Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

Stay Secure with the Latest Linux Advisories

Opensuse Large Esm H800
openSUSE

openSUSE Chromedriver Moderate Security Issues Fixed 2026-10958-1

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed libmozjs Moderate Update CVE-2025-70103

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed Perl HTML Parser Moderate CVE-2026-8829 Advisory

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H800
openSUSE

openSUSE Tumbleweed kernel-devel Moderate Security Issue 2026-10954-1

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed Gleam Moderate Threat Fixed 2026-10953-1

Calendar White Jun 08, 2026
moderate
Ubuntu Large Esm H900
Ubuntu

Ubuntu 25.10 Systemd Critical Arbitrary Code Exec DNS Issues USN-8402-1

Calendar White Jun 08, 2026
Critical
Opensuse Large Esm H800
openSUSE

openSUSE Epiphany Important Password Handling Issue CVE-2023-26081

Calendar White Jun 08, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS 8399-1 Pillow Denial of Service Risk CVE-2026-42308

Calendar White Jun 08, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS Poppler Critical DoS Code Execution Vuln USN-8400-1

Calendar White Jun 08, 2026
Critical
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -5 articles for you...
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedoracritical

Fedora 41: Varnish Critical Fix for CVE-2025-47905 Client-Side Desync

Security: This update includes fixes for CVE-2025-47905 aka VSV00016: A client- side desync vulnerability can be triggered in Varnish Cache. This vulnerability can be triggered under specific circumstances involving malformed HTTP/1 chunked requests.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-f7e5d2e40f 2025-08-09 03:07:08.046900+00:00 -------------------------------------------------------------------------------- Name : varnish Product : Fedora 41 Version : 7.5.0 Release : 4.fc41 URL : https://vinyl-cache.org/ Summary : High-performance HTTP accelerator Description : This is Varnish Cache, a high-performance HTTP accelerator. Varnish Cache stores web pages in memory so web servers don\u2019t have to create the same web page over and over again. Varnish Cache serves pages much faster than any application server; giving the website a significant speed up. Documentation wiki and additional information about Varnish Cache is available on: https://vinyl-cache.org/ -------------------------------------------------------------------------------- Update Information: Security: This update includes fixes for CVE-2025-47905 aka VSV00016: A client- side desync vulnerability can be triggered in Varnish Cache. This vulnerability can be triggered under specific circumstances involving malformed HTTP/1 chunked requests. -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 31 2025 Ingvar Hagelund - 7.5.0-4 - Security: Added patch for VSV00016 AKA CVE-2025-47905 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2369404 - CVE-2025-47905 varnish: request smuggling attacks [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2369404 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade--advisory FEDORA-2025-f7e5d2e40f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Patch release for Varnish Cache fixes server-side timing issue in Fedora 41, boosting overall security measures.. Varnish Cache,Fedora 41,security update,client-side risk,HTTP vulnerability. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Aug 09, 2025 Critical Fedora
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorydebianattack

Debian 11 Varnish: DLA-4187-1 Critical Client-Side Desync Issue

A client-side desync vulnerability can be triggered in Varnish, a high-performance web accelerator. An attacker can abuse a flaw in Varnish’s handling of chunked transfer encoding which allows certain malformed HTTP/1 requests to exploit improper framing of the message body to smuggle additional . ------------------------------------------------------------------------- Debian LTS Advisory DLA-4187-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Markus Koschany May 28, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : varnish Version : 6.5.1-1+deb11u5 CVE ID : CVE-2025-47905 A client-side desync vulnerability can be triggered in Varnish, a high-performance web accelerator. An attacker can abuse a flaw in Varnish’s handling of chunked transfer encoding which allows certain malformed HTTP/1 requests to exploit improper framing of the message body to smuggle additional requests. Specifically, Varnish incorrectly permits CRLF to be skipped to delimit chunk boundaries. For Debian 11 bullseye, this problem has been fixed in version 6.5.1-1+deb11u5. We recommend that you upgrade your varnish packages. For the detailed security status of varnish please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/varnish Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Debian LTS Announcement DLA-4190-2 covers a critical vulnerability in Nginx. It's essential to apply the latest patches to protect your network immediately.. Debian LTS, Varnish Security, High-Performance Accelerator. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 May 29, 2025 Critical Debian LTS
Banner 4 1028x280 1708121825 1771600306
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisoryupdatedebian

Debian LTS: DLA-4101-1: varnish Security Advisory Updates

A HTTP/1 client-side desync vulnerability has been fixed in Varnish, a caching HTTP reverse proxy. For Debian 11 bullseye, this problem has been fixed in version . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4101-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Adrian Bunk March 31, 2025 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : varnish Version : 6.5.1-1+deb11u4 CVE ID : CVE-2025-30346 A HTTP/1 client-side desync vulnerability has been fixed in Varnish, a caching HTTP reverse proxy. For Debian 11 bullseye, this problem has been fixed in version 6.5.1-1+deb11u4. We recommend that you upgrade your varnish packages. For the detailed security status of varnish please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/varnish Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Upgrade Varnish for Debian 11 to fix critical HTTP desync vulnerability with CVE-2025-30346. Stay secure!. http/1, client-side, desync, vulnerability, varnish, caching, reverse, proxy. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Mar 31, 2025 Critical Debian LTS
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorysecurity issuecritical

Debian Stretch DLA-2991-1 Critical: Twisted Request Smuggling

The Twisted Web HTTP 1.1 server, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing can lead to desync if requests pass through multiple HTTP parsers, potentially resulting in HTTP request smuggling. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-2991-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Stefano Rivera May 03, 2022 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : twisted Version : 16.6.0-2+deb9u3 CVE ID : CVE-2022-24801 Debian Bug : 1009030 The Twisted Web HTTP 1.1 server, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing can lead to desync if requests pass through multiple HTTP parsers, potentially resulting in HTTP request smuggling. For Debian 9 stretch, this problem has been fixed in version 16.6.0-2+deb9u3. We recommend that you upgrade your twisted packages. For the detailed security status of twisted please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/twisted Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Enhance Twisted Web to resolve HTTP request interpretation problem causing discrepancy. Recommendation DLA-2991-1 outlines essential procedures.. Twisted Web, HTTP Request Smuggling, Debian Security Advisory. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 May 03, 2022 Critical Debian LTS
Banner 4 1028x280 1708121825 1771600306
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here