Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Stay Secure with the Latest Linux Advisories

Fedora Large Esm H800
Fedora

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Calendar White Jun 02, 2026
Important
Oracle Large Esm H800
Oracle

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Calendar White Jun 02, 2026
moderate
Oracle Large Esm H900
Oracle

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Calendar White Jun 03, 2026
Critical
Ubuntu Large Esm H800
Ubuntu

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Calendar White Jun 03, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 3 articles for you...
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedoraimportant

Fedora 43 Composer Important Fix GitHub Token Validation 2026-3e8172bbdb

Version 2.9.8 - 2026-05-13 Security: Fixed GitHub token validation and disclosure (GHSA-f9f8-rm49-7jv2). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-3e8172bbdb 2026-05-23 15:47:52.432854+00:00 -------------------------------------------------------------------------------- Name : composer Product : Fedora 43 Version : 2.9.8 Release : 1.fc43 URL : https://getcomposer.org/ Summary : Dependency Manager for PHP Description : Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation: https://getcomposer.org/doc/ -------------------------------------------------------------------------------- Update Information: Version 2.9.8 - 2026-05-13 Security: Fixed GitHub token validation and disclosure (GHSA-f9f8-rm49-7jv2) -------------------------------------------------------------------------------- ChangeLog: * Wed May 13 2026 Remi Collet - 2.9.8-1 - update to 2.9.8 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-3e8172bbdb' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . This advisory details a Fedora 43 update for Composer to fix GitHub token validation and ensure security.. Composer Update, Fedora 43 Security, GitHub Token Validation, PHP Dependency Manager. . Severity: Important. LinuxSecurity.com Team

Calendar 2 May 23, 2026 Important Fedora
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedoradisclosure

Fedora 44 Composer 2.9.8 Security GitHub Token Fix Advisory 2026-bd05cb6c4d

Version 2.9.8 - 2026-05-13 Security: Fixed GitHub token validation and disclosure (GHSA-f9f8-rm49-7jv2). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-bd05cb6c4d 2026-05-23 00:56:16.173256+00:00 -------------------------------------------------------------------------------- Name : composer Product : Fedora 44 Version : 2.9.8 Release : 1.fc44 URL : https://getcomposer.org/ Summary : Dependency Manager for PHP Description : Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation: https://getcomposer.org/doc/ -------------------------------------------------------------------------------- Update Information: Version 2.9.8 - 2026-05-13 Security: Fixed GitHub token validation and disclosure (GHSA-f9f8-rm49-7jv2) -------------------------------------------------------------------------------- ChangeLog: * Wed May 13 2026 Remi Collet - 2.9.8-1 - update to 2.9.8 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-bd05cb6c4d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Fixed GitHub token validation and disclosure issues in Composer version 2.9.8 for Fedora 44. Update recommended.. Fedora 44 composer security GitHub update. . Severity: Important. LinuxSecurity.com Team

Calendar 2 May 23, 2026 Important Fedora
Banner 4 1028x280 1708121825 1771600306
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydebiancross site scripting

Debian WebKitGTK Critical CVE-2025-46299 App Disclosure March 2026

The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2025-46299 Google Big Sleep discovered that processing maliciously crafted web content may disclose internal states of the app.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6232-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Alberto Garcia April 28, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : webkit2gtk CVE ID : CVE-2025-46299 CVE-2026-20643 CVE-2026-20664 CVE-2026-20665 CVE-2026-20691 CVE-2026-28857 CVE-2026-28859 CVE-2026-28861 CVE-2026-28871 The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2025-46299 Google Big Sleep discovered that processing maliciously crafted web content may disclose internal states of the app. CVE-2026-20643 Thomas Espach discovered that processing maliciously crafted web content may bypass Same Origin Policy. CVE-2026-20664 Daniel Rhea, Soehnke Benedikt Fischedick, Emrovsky & Switch, and Yevhen Pervushyn discovered that processing maliciously crafted web content may lead to an unexpected process crash CVE-2026-20665 webb discovered that processing maliciously crafted web content may prevent Content Security Policy from being enforced. CVE-2026-20691 Gongyu Ma discovered that a maliciously crafted webpage may be able to fingerprint the user. CVE-2026-28857 Narcis Oliveras Fontas, Soehnke Benedikt Fischedick, Daniel Rhea, and Nathaniel Oh discovered that processing maliciously crafted web content may lead to an unexpected process crash. CVE-2026-28859 greenbynox and Arni Hardarson discovered that a malicious website may be able to process restricted web content outside the sandbox. CVE-2026-28861 Hongze Wu and ShuaikeDong discovered that a malicious website may be able to access script message handlers intended for other origins. CVE-2026-28871 @hamayanhamayan discovered that visiting a maliciously crafted website may lead to a cross- site scripting attack. Starting from version 2.52.0, WebKitGTK can no longer be backported to the oldstable distribution (bookworm). Because of that, the webkit2gtk packages are no longer covered by security support in bookworm. For the stable distribution (trixie), these problems have been fixed in version 2.52.1-1~deb13u1. We recommend that you upgrade your webkit2gtk packages. For the detailed security status of webkit2gtk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/webkit2gtk Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . WebKitGTK faces critical issues allowing disclosure of internal states and XSS attacks; update recommended for Debian.. WebKitGTK security update, Debian DSA-6232-1, internal states disclosure, cross-site scripting attacks, security vulnerabilities. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Apr 28, 2026 Critical Debian
100
Ls Advisories Suse Esm H240
Price Tag 1security advisoryupdatethreat

SUSE: 2025:01660-1 important: MozillaThunderbird Multiple Threats

* bsc#1243216 Cross-References: * CVE-2025-3875 * CVE-2025-3877 . # Security update for MozillaThunderbird Announcement ID: SUSE-SU-2025:01660-1 Release Date: 2025-05-22T16:01:52Z Rating: important References: * bsc#1243216 Cross-References: * CVE-2025-3875 * CVE-2025-3877 * CVE-2025-3909 * CVE-2025-3932 CVSS scores: * CVE-2025-3875 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-3877 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2025-3909 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-3932 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Workstation Extension 15 SP6 * SUSE Package Hub 15 15-SP6 An update that solves four vulnerabilities can now be installed. ## Description: This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 128.10.1. Security fixes: * MFSA 2025-34 (bsc#1243216) * CVE-2025-3875: Sender Spoofing via Malformed From Header in Thunderbird. * CVE-2025-3877: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links. * CVE-2025-3909: JavaScript Execution via Spoofed PDF Attachment and file:/// Link. * CVE-2025-3932: Tracking Links in Attachments Bypassed Remote Content Blocking. Other bug fixes: * Fixed: standalone message windows/tabs that no longer responded after folder compaction. * Fixed: Thunderbird could crash when importing Outlook messages. * Visual and UX improvements. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-1660=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-1660=1 * SUSE Linux Enterprise Workstation Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2025-1660=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * MozillaThunderbird-translations-common-128.10.1-150200.8.215.1 * MozillaThunderbird-translations-other-128.10.1-150200.8.215.1 * MozillaThunderbird-debuginfo-128.10.1-150200.8.215.1 * MozillaThunderbird-128.10.1-150200.8.215.1 * MozillaThunderbird-debugsource-128.10.1-150200.8.215.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x) * MozillaThunderbird-translations-common-128.10.1-150200.8.215.1 * MozillaThunderbird-translations-other-128.10.1-150200.8.215.1 * MozillaThunderbird-debuginfo-128.10.1-150200.8.215.1 * MozillaThunderbird-128.10.1-150200.8.215.1 * MozillaThunderbird-debugsource-128.10.1-150200.8.215.1 * SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64) * MozillaThunderbird-translations-common-128.10.1-150200.8.215.1 * MozillaThunderbird-translations-other-128.10.1-150200.8.215.1 * MozillaThunderbird-debuginfo-128.10.1-150200.8.215.1 * MozillaThunderbird-128.10.1-150200.8.215.1 * MozillaThunderbird-debugsource-128.10.1-150200.8.215.1 ## References: * https://www.suse.com/security/cve/CVE-2025-3875.html * https://www.suse.com/security/cve/CVE-2025-3877.html * https://www.suse.com/security/cve/CVE-2025-3909.html * https://www.suse.com/security/cve/CVE-2025-3932.html * https://bugzilla.suse.com/show_bug.cgi?id=1243216 . Important security patch for Firefox released to tackle various vulnerabilities. Please update to enhance protection.. MozillaThunderbird, security update, SUSE, openSUSE, threat mitigation. . Severity: Important. LinuxSecurity.com Team

Calendar 2 May 22, 2025 Important SuSE
Banner 4 1028x280 1708121825 1771600306
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorysecurity updateDebian

Debian 11: DLA-3960-1 critical: thunderbird OpenPGP issue

A security issue was discovered in Thunderbird, which could result in the disclosure of OpenPGP encrypted messages. For Debian 11 bullseye, this problem has been fixed in version . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3960-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 20, 2024 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : thunderbird Version : 1:128.4.3esr-1~deb11u1 CVE ID : CVE-2024-11159 A security issue was discovered in Thunderbird, which could result in the disclosure of OpenPGP encrypted messages. For Debian 11 bullseye, this problem has been fixed in version 1:128.4.3esr-1~deb11u1. We recommend that you upgrade your thunderbird packages. For the detailed security status of thunderbird please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/thunderbird Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . A security revision for Debian 11 has been released addressing the OpenPGP message leak vulnerability in Thunderbird. Discover methods to secure your computer.. Debian LTS, Thunderbird Security Update, OpenPGP Message Security. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Nov 20, 2024 Critical Debian LTS
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorymoderatepatch

SUSE Linux Enterprise 12 SP5: 2024:3061-1 Moderate Apache2 Source Code Leak

* bsc#1227353 Cross-References: * CVE-2024-39884 . # Security update for apache2 Announcement ID: SUSE-SU-2024:3061-1 Rating: moderate References: * bsc#1227353 Cross-References: * CVE-2024-39884 CVSS scores: * CVE-2024-39884 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for apache2 fixes the following issues: * CVE-2024-39884: Fixed source code disclosure with handlers configured via AddType (bsc#1227353) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3061=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3061=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3061=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-3061=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * apache2-example-pages-2.4.51-35.60.1 * apache2-debuginfo-2.4.51-35.60.1 * apache2-utils-2.4.51-35.60.1 * apache2-tls13-worker-2.4.51-35.60.1 * apache2-debugsource-2.4.51-35.60.1 * apache2-worker-2.4.51-35.60.1 * apache2-tls13-debugsource-2.4.51-35.60.1 * apache2-tls13-prefork-debuginfo-2.4.51-35.60.1 * apache2-tls13-2.4.51-35.60.1 * apache2-tls13-worker-debuginfo-2.4.51-35.60.1 * apache2-utils-debuginfo-2.4.51-35.60.1 *apache2-tls13-prefork-2.4.51-35.60.1 * apache2-2.4.51-35.60.1 * apache2-tls13-debuginfo-2.4.51-35.60.1 * apache2-tls13-example-pages-2.4.51-35.60.1 * apache2-tls13-utils-debuginfo-2.4.51-35.60.1 * apache2-prefork-debuginfo-2.4.51-35.60.1 * apache2-worker-debuginfo-2.4.51-35.60.1 * apache2-prefork-2.4.51-35.60.1 * apache2-tls13-utils-2.4.51-35.60.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * apache2-doc-2.4.51-35.60.1 * apache2-tls13-doc-2.4.51-35.60.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * apache2-example-pages-2.4.51-35.60.1 * apache2-debuginfo-2.4.51-35.60.1 * apache2-utils-2.4.51-35.60.1 * apache2-tls13-worker-2.4.51-35.60.1 * apache2-debugsource-2.4.51-35.60.1 * apache2-worker-2.4.51-35.60.1 * apache2-tls13-debugsource-2.4.51-35.60.1 * apache2-tls13-prefork-debuginfo-2.4.51-35.60.1 * apache2-tls13-2.4.51-35.60.1 * apache2-tls13-worker-debuginfo-2.4.51-35.60.1 * apache2-utils-debuginfo-2.4.51-35.60.1 * apache2-tls13-prefork-2.4.51-35.60.1 * apache2-2.4.51-35.60.1 * apache2-tls13-debuginfo-2.4.51-35.60.1 * apache2-tls13-example-pages-2.4.51-35.60.1 * apache2-tls13-utils-debuginfo-2.4.51-35.60.1 * apache2-prefork-debuginfo-2.4.51-35.60.1 * apache2-worker-debuginfo-2.4.51-35.60.1 * apache2-prefork-2.4.51-35.60.1 * apache2-tls13-utils-2.4.51-35.60.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * apache2-doc-2.4.51-35.60.1 * apache2-tls13-doc-2.4.51-35.60.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * apache2-example-pages-2.4.51-35.60.1 * apache2-debuginfo-2.4.51-35.60.1 * apache2-utils-2.4.51-35.60.1 * apache2-tls13-worker-2.4.51-35.60.1 * apache2-debugsource-2.4.51-35.60.1 * apache2-worker-2.4.51-35.60.1 * apache2-tls13-debugsource-2.4.51-35.60.1 * apache2-tls13-prefork-debuginfo-2.4.51-35.60.1 * apache2-tls13-2.4.51-35.60.1 *apache2-tls13-worker-debuginfo-2.4.51-35.60.1 * apache2-utils-debuginfo-2.4.51-35.60.1 * apache2-tls13-prefork-2.4.51-35.60.1 * apache2-2.4.51-35.60.1 * apache2-tls13-debuginfo-2.4.51-35.60.1 * apache2-tls13-example-pages-2.4.51-35.60.1 * apache2-tls13-utils-debuginfo-2.4.51-35.60.1 * apache2-prefork-debuginfo-2.4.51-35.60.1 * apache2-worker-debuginfo-2.4.51-35.60.1 * apache2-prefork-2.4.51-35.60.1 * apache2-tls13-utils-2.4.51-35.60.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * apache2-doc-2.4.51-35.60.1 * apache2-tls13-doc-2.4.51-35.60.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * apache2-debuginfo-2.4.51-35.60.1 * apache2-debugsource-2.4.51-35.60.1 * apache2-tls13-debugsource-2.4.51-35.60.1 * apache2-tls13-debuginfo-2.4.51-35.60.1 * apache2-tls13-devel-2.4.51-35.60.1 * apache2-devel-2.4.51-35.60.1 ## References: * https://www.suse.com/security/cve/CVE-2024-39884.html * https://bugzilla.suse.com/show_bug.cgi?id=1227353 . An advisory for nginx resolves a code vulnerability in Red Hat Enterprise Linux. Prompt application of the patch advised.. SUSE Linux, Apache Update, Security Patch, Code Disclosure. . LinuxSecurity.com Team

Calendar 2 Aug 29, 2024 SuSE
Banner 4 1028x280 1708121825 1771600306
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorymoderateupdate

Ubuntu: USN-5439-1 Moderate: Flask Session Cookie Vulnerability

It was discovered that in some conditions the Flask web framework may disclose a session cookie. For the oldstable distribution (bullseye), this problem has been fixed . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5442-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff June 29, 2023 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : flask CVE ID : CVE-2023-30861 It was discovered that in some conditions the Flask web framework may disclose a session cookie. For the oldstable distribution (bullseye), this problem has been fixed in version 1.1.2-2+deb11u1. We recommend that you upgrade your flask packages. For the detailed security status of flask please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/flask Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . A vulnerability in Flask has been identified that could leak session cookies on Debian systems. It's advisable to update your Flask packages to enhance security.. Flask Framework, Debian Security, Session Protection. . LinuxSecurity.com Team

Calendar 2 Jun 29, 2023 Debian
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorydenial of serviceimportant

Red Hat: RHSA-2023-3740-01 Important Spring Boot Security Update

Red Hat Integration Camel for Spring Boot 3.20.1 Patch 1 release and security update is now available. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Integration Camel for Spring Boot 3.20.1 Patch 1 release security update Advisory ID: RHSA-2023:3740-01 Product: Red Hat Integration Advisory URL: https://access.redhat.com/errata/RHSA-2023:3740 Issue date: 2023-06-21 CVE Names: CVE-2023-20883 CVE-2023-24815 ==================================================================== 1. Summary: Red Hat Integration Camel for Spring Boot 3.20.1 Patch 1 release and security update is now available. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: This release of Camel for Spring Boot 3.20.1.P1 serves as a replacement for Camel for Spring Boot 3.20.1 and includes bug fixes and enhancements, which are documented in the Release Notes linked in the References. The purpose of this text-only errata is to inform you about the security issues fixed. Security Fix(es): * vertx-web: StaticHandler disclosure of classpath resources on Windows when mounted on a wildcard route (CVE-2023-24815) * spring-boot: Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have beenapplied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2209342 - CVE-2023-20883 spring-boot: Spring Boot Welcome Page DoS Vulnerability 2209400 - CVE-2023-24815 vertx-web: StaticHandler disclosure of classpath resources on Windows when mounted on a wildcard route 5. References: https://access.redhat.com/security/cve/CVE-2023-20883 https://access.redhat.com/security/cve/CVE-2023-24815 https://access.redhat.com/security/updates/classification#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2023-Q2 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZJNxFdzjgjWX9erEAQjgyg/8DIsEGsp2KcG+EMZiGqVlBaafePfT3gP6 tVOVD4jqsxQYLNa05/IZQtW5Do+0q1vF+ElMq073BgiTXzx6dvD2gppr+Z4DJfAt tvigw2uRofa+ycyL7LxtguxuwUEOrroEiCSqV5itQ/VKiPGoWbQ9WW7LJqPoL/l3 bOywYNbjQ9DIruTwaWt5YbdzYeCPiyh1lW+pG5wzci7m2DZoRu4mR+cV+XsY0XRS cGS5UtE60bXpid5CUFVKno26ArmY1twpb3hB8cX2xrjwa9xOpfteffdqp6bLM9Fv CfnjBSJLRiOIucR2d3jgWaMFsQlfpxRGfp/1fT9bI3RJ5RO2p0BHUS4ECAeCXCNW PhrmMfHKthHeQKSNpWPTKt+XgO1jE8qMATic5/hB3PL6w2KqFs8mSWePrhD3Vo1J SktXfBa3Sd1V3TbOz2otcifMCzg7ry95+sSR72Zpu/nQfP+keOsian98FdRlGzV5 Hh2l98+YgdtmNFp4rwrVCcOLluv/rzt7oG1UBYVM9ATV50fXqtU8KR7YRS3ooNj3 kaHBDTsUpqdl+iN25jpeDooLZkCKPcGsm7Pg6bUFjYkIHavxFwve9hVxXp9yiVL6 446ILywCJFF2/hsD7o0Pe4r6Gc9le6zh7C/6kqa+hb1k9aGtcwFnMaNK1H2Y3zni 4j/W1dDwivU=xseK -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Red Hat rolls out a significant security patch for Camel integration with Spring Boot, featuring vital improvements and corrections.. Spring Boot Security Patch, Red Hat Integration Update, Camel DoS Issue. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jun 21, 2023 Important Red Hat
Banner 4 1028x280 1708121825 1771600306
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here