Alerts This Week
Warning Icon 1 566
Alerts This Week
Warning Icon 1 566

Stay Secure with the Latest Linux Advisories

Fedora Large Esm H800
Fedora

Fedora 44 Transmission 4.1.2 Important Clickjacking Fix CVE-2026-38978

Calendar White Jun 05, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 44 libre 4.8.1 Critical Update Details for Real-Time Communication

Calendar White Jun 05, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 44 NextCloud Update Denial of Service JSON Tampering 2026-30881a5be7

Calendar White Jun 05, 2026
Important
Fedora Large Esm H800
Fedora

Fedora 44 python-starlette Security Fix for CVE-2026-48710

Calendar White Jun 05, 2026
Critical
Fedora Large Esm H900
Fedora

Fedora 44 perl-Cpanel-JSON-XS Moderate Denial of Service CVE-2026-9516

Calendar White Jun 05, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 44 rubygem-yard High Path Traversal Fix Vuln 2026-acefc1fe48

Calendar White Jun 05, 2026
high
Fedora Large Esm H800
Fedora

Fedora 44 Rust Sequoia Sop Low-Severity Fix Advisory 2026-5c5f4f40a4

Calendar White Jun 05, 2026
Low
Fedora Large Esm H900
Fedora

Fedora 44 rust-sequoia-sq Low Threat Security Advisory 2026-5c5f4f40a4

Calendar White Jun 05, 2026
Low
Fedora Large Esm H900
Fedora

Fedora 44 rust-sequoia-wot Low Severity Security Fix 2026-5c5f4f40a4

Calendar White Jun 05, 2026
Low
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -4 articles for you...
217
Ls Advisories Oracle Esm H240
Price Tag 1security advisorysecurity updatesecurity issue

Oracle Linux 8: ELSA-2024-1601 Moderate: Curl Package Security Fix

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-1601 https://linux.oracle.com/errata/ELSA-2024-1601.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: curl-7.61.1-33.el8_9.5.x86_64.rpm libcurl-7.61.1-33.el8_9.5.i686.rpm libcurl-7.61.1-33.el8_9.5.x86_64.rpm libcurl-devel-7.61.1-33.el8_9.5.i686.rpm libcurl-devel-7.61.1-33.el8_9.5.x86_64.rpm libcurl-minimal-7.61.1-33.el8_9.5.i686.rpm libcurl-minimal-7.61.1-33.el8_9.5.x86_64.rpm aarch64: curl-7.61.1-33.el8_9.5.aarch64.rpm libcurl-7.61.1-33.el8_9.5.aarch64.rpm libcurl-devel-7.61.1-33.el8_9.5.aarch64.rpm libcurl-minimal-7.61.1-33.el8_9.5.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol8/SRPMS-updates//curl-7.61.1-33.el8_9.5.src.rpm Related CVEs: CVE-2023-28322 CVE-2023-38546 CVE-2023-46218 Description of changes: [7.61.1-33.5] - cap SFTP packet size sent (RHEL-5485) - when keyboard-interactive auth fails, try password (#2229800) - unify the upload/method handling (CVE-2023-28322) - fix cookie injection with none file (CVE-2023-38546) - lowercase the domain names before PSL checks (CVE-2023-46218) _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Essential security patch released for Oracle Linux 8: curl software addressed various vulnerabilities. Full information included.. Oracle Linux,curl update,security advisory,package management,security patch. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Apr 05, 2024 Important Oracle
99
Ls Advisories Slackware Esm H240
Price Tag 1security advisorycriticalsecurity fix

Slackware 14.0-15.0: 2022-131-01 Critical: Curl Package Security Update

New curl packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] curl (SSA:2022-131-01) New curl packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/curl-7.83.1-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: HSTS bypass via trailing dot. TLS and SSH connection too eager reuse. CERTINFO never-ending busy-loop. percent-encoded path separator in URL host. cookie for trailing dot TLD. curl removes wrong file on error. For more information, see: https://curl.se/docs/CVE-2022-30115.html https://curl.se/docs/CVE-2022-27782.html https://curl.se/docs/CVE-2022-27781.html https://curl.se/docs/CVE-2022-27780.html https://curl.se/docs/CVE-2022-27779.html https://curl.se/docs/CVE-2022-27778.html https://www.cve.org/CVERecord?id=CVE-2022-30115 https://www.cve.org/CVERecord?id=CVE-2022-27782 https://www.cve.org/CVERecord?id=CVE-2022-27781 https://www.cve.org/CVERecord?id=CVE-2022-27780 https://www.cve.org/CVERecord?id=CVE-2022-27779 https://www.cve.org/CVERecord?id=CVE-2022-27778 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 14.0: Updated package for Slackware x86_64 14.0: Updated package for Slackware 14.1: Updated package for Slackware x86_64 14.1: Updated package for Slackware 14.2: Updated package for Slackware x86_64 14.2: Updated package for Slackware 15.0: Updated package for Slackware x86_64 15.0: Updated package for Slackware-current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 14.0 package: 093b1aaa62e80b753f79f298820eb970 curl-7.83.1-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 540fc8583ce1617fbbf2b7bd87e7f5d7 curl-7.83.1-x86_64-1_slack14.0.txz Slackware 14.1 package: e3d20fe8c0190a82981224f075822e32 curl-7.83.1-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 87c5ab624b952dba8fe3c62bcc8fdf10 curl-7.83.1-x86_64-1_slack14.1.txz Slackware 14.2 package: 0b4cf4fc0e0f57e02f22c8a30fa0384c curl-7.83.1-i586-1_slack14.2.txz Slackware x86_64 14.2 package: e2638431fcac5507df0cb6a0614d93c9 curl-7.83.1-x86_64-1_slack14.2.txz Slackware 15.0 package: e07b502afff2e25b6f0a6d1a4c68b06a curl-7.83.1-i586-1_slack15.0.txz Slackware x86_64 15.0 package: 049b7cf2c1d0919b8a3e33e0e4f3a621 curl-7.83.1-x86_64-1_slack15.0.txz Slackware -current package: 9d1f293fe16a76941ba87c4871f0d9b3 n/curl-7.83.1-i586-1.txz Slackware x86_64 -current package: cf525df94dc3f2e566ed1bb5565c6c75 n/curl-7.83.1-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg curl-7.83.1-i586-1_slack15.0.txz +-----+ . Update the curl packages on Slackware 14.0, 14.1, 14.2, and 15.0 to enhance security and fix vulnerabilities that could be exploited by attackers. Curl Security Updates, Slackware Patch Release, TLS Connection Fixes. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 May 11, 2022 Critical Slackware
Banner 1 1028x280 1708121660 1771599717
198
Ls Advisories Archlinux Esm H240
Price Tag 1security advisoryhigh severitycode execution

Arch Linux: 201905-16 High Severity: Curl Arbitrary Code Execution

The package curl before version 7.65.0-1 is vulnerable to arbitrary code execution. . Arch Linux Security Advisory ASA-201905-16 ========================================= Severity: High Date : 2019-05-31 CVE-ID : CVE-2019-5436 Package : curl Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-964 Summary ====== The package curl before version 7.65.0-1 is vulnerable to arbitrary code execution. Resolution ========= Upgrade to 7.65.0-1. # pacman -Syu "curl> =7.65.0-1" The problem has been fixed upstream in version 7.65.0. Workaround ========= None. Description ========== libcurl before 7.65.0 contains a heap buffer overflow in the function (tftp_receive_packet()) that receives data from a TFTP server. It calls recvfrom() with the default size for the buffer rather than with the size that was used to allocate it. Thus, the content that might overwrite the heap memory is entirely controlled by the server. The flaw exists if the user selects to use a "blksize" of 504 or smaller (default is 512). The smaller size that is used, the larger the possible overflow becomes. Users choosing a smaller size than default should be rare as the primary use case for changing the size is to make it larger. Impact ===== A malicious TFTP server can execute arbitrary code on the affected host. References ========= https://curl.se/docs/CVE-2019-5436.html https://github.com/curl/curl/commit/2576003415625d7b5f0e390902f8097830b82275 https://security.archlinux.org/CVE-2019-5436 . Arch Linux Security Bulletin ASA-202310-12: Severe vulnerability in curl allows for unauthorized code execution. Immediate upgrade recommended.. curl Package Security, Arch Linux Advisory, High Severity Vulnerability, Arbitrary Code Execution, Software Update. . LinuxSecurity.com Team

Calendar 2 May 31, 2019 ArchLinux
198
Ls Advisories Archlinux Esm H240
Price Tag 1security advisoryremote exploitArch Linux

Ubuntu Security Notice: USN-2017-12 Medium: Curl SSL Vulnerability

The package curl before version 7.54.0-1 is vulnerable to certificate verification bypass. . Arch Linux Security Advisory ASA-201704-12 ========================================= Severity: Medium Date : 2017-04-29 CVE-ID : CVE-2017-7468 Package : curl Type : certificate verification bypass Remote : Yes Link : https://security.archlinux.org/AVG-241 Summary ====== The package curl before version 7.54.0-1 is vulnerable to certificate verification bypass. Resolution ========= Upgrade to 7.54.0-1. # pacman -Syu "curl> =7.54.0-1" The problem has been fixed upstream in version 7.54.0. Workaround ========= None. Description ========== libcurl from 7.52.0 to and including 7.53.1 would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous certificate (or no certificate). This flaw is a regression and identical to CVE-2016-5419 reported on August 3rd 2016, but affecting a different version range. Impact ===== An attacker can bypass a client certificate check by taking advantage of TLS session resumption to reuse a previously established session. References ========= https://curl.se/docs/CVE-2017-7468.html https://security.archlinux.org/CVE-2017-7468 . A medium severity vulnerability in the curl package could endanger data security for applications. Users should promptly update curl to avoid risks. Arch Linux,curl package,certificate bypass,remote exploit,security advisory. . Severity: Medium. LinuxSecurity.com Team

Calendar 2 Apr 30, 2017 Medium ArchLinux
Banner 1 1028x280 1708121660 1771599717
99
Ls Advisories Slackware Esm H240
Price Tag 1security advisorycritical issuesoftware update

Slackware 14.2: 2016-308-01 Critical: Curl Security Issues

New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] curl (SSA:2016-308-01) New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/curl-7.51.0-i586-1_slack14.2.txz: Upgraded. This release fixes security issues: CVE-2016-8615: cookie injection for other servers CVE-2016-8616: case insensitive password comparison CVE-2016-8617: OOB write via unchecked multiplication CVE-2016-8618: double-free in curl_maprintf CVE-2016-8619: double-free in krb5 code CVE-2016-8620: glob parser write/read out of bounds CVE-2016-8621: curl_getdate read out of bounds CVE-2016-8622: URL unescape heap overflow via integer truncation CVE-2016-8623: Use-after-free via shared cookies CVE-2016-8624: invalid URL parsing with '#' CVE-2016-8625: IDNA 2003 makes curl use wrong host For more information, see: https://curl.se/docs/CVE-2016-8615.html https://www.cve.org/CVERecord?id=CVE-2016-8615 https://curl.se/docs/CVE-2016-8616.html https://www.cve.org/CVERecord?id=CVE-2016-8616 https://curl.se/docs/CVE-2016-8617.html https://www.cve.org/CVERecord?id=CVE-2016-8617 https://curl.se/docs/CVE-2016-8618.html https://www.cve.org/CVERecord?id=CVE-2016-8618 https://curl.se/docs/CVE-2016-8619.html https://www.cve.org/CVERecord?id=CVE-2016-8619 https://curl.se/docs/CVE-2016-8620.html https://www.cve.org/CVERecord?id=CVE-2016-8620 https://curl.se/docs/CVE-2016-8621.html https://www.cve.org/CVERecord?id=CVE-2016-8621 https://curl.se/docs/CVE-2016-8622.html https://www.cve.org/CVERecord?id=CVE-2016-8622 https://curl.se/docs/CVE-2016-8623.html https://www.cve.org/CVERecord?id=CVE-2016-8623 https://curl.se/docs/CVE-2016-8624.html https://www.cve.org/CVERecord?id=CVE-2016-8624 https://curl.se/docs/CVE-2016-8625.html https://www.cve.org/CVERecord?id=CVE-2016-8625 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 13.0: Updated package for Slackware x86_64 13.0: Updated package for Slackware 13.1: Updated package for Slackware x86_64 13.1: Updated package for Slackware 13.37: Updated package for Slackware x86_64 13.37: Updated package for Slackware 14.0: Updated package for Slackware x86_64 14.0: Updated package for Slackware 14.1: Updated package for Slackware x86_64 14.1: Updated package for Slackware 14.2: Updated package for Slackware x86_64 14.2: Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 13.0 package: af2372bf676474745a0dc09a3f63022c curl-7.51.0-i486-1_slack13.0.txz Slackware x86_64 13.0 package: 2895acf3b040c98bc36136a42d4337da curl-7.51.0-x86_64-1_slack13.0.txz Slackware 13.1 package: ff8531dcb458e6e004ffc0d1834f79ff curl-7.51.0-i486-1_slack13.1.txz Slackware x86_64 13.1 package: 209d8f20153c0f71f7de42e79f61b754 curl-7.51.0-x86_64-1_slack13.1.txz Slackware 13.37 package: 23ae80080d7dd434e2b34857ca5b9ded curl-7.51.0-i486-1_slack13.37.txz Slackware x86_64 13.37 package: b43c2714e7128f7d37b375ff2095500f curl-7.51.0-x86_64-1_slack13.37.txz Slackware 14.0 package: 82bc3fafa0363354ea84cd1b6cf13953 curl-7.51.0-i486-1_slack14.0.txz Slackware x86_64 14.0 package: b23076850711c42e0cd411791f0b84a6 curl-7.51.0-x86_64-1_slack14.0.txz Slackware 14.1 package: 2667ed9a40a2fd4cfbc0c9ef48838952 curl-7.51.0-i486-1_slack14.1.txz Slackware x86_64 14.1 package: fa92dc36cf68a6e7ec4a1313f9b852ad curl-7.51.0-x86_64-1_slack14.1.txz Slackware 14.2 package: 464cf649cecc4003917a21269a7ce1af curl-7.51.0-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 269d377e735a243d4b806d81b874ed1a curl-7.51.0-x86_64-1_slack14.2.txz Slackware -current package: 3e86800cdae36cda905cd35e3738c8d6 n/curl-7.51.0-i586-1.txz Slackware x86_64 -current package: abe70641a1b24661e96ddc3537748d4c n/curl-7.51.0-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg curl-7.51.0-i586-1_slack14.2.txz +-----+ . Latest curl updates released for Slackware tackling various vulnerabilities, enhancing overall security posture.. Slackware Security,Curl Packages,Package Updates. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Nov 04, 2016 Critical Slackware
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here