Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 5 articles for you...
172
security advisorydenial of servicecriticalUbuntu 25.10 pyOpenSSL Critical Fix for Denial of Service CVE-2026-27459
Several security issues were fixed in pyOpenSSL.. ========================================================================== Ubuntu Security Notice USN-8115-1 March 23, 2026 pyopenssl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in pyOpenSSL. Software Description: - pyopenssl: Python wrapper around the OpenSSL library Details: It was discovered that pyOpenSSL incorrectly handled exceptions in the tlsext_servername callback. This could result in connections being accepted after an exception, contrary to expectations. (CVE-2026-27448) It was discovered that pyOpenSSL incorrectly handled the DTLS cookie generation callback. If a callback provided cookie values greater than 256 bytes, an attacker could use this issue to cause pyOpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-27459) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 python3-openssl 25.0.0-1ubuntu0.1 Ubuntu 24.04 LTS python3-openssl 23.2.0-1ubuntu0.1 Ubuntu 22.04 LTS python3-openssl 21.0.0-1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8115-1 CVE-2026-27448, CVE-2026-27459 Package Information: https://launchpad.net/ubuntu/+source/pyopenssl/25.0.0-1ubuntu0.1 https://launchpad.net/ubuntu/+source/pyopenssl/23.2.0-1ubuntu0.1 https://launchpad.net/ubuntu/+source/pyopenssl/21.0.0-1ubuntu0.1 . Several issues fixed in pyOpenSSL for different Ubuntu versions to prevent service disruptions. Stay updated now!. Ubuntu security, pyOpenSSL update, critical vulnerabilities, denial of service, softwaresecurity patch. . Severity: Critical. LinuxSecurity.com Team
Mar 23, 2026
•Critical
Ubuntu
89
security advisoryfedorapatchFedora 41: Xen Update 4.19.3 Critical Transitive Attack 2025-d2a821d9d1
update to xen-4.19.3 includes patches for x86: Incorrect stubs exception handling for flags recovery [XSA-470, CVE-2025-27465] x86: Transitive Scheduler Attacks [XSA-471, CVE-2024-36350,. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-d2a821d9d1 2025-08-09 03:07:08.046913+00:00 -------------------------------------------------------------------------------- Name : xen Product : Fedora 41 Version : 4.19.3 Release : 1.fc41 URL : https://xenproject.org/ Summary : Xen is a virtual machine monitor Description : This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor -------------------------------------------------------------------------------- Update Information: update to xen-4.19.3 includes patches for x86: Incorrect stubs exception handling for flags recovery [XSA-470, CVE-2025-27465] x86: Transitive Scheduler Attacks [XSA-471, CVE-2024-36350, -------------------------------------------------------------------------------- ChangeLog: * Tue Aug 5 2025 Michael Young - 4.19.3-1 - update to xen-4.19.3 remove patches now included or superceded upstream includes patches for x86: Incorrect stubs exception handling for flags recovery [XSA-470, CVE-2025-27465] x86: Transitive Scheduler Attacks [XSA-471, CVE-2024-36350, CVE-2024-36357] -------------------------------------------------------------------------------- References: [ 1 ] Bug #2381572 - CVE-2025-27465 xen: Xen: Incorrect Exception Handling [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2381572 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-d2a821d9d1' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Aug 09, 2025
•Critical
Fedora
89
security advisoryfedoralinuxFedora 42: Xen Critical Exceptions and Scheduler Attacks 2025-ddaa63a0f5
update to xen-4.19.3 includes patches for x86: Incorrect stubs exception handling for flags recovery [XSA-470, CVE-2025-27465] x86: Transitive Scheduler Attacks [XSA-471, CVE-2024-36350,. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-ddaa63a0f5 2025-08-08 00:53:07.923997+00:00 -------------------------------------------------------------------------------- Name : xen Product : Fedora 42 Version : 4.19.3 Release : 2.fc42 URL : https://xenproject.org/ Summary : Xen is a virtual machine monitor Description : This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor -------------------------------------------------------------------------------- Update Information: update to xen-4.19.3 includes patches for x86: Incorrect stubs exception handling for flags recovery [XSA-470, CVE-2025-27465] x86: Transitive Scheduler Attacks [XSA-471, CVE-2024-36350, CVE-2024-36357] -------------------------------------------------------------------------------- ChangeLog: * Tue Aug 5 2025 Michael Young - 4.19.3-2 - update to xen-4.19.3 remove patches now included or superceded upstream includes patches for x86: Incorrect stubs exception handling for flags recovery [XSA-470, CVE-2025-27465] x86: Transitive Scheduler Attacks [XSA-471, CVE-2024-36350, CVE-2024-36357] -------------------------------------------------------------------------------- References: [ 1 ] Bug #2381572 - CVE-2025-27465 xen: Xen: Incorrect Exception Handling [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2381572 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-ddaa63a0f5' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Aug 08, 2025
•Critical
Fedora
100
security advisorySuSEimportantSUSE: xen Important AMD Execution Attacks Fix 2025:02319-1
* bsc#1238896 * bsc#1244644 * bsc#1246112 Cross-References: . # Security update for xen Announcement ID: SUSE-SU-2025:02319-1 Release Date: 2025-07-15T14:20:10Z Rating: important References: * bsc#1238896 * bsc#1244644 * bsc#1246112 Cross-References: * CVE-2024-36350 * CVE-2024-36357 * CVE-2025-27465 CVSS scores: * CVE-2024-36350 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2024-36357 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2025-27465 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-27465 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves three vulnerabilities can now be installed. ## Description: This update for xen fixes the following issues: * CVE-2024-36350, CVE-2024-36357: More AMD transient execution attacks (bsc#1246112, XSA-471) * CVE-2025-27465: Incorrect stubs exception handling for flags recovery (bsc#1244644, XSA-470) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-2319=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-2319=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-2319=1 * SUSE LinuxEnterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-2319=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-2319=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2025-2319=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-2319=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-2319=1 ## Package List: * openSUSE Leap 15.3 (aarch64 x86_64 i586) * xen-tools-domU-debuginfo-4.14.6_26-150300.3.91.1 * xen-debugsource-4.14.6_26-150300.3.91.1 * xen-devel-4.14.6_26-150300.3.91.1 * xen-libs-4.14.6_26-150300.3.91.1 * xen-libs-debuginfo-4.14.6_26-150300.3.91.1 * xen-tools-domU-4.14.6_26-150300.3.91.1 * openSUSE Leap 15.3 (x86_64) * xen-libs-32bit-debuginfo-4.14.6_26-150300.3.91.1 * xen-libs-32bit-4.14.6_26-150300.3.91.1 * openSUSE Leap 15.3 (aarch64 x86_64) * xen-doc-html-4.14.6_26-150300.3.91.1 * xen-tools-debuginfo-4.14.6_26-150300.3.91.1 * xen-tools-4.14.6_26-150300.3.91.1 * xen-4.14.6_26-150300.3.91.1 * openSUSE Leap 15.3 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_26-150300.3.91.1 * openSUSE Leap 15.3 (aarch64_ilp32) * xen-libs-64bit-4.14.6_26-150300.3.91.1 * xen-libs-64bit-debuginfo-4.14.6_26-150300.3.91.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * xen-tools-domU-debuginfo-4.14.6_26-150300.3.91.1 * xen-debugsource-4.14.6_26-150300.3.91.1 * xen-tools-4.14.6_26-150300.3.91.1 * xen-tools-domU-4.14.6_26-150300.3.91.1 * xen-devel-4.14.6_26-150300.3.91.1 * xen-libs-4.14.6_26-150300.3.91.1 * xen-tools-debuginfo-4.14.6_26-150300.3.91.1 * xen-libs-debuginfo-4.14.6_26-150300.3.91.1 * xen-4.14.6_26-150300.3.91.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_26-150300.3.91.1 * SUSE Linux EnterpriseServer 15 SP3 LTSS (x86_64) * xen-tools-domU-debuginfo-4.14.6_26-150300.3.91.1 * xen-debugsource-4.14.6_26-150300.3.91.1 * xen-tools-4.14.6_26-150300.3.91.1 * xen-tools-domU-4.14.6_26-150300.3.91.1 * xen-devel-4.14.6_26-150300.3.91.1 * xen-libs-4.14.6_26-150300.3.91.1 * xen-tools-debuginfo-4.14.6_26-150300.3.91.1 * xen-libs-debuginfo-4.14.6_26-150300.3.91.1 * xen-4.14.6_26-150300.3.91.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (noarch) * xen-tools-xendomains-wait-disk-4.14.6_26-150300.3.91.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * xen-tools-domU-debuginfo-4.14.6_26-150300.3.91.1 * xen-debugsource-4.14.6_26-150300.3.91.1 * xen-tools-4.14.6_26-150300.3.91.1 * xen-tools-domU-4.14.6_26-150300.3.91.1 * xen-devel-4.14.6_26-150300.3.91.1 * xen-libs-4.14.6_26-150300.3.91.1 * xen-tools-debuginfo-4.14.6_26-150300.3.91.1 * xen-libs-debuginfo-4.14.6_26-150300.3.91.1 * xen-4.14.6_26-150300.3.91.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_26-150300.3.91.1 * SUSE Enterprise Storage 7.1 (x86_64) * xen-tools-domU-debuginfo-4.14.6_26-150300.3.91.1 * xen-debugsource-4.14.6_26-150300.3.91.1 * xen-tools-4.14.6_26-150300.3.91.1 * xen-tools-domU-4.14.6_26-150300.3.91.1 * xen-devel-4.14.6_26-150300.3.91.1 * xen-libs-4.14.6_26-150300.3.91.1 * xen-tools-debuginfo-4.14.6_26-150300.3.91.1 * xen-libs-debuginfo-4.14.6_26-150300.3.91.1 * xen-4.14.6_26-150300.3.91.1 * SUSE Enterprise Storage 7.1 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_26-150300.3.91.1 * SUSE Linux Enterprise Micro 5.1 (x86_64) * xen-libs-4.14.6_26-150300.3.91.1 * xen-debugsource-4.14.6_26-150300.3.91.1 * xen-libs-debuginfo-4.14.6_26-150300.3.91.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * xen-libs-4.14.6_26-150300.3.91.1 * xen-debugsource-4.14.6_26-150300.3.91.1 * xen-libs-debuginfo-4.14.6_26-150300.3.91.1 * SUSELinux Enterprise Micro for Rancher 5.2 (x86_64) * xen-libs-4.14.6_26-150300.3.91.1 * xen-debugsource-4.14.6_26-150300.3.91.1 * xen-libs-debuginfo-4.14.6_26-150300.3.91.1 ## References: * https://www.suse.com/security/cve/CVE-2024-36350.html * https://www.suse.com/security/cve/CVE-2024-36357.html * https://www.suse.com/security/cve/CVE-2025-27465.html * https://bugzilla.suse.com/show_bug.cgi?id=1238896 * https://bugzilla.suse.com/show_bug.cgi?id=1244644 * https://bugzilla.suse.com/show_bug.cgi?id=1246112 . A critical patch release for SUSE has been issued to address significant security flaws in the xen software package. Suggested updates are available.. SUSE Linux, Xen Application, Security Patching, System Vulnerability Management. . Severity: Important. LinuxSecurity.com Team
Jul 15, 2025
•Important
SuSE
89
security advisorysoftware updateFedoraFedora 36: 2022-8ad3246cc0 Moderate Keylime Exception Handling Fix
Security fix for CVE-2022-3500 Proper exception handling in tornado_requests. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-8ad3246cc0 2022-12-19 01:17:16.560460 --------------------------------------------------------------------------------Name : keylime Product : Fedora 36 Version : 6.4.3 Release : 2.fc36 URL : https://github.com/keylime/keylime Summary : Open source TPM software for Bootstrapping and Maintaining Trust Description : Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2022-3500 Proper exception handling in tornado_requests --------------------------------------------------------------------------------ChangeLog: * Thu Dec 8 2022 Sergio Correia - 6.4.3-2 - Proper exception handling in tornado_requests Fixes: CVE-2022-3500 --------------------------------------------------------------------------------References: [ 1 ] Bug #2135343 - CVE-2022-3500 keylime: exception handling and impedance match in tornado_requests https://bugzilla.redhat.com/show_bug.cgi?id=2135343 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-8ad3246cc0' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Dec 19, 2022
•Important
Fedora
89
security advisoryFedoraimportant updateFedora 37: FEDORA-2022-7a312cde45 Important: Keylime Exception Handling Fix
Security fix for CVE-2022-3500 Proper exception handling in tornado_requests. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-7a312cde45 2022-12-19 01:14:07.970132 --------------------------------------------------------------------------------Name : keylime Product : Fedora 37 Version : 6.4.3 Release : 5.fc37 URL : https://github.com/keylime/keylime Summary : Open source TPM software for Bootstrapping and Maintaining Trust Description : Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2022-3500 Proper exception handling in tornado_requests --------------------------------------------------------------------------------ChangeLog: * Fri Dec 9 2022 Sergio Correia 6.4.3-5 - Proper exception handling in tornado_requests * Fri Dec 9 2022 Sergio Correia 6.4.3-4 - Do not remove tag-repository.repo * Thu Dec 1 2022 Karel Srot 6.4.3-3 - Add dynamic_ref reference to e2e_tests.fmf * Wed Sep 14 2022 Sergio Correia 6.4.3-2 - Update tests branch to fedora-main --------------------------------------------------------------------------------References: [ 1 ] Bug #2135343 - CVE-2022-3500 keylime: exception handling and impedance match in tornado_requests https://bugzilla.redhat.com/show_bug.cgi?id=2135343 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-7a312cde45' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Dec 19, 2022
•Important
Fedora
89
security advisoryFedorasoftware fixFedora 35 Keylime Update: Fix For CVE-2022-3500 Exception Handling
Security fix for CVE-2022-3500 Proper exception handling in tornado_requests. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-5a6ed3607d 2022-12-11 01:46:58.698282 --------------------------------------------------------------------------------Name : keylime Product : Fedora 35 Version : 6.4.3 Release : 2.fc35 URL : https://github.com/keylime/keylime Summary : Open source TPM software for Bootstrapping and Maintaining Trust Description : Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2022-3500 Proper exception handling in tornado_requests --------------------------------------------------------------------------------ChangeLog: * Thu Dec 8 2022 Sergio Correia - 6.4.3-2 - Proper exception handling in tornado_requests Fixes: CVE-2022-3500 --------------------------------------------------------------------------------References: [ 1 ] Bug #2135343 - CVE-2022-3500 keylime: exception handling and impedance match in tornado_requests https://bugzilla.redhat.com/show_bug.cgi?id=2135343 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-5a6ed3607d' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Dec 11, 2022
•Critical
Fedora
203
security advisorycritical issueexception handlingMageia 8: MGASA-2021-0487 Critical: Ansible Exception Handling Issue
Do not include params in exception when a call to set_options fails. Additionally, block the exception that is returned from being displayed to stdout. (CVE-2021-3620) References: . MGASA-2021-0487 - Updated ansible packages fix security vulnerability Publication date: 23 Oct 2021 URL: https://advisories.mageia.org/MGASA-2021-0487.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-3620 Do not include params in exception when a call to set_options fails. Additionally, block the exception that is returned from being displayed to stdout. (CVE-2021-3620) References: - https://bugs.mageia.org/show_bug.cgi?id=29558 - https://access.redhat.com/errata/RHSA-2021:3872 - https://www.cve.org/CVERecord?id=CVE-2021-3620 SRPMS: - 8/core/ansible-2.9.27-1.mga8 . A recent Ansible patch tackles crucial vulnerabilities within Mageia 8, effectively mitigating exceptions and resolving stdout rendering problems.. Ansible Security Update,Mageia 8,Patch Management,Software Fix. . Severity: Critical. LinuxSecurity.com Team
Oct 23, 2021
•Critical
Mageia
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!