Alerts This Week
Warning Icon 1 541
Alerts This Week
Warning Icon 1 541

Stay Secure with the Latest Linux Advisories

Ubuntu Large Esm H800
Ubuntu

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H800
Ubuntu

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Calendar White Jun 03, 2026
Critical
Oracle Large Esm H900
Oracle

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Calendar White Jun 03, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Calendar White Jun 02, 2026
moderate
Oracle Large Esm H800
Oracle

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Calendar White Jun 02, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Calendar White Jun 02, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -6 articles for you...
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisorysoftware updatedirectory traversal

Gentoo: GLSA-200511-16 Normal: GNUMP3d Directory Threat and File Issues

Two vulnerabilities have been identified in GNUMP3d allowing for limited directory traversal and insecure temporary file creation.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200511-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: GNUMP3d: Directory traversal and insecure temporary file creation Date: November 21, 2005 Bugs: #111990 ID: 200511-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Two vulnerabilities have been identified in GNUMP3d allowing for limited directory traversal and insecure temporary file creation. Background ========= GNUMP3d is a streaming server for MP3s, OGG vorbis files, movies and other media formats. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-sound/gnump3d < 2.9.7-r1 > = 2.9.7-r1 Description ========== Ludwig Nussel from SUSE Linux has identified two vulnerabilities in GNUMP3d. GNUMP3d fails to properly check for the existence of /tmp/index.lok before writing to the file, allowing for local unauthorized access to files owned by the user running GNUMP3d. GNUMP3d also fails to properly validate the "theme" GET variable from CGI input, allowing for unauthorized file inclusion. Impact ===== An attacker could overwrite files owned by the user running GNUMP3d by symlinking /tmp/index.lok to the file targeted for overwrite. An attacker could also include arbitrary files by traversing up the directory tree (at most two times, i.e. "../..") with the "theme"GET variable. Workaround ========= There is no known workaround at this time. Resolution ========= All GNUMP3d users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =media-sound/gnump3d-2.9.7-r1" References ========= [ 1 ] CVE-2005-3349 https://www.cve.org/CVERecord?id=CVE-2005-3349 [ 2 ] CVE-2005-3355 https://www.cve.org/CVERecord?id=CVE-2005-3355 [ 3 ] GNUMP3d Changelog Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200511-16 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.0/ . Delve into the standard severity security alert associated with GNUMP3d, uncovering vulnerabilities related to directory traversal as well as the hazards of insecure file generation.. GNUMP3d Security Advisory, Directory Traversal, Insecure Files, Gentoo Linux, Software Update. . LinuxSecurity.com Team

Calendar 2 Nov 21, 2005 Gentoo
87
Ls Advisories Debian Esm H240
Price Tag 1security advisoryupdatedebian

Debian 3.1 DSA 901-1 Important: Gnump3d Remote Vulnerability Issue

Updated package.. - --------------------------------------------------------------------------Debian Security Advisory DSA 901-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Martin Schulze November 19th, 2005 http://www.debian.org/security/faq - --------------------------------------------------------------------------Package : gnump3d Vulnerability : programming error Problem type : remote Debian-specific: no CVE IDs : CVE-2005-3349 CVE-2005-3355 Several vulnerabilities have been discovered in gnump3d, a streaming server for MP3 and OGG files. The Common Vulnerabilities and Exposures Project identifies the following problems: CVE-2005-3349 Ludwig Nussel discovered several temporary files that are created with predictable filenames in an insecure fashion and allows local attackers to craft symlink attacks. CVE-2005-3355 Ludwig Nussel discovered that the theme parameter to HTTP requests may be used for path traversal. The old stable distribution (woody) does not contain a gnump3d package. For the stable distribution (sarge) these problems have been fixed in version 2.9.3-1sarge3. For the unstable distribution (sid) these problems have been fixed in version 2.9.8-1. We recommend that you upgrade your gnump3 package. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: Size/MD5 checksum: 575 49b982ffa8bc0981063c22e43e37d8e0 Size/MD5 checksum: 16233 c719d2a258db442db1523c8f5c06560c Size/MD5 checksum: 616250 1a0d6a10f6ac2354e1f8c6000665f299 Architecture independent components: Size/MD5 checksum: 603396 87d0c50400f7cd2d96e4c42982102f7e These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . A critical alert for gnump3d on Debian systems highlights coding vulnerabilities and remote exploitation risks. Users should promptly secure installations and apply recommended patches. Debian Security Advisory, gnump3d Package Fix, Remote Attack Prevention. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Nov 19, 2005 Important Debian
Banner 4 1028x280 1708121825 1771600306
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorycriticaldebian

Debian 3.1: DSA 877-1 Critical: Gnump3d Cross-Site Scripting and Traversal

Updated package.. - --------------------------------------------------------------------------Debian Security Advisory DSA 877-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Martin Schulze October 28th, 2005 http://www.debian.org/security/faq - --------------------------------------------------------------------------Package : gnump3d Vulnerability : cross-site scripting, directory traversal Problem type : remote Debian-specific: no CVE ID : CVE-2005-3122 CVE-2005-3123 Steve Kemp discovered two vulnerabilities in gnump3d, a streaming server for MP3 and OGG files. The Common Vulnerabilities and Exposures Project identifies the following problems: CVE-2005-3122 The 404 error page does not strip malicious javascript content from the resulting page, which would be executed in the victims browser. CVE-2005-3123 By using specially crafting URLs it is possible to read arbitary files to which the user of the streaming server has access to. The old stable distribution (woody) does not contain a gnump3d package. For the stable distribution (sarge) these problems have been fixed in version 2.9.3-1sarge2. For the unstable distribution (sid) these problems have been fixed in version 2.9.6-1. We recommend that you upgrade your gnump3d package. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: Size/MD5 checksum: 57516114607fe426691518743a80a15deda Size/MD5 checksum: 616250 1a0d6a10f6ac2354e1f8c6000665f299 Size/MD5 checksum: 14298 9fbb9305ab4282b7957be8203dd6fb35 Architecture independent components: Size/MD5 checksum: 603662 a94ff8504be400030a5f5fdb08987da0 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . - --------------------------------------------------------------------------Debian Security Advisory. updated, package, --------------------------------------------------------------------------debian. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Oct 28, 2005 Critical Debian
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here