Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
89
security advisoryfedoraprogramming languageFedora 42 Erlang Update Critical DNS Poisoning Addresses 2026-dd4a7e240e
Erlang ver. 26.2.5.19. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-dd4a7e240e 2026-04-16 01:08:38.333416+00:00 -------------------------------------------------------------------------------- Name : erlang Product : Fedora 42 Version : 26.2.5.19 Release : 1.fc42 URL : https://www.erlang.org Summary : General-purpose programming language and runtime environment Description : Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. -------------------------------------------------------------------------------- Update Information: Erlang ver. 26.2.5.19 -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 7 2026 Peter Lemenkov - 26.2.5.19-1 - Ver. 26.2.5.19 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2456135 - CVE-2026-28810 erlang: Erlang/OTP kernel: DNS cache poisoning via predictable DNS transaction IDs [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2456135 [ 2 ] Bug #2456139 - CVE-2026-28808 erlang: Erlang OTP inets modules: Unauthenticated access to protected CGI scripts via incorrect authorization [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2456139 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-dd4a7e240e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Apr 16, 2026
•Critical
Fedora
89
security advisoryfedorasystem updateFedora 43 Erlang Update 2026-53a7ddccc8 Critical DNS Poisoning Issue
Erlang ver. 26.2.5.19. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-53a7ddccc8 2026-04-16 00:53:32.960248+00:00 -------------------------------------------------------------------------------- Name : erlang Product : Fedora 43 Version : 26.2.5.19 Release : 1.fc43 URL : https://www.erlang.org Summary : General-purpose programming language and runtime environment Description : Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. -------------------------------------------------------------------------------- Update Information: Erlang ver. 26.2.5.19 -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 7 2026 Peter Lemenkov - 26.2.5.19-1 - Ver. 26.2.5.19 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2456135 - CVE-2026-28810 erlang: Erlang/OTP kernel: DNS cache poisoning via predictable DNS transaction IDs [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2456135 [ 2 ] Bug #2456139 - CVE-2026-28808 erlang: Erlang OTP inets modules: Unauthenticated access to protected CGI scripts via incorrect authorization [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2456139 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-53a7ddccc8' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Apr 16, 2026
•Important
Fedora
172
security advisorydenial of servicecriticalUbuntu 24.04 LTS Bouncy Castle Major LDAP DoS DNS Spoofing USN-8109-1
Several security issues were fixed in Bouncy Castle.. ========================================================================== Ubuntu Security Notice USN-8108-1 March 18, 2026 bouncycastle vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Bouncy Castle. Software Description: - bouncycastle: Java implementation of cryptographic algorithms Details: It was discovered that Bouncy Castle did not sanitize user input when inserting it into an LDAP search filter. An attacker could possibly use this issue to perform an LDAP injection attack. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2023-33201) It was discovered that Bouncy Castle incorrectly handled specially crafted F2m parameters in the ECCurve algorithm. An attacker could possibly use this issue to cause Bouncy Castle to use excessive resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-29857) It was discovered that Bouncy Castle leaked timing information when handling exceptions during an RSA handshake. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-30171) It was discovered that Bouncy Castle incorrectly handled endpoint identification with an SSL socket enabled without an explicit hostname. An attacker could possibly use this issue to perform a DNS poisoning attack. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-34447) Bing Shi discovered that Bouncy Castle incorrectly handled resource memory allocation. An attacker could possibly use this issue to causeBouncy Castle to use excessive resources, leading to a denial of service. This issue only affected Ubuntu 24.04 LTS. (CVE-2025-8916) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS libbcjmail-java 1.77-1ubuntu0.1~esm1 Available with Ubuntu Pro libbcmail-java 1.77-1ubuntu0.1~esm1 Available with Ubuntu Pro libbcpg-java 1.77-1ubuntu0.1~esm1 Available with Ubuntu Pro libbcpkix-java 1.77-1ubuntu0.1~esm1 Available with Ubuntu Pro libbcprov-java 1.77-1ubuntu0.1~esm1 Available with Ubuntu Pro libbctls-java 1.77-1ubuntu0.1~esm1 Available with Ubuntu Pro libbcutil-java 1.77-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS libbcmail-java 1.68-5ubuntu0.1~esm1 Available with Ubuntu Pro libbcpg-java 1.68-5ubuntu0.1~esm1 Available with Ubuntu Pro libbcpkix-java 1.68-5ubuntu0.1~esm1 Available with Ubuntu Pro libbcprov-java 1.68-5ubuntu0.1~esm1 Available with Ubuntu Pro libbctls-java 1.68-5ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS libbcmail-java 1.61-1ubuntu0.1~esm1 Available with Ubuntu Pro libbcpg-java 1.61-1ubuntu0.1~esm1 Available with Ubuntu Pro libbcpkix-java 1.61-1ubuntu0.1~esm1 Available with Ubuntu Pro libbcprov-java 1.61-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS libbcmail-java 1.59-1ubuntu0.1~esm1 Available with Ubuntu Pro libbcpg-java 1.59-1ubuntu0.1~esm1 Available with Ubuntu Pro libbcpkix-java 1.59-1ubuntu0.1~esm1 Available with Ubuntu Pro libbcprov-java 1.59-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS libbcmail-java 1.51-4ubuntu1+esm1 Available with Ubuntu Pro libbcpg-java 1.51-4ubuntu1+esm1 Available with Ubuntu Pro libbcpkix-java 1.51-4ubuntu1+esm1 Available with Ubuntu Pro libbcprov-java 1.51-4ubuntu1+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8108-1 CVE-2023-33201, CVE-2024-29857, CVE-2024-30171, CVE-2024-30172, CVE-2024-34447, CVE-2025-8916 . Critical security issues were fixed in Bouncy Castle on multiple Ubuntu versions, addressing significant exploits. Bouncy Castle Security, Ubuntu Update, LDAP Injection, DoS Prevention. . Severity: Critical. LinuxSecurity.com Team
Mar 18, 2026
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!