Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Stay Secure with the Latest Linux Advisories

Fedora Large Esm H800
Fedora

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Calendar White Jun 02, 2026
Important
Oracle Large Esm H800
Oracle

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Calendar White Jun 02, 2026
moderate
Oracle Large Esm H900
Oracle

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Calendar White Jun 03, 2026
Critical
Ubuntu Large Esm H800
Ubuntu

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Calendar White Jun 03, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -5 articles for you...
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisoryRed Hat Linuxdenial of service

Red Hat 5.2 & 6.x RHSA-2000:045-01 Moderate: gpm Denial Of Service

Multiple security problems and a gpmctl vulnerability exists. . --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: gpm security flaws have been addressed Advisory ID: RHSA-2000:045-01 Issue date: 2000-07-26 Updated on: 2000-07-26 Product: Red Hat Linux Keywords: gpm, denial of service, /dev/gpmctl, gpm-root, setgid Cross references: RHSA-2000:044 ---------------------------------------------------------------------1. Topic: gpm as shipped in Red Hat Linux 5.2 and 6.x contains a number of security problems. Additionally, a denial of service attack via /dev/gpmctl is possible. 2. Relevant releases/architectures: Red Hat Linux 5.2 - i386, alpha, sparc Red Hat Linux 6.0 - i386, alpha, sparc Red Hat Linux 6.1 - i386, alpha, sparc Red Hat Linux 6.2 - i386, alpha, sparc 3. Problem description: Two problems exist in gpm, the program used to enable mouse control on the console when not using X Windows: 1. gpm did not perform adequate checking of setgid return values in the gpm-root helper program. This resulted in an avenue of attack where local users could execute arbitrary commands with elevated group priviledges. 2. /dev/gpmctl was writable by users who were not on the console. A user could perform a local denial of service attack by flooding the socket. The security issue has been addressed on 5.2 and 6.x. For 6.x, the /dev/gpmctl ownership issue was addressed via the pam_console helper mechanism. This pam module makes devices which need to be accessible via console users owned by them and no one else. See RHSA-2000:044 for more information on this update. On 5.2, there is no control of console devices available via pam, so we have disabled access to /dev/gpmctl by default. 4. Solution: For each RPM for your particular architecture, run: rpm -Fvh [filename] where filename is the name of the RPM. For 6.x systems,you must upgrade your pam to the version discussed in RHSA-2000:044 to achieve protection from the denial of service attack. For Red Hat Linux 5.2, if you use gpm's "repeater" functionality for X Windows, you will need to reenable access to group/other users of /dev/gpmctl with the chown command. Red Hat Linux does not make use of this functionality by default, and we do not recommend taking this action for the reasons explained above. 5. Bug IDs fixed ( for more info): 11607 - Newest gpm RPM package will not install 6. RPMs required: Red Hat Linux 5.2: sparc: alpha: i386: sources: Red Hat Linux 6.2: sparc: i386: alpha: sources: 7. Verification: MD5 sum Package Name --------------------------------------------------------------------------7e14aa2b98ababfe815b292ff8439b50 5.2/SRPMS/gpm-1.19.3-0.5.x.src.rpm 668c1dd35c9e28cd54c34aed0126afe9 5.2/alpha/gpm-1.19.3-0.5.x.alpha.rpm 6e5ae7e9d4f552978d4821fe5e06e27b 5.2/i386/gpm-1.19.3-0.5.x.i386.rpm 13be2dda7373cbb90567b11dca1e8a76 5.2/sparc/gpm-1.19.3-0.5.x.sparc.rpm 8205248615a5e249e3612753ec7d7c08 6.2/SRPMS/gpm-1.19.3-0.6.x.src.rpm 1750a3ba1ff2094e9e77bcaac8ece826 6.2/alpha/gpm-1.19.3-0.6.x.alpha.rpm 0dd38c9d324a9e82ab8aceb75394a94e 6.2/i386/gpm-1.19.3-0.6.x.i386.rpm 274dfea2fffb8dc6785686409ba3f37a 6.2/sparc/gpm-1.19.3-0.6.x.sparc.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg 8. References: Copyright(c) 2000 Red Hat, Inc. -- ----------------------------------------------------------------------Please refer to the information about this list as well as general information about Linux security at . ---------------------------------------------------------------------- . Red Hat addresses security flaws in gpm affecting multiple iterations. Explore the solutions and improvements implemented.. gpm security advisory, Red Hat updates, denial of service fix. . LinuxSecurity.com Team

Calendar 2 May 28, 2023 Red Hat
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorycriticalsoftware update

Debian: DSA-095-1 Urgent: Local Root Access Vulnerability in Gpm

Among other problems, the gpm-root program contains a format stringvulnerability, which allows an attacker to gain root privileges.. ------------------------------------------------------------------------ Debian Security Advisory DSA-095-1 This email address is being protected from spambots. You need JavaScript enabled to view it. Debian -- Security Information Robert van der Meulen December 27, 2001 ------------------------------------------------------------------------ Package : gpm Problem type : local root vulnerability Debian-specific: no The package 'gpm' contains the 'gpm-root' program, which can be used to create mouse-activated menus on the console. Among other problems, the gpm-root program contains a format string vulnerability, which allows an attacker to gain root privileges. This has been fixed in version 1.17.8-18.1, and we recommend that you upgrade your 1.17.8-18 package immediately. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.2 alias potato --------------------------------- Potato was released for alpha, arm, i386, m68k, powerpc and sparc. Source archives: MD5 checksum: 8c48aa1656391d3755c289a87db13bf0 MD5 checksum: bafbe8ffe73d3b5783e9841f1894af77 MD5 checksum: 9d50c299bf925996546efaf32de1db7b Alpha architecture: MD5 checksum: 0e50705cadfd58777d02fa6806c10bdf MD5 checksum: cbeeeac3795318255126814d71b7b945 MD5 checksum: f5dd9e395259b037d20e013e112a55e8 ARM architecture: MD5 checksum: 6b41896ddfed4a119d17e5d8e8391384 MD5 checksum: f02444fc5a9a6a7c7da0e1cb19df24a6 MD5 checksum: 0ae3eb96377394d65e0e8031d0019147 Intel IA-32 architecture: MD5 checksum: 18c837abec8360db146681d2a713177a MD5 checksum: f60aa2b9720ee597f18fa3fa86a8af6e MD5 checksum: 815a1e90fe36e603f0803f92b6898f19 MD5 checksum: 514a1baee569e548349f7c4dc2941f3d MD5checksum: 52014c36f8155a0c89e9ade02d91cdbe Motorola 680x0 architecture: MD5 checksum: ce61772d26c799bce33d729ed7fc67b7 MD5 checksum: 923894ee7bdc1a8e648881eaf5f372da MD5 checksum: 019de1ecb144e3d10b5978ea640a24c4 MD5 checksum: 88d75f4b1f85e6aee903f886b311e127 MD5 checksum: 1ea940b2e3c5d7fade43d75ed3253569 PowerPC architecture: MD5 checksum: aa2415e6f489af235e173d6d5a69b05f MD5 checksum: cd823ce39eb4125ed4a8dd0c17362107 MD5 checksum: 0188cb6c4ffd82a146812e53c1387918 Sun Sparc architecture: MD5 checksum: b703c2e30b52446508f18951551839a3 MD5 checksum: b8a75b6ab45f649b9e458cf778545a9e MD5 checksum: fa4ae1bda04f3b13622d6e6bc9ffcb35 These packages will be moved into the stable distribution on its next revision. For not yet released architectures please refer to the appropriate directory . -- ---------------------------------------------------------------------------- apt-get: deb Debian -- Security Information stable/updates main dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . The Debian security advisory informs users of a critical local privilege escalation in gpm, related to unauthorized root access.. Debian Security Advisory,gpm local root,system integrity,security updates. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Dec 27, 2001 Critical Debian
Banner 4 1028x280 1708121825 1771600306
99
Ls Advisories Slackware Esm H240
Price Tag 1security advisorycritical issuesoftware update

Slackware 7.0: Emacs and GPM Security Fixes for Critical Issues

Unauthorized access and other security vulnerabilities are present in emacs and gpm for Slackware 7.0 and slackware-current.. There are two security updates available for Slackware 7.0 and slackware-current. Affected packages are gpm.tgz and the E series (Emacs). Users are advised to upgrade these packages as soon as possible. ================================== gpm 1.19.2 AVAILABLE - (a1/gpm.tgz) ================================== gpm was upgraded to 1.19.2 to fix remaining security problems in the gpm-root daemon. ================================ emacs 20.6 AVAILABLE - (e1/*.tgz) ================================ The E series was upgraded to GNU emacs 20.6. This upgraded the following packages: elisp.tgz emac_nox.tgz emacinfo.tgz emacleim.tgz emacmisc.tgz emacsbin.tgz The recent security patch posted to BugTraq by RUS-CERT, University of Stuttgart was applied before building the packages. The holes fixed include: o Under certain circumstances, unprivileged local users can eavesdrop the communication between Emacs and its subprocesses. o It is impossible to safely create temporary files in a public directory from Emacs Lisp. o The history of recently typed keys may expose passwords. The entire advisory (as well as the patch) can be read on ftp.slackware.com in: /pub/slackware/slackware-current/source/e/emacs-rus-cert.diff.gz Separate patches will not be produced for the /patches directory in the Slackware 7.0 distribution tree. Users of Slackware 7.0 can download the necessary packages from the Slackware-current tree and run upgradepkg to install them. It's generally a good idea to bring your system into runlevel 1 when doing package upgrades, just to minimize error. # telinit 1 # upgradepkg # telinit 3 Remember, it's also a good idea to backup configuration files before upgrading packages. .There are two security updates available for Slackware 7.0 and slackware-current. Affected packages . unauthorized, other, security, vulnerabilities, present, emacs, slackware. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Apr 25, 2000 Critical Slackware
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorymoderateaccess control

SuSE: 2000:0001 Moderate: gpm Escalation Risk for Local Users

Local users may gain access to group id 0 and hence may modify files owned and writable by the gid 0.. Date: Wed, 5 Apr 2000 21:58:55 +0200 (MEST) From: Marc Heuse This email address is being protected from spambots. You need JavaScript enabled to view it. Subject: [suse-security-announce] SuSE Security Announcement - gpm -------------------------------------------------------------------------------- SuSE Security Announcement Package: gpm < 1.18.1 Date: Wed, 5 Apr 2000 19:46:46 GMT Affected SuSE versions: all Vulnerability Type: execute commands with privilege SuSE default package: yes Other affected systems: all linux systems using gpm -------------------------------------------------------------------------------- A security hole was discovered in the package mentioned above. Please update as soon as possible or disable the service if you are using this software on your SuSE Linux installation(s). Other Linux distributions or operating systems might be affected as well, please contact your vendor for information about this issue. Please note that we provide this information on an "as-is" basis only. There is no warranty whatsoever and no liability for any direct, indirect or incidental damage arising from this information or the installation of the update package. -------------------------------------------------------------------------------- 1. Problem Description gpm is a cut and paste utility and mouse server for virtual consoles. The gpm-root command, which is part of the gpm package, allows local users to define menus and commands to be executed on mouse events. When a command is executed via gpm, the group id 0 priviliged is not dropped. 2. Impact Local users may gain access to group id 0 and hence may modify files owned and writable by the gid 0. 3. Solution Update the package from our FTP server. -------------------------------------------------------------------------------- Please verify these md5 checksums of the updates before installing: (For SuSE 6.0, please use the 6.1 updates) d71e12148aa501395bdf2a1192fa93de/6.1/ap1/gpm-1.18.1-44.alpha.rpm 1c20f45f754f9391c2b6c5b449f5ce42 /6.3/ap1/gpm-1.18.1-44.alpha.rpm 814b6fd854780f205de12889589ce8a2 c492bd85ec34d8e177d0e22b67b1c5bc a13f34f522acf560f7a4e5754ca0d85b ec64fd1187373f48c02922eb71ae2f7a 0564749dce51690719a3eb1be8514f03 8feb9a4a65af7e966f3fef4588b8bc5b 8a273a5c227ef077ae6ac34dc8284afb -------------------------------------------------------------------------------- You can find updates on our ftp-Server: for Intel processors for Alpha processors or try the following web pages for a list of mirrors: https://www.suse.com/de-de/ Our webpage for patches: https://www.suse.com/de-de/ Our webpage for security announcements: https://www.suse.com/de-de/ If you want to report vulnerabilities, please contact This email address is being protected from spambots. You need JavaScript enabled to view it. . Local users might exploit gpm vulnerabilities to obtain group id 0, threatening file permissions. Consider updating gpm package to mitigate risks.. gpm Security Update, SuSE Advisory, Access Control Linux, Privilege Escalation. . LinuxSecurity.com Team

Calendar 2 Apr 05, 2000 SuSE
Banner 4 1028x280 1708121825 1771600306
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here