Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 60 articles for you...
202

openSUSE yelp Important File Disclosure Risk CVE-2026-13601

An update that solves one vulnerability can now be installed.. # Security update for yelp Announcement ID: SUSE-SU-2026:3036-1 Release Date: 2026-07-15T11:44:33Z Rating: important References: * bsc#1269625 Cross-References: * CVE-2026-13601 CVSS scores: * CVE-2026-13601 ( SUSE ): 6.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N * CVE-2026-13601 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N * CVE-2026-13601 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N * CVE-2026-13601 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N * CVE-2026-13601 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Affected Products: * Desktop Applications Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for yelp fixes the following issue * CVE-2026-13601: overly permissive Content Security Policy allows host file disclosure via Flatpak applications (bsc#1269625). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-3036=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-3036=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-3036=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-3036=1 ## Package List: *SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * yelp-debugsource-42.2-150600.3.6.1 * libyelp0-42.2-150600.3.6.1 * yelp-devel-42.2-150600.3.6.1 * libyelp0-debuginfo-42.2-150600.3.6.1 * yelp-debuginfo-42.2-150600.3.6.1 * yelp-42.2-150600.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * yelp-lang-42.2-150600.3.6.1 * openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64) * yelp-debugsource-42.2-150600.3.6.1 * libyelp0-42.2-150600.3.6.1 * yelp-devel-42.2-150600.3.6.1 * libyelp0-debuginfo-42.2-150600.3.6.1 * yelp-debuginfo-42.2-150600.3.6.1 * yelp-42.2-150600.3.6.1 * openSUSE Leap 15.6 (noarch) * yelp-lang-42.2-150600.3.6.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * yelp-debugsource-42.2-150600.3.6.1 * libyelp0-42.2-150600.3.6.1 * yelp-devel-42.2-150600.3.6.1 * libyelp0-debuginfo-42.2-150600.3.6.1 * yelp-debuginfo-42.2-150600.3.6.1 * yelp-42.2-150600.3.6.1 * Desktop Applications Module 15-SP7 (noarch) * yelp-lang-42.2-150600.3.6.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * yelp-debugsource-42.2-150600.3.6.1 * libyelp0-42.2-150600.3.6.1 * yelp-devel-42.2-150600.3.6.1 * libyelp0-debuginfo-42.2-150600.3.6.1 * yelp-debuginfo-42.2-150600.3.6.1 * yelp-42.2-150600.3.6.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * yelp-lang-42.2-150600.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-13601.html * https://bugzilla.suse.com/show_bug.cgi?id=1269625 . An essential security update for openSUSE's yelp addresses a significant file disclosure risk. Install it now.. openSUSE security file disclosure update yelp vulnerability. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 15, 2026 Important OpenSUSE
87

Debian: LXD Important File Info Disclosures DSA-6028-1 CVE-2025-54286

Multiple security issues were discovered in LXD, a system container and virtual machine manager, which could result in file disclosure, information disclosure or or cross-site request forgery. For the oldstable distribution (bookworm), these problems have been fixed in version 5.0.2-5+deb12u1.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6028-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff October 17, 2025 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : lxd CVE ID : CVE-2025-54286 CVE-2025-54287 CVE-2025-54288 CVE-2025-54293 Multiple security issues were discovered in LXD, a system container and virtual machine manager, which could result in file disclosure, information disclosure or or cross-site request forgery. For the oldstable distribution (bookworm), these problems have been fixed in version 5.0.2-5+deb12u1. For the stable distribution (trixie), these problems have been fixed in version 5.0.2+git20231211.1364ae4-9+deb13u1. We recommend that you upgrade your lxd packages. For the detailed security status of lxd please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/lxd Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Security advisory for LXD on Debian fixing multiple issues: file disclosure, information leak, and CSRF risks.. LXD Debian Security Advisory, file disclosure, information leak, CSRF risks, security update. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Oct 17, 2025 Important Debian
87

Debian: Incus Critical Security Flaws CVE-2025-54286 to 54293 DSA-6027-1

Multiple security issues were discovered in Incus, a system container and virtual machine manager, which could result in file disclosure, information disclosure, privilege escalation or cross-site request forgery. For the stable distribution (trixie), these problems have been fixed in. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6027-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff October 17, 2025 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : incus CVE ID : CVE-2025-54286 CVE-2025-54287 CVE-2025-54288 CVE-2025-54289 CVE-2025-54290 CVE-2025-54291 CVE-2025-54293 Multiple security issues were discovered in Incus, a system container and virtual machine manager, which could result in file disclosure, information disclosure, privilege escalation or cross-site request forgery. For the stable distribution (trixie), these problems have been fixed in version 6.0.4-2+deb13u1. We recommend that you upgrade your incus packages. For the detailed security status of incus please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/incus Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Multiple critical security issues in Incus fixed for Debian trixie to prevent file disclosure and privilege escalation risks.. Debian Security, Incus Threats, Information Disclosure, Privilege Escalation, System Managers. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Oct 17, 2025 Critical Debian
172

Ubuntu 24.04 LTS: USN-7206-1 critical: rsync multiple exploit fixes

Several security issues were fixed in rsync.. ========================================================================== Ubuntu Security Notice USN-7206-1 January 14, 2025 Several security issues were fixed in rsync ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in rsync. Software Description: - rsync: fast, versatile, remote (and local) file-copying tool Details: Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync did not properly handle checksum lengths. An attacker could use this issue to execute arbitrary code. (CVE-2024-12084) Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync compared checksums with uninitialized memory. An attacker could exploit this issue to leak sensitive information. (CVE-2024-12085) Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync incorrectly handled file checksums. A malicious server could use this to expose arbitrary client files. (CVE-2024-12086) Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync mishandled symlinks for some settings. An attacker could exploit this to write files outside the intended directory. (CVE-2024-12087) Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync failed to verify symbolic link destinations for some settings. An attacker could exploit this for path traversal attacks. (CVE-2024-12088) Aleksei Gorban discovered a race condition in rsync's handling of symbolic links. An attacker could use this to access sensitive information or escalate privileges. (CVE-2024-12747) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS rsync 3.2.7-1ubuntu1.1 Ubuntu 22.04 LTS rsync 3.2.7-0ubuntu0.22.04.3 Ubuntu 20.04 LTS rsync 3.1.3-8ubuntu0.8 Ubuntu 18.04 LTS rsync 3.1.2-2.1ubuntu1.6+esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS rsync 3.1.1-3ubuntu1.3+esm3 Available with Ubuntu Pro Ubuntu 14.04 LTS rsync 3.1.0-2ubuntu0.4+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. After a standard system update you need to restart rsync daemons if configured to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7206-1 CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, CVE-2024-12747 Package Information: https://launchpad.net/ubuntu/+source/rsync/3.2.7-1ubuntu1.1 https://launchpad.net/ubuntu/+source/rsync/3.2.7-0ubuntu0.22.04.3 https://launchpad.net/ubuntu/+source/rsync/3.1.3-8ubuntu0.8 . Security issues in rsync for Ubuntu fixed, addressing critical exploits across versions including code execution risks.. Ubuntu Security Update, Rsync Security Fixes, File-Copying Tool Vulnerabilities. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jan 14, 2025 Critical Ubuntu
197

Debian 11 Bullseye: DLA-3871-1 Critical: Cinder File Disclosure

Martin Kaesberger discovered a vulnerability which affects multiple OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk images may result in the disclosure of arbitrary files. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3871-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Thomas Goirand September 05, 2024 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : cinder Version : 2:17.4.0-1~deb11u2 CVE ID : CVE-2023-2088 CVE-2024-32498 Debian Bug : 1035961 1074763 Martin Kaesberger discovered a vulnerability which affects multiple OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk images may result in the disclosure of arbitrary files. This update also fixes unauthorized volume access through deleted volume attachments (only Cinder deployments using the LVM over iSCSI driver were affected). For Debian 11 bullseye, these problems have been fixed in version 2:17.4.0-1~deb11u2. We recommend that you upgrade your cinder packages. For the detailed security status of cinder please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/cinder Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Debian LTS Notice DLA-3872-1 highlights vulnerabilities in various OpenStack modules, particularly Neutron. It is advisable to perform an upgrade.. debian security,cinder update,openstack vulnerability,file access issue. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Sep 04, 2024 Critical Debian LTS
87

Debian Bookworm DSA-5756-1 Critical: Nova File Disclosure Risk

Martin Kaesberger discovered a vulnerability which affects multiple OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk images may result in the disclosure of arbitrary files. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5756-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff August 21, 2024 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nova CVE ID : CVE-2024-32498 Martin Kaesberger discovered a vulnerability which affects multiple OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk images may result in the disclosure of arbitrary files. For the stable distribution (bookworm), this problem has been fixed in version 2:26.2.2-1~deb12u3. We recommend that you upgrade your nova packages. For the detailed security status of nova please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/nova Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Debian DSA-5757-2 fixes a severe cinder flaw impacting OpenStack services. Upgrade immediately!. Debian Security, OpenStack Advisory, Nova Security Update, File Disclosure, QCOW2 Disk Images. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Aug 21, 2024 Critical Debian
87

Debian: DSA-5755-1 Moderate: Glance Arbitrary File Disclosure

Martin Kaesberger discovered a vulnerability which affects multiple OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk images may result in the disclosure of arbitrary files. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5755-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff August 21, 2024 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : glance CVE ID : CVE-2024-32498 Martin Kaesberger discovered a vulnerability which affects multiple OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk images may result in the disclosure of arbitrary files. For the stable distribution (bookworm), this problem has been fixed in version 2:25.1.0-2+deb12u1. We recommend that you upgrade your glance packages. For the detailed security status of glance please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/glance Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Defective QCOW2 disk images may reveal sensitive data; Ubuntu recommends urgent updates for glance software.. OpenStack Security, Debian Advisory, Glance Security, File Disclosure Risk. . LinuxSecurity.com Team

Calendar%202 Aug 21, 2024 Debian
87

Debian DSA-5754-1 Critical: OpenStack Cinder File Disclosure

Martin Kaesberger discovered a vulnerability which affects multiple OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk images may result in the disclosure of arbitrary files. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5754-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff August 21, 2024 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : cinder CVE ID : CVE-2024-32498 Martin Kaesberger discovered a vulnerability which affects multiple OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk images may result in the disclosure of arbitrary files. For the stable distribution (bookworm), this problem has been fixed in version 2:21.3.1-1~deb12u1. We recommend that you upgrade your cinder packages. For the detailed security status of cinder please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/cinder Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Important Ubuntu Security Notice USN-5950-1 addresses a vulnerability in nova that may lead to unintended access to confidential data through corrupted images.. Debian Security,Cinder Update,OpenStack Components,File Disclosure,Security Fix. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Aug 21, 2024 Critical Debian
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200