Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian LTS openssl Important Use-After-Free NULL Pointer Issues DLA-4624-1

Calendar White Jun 09, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 alsa-lib Important Denial of Service Fix USN-8044-2

Calendar White Jun 09, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS node-shell-quote Important Denial of Service CVE-2026-9277

Calendar White Jun 09, 2026
Important
Mageia Large Esm H800
Mageia

Mageia 9 Suricata Critical Performance Security Issues MGASA-2026-0181

Calendar White Jun 09, 2026
Critical
Mageia Large Esm H900
Mageia

Mageia 9 PackageKit Important TOCTOU Race Escalation CVE-2026-41651

Calendar White Jun 09, 2026
Important
Mageia Large Esm H900
Mageia

Mageia 9 Unbound Critical Remote Code Execution Advisory 2026-0034

Calendar White Jun 09, 2026
Critical
Ubuntu Large Esm H800
Ubuntu

Ubuntu 26.04 LTS Netatalk Multiple Security Issues USN-8395-1

Calendar White Jun 09, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 43 mingw-objfw 1.5.5 Update Security Fix FEDORA-2026-de23fedf3e

Calendar White Jun 08, 2026
Fedora Large Esm H900
Fedora

Fedora 43 objfw Important Update 1.5.5 Bug Fixes June 2026

Calendar White Jun 08, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":549,"type":"x","order":1,"pct":78.54,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.29,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.86,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.3,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -7 articles for you...
198
Ls Advisories Archlinux Esm H240
Price Tag 1security advisoryhigh severityprivilege escalation

Arch Linux ASA-201505-6 High: Docker Privilege Escalation Threats

The package docker before version 1:1.6.1-1 is vulnerable to multiple issues including but not limited to privilege escalation, symlink traversal, unauthorized configuration modification, information disclosure and policy profile escalation. . Arch Linux Security Advisory ASA-201505-6 ======================================== Severity: High Date : 2015-05-08 CVE-ID : CVE-2015-3627 CVE-2015-3629 CVE-2015-3630 CVE-2015-3631 Package : docker Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package docker before version 1:1.6.1-1 is vulnerable to multiple issues including but not limited to privilege escalation, symlink traversal, unauthorized configuration modification, information disclosure and policy profile escalation. Resolution ========= Upgrade to 1:1.6.1-1. # pacman -Syu "docker> =1:1.6.1-1" The problems have been fixed upstream in version 1.6.1. Workaround ========= None. Description ========== - CVE-2015-3627 (privilege escalation) The file-descriptor passed by libcontainer to the pid-1 process of a container has been found to be opened prior to performing the chroot, allowing insecure open and symlink traversal. This allows malicious container images to trigger a local privilege escalation. - CVE-2015-3629 (privilege escalation) Symlink traversal on container respawn allows local privilege escalation. Libcontainer version 1.6.0 introduced changes which facilitated a mount namespace breakout upon respawn of a container. This allowed malicious images to write files to the host system and escape containerization. - CVE-2015-3630 (unauthorized modification) Several paths underneath /proc were writable from containers, allowing global system manipulation and configuration. These paths included /proc/asound, /proc/timer_stats, /proc/latency_stats, and /proc/fs. By allowing writes to /proc/fs, it has been noted that CIFS volumes could be forced into a protocol downgrade attack by a rootuser operating inside of a container. Machines having loaded the timer_stats module were vulnerable to having this mechanism enabled and consumed by a container. - CVE-2015-3631 (policy profile escalation) By allowing volumes to override files of /proc within a mount namespace, a user could specify arbitrary policies for Linux Security Modules, including setting an unconfined policy underneath AppArmor, or a docker_t policy for processes managed by SELinux. In all versions of Docker up until 1.6.1, it is possible for malicious images to configure volume mounts such that files of proc may be overridden. Impact ===== A remote attacker is able to escalate privileges via unsafe symlink traversal, modify the configuration of the host system or disclose information via specific writable descriptors in /proc or escalate the LSM policy profiles by overriding files of /proc. References ========= https://seclists.org/oss-sec/2015/q2/389 https://access.redhat.com/security/cve/CVE-2015-3627 https://access.redhat.com/security/cve/CVE-2015-3629 https://access.redhat.com/security/cve/CVE-2015-3630 https://access.redhat.com/security/cve/CVE-2015-3631 . Arch Linux Security Advisory ASA-202303-1 outlines critical vulnerabilities in the nginx package, urging users to perform an immediate update for enhanced protection.. Docker Security, Arch Linux Advisories, Escalation Threats, Security Issues. . LinuxSecurity.com Team

Calendar 2 May 08, 2015 ArchLinux
198
Ls Advisories Archlinux Esm H240
Price Tag 1security advisoryprivilege escalationmedium severity

Arch Linux: ASA-201412-16 Medium Severity Docker Privilege Escalation

The package docker before version 1:1.4.0-1 is vulnerable to multiple issues including but not limited to privilege escalation and path traversal. . Arch Linux Security Advisory ASA-201412-16 ========================================= Severity: Medium Date : 2014-12-15 CVE-ID : CVE-2014-9356 CVE-2014-9357 CVE-2014-9358 Package : docker Type : multiple issues Remote : No Link : https://wiki.archlinux.org/title/CVE-2014 Summary ====== The package docker before version 1:1.4.0-1 is vulnerable to multiple issues including but not limited to privilege escalation and path traversal. Resolution ========= Upgrade to 1:1.4.0-1. # pacman -Syu "docker> =1:1.4.0-1" The problems have been fixed upstream in version 1.4.0. Workaround ========= None. Description ========== - CVE-2014-9356 (path traversal) Path traversal attacks are possible in the processing of absolute symlinks. In checking symlinks for traversals, only relative links were considered. This allowed path traversals to exist where they should have otherwise been prevented. This was exploitable via both archive extraction and through volume mounts. This vulnerability allowed malicious images or builds from malicious Dockerfiles to write files to the host system and escape containerization, leading to privilege escalation. - CVE-2014-9357 (privilege escalation) It has been discovered that the introduction of chroot for archive extraction in Docker 1.3.2 had introduced a privilege escalation vulnerability. Malicious images or builds from malicious Dockerfiles could escalate privileges and execute arbitrary code as a privileged root user on the Docker host by providing a malicious ‘xz’ binary. - CVE-2014-9358 (path traversal) It has been discovered that Docker does not sufficiently validate Image IDs as provided either via 'docker load' or through registry communications. This allows for path traversal attacks, causing graph corruption and manipulation by malicious images, as well asrepository spoofing attacks. Impact ===== A local attacker is able to create malicious Dockerfiles or image IDs in order to perform privilege escalation or path traversal. References ========= https://access.redhat.com/security/cve/CVE-2014-9356 https://access.redhat.com/security/cve/CVE-2014-9357 https://access.redhat.com/security/cve/CVE-2014-9358 . Arch Linux Security Advisory ASA-202310-07 outlines concerning vulnerabilities categorized as low severity in the Samba software package prior to version 4.17.1-2.. docker Security Advisory, Arch Linux Issues, Privilege Escalation, Path Traversal. . Severity: Medium. LinuxSecurity.com Team

Calendar 2 Dec 15, 2014 Medium ArchLinux
Banner 4 1028x280 1708121825 1771600306
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":549,"type":"x","order":1,"pct":78.54,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.29,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.86,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.3,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here