Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
172
security advisorymoderatedenial of serviceUbuntu 25.04: PHP Moderate Denial of Service Flaws USN-7648-1
Several security issues were fixed in PHP.. ========================================================================== Ubuntu Security Notice USN-7648-1 July 17, 2025 php8.1, php8.3, php8.4 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in PHP. Software Description: - php8.4: HTML-embedded scripting language interpreter - php8.3: HTML-embedded scripting language interpreter - php8.1: HTML-embedded scripting language interpreter Details: It was discovered that PHP incorrectly handled certain hostnames containing null characters. A remote attacker could possibly use this issue to bypass certain hostname validation checks. (CVE-2025-1220) It was discovered that PHP incorrectly handled the pgsql and pdo_pgsql escaping functions. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2025-1735) It was discovered that PHP incorrectly handled parsing certain XML data in SOAP extensions. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2025-6491) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 libapache2-mod-php8.4 8.4.5-1ubuntu1.1 php8.4 8.4.5-1ubuntu1.1 php8.4-cgi 8.4.5-1ubuntu1.1 php8.4-cli 8.4.5-1ubuntu1.1 php8.4-fpm 8.4.5-1ubuntu1.1 php8.4-pgsql 8.4.5-1ubuntu1.1 Ubuntu 24.04 LTS libapache2-mod-php8.3 8.3.6-0ubuntu0.24.04.5 php8.3 8.3.6-0ubuntu0.24.04.5 php8.3-cgi 8.3.6-0ubuntu0.24.04.5 php8.3-cli 8.3.6-0ubuntu0.24.04.5 php8.3-fpm 8.3.6-0ubuntu0.24.04.5 php8.3-pgsql 8.3.6-0ubuntu0.24.04.5 Ubuntu 22.04 LTS libapache2-mod-php7.4 8.1.2-1ubuntu2.22 libapache2-mod-php8.0 8.1.2-1ubuntu2.22 libapache2-mod-php8.1 8.1.2-1ubuntu2.22 php8.1 8.1.2-1ubuntu2.22 php8.1-cgi 8.1.2-1ubuntu2.22 php8.1-cli 8.1.2-1ubuntu2.22 php8.1-fpm 8.1.2-1ubuntu2.22 php8.1-pgsql 8.1.2-1ubuntu2.22 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7648-1 CVE-2025-1220, CVE-2025-1735, CVE-2025-6491 Package Information: https://launchpad.net/ubuntu/+source/php8.3/8.3.6-0ubuntu0.24.04.5 https://launchpad.net/ubuntu/+source/php8.1/8.1.2-1ubuntu2.22 . Multiple vulnerabilities in PHP on Ubuntu patched via updates. Potential denial of service threats mitigated successfully.. PHP Security, Ubuntu PHP Update, Denial of Service Fix. . LinuxSecurity.com Team
Jul 17, 2025
Ubuntu
203
security advisorysecurity updatecriticalMageia 8 MGASA-2022-0469 Critical: Python-Slixmpp Certificate Issue
Fixes missing certificate hostname validation References: - https://bugs.mageia.org/show_bug.cgi?id=31200 - https://lists.fedoraproject.org/archives/list/
Dec 17, 2022
•Critical
Mageia
197
security advisorysecurity issueupdateDebian 8 Jessie DLA-1976-1: Imapfilter Moderate Security Fix
The imapfilter tool, a utility for scripting IMAP operations in lua, lacked server name / certificate peer hostname validation support. . Package : imapfilter Version : 1:2.5.2-2+deb8u1 CVE ID : CVE-2016-10937 Debian Bug : 939702 The imapfilter tool, a utility for scripting IMAP operations in lua, lacked server name / certificate peer hostname validation support. For Debian 8 "Jessie", this problem has been fixed in version 1:2.5.2-2+deb8u1. We recommend that you upgrade your imapfilter packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail:
Oct 30, 2019
Debian LTS
89
security advisoryfedorasoftware updateFedora 20: Security Advisory on Openstack-Neutron DoS Issue - Critical Fix
2013.2.4 rebase; CVE-2014-7821 fixed.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-5997 2015-04-11 04:34:30 -------------------------------------------------------------------------------- Name : openstack-neutron Product : Fedora 20 Version : 2013.2.4 Release : 8.fc20 URL : https://launchpad.net/neutron/ Summary : OpenStack Networking Service Description : Neutron is a virtual network service for Openstack. Just like OpenStack Nova provides an API to dynamically request and configure virtual servers, Neutron provides an API to dynamically request and configure virtual networks. These networks connect "interfaces" from other OpenStack services (e.g., virtual NICs from Nova VMs). The Neutron API supports extensions to provide advanced network capabilities (e.g., QoS, ACLs, network monitoring, etc.) -------------------------------------------------------------------------------- Update Information: 2013.2.4 rebase; CVE-2014-7821 fixed. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 9 2015 Ihar Hrachyshka 2013.2.4-8 - CVE-2014-7821: Fix hostname validation for nameservers, rhbz#1165887 - CVE-2014-7821: Fix hostname regex pattern, rhbz#1165887 * Fri Oct 10 2014 Ihar Hrachyshka 2013.2.4-7 - Readded python-pbr as dependency (was dropped during el6-havana merge). * Fri Oct 10 2014 Ihar Hrachyshka 2013.2.4-6 - Fixed an error in %pre rule that adds neutron user that was introduced during el6-havana branch merged. * Wed Oct 8 2014 Ihar Hrachyshka 2013.2.4-5 - use parallel installed versions in RHEL6 * Mon Sep 29 2014 Ihar Hrachyshka 2013.2.4-4 - enforce force_gateway_on_subnet=True in neutron-dist.conf, rhbz#1090553 * Thu Sep 25 2014 Ihar Hrachyshka 2013.2.4-3 - Forbid regular users to reset admin-only attrs to default values, rhbz#1142013 * Mon Sep 22 2014 Ihar Hrachyshka 2013.2.4-2 - Merged in el6-havana branch, resolving conflictsbetween platforms with if-else conditionals. This is needed because el6-havana was (erroneously) locked when locking el6 branch. * Mon Sep 22 2014 Ihar Hrachyshka 2013.2.4-1 - Update to upstream 2013.2.4 * Wed Jul 23 2014 Ihar Hrachyshka 2013.2.3-13 - no quota for allowed address pair, rhbz#1122428 * Wed Jul 16 2014 Miguel Ãngel Ajo 2013.2.3-12 - Moved all plugin sources to python-neutron to avoid breaking hidden upstream dependencies from agents to plugins, etc. fixes rhbz#1120146 - Removed the hyper-v agent exclude. - Added a few LICENSE files to packages that missed it. * Tue Jun 24 2014 Ihar Hrachyshka 2013.2.3-11 - Send SIGTERM signal only to parent process when stopping neutron service, bz#1110642 * Tue Jun 24 2014 Ihar Hrachyshka 2013.2.3-10 - Notify systemd when starting Neutron server, bz#1063427 * Tue Jun 17 2014 Ihar Hrachyshka 2013.2.3-9 - Install SNAT rules for ipv4 only, bz#1110142 * Wed Jun 11 2014 Ihar Hrachyshka 2013.2.3-8 - Ensure routing key is specified in the address for a direct producer, bz#1108025 * Mon May 19 2014 Ihar Hrachyshka 2013.2.3-7 - netaddr
Apr 21, 2015
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!