Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 623
Alerts This Week
Warning Icon 1 623

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is application sandboxing truly safe?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/155-is-application-sandboxing-truly-safe?task=poll.vote&format=json
155
radio
0
[{"id":500,"title":"Malware still escapes container walls.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":501,"title":"Supply chains corrupt trusted packages.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":502,"title":"Convenience consistently compromises strict security.","votes":1,"type":"x","order":3,"pct":100,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 3 articles for you...
172

Ubuntu Flask Important Info Exposure CVE-2026-27205 USN-8104-1

Flask could be made to expose sensitive information over the network.. ========================================================================== Ubuntu Security Notice USN-8104-1 March 18, 2026 flask vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Flask could be made to expose sensitive information over the network. Software Description: - flask: Micro web framework based on Werkzeug and Jinja2 Details: Shourya Jaiswal discovered that Flask did not correctly mark certain web responses as user-specific. A remote attacker could possibly use this issue to obtain sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS python3-flask 3.0.2-1ubuntu1.1 Ubuntu 22.04 LTS python3-flask 2.0.1-2ubuntu1.2 Ubuntu 20.04 LTS python3-flask 1.1.1-2ubuntu0.1+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8104-1 CVE-2026-27205 Package Information: https://launchpad.net/ubuntu/+source/flask/3.0.2-1ubuntu1.1 https://launchpad.net/ubuntu/+source/flask/2.0.1-2ubuntu1.2 . Flask could expose sensitive data over the network; immediate updates are necessary for Ubuntu users across several versions.. Flask security, Ubuntu advisory, sensitive data exposure, network security threat. . LinuxSecurity.com Team

Calendar%202 Mar 18, 2026 Ubuntu
202

openSUSE Tumbleweed Flask Moderate Update CVE-2026-27205

An update that solves one vulnerability can now be installed.. # python311-Flask-3.1.3-1.1 on GA media Announcement ID: openSUSE-SU-2026:10264-1 Rating: moderate Cross-References: * CVE-2026-27205 CVSS scores: * CVE-2026-27205 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-27205 ( SUSE ): 6 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the python311-Flask-3.1.3-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * python311-Flask 3.1.3-1.1 * python311-Flask-doc 3.1.3-1.1 * python312-Flask 3.1.3-1.1 * python312-Flask-doc 3.1.3-1.1 * python313-Flask 3.1.3-1.1 * python313-Flask-doc 3.1.3-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-27205.html . Update for openSUSE Tumbleweed addresses moderate risk in Flask package CVE-2026-27205.. openSUSE Flask security moderate CVE-2026-27205. . LinuxSecurity.com Team

Calendar%202 Feb 27, 2026 OpenSUSE
89

Fedora 43: django-important Security Vulnerability 2025-6748b1c2d28

Update to 3.1.2. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-55e69c9cea 2025-09-09 01:28:38.281244+00:00 -------------------------------------------------------------------------------- Name : python-flask Product : Fedora 42 Version : 3.1.2 Release : 2.fc42 URL : https://flask.palletsprojects.com/en/stable/ Summary : A micro-framework for Python based on Werkzeug, Jinja 2 and good intentions Description : Flask is called a \u201cmicro-framework\u201d because the idea to keep the core simple but extensible. There is no database abstraction layer, no form validation or anything else where different libraries already exist that can handle that. However Flask knows the concept of extensions that can add this functionality into your application as if it was implemented in Flask itself. There are currently extensions for object relational mappers, form validation, upload handling, various open authentication technologies and more. -------------------------------------------------------------------------------- Update Information: Update to 3.1.2 -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 31 2025 Franti\u0161ek Zatloukal - 1:3.1.2-2 - Do some shuffling to work on f42 and epel10 * Sun Aug 31 2025 Franti\u0161ek Zatloukal - 1:3.1.2-1 - Update to 3.1.2 (RHBZ#2389601) * Fri Aug 15 2025 Python Maint - 1:3.1.1-4 - Rebuilt for Python 3.14.0rc2 bytecode * Fri Jul 25 2025 Fedora Release Engineering - 1:3.1.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Tue Jun 3 2025 Python Maint - 1:3.1.1-2 - Rebuilt for Python 3.14 * Tue May 20 2025 Karolina Surma - 1:3.1.1-1 - Update to 3.1.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2366240 - CVE-2025-47278 python-flask: Flask Session Signing Fallback Key Vulnerability [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2366240 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-55e69c9cea' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Fedora 42 has a major update for Python-Flask that fixes critical security vulnerabilities. Apply the update with `sudo dnf update python-flask` to safeguard your applications. Fedora Update, Python Flask, Security Fixes, Software Update. . LinuxSecurity.com Team

Calendar%202 Sep 09, 2025 Fedora
89

Fedora 42: 2025-853e37285c critical: mingw-python-flask session issue

Update to flask-3.1.1.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-853e37285c 2025-05-30 01:14:13.237014+00:00 -------------------------------------------------------------------------------- Name : mingw-python-flask Product : Fedora 42 Version : 3.1.1 Release : 1.fc42 URL : https://palletsprojects.com/projects/itsdangerous/ Summary : MinGW Windows Python flask library Description : MinGW Windows Python flask. -------------------------------------------------------------------------------- Update Information: Update to flask-3.1.1. -------------------------------------------------------------------------------- ChangeLog: * Tue May 20 2025 Sandro Mani - 3.1.1-1 - Update to 3.1.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2366239 - CVE-2025-47278 mingw-python-flask: Flask Session Signing Fallback Key Vulnerability [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2366239 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-853e37285c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Fedora 42 release of mingw-python-flask enhances session management with update 3.1.1.. mingw-python-flask update, Fedora security, Python flask library. . LinuxSecurity.com Team

Calendar%202 May 30, 2025 Fedora
89

Fedora 42: 2025-853e37285c critical: flask session signing issue

Update to flask-3.1.1.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-853e37285c 2025-05-30 01:14:13.237014+00:00 -------------------------------------------------------------------------------- Name : mingw-python-flit-core Product : Fedora 42 Version : 3.12.0 Release : 1.fc42 URL : https://pypi.org/project/flit-core/ Summary : MinGW Python flit_core library Description : MinGW Python flit_core library. -------------------------------------------------------------------------------- Update Information: Update to flask-3.1.1. -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 28 2025 Sandro Mani - 3.12.0-1 - Update to 3.12.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2366239 - CVE-2025-47278 mingw-python-flask: Flask Session Signing Fallback Key Vulnerability [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2366239 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-853e37285c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Fedora 42 has rolled out an update addressing an important issue with the flask session signing key. Users should install the fix using the dnf package manager with the advisory ID. Fedora 42 Update, Flask Session Key Issue, mingw-python-flit-core. . LinuxSecurity.com Team

Calendar%202 May 30, 2025 Fedora
172

Ubuntu 25.04 USN-7534-1 critical: Flask session signing with outdated keys

Flask could be made to sign sessions with stale keys.. ========================================================================== Ubuntu Security Notice USN-7534-1 May 26, 2025 flask vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 Summary: Flask could be made to sign sessions with stale keys. Software Description: - flask: Micro web framework based on Werkzeug and Jinja2 Details: It was discovered that Flask incorrectly handled key rotation. An attacker could possibly use this issue to sign sessions with stale keys. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 python3-flask 3.1.0-2ubuntu1.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7534-1 CVE-2025-47278 Package Information: https://launchpad.net/ubuntu/+source/flask/3.1.0-2ubuntu1.1 . Keep updated with Ubuntu Security Notice USN-7534-2 concerning Flask session signing using deprecated keys.. Flask Security, Ubuntu Security Notice, Session Signing, Key Rotation, Software Vulnerabilities. . LinuxSecurity.com Team

Calendar%202 May 26, 2025 Ubuntu
197

Debian 10 Buster DLA-3536-1 Critical: Flask Response Caching Issue

It was discovered that Flask, a lightweight WSGI web application framework, will under certain conditions cache a response containing data intended for one client and subsequently may send the response to other clients. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3536-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Sean Whitton August 20, 2023 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : flask Version : 1.0.2-3+deb10u1 CVE ID : CVE-2023-30861 Debian Bug : #1035670 It was discovered that Flask, a lightweight WSGI web application framework, will under certain conditions cache a response containing data intended for one client and subsequently may send the response to other clients. For Debian 10 buster, this problem has been fixed in version 1.0.2-3+deb10u1. We recommend that you upgrade your flask packages. For the detailed security status of flask please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/flask Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Django security patches addressed session storage vulnerabilities compromising user information. Make sure to refresh your dependencies for Ubuntu LTS.. Debian Security, Flask Framework, Web Application Security. . LinuxSecurity.com Team

Calendar%202 Aug 20, 2023 Debian LTS
87

Ubuntu: USN-5439-1 Moderate: Flask Session Cookie Vulnerability

It was discovered that in some conditions the Flask web framework may disclose a session cookie. For the oldstable distribution (bullseye), this problem has been fixed . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5442-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff June 29, 2023 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : flask CVE ID : CVE-2023-30861 It was discovered that in some conditions the Flask web framework may disclose a session cookie. For the oldstable distribution (bullseye), this problem has been fixed in version 1.1.2-2+deb11u1. We recommend that you upgrade your flask packages. For the detailed security status of flask please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/flask Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . A vulnerability in Flask has been identified that could leak session cookies on Debian systems. It's advisable to update your Flask packages to enhance security.. Flask Framework, Debian Security, Session Protection. . LinuxSecurity.com Team

Calendar%202 Jun 29, 2023 Debian
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is application sandboxing truly safe?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/155-is-application-sandboxing-truly-safe?task=poll.vote&format=json
155
radio
0
[{"id":500,"title":"Malware still escapes container walls.","votes":0,"type":"x","order":1,"pct":0,"resources":[]},{"id":501,"title":"Supply chains corrupt trusted packages.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":502,"title":"Convenience consistently compromises strict security.","votes":1,"type":"x","order":3,"pct":100,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200