Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Stay Secure with the Latest Linux Advisories

Fedora Large Esm H800
Fedora

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Calendar White Jun 02, 2026
Important
Oracle Large Esm H800
Oracle

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Calendar White Jun 02, 2026
moderate
Oracle Large Esm H900
Oracle

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Calendar White Jun 03, 2026
Critical
Ubuntu Large Esm H800
Ubuntu

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Calendar White Jun 03, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 13 articles for you...
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedoracritical

Fedora 41: FVWM3 Critical Update for Command Injection CVE-2025-47906

FVWM3 ver. 1.1.4. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-c0d54269e6 2025-11-18 01:03:18.713098+00:00 -------------------------------------------------------------------------------- Name : fvwm3 Product : Fedora 41 Version : 1.1.4 Release : 1.fc41 URL : https://www.fvwm.org/ Summary : Highly configurable multiple virtual desktop window manager Description : Fvwm is a window manager for X11. It is designed to minimize memory consumption, provide a 3D look to window frames, and implement a virtual desktop. -------------------------------------------------------------------------------- Update Information: FVWM3 ver. 1.1.4 -------------------------------------------------------------------------------- ChangeLog: * Sun Nov 9 2025 Peter Lemenkov - 1.1.4-1 - FVWM3 ver. 1.1.4 * Fri Oct 10 2025 Maxwell G - 1.1.3-6 - Rebuild for golang 1.25.2 * Fri Aug 15 2025 Maxwell G - 1.1.3-5 - Rebuild for golang-1.25.0 * Fri Aug 15 2025 Maxwell G - 1.1.3-4 - Revert "Rebuild for golang-1.25.0" * Fri Aug 15 2025 Maxwell G - 1.1.3-3 - Rebuild for golang-1.25.0 * Wed Jul 23 2025 Fedora Release Engineering - 1.1.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Mon Jun 2 2025 Peter Lemenkov - 1.1.3-1 - FVWM3 ver. 1.1.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2399091 - CVE-2025-47906 fvwm3: Unexpected paths returned from LookPath in os/exec [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2399091 [ 2 ] Bug #2399366 - CVE-2025-47906 fvwm3: Unexpected paths returned from LookPath in os/exec [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2399366 [ 3 ] Bug #2413611 - fvwm3-1.1.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2413611 -------------------------------------------------------------------------------- Thisupdate can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-c0d54269e6' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Critical vulnerabilities in FVWM3 on Fedora 41 require immediate action to safeguard system integrity. Learn more.. Linux Security Updates,Fedora FVWM3 Vulnerabilities,Fedora Security Advisory. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Nov 18, 2025 Critical Fedora
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisorygentooGnuPG

Gentoo: GLSA-202303-02 Normal: GnuPG Randomness Generation Vulnerability

Due to a design flaw, the output of GnuPG's Random Number Generator (RNG) is predictable.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201612-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: GnuPG: RNG output is predictable Date: December 02, 2016 Bugs: #591536 ID: 201612-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Due to a design flaw, the output of GnuPG's Random Number Generator (RNG) is predictable. Background ========= The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-crypt/gnupg < 1.4.21 > = 1.4.21 Description ========== A long standing bug (since 1998) in Libgcrypt (see "GLSA 201610-04" below) and GnuPG allows an attacker to predict the output from the standard RNG. Please review the "Entropy Loss and Output Predictability in the Libgcrypt PRNG" paper below for a deep technical analysis. Impact ===== An attacker who obtains 580 bytes of the random number from the standard RNG can trivially predict the next 20 bytes of output. This flaw does not affect the default generation of keys, because running gpg for key creation creates at most 2 keys from the pool. For a single 4096 bit RSA key, 512 bytes of random are required and thus for the second key (encryption subkey), 20 bytes could be predicted from the the first key. However, the security of an OpenPGP key depends on the primary key (which was generated first) andthus the 20 predictable bytes should not be a problem. For the default key length of 2048 bit nothing will be predictable. Workaround ========= There is no known workaround at this time. Resolution ========= All GnuPG 1 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-crypt/gnupg-1.4.21" References ========= [ 1 ] CVE-2016-6313 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6313 [ 2 ] Entropy Loss and Output Predictability in the Libgcrypt PRNG https://formal.kastel.kit.edu/~klebanov/pubs/libgcrypt-cve-2016-6313.pdf [ 3 ] GLSA 201610-04 https://security.gentoo.org/glsa/201610-04 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201612-01 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . Investigate the GnuPG RNG output reliability concern detailed in Gentoo's security notice. Users are advised to perform an upgrade.. GnuPG Predictable Output,Gentoo Linux Security,RNG Issue Resolution,Software Update Guidance. . LinuxSecurity.com Team

Calendar 2 Dec 02, 2016 Gentoo
Banner 4 1028x280 1708121825 1771600306
200
Ls Advisories Scientific Esm H240
Price Tag 1security advisorymoderatesecurity update

Scientific Linux SL6.x: SLSA-2016:2674-1 Moderate Libgcrypt Update

Moderate: libgcrypt security update. Date: Tue, 8 Nov 2016 21:21:42 -0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Connie Sieh Subject: Security ERRATA Moderate: libgcrypt on SL6.x i386/x86_64 MIME-Version: 1.0 Message-ID: Synopsis: Moderate: libgcrypt security update Advisory ID: SLSA-2016:2674-1 Issue Date: 2016-11-08 CVE Numbers: CVE-2016-6313 -- Security Fix(es): * A design flaw was found in the libgcrypt PRNG (Pseudo-Random Number Generator). An attacker able to obtain the first 580 bytes of the PRNG output could predict the following 20 bytes. (CVE-2016-6313) -- SL6 x86_64 libgcrypt-1.4.5-12.el6_8.i686.rpm libgcrypt-1.4.5-12.el6_8.x86_64.rpm libgcrypt-debuginfo-1.4.5-12.el6_8.i686.rpm libgcrypt-debuginfo-1.4.5-12.el6_8.x86_64.rpm libgcrypt-devel-1.4.5-12.el6_8.i686.rpm libgcrypt-devel-1.4.5-12.el6_8.x86_64.rpm i386 libgcrypt-1.4.5-12.el6_8.i686.rpm libgcrypt-debuginfo-1.4.5-12.el6_8.i686.rpm libgcrypt-devel-1.4.5-12.el6_8.i686.rpm - Scientific Linux Development Team . A significant libgcrypt security revision tackles architectural vulnerabilities in Scientific Linux SL6.x, impacting the reliability of the PRNG.. Scientific Linux Security, libgcrypt Update, PRNG Design Flaw. . LinuxSecurity.com Team

Calendar 2 Nov 08, 2016 Scientific Linux
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorysecurity updateRed Hat Enterprise Linux

Red Hat Enterprise Linux: RHSA-2016-2674-01 Moderate: libgcrypt Design Flaw

An update for libgcrypt is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: libgcrypt security update Advisory ID: RHSA-2016:2674-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2016:2674.html Issue date: 2016-11-08 CVE Names: CVE-2016-6313 ==================================================================== 1. Summary: An update for libgcrypt is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. Security Fix(es): * A design flawwas found in the libgcrypt PRNG (Pseudo-Random Number Generator). An attacker able to obtain the first 580 bytes of the PRNG output could predict the following 20 bytes. (CVE-2016-6313) Red Hat would like to thank Felix Dörre and Vladimir Klebanov for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1366105 - CVE-2016-6313 libgcrypt: PRNG output is predictable 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: libgcrypt-1.4.5-12.el6_8.src.rpm i386: libgcrypt-1.4.5-12.el6_8.i686.rpm libgcrypt-debuginfo-1.4.5-12.el6_8.i686.rpm x86_64: libgcrypt-1.4.5-12.el6_8.i686.rpm libgcrypt-1.4.5-12.el6_8.x86_64.rpm libgcrypt-debuginfo-1.4.5-12.el6_8.i686.rpm libgcrypt-debuginfo-1.4.5-12.el6_8.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: libgcrypt-debuginfo-1.4.5-12.el6_8.i686.rpm libgcrypt-devel-1.4.5-12.el6_8.i686.rpm x86_64: libgcrypt-debuginfo-1.4.5-12.el6_8.i686.rpm libgcrypt-debuginfo-1.4.5-12.el6_8.x86_64.rpm libgcrypt-devel-1.4.5-12.el6_8.i686.rpm libgcrypt-devel-1.4.5-12.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: libgcrypt-1.4.5-12.el6_8.src.rpm x86_64: libgcrypt-1.4.5-12.el6_8.i686.rpm libgcrypt-1.4.5-12.el6_8.x86_64.rpm libgcrypt-debuginfo-1.4.5-12.el6_8.i686.rpm libgcrypt-debuginfo-1.4.5-12.el6_8.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: libgcrypt-debuginfo-1.4.5-12.el6_8.i686.rpm libgcrypt-debuginfo-1.4.5-12.el6_8.x86_64.rpm libgcrypt-devel-1.4.5-12.el6_8.i686.rpm libgcrypt-devel-1.4.5-12.el6_8.x86_64.rpm Red Hat Enterprise Linux Server (v.6): Source: libgcrypt-1.4.5-12.el6_8.src.rpm i386: libgcrypt-1.4.5-12.el6_8.i686.rpm libgcrypt-debuginfo-1.4.5-12.el6_8.i686.rpm libgcrypt-devel-1.4.5-12.el6_8.i686.rpm ppc64: libgcrypt-1.4.5-12.el6_8.ppc.rpm libgcrypt-1.4.5-12.el6_8.ppc64.rpm libgcrypt-debuginfo-1.4.5-12.el6_8.ppc.rpm libgcrypt-debuginfo-1.4.5-12.el6_8.ppc64.rpm libgcrypt-devel-1.4.5-12.el6_8.ppc.rpm libgcrypt-devel-1.4.5-12.el6_8.ppc64.rpm s390x: libgcrypt-1.4.5-12.el6_8.s390.rpm libgcrypt-1.4.5-12.el6_8.s390x.rpm libgcrypt-debuginfo-1.4.5-12.el6_8.s390.rpm libgcrypt-debuginfo-1.4.5-12.el6_8.s390x.rpm libgcrypt-devel-1.4.5-12.el6_8.s390.rpm libgcrypt-devel-1.4.5-12.el6_8.s390x.rpm x86_64: libgcrypt-1.4.5-12.el6_8.i686.rpm libgcrypt-1.4.5-12.el6_8.x86_64.rpm libgcrypt-debuginfo-1.4.5-12.el6_8.i686.rpm libgcrypt-debuginfo-1.4.5-12.el6_8.x86_64.rpm libgcrypt-devel-1.4.5-12.el6_8.i686.rpm libgcrypt-devel-1.4.5-12.el6_8.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: libgcrypt-1.4.5-12.el6_8.src.rpm i386: libgcrypt-1.4.5-12.el6_8.i686.rpm libgcrypt-debuginfo-1.4.5-12.el6_8.i686.rpm libgcrypt-devel-1.4.5-12.el6_8.i686.rpm x86_64: libgcrypt-1.4.5-12.el6_8.i686.rpm libgcrypt-1.4.5-12.el6_8.x86_64.rpm libgcrypt-debuginfo-1.4.5-12.el6_8.i686.rpm libgcrypt-debuginfo-1.4.5-12.el6_8.x86_64.rpm libgcrypt-devel-1.4.5-12.el6_8.i686.rpm libgcrypt-devel-1.4.5-12.el6_8.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: libgcrypt-1.5.3-13.el7_3.1.src.rpm x86_64: libgcrypt-1.5.3-13.el7_3.1.i686.rpm libgcrypt-1.5.3-13.el7_3.1.x86_64.rpm libgcrypt-debuginfo-1.5.3-13.el7_3.1.i686.rpm libgcrypt-debuginfo-1.5.3-13.el7_3.1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libgcrypt-debuginfo-1.5.3-13.el7_3.1.i686.rpm libgcrypt-debuginfo-1.5.3-13.el7_3.1.x86_64.rpm libgcrypt-devel-1.5.3-13.el7_3.1.i686.rpm libgcrypt-devel-1.5.3-13.el7_3.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v.7): Source: libgcrypt-1.5.3-13.el7_3.1.src.rpm x86_64: libgcrypt-1.5.3-13.el7_3.1.i686.rpm libgcrypt-1.5.3-13.el7_3.1.x86_64.rpm libgcrypt-debuginfo-1.5.3-13.el7_3.1.i686.rpm libgcrypt-debuginfo-1.5.3-13.el7_3.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libgcrypt-debuginfo-1.5.3-13.el7_3.1.i686.rpm libgcrypt-debuginfo-1.5.3-13.el7_3.1.x86_64.rpm libgcrypt-devel-1.5.3-13.el7_3.1.i686.rpm libgcrypt-devel-1.5.3-13.el7_3.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libgcrypt-1.5.3-13.el7_3.1.src.rpm aarch64: libgcrypt-1.5.3-13.el7_3.1.aarch64.rpm libgcrypt-debuginfo-1.5.3-13.el7_3.1.aarch64.rpm libgcrypt-devel-1.5.3-13.el7_3.1.aarch64.rpm ppc64: libgcrypt-1.5.3-13.el7_3.1.ppc.rpm libgcrypt-1.5.3-13.el7_3.1.ppc64.rpm libgcrypt-debuginfo-1.5.3-13.el7_3.1.ppc.rpm libgcrypt-debuginfo-1.5.3-13.el7_3.1.ppc64.rpm libgcrypt-devel-1.5.3-13.el7_3.1.ppc.rpm libgcrypt-devel-1.5.3-13.el7_3.1.ppc64.rpm ppc64le: libgcrypt-1.5.3-13.el7_3.1.ppc64le.rpm libgcrypt-debuginfo-1.5.3-13.el7_3.1.ppc64le.rpm libgcrypt-devel-1.5.3-13.el7_3.1.ppc64le.rpm s390x: libgcrypt-1.5.3-13.el7_3.1.s390.rpm libgcrypt-1.5.3-13.el7_3.1.s390x.rpm libgcrypt-debuginfo-1.5.3-13.el7_3.1.s390.rpm libgcrypt-debuginfo-1.5.3-13.el7_3.1.s390x.rpm libgcrypt-devel-1.5.3-13.el7_3.1.s390.rpm libgcrypt-devel-1.5.3-13.el7_3.1.s390x.rpm x86_64: libgcrypt-1.5.3-13.el7_3.1.i686.rpm libgcrypt-1.5.3-13.el7_3.1.x86_64.rpm libgcrypt-debuginfo-1.5.3-13.el7_3.1.i686.rpm libgcrypt-debuginfo-1.5.3-13.el7_3.1.x86_64.rpm libgcrypt-devel-1.5.3-13.el7_3.1.i686.rpm libgcrypt-devel-1.5.3-13.el7_3.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libgcrypt-1.5.3-13.el7_3.1.src.rpm x86_64: libgcrypt-1.5.3-13.el7_3.1.i686.rpm libgcrypt-1.5.3-13.el7_3.1.x86_64.rpm libgcrypt-debuginfo-1.5.3-13.el7_3.1.i686.rpm libgcrypt-debuginfo-1.5.3-13.el7_3.1.x86_64.rpm libgcrypt-devel-1.5.3-13.el7_3.1.i686.rpm libgcrypt-devel-1.5.3-13.el7_3.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and detailson how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2016-6313 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFYIXE0XlSAg2UNWIIRAnOUAKClsGzA2wGvgFH9CpSA75XVFGCpQQCfdcBv NJZ0Z/geGEgo50YCcozGuMU=nVLR -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Notification regarding a significant libgcrypt security vulnerability on Red Hat Enterprise Linux classified as moderate. Discover further details.. libgcrypt Update, Red Hat Security, Design Flaw, Moderate Threat. . LinuxSecurity.com Team

Calendar 2 Nov 08, 2016 Red Hat
Banner 4 1028x280 1708121825 1771600306
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorysecurity updateDebian

Debian: DSA-2860-1 Moderate: Parcimonie Information Disclosure

Holger Levsen discovered that parcimonie, a privacy-friendly helper to refresh a GnuPG keyring, is affected by a design problem that undermines the usefulness of this piece of software in the intended threat model. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-2860-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Salvatore Bonaccorso February 11, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : parcimonie Vulnerability : information disclosure CVE ID : CVE-2014-1921 Debian Bug : 738134 Holger Levsen discovered that parcimonie, a privacy-friendly helper to refresh a GnuPG keyring, is affected by a design problem that undermines the usefulness of this piece of software in the intended threat model. When using parcimonie with a large keyring (1000 public keys or more), it would always sleep exactly ten minutes between two key fetches. This can probably be used by an adversary who can watch enough key fetches to correlate multiple key fetches with each other, which is what parcimonie aims at protecting against. Smaller keyrings are affected to a smaller degree. This problem is slightly mitigated when using a HKP(s) pool as the configured GnuPG keyserver. For the stable distribution (wheezy), this problem has been fixed in version 0.7.1-1+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 0.8.1-1. We recommend that you upgrade your parcimonie packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian Security Advisory DSA-2861-1 highlights a vulnerability in slapdash, prompting an urgent patch for all users.. parcimonie update, Debian advisory, privacy issue,Debian fix. . LinuxSecurity.com Team

Calendar 2 Feb 11, 2014 Debian
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorycriticaldebian

Debian: DSA-2787-1 Critical: Roundcube Remote Access Design Error

It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, does not properly sanitize the _session parameter in steps/utils/save_pref.inc during saving preferences. The vulnerability can be exploited to overwrite configuration settings and . - ------------------------------------------------------------------------- Debian Security Advisory DSA-2787-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Salvatore Bonaccorso October 27, 2013 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : roundcube Vulnerability : design error Problem type : remote Debian-specific: no CVE ID : CVE-2013-6172 Debian Bug : 727668 It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, does not properly sanitize the _session parameter in steps/utils/save_pref.inc during saving preferences. The vulnerability can be exploited to overwrite configuration settings and subsequently allowing random file access, manipulated SQL queries and even code execution. roundcube in the oldstable distribution (squeeze) is not affected by this problem. For the stable distribution (wheezy), this problem has been fixed in version 0.7.2-9+deb7u1. For the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your roundcube packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Enhance your roundcube instance to rectify layout issues causing remote exploit risks within Debian platforms.. Debian Security, Roundcube Design Flaw, Remote Access Threat, Webmail Vulnerability. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Oct 27, 2013 Critical Debian
Banner 4 1028x280 1708121825 1771600306
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydebianexploit

Debian: DSA-2331-1 Moderate: Tor Design Issue - Remote Threat

It has been discovered by "frosty_un" that a design flaw in Tor, an online privacy tool, allows malicious relay servers to learn certain information that they should not be able to learn. Specifically, a relay that a user connects to directly could learn which other relays that user is . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA-2331-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Moritz Muehlenhoff October 28, 2011 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : tor Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-2768 CVE-2011-2769 It has been discovered by "frosty_un" that a design flaw in Tor, an online privacy tool, allows malicious relay servers to learn certain information that they should not be able to learn. Specifically, a relay that a user connects to directly could learn which other relays that user is connected to directly. In combination with other attacks, this issue can lead to deanonymizing the user. The Common Vulnerabilities and Exposures project has assigned CVE-2011-2768 to this issue. In addition to fixing the above mentioned issues, the updates to oldstable and stable fix a number of less critical issues (CVE-2011-2769). Please see this posting from the Tor blog for more information: https://blog.torproject.org/tor-02234-released-security-patches/ For the oldstable distribution (lenny), this problem has been fixed in version 0.2.1.31-1~lenny+1. Due to technical limitations in the Debian archive scripts, the update cannot be released synchronously with the packages for stable. It will be released shortly. For the stable distribution (squeeze), this problem has been fixed in version 0.2.1.31-1. For the unstable and testing distributions, this problem has been fixed in version0.2.2.34-1. For the experimental distribution, this problem have has fixed in version 0.2.3.6-alpha-1. We recommend that you upgrade your tor packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . This notice brings attention to a critical vulnerability in Tor, permitting relay nodes to access sensitive user data without permission.. Tor Security Update, Debian Advisory, Remote Exploit, Data Exposure, Privacy Flaw. . LinuxSecurity.com Team

Calendar 2 Oct 28, 2011 Debian
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorycriticaldebian

Debian DSA-2243-1 Critical: Unbound Design Flaw Affects DNS Response

It was discovered that Unbound, a caching DNS resolver, ceases to provide answers for zones signed using DNSSEC after it has processed a crafted query. (CVE-2009-4008) . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2243-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Florian Weimer May 27, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : unbound Vulnerability : design flaw Problem type : remote Debian-specific: no CVE ID : CVE-2009-4008 It was discovered that Unbound, a caching DNS resolver, ceases to provide answers for zones signed using DNSSEC after it has processed a crafted query. (CVE-2009-4008) In addition, this update improves the level of DNSSEC support in the lenny version of Unbound so that it is possible for system administrators to configure the trust anchor for the root zone. For the oldstable distribution (lenny), this problem has been fixed in version 1.4.6-1~lenny1. For the other distributions (squeeze, wheezy, sid), this problem has been fixed in version 1.4.4-1. We recommend that you upgrade your unbound packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . The recent modification in Debian for Unbound addresses a critical vulnerability that impacts DNSSEC capabilities and the overall performance of the resolver.. Unbound DNS resolver, Debian security update, remote access flaw, DNSSEC issues. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 May 27, 2011 Critical Debian
Banner 4 1028x280 1708121825 1771600306
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here