Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 488
Alerts This Week
Warning Icon 1 488

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 10 articles for you...
100

SUSE: Apache2 Important Security Update 2026:0020-1 CVE-2025-55753

An update that solves four vulnerabilities can now be installed.. # Security update for apache2 Announcement ID: SUSE-SU-2026:0020-1 Release Date: 2026-01-05T11:10:13Z Rating: important References: * bsc#1254511 * bsc#1254512 * bsc#1254514 * bsc#1254515 Cross-References: * CVE-2025-55753 * CVE-2025-58098 * CVE-2025-65082 * CVE-2025-66200 CVSS scores: * CVE-2025-55753 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-55753 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-55753 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-58098 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-58098 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-58098 ( NVD ): 8.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L * CVE-2025-65082 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-65082 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2025-65082 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-66200 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-66200 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-66200 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves four vulnerabilities can now be installed. ## Description: This update for apache2 fixes the following issues: * CVE-2025-55753: Fixed mod_md (ACME) unintended retry intervals (bsc#1254511) * CVE-2025-65082: Fixed CGI environment variable override (bsc#1254514) * CVE-2025-58098: Fixed Server Side Includes adding query string to #exec cmd=... (bsc#1254512) * CVE-2025-66200: Fixedmod_userdir+suexec bypass via AllowOverride FileInfo (bsc#1254515) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-20=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-20=1 openSUSE-SLE-15.6-2026-20=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-20=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * apache2-utils-debuginfo-2.4.58-150600.5.41.1 * apache2-debugsource-2.4.58-150600.5.41.1 * apache2-prefork-2.4.58-150600.5.41.1 * apache2-utils-2.4.58-150600.5.41.1 * apache2-prefork-debuginfo-2.4.58-150600.5.41.1 * apache2-prefork-debugsource-2.4.58-150600.5.41.1 * apache2-devel-2.4.58-150600.5.41.1 * apache2-worker-debuginfo-2.4.58-150600.5.41.1 * apache2-utils-debugsource-2.4.58-150600.5.41.1 * apache2-worker-debugsource-2.4.58-150600.5.41.1 * apache2-debuginfo-2.4.58-150600.5.41.1 * apache2-worker-2.4.58-150600.5.41.1 * apache2-2.4.58-150600.5.41.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * apache2-utils-debuginfo-2.4.58-150600.5.41.1 * apache2-event-2.4.58-150600.5.41.1 * apache2-debugsource-2.4.58-150600.5.41.1 * apache2-event-debugsource-2.4.58-150600.5.41.1 * apache2-prefork-2.4.58-150600.5.41.1 * apache2-utils-2.4.58-150600.5.41.1 * apache2-prefork-debuginfo-2.4.58-150600.5.41.1 * apache2-prefork-debugsource-2.4.58-150600.5.41.1 * apache2-devel-2.4.58-150600.5.41.1 * apache2-worker-debuginfo-2.4.58-150600.5.41.1 * apache2-utils-debugsource-2.4.58-150600.5.41.1 * apache2-worker-debugsource-2.4.58-150600.5.41.1 * apache2-event-debuginfo-2.4.58-150600.5.41.1 *apache2-debuginfo-2.4.58-150600.5.41.1 * apache2-worker-2.4.58-150600.5.41.1 * apache2-2.4.58-150600.5.41.1 * openSUSE Leap 15.6 (noarch) * apache2-manual-2.4.58-150600.5.41.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * apache2-utils-debuginfo-2.4.58-150600.5.41.1 * apache2-debugsource-2.4.58-150600.5.41.1 * apache2-prefork-2.4.58-150600.5.41.1 * apache2-utils-2.4.58-150600.5.41.1 * apache2-prefork-debuginfo-2.4.58-150600.5.41.1 * apache2-prefork-debugsource-2.4.58-150600.5.41.1 * apache2-devel-2.4.58-150600.5.41.1 * apache2-worker-debuginfo-2.4.58-150600.5.41.1 * apache2-utils-debugsource-2.4.58-150600.5.41.1 * apache2-worker-debugsource-2.4.58-150600.5.41.1 * apache2-debuginfo-2.4.58-150600.5.41.1 * apache2-worker-2.4.58-150600.5.41.1 * apache2-2.4.58-150600.5.41.1 ## References: * https://www.suse.com/security/cve/CVE-2025-55753.html * https://www.suse.com/security/cve/CVE-2025-58098.html * https://www.suse.com/security/cve/CVE-2025-65082.html * https://www.suse.com/security/cve/CVE-2025-66200.html * https://bugzilla.suse.com/show_bug.cgi?id=1254511 * https://bugzilla.suse.com/show_bug.cgi?id=1254512 * https://bugzilla.suse.com/show_bug.cgi?id=1254514 * https://bugzilla.suse.com/show_bug.cgi?id=1254515 . An important security update for apache2 addresses four vulnerabilities affecting SUSE systems. Immediate action is advised.. SUSE security update, apache2 vulnerabilities, important apache2 patch. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jan 05, 2026 Important SuSE
203

Mageia 9: Minimal Bug Fix Advisory MGAA-2025-0107 Issued

MGAA-2025-0107 - Updated less package fixes bug. MGAA-2025-0107 - Updated less package fixes bug Publication date: 29 Dec 2025 URL: https://advisories.mageia.org/MGAA-2025-0107.html Type: bugfix Affected Mageia releases: 9 Description: The current version does not set the environment variable LESSOPEN which means that you can't view gz, bz2, lzma, zip, rpm, html, etc. files. This update fixes the reported issue. After the update you should close the terminal emulator in use for the fix to take effect. References: - https://bugs.mageia.org/show_bug.cgi?id=34892 SRPMS: - 9/core/less-678-1.2.mga9 . An update to the less package in Mageia fixes a crucial bug affecting file viewing functionality. Install now!. less package update,Mageia fix,bug resolution,Mageia updates. . Severity: Informational. LinuxSecurity.com Team

Calendar%202 Dec 29, 2025 Informational Mageia
203

Mageia 9: 2025-0164 severe: glibc Untrusted LD_LIBRARY_PATH Issue

An untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library versions 2.27 to 2.38 allows attacker-controlled loading of dynamically shared libraries in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo). (CVE-2025-4802) . MGASA-2025-0164 - Updated glibc packages fix security vulnerability Publication date: 24 May 2025 URL: https://advisories.mageia.org/MGASA-2025-0164.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-4802 An untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library versions 2.27 to 2.38 allows attacker-controlled loading of dynamically shared libraries in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo). (CVE-2025-4802) References: - https://bugs.mageia.org/show_bug.cgi?id=34286 - https://www.openwall.com/lists/oss-security/2025/05/16/7 - https://www.openwall.com/lists/oss-security/2025/05/17/2 - https://www.cve.org/CVERecord?id=CVE-2025-4802 SRPMS: - 9/core/glibc-2.36-56.mga9 . A critical LD_LIBRARY_PATH exploit in glibc affects Mageia, allowing malicious library loading by attackers.. glibc Vulnerability, LD_LIBRARY_PATH, Mageia Security Advisory, Dynamic Library Control. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 24, 2025 Important Mageia
172

Ubuntu 14.04 LTS USN-7049-3: Critical PHP Threats Mitigated

Several security issues were fixed in PHP.. ========================================================================== Ubuntu Security Notice USN-7049-3 February 26, 2025 php5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS Summary: Several security issues were fixed in PHP. Software Description: - php5: HTML-embedded scripting language interpreter Details: USN-7049-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 14.04 LTS. Original advisory details: It was discovered that PHP incorrectly handled parsing multipart form data.A remote attacker could possibly use this issue to inject payloads and cause PHP to ignore legitimate data. (CVE-2024-8925) It was discovered that PHP incorrectly handled the cgi.force_redirect configuration option due to environment variable collisions. In certain configurations, an attacker could possibly use this issue bypass force_redirect restrictions. (CVE-2024-8927) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.29+esm16 Available with Ubuntu Pro php5 5.5.9+dfsg-1ubuntu4.29+esm16 Available with Ubuntu Pro php5-cgi 5.5.9+dfsg-1ubuntu4.29+esm16 Available with Ubuntu Pro php5-cli 5.5.9+dfsg-1ubuntu4.29+esm16 Available with Ubuntu Pro php5-fpm 5.5.9+dfsg-1ubuntu4.29+esm16 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7049-3 https://ubuntu.com/security/notices/USN-7049-2 https://ubuntu.com/security/notices/USN-7049-1 CVE-2024-8925, CVE-2024-8927 . Enhancements for PHP security vulnerabilities in Ubuntu 14.04 LTS to mitigate risks of attacks and data breaches. Discover more!. PHP Security Updates, Ubuntu 14.04, Security Patches. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Feb 27, 2025 Critical Ubuntu
217

Oracle Linux 7 ELSA-2024-10882 Critical Fix for PostgreSQL Env Variables

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2024-10882 http://linux.oracle.com/errata/ELSA-2024-10882.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: aarch64: postgresql-9.2.24-9.0.3.el7_9.aarch64.rpm postgresql-contrib-9.2.24-9.0.3.el7_9.aarch64.rpm postgresql-devel-9.2.24-9.0.3.el7_9.aarch64.rpm postgresql-docs-9.2.24-9.0.3.el7_9.aarch64.rpm postgresql-libs-9.2.24-9.0.3.el7_9.aarch64.rpm postgresql-plperl-9.2.24-9.0.3.el7_9.aarch64.rpm postgresql-plpython-9.2.24-9.0.3.el7_9.aarch64.rpm postgresql-pltcl-9.2.24-9.0.3.el7_9.aarch64.rpm postgresql-server-9.2.24-9.0.3.el7_9.aarch64.rpm postgresql-test-9.2.24-9.0.3.el7_9.aarch64.rpm postgresql-static-9.2.24-9.0.3.el7_9.aarch64.rpm postgresql-upgrade-9.2.24-9.0.3.el7_9.aarch64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates//postgresql-9.2.24-9.0.3.el7_9.src.rpm Related CVEs: CVE-2024-10979 Description of changes: [9.2.24-9.0.3] - Fixes CVE-2024-10979 where environment variable mutations [Orabug: 37370704] - are incorrectly allowed from trusted PL/Perl code _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux Security Notification ELSA-2024-10883 delivers PostgreSQL enhancements aimed at addressing a severe vulnerability in handling environment variables.. Oracle Linux Security, PostgreSQL updates, ELSA-2024-10882, critical vulnerabilities, aarch64 security. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jan 06, 2025 Critical Oracle
203

Mageia 8: 2023-0025 Critical: Sudo Privilege Escalation

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because . MGASA-2023-0025 - Updated sudo packages fix security vulnerability Publication date: 24 Jan 2023 URL: https://advisories.mageia.org/MGASA-2023-0025.html Type: security Affected Mageia releases: 8 CVE: CVE-2023-22809 In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value. (CVE-2023-22809) References: - https://bugs.mageia.org/show_bug.cgi?id=31437 - - https://lists.debian.org/debian-security-announce/2023/msg00010.html - https://ubuntu.com/security/notices/USN-5811-1 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/2QDGFCGAV5QRJCE6IXRXIS4XJHS57DDH/ - https://www.cve.org/CVERecord?id=CVE-2023-22809 SRPMS: - 8/core/sudo-1.9.5p2-2.2.mga8 . Recent updates to the sudo packages in Mageia address a vulnerability that could lead to privilege escalation caused by improper handling of environment variables.. Mageia Advisory, Sudo Security Update, Local Privilege Escalation. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jan 24, 2023 Critical Mageia
203

Mageia: 2022-0066 Moderate: NAS Stack-Based Buffer Overflow Advisory

Stack-based buffer overflow in auphone.c that can be triggered by an environment variable. Also, the x11-util-cf-files package has been patched to allow building nas. . MGASA-2022-0066 - Updated nas packages fix security vulnerability Publication date: 18 Feb 2022 URL: https://advisories.mageia.org/MGASA-2022-0066.html Type: security Affected Mageia releases: 8 Stack-based buffer overflow in auphone.c that can be triggered by an environment variable. Also, the x11-util-cf-files package has been patched to allow building nas. References: - https://bugs.mageia.org/show_bug.cgi?id=30020 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/KQX5YL7OVJTMPDFFPFACDNNE2LEUDC3J/ - / - https://bugzilla.redhat.com/show_bug.cgi?id=1943020 SRPMS: - 8/core/nas-1.9.4-11.1.mga8 - 8/core/x11-util-cf-files-1.0.6-5.1.mga8 . Mageia 2022-0077 addresses vulnerabilities in nas packages related to potential security risks involving a buffer underflow. Discover further details regarding the modifications.. Stack-Based Buffer Overflow, Mageia Security Update, NAS Package Patch. . LinuxSecurity.com Team

Calendar%202 Feb 17, 2022 Mageia
203

Mageia 7-8 MGASA-2021-0248 Moderate: Containerd Environment Variable Issue

In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other . MGASA-2021-0248 - Updated docker-containerd packages fix security vulnerability Publication date: 13 Jun 2021 URL: https://advisories.mageia.org/MGASA-2021-0248.html Type: security Affected Mageia releases: 7, 8 CVE: CVE-2021-21334 In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. If the affected containers have different security contexts, this may allow sensitive information to be unintentionally shared. If you are not using containerd's CRI implementation (through one of the mechanisms described above), you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image which have different environment variables, you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image in rapid succession, you have reduced likelihood of being vulnerable to this issue This vulnerability has been fixed in containerd 1.3.10 and containerd 1.4.4. (CVE-2021-21334). References: - https://bugs.mageia.org/show_bug.cgi?id=29003 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/KUE2Z2ZUWBHRU36ZGBD2YSJCYB6ELPXE/ - https://www.cve.org/CVERecord?id=CVE-2021-21334 SRPMS: - 7/core/docker-containerd-1.4.4-1.mga7 - 8/core/docker-containerd-1.4.4-1.mga8 . Reviseddocker-containerd versions address a security vulnerability that permitted improper environment variable sharing among different containers.. docker containerd security,Mageia advisory,container runtime vulnerability. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 13, 2021 Important Mageia
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200