Alerts This Week
Warning Icon 1 664
Alerts This Week
Warning Icon 1 664

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -4 articles for you...
198
Ls Advisories Archlinux Esm H240
Price Tag 1security advisoryhigh severityupdate

Arch Linux: ASA-201410-13 High: ejabberd Encryption Circumvention

The package ejabberd before version 14.07-2 allows clients to connect with an unencrypted connection even if starttls_required is set. . Arch Linux Security Advisory ASA-201410-13 ========================================= Severity: High Date : 2014-10-27 CVE-ID : CVE-2014-8760 Package : ejabberd Type : circumvention of encryption Remote : No Link : https://wiki.archlinux.org/title/CVE-2014 Summary ====== The package ejabberd before version 14.07-2 allows clients to connect with an unencrypted connection even if starttls_required is set. Resolution ========= Upgrade to 14.07-2. # pacman -Syu "ejabberd> =14.07-2" The problems have been fixed upstream [0] but no release version is available yet. Workaround ========= Disable compression ('zlib' in c2s configuration) and find affected users with: # ejabberdctl connected_users_info | grep 'c2s_compressed\s' You may kick affected user sessions and they should be able to reconnect with encryption and without compression. Description ========== It was discovered that ejabberd does not enforce the starttls_required setting when compression is used, which causes clients to unexpectedly establish connections without encryption. Impact ===== A local user can unexpectedly connect without any encryption and send sensitive information in plaintext to the server even if encryption was set as required. References ========= [0] https://github.com/processone/ejabberd/commit/7bdc115 https://www.cve.org/CVERecord?id=CVE-2014-8760 https://bugs.archlinux.org/task/42541 . Critical Arch Linux security notice regarding ejabberd improperly managing unencrypted connections despite configured encryption parameters.. ejabberd Security, Arch Linux Update, Encryption Issue. . LinuxSecurity.com Team

Calendar 2 Oct 27, 2014 ArchLinux
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydebianremote access

Debian: DSA-2775-1 Moderate: ejabberd SSL Insecurity Fixed

It was discovered that ejabberd, a Jabber/XMPP server, uses SSLv2 and weak ciphers for communication, which are considered insecure. The software offers no runtime configuration options to disable these. This update disables the use of SSLv2 and weak ciphers. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-2775-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Thijs Kinkhorst October 10, 2013 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ejabberd Vulnerability : insecure SSL usage Problem type : remote Debian-specific: no Debian Bug : 722105 It was discovered that ejabberd, a Jabber/XMPP server, uses SSLv2 and weak ciphers for communication, which are considered insecure. The software offers no runtime configuration options to disable these. This update disables the use of SSLv2 and weak ciphers. The updated package for Debian 7 (wheezy) also contains auxiliary bugfixes originally staged for the next stable point release. For the oldstable distribution (squeeze), this problem has been fixed in version 2.1.5-3+squeeze2. For the stable distribution (wheezy), this problem has been fixed in version 2.1.10-4+deb7u1. For the testing distribution (jessie), and unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your ejabberd packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian DSA-2780-1 upgrades Postfix to mitigate potential vulnerabilities in email transmission, reinforcing the security of SMTP protocols.. ejabberd security update, Debian DSA-2775-1, insecure SSL usage. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Oct 10, 2013 Important Debian
Banner 3 1028x280 1708121785 1771599793
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisorydenial of serviceGentoo

Gentoo: 201206-10 Normal: ejabberd Denial of Service Threats

Multiple vulnerabilities have been found in ejabberd, the worst of which allowing for remote Denial of Service.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201206-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: ejabberd: Multiple Denial of Service vulnerabilities Date: June 21, 2012 Bugs: #308047, #370201, #386075 ID: 201206-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in ejabberd, the worst of which allowing for remote Denial of Service. Background ========= ejabberd is the Erlang jabber daemon. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-im/ejabberd < 2.1.9 > = 2.1.9 Description ========== Multiple vulnerabilities have been discovered in ejabberd. Please review the CVE identifiers referenced below for details. Impact ===== ejabberd allows remote attackers to cause a Denial of Service condition with the result of either crashing the daemon or the whole system by causing memory and CPU consumption. Workaround ========= There is no known workaround at this time. Resolution ========= All ejabberd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-im/ejabberd-2.1.9" References ========= [ 1 ] CVE-2010-0305 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0305 [ 2 ] CVE-2011-1753 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1753 [ 3 ] CVE-2011-4320 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4320 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201206-10 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . Several denial of service vulnerabilities identified in ejabberd may lead to system instability. Users are advised to upgrade promptly.. ejabberd Denial of Service,Gentoo Security Advisory,service vulnerabilities,remote attack resolution. . LinuxSecurity.com Team

Calendar 2 Jun 21, 2012 Gentoo
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydenial of serviceupdate

Debian: DSA-2248-1 Moderate: ejabberd Denial Of Service Threat

Wouter Coekaerts discovered that ejabberd, a distributed XMPP/Jabber server written in Erlang, is vulnerable to the so-called "billion laughs" attack because it does not prevent entity expansion on received data. This allows an attacker to perform denial of service attacks against the . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2248-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Nico Golde March 31, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ejabberd Vulnerability : denial of service Problem type : remote Debian-specific: no CVE ID : CVE-2011-1753 Wouter Coekaerts discovered that ejabberd, a distributed XMPP/Jabber server written in Erlang, is vulnerable to the so-called "billion laughs" attack because it does not prevent entity expansion on received data. This allows an attacker to perform denial of service attacks against the service by sending specially crafted XML data to it. For the oldstable distribution (lenny), this problem has been fixed in version 2.0.1-6+lenny3. For the stable distribution (squeeze), this problem has been fixed in version 2.1.5-3+squeeze1. For the testing distribution (wheezy), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 2.1.6-2.1. We recommend that you upgrade your ejabberd packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Essential security patch for ejabberd to mitigate denial of service threats, ensuring your system remains secure.. ejabberd security update, Debian advisory, remote attack fix. . LinuxSecurity.com Team

Calendar 2 May 31, 2011 Debian
Banner 3 1028x280 1708121785 1771599793
87
Ls Advisories Debian Esm H240
Price Tag 1security advisoryDoS issueDebian

Debian: DSA-2034-1 Critical: Apache2 Memory Leak Vulnerability Patch

It was discovered that in ejabberd, a distributed XMPP/Jabber server written in Erlang, a problem in ejabberd_c2s.erl allows remote authenticated users to cause a denial of service by sending a large number of c2s (client2server) messages; that triggers an overload of the . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2033-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Sébastien Delafond April 15th, 2010 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : ejabberd Vulnerability : heap overflow Problem type : remote Debian-specific: no CVE Id : CVE-2010-0305 Debian Bug : 568383 It was discovered that in ejabberd, a distributed XMPP/Jabber server written in Erlang, a problem in ejabberd_c2s.erl allows remote authenticated users to cause a denial of service by sending a large number of c2s (client2server) messages; that triggers an overload of the queue, which in turn causes a crash of the ejabberd daemon. For the stable distribution (lenny), this problem has been fixed in version 2.0.1-6+lenny2. For the testing distribution (squeeze), this problem has been fixed in version 2.1.2-2. For the testing distribution (sid), this problem has been fixed in version 2.1.2-2. We recommend that you upgrade your ejabberd packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian(stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: Size/MD5 checksum: 61649 98dbff6de8d5fd1a613bf2fa2b1b7cbc Size/MD5 checksum: 1388 94c7c65d3a0074a80f7023d3a5bb050b Size/MD5 checksum: 1054739 9c9417ab8dc334094ec7a611016c726e alpha architecture (DEC Alpha) Size/MD5 checksum: 1185762 0d357d6fcd7a8ee3e0897d36d7991cff amd64 architecture (AMD x86_64 (AMD64)) Size/MD5 checksum: 1196276 f5c029b837ce386c0eb3b4b4704b6e4e arm architecture (ARM) Size/MD5 checksum: 1185558 4eb9bf5003262058c6b6d4b190a3f958 armel architecture (ARM EABI) Size/MD5 checksum: 1189252 b18b78168564941d3f5df1da8f23e731 i386 architecture (Intel ia32) Size/MD5 checksum: 1167064 d44c82658e3e4059287f698925912e34 ia64 architecture (Intel ia64) Size/MD5 checksum: 1208584 7474a055763f796bca37dc0847764e74 mipsel architecture (MIPS (Little Endian)) Size/MD5 checksum: 1171612 26cc7ff8e3e2f891f5b2c5f9e7d69034 powerpc architecture (PowerPC) Size/MD5 checksum: 1201544 a5ec73915a372183bb8876649ed1d66b s390 architecture (IBM S/390) Size/MD5 checksum: 1199092 3ca94443785ca5c60bf7617a4b30e8ab sparc architecture (Sun SPARC/UltraSPARC) Size/MD5 checksum: 1188116 a2dc6279a2690ce802c4d4b6bd8370aa These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. Package info: `apt-cache show ' and https://www.debian.org/distrib/packages . Resolution for service interruption in ejabberd tailored for Debian users. Update now to address potential heap overflow vulnerabilities swiftly.. ejabberd server, remote exploit, DoS fix. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Apr 15, 2010 Critical Debian
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here