Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -3 articles for you...
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedoraimportant

Fedora 41 curl Important Out of Bounds Read Fix CVE-2025-9086

fix Out of bounds read for cookie path (CVE-2025-9086). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-4daec13254 2025-09-23 01:47:24.731878+00:00 -------------------------------------------------------------------------------- Name : curl Product : Fedora 41 Version : 8.9.1 Release : 4.fc41 URL : https://curl.se/ Summary : A utility for getting files from remote servers (FTP, HTTP, and others) Description : curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. -------------------------------------------------------------------------------- Update Information: fix Out of bounds read for cookie path (CVE-2025-9086) -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 17 2025 Jan Macku - 8.9.1-4 - fix Out of bounds read for cookie path (CVE-2025-9086) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2394882 - CVE-2025-9086 curl: Curl out of bounds read for cookie path [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2394882 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-4daec13254' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPGkeys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Patch available for serious out of bounds read vulnerability in curl affecting Fedora 41 users, identified as CVE-2025-9086. Timely update is advised.. curl Fedora 41 updates CVE-2025-9086 security. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Sep 23, 2025 Important Fedora
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorycriticaldebian

Debian 9: DLA-2773-1 Critical: Curl TLS Issues and Fix Instructions

Two issues have been found in curl, a command line tool and an easy-to-use client-side library for transferring data with URL syntax. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2773-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Thorsten Alteholz September 30, 2021 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : curl Version : 7.52.1-5+deb9u16 CVE ID : CVE-2021-22946 CVE-2021-22947 Two issues have been found in curl, a command line tool and an easy-to-use client-side library for transferring data with URL syntax. CVE-2021-22946 Crafted answers from a server might force clients to not use TLS on connections though TLS was required and expected. CVE-2021-22947 When using STARTTLS to initiate a TLS connection, the server might send multiple answers before the TLS upgrade and such the client would handle them as being trusted. This could be used by a MITM-attacker to inject fake response data. For Debian 9 stretch, these problems have been fixed in version 7.52.1-5+deb9u16. We recommend that you upgrade your curl packages. For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/curl Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Debian LTS Advisory DLA-3005-1 tackles significant vulnerabilities in wget, enhancing secure file retrieval.. curl security update,debian security advisory,data transfer tool,tls client security. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Sep 30, 2021 Critical Debian LTS
Banner 3 1028x280 1708121785 1771599793
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorysecurity issuecritical

Debian 9: DLA-2382-1 Critical: curl Remote Access Issue

An issue has been found in curl, a command line tool for transferring data with URL syntax. In rare circumstances, when using the multi API of curl in combination . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2382-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Thorsten Alteholz September 26, 2020 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : curl Version : 7.52.1-5+deb9u12 CVE ID : CVE-2020-8231 An issue has been found in curl, a command line tool for transferring data with URL syntax. In rare circumstances, when using the multi API of curl in combination with CURLOPT_CONNECT_ONLY, the wrong connection might be used when transfering data later. For Debian 9 stretch, this problem has been fixed in version 7.52.1-5+deb9u12. We recommend that you upgrade your curl packages. For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/curl Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . The Ubuntu Security Notice USN-4872-1 alerts users regarding a critical OpenSSH patch aimed at fixing vulnerabilities found in the crypto layer.. Curl Update, Debian LTS, Security Issue, Data Transfer, Security Fix. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Sep 26, 2020 Critical Debian LTS
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisoryupdateexploitation

Debian LTS: DLA-2295-1 Critical Curl Update with Exploitation Risk

A vulnerbailty was found in curl, a command line tool for transferring data with URL syntax. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2295-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Thorsten Alteholz July 28, 2020 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : curl Version : 7.52.1-5+deb9u11 CVE ID : CVE-2020-8177 A vulnerbailty was found in curl, a command line tool for transferring data with URL syntax. When using when using -J (--remote-header-name) and -i (--include) in the same command line, a malicious server could force curl to overwrite the contents of local files with incoming HTTP headers. For Debian 9 stretch, this problem has been fixed in version 7.52.1-5+deb9u11. We recommend that you upgrade your curl packages. For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/curl Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . The security bulletin DLA-2295-1 highlights a severe vulnerability in curl that affects users on Debian LTS, providing suggested updates for mitigation.. Debian LTS,Curl Update,Security Advisory,Critical Security Fix. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jul 28, 2020 Critical Debian LTS
Banner 3 1028x280 1708121785 1771599793
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisorymoderatememory corruption

openSUSE Leap 15.1: Addressing Memory Issues in ProFTPD with SU-2020:0273-1

An update that fixes two vulnerabilities is now available.. openSUSE Security Update: Security update for proftpd ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:0273-1 Rating: moderate References: #1164572 #1164574 Cross-References: CVE-2020-9272 CVE-2020-9273 Affected Products: openSUSE Leap 15.1 openSUSE Backports SLE-15-SP1 openSUSE Backports SLE-15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for proftpd fixes the following issues: proftpd was updated to version 1.3.6c. Security issues fixed: - CVE-2020-9272: Fixed an out-of-bounds read in mod_cap (bsc#1164572). - CVE-2020-9273: Fixed a potential memory corruption caused by an interruption of the data transfer channel (bsc#1164574). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-273=1 - openSUSE Backports SLE-15-SP1: zypper in -t patch openSUSE-2020-273=1 - openSUSE Backports SLE-15: zypper in -t patch openSUSE-2020-273=1 Package List: - openSUSE Leap 15.1 (noarch): proftpd-lang-1.3.6c-lp151.3.9.1 - openSUSE Leap 15.1 (x86_64): proftpd-1.3.6c-lp151.3.9.1 proftpd-debuginfo-1.3.6c-lp151.3.9.1 proftpd-debugsource-1.3.6c-lp151.3.9.1 proftpd-devel-1.3.6c-lp151.3.9.1 proftpd-doc-1.3.6c-lp151.3.9.1 proftpd-ldap-1.3.6c-lp151.3.9.1 proftpd-ldap-debuginfo-1.3.6c-lp151.3.9.1 proftpd-mysql-1.3.6c-lp151.3.9.1 proftpd-mysql-debuginfo-1.3.6c-lp151.3.9.1 proftpd-pgsql-1.3.6c-lp151.3.9.1 proftpd-pgsql-debuginfo-1.3.6c-lp151.3.9.1 proftpd-radius-1.3.6c-lp151.3.9.1 proftpd-radius-debuginfo-1.3.6c-lp151.3.9.1 proftpd-sqlite-1.3.6c-lp151.3.9.1 proftpd-sqlite-debuginfo-1.3.6c-lp151.3.9.1 - openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64): proftpd-1.3.6c-bp151.4.9.1 proftpd-devel-1.3.6c-bp151.4.9.1 proftpd-doc-1.3.6c-bp151.4.9.1 proftpd-ldap-1.3.6c-bp151.4.9.1 proftpd-mysql-1.3.6c-bp151.4.9.1 proftpd-pgsql-1.3.6c-bp151.4.9.1 proftpd-radius-1.3.6c-bp151.4.9.1 proftpd-sqlite-1.3.6c-bp151.4.9.1 - openSUSE Backports SLE-15-SP1 (noarch): proftpd-lang-1.3.6c-bp151.4.9.1 - openSUSE Backports SLE-15 (aarch64 ppc64le s390x x86_64): proftpd-1.3.6c-bp150.3.9.1 proftpd-debuginfo-1.3.6c-bp150.3.9.1 proftpd-debugsource-1.3.6c-bp150.3.9.1 proftpd-devel-1.3.6c-bp150.3.9.1 proftpd-doc-1.3.6c-bp150.3.9.1 proftpd-ldap-1.3.6c-bp150.3.9.1 proftpd-ldap-debuginfo-1.3.6c-bp150.3.9.1 proftpd-mysql-1.3.6c-bp150.3.9.1 proftpd-mysql-debuginfo-1.3.6c-bp150.3.9.1 proftpd-pgsql-1.3.6c-bp150.3.9.1 proftpd-pgsql-debuginfo-1.3.6c-bp150.3.9.1 proftpd-radius-1.3.6c-bp150.3.9.1 proftpd-radius-debuginfo-1.3.6c-bp150.3.9.1 proftpd-sqlite-1.3.6c-bp150.3.9.1 proftpd-sqlite-debuginfo-1.3.6c-bp150.3.9.1 - openSUSE Backports SLE-15 (noarch): proftpd-lang-1.3.6c-bp150.3.9.1 References: https://www.suse.com/security/cve/CVE-2020-9272.html https://www.suse.com/security/cve/CVE-2020-9273.html https://bugzilla.suse.com/1164572 https://bugzilla.suse.com/1164574 -- . Fedora updates tackle vulnerabilities in vsftp, enhancing overall platform security and addressing critical risks.. openSUSE Security Update, proftpd Fixes, software update, security patch. . LinuxSecurity.com Team

Calendar 2 Mar 01, 2020 OpenSUSE
99
Ls Advisories Slackware Esm H240
Price Tag 1security advisorysoftware updatesecurity fix

Slackware: 2020-051-01 Moderate: Proftpd Memory Pool Issue

New proftpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] proftpd (SSA:2020-051-01) New proftpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/proftpd-1.3.6c-i586-1_slack14.2.txz: Upgraded. No CVEs assigned, but this sure looks like a security issue: Use-after-free vulnerability in memory pools during data transfer. (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 14.0: Updated package for Slackware x86_64 14.0: Updated package for Slackware 14.1: Updated package for Slackware x86_64 14.1: Updated package for Slackware 14.2: Updated package for Slackware x86_64 14.2: Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 14.0 package: ad130cbacf59ba92d23da0b8c6dd5c8e proftpd-1.3.6c-i486-1_slack14.0.txz Slackware x86_64 14.0 package: e0e9d4bfd44229fc5cbb0d16decd62e1 proftpd-1.3.6c-x86_64-1_slack14.0.txz Slackware 14.1 package: 8e3126f9af6dbbf817bd43e77ca9cc8d proftpd-1.3.6c-i486-1_slack14.1.txz Slackware x86_64 14.1 package: ea71c0df4222e5b2046876aef3461acc proftpd-1.3.6c-x86_64-1_slack14.1.txz Slackware 14.2 package: cff0f04f8d96e58c9315900ab27e770a proftpd-1.3.6c-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 993452ec1b0c1a6785a09d0e960be20c proftpd-1.3.6c-x86_64-1_slack14.2.txz Slackware -current package: 8c5c8c09c9ce10219fd92ecf72f742cf n/proftpd-1.3.6c-i586-1.txz Slackware x86_64 -currentpackage: 346f1b9c24259e9f61e1063a15bdbef1 n/proftpd-1.3.6c-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg proftpd-1.3.6c-i586-1_slack14.2.txz +-----+ . Updated proftpd versions are now released for Slackware to resolve a vulnerability related to memory management during file transfers.. Proftpd Update, Slackware Security, Memory Pool Threat, Package Upgrade. . LinuxSecurity.com Team

Calendar 2 Feb 20, 2020 Slackware
Banner 3 1028x280 1708121785 1771599793
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here