Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -5 articles for you...
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisorygentoolocal privilege escalation

Gentoo 201612-02: DavFS2 Local Privilege Escalation Advisory

A vulnerability in DavFS2 allows local users to gain root privileges.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201612-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: DavFS2: Local privilege escalation Date: December 02, 2016 Bugs: #485232 ID: 201612-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability in DavFS2 allows local users to gain root privileges. Background ========= DavFS2 is a file system driver that allows you to mount a WebDAV server as a local disk drive. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-fs/davfs2 < 1.5.2 > = 1.5.2 Description ========== DavFS2 installs "/usr/sbin/mount.davfs" as setuid root. This utility uses "system()" to call "/sbin/modprobe". While the call to "modprobe" itself cannot be manipulated, a local authenticated user can set the "MODPROBE_OPTIONS" environment variable to pass a user controlled path, allowing the loading of an arbitrary kernel module. Impact ===== A local user could gain root privileges. Workaround ========= The system administrator should ensure that all modules the "mount.davfs" utility tries to load are loaded upon system boot before any local user can call the utility. An additional defense measure can be implemented by enabling the Linux kernel module signing feature. This assists in the prevention of arbitrary modules being loaded. Resolution ========= All DavFS2 users should upgrade to the latest version: # emerge --sync # emerge--ask --oneshot --verbose "> =net-fs/davfs2-1.5.2" References ========= [ 1 ] CVE-2013-4362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4362 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201612-02 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . The Gentoo Security Advisory GLSA-202303-01 outlines a vulnerability in OpenSSH, which allows local attackers to gain unauthorized access to sensitive information.. DavFS2 Security,Gentoo Privilege Escalation,Local Users Issue. . LinuxSecurity.com Team

Calendar 2 Dec 02, 2016 Gentoo
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydebianprivilege escalation

Debian 7: DSA-2765-2 Critical: Davfs2 Privilege Escalation Fix

The update released for davfs2 in DSA 2765 had a version number for Debian 7 "wheezy" that sorts lower than the version in Debian 6 "squeeze", causing problems on upgrades. This update makes a package of davfs2 in wheezy available which corrects only the version number. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-2765-2 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Thijs Kinkhorst July 16, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : davfs2 Vulnerability : privilege escalation Problem type : remote Debian-specific: no CVE ID : CVE-2013-4362 Debian Bug : 723034 The update released for davfs2 in DSA 2765 had a version number for Debian 7 "wheezy" that sorts lower than the version in Debian 6 "squeeze", causing problems on upgrades. This update makes a package of davfs2 in wheezy available which corrects only the version number. For reference, the original advisory follows. Davfs2, a filesystem client for WebDAV, calls the function system() insecurely while is setuid root. This might allow a privilege escalation. For the stable distribution (wheezy), this problem has been fixed in version 1.4.6-1.1+wheezy1. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian Security Announcement DSA-2780-3 discusses issues with the libpng package for squeeze. Important patch released to prevent potential buffer overflow.. Debian Update,Davfs2 Fix,Privilege Escalation,Remote Access,Version Correction. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jul 16, 2014 Critical Debian
Banner 1 1028x280 1708121660 1771599717
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydebianprivilege escalation

Debian: DSA-2765-1 Critical: Davfs2 Privilege Escalation Risk

Davfs2, a filesystem client for WebDAV, calls the function system() insecurely while is setuid root. This might allow a privilege escalation. For the oldstable distribution (squeeze), this problem has been fixed in . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2765-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Luciano Bello September 26, 2013 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : davfs2 Vulnerability : privilege escalation Problem type : remote Debian-specific: no CVE ID : CVE-2013-4362 Debian Bug : 723034 Davfs2, a filesystem client for WebDAV, calls the function system() insecurely while is setuid root. This might allow a privilege escalation. For the oldstable distribution (squeeze), this problem has been fixed in version 1.4.6-1.1+squeeze1. For the stable distribution (wheezy), this problem has been fixed in version 1.4.6-1.1+deb7u1. For the testing distribution (jessie), this problem has been fixed in version 1.4.7-3. For the unstable distribution (sid), this problem has been fixed in version 1.4.7-3. We recommend that you upgrade your davfs2 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Responding to a significant vulnerability in davfs2 on Debian with essential upgrade instructions. Protect your system immediately!. davfs2 update, debian security, filesystem client, privilege escalation, remote threat. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Sep 26, 2013 Critical Debian
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisorysymlink attacknormal severity

Gentoo: GLSA-200511-30 Normal: Sshfs & Lvm-User Symbolic Link Vulnerability

Davfs2 and the lvmcreate_initrd script (included in the lvm-user package) are both vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running them. [More...]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200411-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Davfs2, lvm-user: Insecure tempfile handling Date: November 11, 2004 Bugs: #68406, #69149 ID: 200411-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Davfs2 and the lvmcreate_initrd script (included in the lvm-user package) are both vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running them. Background ========= Davfs2 is a file system driver that allows you to mount a WebDAV server as a local disk drive. lvm-user is a package providing userland utilities for LVM (Logical Volume Management) 1.x features. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-fs/davfs2 < 0.2.2-r1 > = 0.2.2-r1 2 sys-fs/lvm-user < 1.0.7-r2 > = 1.0.7-r2 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description ========== Florian Schilhabel from the Gentoo Linux Security Audit Team found that Davfs2 insecurely created .pid files in /tmp. Furthermore,Trustix Secure Linux found that the lvmcreate_initrd script, included in the lvm-user Gentoo package, also creates temporary files in world-writeable directories with predictable names. Impact ===== A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When Davfs2 or lvmcreate_initrd is called, this would result in the file being overwritten with the rights of the user running the software, which could be the root user. Workaround ========= There is no known workaround at this time. Resolution ========= All Davfs2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-fs/davfs2-0.2.2-r1" All lvm-user users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =sys-fs/lvm-user-1.0.7-r2" References ========= [ 1 ] CAN-2004-0972 https://www.cve.org/CVERecord?id=CAN-2004-0972 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200411-22 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2004 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.0/ . Uncover a Gentoo security notification highlighting symlink weaknesses in Davfs2 and lvm-user package versions, along with comprehensive upgrade instructions to rectify vulnerabilities.. Gentoo Security, Tempfile Management, File System Attack. . LinuxSecurity.com Team

Calendar 2 Nov 11, 2004 Gentoo
Banner 1 1028x280 1708121660 1771599717
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here