Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 10 articles for you...
172
security advisoryremote attackUbuntuUbuntu 25.10: Netty Important Email Spoofing Vuln USN-7843-1
Netty could be made to send emails as your login if it received specially crafted input.. ========================================================================== Ubuntu Security Notice USN-7843-1 October 28, 2025 netty vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 25.04 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Netty could be made to send emails as your login if it received specially crafted input. Software Description: - netty: Java NIO client/server socket framework Details: It was discovered that Netty did not properly handle user input. A remote attacker could possibly use this issue to forge arbitrary emails from a trusted server. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 libnetty-java 1:4.1.48-10ubuntu0.25.10.1 Ubuntu 25.04 libnetty-java 1:4.1.48-10ubuntu0.25.04.1 Ubuntu 24.04 LTS libnetty-java 1:4.1.48-9ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 22.04 LTS libnetty-java 1:4.1.48-4+deb11u2ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 20.04 LTS libnetty-java 1:4.1.45-1ubuntu0.1~esm3 Available with Ubuntu Pro Ubuntu 18.04 LTS libnetty-java 1:4.1.7-4ubuntu0.1+esm4 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7843-1 CVE-2025-59419 Package Information: . A critical Netty vulnerability in Ubuntu allows email spoofing from login accounts through crafted input.. Netty Email Spoofing, Ubuntu Security Update, Java NIO Framework, Remote Attack Risk. . Severity:Important. LinuxSecurity.com Team
Oct 30, 2025
•Important
Ubuntu
203
security advisorysendmailemail spoofingMageia 9: MGASA-2024-0270 Moderate: Sendmail SMTP Spoofing Threat
sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other popular e-mail servers do not. This is . MGASA-2024-0270 - Updated sendmail packages fix security vulnerability Publication date: 16 Jul 2024 URL: https://advisories.mageia.org/MGASA-2024-0270.html Type: security Affected Mageia releases: 9 CVE: CVE-2023-51765 sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other popular e-mail servers do not. This is resolved in 8.18 and later versions with 'o' in srv_features. (CVE-2023-51765) References: - https://bugs.mageia.org/show_bug.cgi?id=32700 - https://www.openwall.com/lists/oss-security/2023/12/21/6 - https://www.openwall.com/lists/oss-security/2023/12/26/5 - https://www.cve.org/CVERecord?id=CVE-2023-51765 SRPMS: - 9/core/sendmail-8.17.1-4.1.mga9 . Mageia's MGASA-2024-0270 resolves the SMTP injection vulnerability found in sendmail. Important update information highlighted.. sendmail updates, SMTP vulnerability, Mageia security advisory, email security, SPF protection. . LinuxSecurity.com Team
Jul 16, 2024
Mageia
203
security advisoryemail spoofingpostfixMageia 9 Security Advisory MGASA-2024-0029: Postfix SMTP Exploit Alert
Postfix has been updated to fix smtp smuggling, an email spoofing attack that involves a composition of email services with specific differences in the way they handle line endings other than . References: . MGASA-2024-0029 - Updated postfix packages fix a security vulnerability Publication date: 09 Feb 2024 URL: https://advisories.mageia.org/MGASA-2024-0029.html Type: security Affected Mageia releases: 9 CVE: CVE-2023-51764 Postfix has been updated to fix smtp smuggling, an email spoofing attack that involves a composition of email services with specific differences in the way they handle line endings other than . References: - https://bugs.mageia.org/show_bug.cgi?id=32647 - https://www.postfix.org/smtp-smuggling.html - https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/ - https://www.cve.org/CVERecord?id=CVE-2023-51764 SRPMS: - 9/core/postfix-3.8.4-1.mga9 . A recent security patch for Postfix tackles SMTP smuggling flaws, providing robust fixes for Mageia 9 users.. Postfix Security, Mageia Update, Email Vulnerability, SMTP Attack Fix. . Severity: Important. LinuxSecurity.com Team
Feb 09, 2024
•Important
Mageia
197
security advisorydenial of serviceDebianDebian 10: DLA-3698-1 critical: thunderbird denial of service
Multiple security issues were discovered in Thunderbird, which could result in denial of service, the execution of arbitrary code or spoofing of signed PGP/MIME and SMIME emails. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3698-1
Dec 29, 2023
•Critical
Debian LTS
99
security advisorysecurity fixSlackwareSlackware 15.0: 2023-356-01 moderate: Postfix email spoofing threat
New postfix packages are available for Slackware 15.0 and -current to fix a security issue. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] postfix (SSA:2023-356-01) New postfix packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/postfix-3.6.13-i586-1_slack15.0.txz: Upgraded. Security: this release adds support to defend against an email spoofing attack (SMTP smuggling) on recipients at a Postfix server. Sites concerned about SMTP smuggling attacks should enable this feature on Internet-facing Postfix servers. For compatibility with non-standard clients, Postfix by default excludes clients in mynetworks from this countermeasure. The recommended settings are: # Optionally disconnect remote SMTP clients that send bare newlines, # but allow local clients with non-standard SMTP implementations # such as netcat, fax machines, or load balancer health checks. # smtpd_forbid_bare_newline = yes smtpd_forbid_bare_newline_exclusions = $mynetworks The smtpd_forbid_bare_newline feature is disabled by default. For more information, see: https://www.postfix.org/smtp-smuggling.html (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 15.0: Updated package for Slackware x86_64 15.0: Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 15.0 package: 1d5c7eec8f39a89e957abf39a1e79560 postfix-3.6.13-i586-1_slack15.0.txz Slackware x86_64 15.0 package: 7286fabbc87a7dfdcc2b1ab4c6c2f4f5 postfix-3.6.13-x86_64-1_slack15.0.txz Slackware -current package: 27f27ac76a52652599dc7b7d885fa4e1 n/postfix-3.8.4-i586-1.txz Slackware x86_64 -current package: c49061c599d2667dbea79227b8e6bb18 n/postfix-3.8.4-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg postfix-3.6.13-i586-1_slack15.0.txz Restart the postfix server: # /etc/rc.d/rc.postfix restart +-----+ . Latest enhancements in Postfix packages for Slackware 15.0 address a critical email forgery flaw associated with SMTP evasion techniques.. Postfix Security, Slackware Update, Email Spoofing Solution. . LinuxSecurity.com Team
Dec 23, 2023
Slackware
87
security advisorydenial of servicecode executionDebian 11 & 12 DSA-5582-1 Moderate: Thunderbird Denial of Service
Multiple security issues were discovered in Thunderbird, which could result in denial of service, the execution of arbitrary code or spoofing of signed PGP/MIME and SMIME emails. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5582-1
Dec 21, 2023
Debian
197
security advisorydebianremote attackDebian 10 buster DLA-3681-2 critical: OpenDKIM email spoofing
An issue (CVE-2022-48521) was discovered in OpenDKIM through 2.10.3, and 2.11.x through 2.11.0-Beta2. It fails to keep track of ordinal numbers when removing fake Authentication-Results header fields, which allows a remote attacker to craft an e-mail message with a fake sender address . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3680-1
Dec 03, 2023
•Critical
Debian LTS
197
security advisorydebiancritical threatDebian 10 Buster DLA-3510-1 Critical: Thunderbird Email Spoofing Fix
A security issue was discovered in Thunderbird, which could result in spoofing of filenames of email attachments. For Debian 10 buster, this problem has been fixed in version . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3510-1
Jul 31, 2023
•Critical
Debian LTS
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!