Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 584
Alerts This Week
Warning Icon 1 584

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 39 articles for you...
197

Debian 11: DLA-4151-1 critical: golang-github-gorilla-csrf issue

The following vulnerability has been discovered in the gorilla/csrf package for Go: Prior to 1.7.3, gorilla/csrf did not validate the Origin header against an allowlist. It executed its validation of the Referer header for . - -------------------------------------------------------------------------- Debian LTS Advisory DLA-4151-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Andrej Shadura May 01, 2025 https://wiki.debian.org/LTS - -------------------------------------------------------------------------- Package : golang-github-gorilla-csrf Version : 1.6.2-2+deb11u1 CVE ID : CVE-2025-24358 Debian Bug : 1103584 The following vulnerability has been discovered in the gorilla/csrf package for Go: Prior to 1.7.3, gorilla/csrf did not validate the Origin header against an allowlist. It executed its validation of the Referer header for cross-origin requests only when it believed the request was being served over TLS. It determined this by inspecting the r.URL.Scheme value. However, this value was never populated for "server" requests per the Go spec, and so this check did not run in practice. This vulnerability allowed an attacker who has gained XSS on a subdomain or top level domain to perform authenticated form submissions against gorilla/csrf protected targets that shared the same top level domain. For Debian 11 bullseye, this problem has been fixed in version 1.6.2-2+deb11u1. The following Go packages have been rebuilt in order to fix this issue: golang-chroma golang-github-alecthomas-chroma-dev golang-github-niklasfasching-go-org-dev golang-github-yuin-goldmark-highlighting-dev go-org hugo We recommend that you upgrade these packages. For the detailed security status of golang-github-gorilla-csrf please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/golang-github-gorilla-csrf Further information aboutDebian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Essential security patch available for golang-github-gorilla-csrf in Debian LTS. Update now to mitigate XSS vulnerabilities and maintain security.. Golang, Debian Security, CSRF Vulnerability, Package Update, Security Fix. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 01, 2025 Critical Debian LTS
87

Debian DSA-5279-1 Moderate: Wordpress SQL Injection and XSS Threats

Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform SQL injection, create open redirects, bypass authorization access, or perform Cross-Site Request Forgery (CSRF) or Cross-Site Scripting (XSS) attacks. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-5279-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Sebastien Delafond November 15, 2022 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wordpress Debian Bug : 1007005 1018863 1022575 Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform SQL injection, create open redirects, bypass authorization access, or perform Cross-Site Request Forgery (CSRF) or Cross-Site Scripting (XSS) attacks. For the stable distribution (bullseye), this problem has been fixed in version 5.7.8+dfsg1-0+deb11u1. We recommend that you upgrade your wordpress packages. For the detailed security status of wordpress please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/wordpress Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian Security Notice DSA-5280-1 tackles various vulnerabilities in Drupal, enhancing the security of web content management systems.. Wordpress Security, Debian Advisory, SQL Injection, XSS Risks, CSRF Protection. . LinuxSecurity.com Team

Calendar%202 Nov 15, 2022 Debian
89

Fedora 34 WordPress 5.8.4 Advisory: Moderate CSRF & XSS Threats

WordPress 5.8.4 Security Release. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-4b3079c1be 2022-03-18 19:12:07.465573 --------------------------------------------------------------------------------Name : wordpress Product : Fedora 34 Version : 5.8.4 Release : 1.fc34 URL : https://wordpress.org/ Summary : Blog tool and publishing platform Description : Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora --------------------------------------------------------------------------------Update Information: WordPress 5.8.4 Security Release --------------------------------------------------------------------------------ChangeLog: * Fri Mar 11 2022 Remi Collet - 5.8.4-1 - WordPress 5.8.4 Security Release --------------------------------------------------------------------------------References: [ 1 ] Bug #2063661 - CVE-2022-25600 Wordpress: Cross-Site Request Forgery (CSRF) vulnerability in WP Google Map plugin https://bugzilla.redhat.com/show_bug.cgi?id=2063661 [ 2 ] Bug #2063667 - CVE-2022-25601 wordpress: Reflected Cross-Site Scripting (XSS) in Contact Form X WordPress plugin https://bugzilla.redhat.com/show_bug.cgi?id=2063667 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-4b3079c1be' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . The release of WordPress 5.8.4 enhances protection against XSS and CSRF vulnerabilities, providing a more secure publishing environment for Fedora users.. WordPress Security Release,Fedora Update,Cross-Site Scripting,CSRF Fix,Open Source Security. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Mar 18, 2022 Important Fedora
98

Red Hat OpenShift 4.9.19 RHSA-2022:0339-01 Important: CSRF Risk

Red Hat OpenShift Container Platform release 4.9.19 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: OpenShift Container Platform 4.9.19 security update Advisory ID: RHSA-2022:0339-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2022:0339 Issue date: 2022-02-10 CVE Names: CVE-2022-20612 CVE-2022-20617 ==================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.9.19 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Container Platform 4.9 - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.19. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHBA-2022:0340 Security Fix(es): * jenkins-2-plugins/docker-commons: does not sanitize the name of an image or a tag which could result in an OS command execution (CVE-2022-20617) * jenkins: no POST request is required for the endpoint handlingmanual build requests which could result in CSRF (CVE-2022-20612) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.9/html/release_notes/ocp-4-9-release-notes Details on how to access this content are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.9/html/updating_clusters/updating-cluster-cli 5. Bugs fixed (https://bugzilla.redhat.com/): 2044460 - CVE-2022-20612 jenkins: no POST request is required for the endpoint handling manual build requests which could result in CSRF 2044502 - CVE-2022-20617 jenkins-2-plugins/docker-commons: does not sanitize the name of an image or a tag which could result in an OS command execution 6. Package List: Red Hat OpenShift Container Platform 4.9: Source: openshift-4.9.0-202201261537.p0.g2cb6068.assembly.stream.el7.src.rpm x86_64: openshift-hyperkube-4.9.0-202201261537.p0.g2cb6068.assembly.stream.el7.x86_64.rpm Red Hat OpenShift Container Platform 4.9: Source: jenkins-2-plugins-4.9.1643389956-1.el8.src.rpm jenkins-2.319.2.1643391771-1.el8.src.rpm openshift-4.9.0-202201261537.p0.g2cb6068.assembly.stream.el8.src.rpm aarch64: openshift-hyperkube-4.9.0-202201261537.p0.g2cb6068.assembly.stream.el8.aarch64.rpm noarch: jenkins-2-plugins-4.9.1643389956-1.el8.noarch.rpm jenkins-2.319.2.1643391771-1.el8.noarch.rpm ppc64le: openshift-hyperkube-4.9.0-202201261537.p0.g2cb6068.assembly.stream.el8.ppc64le.rpm s390x: openshift-hyperkube-4.9.0-202201261537.p0.g2cb6068.assembly.stream.el8.s390x.rpm x86_64: openshift-hyperkube-4.9.0-202201261537.p0.g2cb6068.assembly.stream.el8.x86_64.rpm These packagesare GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-20612 https://access.redhat.com/security/cve/CVE-2022-20617 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYgTmQdzjgjWX9erEAQiYaA/9HRNrJL9+EkbBoe+4xaR6pzK1cPf0AMRY J5NwsSCQ3ZtCNevXy+lT4FxQN1h8sxiq13rGLQBGSuiH484teWrC0hIgFAmOhKK1 KYZ60AwDLcD6M+7dYjSTRa92MsPTnEj6JeL7Yu8zpVKDZFjBTu49aL7PLhA53/ax Claf8jBaoEjhMuswUIeZk/okE1YbuDGsB5/NeScluZIBaZLfE+nl56IDHZUZkeHV tVUycwoll46oYoZwRtyiFDD1/yRxZDmyd4KGh7pEJ2mJmyTK0UBEf8bs2lClZLLE 4MxIMWQh6HM1hawkRu3ALb7v2t8SbJ9c8pTvRQ7T92qRmT03rY5HKyGNLwGsC76l 1NJ8lS8tZEM7/YlOHAXPLmQbvWj2gN2sMBLYbHG9/A9eIFT3DItb/xwr2mzgYKF5 62kguGfx/d/DilnBEkJHFpDttkL5hWmnbkZQAtQ5vQ0PICKlegYpyU6totXV4EWc KUzbldVpvRVMD6qpJA8Jc5S6Fg8W5ZM7Jre80bQmM8jxSwFkO5Ye0c51gexVTx5w 4s0pcwFE0IL4+MwOaesWnBkU0Q6VFPOTPrrN+ggUMxINLPMF34y6fVriOX9XX+NR iTHWmAya/hHmg5iWARLipBNrnVDZIWzh/vbKUEW6h6g89MxXeIAPZ7xEw7oq75Ic zekSqOfHlCc=2eoh -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Red Hat OpenShift Container Platform 4.10.5 introduces essential performance enhancements that elevate overall operational efficiency.. OpenShift Updates, Container Security, Platform Enhancements. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Feb 10, 2022 Important Red Hat
98

Red Hat Enterprise Linux 8.2 RHSA-2021:4837 Important: Mailman CSRF Fix

An update for the mailman:2.1 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: mailman:2.1 security update Advisory ID: RHSA-2021:4837-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4837 Issue date: 2021-11-24 CVE Names: CVE-2021-42096 CVE-2021-42097 ==================================================================== 1. Summary: An update for the mailman:2.1 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 3. Description: Mailman is a program used to help manage e-mail discussion lists. Security Fix(es): * mailman: CSRF token bypass allows to perform CSRF attacks and account takeover (CVE-2021-42097) * mailman: CSRF token derived from admin password allows offline brute-force attack (CVE-2021-42096) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2020568 - CVE-2021-42097 mailman: CSRF tokenbypass allows to perform CSRF attacks and account takeover 2020575 - CVE-2021-42096 mailman: CSRF token derived from admin password allows offline brute-force attack 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.2): Source: mailman-2.1.29-4.module+el8.2.0+13241+705a6aa4.3.src.rpm aarch64: mailman-2.1.29-4.module+el8.2.0+13241+705a6aa4.3.aarch64.rpm mailman-debuginfo-2.1.29-4.module+el8.2.0+13241+705a6aa4.3.aarch64.rpm mailman-debugsource-2.1.29-4.module+el8.2.0+13241+705a6aa4.3.aarch64.rpm ppc64le: mailman-2.1.29-4.module+el8.2.0+13241+705a6aa4.3.ppc64le.rpm mailman-debuginfo-2.1.29-4.module+el8.2.0+13241+705a6aa4.3.ppc64le.rpm mailman-debugsource-2.1.29-4.module+el8.2.0+13241+705a6aa4.3.ppc64le.rpm s390x: mailman-2.1.29-4.module+el8.2.0+13241+705a6aa4.3.s390x.rpm mailman-debuginfo-2.1.29-4.module+el8.2.0+13241+705a6aa4.3.s390x.rpm mailman-debugsource-2.1.29-4.module+el8.2.0+13241+705a6aa4.3.s390x.rpm x86_64: mailman-2.1.29-4.module+el8.2.0+13241+705a6aa4.3.x86_64.rpm mailman-debuginfo-2.1.29-4.module+el8.2.0+13241+705a6aa4.3.x86_64.rpm mailman-debugsource-2.1.29-4.module+el8.2.0+13241+705a6aa4.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-42096 https://access.redhat.com/security/cve/CVE-2021-42097 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYZ5PG9zjgjWX9erEAQiaWw/7BMfKu7e2FOZBC68J3F7k5ro49W3eFQj2 u4RtpPPgay+/fmdOXvfxlx/KV7La1vPui5wOLgvYOg2SJ3+sy78yaPjcHOpvrFan iHFBuqRFfHXJr5ZfAx/KrpVEugwqFX6cD7UAdF+gqdpiY4TS0w+c79dpmpYZ4Tps aWy2F3toXLhcIcdggUg6+v2F04yNuGlTGWlordzgrFuAcDpDCfjw+HLlvglzgxJO xFD69MGC8KDNAnQBeuTyhXPuYXlR/f5HtC083of+aS3OLyVLP1xWGTNcsWoblYSm XdYkkbNZM4R16Z7yQuR5DvhJA354eJMuZ1lMXHyjwrB1Eoxxu78Kf5Q0yNXqIn/n GRIoLXCpVnjsLKA5ytyhkY6K+ugIYZvnvrYhEGSpF1Vb/r+TCSkTqA4V3HkADUkO bhcwLm5SUEk+MAEmGoxUEEPTDrn9bv8+yfvvRCCNF0HIeNZ0CwlDIDbvMjDV4JA+ FwINkqjKWiddDONx3gBVn1w9BbhjAFcb7FNrklvgyiZ+WpnVc9qpC2BkJz40M/QY ECFOCB5z1ZZWMJ7TwXtTiYoJ+3IdPBOL8P7+e71GFL/POcd2J6L5qJqCzxUZA2zO kZuyc7AW5Rni55zV5dQNuF3pr6gW8HZv2Qi6siC0n+/h+/NbJ259hdLCzi86X6ms yGo32COQF3k=BJpx -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . An essential security patch for mailman:2.1 within Red Hat Enterprise Linux counteracts CSRF vulnerabilities and enhances system integrity.. mailman Update, Red Hat Security, CSRF Mitigation, Linux Security Update. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Nov 24, 2021 Important Red Hat
98

Red Hat 8.1: RHSA-2021-4838 Critical: Mailman CSRF and Bruteforce Risks

An update for the mailman:2.1 module is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: mailman:2.1 security update Advisory ID: RHSA-2021:4838-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4838 Issue date: 2021-11-24 CVE Names: CVE-2021-42096 CVE-2021-42097 ==================================================================== 1. Summary: An update for the mailman:2.1 module is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.1) - aarch64, ppc64le, s390x, x86_64 3. Description: Mailman is a program used to help manage e-mail discussion lists. Security Fix(es): * mailman: CSRF token bypass allows to perform CSRF attacks and account takeover (CVE-2021-42097) * mailman: CSRF token derived from admin password allows offline brute-force attack (CVE-2021-42096) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2020568 - CVE-2021-42097 mailman: CSRF tokenbypass allows to perform CSRF attacks and account takeover 2020575 - CVE-2021-42096 mailman: CSRF token derived from admin password allows offline brute-force attack 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.1): Source: mailman-2.1.29-4.module+el8.1.0+13242+45286865.1.src.rpm aarch64: mailman-2.1.29-4.module+el8.1.0+13242+45286865.1.aarch64.rpm mailman-debuginfo-2.1.29-4.module+el8.1.0+13242+45286865.1.aarch64.rpm mailman-debugsource-2.1.29-4.module+el8.1.0+13242+45286865.1.aarch64.rpm ppc64le: mailman-2.1.29-4.module+el8.1.0+13242+45286865.1.ppc64le.rpm mailman-debuginfo-2.1.29-4.module+el8.1.0+13242+45286865.1.ppc64le.rpm mailman-debugsource-2.1.29-4.module+el8.1.0+13242+45286865.1.ppc64le.rpm s390x: mailman-2.1.29-4.module+el8.1.0+13242+45286865.1.s390x.rpm mailman-debuginfo-2.1.29-4.module+el8.1.0+13242+45286865.1.s390x.rpm mailman-debugsource-2.1.29-4.module+el8.1.0+13242+45286865.1.s390x.rpm x86_64: mailman-2.1.29-4.module+el8.1.0+13242+45286865.1.x86_64.rpm mailman-debuginfo-2.1.29-4.module+el8.1.0+13242+45286865.1.x86_64.rpm mailman-debugsource-2.1.29-4.module+el8.1.0+13242+45286865.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-42096 https://access.redhat.com/security/cve/CVE-2021-42097 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYZ5PF9zjgjWX9erEAQjSgA/9H3ZmrqWVl8jnlbhLgCdNIea3ov1xUsf2 GCorL3sypteQr0jmZ8LmlIV/hmcs3u9gz4rr6V6Za55smf8bRS6zjZ2o4OlQguII RwBgEqsps1SJwQpk0OY9YVnbqqr6c/CboS600HvYCuCnBqgUZxA8CLCf7XyG89n0 4i6EOcfX+k13i+FWDPBFtxY7dpct43F+p44RiSg/B0O4YaZxIpbBMfnXg0WXywR5 WgGqaH7UsC3dnPdn7HdWGmLADQ5uGWa0i/2Mj8boIa/1QPxY8JUdfKfA1eS8+KBt Jf0FG+TYsyKGbU8QuQ6AjFSqojbN1KNZUj0VP+OKZjkwnfHx1HKAa2/EgMzsaNsK Q4yavT4PZa7HcY62Y+wM5KaFWGxsDfALHo+/YoQsRc9ZEYf54ZLzR/aMg/0AFYoi VGCCSi7zWzX4ygeGcqgH/GePWhmIEXGg78Wfv/mgjv/Vyc1Mjki5QBf4vcC8xVKk HNJCaVlDwHfEs55m5am3JyKeFjPh9xAkpp/PGELXNeoqnPzFH0aAQdqwThQ3tWe0 LTkohkmrjpdWlgrNI70/fe0vkQu1cHOvIiSjNO8NVKKWKWj8SiRctn0yKDihMlt2 eEyAuG9gfEhllCGRhDyz9CT31tw4pRMCf+dCI5crODHWWelRE+Pb2SorKJim9lOL pBEUJqr7qww=jDC7 -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Postfix:3.5 security patch issued for Ubuntu Server 20.04 to address SQL injection and authentication bypass vulnerabilities. Red Hat Enterprise Linux, Mailman Security Update, CSRF Attacks. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Nov 24, 2021 Important Red Hat
89

Fedora 32 FEDORA-2020-8560db8779 Moderate: Cacti-Spine CSRF Issues

- Update to 1.2.12 Release notes: . --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-8560db8779 2020-06-05 02:28:39.634538 --------------------------------------------------------------------------------Name : cacti-spine Product : Fedora 32 Version : 1.2.12 Release : 1.fc32 URL : Summary : Threaded poller for Cacti written in C Description : Spine is a supplemental poller for Cacti that makes use of pthreads to achieve excellent performance. --------------------------------------------------------------------------------Update Information: - Update to 1.2.12 Release notes: --------------------------------------------------------------------------------ChangeLog: * Wed May 27 2020 Morten Stevens - 1.2.12-1 - Update to 1.2.12 --------------------------------------------------------------------------------References: [ 1 ] Bug #1830785 - cacti-1.2.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=1830785 [ 2 ] Bug #1840312 - CVE-2020-13231 cacti: CSRF at admin email [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1840312 [ 3 ] Bug #1840317 - CVE-2020-13230 cacti: improper access control on disabling a user [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1840317 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-8560db8779' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list-- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Succulent-spine version 2.0.5 for Ubuntu 20.04 addresses security vulnerabilities and permission concerns. Apply patches safely using apt.. Fedora Security Fixes, Cacti Spine Update, Access Control Issues. . LinuxSecurity.com Team

Calendar%202 Jun 04, 2020 Fedora
87

Debian DSA-4677-1 Critical: Wordpress XSS and CSRF Threats

Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform various Cross-Side Scripting (XSS) and Cross-Site Request Forgery (CSRF) attacks, create files on the server, disclose private information, create open . - ------------------------------------------------------------------------- Debian Security Advisory DSA-4677-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Sebastien Delafond May 06, 2020 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wordpress CVE ID : CVE-2019-9787 CVE-2019-16217 CVE-2019-16218 CVE-2019-16219 CVE-2019-16220 CVE-2019-16221 CVE-2019-16222 CVE-2019-16223 CVE-2019-16780 CVE-2019-16781 CVE-2019-17669 CVE-2019-17671 CVE-2019-17672 CVE-2019-17673 CVE-2019-17674 CVE-2019-17675 CVE-2019-20041 CVE-2019-20042 CVE-2019-20043 CVE-2020-11025 CVE-2020-11026 CVE-2020-11027 CVE-2020-11028 CVE-2020-11029 CVE-2020-11030 Debian Bug : 924546 939543 942459 946905 959391 Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform various Cross-Side Scripting (XSS) and Cross-Site Request Forgery (CSRF) attacks, create files on the server, disclose private information, create open redirects, poison cache, and bypass authorization access and input sanitation. For the oldstable distribution (stretch), these problems have been fixed in version 4.7.5+dfsg-2+deb9u6. For the stable distribution (buster), these problems have been fixed in version 5.0.4+dfsg1-1+deb10u2. We recommend that you upgrade your wordpress packages. For the detailed security status of wordpress please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/wordpress Further information about Debian SecurityAdvisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian DSA-4678-1 relates to significant vulnerabilities found in Joomla, particularly concerning SQL injection and remote code execution.. wordpress Security, Debian Update, Cross-Site Scripting, Security Fix. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 06, 2020 Critical Debian
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200