Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Stay Secure with the Latest Linux Advisories

Fedora Large Esm H800
Fedora

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Calendar White Jun 02, 2026
Important
Oracle Large Esm H800
Oracle

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Calendar White Jun 02, 2026
moderate
Oracle Large Esm H900
Oracle

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Calendar White Jun 03, 2026
Critical
Ubuntu Large Esm H800
Ubuntu

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Calendar White Jun 03, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -2 articles for you...
203
Ls Advisories Mageia Esm H240
Price Tag 1security advisorycriticalencryption

Mageia 7 MGASA-2021-0067 Critical: KMail Attack Vector and Fix

In KDE KMail, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the . MGASA-2021-0067 - Updated messagelib packages fix a security vulnerability Publication date: 04 Feb 2021 URL: https://advisories.mageia.org/MGASA-2021-0067.html Type: security Affected Mageia releases: 7 CVE: CVE-2019-10732 In KDE KMail, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker (CVE-2019-10732). References: - https://bugs.mageia.org/show_bug.cgi?id=28260 - - https://www.cve.org/CVERecord?id=CVE-2019-10732 SRPMS: - 7/core/messagelib-19.04.0-1.1.mga7 . Recent updates to the messagelib packages aim to fix a security vulnerability linked to encoded emails in the Mageia environment. Learn more about this exploit's nature. Mageia Email Threat, KDE KMail Security Fix, Email Encryption Issues. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Feb 04, 2021 Critical Mageia
203
Ls Advisories Mageia Esm H240
Price Tag 1security advisoryemail attackbuffer over-read

Mageia: 2019-0367 Moderate: tnef Buffer Over-Read Threat

Updated tnef package fixes security vulnerability: In tnef, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based . MGASA-2019-0367 - Updated tnef packages fix security vulnerability Publication date: 06 Dec 2019 URL: https://advisories.mageia.org/MGASA-2019-0367.html Type: security Affected Mageia releases: 7 CVE: CVE-2019-18849 Updated tnef package fixes security vulnerability: In tnef, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup (CVE-2019-18849). References: - https://bugs.mageia.org/show_bug.cgi?id=25785 - https://lists.debian.org/debian-lts-announce/2019/11/msg00035.html - https://www.cve.org/CVERecord?id=CVE-2019-18849 SRPMS: - 7/core/tnef-1.4.18-1.mga7 . The revised tnef software addresses a vulnerability that permitted unauthorized entry through specially designed email files.. Mageia Security Update, tnef Package Update, Email Exploit. . LinuxSecurity.com Team

Calendar 2 Dec 06, 2019 Mageia
Banner 4 1028x280 1708121825 1771600306
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryFedorasoftware release

Fedora 31: tnef Security Advisory FEDORA-2019-815807c020 Attack Risk

tnef release 1.4.18. [CVE-2019-18849](https://www.cve.org/CVERecord?id=CVE-2019-18849) in which it may be possible to attack via a crafted email message extracted via tnef.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-815807c020 2019-12-05 01:39:12.689184 --------------------------------------------------------------------------------Name : tnef Product : Fedora 31 Version : 1.4.18 Release : 1.fc31 URL : https://github.com/verdammelt/tnef Summary : Extract files from email attachments like WINMAIL.DAT Description : This application provides a way to unpack Microsoft MS-TNEF MIME attachments. It operates like tar in order to unpack files of type "application/ms-tnef", which may have been placed into the MS-TNEF attachment instead of being attached separately. Such files may have attachment names similar to WINMAIL.DAT --------------------------------------------------------------------------------Update Information: tnef release 1.4.18. ==================== Security release to resolve [CVE-2019-18849](https://www.cve.org/CVERecord?id=CVE-2019-18849) in which it may be possible to attack via a crafted email message extracted via tnef. --------------------------------------------------------------------------------ChangeLog: * Tue Nov 26 2019 David Timms - 1.4.18-1 - Update to release 1.4.18. Fixes CVE-2019-18849 - bug #1771891 - Add global builddolphin to enable -dolphin subpackage when available. --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-815807c020' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Fedora 31 patch resolves vulnerability in tnef application that enables email exploitation through specially designed messages.. tnef Email Security Update, Fedora Software Release, Exploit Mitigation. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Dec 04, 2019 Critical Fedora
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryFedorabug fix

Fedora 30: FEDORA-2019-5f14b810f8 Critical: tnef Email Attack Fix

tnef release 1.4.18. [CVE-2019-18849](https://www.cve.org/CVERecord?id=CVE-2019-18849) in which it may be possible to attack via a crafted email message extracted via tnef.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-5f14b810f8 2019-12-05 01:09:44.880069 --------------------------------------------------------------------------------Name : tnef Product : Fedora 30 Version : 1.4.18 Release : 1.fc30 URL : https://github.com/verdammelt/tnef Summary : Extract files from email attachments like WINMAIL.DAT Description : This application provides a way to unpack Microsoft MS-TNEF MIME attachments. It operates like tar in order to unpack files of type "application/ms-tnef", which may have been placed into the MS-TNEF attachment instead of being attached separately. Such files may have attachment names similar to WINMAIL.DAT --------------------------------------------------------------------------------Update Information: tnef release 1.4.18. ==================== Security release to resolve [CVE-2019-18849](https://www.cve.org/CVERecord?id=CVE-2019-18849) in which it may be possible to attack via a crafted email message extracted via tnef. --------------------------------------------------------------------------------ChangeLog: * Tue Nov 26 2019 David Timms - 1.4.18-1 - Update to release 1.4.18. Fixes CVE-2019-18849 - bug #1771891 - Add global builddolphin to enable -dolphin subpackage when available. * Sat Jul 27 2019 Fedora Release Engineering - 1.4.17-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1771892 - CVE-2019-18849 tnef: security bypass in .ssh/authorized_keys file via an e-mail message [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1771892 [ 2 ] Bug #1771893 - CVE-2019-18849 tnef: security bypass in.ssh/authorized_keys file via an e-mail message [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1771893 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-5f14b810f8' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Security bulletin for Fedora regarding tnef upgrade to mitigate email exploitation threats. Critical for ensuring system stability.. Fedora Update, tnef Security Fix, Email Attack Mitigation, Cybersecurity Notification. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Dec 04, 2019 Critical Fedora
Banner 4 1028x280 1708121825 1771600306
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorybuffer overflowdebian

Debian 8: DLA-2005-1 Critical: tnef Buffer Over-read Attack

In tnef, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based . Package : tnef Version : 1.4.9-1+deb8u4 CVE ID : CVE-2019-18849 Debian Bug : 944851 In tnef, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup. For Debian 8 "Jessie", this problem has been fixed in version 1.4.9-1+deb8u4. We recommend that you upgrade your tnef packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: This email address is being protected from spambots. You need JavaScript enabled to view it., https://sunweavers.net/ . To enhance security, please update the tnef package to address the potential buffer over-read vulnerability associated with authorized_keys on Debian systems.. tnef security, email vulnerability, Debian LTS, buffer over-read, authorized_keys issue. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Nov 29, 2019 Critical Debian LTS
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorycriticalencryption

Debian 8: DLA-1825-1 critical: kdepim email decryption threat

A reply-based decryption oracle was found in kdepim, which provides the KMail e-mail client. An attacker in possession of S/MIME or PGP encrypted emails can wrap . Package : kdepim Version : 4:4.14.1-1+deb8u2 CVE ID : CVE-2019-10732 Debian Bug : 926996 A reply-based decryption oracle was found in kdepim, which provides the KMail e-mail client. An attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker. For Debian 8 "Jessie", this problem has been fixed in version 4:4.14.1-1+deb8u2. We recommend that you upgrade your kdepim packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Package : kdepim Version : 4:4.14.1-1+deb8u2 CVE ID : CVE-2019-10732 Debian Bug : 926996 A reply-bas. reply-based, decryption, oracle, found, kdepim, which, provides, kmail, e-mail, client. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jun 18, 2019 Critical Debian LTS
Banner 4 1028x280 1708121825 1771600306
200
Ls Advisories Scientific Esm H240
Price Tag 1security advisorybuffer overflowcritical

Scientific Linux SL7: SLSA-2017-3269-1 Critical: Procmail Buffer Overflow

A heap-based buffer overflow flaw was found in procmail's formail utility. A remote attacker could send a specially crafted email that, when processed by formail, could cause formail to crash or, possibly, execute arbitrary code as the user running formail. (CVE-2017-16844) SL7 x86_64 procmail-3.22-36.el7_4.1.x86_64.rpm procmail-debuginfo-3.22-36.el7_4.1.x86_64.rpm - Scientific Lin [More...]. Synopsis: Important: procmail security update Advisory ID: SLSA-2017:3269-1 Issue Date: 2017-11-29 CVE Numbers: CVE-2017-16844 -- Security Fix(es): * A heap-based buffer overflow flaw was found in procmail's formail utility. A remote attacker could send a specially crafted email that, when processed by formail, could cause formail to crash or, possibly, execute arbitrary code as the user running formail. (CVE-2017-16844) -- SL7 x86_64 procmail-3.22-36.el7_4.1.x86_64.rpm procmail-debuginfo-3.22-36.el7_4.1.x86_64.rpm - Scientific Linux Development Team . Urgent patch released for procmail addressing a serious buffer overflow vulnerability, mitigating risks from maliciously-crafted emails on SL7.x.. procmail Security Update, Scientific Linux Procmail, Buffer Overflow Vulnerability. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Nov 29, 2017 Critical Scientific Linux
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here