Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -5 articles for you...
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorycriticaldebian

Debian DSA 930-1 Critical: Smstools Format String Attack Exploit

Ulf Harnhammar from the Debian Security Audit project discovered a format string attack in the logging code of smstools, which may be exploited to execute arbitary code with root privileges.. - --------------------------------------------------------------------------Debian Security Advisory DSA 930-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Steve Kemp Jan 9, 2006 http://www.debian.org/security/faq - --------------------------------------------------------------------------Vulnerability : format string attack Problem-Type : local Debian-specific: no CVE ID : CVE-2006-0083 Ulf Harnhammar from the Debian Security Audit project discovered a format string attack in the logging code of smstools, which may be exploited to execute arbitary code with root privileges. The old stable distribution (woody) does not contain smstools package. For the stable distribution (sarge) this problem has been fixed in version 1.14.8-1sarge0. For the unstable distribution the package will be updated shortly. We recommend that you upgrade your smstools package. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: smstools_1.14.8-1sarge0.diff.gz Size/MD5 checksum: 5106 ef55852ce6da003ef5f45df6eed1a8c5 smstools_1.14.8-1sarge0.dsc Size/MD5 checksum: 624 1e69b0c4a20ce7f08bce8a8b51b8504d smstools_1.14.8.orig.tar.gz Size/MD5 checksum: 15842385b342e53d7fdde89ef25ad21e1c5fe0 Alpha architecture: smstools_1.14.8-1sarge0_alpha.deb Size/MD5 checksum: 184268 59ca41ecd61cc94de2b63c8698464732 AMD64 architecture: smstools_1.14.8-1sarge0_amd64.deb Size/MD5 checksum: 178130 f957b798e9de3075e013521bbf6241d6 ARM architecture: smstools_1.14.8-1sarge0_arm.deb Size/MD5 checksum: 173506 aa2b0df1d47ad50070aebacc266f729d HP Precision architecture: smstools_1.14.8-1sarge0_hppa.deb Size/MD5 checksum: 180032 168dba93586bc10214fbb6a5914f962e Intel IA-32 architecture: smstools_1.14.8-1sarge0_i386.deb Size/MD5 checksum: 166816 aee3afc84707f7190c255ed3739c2958 Intel IA-64 architecture: smstools_1.14.8-1sarge0_ia64.deb Size/MD5 checksum: 201440 9868ead0f8885bc3851137b23d76877d Motorola 680x0 architecture: smstools_1.14.8-1sarge0_m68k.deb Size/MD5 checksum: 166452 d713ee667bee3c3186ba477f9d0f91a8 Big endian MIPS architecture: smstools_1.14.8-1sarge0_mips.deb Size/MD5 checksum: 182332 846d0a829680db2b3662982c9fe49d4f Little endian MIPS architecture: smstools_1.14.8-1sarge0_mipsel.deb Size/MD5 checksum: 182004 db7200f1504ea22681e23e749435c22a PowerPC architecture: smstools_1.14.8-1sarge0_powerpc.deb Size/MD5 checksum: 172100 183e00f44548fce56df228441593bb90 IBM S/390 architecture: smstools_1.14.8-1sarge0_s390.deb Size/MD5 checksum: 179978 ab77f608c71a908bc51e7781b51c416d Sun Sparc architecture: smstools_1.14.8-1sarge0_sparc.deb Size/MD5 checksum: 175994 a03ff752a8910e397e73f53649c5a931 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. .The Debian project has issued security advisory DSA 931-1 addressing a vulnerability in the smstools package that could be exploited for privilege escalation via a format string attack.. Debian Security Advisory, Format String Exploit, Smstools Security. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jan 27, 2006 Critical Debian
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisoryhigh severityremote exploit

Gentoo: GLSA-200408-19 High: Remote Format String Attack in Courier-IMAP

There is a format string vulnerability in non-standard configurations of courier-imapd which may be exploited remotely. An attacker may be able to execute arbitrary code as the user running courier-imapd (oftentimes root). [More...]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200408-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: courier-imap: Remote Format String Vulnerability Date: August 19, 2004 Bugs: #60865 ID: 200408-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= There is a format string vulnerability in non-standard configurations of courier-imapd which may be exploited remotely. An attacker may be able to execute arbitrary code as the user running courier-imapd (oftentimes root). Background ========= Courier-IMAP is an IMAP server which is part of the Courier mail system. It provides access only to maildirs. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-mail/courier-imap = 3.0.5 Description ========== There is a format string vulnerability in the auth_debug() function which can be exploited remotely, potentially leading to arbitrary code execution as the user running the IMAP daemon (oftentimes root). A remote attacker may send username or password information containing printf() format tokens (such as "%s"), which will crash the server or cause it to execute arbitrary code. This vulnerability can only be exploited if DEBUG_LOGIN is set to something other than 0 in the imapd config file. Impact ===== If DEBUG_LOGIN is enabled inthe imapd configuration, a remote attacker may execute arbitrary code as the root user. Workaround ========= Set the DEBUG_LOGIN option in /etc/courier-imap/imapd to 0. (This is the default value.) Resolution ========= All courier-imap users should upgrade to the latest version: # emerge sync # emerge -pv "> =net-mail/courier-imap-3.0.5" # emerge "> =net-mail/courier-imap-3.0.5" References ========= [ 1 ] iDEFENSE Advisory ;type=vulnerabilities&flashstatus=true Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200408-19 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2004 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/1.0/ . A vulnerability in courier-imap's handling of remote format strings could lead to privilege escalation to root level. Gentoo users are urged to apply updates promptly.. courier-imap exploit,Gentoo advisory,remote exec issue,format string attack. . LinuxSecurity.com Team

Calendar 2 Aug 19, 2004 Gentoo
Banner 3 1028x280 1708121785 1771599793
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorybuffer overflowremote exploit

Debian 2.2 DSA-066-1 Critical: Cfingerd Remote Exploit Fix

Buffer overflow and format string attack vulnerabilities exist in previous versions of cfingerd.. ------------------------------------------------------------------------ Debian Security Advisory DSA-066-1 This email address is being protected from spambots. You need JavaScript enabled to view it. Debian -- Security Information Wichert Akkerman July 11, 2001 ------------------------------------------------------------------------ Package : cfingerd Problem type : remote exploit Debian-specific: no Steven van Acker reported on bugtraq that the version of cfingerd (a configurable finger daemon) as distributed in Debian GNU/Linux 2.2 suffers from two problems: 1. The code that reads configuration files (files in which $ commands are expanded) copied its input to a buffer without checking for a buffer overflow. When the ALLOW_LINE_PARSING feature is enabled that code is used for reading users files as well, so local users could exploit this. 2. There also was a printf call in the same routine that did not protect against printf format attacks. Since ALLOW_LINE_PARSING is enabled in the default /etc/cfingerd.conf local users could use this to gain root access. This has been fixed in version 1.4.1-1.2, and we recommend that you upgrade your cfingerd package immediately. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.2 alias potato --------------------------------- Potato was released for alpha, arm, i386, m68k, powerpc and sparc. Source archives: MD5 checksum: e1e5ed3fe85f2af5304b9f0d3d236a91 MD5 checksum: 966e205737bcd43182d01114694ed52a MD5 checksum: 0461179bca7bb9b00fb23c0886666cb0 Alpha architecture: MD5 checksum: 9c43dd39460c58ed6a0134333349e2f9 ARM architecture: MD5 checksum: 70da6073d42fbbdd29a025517127ebb0 Intel IA-32 architecture: MD5 checksum: 2281e1aa8dc439680b1df546a5139aae Motorola 680x0 architecture: MD5checksum: 19bf9fbcf1d2e1d7d38ff5bd00c6dc0a PowerPC architecture: MD5 checksum: 383389307d0ebd11b3f8a20abe1395a9 Sun Sparc architecture: MD5 checksum: 1e734a8573e1c05d8e07ffcc8543c4e9 These packages will be moved into the stable distribution on its next revision. For not yet released architectures please refer to the appropriate directory . -- ---------------------------------------------------------------------------- apt-get: deb Debian -- Security Information stable/updates main dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Reassess cfingerd to mitigate risks linked to buffer overflow and format string security flaws that may enable remote attacks. Immediate action recommended.. Cfingerd Exploit Fix, Debian Security Update, Remote Exploit, Buffer Overflow, Format String Attack. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jul 11, 2001 Critical Debian
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorybuffer overflowDebian

Debian 2.2: DSA-014-2 Critical: Splitvt Buffer Overflow Threat

Numerous buffer overflow and a format string attacks exist in previous versions.. - ---------------------------------------------------------------------------- Debian Security Advisory DSA-014-2 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Martin Schulze January 23, 2001 - ---------------------------------------------------------------------------- Package : splitvt Vulnerability : buffer overflow and format string attack Debian-specific: no This advisory is only a corrected security advisory for DSA 014-1 since I wasn't careful enough last night and files from an older advisory back from June 2000 slipped through. To keep confusion to a minimum this advisory contains all relevant URLs - and only these. It was reported recently that splitvt is vulnerable to numerous buffer overflow attack and a format string attack. An attacker was able to gain access to the tty group. We recommend you upgrade your splitvt package immediately. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 2.2 alias potato - ------------------------------------ Potato was released for the alpha, arm, i386, m68k, powerpc and sparc architectures. Source archives: MD5 checksum: 475d1066c013102625c79757b3615d9b MD5 checksum: dcfd3f56c5f7a3686e35a2de47614944 MD5 checksum: f93974daa4f39945b3d5b9cc39bb1b0f Intel ia32 architecture: MD5 checksum: ccb41228b11505bb25dc2f09830b3964 Motorola 680x0 architecture: MD5 checksum: fae77f348ae28c89de0e51965cbafd35 Sun Sparc architecture: MD5 checksum: 7bfd098f4a8f884a63805ae13c1e9cea Alpha architecture: MD5 checksum: e960372181b65e167c41f36707ef48cf PowerPC architecture: MD5 checksum: d0d3b36c20b2999c7c7610a48866167e ARM architecture: MD5checksum: 1d697bed936476ae88fd478aba112be8 These files will be moved into soon. For not yet released architectures please refer to the appropriate directory . - ---------------------------------------------------------------------------- For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. Package info: `apt-cache show ' and https://www.debian.org/distrib/packages . Immediate update issued for splitvt tackling severe security flaws concerning buffer overflow and format string attacks in Debian systems.. splitvt, buffer overflow, format string, Debian security. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jan 22, 2001 Critical Debian
Banner 3 1028x280 1708121785 1771599793
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here