Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

Stay Secure with the Latest Linux Advisories

Opensuse Large Esm H800
openSUSE

openSUSE Chromedriver Moderate Security Issues Fixed 2026-10958-1

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed libmozjs Moderate Update CVE-2025-70103

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed Perl HTML Parser Moderate CVE-2026-8829 Advisory

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H800
openSUSE

openSUSE Tumbleweed kernel-devel Moderate Security Issue 2026-10954-1

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed Gleam Moderate Threat Fixed 2026-10953-1

Calendar White Jun 08, 2026
moderate
Ubuntu Large Esm H900
Ubuntu

Ubuntu 25.10 Systemd Critical Arbitrary Code Exec DNS Issues USN-8402-1

Calendar White Jun 08, 2026
Critical
Opensuse Large Esm H800
openSUSE

openSUSE Epiphany Important Password Handling Issue CVE-2023-26081

Calendar White Jun 08, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS 8399-1 Pillow Denial of Service Risk CVE-2026-42308

Calendar White Jun 08, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS Poppler Critical DoS Code Execution Vuln USN-8400-1

Calendar White Jun 08, 2026
Critical
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -7 articles for you...
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorymoderatesecurity issue

SuSE 2003:0012 Moderate: Hypermail Remote Code Execution Risk

There are multiple vulnerabilities in hypermail.. ______________________________________________________________________________ SuSE Security Announcement Package: hypermail Announcement-ID: SuSE-SA:2003:0012 Date: Thursday, Feb 27th 2003 18:30 MET Affected products: 7.1, 7.2, 7.3, 8.0, 8.1 Vulnerability Type: remote system compromise Severity (1-10): 4 SuSE default package: no Cross References: CAN-2003-0025 Content of this advisory: 1) security vulnerability resolved: several bugs after source code review problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds: - vnc - w3m 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information Hypermail is a tool to convert a Unix mail-box file to a set of cross- referenced HTML documents. During an internal source code review done by Thomas Biege several bugs where found in hypermail and its tools. These bugs allow remote code execution, local tmp race conditions, denial-of-service conditions and read access to files belonging to the host hypermail is running on. Additionally the mail CGI program can be abused by spammers as email- relay and should thus be disabled. There is no temporary fix known other then disabling hypermail. Please download and install the new packages from our FTP servers. Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command "rpm -Fhv file.rpm" to apply the update. Our maintenance customers are beingnotified individually. The packages are being offered to install from the maintenance web. Intel i386 Platform: SuSE-8.1: a4b683703b65cb65d0d1b246c2bf652d patch rpm(s): 9e087a97c250c8987dda03da43e0dd1e source rpm(s): 9d95d9872a3ed98a4dbff25e952335d7 SuSE-8.0: 53bdfc3ca1ab0c504f460ac7a18ba42e source rpm(s): be0df42b666fc59e38babd671479d2f1 SuSE-7.3: 81194dcbb3cf149f67eac9948dd79db9 source rpm(s): 9a02ce79e81bab281c418070fa91dbde SuSE-7.2: d61f52df6c995b65e16a4141b1b7efa1 source rpm(s): 66b65eed8f2daefde8115abf77511bba SuSE-7.1: 698338c7d9b8961ec3d4f4ab99ee2436 source rpm(s): 8db31cd4981ee84a0333ec8200443bef Sparc Platform: SuSE-7.3: 341757885457f2e4b018dbb132f1a8f8 source rpm(s): cdc92a18900996524768914c79bf20d9 AXP Alpha Platform: SuSE-7.1: 980f217c12affcb3c0a6d0fd916a5115 source rpm(s): a2242ecc8ba2a13c3d18ca94e6ba23f0 PPC Power PC Platform: SuSE-7.3: 6c7a197fe18a95b7594b2cd7b572837a source rpm(s): e370de5432545f06731c9f841bc84054 SuSE-7.1: 64b3be05678f4789985824e31f8335d2 source rpm(s): 4cd2b65522738594d0b60333f807b8b2 ______________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: - vnc VNC (Virtual Network Computing) uses a weak cookie generation process which can be exploited by an attacker to bypass authentication. New packages are currently being tested and will be available on our FTP servers soon. - w3m The textbased web-browser w3m does not properly escape HTML tags. A malicious HTML page or img alt attribute may lead to information leakage. New packages will be availablesoon. ______________________________________________________________________________ 3) standard appendix: authenticity verification, additional information - Package authenticity verification: SuSE update packages are available on many mirror ftp servers all over the world. While this service is being considered valuable and important to the free and open source software community, many users wish to be sure about the origin of the package and its content before installing the package. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or rpm package: 1) md5sums as provided in the (cryptographically signed) announcement. 2) using the internal gpg signatures of the rpm package. 1) execute the command md5sum after you downloaded the file from a SuSE ftp server or its mirrors. Then, compare the resulting md5sum with the one that is listed in the announcement. Since the announcement containing the checksums is cryptographically signed (usually using the key This email address is being protected from spambots. You need JavaScript enabled to view it. ), the checksums show proof of the authenticity of the package. We disrecommend to subscribe to security lists which cause the email message containing the announcement to be modified so that the signature does not match after transport through the mailing list software. Downsides: You must be able to verify the authenticity of the announcement in the first place. If RPM packages are being rebuilt and a new version of a package is published on the ftp server, all md5 sums for the files are useless. 2) rpm package signatures provide an easy way to verify the authenticity of an rpm package. Use the command rpm -v --checksig to verify the signature of the package, where is the filename of the rpm package that you have downloaded. Of course, package authenticity verification canonly target an un-installed rpm package file. Prerequisites: a) gpg is installed b) The package is signed using a certain key. The public part of this key must be installed by the gpg program in the directory ~/.gnupg/ under the user's home directory who performs the signature verification (usually root). You can import the key that is used by SuSE in rpm packages for SuSE Linux by saving this announcement to a file ("announcement.txt") and running the command (do "su -" to be root): gpg --batch; gpg < announcement.txt | gpg --import SuSE Linux distributions version 7.1 and thereafter install the key " This email address is being protected from spambots. You need JavaScript enabled to view it. " upon installation or upgrade, provided that the package gpg is installed. The file containing the public key is placed at the top-level directory of the first CD (pubring.gpg) and at . - SuSE runs two security mailing lists to which any interested party may subscribe: This email address is being protected from spambots. You need JavaScript enabled to view it. - general/linux/SuSE security discussion. All SuSE security announcements are sent to this list. To subscribe, send an email to . This email address is being protected from spambots. You need JavaScript enabled to view it. - SuSE's announce-only mailing list. Only SuSE's security announcements are sent to this list. To subscribe, send an email to . For general information or the frequently asked questions (faq) send mail to: or respectively. ==================================================================== SuSE's security contact is or . The public key is listed below. ====================================================================______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in anyway. In particular, it is desired that the clear-text signature shows proof of the authenticity of the text. SuSE Linux AG makes no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key . Important alert concerning significant weaknesses in SuSE Hypermail. Prompt measures are required to safeguard systems from possible information leaks and operational interruptions.. SuSE Hypermail, Remote Code Execution, System Compromise. . LinuxSecurity.com Team

Calendar 2 Feb 27, 2003 SuSE
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorycritical issuebuffer overflow

Debian DSA 248-1 Critical: Hypermail Remote Buffer Overflow Exploit

An attacker could craft a long filename for an attachment that would overflow two buffers when a certain option for interactive use was given, opening the possibility to inject arbitrary code.. - -------------------------------------------------------------------------- Debian Security Advisory DSA 248-1 This email address is being protected from spambots. You need JavaScript enabled to view it. Debian -- Security Information Martin Schulze January 31st, 2003 Debian -- Debian security FAQ - -------------------------------------------------------------------------- Package : hypermail Vulnerability : buffer overflows Problem-Type : remote Debian-specific: no CVE Id : CAN-2003-0057 Ulf Harnhammar discovered two problems in hypermail, a program to create HTML archives of mailing lists. An attacker could craft a long filename for an attachment that would overflow two buffers when a certain option for interactive use was given, opening the possibility to inject arbitrary code. This code would then be executed under the user id hypermail runs as, mostly as a local user. Automatic and silent use of hypermail does not seem to be affected. The CGI program mail, which is not installed by the Debian package, does a reverse look-up of the user's IP number and copies the resulting hostname into a fixed-size buffer. A specially crafted DNS reply could overflow this buffer, opening the program to an exploit. For the stable distribution (woody) this problem has been fixed in version 2.1.3-2.0. For the old stable distribution (potato) this problem has been fixed in version 2.0b25-1.1. For the unstable distribution (sid) this problem has been fixed in version 2.1.6-1. We recommend that you upgrade your hypermail packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update willupdate the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 2.2 alias potato - --------------------------------- Source archives: Size/MD5 checksum: 577 96bc728b8bdc3f3b31b2f6e7fb96e1c8 Size/MD5 checksum: 9685 0450f68f3ab45eadc7fab7e97076c845 Size/MD5 checksum: 297049 7a5875311ae71fc6fa5dee18e9d826ee Alpha architecture: Size/MD5 checksum: 416502 97032e2a8ad790a2b760a49ac39871f2 ARM architecture: Size/MD5 checksum: 150356 d3bf5bcce7068ccec8c5e246f6cc9491 Intel IA-32 architecture: Size/MD5 checksum: 145048 987bb3659b98eb4dc7e020afd58c24ac Motorola 680x0 architecture: Size/MD5 checksum: 141910 cbe0d66a017f5ab47b6318c7a40a02b6 PowerPC architecture: Size/MD5 checksum: 156548 5cda5263360e4f39d8b82e47843039e3 Sun Sparc architecture: Size/MD5 checksum: 175610 3dec97942bb30b61eff8c748577bc473 Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: Size/MD5 checksum: 606 e335b50b6f796c6e4808084840560bee Size/MD5 checksum: 13146 106aba184df6afb95733bfe24da073fc Size/MD5 checksum: 723942 f1bea3df4b34e58e2f6318f2ed3f9770 Alpha architecture: Size/MD5 checksum: 212258 8bad85e95bfa8f47e967a29a7b0a9f85 ARM architecture: Size/MD5 checksum: 187986 0583077e67b953f71de182ff42547bbe Intel IA-32 architecture: Size/MD5 checksum: 179114 aeb01e13233b078e4ad7266d5b5d5860 Intel IA-64 architecture: Size/MD5 checksum: 243654 a11258231578df4f2cbd906792990fca HP Precision architecture: Size/MD5 checksum: 203300 b7a96e5819c87be6c970c815c141b5ee Motorola 680x0 architecture: Size/MD5 checksum: 171634 ac39ecc46835d711321b42041d5e967d Bigendian MIPS architecture: Size/MD5 checksum: 200810 2f389f8858d479e523a41e45308c201c Little endian MIPS architecture: Size/MD5 checksum: 199906 6d4db8dd21081d4b27c6ce1331476cb0 PowerPC architecture: Size/MD5 checksum: 193648 cb233bbc6cb8064f59c1dc6ef56539dd IBM S/390 architecture: Size/MD5 checksum: 188614 68b89720900812d551c760b61af04daf Sun Sparc architecture: Size/MD5 checksum: 194596 103964dcf3a82f8d1df4d5afe9edecc9 These files will probably be moved into the stable distribution on its next revision. - --------------------------------------------------------------------------------- For apt-get: deb Debian -- Security Information stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. Package info: `apt-cache show ' and https://www.debian.org/distrib/packages . A critical notice from the Ubuntu Security Bulletin underscores a significant memory corruption flaw in Webmail, threatening the stability of remote systems and permitting illicit entry.. Debian Security Advisory, Hypermail Exploit, Buffer Overflow, Remote Exploit. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Feb 11, 2003 Critical Debian
Banner 4 1028x280 1708121825 1771600306
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here