Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 523
Alerts This Week
Warning Icon 1 523

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 11 articles for you...
87

Debian: Urgent Vulnerability in Dropbear DSA-6086-1 CVE-2025-14282

"Turistu" discovered that incorrect permission handling in the Dropbear SSH server could result in privilege escalation. The oldstable distribution (bookworm) is not affected. For the stable distribution (trixie), this problem has been fixed in version 2025.89-1~deb13u1.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6086-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff December 19, 2025 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : dropbear CVE ID : CVE-2025-14282 "Turistu" discovered that incorrect permission handling in the Dropbear SSH server could result in privilege escalation. The oldstable distribution (bookworm) is not affected. For the stable distribution (trixie), this problem has been fixed in version 2025.89-1~deb13u1. We recommend that you upgrade your dropbear packages. For the detailed security status of dropbear please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/dropbear Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Dropbear SSH server privilege escalation risk addressed in Debian security advisory DSA-6086-1, updates recommended.. Dropbear SSH, privilege escalation, Debian security advisory, security updates, Linux security. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Dec 19, 2025 Important Debian
89

Fedora 41: Dropbear 2025.88 critical: command injection issue

Update to 2025.88 (rhbz#2364904). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-23ccf778c9 2025-05-31 01:33:18.713019+00:00 -------------------------------------------------------------------------------- Name : dropbear Product : Fedora 41 Version : 2025.88 Release : 1.fc41 URL : https://matt.ucc.asn.au/dropbear/dropbear.html Summary : Lightweight SSH server and client Description : Dropbear is a relatively small SSH server and client. It's particularly useful for "embedded"-type Linux (or other Unix) systems, such as wireless routers. -------------------------------------------------------------------------------- Update Information: Update to 2025.88 (rhbz#2364904) -------------------------------------------------------------------------------- ChangeLog: * Thu May 22 2025 Federico Pellegrin - 2025.88-1 - Update to 2025.88 (rhbz#2364904) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2364904 - CVE-2025-47203 dropbear: command injection via an untrusted hostname argument [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2364904 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-23ccf778c9' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Upgrade to Dropbear version 2025.88 for Fedora 41 to patch vulnerabilities related to command injection. Protect your environment today.. Dropbear SSH, Fedora 41 update, command injection fix, lightweight SSH server. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 31, 2025 Critical Fedora
89

Fedora 42 dropbear 2025.88 critical: command injection issue

Upgrade to 2025.88 (rhbz#2364905). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-86022c9c44 2025-05-23 03:24:17.285861+00:00 -------------------------------------------------------------------------------- Name : dropbear Product : Fedora 42 Version : 2025.88 Release : 1.fc42 URL : https://matt.ucc.asn.au/dropbear/dropbear.html Summary : Lightweight SSH server and client Description : Dropbear is a relatively small SSH server and client. It's particularly useful for "embedded"-type Linux (or other Unix) systems, such as wireless routers. -------------------------------------------------------------------------------- Update Information: Upgrade to 2025.88 (rhbz#2364905) -------------------------------------------------------------------------------- ChangeLog: * Thu May 15 2025 Federico Pellegrin - 2025.88-1 - Upgrade to 2025.88 (rhbz#2364905) * Sat Feb 1 2025 Björn Esser - 2024.86-3 - Add explicit BR: libxcrypt-devel -------------------------------------------------------------------------------- References: [ 1 ] Bug #2364905 - CVE-2025-47203 dropbear: command injection via an untrusted hostname argument [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2364905 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-86022c9c44' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- . Update dropbear to version 2025.88 on Fedora 42 to rectify a severe command injection vulnerability.. Dropbear SSH,Fedora 42 upgrade, security update, command injection fix. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 23, 2025 Critical Fedora
198

Arch Linux ASA-202505-9: dropbear Medium severity remote command execution

The package dropbear before version 2025.88-1 is vulnerable to arbitrary command execution. . Arch Linux Security Advisory ASA-202505-9 ========================================= Severity: Medium Date : 2025-05-19 CVE-ID : CVE-2025-47203 Package : dropbear Type : arbitrary command execution Remote : Yes Link : https://security.archlinux.org/AVG-2874 Summary ======= The package dropbear before version 2025.88-1 is vulnerable to arbitrary command execution. Resolution ========== Upgrade to 2025.88-1. # pacman -Syu "dropbear> =2025.88-1" The problem has been fixed upstream in version 2025.88. Workaround ========== None. Description =========== dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used. Impact ====== A remote attacker can craft a malicious hostname to execute arbitrary commands on a system using dbclient if the hostname is passed without proper sanitization. References ========== https://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2025q2/002385.html https://security.archlinux.org/CVE-2025-47203 . The Debian Security Announcement DSA-202507-5 highlights a medium-risk vulnerability in the samba package. It is recommended to perform an update.. Arbitrary Command Execution, Arch Linux Dropbear, Security Advisory. . Severity: Medium. LinuxSecurity.com Team

Calendar%202 May 20, 2025 Medium ArchLinux
197

Debian LTS DLA-4169-1: dropbear local command execution risk fixed

Marcin Nowak discovered that dbclient(1) hostname arguments with a comma (for multihop) are passed to the shell which could result in running arbitrary shell commands locally. That could be a security issue in situations where dbclient(1) is passed untrusted hostname arguments. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-4169-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Guilhem Moulin May 17, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : dropbear Version : 2020.81-3+deb11u3 CVE ID : CVE-2025-47203 Marcin Nowak discovered that dbclient(1) hostname arguments with a comma (for multihop) are passed to the shell which could result in running arbitrary shell commands locally. That could be a security issue in situations where dbclient(1) is passed untrusted hostname arguments. For Debian 11 bullseye, this problem has been fixed in version 2020.81-3+deb11u3. We recommend that you upgrade your dropbear packages. For the detailed security status of dropbear please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/dropbear Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Potential vulnerability in DBclient hostname parameters of dropbear could allow for local command execution. Debian users are advised to update.. Debian LTS, dropbear update, security patch, local commands, command execution. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 17, 2025 Important Debian LTS
172

Ubuntu 22.04 LTS: USN-7292-1 High Risk: Dropbear Access Vulnerabilities

Several security issues were fixed in dropbear.. ========================================================================== Ubuntu Security Notice USN-7292-1 February 25, 2025 Several security issues were fixed in Dropbear ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in dropbear. Software Description: - dropbear: lightweight SSH2 server and client Details: Manfred Kaiser discovered that Dropbear through 2020.81 does not properly check the available authentication methods in the client-side SSH code. An attacker could use this vulnerability to gain unauthorized access to remote systems. (CVE-2021-36369) Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that the SSH transport protocol implementation in Dropbear had weak integrity checks. An attacker could use this vulnerability to bypass security features like encryption and integrity checks. (CVE-2023-48795) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS dropbear 2020.81-5ubuntu0.1 dropbear-bin 2020.81-5ubuntu0.1 Ubuntu 20.04 LTS dropbear 2019.78-2ubuntu0.1~esm1 Available with Ubuntu Pro dropbear-bin 2019.78-2ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS dropbear 2017.75-3ubuntu0.1~esm1 Available with Ubuntu Pro dropbear-bin 2017.75-3ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7292-1 CVE-2021-36369, CVE-2023-48795 Package Information: https://launchpad.net/ubuntu/+source/dropbear/2020.81-5ubuntu0.1 . The Ubuntu Security Announcement USN-7293-1 tackles several vulnerabilities found in OpenSSH affecting the latest LTS releases.. Dropbear Updates, SSH Client Issues, Ubuntu Security Fixes. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Feb 25, 2025 Important Ubuntu
197

Debian 10 Buster DLA-3187-1 Critical Dropbear Login Bypass

An issue was discovered in Dropbear, a relatively small SSH server and client. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it was possible for an SSH server to change the login process in its favor. This attack can bypass . - ----------------------------------------------------------------------- Debian LTS Advisory DLA-3187-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Utkarsh Gupta November 14, 2022 https://wiki.debian.org/LTS - ----------------------------------------------------------------------- Package : dropbear Version : 2018.76-5+deb10u2 CVE ID : CVE-2021-36369 An issue was discovered in Dropbear, a relatively small SSH server and client. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it was possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2 tokens or SSH-Askpass. Thus, it allows an attacker to abuse a forwarded agent for logging on to another server unnoticed. For Debian 10 buster, this problem has been fixed in version 2018.76-5+deb10u2. We recommend that you upgrade your dropbear packages. For the detailed security status of dropbear please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/dropbear Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Ubuntu Security Notice USN-5472-1 highlights a vulnerability in OpenSSH, tackling the risk of unauthorized access via authentication flaws.. Dropbear Security, Debian LTS Update, SSH Client Issues. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Nov 13, 2022 Critical Debian LTS
91

Gentoo: GLSA-202007-53 Normal: Dropbear Denial of Service Threat

Multiple vulnerabilities have been found in Dropbear, the worst of which could result in a Denial of Service condition.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202007-53 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Dropbear: Multiple vulnerabilities Date: July 28, 2020 Bugs: #723848 ID: 202007-53 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in Dropbear, the worst of which could result in a Denial of Service condition. Background ========= Dropbear is an SSH server and client designed with a small memory footprint. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/dropbear < 2020.80 > = 2020.80 Description ========== Multiple vulnerabilities have been discovered in Dropbear. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Dropbear users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-misc/dropbear-2020.80" References ========= [ 1 ] CVE-2018-0739 https://nvd.nist.gov/vuln/detail/CVE-2018-0739 [ 2 ] CVE-2018-12437 https://nvd.nist.gov/vuln/detail/CVE-2018-12437 [ 3 ] CVE-2018-20685 https://nvd.nist.gov/vuln/detail/CVE-2018-20685 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo SecurityWebsite: https://security.gentoo.org/glsa/202007-53 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . Gentoo users are advised to upgrade Dropbear to address various security flaws and mitigate potential denial of service risks.. Dropbear Security, Gentoo Advisory, Denial of Service, Linux Security Advisory. . LinuxSecurity.com Team

Calendar%202 Jul 28, 2020 Gentoo
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200