Alerts This Week
Warning Icon 1 537
Alerts This Week
Warning Icon 1 537

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -4 articles for you...
100
Ls Advisories Suse Esm H240
Price Tag 1security advisoryremote code executionSQL injection

SUSE: 2022:0355-1 Important: Elasticsearch And Kafka Security Fixes

An update that fixes four vulnerabilities is now available. . SUSE Security Update: Security update for elasticsearch, elasticsearch-kit, kafka, kafka-kit, logstash, openstack-monasca-agent, openstack-monasca-log-metrics, openstack-monasca-log-persister, openstack-monasca-log-transformer, openstack-monasca-persister-java, openstack-monasca-persister-java-kit, openstack-monasca-thresh, openstack-monasca-thresh-kit, spark, spark-kit, venv-openstack-monasca, zookeeper, zookeeper-kit ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0355-1 Rating: important References: #1193662 #1194842 #1194843 #1194844 Cross-References: CVE-2021-4104 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 CVSS scores: CVE-2021-4104 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4104 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-23302 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23302 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-23305 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23305 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23307 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: HPE Helion Openstack 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for elasticsearch, elasticsearch-kit, kafka, kafka-kit, logstash, openstack-monasca-agent, openstack-monasca-log-metrics, openstack-monasca-log-persister, openstack-monasca-log-transformer, openstack-monasca-persister-java,openstack-monasca-persister-java-kit, openstack-monasca-thresh, openstack-monasca-thresh-kit, spark, spark-kit, venv-openstack-monasca, zookeeper, zookeeper-kit fixes the following issues: - CVE-2021-4104: Fixed remote code execution through JMS API via the ldap JNDI parser (bsc#1193662). - CVE-2022-23302: Fixed remote code execution in Log4j 1.x when application is configured to use JMSSink (bsc#1194842). - CVE-2022-23305: Fixed SQL injection in Log4j 1.x when application is configured to use JDBCAppender (bsc#1194843). - CVE-2022-23307: Fixed deserialization flaw in the Chainsaw component of Log4j 1 that could lead to malicious code execution (bsc#1194844). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-355=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-355=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-355=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): elasticsearch-2.4.2-5.6.1 openstack-monasca-agent-2.2.6~dev4-3.27.1 openstack-monasca-log-metrics-0.0.1-3.3.1 openstack-monasca-log-persister-0.0.1-5.3.1 openstack-monasca-log-transformer-0.0.1-4.3.1 openstack-monasca-persister-java-1.7.1~a0~dev2-3.9.1 openstack-monasca-thresh-2.1.1-4.6.1 python-monasca-agent-2.2.6~dev4-3.27.1 spark-1.6.3-8.12.1 zookeeper-server-3.4.10-3.15.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): kafka-0.10.2.2-5.12.1 logstash-2.4.1-5.10.1 storm-1.2.3-3.11.2 storm-nimbus-1.2.3-3.11.2 storm-supervisor-1.2.3-3.11.2 - SUSE OpenStack Cloud 8 (noarch): elasticsearch-2.4.2-5.6.1 openstack-monasca-agent-2.2.6~dev4-3.27.1 openstack-monasca-log-metrics-0.0.1-3.3.1 openstack-monasca-log-persister-0.0.1-5.3.1 openstack-monasca-log-transformer-0.0.1-4.3.1 openstack-monasca-persister-java-1.7.1~a0~dev2-3.9.1 openstack-monasca-thresh-2.1.1-4.6.1 python-monasca-agent-2.2.6~dev4-3.27.1 spark-1.6.3-8.12.1 venv-openstack-aodh-x86_64-5.1.1~dev7-12.40.1 venv-openstack-barbican-x86_64-5.0.2~dev3-12.41.1 venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.38.1 venv-openstack-cinder-x86_64-11.2.3~dev29-14.42.1 venv-openstack-designate-x86_64-5.0.3~dev7-12.39.1 venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.36.1 venv-openstack-glance-x86_64-15.0.3~dev3-12.39.1 venv-openstack-heat-x86_64-9.0.8~dev22-12.43.1 venv-openstack-horizon-x86_64-12.0.5~dev6-14.46.1 venv-openstack-ironic-x86_64-9.1.8~dev8-12.41.1 venv-openstack-keystone-x86_64-12.0.4~dev11-11.43.1 venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.40.1 venv-openstack-manila-x86_64-5.1.1~dev5-12.45.1 venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.36.1 venv-openstack-monasca-x86_64-2.2.2~dev1-11.43.1 venv-openstack-murano-x86_64-4.0.2~dev2-12.36.1 venv-openstack-neutron-x86_64-11.0.9~dev69-13.46.1 venv-openstack-nova-x86_64-16.1.9~dev92-11.44.1 venv-openstack-octavia-x86_64-1.0.6~dev3-12.41.1 venv-openstack-sahara-x86_64-7.0.5~dev4-11.40.1 venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.31.1 venv-openstack-trove-x86_64-8.0.2~dev2-11.40.1 zookeeper-server-3.4.10-3.15.1 - SUSE OpenStack Cloud 8 (x86_64): kafka-0.10.2.2-5.12.1 logstash-2.4.1-5.10.1 storm-1.2.3-3.11.2 storm-nimbus-1.2.3-3.11.2 storm-supervisor-1.2.3-3.11.2 - HPE Helion Openstack 8 (noarch): elasticsearch-2.4.2-5.6.1 openstack-monasca-agent-2.2.6~dev4-3.27.1 openstack-monasca-log-metrics-0.0.1-3.3.1 openstack-monasca-log-persister-0.0.1-5.3.1 openstack-monasca-log-transformer-0.0.1-4.3.1 openstack-monasca-persister-java-1.7.1~a0~dev2-3.9.1 openstack-monasca-thresh-2.1.1-4.6.1 python-monasca-agent-2.2.6~dev4-3.27.1 spark-1.6.3-8.12.1 venv-openstack-aodh-x86_64-5.1.1~dev7-12.40.1 venv-openstack-barbican-x86_64-5.0.2~dev3-12.41.1 venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.38.1 venv-openstack-cinder-x86_64-11.2.3~dev29-14.42.1 venv-openstack-designate-x86_64-5.0.3~dev7-12.39.1 venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.36.1 venv-openstack-glance-x86_64-15.0.3~dev3-12.39.1 venv-openstack-heat-x86_64-9.0.8~dev22-12.43.1 venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.46.1 venv-openstack-ironic-x86_64-9.1.8~dev8-12.41.1 venv-openstack-keystone-x86_64-12.0.4~dev11-11.43.1 venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.40.1 venv-openstack-manila-x86_64-5.1.1~dev5-12.45.1 venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.36.1 venv-openstack-monasca-x86_64-2.2.2~dev1-11.43.1 venv-openstack-murano-x86_64-4.0.2~dev2-12.36.1 venv-openstack-neutron-x86_64-11.0.9~dev69-13.46.1 venv-openstack-nova-x86_64-16.1.9~dev92-11.44.1 venv-openstack-octavia-x86_64-1.0.6~dev3-12.41.1 venv-openstack-sahara-x86_64-7.0.5~dev4-11.40.1 venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.31.1 venv-openstack-trove-x86_64-8.0.2~dev2-11.40.1 zookeeper-server-3.4.10-3.15.1 - HPE Helion Openstack 8 (x86_64): kafka-0.10.2.2-5.12.1 logstash-2.4.1-5.10.1 storm-1.2.3-3.11.2 storm-nimbus-1.2.3-3.11.2 storm-supervisor-1.2.3-3.11.2 References: https://www.suse.com/security/cve/CVE-2021-4104.html https://www.suse.com/security/cve/CVE-2022-23302.html https://www.suse.com/security/cve/CVE-2022-23305.html https://www.suse.com/security/cve/CVE-2022-23307.html https://bugzilla.suse.com/1193662 https://bugzilla.suse.com/1194842 https://bugzilla.suse.com/1194843 https://bugzilla.suse.com/1194844 . Keep your SUSE systems secure and efficient by updating Elasticsearch, Kafka, and Logstash to fix critical vulnerabilities with these detailed instructions. SUSE Security Update, Elasticsearch Patch, Kafka Vulnerabilities, Logstash Fix. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Feb 09, 2022 Important SuSE
100
Ls Advisories Suse Esm H240
Price Tag 1security advisoryremote code executionimportant

SUSE: 2021:4160-1 Important: Logstash and Elasticsearch Remote Code Exploit

An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for logstash, elasticsearch, kafka, zookeeper, openstack-monasca-agent, openstack-monasca-persister-java, openstack-monasca-thresh ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4160-1 Rating: important References: #1193662 Cross-References: CVE-2021-4104 CVSS scores: CVE-2021-4104 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for logstash, elasticsearch, kafka, zookeeper, openstack-monasca-agent, openstack-monasca-persister-java, openstack-monasca-thresh fixes the following issues: Fixed vulnerability related to log4j version 1.2.x: - CVE-2021-4104: Fixed remote code execution through the JMS API via the ldap JNDI parser (bsc#1193662) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-4160=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-4160=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): elasticsearch-2.4.2-6.3.1 openstack-monasca-agent-2.8.2~dev5-3.12.1 openstack-monasca-persister-java-1.12.1~dev9-12.2 openstack-monasca-thresh-2.1.1-5.3.1 python-monasca-agent-2.8.2~dev5-3.12.1 zookeeper-server-3.4.13-3.6.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): kafka-0.10.2.2-3.2.1 logstash-2.4.1-7.3.1 - SUSE OpenStack Cloud 9(x86_64): kafka-0.10.2.2-3.2.1 logstash-2.4.1-7.3.1 - SUSE OpenStack Cloud 9 (noarch): elasticsearch-2.4.2-6.3.1 openstack-monasca-agent-2.8.2~dev5-3.12.1 openstack-monasca-persister-java-1.12.1~dev9-12.2 openstack-monasca-thresh-2.1.1-5.3.1 python-monasca-agent-2.8.2~dev5-3.12.1 venv-openstack-barbican-x86_64-7.0.1~dev24-3.27.1 venv-openstack-cinder-x86_64-13.0.10~dev23-3.30.1 venv-openstack-designate-x86_64-7.0.2~dev2-3.27.1 venv-openstack-glance-x86_64-17.0.1~dev30-3.25.1 venv-openstack-heat-x86_64-11.0.4~dev4-3.27.1 venv-openstack-horizon-x86_64-14.1.1~dev11-4.31.1 venv-openstack-ironic-x86_64-11.1.5~dev17-4.25.1 venv-openstack-keystone-x86_64-14.2.1~dev7-3.28.1 venv-openstack-magnum-x86_64-7.2.1~dev1-4.27.1 venv-openstack-manila-x86_64-7.4.2~dev60-3.33.1 venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.27.1 venv-openstack-monasca-x86_64-2.7.1~dev10-3.27.1 venv-openstack-neutron-x86_64-13.0.8~dev164-6.31.1 venv-openstack-nova-x86_64-18.3.1~dev91-3.31.1 venv-openstack-octavia-x86_64-3.2.3~dev7-4.27.1 venv-openstack-sahara-x86_64-9.0.2~dev15-3.27.1 venv-openstack-swift-x86_64-2.19.2~dev48-2.22.1 zookeeper-server-3.4.13-3.6.1 References: https://www.suse.com/security/cve/CVE-2021-4104.html https://bugzilla.suse.com/1193662 . SUSE has released a security update that rectifies critical weaknesses in components like logstash and elasticsearch, significantly fortifying the overall security posture.. Logstash Update, Elasticsearch Security, Remote Code Exploit. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Dec 22, 2021 Important SuSE
Banner 1 1028x280 1708121660 1771599717
198
Ls Advisories Archlinux Esm H240
Price Tag 1security advisoryhigh severityprivilege escalation

Arch Linux: 201902-27 High Severity: Elasticsearch Privilege Escalation

The package elasticsearch before version 6.6.1-1 is vulnerable to privilege escalation. . Arch Linux Security Advisory ASA-201902-27 ========================================= Severity: High Date : 2019-02-25 CVE-ID : CVE-2019-7611 Package : elasticsearch Type : privilege escalation Remote : Yes Link : https://security.archlinux.org/AVG-912 Summary ====== The package elasticsearch before version 6.6.1-1 is vulnerable to privilege escalation. Resolution ========= Upgrade to 6.6.1-1. # pacman -Syu "elasticsearch> =6.6.1-1" The problem has been fixed upstream in version 6.6.1. Workaround ========= None. Description ========== A permission issue was found in Elasticsearch when Field Level Security and Document Level Security are disabled and the _aliases, _shrink, or _split endpoints are used . If the elasticsearch.yml file has xpack.security.dls_fls.enabled set to false, certain permission checks are skipped when users perform one of the actions mentioned above, to make existing data available under a new index/alias name. This could result in an attacker gaining additional permissions against a restricted index. Impact ===== An authenticated remote user can gain additional privileges on a index. References ========= https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077 https://security.archlinux.org/CVE-2019-7611 . Arch Linux Security Notice ASA-201903-15 reveals a critical vulnerability concerning privilege escalation in the Apache HTTP Server.. Arch Linux, Elasticsearch, Privilege Escalation, High Severity, Security Advisory. . LinuxSecurity.com Team

Calendar 2 Feb 26, 2019 ArchLinux
87
Ls Advisories Debian Esm H240
Price Tag 1security advisoryDebianend of life

Debian 8 (Jessie) DSA-3389-1: Elasticsearch Support Ends

Security support for elasticsearch in jessie is hereby discontinued. The project no longer releases information on fixed security issues which allow backporting them to released versions of Debian and actively discourages from doing so. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3389-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff November 01, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : elasticsearch Security support for elasticsearch in jessie is hereby discontinued. The project no longer releases information on fixed security issues which allow backporting them to released versions of Debian and actively discourages from doing so. elasticsearch will also be removed from Debian stretch (the next stable Debian release), but will continue to remain in unstable and available in jessie-backports. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian ceases security assistance for mariadb in jessie, advising against backporting of resolved vulnerabilities.. Debian, Elasticsearch, End Of Life, Security Advisory. . Severity: Informational. LinuxSecurity.com Team

Calendar 2 Nov 01, 2015 Informational Debian
Banner 1 1028x280 1708121660 1771599717
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydebiandirectory traversal

Debian Jessie: DSA-3241-1 Urgent: Elasticsearch Directory Traversal Risk

John Heasman discovered that the site plugin handling of the Elasticsearch search engine was susceptible to directory traversal. For the stable distribution (jessie), this problem has been fixed in . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3241-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Moritz Muehlenhoff April 29, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : elasticsearch CVE ID : CVE-2015-3337 John Heasman discovered that the site plugin handling of the Elasticsearch search engine was susceptible to directory traversal. For the stable distribution (jessie), this problem has been fixed in version 1.0.3+dfsg-5+deb8u1. For the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your elasticsearch packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian jessie addresses: crucial patch for Elasticsearch, mitigating directory traversal risk, users should upgrade promptly.. debian security, elasticsearch update, directory traversal exploit. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Apr 29, 2015 Important Debian
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here