Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
219
security advisorymoderatebuffer overflowRocky Linux 8 RLSA-2023-7028 - python Critical Vector Path Vulnerability
Moderate: ruby:2.5 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2023:7025", "synopsis": "Moderate: ruby:2.5 security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for rubygem-bson, module.rubygem-bundler, rubygem-bundler, rubygem-abrt, module.rubygem-mongo, module.rubygem-pg, rubygem-mysql2, module.rubygem-mysql2, ruby, module.rubygem-abrt, module.rubygem-bson, rubygem-pg, module.ruby, rubygem-mongo.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.\n\nSecurity Fix(es):\n\n* ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621)\n\n* ruby: Buffer overrun in String-to-Float conversion (CVE-2022-28739)\n\n* ruby: ReDoS vulnerability in URI (CVE-2023-28755)\n\n* ruby: ReDoS vulnerability in Time (CVE-2023-28756)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 8.9 Release Notes linked from the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2075687", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2075687", "description": ""}, {"ticket": "2149706", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2149706", "description": ""}, {"ticket": "2184059", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2184059", "description": ""}, {"ticket": "2184061", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2184061", "description": ""}],"cves": [{"name": "CVE-2021-33621", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33621", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.8", "cwe": "CWE-113"}, {"name": "CVE-2022-28739", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28739", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "cvss3BaseScore": "6.2", "cwe": "CWE-125"}, {"name": "CVE-2023-28755", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28755", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "cvss3BaseScore": "5.3", "cwe": "CWE-20"}, {"name": "CVE-2023-28756", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28756", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "cvss3BaseScore": "5.3", "cwe": "CWE-20"}], "references": [], "publishedAt": "2026-04-14T18:01:10.838937Z", "rpms": {"Rocky Linux 8": {"nvras": ["rubygem-mongo-0:2.5.1-2.module+el8.9.0+1536+5f79634e.noarch.rpm", "rubygem-mongo-0:2.5.1-2.module+el8.9.0+1536+5f79634e.src.rpm", "rubygem-mongo-doc-0:2.5.1-2.module+el8.9.0+1536+5f79634e.noarch.rpm", "rubygem-mysql2-0:0.4.10-4.module+el8.9.0+1536+5f79634e.aarch64.rpm", "rubygem-mysql2-0:0.4.10-4.module+el8.9.0+1536+5f79634e.src.rpm", "ruby-0:2.5.9-111.module+el8.9.0+1536+5f79634e.aarch64.rpm", "ruby-0:2.5.9-111.module+el8.9.0+1536+5f79634e.i686.rpm", "ruby-0:2.5.9-111.module+el8.9.0+1536+5f79634e.src.rpm", "ruby-0:2.5.9-111.module+el8.9.0+1536+5f79634e.x86_64.rpm", "ruby-debuginfo-0:2.5.9-111.module+el8.9.0+1536+5f79634e.aarch64.rpm", "ruby-debuginfo-0:2.5.9-111.module+el8.9.0+1536+5f79634e.i686.rpm", "ruby-debuginfo-0:2.5.9-111.module+el8.9.0+1536+5f79634e.x86_64.rpm", "ruby-debugsource-0:2.5.9-111.module+el8.9.0+1536+5f79634e.aarch64.rpm", "ruby-debugsource-0:2.5.9-111.module+el8.9.0+1536+5f79634e.i686.rpm","ruby-debugsource-0:2.5.9-111.module+el8.9.0+1536+5f79634e.x86_64.rpm", "ruby-devel-0:2.5.9-111.module+el8.9.0+1536+5f79634e.aarch64.rpm", "ruby-devel-0:2.5.9-111.module+el8.9.0+1536+5f79634e.i686.rpm", "ruby-devel-0:2.5.9-111.module+el8.9.0+1536+5f79634e.x86_64.rpm", "ruby-doc-0:2.5.9-111.module+el8.9.0+1536+5f79634e.noarch.rpm", "rubygem-abrt-0:0.3.0-4.module+el8.9.0+1536+5f79634e.noarch.rpm", "rubygem-abrt-0:0.3.0-4.module+el8.5.0+738+032c9c02.noarch.rpm", "rubygem-abrt-0:0.3.0-4.module+el8.9.0+1536+5f79634e.src.rpm", "rubygem-abrt-0:0.3.0-4.module+el8.5.0+738+032c9c02.src.rpm", "rubygem-abrt-doc-0:0.3.0-4.module+el8.9.0+1536+5f79634e.noarch.rpm", "rubygem-abrt-doc-0:0.3.0-4.module+el8.5.0+738+032c9c02.noarch.rpm", "rubygem-bigdecimal-0:1.3.4-111.module+el8.9.0+1536+5f79634e.aarch64.rpm", "rubygem-bigdecimal-0:1.3.4-111.module+el8.9.0+1536+5f79634e.i686.rpm", "rubygem-bigdecimal-0:1.3.4-111.module+el8.9.0+1536+5f79634e.x86_64.rpm", "rubygem-bigdecimal-debuginfo-0:1.3.4-111.module+el8.9.0+1536+5f79634e.aarch64.rpm", "rubygem-bigdecimal-debuginfo-0:1.3.4-111.module+el8.9.0+1536+5f79634e.i686.rpm", "rubygem-bigdecimal-debuginfo-0:1.3.4-111.module+el8.9.0+1536+5f79634e.x86_64.rpm", "rubygem-bson-0:4.3.0-2.module+el8.9.0+1536+5f79634e.aarch64.rpm", "rubygem-bson-0:4.3.0-2.module+el8.9.0+1536+5f79634e.src.rpm", "rubygem-bson-0:4.3.0-2.module+el8.9.0+1536+5f79634e.x86_64.rpm", "rubygem-bson-debuginfo-0:4.3.0-2.module+el8.9.0+1536+5f79634e.aarch64.rpm", "rubygem-bson-debuginfo-0:4.3.0-2.module+el8.9.0+1536+5f79634e.x86_64.rpm", "rubygem-bson-debugsource-0:4.3.0-2.module+el8.9.0+1536+5f79634e.aarch64.rpm", "rubygem-bson-debugsource-0:4.3.0-2.module+el8.9.0+1536+5f79634e.x86_64.rpm", "rubygem-bson-doc-0:4.3.0-2.module+el8.9.0+1536+5f79634e.noarch.rpm", "rubygem-bundler-0:1.16.1-4.module+el8.9.0+1536+5f79634e.noarch.rpm", "rubygem-bundler-0:1.16.1-4.module+el8.9.0+1536+5f79634e.src.rpm", "rubygem-bundler-doc-0:1.16.1-4.module+el8.9.0+1536+5f79634e.noarch.rpm","rubygem-did_you_mean-0:1.2.0-111.module+el8.9.0+1536+5f79634e.noarch.rpm", "rubygem-io-console-0:0.4.6-111.module+el8.9.0+1536+5f79634e.aarch64.rpm", "rubygem-io-console-0:0.4.6-111.module+el8.9.0+1536+5f79634e.i686.rpm", "rubygem-io-console-0:0.4.6-111.module+el8.9.0+1536+5f79634e.x86_64.rpm", "rubygem-io-console-debuginfo-0:0.4.6-111.module+el8.9.0+1536+5f79634e.aarch64.rpm", "rubygem-io-console-debuginfo-0:0.4.6-111.module+el8.9.0+1536+5f79634e.i686.rpm", "rubygem-io-console-debuginfo-0:0.4.6-111.module+el8.9.0+1536+5f79634e.x86_64.rpm", "rubygem-json-0:2.1.0-111.module+el8.9.0+1536+5f79634e.aarch64.rpm", "rubygem-json-0:2.1.0-111.module+el8.9.0+1536+5f79634e.i686.rpm", "rubygem-json-0:2.1.0-111.module+el8.9.0+1536+5f79634e.x86_64.rpm", "rubygem-json-debuginfo-0:2.1.0-111.module+el8.9.0+1536+5f79634e.aarch64.rpm", "rubygem-json-debuginfo-0:2.1.0-111.module+el8.9.0+1536+5f79634e.i686.rpm", "rubygem-json-debuginfo-0:2.1.0-111.module+el8.9.0+1536+5f79634e.x86_64.rpm", "rubygem-minitest-0:5.10.3-111.module+el8.9.0+1536+5f79634e.noarch.rpm", "rubygem-mysql2-0:0.4.10-4.module+el8.9.0+1536+5f79634e.x86_64.rpm", "rubygem-mysql2-debuginfo-0:0.4.10-4.module+el8.9.0+1536+5f79634e.aarch64.rpm", "rubygem-mysql2-debuginfo-0:0.4.10-4.module+el8.9.0+1536+5f79634e.x86_64.rpm", "rubygem-mysql2-debugsource-0:0.4.10-4.module+el8.9.0+1536+5f79634e.aarch64.rpm", "rubygem-mysql2-debugsource-0:0.4.10-4.module+el8.9.0+1536+5f79634e.x86_64.rpm", "rubygem-mysql2-doc-0:0.4.10-4.module+el8.9.0+1536+5f79634e.noarch.rpm", "rubygem-net-telnet-0:0.1.1-111.module+el8.9.0+1536+5f79634e.noarch.rpm", "rubygem-openssl-0:2.1.2-111.module+el8.9.0+1536+5f79634e.aarch64.rpm", "rubygem-openssl-0:2.1.2-111.module+el8.9.0+1536+5f79634e.i686.rpm", "rubygem-openssl-0:2.1.2-111.module+el8.9.0+1536+5f79634e.x86_64.rpm", "rubygem-openssl-debuginfo-0:2.1.2-111.module+el8.9.0+1536+5f79634e.aarch64.rpm", "rubygem-openssl-debuginfo-0:2.1.2-111.module+el8.9.0+1536+5f79634e.i686.rpm","rubygem-openssl-debuginfo-0:2.1.2-111.module+el8.9.0+1536+5f79634e.x86_64.rpm", "rubygem-pg-0:1.0.0-3.module+el8.9.0+1536+5f79634e.aarch64.rpm", "rubygem-pg-0:1.0.0-3.module+el8.9.0+1536+5f79634e.src.rpm", "rubygem-pg-0:1.0.0-3.module+el8.9.0+1536+5f79634e.x86_64.rpm", "rubygem-pg-debuginfo-0:1.0.0-3.module+el8.9.0+1536+5f79634e.aarch64.rpm", "rubygem-pg-debuginfo-0:1.0.0-3.module+el8.9.0+1536+5f79634e.x86_64.rpm", "rubygem-pg-debugsource-0:1.0.0-3.module+el8.9.0+1536+5f79634e.aarch64.rpm", "rubygem-pg-debugsource-0:1.0.0-3.module+el8.9.0+1536+5f79634e.x86_64.rpm", "rubygem-pg-doc-0:1.0.0-3.module+el8.9.0+1536+5f79634e.noarch.rpm", "rubygem-power_assert-0:1.1.1-111.module+el8.9.0+1536+5f79634e.noarch.rpm", "rubygem-psych-0:3.0.2-111.module+el8.9.0+1536+5f79634e.aarch64.rpm", "rubygem-psych-0:3.0.2-111.module+el8.9.0+1536+5f79634e.i686.rpm", "rubygem-psych-0:3.0.2-111.module+el8.9.0+1536+5f79634e.x86_64.rpm", "rubygem-psych-debuginfo-0:3.0.2-111.module+el8.9.0+1536+5f79634e.aarch64.rpm", "rubygem-psych-debuginfo-0:3.0.2-111.module+el8.9.0+1536+5f79634e.i686.rpm", "rubygem-psych-debuginfo-0:3.0.2-111.module+el8.9.0+1536+5f79634e.x86_64.rpm", "rubygem-rake-0:12.3.3-111.module+el8.9.0+1536+5f79634e.noarch.rpm", "rubygem-rdoc-0:6.0.1.1-111.module+el8.9.0+1536+5f79634e.noarch.rpm", "rubygems-0:2.7.6.3-111.module+el8.9.0+1536+5f79634e.noarch.rpm", "rubygems-devel-0:2.7.6.3-111.module+el8.9.0+1536+5f79634e.noarch.rpm", "rubygem-test-unit-0:3.2.7-111.module+el8.9.0+1536+5f79634e.noarch.rpm", "rubygem-xmlrpc-0:0.3.0-111.module+el8.9.0+1536+5f79634e.noarch.rpm", "ruby-irb-0:2.5.9-111.module+el8.9.0+1536+5f79634e.noarch.rpm", "ruby-libs-0:2.5.9-111.module+el8.9.0+1536+5f79634e.aarch64.rpm", "ruby-libs-0:2.5.9-111.module+el8.9.0+1536+5f79634e.i686.rpm", "ruby-libs-0:2.5.9-111.module+el8.9.0+1536+5f79634e.x86_64.rpm", "ruby-libs-debuginfo-0:2.5.9-111.module+el8.9.0+1536+5f79634e.aarch64.rpm", "ruby-libs-debuginfo-0:2.5.9-111.module+el8.9.0+1536+5f79634e.i686.rpm","ruby-libs-debuginfo-0:2.5.9-111.module+el8.9.0+1536+5f79634e.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Rocky Linux has issued a moderate security advisory for Ruby 2.5, addressing important security issues and updates.. Rocky Linux Updates, Ruby Security Alert, Ruby 2.5 Patch. . LinuxSecurity.com Team
Apr 14, 2026
Rocky Linux
89
security advisorysecurity issuefedoraFedora 44: python-HTTP-Server Urgent URL Manipulation Patch 2026-4eea126be4
1.282 - Sanitize all user-supplied values before inserting into HTTP headers; Fixed CVE-2025-40927.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-3dd97ed203 2025-12-11 10:08:40.514023+00:00 -------------------------------------------------------------------------------- Name : perl-CGI-Simple Product : Fedora 43 Version : 1.282 Release : 1.fc43 URL : https://metacpan.org/release/CGI-Simple Summary : Simple totally OO CGI interface that is CGI.pm compliant Description : Simple totally OO CGI interface that is CGI.pm compliant. -------------------------------------------------------------------------------- Update Information: 1.282 - Sanitize all user-supplied values before inserting into HTTP headers; Fixed CVE-2025-40927. -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 2 2025 Jitka Plesnikova - 1.282-1 - 1.282 bump (rhbz#2392359) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2391834 - CVE-2025-40927 perl-CGI-Simple: CGI::Simple versions 1.281 and earlier for Perl has a HTTP response splitting flaw [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2391834 [ 2 ] Bug #2392359 - Upgrade perl-CGI-Simple to 1.282 https://bugzilla.redhat.com/show_bug.cgi?id=2392359 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-3dd97ed203' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Dec 11, 2025
•Critical
Fedora
197
security advisorydebianhttp splittingDebian 8: DLA-2145-1 Moderate: Twisted HTTP Splitting Threats
It was discovered that there were a number of HTTP request splitting vulnerabilities in Twisted, an Python event-based framework for building various types of internet applications. . Package : twisted Version : 14.0.2-3+deb8u1 CVE IDs : CVE-2020-10108 CVE-2020-10109 Debian Bug : #953950 It was discovered that there were a number of HTTP request splitting vulnerabilities in Twisted, an Python event-based framework for building various types of internet applications. For more information, please see: https://bishopfox.com/blog/twisted-version-19-10-0-advisory For Debian 8 "Jessie", these issues have been fixed in twisted version 14.0.2-3+deb8u1. We recommend that you upgrade your twisted packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS Regards, - -- ,'`. : :' : Chris Lamb `. `'`
Mar 17, 2020
Debian LTS
172
security advisorycross-site scriptingarbitrary code executionUbuntu 11.04 USN-1129-1 Moderate: Perl Input Bypass Threat
An attacker could send crafted input to Perl and bypass intended restrictions.. =========================================================================Ubuntu Security Notice USN-1129-1 May 03, 2011 perl vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS - Ubuntu 6.06 LTS Summary: An attacker could send crafted input to Perl and bypass intended restrictions. Software Description: - perl: Larry Wall's Practical Extraction and Report Language Details: It was discovered that the Safe.pm Perl module incorrectly handled Safe::reval and Safe::rdo access restrictions. An attacker could use this flaw to bypass intended restrictions and possibly execute arbitrary code. (CVE-2010-1168, CVE-2010-1447) It was discovered that the CGI.pm Perl module incorrectly handled certain MIME boundary strings. An attacker could use this flaw to inject arbitrary HTTP headers and perform HTTP response splitting and cross-site scripting attacks. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 10.04 LTS and 10.10. (CVE-2010-2761, CVE-2010-4411) It was discovered that the CGI.pm Perl module incorrectly handled newline characters. An attacker could use this flaw to inject arbitrary HTTP headers and perform HTTP response splitting and cross-site scripting attacks. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 10.04 LTS and 10.10. (CVE-2010-4410) It was discovered that the lc, lcfirst, uc, and ucfirst functions did not properly apply the taint attribute when processing tainted input. An attacker could use this flaw to bypass intended restrictions. This issue only affected Ubuntu 8.04 LTS, 10.04 LTS and 10.10. (CVE-2011-1487) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.04: perl 5.10.1-17ubuntu4.1 Ubuntu 10.10: perl 5.10.1-12ubuntu2.1 Ubuntu 10.04 LTS: perl 5.10.1-8ubuntu2.1 Ubuntu 8.04 LTS: perl 5.8.8-12ubuntu0.5 Ubuntu 6.06 LTS: perl 5.8.7-10ubuntu1.3 In general, a standard system update will make all the necessary changes. References: CVE-2010-1168, CVE-2010-1447, CVE-2010-2761, CVE-2010-4410, CVE-2010-4411, CVE-2011-1487 Package Information: https://launchpad.net/ubuntu/+source/perl/5.10.1-17ubuntu4.1 https://launchpad.net/ubuntu/+source/perl/5.10.1-12ubuntu2.1 https://launchpad.net/ubuntu/+source/perl/5.10.1-8ubuntu2.1 https://launchpad.net/ubuntu/+source/perl/5.8.8-12ubuntu0.5 https://launchpad.net/ubuntu/+source/perl/5.8.7-10ubuntu1.3 . Sharpening commands for PHP can bypass controls, leading to vulnerabilities. Revise your framework to mitigate threats.. Perl Security Flaws, Input Bypass Threats, HTTP Response Splitting. . Severity: Important. LinuxSecurity.com Team
May 03, 2011
•Important
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!