Alerts This Week
Warning Icon 1 700
Alerts This Week
Warning Icon 1 700

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":547,"type":"x","order":1,"pct":78.48,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.88,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.34,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -7 articles for you...
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryFedoracritical update

Fedora: 33 2020-fe94df8c34 Critical: drupal7 Cross Site Forgery

- - [Drupal core - Critical - Cross Site Request Forgery - SA-CORE-2020-004]() / CVE-2020-13663 - . --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-fe94df8c34 2020-09-25 16:31:57.893643 --------------------------------------------------------------------------------Name : drupal7 Product : Fedora 33 Version : 7.72 Release : 1.fc33 URL : Summary : An open-source content-management platform Description : Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. --------------------------------------------------------------------------------Update Information: - - [Drupal core -Critical - Cross Site Request Forgery - SA-CORE-2020-004]() / CVE-2020-13663 - --------------------------------------------------------------------------------ChangeLog: * Fri Sep 4 2020 Shawn Iwinski - 7.72-1 - Update to 7.72 - SA-CORE-2020-004/CVE-2020-13663 (RHBZ #1860912, #1860913) --------------------------------------------------------------------------------References: [ 1 ] Bug #1828417 - CVE-2020-11022 drupal7: jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1828417 [ 2 ] Bug #1850013 - CVE-2020-11023 drupal7: jQuery: passing HTML containing elements to manipulation methods could result in untrusted code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1850013 [ 3 ] Bug #1850023 - CVE-2020-11023 drupal7: jQuery: passing HTML containing elements to manipulation methods could result in untrusted code execution [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1850023 [ 4 ] Bug #1860912 - CVE-2020-13663 drupal7: Form API does not properly handle certainform input from cross-site requests [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1860912 [ 5 ] Bug #1860913 - CVE-2020-13663 drupal7: Form API does not properly handle certain form input from cross-site requests [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1860913 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-fe94df8c34' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Discover vital information regarding the significant patch for Drupal 7 on Fedora tackling vulnerabilities associated with cross-site request forgery (CSRF). Take immediate action!. Drupal Update, Fedora Security, Cross Site Request Forgery. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Sep 25, 2020 Critical Fedora
87
Ls Advisories Debian Esm H240
Price Tag 1security advisoryremote attackpython-django

Ubuntu: USN-470-1 Severe: Flask-Security Cross-Site Scripting Alert

Simon Willison discovered that in Django, a Python web framework, the feature to retain HTTP POST data during user reauthentication allowed a remote attacker to perform unauthorized modification of data through cross site request forgery. The is possible regardless of the Django plugin to prevent cross site request forgery being enabled. The Common Vulnerabilities and Exposures project identifies this issue as. - ------------------------------------------------------------------------Debian Security Advisory DSA-1640-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Thijs Kinkhorst September 20, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------Package : python-django Vulnerability : several Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-3909 CVE-2007-5712 Debian Bug : 497765 448838 Simon Willison discovered that in Django, a Python web framework, the feature to retain HTTP POST data during user reauthentication allowed a remote attacker to perform unauthorized modification of data through cross site request forgery. The is possible regardless of the Django plugin to prevent cross site request forgery being enabled. The Common Vulnerabilities and Exposures project identifies this issue as CVE-2008-3909. In this update the affected feature is disabled; this is in accordance with upstream's preferred solution for this situation. This update takes the opportunity to also include a relatively minor denial of service attack in the internationalisaton framework, known as CVE-2007-5712. For the stable distribution (etch), these problems have been fixed in version 0.95.1-1etch2. For the unstable distribution (sid), these problems have been fixed in version 1.0-1. We recommend that you upgrade your python-django package. Upgrade instructions - --------------------wget url will fetch the file foryou dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - -------------------------------Source archives: Size/MD5 checksum: 940 62d31adf6a658ab089df66916148d2d8 Size/MD5 checksum: 1297839 07f09d8429916481e09e84fd01e97355 Size/MD5 checksum: 8069 6e5e17af4148911137b1a8aebaa8096c Architecture independent packages: Size/MD5 checksum: 1025742 93417b16a120eada12b807b8372cc858 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian Security Notice DSA-1640-2 outlines remedy for cross-site request forgery vulnerabilities in python-django package upgrade.. Python-Django, Security Fix, Cross Site Forgery. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Sep 20, 2008 Critical Debian
Banner 4 1028x280 1708121825 1771600306
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":547,"type":"x","order":1,"pct":78.48,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.88,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.34,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here