Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 14 articles for you...
100

SUSE Major Tomcat Security Release Announcement 2026-2675-1 Update

An update that solves seven vulnerabilities can now be installed.. # Security update for tomcat Announcement ID: SUSE-SU-2026:2675-1 Release Date: 2026-06-29T09:45:32Z Rating: important References: * bsc#1265145 * bsc#1265162 * bsc#1265163 * bsc#1265165 * bsc#1265166 * bsc#1265167 * bsc#1265168 Cross-References: * CVE-2026-41284 * CVE-2026-41293 * CVE-2026-42498 * CVE-2026-43512 * CVE-2026-43513 * CVE-2026-43514 * CVE-2026-43515 CVSS scores: * CVE-2026-41284 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-41284 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-41284 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-41293 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-41293 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-41293 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-42498 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-42498 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-42498 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-43512 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-43512 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-43512 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43513 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-43513 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-43513 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-43514 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-43514 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-43514 ( NVD ): 3.7CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-43515 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-43515 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-43515 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * Web and Scripting Module 15-SP7 An update that solves seven vulnerabilities can now be installed. ## Description: This update for tomcat fixes the following issues Update to Tomcat 9.0.118: * CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling (bsc#1265162). * CVE-2026-41293: HTTP/2 request headers not validated (bsc#1265163). * CVE-2026-42498: WebSocket authentication header exposure (bsc#1265165). * CVE-2026-43512: digest authenticator will authenticate any unknown user (bsc#1265145). * CVE-2026-43513: LockOutRealm treats user names as case-sensitive (bsc#1265166). * CVE-2026-43514: AJP secret compared in non-constant time (bsc#1265167). * CVE-2026-43515: Security constraints not correctly applied (bsc#1265168). Changes: *Catalina * Add: Enhance version.sh and version.bat to display APR, Tomcat Native, and OpenSSL version information (both APR and FFM implementations), along with version compatibility warnings and third-party library version information. (csutherl) * Code: Refactor generation of the remote user element in the access log to remove unnecessary code. (markt) * Fix: Fix a regression in the previous release that meant ?- could appear in the access log rather than ? when the query string was present but empty. (markt) * Fix: Failed precondition should make WebDAV DELETE fail. #982 submitted by Mahmoud Alarby. (remm) * Fix: Align the escaping in ExtendedAccessLogValve with the other AccessLogValve implementations. (markt) * Fix: 70000: fix duplication of special headers in the response after commit, following fix for 69967. (remm) * Fix: Correct the handling of URIs mapped to a security constraint that only specifies the special ** role for all authenticated users. Requests without authentication were receiving 403 responses rather than 401 responses. (markt) * Fix: Fix a race condition in StandardContext.getServletContext() that could cause the jakarta.servlet.context.tempdir attribute to be lost during a context reload. Make the context field volatile and use locking to ensure only one ApplicationContext instance is created. (dsoumis) * Fix: Update the Windows authentication (kerberos) documentation to reflect that both Java and Windows are removing / have removed support for RC4-HMAC. The guide now uses AES256-SHA1. (markt) * Fix: Add a new initialisation parameter for WebDAV, maxRequestBodySize which limits the size of a WebDAV request body for LOCK and PROPFIND. The default value is 4096 bytes. (markt) * Add: Add a new caseSensitive attribute to the LockOutRealm that controls the manner in which user names are treated when making locking decisions. The default is false, meaning user names are treated in a caseinsensitive manner. (markt) * Fix: Correct the handling of invalid users with DIGEST authentication. (markt) * Fix: Ensure RealmBase finds all matching extension based security constraints. (markt) * Coyote * Fix: Avoid various edge cases if Content-Length is set via setHeader(String,String) or addHeader(String,String) with an invalid value by always clearing the previous value whether the new value is valid or not and ignoring any invalid new value. (markt) * Code: Refactor the calculation of the real index in the HPACK dynamic header table implementation to reduce code duplication. (markt) * Fix: Fix various minor issues with some HTTP/2 stream error messages for HTTP/2. (markt) * Fix: Consistently reject URIs containing NULL bytes when normalizing. * Fix: Fix a few minor memory leaks on error paths reading TLS keys and certificates when using FFM. (markt) * Fix: Refactor clean-up after HTTP/2 headers have been processed to aid GC after a stream reset. (markt) * Fix: Align HTTP/2 trailer fields with HTTP/1.1 and filter out any fields not permitted in trailers. (markt) * Fix: Free private keys after use in FFM based connector configuration. * Fix: Correct an unlikely edge-case parsing bug in the HTTP/2 HPACK header decoding that could result in a valid header triggering an unexpected connection close. (markt) * Fix: Refactor HTTP/2 HPACK encoding so header field names are only converted to lower case once during the encoding process. (markt) * Fix: Refactor HTTP/2 header field validation so it occurs earlier. Extend validation to check for disallowed characters as well as upper case characters. (markt) * Fix: Add TLS 1.3 groups added in OpenSSL 4.0. (remm) * Fix: Add validation that the HTTP/2 :scheme pseudo-header is consistent with the use (or not) of TLS. (markt) * Fix: Correct the validation of pseudo headers and CONNECT requests to align Tomcat's behaviour with RFC 9113, section 8.5. (markt) * Fix:Fix a potential integer overflow when allocating capacity from a connection level window update to individual HTTP/2 streams. Based on #996 by Mike Tingey Jr. (markt) * Fix: Switch AJP secret comparison to a constant time algorithm. (markt) * WebSocket * Fix: Fix the initial connection to a WebSocket end point where the connection is made via a proxy that requires DIGEST authentication. * Other * Fix: 69993: Update the URL to the CDDL 1.0 license. (markt) * Add: Add warning when OpenSSL binary is not found. (csutherl) * Add: Add check for Tomcat Native library, and log warning when it's not found to make it easier to see when it's not used by the suite. (csutherl) * Update: Update Byte Buddy to 1.18.8. (markt) * Update: Update Bouncy Castle to 1.84. (markt) * Update: Improvements to French translations. (remm) * Update: Improvements to Japanese translations provided by tak7iji. (markt) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2675=1 * Web and Scripting Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP7-2026-2675=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2675=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2675=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2675=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2675=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2675=1 * SUSE Linux Enterprise Server for SAPApplications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2675=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2675=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2675=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2675=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * tomcat-lib-9.0.118-150200.108.1 * tomcat-9.0.118-150200.108.1 * tomcat-webapps-9.0.118-150200.108.1 * tomcat-admin-webapps-9.0.118-150200.108.1 * tomcat-jsp-2_3-api-9.0.118-150200.108.1 * tomcat-servlet-4_0-api-9.0.118-150200.108.1 * tomcat-el-3_0-api-9.0.118-150200.108.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * tomcat-lib-9.0.118-150200.108.1 * tomcat-9.0.118-150200.108.1 * tomcat-webapps-9.0.118-150200.108.1 * tomcat-admin-webapps-9.0.118-150200.108.1 * tomcat-jsp-2_3-api-9.0.118-150200.108.1 * tomcat-servlet-4_0-api-9.0.118-150200.108.1 * tomcat-el-3_0-api-9.0.118-150200.108.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * tomcat-lib-9.0.118-150200.108.1 * tomcat-9.0.118-150200.108.1 * tomcat-webapps-9.0.118-150200.108.1 * tomcat-admin-webapps-9.0.118-150200.108.1 * tomcat-jsp-2_3-api-9.0.118-150200.108.1 * tomcat-servlet-4_0-api-9.0.118-150200.108.1 * tomcat-el-3_0-api-9.0.118-150200.108.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * tomcat-lib-9.0.118-150200.108.1 * tomcat-9.0.118-150200.108.1 * tomcat-webapps-9.0.118-150200.108.1 * tomcat-admin-webapps-9.0.118-150200.108.1 * tomcat-jsp-2_3-api-9.0.118-150200.108.1 * tomcat-servlet-4_0-api-9.0.118-150200.108.1 * tomcat-el-3_0-api-9.0.118-150200.108.1 * SUSE Linux EnterpriseHigh Performance Computing ESPOS 15 SP5 (noarch) * tomcat-lib-9.0.118-150200.108.1 * tomcat-9.0.118-150200.108.1 * tomcat-webapps-9.0.118-150200.108.1 * tomcat-admin-webapps-9.0.118-150200.108.1 * tomcat-jsp-2_3-api-9.0.118-150200.108.1 * tomcat-servlet-4_0-api-9.0.118-150200.108.1 * tomcat-el-3_0-api-9.0.118-150200.108.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * tomcat-lib-9.0.118-150200.108.1 * tomcat-9.0.118-150200.108.1 * tomcat-webapps-9.0.118-150200.108.1 * tomcat-admin-webapps-9.0.118-150200.108.1 * tomcat-jsp-2_3-api-9.0.118-150200.108.1 * tomcat-servlet-4_0-api-9.0.118-150200.108.1 * tomcat-el-3_0-api-9.0.118-150200.108.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * tomcat-lib-9.0.118-150200.108.1 * tomcat-9.0.118-150200.108.1 * tomcat-webapps-9.0.118-150200.108.1 * tomcat-admin-webapps-9.0.118-150200.108.1 * tomcat-jsp-2_3-api-9.0.118-150200.108.1 * tomcat-servlet-4_0-api-9.0.118-150200.108.1 * tomcat-el-3_0-api-9.0.118-150200.108.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * tomcat-lib-9.0.118-150200.108.1 * tomcat-9.0.118-150200.108.1 * tomcat-webapps-9.0.118-150200.108.1 * tomcat-admin-webapps-9.0.118-150200.108.1 * tomcat-jsp-2_3-api-9.0.118-150200.108.1 * tomcat-servlet-4_0-api-9.0.118-150200.108.1 * tomcat-el-3_0-api-9.0.118-150200.108.1 * Web and Scripting Module 15-SP7 (noarch) * tomcat-lib-9.0.118-150200.108.1 * tomcat-9.0.118-150200.108.1 * tomcat-webapps-9.0.118-150200.108.1 * tomcat-admin-webapps-9.0.118-150200.108.1 * tomcat-jsp-2_3-api-9.0.118-150200.108.1 * tomcat-servlet-4_0-api-9.0.118-150200.108.1 * tomcat-el-3_0-api-9.0.118-150200.108.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * tomcat-lib-9.0.118-150200.108.1 * tomcat-9.0.118-150200.108.1 * tomcat-webapps-9.0.118-150200.108.1 * tomcat-admin-webapps-9.0.118-150200.108.1 *tomcat-jsp-2_3-api-9.0.118-150200.108.1 * tomcat-servlet-4_0-api-9.0.118-150200.108.1 * tomcat-el-3_0-api-9.0.118-150200.108.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * tomcat-lib-9.0.118-150200.108.1 * tomcat-9.0.118-150200.108.1 * tomcat-webapps-9.0.118-150200.108.1 * tomcat-admin-webapps-9.0.118-150200.108.1 * tomcat-jsp-2_3-api-9.0.118-150200.108.1 * tomcat-servlet-4_0-api-9.0.118-150200.108.1 * tomcat-el-3_0-api-9.0.118-150200.108.1 ## References: * https://www.suse.com/security/cve/CVE-2026-41284.html * https://www.suse.com/security/cve/CVE-2026-41293.html * https://www.suse.com/security/cve/CVE-2026-42498.html * https://www.suse.com/security/cve/CVE-2026-43512.html * https://www.suse.com/security/cve/CVE-2026-43513.html * https://www.suse.com/security/cve/CVE-2026-43514.html * https://www.suse.com/security/cve/CVE-2026-43515.html * https://bugzilla.suse.com/show_bug.cgi?id=1265145 * https://bugzilla.suse.com/show_bug.cgi?id=1265162 * https://bugzilla.suse.com/show_bug.cgi?id=1265163 * https://bugzilla.suse.com/show_bug.cgi?id=1265165 * https://bugzilla.suse.com/show_bug.cgi?id=1265166 * https://bugzilla.suse.com/show_bug.cgi?id=1265167 * https://bugzilla.suse.com/show_bug.cgi?id=1265168 . Seven vulnerabilities are addressed in the important security update for Tomcat on SUSE systems, enhancing security measures.. SUSE Security Update 2026 Tomcat Vulnerabilities Authentication. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 29, 2026 Important SuSE
172

Ubuntu 20.04 LTS USN-8087-3 python-cryptography Severe Data Leak Risk

python-cryptography could be made to expose sensitive information over the network.. ========================================================================== Ubuntu Security Notice USN-8087-3 April 28, 2026 python-cryptography vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: python-cryptography could be made to expose sensitive information over the network. Software Description: - python-cryptography: Cryptography Python library Details: USN-8087-1 fixed a vulnerability in python-cryptography. This update provides the corresponding update to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that python-cryptography incorrectly handled subgroup validation for SECT curves. A remote attacker could use this issue to perform a subgroup attack and possibly recover the least significant bits of private keys. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS python-cryptography 2.8-3ubuntu0.3+esm2 Available with Ubuntu Pro python3-cryptography 2.8-3ubuntu0.3+esm2 Available with Ubuntu Pro Ubuntu 18.04 LTS python-cryptography 2.1.4-1ubuntu1.4+esm3 Available with Ubuntu Pro python3-cryptography 2.1.4-1ubuntu1.4+esm3 Available with Ubuntu Pro Ubuntu 16.04 LTS python-cryptography 1.2.3-1ubuntu0.3+esm3 Available with Ubuntu Pro python3-cryptography 1.2.3-1ubuntu0.3+esm3 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8087-3 https://ubuntu.com/security/notices/USN-8087-2 https://ubuntu.com/security/notices/USN-8087-1 CVE-2026-26007 . Exploit risk in python-cryptography may expose sensitive data over the network, affecting multiple Ubuntu versions.. Python Cryptography Update, Ubuntu Security Notice, Critical Network Exposure. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Apr 29, 2026 Critical Ubuntu
172

Ubuntu 24.04: Linux-hwe-6.14 Important Info Exposure CVE-2025-40300

The system could be made to expose sensitive information.. ========================================================================== Ubuntu Security Notice USN-7860-5 November 10, 2025 linux-hwe-6.14 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS Summary: The system could be made to expose sensitive information. Software Description: - linux-hwe-6.14: Linux hardware enablement (HWE) kernel Details: Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this to expose sensitive information from the host OS. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS linux-image-6.14.0-35-generic 6.14.0-35.35~24.04.1 linux-image-6.14.0-35-generic-64k 6.14.0-35.35~24.04.1 linux-image-generic-6.14 6.14.0-35.35~24.04.1 linux-image-generic-64k-6.14 6.14.0-35.35~24.04.1 linux-image-generic-64k-hwe-24.04 6.14.0-35.35~24.04.1 linux-image-generic-hwe-24.04 6.14.0-35.35~24.04.1 linux-image-virtual-6.14 6.14.0-35.35~24.04.1 linux-image-virtual-hwe-24.04 6.14.0-35.35~24.04.1 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this aswell. References: https://ubuntu.com/security/notices/USN-7860-5 https://ubuntu.com/security/notices/USN-7860-4 https://ubuntu.com/security/notices/USN-7860-3 https://ubuntu.com/security/notices/USN-7860-2 https://ubuntu.com/security/notices/USN-7860-1 CVE-2025-40300 Package Information: . Upgrade your Ubuntu 24.04 LTS to address a critical information exposure vulnerability in the Linux kernel for enhanced security and performance. Linux Kernel, Ubuntu 24.04, Security Advisory, Information Exposure, Updates. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Nov 10, 2025 Important Ubuntu
203

Mageia 9: PostgreSQL Important Exec Code Threat MGASA-2025-0230

MGASA-2025-0230 - Updated postgresql15 & postgresql13 packages fix security vulnerabilities. MGASA-2025-0230 - Updated postgresql15 & postgresql13 packages fix security vulnerabilities Publication date: 08 Sep 2025 URL: https://advisories.mageia.org/MGASA-2025-0230.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-8713, CVE-2025-8714, CVE-2025-8715 Description: PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table. (CVE-2025-8713) PostgreSQL pg_dump lets superuser of origin server execute arbitrary code in psql client. (CVE-2025-8714) PostgreSQL pg_dump newline in object name executes arbitrary code in psql client and in restore target server. (CVE-2025-8715) References: - https://bugs.mageia.org/show_bug.cgi?id=34608 - https://www.postgresql.org/about/news/postgresql-176-1610-1514-1419-1322-and-18-beta-3-released-3118/ - https://www.cve.org/CVERecord?id=CVE-2025-8713 - https://www.cve.org/CVERecord?id=CVE-2025-8714 - https://www.cve.org/CVERecord?id=CVE-2025-8715 SRPMS: - 9/core/postgresql15-15.14-1.mga9 - 9/core/postgresql13-13.22-1.mga9 . Recent adjustments to PostgreSQL packages for Mageia address critical security vulnerabilities that impact both the integrity and performance of database systems.. PostgreSQL Vulnerabilities, Mageia Security Update, Database Security Patches, PostgreSQL Security Advisory. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Sep 08, 2025 Important Mageia
172

Ubuntu 25.04: USN-7525-2 Critical: Tomcat Sensitive File Exposure

Tomcat could expose sensitive files or run programs if it received specially crafted network traffic.. ========================================================================== Ubuntu Security Notice USN-7525-2 May 26, 2025 Tomcat vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.10 - Ubuntu 24.04 LTS Summary: Tomcat could expose sensitive files or run programs if it received specially crafted network traffic. Software Description: - tomcat9: Apache Tomcat 9 - Servlet and JSP engine Details: USN-7525-1 fixed CVE-2025-24813 for tomcat9 in Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS. This update fixes it for tomcat9 in Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.10. These versions include only the tomcat library (libtomcat9-java) and not the full tomcat server stack. Original advisory details: It was discovered that Apache Tomcat incorrectly implemented partial PUT functionality by replacing path separators with dots in temporary files. A remote attacker could possibly use this issue to access sensitive files, inject malicious content, or execute remote code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 libtomcat9-java 9.0.70-2ubuntu1.25.04.1 Ubuntu 24.10 libtomcat9-java 9.0.70-2ubuntu1.24.10.1 Ubuntu 24.04 LTS libtomcat9-java 9.0.70-2ubuntu0.1+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7525-2 https://ubuntu.com/security/notices/USN-7525-2 CVE-2025-24813 Package Information: https://launchpad.net/ubuntu/+source/tomcat9/9.0.70-2ubuntu1.25.04.1 https://launchpad.net/ubuntu/+source/tomcat9/9.0.70-2ubuntu1.24.10.1 . A recent Tomcat vulnerability report forUbuntu highlights the risks of unauthorized access to sensitive files and the potential for remote code execution threats. Tomcat Vulnerability, Ubuntu Security Notice, Sensitive File Exposure, Network Security. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 27, 2025 Critical Ubuntu
89

Fedora 41: FEDORA-2025-e97e5c6ce3 moderate: node.js worker thread exposure

update for nodejs22-22.14.0-2 Update to version 22.13.1.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-e97e5c6ce3 2025-03-01 01:22:54.667691+00:00 -------------------------------------------------------------------------------- Name : nodejs22 Product : Fedora 41 Version : 22.14.0 Release : 2.fc41 URL : https://nodejs.org/en/ Summary : JavaScript runtime Description : Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed devices.} -------------------------------------------------------------------------------- Update Information: update for nodejs22-22.14.0-2 Update to version 22.13.1. -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 19 2025 Jan Staněk - 1:22.14.0-2 - Change the default stream condition to allow for range of Fedoras - Rename the OPENSSL_NO_ENGINE guard patch to achieve the proper ordering * Tue Feb 18 2025 tjuhasz - 1:22.14.0-1 - update to version 22.14.0 (bz#2344862) * Thu Jan 23 2025 Jan Staněk - 1:22.13.1-1 - Update to version 22.13.1 (rhbz#2330256) * Wed Jan 22 2025 Tomas Juhasz - 1:22.13.0-1 - Updated to version 22.13.0 * Fri Jan 17 2025 Fedora Release Engineering - 1:22.11.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2330256 - nodejs22-22.13.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2330256 [ 2 ] Bug #2341716 - CVE-2025-23083 nodejs22: Node.js Worker Thread Exposure via Diagnostics Channel [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2341716 [ 3 ] Bug #2344862 - nodejs22-22.14.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2344862 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-e97e5c6ce3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- . Upgrade nodejs22 to release 22.13.1 to address serious security flaws in Fedora 41, ensuring improved safety and performance.. Fedora Security Update, Nodejs22 Advisory, JavaScript Runtime Update. . LinuxSecurity.com Team

Calendar%202 Mar 01, 2025 Fedora
89

Fedora 38 Samba Update: 2023-7eb8cbf1a5 Critical DoS Threat Fixes

Update to version 4.18.8 - Security fixes for CVE-2023-3961, CVE-2023-4091, CVE-2023-4154, CVE-2023-42669 and CVE-2023-42670. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-7eb8cbf1a5 2023-10-13 01:51:39.405980 -------------------------------------------------------------------------------- Name : samba Product : Fedora 38 Version : 4.18.8 Release : 1.fc38 URL : Summary : Server and Client software to interoperate with Windows machines Description : Samba is the standard Windows interoperability suite of programs for Linux and Unix. -------------------------------------------------------------------------------- Update Information: Update to version 4.18.8 - Security fixes for CVE-2023-3961, CVE-2023-4091, CVE-2023-4154, CVE-2023-42669 and CVE-2023-42670 -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 10 2023 Guenther Deschner - 4.18.8-1 - Update to 4.18.8 - resolves: #2241881, #2243228: Security fix for CVE-2023-3961 - resolves: #2241882, #2243231: Security fix for CVE-2023-4091 - resolves: #2241883, #2243230: Security fix for CVE-2023-4154 - resolves: #2241884, #2243229: Security fix for CVE-2023-42669 - resolves: #2241885, #2243232: Security fix for CVE-2023-42670 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2241881 - CVE-2023-3961 samba: smbd allows client access to unix domain sockets on the file system as root https://bugzilla.redhat.com/show_bug.cgi?id=2241881 [ 2 ] Bug #2241882 - CVE-2023-4091 samba: SMB clients can truncate files with read-only permissions https://bugzilla.redhat.com/show_bug.cgi?id=2241882 [ 3 ] Bug #2241883 - CVE-2023-4154 samba: AD DC password exposure to privileged users and RODCs https://bugzilla.redhat.com/show_bug.cgi?id=2241883 [ 4 ] Bug #2241884 - CVE-2023-42669 samba: "rpcecho"development server allows denial of service via sleep() call on AD DC https://bugzilla.redhat.com/show_bug.cgi?id=2241884 [ 5 ] Bug #2241885 - CVE-2023-42670 samba: AD DC Busy RPC multiple listener DoS https://bugzilla.redhat.com/show_bug.cgi?id=2241885 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-7eb8cbf1a5' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Fedora 38's latest samba upgrade tackles vital security vulnerabilities, delivering enhanced efficiency and safeguarding against potential risks.. Samba Update, Fedora Security, DoS Protection. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Oct 13, 2023 Critical Fedora
172

Ubuntu 23.04: USN-6200-1 Critical: Python Remote Code Execution

PHP could be made to expose sensitive information.. =========================================================================Ubuntu Security Notice USN-6199-1 July 03, 2023 php7.4, php8.1 vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: PHP could be made to expose sensitive information. Software Description: - php8.1: HTML-embedded scripting language interpreter - php7.4: HTML-embedded scripting language interpreter Details: It was discovered that PHP incorrectly handled certain Digest authentication for SOAP. An attacker could possibly use this issue to expose sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: libapache2-mod-php7.4 8.1.12-1ubuntu4.2 libapache2-mod-php8.0 8.1.12-1ubuntu4.2 libapache2-mod-php8.1 8.1.12-1ubuntu4.2 php8.1 8.1.12-1ubuntu4.2 php8.1-cgi 8.1.12-1ubuntu4.2 php8.1-cli 8.1.12-1ubuntu4.2 php8.1-soap 8.1.12-1ubuntu4.2 Ubuntu 22.10: libapache2-mod-php7.4 8.1.7-1ubuntu3.5 libapache2-mod-php8.0 8.1.7-1ubuntu3.5 libapache2-mod-php8.1 8.1.7-1ubuntu3.5 php8.1 8.1.7-1ubuntu3.5 php8.1-cgi 8.1.7-1ubuntu3.5 php8.1-cli 8.1.7-1ubuntu3.5 php8.1-soap 8.1.7-1ubuntu3.5 Ubuntu 22.04 LTS: libapache2-mod-php7.4 8.1.2-1ubuntu2.13 libapache2-mod-php8.0 8.1.2-1ubuntu2.13 libapache2-mod-php8.1 8.1.2-1ubuntu2.13 php8.1 8.1.2-1ubuntu2.13 php8.1-cgi 8.1.2-1ubuntu2.13 php8.1-cli 8.1.2-1ubuntu2.13 php8.1-soap 8.1.2-1ubuntu2.13 php8.1-sqlite3 8.1.2-1ubuntu2.13 Ubuntu 20.04 LTS: libapache2-mod-php7.4 7.4.3-4ubuntu2.19 php7.4 7.4.3-4ubuntu2.19 php7.4-cgi 7.4.3-4ubuntu2.19 php7.4-cli 7.4.3-4ubuntu2.19 php7.4-soap 7.4.3-4ubuntu2.19 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6199-1 CVE-2023-3247 Package Information: https://launchpad.net/ubuntu/+source/php8.1/8.1.12-1ubuntu4.2 https://launchpad.net/ubuntu/+source/php8.1/8.1.7-1ubuntu3.5 https://launchpad.net/ubuntu/+source/php8.1/8.1.2-1ubuntu2.13 https://launchpad.net/ubuntu/+source/php7.4/7.4.3-4ubuntu2.19 . Keep updated on the essential security alert regarding PHP vulnerabilities in Ubuntu versions 7.4 and 8.1, which may reveal confidential information.. PHP Exposure, Ubuntu Security Notice, Authentication Issue, Update PHP Packages, Sensitive Info Leak. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 03, 2023 Critical Ubuntu
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200