Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 22 articles for you...
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorySQL Injectionfedora

Fedora 44 pgadmin4 Vital Update SQL Injection Remote Code Execution Issue

Update to pgadmin4-9.15.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-68f6155fea 2026-05-21 00:54:04.884645+00:00 -------------------------------------------------------------------------------- Name : pgadmin4 Product : Fedora 44 Version : 9.15 Release : 1.fc44 URL : https://www.pgadmin.org/ Summary : Administration tool for PostgreSQL Description : pgAdmin is the most popular and feature rich Open Source administration and development platform for PostgreSQL, the most advanced Open Source database in the world. -------------------------------------------------------------------------------- Update Information: Update to pgadmin4-9.15. -------------------------------------------------------------------------------- ChangeLog: * Mon May 11 2026 Sandro Mani - 9.15-1 - Update to 9.15 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2476786 - CVE-2026-7819 pgadmin4: symbolic-link path traversal in File Manager allows arbitrary file write [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476786 [ 2 ] Bug #2476787 - CVE-2026-7815 pgadmin4: SQL injection in maintenance tool option values leading to remote code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476787 [ 3 ] Bug #2476788 - CVE-2026-7817 pgadmin4: local file inclusion and server-side request forgery in LLM API configuration endpoints [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476788 [ 4 ] Bug #2476789 - CVE-2026-7820 pgadmin4: account-lockout bypass via Flask-Security default /login view [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476789 [ 5 ] Bug #2476790 - CVE-2026-7818 pgadmin4: unsafe deserialization in file-backed session manager leads to remote code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476790 [ 6 ] Bug#2476791 - CVE-2026-7816 pgadmin4: OS command injection in Import/Export query export via psql metacommand breakout [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476791 [ 7 ] Bug #2476792 - CVE-2026-7813 pgadmin4: cross-user data access and shared-server privilege escalation in server mode [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476792 [ 8 ] Bug #2476793 - CVE-2026-7814 pgadmin4: stored XSS via crafted PostgreSQL object names in Browser Tree and Explain Visualizer [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476793 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-68f6155fea' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Critical update for Fedora 44 pgadmin4 resolves multiple issues including SQL injection and remote code execution threats.. Fedora Update, pgadmin4, SQL Injection, Remote Code Execution, Security Advisory. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 May 21, 2026 Critical Fedora
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorydebianfile inclusion

Debian LTS: DLA-4090-1: ruby-rack Security Advisory Updates

Multiple vulnerabilities have been fixed in ruby-rack, an interface for developing web applications in Ruby. CVE-2025-25184 . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4090-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Adrian Bunk March 24, 2025 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : ruby-rack Version : 2.1.4-3+deb11u3 CVE ID : CVE-2025-25184 CVE-2025-27111 CVE-2025-27610 Debian Bug : 1098257 1099546 1100444 Multiple vulnerabilities have been fixed in ruby-rack, an interface for developing web applications in Ruby. CVE-2025-25184 Log Injection in Rack::CommonLogger CVE-2025-27111 Log Injection in Rack::Sendfile CVE-2025-27610 Local file inclusion in Rack::Static For Debian 11 bullseye, these problems have been fixed in version 2.1.4-3+deb11u3. We recommend that you upgrade your ruby-rack packages. For the detailed security status of ruby-rack please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/ruby-rack Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Multiple vulnerabilities in ruby-rack have been fixed, including log injection and local file inclusion, requiring updates.. vulnerabilities, ruby-rack, interface, developing, applications. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Mar 24, 2025 Critical Debian LTS
Banner 4 1028x280 1708121825 1771600306
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorysecurity updatedebian

Debian 11 DLA-4068-1 Critical: php-nesbot-carbon Arbitrary Include Threat

Arbitrary file include in Carbon::setLocale has been fixed in Carbon, a PHP API extension for DateTime. For Debian 11 bullseye, this problem has been fixed in version . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4068-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Adrian Bunk February 25, 2025 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : php-nesbot-carbon Version : 2.32.2-1+deb11u1 CVE ID : CVE-2025-22145 Debian Bug : 1092680 Arbitrary file include in Carbon::setLocale has been fixed in Carbon, a PHP API extension for DateTime. For Debian 11 bullseye, this problem has been fixed in version 2.32.2-1+deb11u1. We recommend that you upgrade your php-nesbot-carbon packages. For the detailed security status of php-nesbot-carbon please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/php-nesbot-carbon Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Ubuntu LTS Notice ULA-5092-2 presents a solution for Carbon unrestricted file upload; suggested updates explained.. Debian LTS, php-nesbot-carbon, security advisory, file include, upgrade instructions. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Feb 25, 2025 Critical Debian LTS
100
Ls Advisories Suse Esm H240
Price Tag 1security advisoryimportantinformation disclosure

SUSE Linux Enterprise: 2021:14705-1 Important: Tomcat6 Security Fixes

An update that fixes three vulnerabilities is now available. . SUSE Security Update: Security update for tomcat6 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:14705-1 Rating: important References: #1059554 #1180947 #1182909 Cross-References: CVE-2017-12617 CVE-2021-24122 CVE-2021-25329 CVSS scores: CVE-2017-12617 (NVD) : 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-12617 (SUSE): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-24122 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-24122 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-25329 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-25329 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for tomcat6 fixes the following issues: - CVE-2021-25329: Fixed completely CVE-2020-9484 (bsc#1182909). - CVE-2021-24122: Fixed an information disclosure (bsc#1180947). - CVE-2017-12617: Fixed a file inclusion vulnerability through a crafted request (bsc#1059554). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-tomcat6-14705=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-tomcat6-14705=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS(noarch): tomcat6-6.0.53-0.57.19.1 tomcat6-admin-webapps-6.0.53-0.57.19.1 tomcat6-docs-webapp-6.0.53-0.57.19.1 tomcat6-javadoc-6.0.53-0.57.19.1 tomcat6-jsp-2_1-api-6.0.53-0.57.19.1 tomcat6-lib-6.0.53-0.57.19.1 tomcat6-servlet-2_5-api-6.0.53-0.57.19.1 tomcat6-webapps-6.0.53-0.57.19.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (noarch): tomcat6-6.0.53-0.57.19.1 tomcat6-admin-webapps-6.0.53-0.57.19.1 tomcat6-docs-webapp-6.0.53-0.57.19.1 tomcat6-javadoc-6.0.53-0.57.19.1 tomcat6-jsp-2_1-api-6.0.53-0.57.19.1 tomcat6-lib-6.0.53-0.57.19.1 tomcat6-servlet-2_5-api-6.0.53-0.57.19.1 tomcat6-webapps-6.0.53-0.57.19.1 References: https://www.suse.com/security/cve/CVE-2017-12617.html https://www.suse.com/security/cve/CVE-2021-24122.html https://www.suse.com/security/cve/CVE-2021-25329.html https://bugzilla.suse.com/1059554 https://bugzilla.suse.com/1180947 https://bugzilla.suse.com/1182909 . SUSE Security Update 2022:19234-1: Critical update for nginx addressing various vulnerabilities to improve overall system integrity.. SUSE Linux Enterprise,TOMCAT6 Security Update,TOMCAT6 Vulnerability Fixes. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Apr 21, 2021 Important SuSE
Banner 4 1028x280 1708121825 1771600306
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisoryupdatered hat

Red Hat Enterprise Linux 7.6 Important: Tomcat AJP File Inclusion

An update for tomcat is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: tomcat security update Advisory ID: RHSA-2020:2840-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:2840 Issue date: 2020-07-07 CVE Names: CVE-2020-1938 ==================================================================== 1. Summary: An update for tomcat is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.6) - noarch Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6) - noarch Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch Red Hat Enterprise Linux Server Optional EUS (v. 7.6) - noarch Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - noarch Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - noarch 3. Description: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, whichincludes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1806398 - CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.6): Source: tomcat-7.0.76-10.el7_6.src.rpm noarch: tomcat-servlet-3.0-api-7.0.76-10.el7_6.noarch.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6): noarch: tomcat-7.0.76-10.el7_6.noarch.rpm tomcat-admin-webapps-7.0.76-10.el7_6.noarch.rpm tomcat-docs-webapp-7.0.76-10.el7_6.noarch.rpm tomcat-el-2.2-api-7.0.76-10.el7_6.noarch.rpm tomcat-javadoc-7.0.76-10.el7_6.noarch.rpm tomcat-jsp-2.2-api-7.0.76-10.el7_6.noarch.rpm tomcat-jsvc-7.0.76-10.el7_6.noarch.rpm tomcat-lib-7.0.76-10.el7_6.noarch.rpm tomcat-webapps-7.0.76-10.el7_6.noarch.rpm Red Hat Enterprise Linux Server EUS (v. 7.6): Source: tomcat-7.0.76-10.el7_6.src.rpm noarch: tomcat-7.0.76-10.el7_6.noarch.rpm tomcat-admin-webapps-7.0.76-10.el7_6.noarch.rpm tomcat-el-2.2-api-7.0.76-10.el7_6.noarch.rpm tomcat-jsp-2.2-api-7.0.76-10.el7_6.noarch.rpm tomcat-lib-7.0.76-10.el7_6.noarch.rpm tomcat-servlet-3.0-api-7.0.76-10.el7_6.noarch.rpm tomcat-webapps-7.0.76-10.el7_6.noarch.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: tomcat-7.0.76-10.el7_6.src.rpm noarch: tomcat-7.0.76-10.el7_6.noarch.rpm tomcat-admin-webapps-7.0.76-10.el7_6.noarch.rpm tomcat-el-2.2-api-7.0.76-10.el7_6.noarch.rpm tomcat-jsp-2.2-api-7.0.76-10.el7_6.noarch.rpm tomcat-lib-7.0.76-10.el7_6.noarch.rpm tomcat-servlet-3.0-api-7.0.76-10.el7_6.noarch.rpm tomcat-webapps-7.0.76-10.el7_6.noarch.rpm Red Hat Enterprise Linux Server Optional EUS (v.7.6): noarch: tomcat-7.0.76-10.el7_6.noarch.rpm tomcat-admin-webapps-7.0.76-10.el7_6.noarch.rpm tomcat-docs-webapp-7.0.76-10.el7_6.noarch.rpm tomcat-el-2.2-api-7.0.76-10.el7_6.noarch.rpm tomcat-javadoc-7.0.76-10.el7_6.noarch.rpm tomcat-jsp-2.2-api-7.0.76-10.el7_6.noarch.rpm tomcat-jsvc-7.0.76-10.el7_6.noarch.rpm tomcat-lib-7.0.76-10.el7_6.noarch.rpm tomcat-webapps-7.0.76-10.el7_6.noarch.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): noarch: tomcat-7.0.76-10.el7_6.noarch.rpm tomcat-admin-webapps-7.0.76-10.el7_6.noarch.rpm tomcat-docs-webapp-7.0.76-10.el7_6.noarch.rpm tomcat-el-2.2-api-7.0.76-10.el7_6.noarch.rpm tomcat-javadoc-7.0.76-10.el7_6.noarch.rpm tomcat-jsp-2.2-api-7.0.76-10.el7_6.noarch.rpm tomcat-jsvc-7.0.76-10.el7_6.noarch.rpm tomcat-lib-7.0.76-10.el7_6.noarch.rpm tomcat-webapps-7.0.76-10.el7_6.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2020-1938 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXwRNl9zjgjWX9erEAQiT9w/+J5tpur6937/LEM5Wm8YD/l82sHY/11G3 bvwp8726yUCnHY/tOQyQr/V6fuqqfcquXhszeQsESXcu61cNzw/70OAxdIwrEx0G 04NtVZUiemFPbzjWFiTvEmb9feIiyMFYIh9DdIceRsGaCPEDUvFQqiDoxRfge0nC fN3bRB/+t9P638Gq4/DIyzR9Y7bvYHeQDoMDgz7pvViK5fUTLsiE/FNkJl6iV6/n DBn/Jv61hkSkidCz4NLesdgB/7DHVFsohuEFRkYrbTNjNCVe/35u+WzM+WfYsApT lJd6+QoUR11Y8ROWrIes9vx6OpmGaMy/hKsmQI1GWbUf/xCGBCgjiThW3AxGEjVn rGRKzzjenlsa+zLfXdK8NQtmUkzj9I4l/qgqL/E70ornGi+gqc7OD3kvq6rcqdTZ 2TXL54Co3rL058tsKVBLi2RUaNoQYMLJTUcPsGS41pfx8y2Pzv4V0io7gM9cRAc0 +3SHPlc0Hr+wGk05fr4/WnUw7Zf1YXGBCTfTdyvn5Kt1+tvwpC1nvnsZrJjt/EUQ y2qH6Oe6ATpuo9ADSX04Vp5T3zquTcZHIlgreBtWJiwdYf69c5+ayCyWPxZqdY0i 1RTEDCxdbr3yuyPjVO3OCqjopuWd/wGCXrmdhOqACMFn+l/03+EjzF+s8VDE7UBr W14lIkzPSq4=7crD -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Critical Apache Tomcat patch for RHEL tackles a major concern. Discover the steps to implement it.. Tomcat Update, Red Hat Advisory, Security Issues, Important Update, Linux Security. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jul 07, 2020 Important Red Hat
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisoryred hatapache

Red Hat: RHSA-2020-1478-01 Important: JBoss AJP File Inclusion Issue

An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 6.4 security update Advisory ID: RHSA-2020:1478-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2020:1478 Issue date: 2020-04-14 CVE Names: CVE-2020-1938 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server - noarch Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server - noarch Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server - noarch 3. Description: Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for the Apache Tomcat package in JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 5, 6, and 7. All users of Red Hat JBoss Enterprise Application Platform 6.4 are advised to upgrade to this updated package. Security Fix(es): * tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938) For more details about thesecurity issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. The JBoss server process must be restarted for the update to take effect. For details about how to apply this update, see: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1806398 - CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability 6. Package List: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server: Source: jbossweb-7.5.30-2.Final_redhat_2.1.ep6.el5.src.rpm noarch: jbossweb-7.5.30-2.Final_redhat_2.1.ep6.el5.noarch.rpm Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server: Source: jbossweb-7.5.30-2.Final_redhat_2.1.ep6.el6.src.rpm noarch: jbossweb-7.5.30-2.Final_redhat_2.1.ep6.el6.noarch.rpm Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server: Source: jbossweb-7.5.30-2.Final_redhat_2.1.ep6.el7.src.rpm noarch: jbossweb-7.5.30-2.Final_redhat_2.1.ep6.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-1938 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/6.4/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXpYpPtzjgjWX9erEAQiicQ//ZaJErliaowhAdg5ZvCj76PbKhe9XdjbI yZgY2vS2yrRvx+0GkUMkRiBmsNtcfa2OG9N2A29TWvsk/C6fD/7NWxR7oFXWItMI LkJxErJjdf4iVOXzs4pYo5D+GShZlKQTCHMoGfyoMizeu57kKhIrnnPi4lSEEMKE gRKI+fE0UBYBdRARhRyfeiuGJcgdl4XNzMrlk9CwQ8JifScmB4l4HOQgFNHzYdxa 6T3AyGoq/DHcWMejUW0Peb/qKAmi3APmi8xxPOZmdcO4DX8nsjE1ZTZW53GzI6X4 b5GXksHhwPZhzFCRG+7FcI7oJFW+bZ/sa16q4RLVgT9xd2nMgssdaXK+menGLs1P QK2dD6Syq87w8s5aoFnqYoPmjMOKmcKsSLpbm2+sdybNneL/yjZhEgMpO/addE9S ByXh51llBTe6zEhJX+x6I5xLMXEUkCYcvLuvOOIbzzb+2gSeL/a0+8YDjP6YdppW U/XK+/6/MR6O/AM1p7tmHlFfZWx8xuUsNqQW5xO+PT3FoLGnO/5vnKxPMEwsXBeZ ZeiLZ7q6zITX7ert4CKtxuHuXsTwi3VyH85VlBcwrvFLUU4xdpLm2mVhLlZAxxm0 Co54GUayHSKtJcMnmc7agJhW6CGvloBRDMaENhqp11rcVo/cyYSnj80iTnlmq/X+ 7+DIzqHDEoA=VP8L -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Oracle's bulletin contains a significant WebLogic security patch targeting a critical RMI vulnerability.. Red Hat JBoss Security, AJP File Inclusion, JBoss Update, Security Advisory, Important Software Fix. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Apr 14, 2020 Important Red Hat
Banner 4 1028x280 1708121825 1771600306
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisoryred hatimportant

RedHat: RHSA-2020-1479-01 Important: Apache Tomcat File Inclusion Threat

An update is now available for Red Hat JBoss Enterprise Application Platform 6.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 6.4 security update Advisory ID: RHSA-2020:1479-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2020:1479 Issue date: 2020-04-14 CVE Names: CVE-2020-1938 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Enterprise Application Platform 6.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for the Apache Tomcat package in JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 5, 6, and 7. All users of Red Hat JBoss Enterprise Application Platform 6.4 are advised to upgrade to these updated packages. Security Fix(es): * tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938) For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section. 3. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. The JBoss server process must be restarted for theupdate to take effect. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1806398 - CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability 5. References: https://access.redhat.com/security/cve/CVE-2020-1938 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=6.4 https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/6.4/ 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXpYiNtzjgjWX9erEAQjFFw/+MoKhYpWoDE3P09oq0WpGjCrUXtM29yBA E0o/Wvd14IqC4c6ohp8GA+EqYOUcEnLAHAgXgUhFBuwLKR0a1ypSBK4IunkKoiWB WkcsLZ4D2mdWUtZMObvb7U3rHyz3iMiqy2MIJcVjf+Fi4ggla5S+KYhwLe/DwAV4 XPQfaXkXXtSl0u57SFlPmIsfVns0JacJhnAOHzWegfy1Za1PVyFLk/snQzWPdmCi CwE0qi95tFfy2tCsPCiWZ4ywou55sx4surPjNXAdZ5n7bpGX1QtQ/eb8A1gYFjAY mDvquHBMWuKlHXwASddCheFq2tqbVMbclHTMk1+gxavZXH3t8SOhxINgj8fIRw07 wjJB8XEUxAeiom1ughs1g5QK9Bhs2iNDfehxLKtupQnqtizeAOE/YOMpO0FGBGq2 2zPIVdL08FUeQNtyklNwNufCv8XynhH9HIcIZ6c+Idtypq3wk2fceHOxudArX88/ iCowTvZBIXrP7mExzymZVdV9JiDgscBxH/A3QCFnLdy87NwrSEOyHTmeMGBWao2t mkZnWtFbvKWy3LBWY2HubcF5MDVSBJESIg06h4hd06OFCO70xQB1YzFNwAACmwak 7O9XgYgcMlVuQdJAjNxuFE/bX979hOrJIL1ehI2Yot1O+xGO669o5Cvxm86FzSB2 MnB2yFlnj/E=8xgy -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Red Hat JBoss Enterprise Application Platform 7.3 security update remedied Apache Tomcat vulnerabilities classified as crucial.. RedHat JBoss, Security Update, Application Security, Tomcat Vulnerability, Enterprise Application. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Apr 14, 2020 Important Red Hat
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorysecurity updateFedora

Fedora 30: 2020:0001-1 Moderate: Tomcat AJP File Read Inclusion Threat

This update includes a rebase from 9.0.30 up to 9.0.31 which resolves one CVE along with various other bugs/features: * rhbz#1806805 CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability * rhbz#1801729 tomcat-9.0.31 is available **WARNING** - This update does *not* enforce the change in defaults for the AJP Connector like the upstream fix does. This is. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-c870aa8378 2020-04-02 09:18:38.488860 --------------------------------------------------------------------------------Name : tomcat Product : Fedora 30 Version : 9.0.31 Release : 2.fc30 URL : https://tomcat.apache.org/ Summary : Apache Servlet/JSP Engine, RI for Servlet 4.0/JSP 2.3 API Description : Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. --------------------------------------------------------------------------------Update Information: This update includes a rebase from 9.0.30 up to 9.0.31 which resolves one CVE along with various other bugs/features: * rhbz#1806805 CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability * rhbz#1801729 tomcat-9.0.31 is available **WARNING** - This update does *not* enforce the change in defaults for the AJP Connector like the upstream fix does. This is done to prevent breakage of current installations, but it is highly advised to review your AJP Connector configuration to ensure that it is only accessible by your proxy! For more information see the [TomcatSecurity Page](https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31) and the [Tomcat Security Considerations Document](https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#Connectors). --------------------------------------------------------------------------------ChangeLog: * Thu Mar 12 2020 Coty Sutherland - 1:9.0.31-2 - Related: rhbz#1806398 Undo changes in defaults for AJP connector (CVE-2020-1938) to prevent breakage, please update your configuration accordingly * Thu Mar 5 2020 Coty Sutherland - 1:9.0.31-1 - Update to 9.0.31 - Resolves: rhbz#1806398 - CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-c870aa8378' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Apache Tomcat enhancement addresses AJP file access/inclusion vulnerability and recommends a thorough configuration assessment.. Tomcat Update, Fedora Advisory, AJP Connector Security, File Inclusion Risk. . LinuxSecurity.com Team

Calendar 2 Apr 02, 2020 Fedora
Banner 4 1028x280 1708121825 1771600306
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here