aarch64.rpm rubygem-psych-3.0.2-110.module+el8.6.0+15956+aa803fc1.aarch64.rpm rubygem-psych-debuginfo-3.0.2-110.module+el8.6.0+15956+aa803fc1.aarch64.rpm noarch: ruby-doc-2.5.9-110.module+el8.6.0+15956+aa803fc1.noarch.rpm ruby-irb-2.5.9-110.module+el8.6.0+15956+aa803fc1.noarch.rpm rubygem-abrt-0.3.0-4.module+el8.1.0+3656+f80bfa1d.noarch.rpm rubygem-abrt-doc-0.3.0-4.module+el8.1.0+3656+f80bfa1d.noarch.rpm rubygem-bson-doc-4.3.0-2.module+el8.1.0+3656+f80bfa1d.noarch.rpm rubygem-bundler-1.16.1-4.module+el8.6.0+14229+2452087f.noarch.rpm rubygem-bundler-doc-1.16.1-4.module+el8.6.0+14229+2452087f.noarch.rpm rubygem-did_you_mean-1.2.0-110.module+el8.6.0+15956+aa803fc1.noarch.rpm rubygem-minitest-5.10.3-110.module+el8.6.0+15956+aa803fc1.noarch.rpm rubygem-mongo-2.5.1-2.module+el8.1.0+3656+f80bfa1d.noarch.rpm rubygem-mongo-doc-2.5.1-2.module+el8.1.0+3656+f80bfa1d.noarch.rpm rubygem-mysql2-doc-0.4.10-4.module+el8.1.0+3656+f80bfa1d.noarch.rpm rubygem-net-telnet-0.1.1-110.module+el8.6.0+15956+aa803fc1.noarch.rpm rubygem-pg-doc-1.0.0-2.module+el8.1.0+3656+f80bfa1d.noarch.rpm rubygem-power_assert-1.1.1-110.module+el8.6.0+15956+aa803fc1.noarch.rpm rubygem-rake-12.3.3-110.module+el8.6.0+15956+aa803fc1.noarch.rpm rubygem-rdoc-6.0.1.1-110.module+el8.6.0+15956+aa803fc1.noarch.rpm rubygem-test-unit-3.2.7-110.module+el8.6.0+15956+aa803fc1.noarch.rpm rubygem-xmlrpc-0.3.0-110.module+el8.6.0+15956+aa803fc1.noarch.rpm rubygems-2.7.6.3-110.module+el8.6.0+15956+aa803fc1.noarch.rpm rubygems-devel-2.7.6.3-110.module+el8.6.0+15956+aa803fc1.noarch.rpm ppc64le: ruby-2.5.9-110.module+el8.6.0+15956+aa803fc1.ppc64le.rpm ruby-debuginfo-2.5.9-110.module+el8.6.0+15956+aa803fc1.ppc64le.rpm ruby-debugsource-2.5.9-110.module+el8.6.0+15956+aa803fc1.ppc64le.rpm ruby-devel-2.5.9-110.module+el8.6.0+15956+aa803fc1.ppc64le.rpm ruby-libs-2.5.9-110.module+el8.6.0+15956+aa803fc1.ppc64le.rpm ruby-libs-debuginfo-2.5.9-110.module+el8.6.0+15956+aa803fc1.ppc64le.rpm rubygem-bigdecimal-1.3.4-110.module+el8.6.0+15956+aa803fc1.ppc64le.rpm rubygem-bigdecimal-debuginfo-1.3.4-110.module+el8.6.0+15956+aa803fc1.ppc64le.rpm rubygem-bson-4.3.0-2.module+el8.1.0+3656+f80bfa1d.ppc64le.rpm rubygem-bson-debuginfo-4.3.0-2.module+el8.1.0+3656+f80bfa1d.ppc64le.rpm rubygem-bson-debugsource-4.3.0-2.module+el8.1.0+3656+f80bfa1d.ppc64le.rpm rubygem-io-console-0.4.6-110.module+el8.6.0+15956+aa803fc1.ppc64le.rpm rubygem-io-console-debuginfo-0.4.6-110.module+el8.6.0+15956+aa803fc1.ppc64le.rpm rubygem-json-2.1.0-110.module+el8.6.0+15956+aa803fc1.ppc64le.rpm rubygem-json-debuginfo-2.1.0-110.module+el8.6.0+15956+aa803fc1.ppc64le.rpm rubygem-mysql2-0.4.10-4.module+el8.1.0+3656+f80bfa1d.ppc64le.rpm rubygem-mysql2-debuginfo-0.4.10-4.module+el8.1.0+3656+f80bfa1d.ppc64le.rpm rubygem-mysql2-debugsource-0.4.10-4.module+el8.1.0+3656+f80bfa1d.ppc64le.rpm rubygem-openssl-2.1.2-110.module+el8.6.0+15956+aa803fc1.ppc64le.rpm rubygem-openssl-debuginfo-2.1.2-110.module+el8.6.0+15956+aa803fc1.ppc64le.rpm rubygem-pg-1.0.0-2.module+el8.1.0+3656+f80bfa1d.ppc64le.rpm rubygem-pg-debuginfo-1.0.0-2.module+el8.1.0+3656+f80bfa1d.ppc64le.rpm rubygem-pg-debugsource-1.0.0-2.module+el8.1.0+3656+f80bfa1d.ppc64le.rpm rubygem-psych-3.0.2-110.module+el8.6.0+15956+aa803fc1.ppc64le.rpm rubygem-psych-debuginfo-3.0.2-110.module+el8.6.0+15956+aa803fc1.ppc64le.rpm s390x: ruby-2.5.9-110.module+el8.6.0+15956+aa803fc1.s390x.rpm ruby-debuginfo-2.5.9-110.module+el8.6.0+15956+aa803fc1.s390x.rpm ruby-debugsource-2.5.9-110.module+el8.6.0+15956+aa803fc1.s390x.rpm ruby-devel-2.5.9-110.module+el8.6.0+15956+aa803fc1.s390x.rpm ruby-libs-2.5.9-110.module+el8.6.0+15956+aa803fc1.s390x.rpm ruby-libs-debuginfo-2.5.9-110.module+el8.6.0+15956+aa803fc1.s390x.rpm rubygem-bigdecimal-1.3.4-110.module+el8.6.0+15956+aa803fc1.s390x.rpm rubygem-bigdecimal-debuginfo-1.3.4-110.module+el8.6.0+15956+aa803fc1.s390x.rpm rubygem-bson-4.3.0-2.module+el8.1.0+3656+f80bfa1d.s390x.rpm rubygem-bson-debuginfo-4.3.0-2.module+el8.1.0+3656+f80bfa1d.s390x.rpm rubygem-bson-debugsource-4.3.0-2.module+el8.1.0+3656+f80bfa1d.s390x.rpm rubygem-io-console-0.4.6-110.module+el8.6.0+15956+aa803fc1.s390x.rpm rubygem-io-console-debuginfo-0.4.6-110.module+el8.6.0+15956+aa803fc1.s390x.rpm rubygem-json-2.1.0-110.module+el8.6.0+15956+aa803fc1.s390x.rpm rubygem-json-debuginfo-2.1.0-110.module+el8.6.0+15956+aa803fc1.s390x.rpm rubygem-mysql2-0.4.10-4.module+el8.1.0+3656+f80bfa1d.s390x.rpm rubygem-mysql2-debuginfo-0.4.10-4.module+el8.1.0+3656+f80bfa1d.s390x.rpm rubygem-mysql2-debugsource-0.4.10-4.module+el8.1.0+3656+f80bfa1d.s390x.rpm rubygem-openssl-2.1.2-110.module+el8.6.0+15956+aa803fc1.s390x.rpm rubygem-openssl-debuginfo-2.1.2-110.module+el8.6.0+15956+aa803fc1.s390x.rpm rubygem-pg-1.0.0-2.module+el8.1.0+3656+f80bfa1d.s390x.rpm rubygem-pg-debuginfo-1.0.0-2.module+el8.1.0+3656+f80bfa1d.s390x.rpm rubygem-pg-debugsource-1.0.0-2.module+el8.1.0+3656+f80bfa1d.s390x.rpm rubygem-psych-3.0.2-110.module+el8.6.0+15956+aa803fc1.s390x.rpm rubygem-psych-debuginfo-3.0.2-110.module+el8.6.0+15956+aa803fc1.s390x.rpm x86_64: ruby-2.5.9-110.module+el8.6.0+15956+aa803fc1.i686.rpm ruby-2.5.9-110.module+el8.6.0+15956+aa803fc1.x86_64.rpm ruby-debuginfo-2.5.9-110.module+el8.6.0+15956+aa803fc1.i686.rpm ruby-debuginfo-2.5.9-110.module+el8.6.0+15956+aa803fc1.x86_64.rpm ruby-debugsource-2.5.9-110.module+el8.6.0+15956+aa803fc1.i686.rpm ruby-debugsource-2.5.9-110.module+el8.6.0+15956+aa803fc1.x86_64.rpm ruby-devel-2.5.9-110.module+el8.6.0+15956+aa803fc1.i686.rpm ruby-devel-2.5.9-110.module+el8.6.0+15956+aa803fc1.x86_64.rpm ruby-libs-2.5.9-110.module+el8.6.0+15956+aa803fc1.i686.rpm ruby-libs-2.5.9-110.module+el8.6.0+15956+aa803fc1.x86_64.rpm ruby-libs-debuginfo-2.5.9-110.module+el8.6.0+15956+aa803fc1.i686.rpm ruby-libs-debuginfo-2.5.9-110.module+el8.6.0+15956+aa803fc1.x86_64.rpm rubygem-bigdecimal-1.3.4-110.module+el8.6.0+15956+aa803fc1.i686.rpm rubygem-bigdecimal-1.3.4-110.module+el8.6.0+15956+aa803fc1.x86_64.rpm rubygem-bigdecimal-debuginfo-1.3.4-110.module+el8.6.0+15956+aa803fc1.i686.rpm rubygem-bigdecimal-debuginfo-1.3.4-110.module+el8.6.0+15956+aa803fc1.x86_64.rpm rubygem-bson-4.3.0-2.module+el8.1.0+3656+f80bfa1d.x86_64.rpm rubygem-bson-debuginfo-4.3.0-2.module+el8.1.0+3656+f80bfa1d.x86_64.rpm rubygem-bson-debugsource-4.3.0-2.module+el8.1.0+3656+f80bfa1d.x86_64.rpm rubygem-io-console-0.4.6-110.module+el8.6.0+15956+aa803fc1.i686.rpm rubygem-io-console-0.4.6-110.module+el8.6.0+15956+aa803fc1.x86_64.rpm rubygem-io-console-debuginfo-0.4.6-110.module+el8.6.0+15956+aa803fc1.i686.rpm rubygem-io-console-debuginfo-0.4.6-110.module+el8.6.0+15956+aa803fc1.x86_64.rpm rubygem-json-2.1.0-110.module+el8.6.0+15956+aa803fc1.i686.rpm rubygem-json-2.1.0-110.module+el8.6.0+15956+aa803fc1.x86_64.rpm rubygem-json-debuginfo-2.1.0-110.module+el8.6.0+15956+aa803fc1.i686.rpm rubygem-json-debuginfo-2.1.0-110.module+el8.6.0+15956+aa803fc1.x86_64.rpm rubygem-mysql2-0.4.10-4.module+el8.1.0+3656+f80bfa1d.x86_64.rpm rubygem-mysql2-debuginfo-0.4.10-4.module+el8.1.0+3656+f80bfa1d.x86_64.rpm rubygem-mysql2-debugsource-0.4.10-4.module+el8.1.0+3656+f80bfa1d.x86_64.rpm rubygem-openssl-2.1.2-110.module+el8.6.0+15956+aa803fc1.i686.rpm rubygem-openssl-2.1.2-110.module+el8.6.0+15956+aa803fc1.x86_64.rpm rubygem-openssl-debuginfo-2.1.2-110.module+el8.6.0+15956+aa803fc1.i686.rpm rubygem-openssl-debuginfo-2.1.2-110.module+el8.6.0+15956+aa803fc1.x86_64.rpm rubygem-pg-1.0.0-2.module+el8.1.0+3656+f80bfa1d.x86_64.rpm rubygem-pg-debuginfo-1.0.0-2.module+el8.1.0+3656+f80bfa1d.x86_64.rpm rubygem-pg-debugsource-1.0.0-2.module+el8.1.0+3656+f80bfa1d.x86_64.rpm rubygem-psych-3.0.2-110.module+el8.6.0+15956+aa803fc1.i686.rpm rubygem-psych-3.0.2-110.module+el8.6.0+15956+aa803fc1.x86_64.rpm rubygem-psych-debuginfo-3.0.2-110.module+el8.6.0+15956+aa803fc1.i686.rpm rubygem-psych-debuginfo-3.0.2-110.module+el8.6.0+15956+aa803fc1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-41817 https://access.redhat.com/security/cve/CVE-2021-41819 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hatsecurity contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYuqtEdzjgjWX9erEAQjk8xAAkbV0OsI6RdM6a9JeZW7jaZRF8MAVdn+g /Lueywi6xJIi37DHzMwRinzD7Pcn2XP5QeagRd2rMJjoefDNA76apVZhebu2aYQ3 wLx6v93leSxnXqaMvU5mbWXEtmnoeFuNbY83SP3paQoIjK2xaYxR6jrp970Rq75E gyMpZ3S4p6QJCkjbl8i/CEQ0ugbvSq4KcQlK8HVqrwFDmHhWLg7f7mNIoXtcqv2R TloKX9PpVMEpGbfUuQyz149njttd7ijCQnPWrn2tubZ3DFgP2EfiJm2DfiTAcmfP ZTk0/coO5N5wWPIpWJBmnlpCKzafK8BYAcjog6eJVkBo+CsnJM6tdKynkqtnNU3p pGm+Cc/mhfrYPcv5dnjoI5yP5V3fF3CZLncEqxL1GUIOM/Ppoc057Xj7xQ0e3sa4 2XzwWRdBAs9c8cQIzLZ+Z+eDaFl4jCRUBv/TQWLGmwNyvvJHka8lH3wcnnnD3JI4 BZ8GV5PGjYVikgXSZxDg9dOOAC+qCllqGv7IPUyozZBAujQwsuiD6BYeH2P1XNjY wkNH3wN+vo/rEFqvnjNVIMSbHRV5KHmrZfD5FQN9TkYguflul37oera7BkKgKGGA oWmTX8Rs6tNlEhEJTAy8pA/W+fFd5/4iLuhK5+x2ZMHfOmRKdBmEv59Ol4qe/W3R InM2ANIGWHA=Py0p -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . The recent ruby:2.5 update tackles risks related to denial of service attacks and cookie manipulation issues in Red Hat Enterprise Linux 8.. Red Hat, Ruby Update, Denial Of Service, Cookie Spoofing, Security Advisory. . LinuxSecurity.com Team

Calendar 2 Aug 03, 2022 Red Hat
Banner 1 1028x280 1708121660 1771599717
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorysecurity updatedebian

Debian: DLA-2853-1 Moderate: Ruby2.3 Cookie Spoofing And ReDoS

A cookie prefix spoofing vulnerability in CGI::Cookie.parse and a regular expression denial of service vulnerability (ReDoS) on date parsing methods were discovered in src:ruby2.1, the Ruby interpreter. . - ----------------------------------------------------------------------- Debian LTS Advisory DLA-2853-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Utkarsh Gupta December 27, 2021 https://wiki.debian.org/LTS - ----------------------------------------------------------------------- Package : ruby2.3 Version : 2.3.3-1+deb9u11 CVE ID : CVE-2021-41817 CVE-2021-41819 A cookie prefix spoofing vulnerability in CGI::Cookie.parse and a regular expression denial of service vulnerability (ReDoS) on date parsing methods were discovered in src:ruby2.1, the Ruby interpreter. For Debian 9 stretch, these problems have been fixed in version 2.3.3-1+deb9u11. We recommend that you upgrade your ruby2.3 packages. For the detailed security status of ruby2.3 please refer to its security tracker page at: Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Updating Ruby from version 2.3 on your Debian LTS system is vital for enhancing security, addressing cookie spoofing and ReDoS vulnerabilities. ruby security, Debian LTS, cookie vulnerability, ReDoS attack, security update. . LinuxSecurity.com Team

Calendar 2 Dec 28, 2021 Debian LTS
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisoryRed Hatimportant

Red Hat: RHSA-2020-3697:01 Important ASP.NET Cookie Spoofing Fix

An update for rh-dotnet31-dotnet is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: .NET Core 3.1 security and bugfix update for Red Hat Enterprise Linux Advisory ID: RHSA-2020:3697-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:3697 Issue date: 2020-09-08 CVE Names: CVE-2020-1045 ==================================================================== 1. Summary: An update for rh-dotnet31-dotnet is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.108 and .NET Core Runtime 3.1.8. Security Fix(es): * .NET Core: ASP.NET cookie prefix spoofing vulnerability (CVE-2020-1045) Default inclusions for applications built with .NET Core have been updated to reference the newest versions and their security fixes. For more details about the security issue(s), including the impact, aCVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1873451 - CVE-2020-1045 dotnet: ASP.NET cookie prefix spoofing vulnerability 6. Package List: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet31-dotnet-3.1.108-1.el7.src.rpm x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-3.1.108-1.el7.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.108-1.el7.x86_64.rpm rh-dotnet31-dotnet-host-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.108-1.el7.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.108-1.el7.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.108-1.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet31-dotnet-3.1.108-1.el7.src.rpm x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-3.1.108-1.el7.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.108-1.el7.x86_64.rpm rh-dotnet31-dotnet-host-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.108-1.el7.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.108-1.el7.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.108-1.el7.x86_64.rpm .NET Core on Red Hat Enterprise LinuxWorkstation (v. 7): Source: rh-dotnet31-dotnet-3.1.108-1.el7.src.rpm x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-3.1.108-1.el7.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.108-1.el7.x86_64.rpm rh-dotnet31-dotnet-host-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.108-1.el7.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.8-1.el7.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.108-1.el7.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.108-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-1045 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX1fMj9zjgjWX9erEAQh6wA/+NBE91/LaDoq9eYFxfrqVguYZ1Pmb0oBs B4B0pXCUloGDDFTLmFPyIXPwXt1oklGPJ7/UuA4A6Bn2pNNLCGCbP/sDRHOoqcoe NMWrC5z3f8eHU0A+OLZjCfUBHrkZl3FCgDqGW4h5un0TCfCA/x5RRq/3gp/QKYmq cIckR5jkQtw9HrAsUdhjNfnapqGOpryMj0BEy43p1sr3dWeR4vndaddjz7ghbddZ yt2igJzvQJzaY4f788dGqC07HzPL0ehEhqyvyyJtRK7Mg97q+rai5xyQuVS76y94 aogTKj8YI4r0FI0yhz5v+4Skr7osCSoodIucTEpYuB3i1A+ZLg+3hlSSogsryOUA jy46wqFivHPMggNXXKrE0usJNPZf3+7dpuSarNtm57SFKKCx18dAhWUkK0WjTYox aa9NEAT5+z7NSI8snTwVP7bVbTRGIZPZbWEzMcL4VGjo05iGm32UCj1tHJYUWEhS sZD7gSqAk/ieuRAYXAd9DStKFPmjf5lKe823L1Fjw6fIGHGXfjeAyhuvIArL1UJc K9IKEBrG9FoxXd/01jOrjvobbEeMbLnFo3mRSMd6n1/nBGNbp9cTbELzQzX13Vf8 /LNeD82fuk2reO7w430Zx0AJZH3kyjLB5zbtLtVwC8f2oOVYbGgJY4gcWTOgp5ej gKRtEISquJk=Nco9 -----END PGP SIGNATURE----- -- RHSA-announcemailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Critical announcement regarding .NET Core 3.1 on Red Hat highlights essential security patches that have significant ramifications. Discover further details here.. Red Hat Security, .NET Core Update, ASP.NET Security, Enterprise Linux, Security Advisory. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Sep 08, 2020 Important Red Hat
Banner 1 1028x280 1708121660 1771599717
203
Ls Advisories Mageia Esm H240
Price Tag 1security advisoryauthentication bypassdbus

Mageia: 2019-0339 Moderate: dbus Cookie Spoofing Bypass Issue

dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication . MGASA-2019-0339 - Updated dbus packages fix security vulnerability Publication date: 30 Nov 2019 URL: https://advisories.mageia.org/MGASA-2019-0339.html Type: security Affected Mageia releases: 7 CVE: CVE-2019-12749 dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass (CVE-2019-12749). References: - https://bugs.mageia.org/show_bug.cgi?id=24944 - https://www.openwall.com/lists/oss-security/2019/06/11/2 - https://www.cve.org/CVERecord?id=CVE-2019-12749 SRPMS: - 7/core/dbus-1.13.8-4.1.mga7 . The upgrade of the dbus package in Mageia resolves a security flaw related to cookie forgery in the DBUS_COOKIE_SHA1 algorithm.. Mageia Security Update, DBus Security Patch, Cookie Spoofing Fix. . LinuxSecurity.com Team

Calendar 2 Nov 30, 2019 Mageia
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here