Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 13 articles for you...
172
security advisorycriticalUbuntuUbuntu 20.04 LTS USN-8087-3 python-cryptography Severe Data Leak Risk
python-cryptography could be made to expose sensitive information over the network.. ========================================================================== Ubuntu Security Notice USN-8087-3 April 28, 2026 python-cryptography vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: python-cryptography could be made to expose sensitive information over the network. Software Description: - python-cryptography: Cryptography Python library Details: USN-8087-1 fixed a vulnerability in python-cryptography. This update provides the corresponding update to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that python-cryptography incorrectly handled subgroup validation for SECT curves. A remote attacker could use this issue to perform a subgroup attack and possibly recover the least significant bits of private keys. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS python-cryptography 2.8-3ubuntu0.3+esm2 Available with Ubuntu Pro python3-cryptography 2.8-3ubuntu0.3+esm2 Available with Ubuntu Pro Ubuntu 18.04 LTS python-cryptography 2.1.4-1ubuntu1.4+esm3 Available with Ubuntu Pro python3-cryptography 2.1.4-1ubuntu1.4+esm3 Available with Ubuntu Pro Ubuntu 16.04 LTS python-cryptography 1.2.3-1ubuntu0.3+esm3 Available with Ubuntu Pro python3-cryptography 1.2.3-1ubuntu0.3+esm3 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8087-3 https://ubuntu.com/security/notices/USN-8087-2 https://ubuntu.com/security/notices/USN-8087-1 CVE-2026-26007 . Exploit risk in python-cryptography may expose sensitive data over the network, affecting multiple Ubuntu versions.. Python Cryptography Update, Ubuntu Security Notice, Critical Network Exposure. . Severity: Critical. LinuxSecurity.com Team
Apr 29, 2026
•Critical
Ubuntu
172
security advisoryUbuntuimportantUbuntu 24.04: Linux-hwe-6.14 Important Info Exposure CVE-2025-40300
The system could be made to expose sensitive information.. ========================================================================== Ubuntu Security Notice USN-7860-5 November 10, 2025 linux-hwe-6.14 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS Summary: The system could be made to expose sensitive information. Software Description: - linux-hwe-6.14: Linux hardware enablement (HWE) kernel Details: Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this to expose sensitive information from the host OS. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS linux-image-6.14.0-35-generic 6.14.0-35.35~24.04.1 linux-image-6.14.0-35-generic-64k 6.14.0-35.35~24.04.1 linux-image-generic-6.14 6.14.0-35.35~24.04.1 linux-image-generic-64k-6.14 6.14.0-35.35~24.04.1 linux-image-generic-64k-hwe-24.04 6.14.0-35.35~24.04.1 linux-image-generic-hwe-24.04 6.14.0-35.35~24.04.1 linux-image-virtual-6.14 6.14.0-35.35~24.04.1 linux-image-virtual-hwe-24.04 6.14.0-35.35~24.04.1 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this aswell. References: https://ubuntu.com/security/notices/USN-7860-5 https://ubuntu.com/security/notices/USN-7860-4 https://ubuntu.com/security/notices/USN-7860-3 https://ubuntu.com/security/notices/USN-7860-2 https://ubuntu.com/security/notices/USN-7860-1 CVE-2025-40300 Package Information: . Upgrade your Ubuntu 24.04 LTS to address a critical information exposure vulnerability in the Linux kernel for enhanced security and performance. Linux Kernel, Ubuntu 24.04, Security Advisory, Information Exposure, Updates. . Severity: Important. LinuxSecurity.com Team
Nov 10, 2025
•Important
Ubuntu
203
security advisoryimportantarbitrary codeMageia 9: PostgreSQL Important Exec Code Threat MGASA-2025-0230
MGASA-2025-0230 - Updated postgresql15 & postgresql13 packages fix security vulnerabilities. MGASA-2025-0230 - Updated postgresql15 & postgresql13 packages fix security vulnerabilities Publication date: 08 Sep 2025 URL: https://advisories.mageia.org/MGASA-2025-0230.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-8713, CVE-2025-8714, CVE-2025-8715 Description: PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table. (CVE-2025-8713) PostgreSQL pg_dump lets superuser of origin server execute arbitrary code in psql client. (CVE-2025-8714) PostgreSQL pg_dump newline in object name executes arbitrary code in psql client and in restore target server. (CVE-2025-8715) References: - https://bugs.mageia.org/show_bug.cgi?id=34608 - https://www.postgresql.org/about/news/postgresql-176-1610-1514-1419-1322-and-18-beta-3-released-3118/ - https://www.cve.org/CVERecord?id=CVE-2025-8713 - https://www.cve.org/CVERecord?id=CVE-2025-8714 - https://www.cve.org/CVERecord?id=CVE-2025-8715 SRPMS: - 9/core/postgresql15-15.14-1.mga9 - 9/core/postgresql13-13.22-1.mga9 . Recent adjustments to PostgreSQL packages for Mageia address critical security vulnerabilities that impact both the integrity and performance of database systems.. PostgreSQL Vulnerabilities, Mageia Security Update, Database Security Patches, PostgreSQL Security Advisory. . Severity: Important. LinuxSecurity.com Team
Sep 08, 2025
•Important
Mageia
172
security advisorycode executionexposureUbuntu 25.04: USN-7525-2 Critical: Tomcat Sensitive File Exposure
Tomcat could expose sensitive files or run programs if it received specially crafted network traffic.. ========================================================================== Ubuntu Security Notice USN-7525-2 May 26, 2025 Tomcat vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.10 - Ubuntu 24.04 LTS Summary: Tomcat could expose sensitive files or run programs if it received specially crafted network traffic. Software Description: - tomcat9: Apache Tomcat 9 - Servlet and JSP engine Details: USN-7525-1 fixed CVE-2025-24813 for tomcat9 in Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS. This update fixes it for tomcat9 in Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.10. These versions include only the tomcat library (libtomcat9-java) and not the full tomcat server stack. Original advisory details: It was discovered that Apache Tomcat incorrectly implemented partial PUT functionality by replacing path separators with dots in temporary files. A remote attacker could possibly use this issue to access sensitive files, inject malicious content, or execute remote code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 libtomcat9-java 9.0.70-2ubuntu1.25.04.1 Ubuntu 24.10 libtomcat9-java 9.0.70-2ubuntu1.24.10.1 Ubuntu 24.04 LTS libtomcat9-java 9.0.70-2ubuntu0.1+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7525-2 https://ubuntu.com/security/notices/USN-7525-2 CVE-2025-24813 Package Information: https://launchpad.net/ubuntu/+source/tomcat9/9.0.70-2ubuntu1.25.04.1 https://launchpad.net/ubuntu/+source/tomcat9/9.0.70-2ubuntu1.24.10.1 . A recent Tomcat vulnerability report forUbuntu highlights the risks of unauthorized access to sensitive files and the potential for remote code execution threats. Tomcat Vulnerability, Ubuntu Security Notice, Sensitive File Exposure, Network Security. . Severity: Critical. LinuxSecurity.com Team
May 27, 2025
•Critical
Ubuntu
89
security advisorysecurity updatefedoraFedora 41: FEDORA-2025-e97e5c6ce3 moderate: node.js worker thread exposure
update for nodejs22-22.14.0-2 Update to version 22.13.1.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-e97e5c6ce3 2025-03-01 01:22:54.667691+00:00 -------------------------------------------------------------------------------- Name : nodejs22 Product : Fedora 41 Version : 22.14.0 Release : 2.fc41 URL : https://nodejs.org/en/ Summary : JavaScript runtime Description : Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed devices.} -------------------------------------------------------------------------------- Update Information: update for nodejs22-22.14.0-2 Update to version 22.13.1. -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 19 2025 Jan StanÄk - 1:22.14.0-2 - Change the default stream condition to allow for range of Fedoras - Rename the OPENSSL_NO_ENGINE guard patch to achieve the proper ordering * Tue Feb 18 2025 tjuhasz - 1:22.14.0-1 - update to version 22.14.0 (bz#2344862) * Thu Jan 23 2025 Jan StanÄk - 1:22.13.1-1 - Update to version 22.13.1 (rhbz#2330256) * Wed Jan 22 2025 Tomas Juhasz - 1:22.13.0-1 - Updated to version 22.13.0 * Fri Jan 17 2025 Fedora Release Engineering - 1:22.11.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2330256 - nodejs22-22.13.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2330256 [ 2 ] Bug #2341716 - CVE-2025-23083 nodejs22: Node.js Worker Thread Exposure via Diagnostics Channel [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2341716 [ 3 ] Bug #2344862 - nodejs22-22.14.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2344862 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-e97e5c6ce3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- . Upgrade nodejs22 to release 22.13.1 to address serious security flaws in Fedora 41, ensuring improved safety and performance.. Fedora Security Update, Nodejs22 Advisory, JavaScript Runtime Update. . LinuxSecurity.com Team
Mar 01, 2025
Fedora
89
security advisoryupdatecriticalFedora 38 Samba Update: 2023-7eb8cbf1a5 Critical DoS Threat Fixes
Update to version 4.18.8 - Security fixes for CVE-2023-3961, CVE-2023-4091, CVE-2023-4154, CVE-2023-42669 and CVE-2023-42670. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-7eb8cbf1a5 2023-10-13 01:51:39.405980 -------------------------------------------------------------------------------- Name : samba Product : Fedora 38 Version : 4.18.8 Release : 1.fc38 URL : Summary : Server and Client software to interoperate with Windows machines Description : Samba is the standard Windows interoperability suite of programs for Linux and Unix. -------------------------------------------------------------------------------- Update Information: Update to version 4.18.8 - Security fixes for CVE-2023-3961, CVE-2023-4091, CVE-2023-4154, CVE-2023-42669 and CVE-2023-42670 -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 10 2023 Guenther Deschner - 4.18.8-1 - Update to 4.18.8 - resolves: #2241881, #2243228: Security fix for CVE-2023-3961 - resolves: #2241882, #2243231: Security fix for CVE-2023-4091 - resolves: #2241883, #2243230: Security fix for CVE-2023-4154 - resolves: #2241884, #2243229: Security fix for CVE-2023-42669 - resolves: #2241885, #2243232: Security fix for CVE-2023-42670 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2241881 - CVE-2023-3961 samba: smbd allows client access to unix domain sockets on the file system as root https://bugzilla.redhat.com/show_bug.cgi?id=2241881 [ 2 ] Bug #2241882 - CVE-2023-4091 samba: SMB clients can truncate files with read-only permissions https://bugzilla.redhat.com/show_bug.cgi?id=2241882 [ 3 ] Bug #2241883 - CVE-2023-4154 samba: AD DC password exposure to privileged users and RODCs https://bugzilla.redhat.com/show_bug.cgi?id=2241883 [ 4 ] Bug #2241884 - CVE-2023-42669 samba: "rpcecho"development server allows denial of service via sleep() call on AD DC https://bugzilla.redhat.com/show_bug.cgi?id=2241884 [ 5 ] Bug #2241885 - CVE-2023-42670 samba: AD DC Busy RPC multiple listener DoS https://bugzilla.redhat.com/show_bug.cgi?id=2241885 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-7eb8cbf1a5' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Oct 13, 2023
•Critical
Fedora
172
security advisoryphphighUbuntu 23.04: USN-6200-1 Critical: Python Remote Code Execution
PHP could be made to expose sensitive information.. =========================================================================Ubuntu Security Notice USN-6199-1 July 03, 2023 php7.4, php8.1 vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: PHP could be made to expose sensitive information. Software Description: - php8.1: HTML-embedded scripting language interpreter - php7.4: HTML-embedded scripting language interpreter Details: It was discovered that PHP incorrectly handled certain Digest authentication for SOAP. An attacker could possibly use this issue to expose sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: libapache2-mod-php7.4 8.1.12-1ubuntu4.2 libapache2-mod-php8.0 8.1.12-1ubuntu4.2 libapache2-mod-php8.1 8.1.12-1ubuntu4.2 php8.1 8.1.12-1ubuntu4.2 php8.1-cgi 8.1.12-1ubuntu4.2 php8.1-cli 8.1.12-1ubuntu4.2 php8.1-soap 8.1.12-1ubuntu4.2 Ubuntu 22.10: libapache2-mod-php7.4 8.1.7-1ubuntu3.5 libapache2-mod-php8.0 8.1.7-1ubuntu3.5 libapache2-mod-php8.1 8.1.7-1ubuntu3.5 php8.1 8.1.7-1ubuntu3.5 php8.1-cgi 8.1.7-1ubuntu3.5 php8.1-cli 8.1.7-1ubuntu3.5 php8.1-soap 8.1.7-1ubuntu3.5 Ubuntu 22.04 LTS: libapache2-mod-php7.4 8.1.2-1ubuntu2.13 libapache2-mod-php8.0 8.1.2-1ubuntu2.13 libapache2-mod-php8.1 8.1.2-1ubuntu2.13 php8.1 8.1.2-1ubuntu2.13 php8.1-cgi 8.1.2-1ubuntu2.13 php8.1-cli 8.1.2-1ubuntu2.13 php8.1-soap 8.1.2-1ubuntu2.13 php8.1-sqlite3 8.1.2-1ubuntu2.13 Ubuntu 20.04 LTS: libapache2-mod-php7.4 7.4.3-4ubuntu2.19 php7.4 7.4.3-4ubuntu2.19 php7.4-cgi 7.4.3-4ubuntu2.19 php7.4-cli 7.4.3-4ubuntu2.19 php7.4-soap 7.4.3-4ubuntu2.19 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6199-1 CVE-2023-3247 Package Information: https://launchpad.net/ubuntu/+source/php8.1/8.1.12-1ubuntu4.2 https://launchpad.net/ubuntu/+source/php8.1/8.1.7-1ubuntu3.5 https://launchpad.net/ubuntu/+source/php8.1/8.1.2-1ubuntu2.13 https://launchpad.net/ubuntu/+source/php7.4/7.4.3-4ubuntu2.19 . Keep updated on the essential security alert regarding PHP vulnerabilities in Ubuntu versions 7.4 and 8.1, which may reveal confidential information.. PHP Exposure, Ubuntu Security Notice, Authentication Issue, Update PHP Packages, Sensitive Info Leak. . Severity: Critical. LinuxSecurity.com Team
Jul 03, 2023
•Critical
Ubuntu
172
security advisoryexposureubuntuUbuntu 22.04 LTS USN-5549-1 Moderate: Django Input Handling Threat
Django could be made to expose sensitive information if it received an specially crafted input.. =========================================================================Ubuntu Security Notice USN-5549-1 August 04, 2022 python-django vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Django could be made to expose sensitive information if it received an specially crafted input. Software Description: - python-django: High-level Python web development framework Details: It was discovered that Django incorrectly handled certain FileResponse. An attacker could possibly use this issue to expose sensitive information or gain access over user machine. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: python3-django 2:3.2.12-2ubuntu1.2 Ubuntu 20.04 LTS: python3-django 2:2.2.12-1ubuntu0.13 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5549-1 CVE-2022-36359 Package Information: https://launchpad.net/ubuntu/+source/python-django/2:3.2.12-2ubuntu1.2 https://launchpad.net/ubuntu/+source/python-django/2:2.2.12-1ubuntu0.13 . Django's inadequate management may result in the exposure of confidential information on Ubuntu platforms. Update guidelines are provided.. Python Django Exploit, Secure Web Apps, Ubuntu Security Fix. . LinuxSecurity.com Team
Aug 04, 2022
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!