Alerts This Week
Warning Icon 1 609
Alerts This Week
Warning Icon 1 609

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -3 articles for you...
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorydenial of serviceSuSE

SUSE dnsdist Important Denial of Service DoH Flaw 2026-0888-1

An update that solves two vulnerabilities and has one security fix can now be installed.. # Security update for dnsdist Announcement ID: SUSE-SU-2026:0888-1 Release Date: 2026-03-13T07:08:03Z Rating: important References: * bsc#1243566 * bsc#1250054 * bsc#1253852 Cross-References: * CVE-2025-30187 * CVE-2025-8671 CVSS scores: * CVE-2025-30187 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-30187 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-30187 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-8671 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-8671 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-8671 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for dnsdist fixes the following issues: Update to dnsdist 1.9.11: * CVE-2025-8671: Add mitigations for the HTTP/2 MadeYouReset attack (bsc#1253852). * CVE-2025-30187: denial of service via crafted DoH exchange (bsc#1250054). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-888=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * dnsdist-debugsource-1.9.11-150700.3.6.1 * dnsdist-debuginfo-1.9.11-150700.3.6.1 * dnsdist-1.9.11-150700.3.6.1 ## References: *https://www.suse.com/security/cve/CVE-2025-30187.html * https://www.suse.com/security/cve/CVE-2025-8671.html * https://bugzilla.suse.com/show_bug.cgi?id=1243566 * https://bugzilla.suse.com/show_bug.cgi?id=1250054 * https://bugzilla.suse.com/show_bug.cgi?id=1253852 . Critical SUSE update addresses important dnsdist flaws with denial of service and HTTP/2 security enhancements.. dnsdist, SUSE update, security fix, important vulnerabilities. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Mar 13, 2026 Important SuSE
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisoryDoSUbuntu

Ubuntu 24.10 and 22.04 LTS: USN-7127-1 Critical libsoup3 Security Advisory

Several security issues were fixed in libsoup3.. ========================================================================== Ubuntu Security Notice USN-7127-1 November 27, 2024 libsoup3 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in libsoup3. Software Description: - libsoup3: GObject introspection data for the libsoup HTTP library Details: It was discovered that libsoup ignored certain characters at the end of header names. A remote attacker could possibly use this issue to perform a HTTP request smuggling attack. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-52530) It was discovered that libsoup did not correctly handle memory while performing UTF-8 conversions. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2024-52531) It was discovered that libsoup could enter an infinite loop when reading certain websocket data. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-52532) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 libsoup-3.0-0 3.6.0-2ubuntu0.1 Ubuntu 24.04 LTS libsoup-3.0-0 3.4.4-5ubuntu0.1 Ubuntu 22.04 LTS libsoup-3.0-0 3.0.7-0ubuntu1+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7127-1 CVE-2024-52530, CVE-2024-52531, CVE-2024-52532 Package Information: https://launchpad.net/ubuntu/+source/libsoup3/3.6.0-2ubuntu0.1 https://launchpad.net/ubuntu/+source/libsoup3/3.4.4-5ubuntu0.1 . Essential libsoup3 enhancements for Ubuntu tackling external intrusions and denial-of-service vulnerabilities across various distributions.. libsoup3 security, Ubuntu update, HTTP smuggling, denial of service. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Nov 27, 2024 Critical Ubuntu
Banner 4 1028x280 1708121825 1771600306
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisoryremote accessubuntu

Ubuntu 24.04 LTS: USN-7057-1 critical: WEBrick HTTP smuggling risk

WEBrick could allow a HTTP request smuggling attack.. ========================================================================== Ubuntu Security Notice USN-7057-1 October 07, 2024 ruby-webrick vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS Summary: WEBrick could allow a HTTP request smuggling attack. Software Description: - ruby-webrick: HTTP server toolkit in Ruby Details: It was discovered that WEBrick incorrectly handled having both a Content- Length header and a Transfer-Encoding header. A remote attacker could possibly use this issue to perform a HTTP request smuggling attack. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS ruby-webrick 1.8.1-1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7057-1 CVE-2024-47220 Package Information: https://launchpad.net/ubuntu/+source/ruby-webrick/1.8.1-1ubuntu0.1 . Ubuntu patches address WEBrick flaw associated with HTTP request smuggling. Seek mitigation strategies and respond promptly!. Ubuntu Security Update, WEBrick Mitigation, HTTP Attack Prevention, Ruby WEBrick Advisory. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Oct 07, 2024 Critical Ubuntu
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorydenial of servicesecurity issue

Debian 10: DLA-3408-1 High: JRuby HTTP Attack Mitigations

Several vulnerabilities were fixed in JRuby, a Java implementation of the Ruby programming language. CVE-2017-17742 . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3408-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Adrian Bunk April 30, 2023 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : jruby Version : 9.1.17.0-3+deb10u1 CVE ID : CVE-2017-17742 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255 CVE-2020-25613 CVE-2021-31810 CVE-2021-32066 CVE-2023-28755 CVE-2023-28756 Debian Bug : 972230 1014818 Several vulnerabilities were fixed in JRuby, a Java implementation of the Ruby programming language. CVE-2017-17742 CVE-2019-16254 HTTP Response Splitting attacks in the HTTP server of WEBrick. CVE-2019-16201 Regular Expression Denial of Service vulnerability of WEBrick's Digest access authentication. CVE-2019-16255 Code injection vulnerability of Shell#[] and Shell#test. CVE-2020-25613 HTTP Request Smuggling attack in WEBrick. CVE-2021-31810 Trusting FTP PASV responses vulnerability in Net::FTP. CVE-2021-32066 Net::IMAP did not raise an exception when StartTLS fails with an an unknown response. CVE-2023-28755 Quadratic backtracking on invalid URI. CVE-2023-28756 The Time parser mishandled invalid strings that have specific characters. For Debian 10 buster, these problems have been fixed in version 9.1.17.0-3+deb10u1. We recommend that you upgrade your jruby packages. For the detailed security status of jruby please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/jruby Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at:https://wiki.debian.org/LTS . Remedies for various security flaws in JRuby have been implemented to bolster safety protocols in Debian 10, featuring enhancements to counter HTTP-related assaults.. jruby security, debian vulnerabilities, http response security, denial of service. . LinuxSecurity.com Team

Calendar 2 Apr 30, 2023 Debian LTS
Banner 4 1028x280 1708121825 1771600306
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydebiantomcat

Debian: DSA-5381-1 Severe: Tomcat9 HTTP Attack Risks and Fixes

Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2022-42252 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5381-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Markus Koschany April 05, 2023 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tomcat9 CVE ID : CVE-2022-42252 CVE-2022-45143 CVE-2023-28708 Debian Bug : 1033475 Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2022-42252 Apache Tomcat was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false. Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header. CVE-2022-45143 The JsonErrorReportValve in Apache Tomcat did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output. CVE-2023-28708 When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel. For the stable distribution (bullseye), these problems have been fixed in version 9.0.43-2~deb11u6. We recommend that you upgrade your tomcat9 packages. For the detailed security status of tomcat9 please refer to its security tracker pageat: https://security-tracker.debian.org/tracker/source-package/tomcat9 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Critical vulnerabilities identified in Tomcat's JSP processor necessitate immediate updates to mitigate risks. Update without delay.. Tomcat Security Update, HTTP Request Smuggling, Debian Security, Session Cookie Issue. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Apr 05, 2023 Important Debian
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorybuffer overflowcritical

Debian: DSA 934-1 Critical: Remote Code Execution in Pound

Two vulnerabilities have been discovered in Pound, a reverse proxy and load balancer for HTTP. The Common Vulnerabilities and Exposures project identifies the following problems:. - --------------------------------------------------------------------------Debian Security Advisory DSA 934-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Moritz Muehlenhoff January 9, 2006 http://www.debian.org/security/faq - --------------------------------------------------------------------------Package : pound Vulnerability : several Problem-Type : remote Debian-specific: no CVE ID : CVE-2005-1391 CVE-2005-3751 Debian Bug : 307852 Two vulnerabilities have been discovered in Pound, a reverse proxy and load balancer for HTTP. The Common Vulnerabilities and Exposures project identifies the following problems: * CVE-2005-1391: Overly long HTTP Host: headers may trigger a buffer overflow in the add_port() function, which may lead to the execution of arbitrary code. * CVE-2005-3751: HTTP requests with conflicting Content-Length and Transfer-Encoding headers could lead to HTTP Request Smuggling Attack, which can be exploited to bypass packet filters or poison web caches. The old stable distribution (woody) does not contain pound packages. For the stable distribution (sarge) these problems have been fixed in version 1.8.2-1sarge1 For the unstable distribution (sid) these problems have been fixed in version 1.9.4-1 We recommend that you upgrade your pound package. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update byadding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: Size/MD5 checksum: 643 334d91f8800581281ab9c8bad5bbdbf4 Size/MD5 checksum: 13242 9e404c899bfd5409610ed5f14345d341 Size/MD5 checksum: 140455 c9b0793bb4d57be2270093d79b13c019 Alpha architecture: Size/MD5 checksum: 73284 0458e20d63c3f5f5788afe7564a385da AMD64 architecture: Size/MD5 checksum: 68652 01ae48ac313a8e533f32eec2f6f7a62f ARM architecture: Size/MD5 checksum: 69072 73b7eb49a74c8a5ff6a8015cf9a0e45d Intel IA-32 architecture: Size/MD5 checksum: 68684 da43b8adaf115680c72d8f5dce9bc99f Intel IA-64 architecture: Size/MD5 checksum: 80756 ec6d043c70e50e8ba492ef6a73a4cc18 HP Precision architecture: Size/MD5 checksum: 70288 22fa75150b2253640667714cf6197567 Motorola 680x0 architecture: Size/MD5 checksum: 65138 1de5e7b4492a51900e13f9a0f5decd18 Big endian MIPS architecture: Size/MD5 checksum: 68586 3eb28320dc9229ee8cc08d2967e8ee9b Little endian MIPS architecture: Size/MD5 checksum: 68654 510807d792c96e8cc43edf72fcdcc243 PowerPC architecture: Size/MD5 checksum: 69218 d03e4cc71f99c2017a417cf8f073438c IBM S/390 architecture: Size/MD5 checksum: 69268 dac44abdc98358ccc66c2c3f41bd0965 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Ubuntu Security Notice USN 1234-1 addresses two vulnerabilities in the Apache web server that may lead to potential remote exploitation and data breaches.. Debian PoundSecurity, HTTP Load Balancer, Buffer Overflow Fix. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jan 27, 2006 Critical Debian
Banner 4 1028x280 1708121825 1771600306
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here