Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 2 articles for you...
219
Ls Advisories Rockylinux Esm H240
Price Tag 1security advisorymoderatecommand injection

Tioca Linux 9 RLSA-2026-4218 Python3.12 Moderate Code Execution Update

Moderate: python3.11 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:4216", "synopsis": "Moderate: python3.11 security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for python3.11.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.\n\nSecurity Fix(es):\n\n* cpython: IMAP command injection in user-controlled commands (CVE-2025-15366)\n\n* cpython: POP3 command injection in user-controlled commands (CVE-2025-15367)\n\n* cpython: email header injection due to unquoted newlines (CVE-2026-1299)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2431368", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431368", "description": ""}, {"ticket": "2431373", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431373", "description": ""}, {"ticket": "2432437", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2432437", "description": ""}], "cves": [{"name": "CVE-2025-15366", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-15366", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "cvss3BaseScore": "7.1", "cwe": "CWE-77"}, {"name": "CVE-2025-15367", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-15367", "cvss3ScoringVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "cvss3BaseScore": "7.1", "cwe": "CWE-77"}, {"name": "CVE-2026-1299", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-1299", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "cvss3BaseScore": "7.1", "cwe": "CWE-93"}], "references": [], "publishedAt": "2026-03-12T12:04:07.002916Z", "rpms": {"Rocky Linux 9": {"nvras": ["python3.11-0:3.11.13-5.1.el9_7.s390x.rpm", "python3.11-0:3.11.13-5.1.el9_7.src.rpm", "python3.11-0:3.11.13-5.1.el9_7.ppc64le.rpm", "python3.11-0:3.11.13-5.1.el9_7.aarch64.rpm", "python3.11-0:3.11.13-5.1.el9_7.i686.rpm", "python3.11-0:3.11.13-5.1.el9_7.x86_64.rpm", "python3.11-debug-0:3.11.13-5.1.el9_7.aarch64.rpm", "python3.11-debug-0:3.11.13-5.1.el9_7.i686.rpm", "python3.11-debug-0:3.11.13-5.1.el9_7.ppc64le.rpm", "python3.11-debug-0:3.11.13-5.1.el9_7.s390x.rpm", "python3.11-debug-0:3.11.13-5.1.el9_7.x86_64.rpm", "python3.11-debuginfo-0:3.11.13-5.1.el9_7.aarch64.rpm", "python3.11-debuginfo-0:3.11.13-5.1.el9_7.i686.rpm", "python3.11-debuginfo-0:3.11.13-5.1.el9_7.ppc64le.rpm", "python3.11-debuginfo-0:3.11.13-5.1.el9_7.s390x.rpm", "python3.11-debuginfo-0:3.11.13-5.1.el9_7.x86_64.rpm", "python3.11-debugsource-0:3.11.13-5.1.el9_7.aarch64.rpm", "python3.11-debugsource-0:3.11.13-5.1.el9_7.i686.rpm", "python3.11-debugsource-0:3.11.13-5.1.el9_7.ppc64le.rpm", "python3.11-debugsource-0:3.11.13-5.1.el9_7.s390x.rpm", "python3.11-debugsource-0:3.11.13-5.1.el9_7.x86_64.rpm", "python3.11-devel-0:3.11.13-5.1.el9_7.aarch64.rpm", "python3.11-devel-0:3.11.13-5.1.el9_7.i686.rpm", "python3.11-devel-0:3.11.13-5.1.el9_7.ppc64le.rpm", "python3.11-devel-0:3.11.13-5.1.el9_7.s390x.rpm", "python3.11-devel-0:3.11.13-5.1.el9_7.x86_64.rpm", "python3.11-idle-0:3.11.13-5.1.el9_7.aarch64.rpm", "python3.11-idle-0:3.11.13-5.1.el9_7.i686.rpm", "python3.11-idle-0:3.11.13-5.1.el9_7.ppc64le.rpm", "python3.11-idle-0:3.11.13-5.1.el9_7.s390x.rpm", "python3.11-idle-0:3.11.13-5.1.el9_7.x86_64.rpm","python3.11-libs-0:3.11.13-5.1.el9_7.aarch64.rpm", "python3.11-libs-0:3.11.13-5.1.el9_7.i686.rpm", "python3.11-libs-0:3.11.13-5.1.el9_7.ppc64le.rpm", "python3.11-libs-0:3.11.13-5.1.el9_7.s390x.rpm", "python3.11-libs-0:3.11.13-5.1.el9_7.x86_64.rpm", "python3.11-test-0:3.11.13-5.1.el9_7.aarch64.rpm", "python3.11-test-0:3.11.13-5.1.el9_7.i686.rpm", "python3.11-test-0:3.11.13-5.1.el9_7.ppc64le.rpm", "python3.11-test-0:3.11.13-5.1.el9_7.s390x.rpm", "python3.11-test-0:3.11.13-5.1.el9_7.x86_64.rpm", "python3.11-tkinter-0:3.11.13-5.1.el9_7.aarch64.rpm", "python3.11-tkinter-0:3.11.13-5.1.el9_7.i686.rpm", "python3.11-tkinter-0:3.11.13-5.1.el9_7.ppc64le.rpm", "python3.11-tkinter-0:3.11.13-5.1.el9_7.s390x.rpm", "python3.11-tkinter-0:3.11.13-5.1.el9_7.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Update available for python3.11 on Rocky Linux, addressing moderate security issues including command injection.. Rocky Linux python3 security update command injection CVSS score. . LinuxSecurity.com Team

Calendar 2 Mar 12, 2026 Rocky Linux
219
Ls Advisories Rockylinux Esm H240
Price Tag 1security advisorymoderatepython

Ubuntu Server 22.04 python3.10 Security Alert RLSA-2023-5321 Critical Risk

Moderate: python3.12 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:4165", "synopsis": "Moderate: python3.12 security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for python3.12.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.\n\nSecurity Fix(es):\n\n* cpython: IMAP command injection in user-controlled commands (CVE-2025-15366)\n\n* cpython: POP3 command injection in user-controlled commands (CVE-2025-15367)\n\n* cpython: email header injection due to unquoted newlines (CVE-2026-1299)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2431368", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431368", "description": ""}, {"ticket": "2431373", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431373", "description": ""}, {"ticket": "2432437", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2432437", "description": ""}], "cves": [{"name": "CVE-2025-15366", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-15366", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "cvss3BaseScore": "7.1", "cwe": "CWE-77"}, {"name": "CVE-2025-15367", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-15367", "cvss3ScoringVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "cvss3BaseScore": "7.1", "cwe": "CWE-77"}, {"name": "CVE-2026-1299", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-1299", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "cvss3BaseScore": "7.1", "cwe": "CWE-93"}], "references": [], "publishedAt": "2026-03-11T12:05:01.163508Z", "rpms": {"Rocky Linux 9": {"nvras": ["python3.12-0:3.12.12-4.el9_7.1.aarch64.rpm", "python3.12-0:3.12.12-4.el9_7.1.i686.rpm", "python3.12-0:3.12.12-4.el9_7.1.ppc64le.rpm", "python3.12-0:3.12.12-4.el9_7.1.s390x.rpm", "python3.12-0:3.12.12-4.el9_7.1.src.rpm", "python3.12-0:3.12.12-4.el9_7.1.x86_64.rpm", "python3.12-debug-0:3.12.12-4.el9_7.1.aarch64.rpm", "python3.12-debug-0:3.12.12-4.el9_7.1.i686.rpm", "python3.12-debug-0:3.12.12-4.el9_7.1.ppc64le.rpm", "python3.12-debug-0:3.12.12-4.el9_7.1.s390x.rpm", "python3.12-debug-0:3.12.12-4.el9_7.1.x86_64.rpm", "python3.12-debuginfo-0:3.12.12-4.el9_7.1.aarch64.rpm", "python3.12-debuginfo-0:3.12.12-4.el9_7.1.i686.rpm", "python3.12-debuginfo-0:3.12.12-4.el9_7.1.ppc64le.rpm", "python3.12-debuginfo-0:3.12.12-4.el9_7.1.s390x.rpm", "python3.12-debuginfo-0:3.12.12-4.el9_7.1.x86_64.rpm", "python3.12-debugsource-0:3.12.12-4.el9_7.1.aarch64.rpm", "python3.12-debugsource-0:3.12.12-4.el9_7.1.i686.rpm", "python3.12-debugsource-0:3.12.12-4.el9_7.1.ppc64le.rpm", "python3.12-debugsource-0:3.12.12-4.el9_7.1.s390x.rpm", "python3.12-debugsource-0:3.12.12-4.el9_7.1.x86_64.rpm", "python3.12-devel-0:3.12.12-4.el9_7.1.aarch64.rpm", "python3.12-devel-0:3.12.12-4.el9_7.1.i686.rpm", "python3.12-devel-0:3.12.12-4.el9_7.1.ppc64le.rpm", "python3.12-devel-0:3.12.12-4.el9_7.1.s390x.rpm", "python3.12-devel-0:3.12.12-4.el9_7.1.x86_64.rpm", "python3.12-idle-0:3.12.12-4.el9_7.1.aarch64.rpm", "python3.12-idle-0:3.12.12-4.el9_7.1.i686.rpm", "python3.12-idle-0:3.12.12-4.el9_7.1.ppc64le.rpm", "python3.12-idle-0:3.12.12-4.el9_7.1.s390x.rpm", "python3.12-idle-0:3.12.12-4.el9_7.1.x86_64.rpm","python3.12-libs-0:3.12.12-4.el9_7.1.aarch64.rpm", "python3.12-libs-0:3.12.12-4.el9_7.1.i686.rpm", "python3.12-libs-0:3.12.12-4.el9_7.1.ppc64le.rpm", "python3.12-libs-0:3.12.12-4.el9_7.1.s390x.rpm", "python3.12-libs-0:3.12.12-4.el9_7.1.x86_64.rpm", "python3.12-test-0:3.12.12-4.el9_7.1.aarch64.rpm", "python3.12-test-0:3.12.12-4.el9_7.1.i686.rpm", "python3.12-test-0:3.12.12-4.el9_7.1.ppc64le.rpm", "python3.12-test-0:3.12.12-4.el9_7.1.s390x.rpm", "python3.12-test-0:3.12.12-4.el9_7.1.x86_64.rpm", "python3.12-tkinter-0:3.12.12-4.el9_7.1.aarch64.rpm", "python3.12-tkinter-0:3.12.12-4.el9_7.1.i686.rpm", "python3.12-tkinter-0:3.12.12-4.el9_7.1.ppc64le.rpm", "python3.12-tkinter-0:3.12.12-4.el9_7.1.s390x.rpm", "python3.12-tkinter-0:3.12.12-4.el9_7.1.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Get the security update for python3.12 on Rocky Linux 9 to address moderate command injection vulnerabilities.. Rocky Linux Python Security Update Command Injection CVSS. . LinuxSecurity.com Team

Calendar 2 Mar 11, 2026 Rocky Linux
Banner 1 1028x280 1708121660 1771599717
219
Ls Advisories Rockylinux Esm H240
Price Tag 1security advisorymoderatecommand injection

Rocky Linux 9 python3.12 High-Risk Command Execution Flaw RLSA-2026-4179

Moderate: python3.12 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:4165", "synopsis": "Moderate: python3.12 security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for python3.12.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.\n\nSecurity Fix(es):\n\n* cpython: IMAP command injection in user-controlled commands (CVE-2025-15366)\n\n* cpython: POP3 command injection in user-controlled commands (CVE-2025-15367)\n\n* cpython: email header injection due to unquoted newlines (CVE-2026-1299)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2431368", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431368", "description": ""}, {"ticket": "2431373", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2431373", "description": ""}, {"ticket": "2432437", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2432437", "description": ""}], "cves": [{"name": "CVE-2025-15366", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-15366", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "cvss3BaseScore": "7.1", "cwe": "CWE-77"}, {"name": "CVE-2025-15367", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-15367", "cvss3ScoringVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "cvss3BaseScore": "7.1", "cwe": "CWE-77"}, {"name": "CVE-2026-1299", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-1299", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "cvss3BaseScore": "7.1", "cwe": "CWE-93"}], "references": [], "publishedAt": "2026-03-11T12:05:01.163508Z", "rpms": {"Rocky Linux 9": {"nvras": ["python3.12-0:3.12.12-4.el9_7.1.aarch64.rpm", "python3.12-0:3.12.12-4.el9_7.1.i686.rpm", "python3.12-0:3.12.12-4.el9_7.1.ppc64le.rpm", "python3.12-0:3.12.12-4.el9_7.1.s390x.rpm", "python3.12-0:3.12.12-4.el9_7.1.src.rpm", "python3.12-0:3.12.12-4.el9_7.1.x86_64.rpm", "python3.12-debug-0:3.12.12-4.el9_7.1.aarch64.rpm", "python3.12-debug-0:3.12.12-4.el9_7.1.i686.rpm", "python3.12-debug-0:3.12.12-4.el9_7.1.ppc64le.rpm", "python3.12-debug-0:3.12.12-4.el9_7.1.s390x.rpm", "python3.12-debug-0:3.12.12-4.el9_7.1.x86_64.rpm", "python3.12-debuginfo-0:3.12.12-4.el9_7.1.aarch64.rpm", "python3.12-debuginfo-0:3.12.12-4.el9_7.1.i686.rpm", "python3.12-debuginfo-0:3.12.12-4.el9_7.1.ppc64le.rpm", "python3.12-debuginfo-0:3.12.12-4.el9_7.1.s390x.rpm", "python3.12-debuginfo-0:3.12.12-4.el9_7.1.x86_64.rpm", "python3.12-debugsource-0:3.12.12-4.el9_7.1.aarch64.rpm", "python3.12-debugsource-0:3.12.12-4.el9_7.1.i686.rpm", "python3.12-debugsource-0:3.12.12-4.el9_7.1.ppc64le.rpm", "python3.12-debugsource-0:3.12.12-4.el9_7.1.s390x.rpm", "python3.12-debugsource-0:3.12.12-4.el9_7.1.x86_64.rpm", "python3.12-devel-0:3.12.12-4.el9_7.1.aarch64.rpm", "python3.12-devel-0:3.12.12-4.el9_7.1.i686.rpm", "python3.12-devel-0:3.12.12-4.el9_7.1.ppc64le.rpm", "python3.12-devel-0:3.12.12-4.el9_7.1.s390x.rpm", "python3.12-devel-0:3.12.12-4.el9_7.1.x86_64.rpm", "python3.12-idle-0:3.12.12-4.el9_7.1.aarch64.rpm", "python3.12-idle-0:3.12.12-4.el9_7.1.i686.rpm", "python3.12-idle-0:3.12.12-4.el9_7.1.ppc64le.rpm", "python3.12-idle-0:3.12.12-4.el9_7.1.s390x.rpm", "python3.12-idle-0:3.12.12-4.el9_7.1.x86_64.rpm","python3.12-libs-0:3.12.12-4.el9_7.1.aarch64.rpm", "python3.12-libs-0:3.12.12-4.el9_7.1.i686.rpm", "python3.12-libs-0:3.12.12-4.el9_7.1.ppc64le.rpm", "python3.12-libs-0:3.12.12-4.el9_7.1.s390x.rpm", "python3.12-libs-0:3.12.12-4.el9_7.1.x86_64.rpm", "python3.12-test-0:3.12.12-4.el9_7.1.aarch64.rpm", "python3.12-test-0:3.12.12-4.el9_7.1.i686.rpm", "python3.12-test-0:3.12.12-4.el9_7.1.ppc64le.rpm", "python3.12-test-0:3.12.12-4.el9_7.1.s390x.rpm", "python3.12-test-0:3.12.12-4.el9_7.1.x86_64.rpm", "python3.12-tkinter-0:3.12.12-4.el9_7.1.aarch64.rpm", "python3.12-tkinter-0:3.12.12-4.el9_7.1.i686.rpm", "python3.12-tkinter-0:3.12.12-4.el9_7.1.ppc64le.rpm", "python3.12-tkinter-0:3.12.12-4.el9_7.1.s390x.rpm", "python3.12-tkinter-0:3.12.12-4.el9_7.1.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Moderate security update for python3.12 on Rocky Linux addresses command injection and email header issues, timely update recommended.. Rocky Linux python3 security update command injection IMAP. . LinuxSecurity.com Team

Calendar 2 Mar 11, 2026 Rocky Linux
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorycriticaldebian

Debian 9 DLA-2472-1 Critical: Mutt Authentication Exposure Advisory

In Mutt, a text-based Mail User Agent, invalid IMAP server responses were not properly handled, potentially resulting in authentication credentials being exposed or man-in-the-middle attacks. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2472-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Adrian Bunk November 30, 2020 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : mutt Version : 1.7.2-1+deb9u4 CVE ID : CVE-2020-28896 Debian Bug : In Mutt, a text-based Mail User Agent, invalid IMAP server responses were not properly handled, potentially resulting in authentication credentials being exposed or man-in-the-middle attacks. For Debian 9 stretch, this problem has been fixed in version 1.7.2-1+deb9u4. We recommend that you upgrade your mutt packages. For the detailed security status of mutt please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/mutt Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Ubuntu Security Notice USN-5078-1 for Mutt fixes IMAP response vulnerabilities that risk exposing user credentials.. Mutt Security Update, Debian LTS Advisory, IMAP Attack Mitigation, Authentication Exposure. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Nov 30, 2020 Critical Debian LTS
Banner 1 1028x280 1708121660 1771599717
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisoryimportantimap

Red Hat Enterprise Linux 6: RHSA-2019-2885-01 Important Dovecot Update

An update for dovecot is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: dovecot security update Advisory ID: RHSA-2019:2885-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2885 Issue date: 2019-09-23 CVE Names: CVE-2019-11500 ==================================================================== 1. Summary: An update for dovecot is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es): * dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes (CVE-2019-11500) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to theCVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1741141 - CVE-2019-11500 dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes 6. Package List: Red Hat Enterprise Linux Server (v. 6): Source: dovecot-2.0.9-22.el6_10.1.src.rpm i386: dovecot-2.0.9-22.el6_10.1.i686.rpm dovecot-debuginfo-2.0.9-22.el6_10.1.i686.rpm dovecot-mysql-2.0.9-22.el6_10.1.i686.rpm dovecot-pgsql-2.0.9-22.el6_10.1.i686.rpm dovecot-pigeonhole-2.0.9-22.el6_10.1.i686.rpm ppc64: dovecot-2.0.9-22.el6_10.1.ppc.rpm dovecot-2.0.9-22.el6_10.1.ppc64.rpm dovecot-debuginfo-2.0.9-22.el6_10.1.ppc.rpm dovecot-debuginfo-2.0.9-22.el6_10.1.ppc64.rpm dovecot-mysql-2.0.9-22.el6_10.1.ppc64.rpm dovecot-pgsql-2.0.9-22.el6_10.1.ppc64.rpm dovecot-pigeonhole-2.0.9-22.el6_10.1.ppc64.rpm s390x: dovecot-2.0.9-22.el6_10.1.s390.rpm dovecot-2.0.9-22.el6_10.1.s390x.rpm dovecot-debuginfo-2.0.9-22.el6_10.1.s390.rpm dovecot-debuginfo-2.0.9-22.el6_10.1.s390x.rpm dovecot-mysql-2.0.9-22.el6_10.1.s390x.rpm dovecot-pgsql-2.0.9-22.el6_10.1.s390x.rpm dovecot-pigeonhole-2.0.9-22.el6_10.1.s390x.rpm x86_64: dovecot-2.0.9-22.el6_10.1.i686.rpm dovecot-2.0.9-22.el6_10.1.x86_64.rpm dovecot-debuginfo-2.0.9-22.el6_10.1.i686.rpm dovecot-debuginfo-2.0.9-22.el6_10.1.x86_64.rpm dovecot-mysql-2.0.9-22.el6_10.1.x86_64.rpm dovecot-pgsql-2.0.9-22.el6_10.1.x86_64.rpm dovecot-pigeonhole-2.0.9-22.el6_10.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v.6): i386: dovecot-debuginfo-2.0.9-22.el6_10.1.i686.rpm dovecot-devel-2.0.9-22.el6_10.1.i686.rpm ppc64: dovecot-debuginfo-2.0.9-22.el6_10.1.ppc64.rpm dovecot-devel-2.0.9-22.el6_10.1.ppc64.rpm s390x: dovecot-debuginfo-2.0.9-22.el6_10.1.s390x.rpm dovecot-devel-2.0.9-22.el6_10.1.s390x.rpm x86_64: dovecot-debuginfo-2.0.9-22.el6_10.1.x86_64.rpm dovecot-devel-2.0.9-22.el6_10.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: dovecot-2.0.9-22.el6_10.1.src.rpm i386: dovecot-2.0.9-22.el6_10.1.i686.rpm dovecot-debuginfo-2.0.9-22.el6_10.1.i686.rpm dovecot-mysql-2.0.9-22.el6_10.1.i686.rpm dovecot-pgsql-2.0.9-22.el6_10.1.i686.rpm dovecot-pigeonhole-2.0.9-22.el6_10.1.i686.rpm x86_64: dovecot-2.0.9-22.el6_10.1.i686.rpm dovecot-2.0.9-22.el6_10.1.x86_64.rpm dovecot-debuginfo-2.0.9-22.el6_10.1.i686.rpm dovecot-debuginfo-2.0.9-22.el6_10.1.x86_64.rpm dovecot-mysql-2.0.9-22.el6_10.1.x86_64.rpm dovecot-pgsql-2.0.9-22.el6_10.1.x86_64.rpm dovecot-pigeonhole-2.0.9-22.el6_10.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: dovecot-debuginfo-2.0.9-22.el6_10.1.i686.rpm dovecot-devel-2.0.9-22.el6_10.1.i686.rpm x86_64: dovecot-debuginfo-2.0.9-22.el6_10.1.x86_64.rpm dovecot-devel-2.0.9-22.el6_10.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-11500 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXYkou9zjgjWX9erEAQjthQ/+LaM1fn0wXmx8OE1fVKZCmpBWXOE+VRTN 2TxEhCjemYP+cdau2CQ6+aUK0dcaBFP1p8Nerlv5qVmlJLPrCXBYZ7ExcieJx8tU x8AfnZuM5+6vfeX7D6NXInZtDwCM9ei7X1YfLnXKtN8X/xtkT7jdHMFn20YWhrqo XdO6eNmH6271DjUGeH3dnm8e51uBSAFOOxGiexX4zZnLh1bOW9ImiR4GYrEpYiws csh0X05eaTNA767xPhN/BWU5U9PKje1NKgJXFiFtizHCZ3LEAPapYvvwUy1V/xuV 3B0HVg+XoMEuoihkeWypzchtjfEKLFpmjsKjylJvqTWnOdRd7v307y9aR+Ng9Hcd i3ZPlVQ3VJ2gQ78NotgUCPyrjIj6Zbq+8b9ihJS2JdNgbrd9F0FHsAtzuR4supxU hM47yaYW+njbjMgp0vL0x16eWcW+2Sjzr9SZKETdH8sE5OyDJkc6DXSnGwH8Mxhq P0PZT4GNr1gNsAU55ZJyE54FD4pJQnogUNCw2dPgC7UmRrQjVIV1zmpHMaRnfb9J v2YuMtJuO75g4ynnwU3prcdqGiwUvXJ18snJxlMA72djoobit28He4eHJd+Xrgi5 JCnGaWNmk6p4X5Bbnt42qsv232FnBHN+aNbfea3un4s14+16AywgW9U1y1ZnF0O2 SAzgPCOIJRc=CqWd -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Postfix vulnerability patch for CentOS 7 addresses severe flaws such as buffer overflows. Protect your environment!. Dovecot Update, Red Hat Security, Dovecot IMAP, Linux Security Advisory. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Sep 23, 2019 Important Red Hat
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedoracritical

Fedora 31: FEDORA-2019-ea638fb605 Critical IMAP Threat Overview

* CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-ea638fb605 2019-09-14 16:29:06.037941 --------------------------------------------------------------------------------Name : dovecot Product : Fedora 31 Version : 2.3.7.2 Release : 1.fc31 URL : https://dovecot.org/ Summary : Secure imap and pop3 server Description : Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages. --------------------------------------------------------------------------------Update Information: * CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes --------------------------------------------------------------------------------References: [ 1 ] Bug #1742010 - dovecot-2.3.7.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1742010 [ 2 ] Bug #1746666 - CVE-2019-11500 dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1746666 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-ea638fb605' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Fedora 32 Dovecot security notice FEDORA-2020-ecb84567af reveals a significant zero byte vulnerability triggering heap memory issues.. Dovecot, IMAP Parser, Fedora Update, Heap Memory Issue. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Sep 14, 2019 Critical Fedora
Banner 1 1028x280 1708121660 1771599717
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorybuffer overflowRed Hat Enterprise Linux

Red Hat Enterprise Linux 3 RHSA-2009:0275-02 Critical: Imap Memory Issue

Updated imap packages to fix a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: imap security update Advisory ID: RHSA-2009:0275-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2009:0275.html Issue date: 2009-02-19 CVE Names: CVE-2008-5005 ==================================================================== 1. Summary: Updated imap packages to fix a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Description: The imap package provides server daemons for both the IMAP (Internet Message Access Protocol) and POP (Post Office Protocol) mail access protocols. A buffer overflow flaw was discovered in the dmail and tmail mail delivery utilities shipped with imap. If either of these utilities were used as a mail delivery agent, a remote attacker could potentially use this flaw to run arbitrary code as the targeted user by sending a specially-crafted mail message to the victim. (CVE-2008-5005) Users of imap should upgrade to these updated packages, which contain a backported patch to resolve this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update areavailable at 5. Bugs fixed (http://bugzilla.redhat.com/): 469667 - CVE-2008-5005 uw-imap: buffer overflow in dmail and tmail 6. Package List: Red Hat Enterprise Linux AS version 3: Source: i386: imap-2002d-15.i386.rpm imap-debuginfo-2002d-15.i386.rpm imap-devel-2002d-15.i386.rpm imap-utils-2002d-15.i386.rpm ia64: imap-2002d-15.ia64.rpm imap-debuginfo-2002d-15.ia64.rpm imap-devel-2002d-15.ia64.rpm imap-utils-2002d-15.ia64.rpm ppc: imap-2002d-15.ppc.rpm imap-debuginfo-2002d-15.ppc.rpm imap-devel-2002d-15.ppc.rpm imap-utils-2002d-15.ppc.rpm s390: imap-2002d-15.s390.rpm imap-debuginfo-2002d-15.s390.rpm imap-devel-2002d-15.s390.rpm imap-utils-2002d-15.s390.rpm s390x: imap-2002d-15.s390x.rpm imap-debuginfo-2002d-15.s390x.rpm imap-devel-2002d-15.s390x.rpm imap-utils-2002d-15.s390x.rpm x86_64: imap-2002d-15.x86_64.rpm imap-debuginfo-2002d-15.x86_64.rpm imap-devel-2002d-15.x86_64.rpm imap-utils-2002d-15.x86_64.rpm Red Hat Desktop version 3: Source: i386: imap-2002d-15.i386.rpm imap-debuginfo-2002d-15.i386.rpm imap-devel-2002d-15.i386.rpm imap-utils-2002d-15.i386.rpm x86_64: imap-2002d-15.x86_64.rpm imap-debuginfo-2002d-15.x86_64.rpm imap-devel-2002d-15.x86_64.rpm imap-utils-2002d-15.x86_64.rpm Red Hat Enterprise Linux ES version 3: Source: i386: imap-2002d-15.i386.rpm imap-debuginfo-2002d-15.i386.rpm imap-devel-2002d-15.i386.rpm imap-utils-2002d-15.i386.rpm ia64: imap-2002d-15.ia64.rpm imap-debuginfo-2002d-15.ia64.rpm imap-devel-2002d-15.ia64.rpm imap-utils-2002d-15.ia64.rpm x86_64: imap-2002d-15.x86_64.rpm imap-debuginfo-2002d-15.x86_64.rpm imap-devel-2002d-15.x86_64.rpm imap-utils-2002d-15.x86_64.rpm Red Hat Enterprise Linux WS version3: Source: i386: imap-2002d-15.i386.rpm imap-debuginfo-2002d-15.i386.rpm imap-devel-2002d-15.i386.rpm imap-utils-2002d-15.i386.rpm ia64: imap-2002d-15.ia64.rpm imap-debuginfo-2002d-15.ia64.rpm imap-devel-2002d-15.ia64.rpm imap-utils-2002d-15.ia64.rpm x86_64: imap-2002d-15.x86_64.rpm imap-debuginfo-2002d-15.x86_64.rpm imap-devel-2002d-15.x86_64.rpm imap-utils-2002d-15.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CVE-2008-5005 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFJnZxEXlSAg2UNWIIRArmNAJ9VgMSzjUNp0L//cI9Qpr5VfGv97wCfWwp9 ItdbEFnU6DHnpZPwHHymnjM=yZD1 -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Ubuntu patch release for smtp addresses a critical memory leak vulnerability affecting service stability. Update now to enhance your security.. Red Hat Enterprise Linux security, imap update, buffer overflow fix, mail access protocols. . LinuxSecurity.com Team

Calendar 2 Feb 19, 2009 Red Hat
200
Ls Advisories Scientific Esm H240
Price Tag 1security advisorybuffer overflowmoderate severity

Scientific Linux SL3.x: CVE-2008-5005 Moderate: imap Buffer Overflow

Moderate: imap security update. Date: Wed, 18 Feb 2009 14:23:56 -0600 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: FASTBUGS for SL 4.x i386/x86_64 Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it." The following FASTBUGS have been uploaded to i386: isdn4k-utils-3.2-19.i386.rpm isdn4k-utils-devel-3.2-19.i386.rpm isdn4k-utils-vboxgetty-3.2-19.i386.rpm sudo-1.6.7p5-30.1.5.i386.rpm xisdnload-3.2-19.i386.rpm x86_64: isdn4k-utils-3.2-19.el4.x86_64.rpm isdn4k-utils-devel-3.2-19.el4.x86_64.rpm isdn4k-utils-vboxgetty-3.2-19.el4.x86_64.rpm sudo-1.6.7p5-30.1.5.x86_64.rpm xisdnload-3.2-19.el4.x86_64.rpm -Connie Sieh -Troy Dawson Date: Thu, 19 Feb 2009 15:53:03 -0600 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Moderate: imap on SL3.x i386/x86_64 Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it." Synopsis: Moderate: imap security update Issue date: 2009-02-19 CVE Names: CVE-2008-5005 A buffer overflow flaw was discovered in the dmail and tmail mail delivery utilities shipped with imap. If either of these utilities were used as a mail delivery agent, a remote attacker could potentially use this flaw to run arbitrary code as the targeted user by sending a specially-crafted mail message to the victim. (CVE-2008-5005) SL 3.0.x SRPMS: imap-2002d-15.src.rpm i386: imap-2002d-15.i386.rpm imap-devel-2002d-15.i386.rpm imap-utils-2002d-15.i386.rpm x86_64: imap-2002d-15.x86_64.rpm imap-devel-2002d-15.x86_64.rpm imap-utils-2002d-15.x86_64.rpm -Connie Sieh -Troy Dawson . Recent moderate security patch for IMAP in Scientific Linux SL3.x addresses a buffer overflow vulnerability that could allow remote attackers to execute arbitrary code.. Moderate Update, Scientific Linux, imap Security Fix, Buffer Overflow Risk, SL3.x Patch. . LinuxSecurity.com Team

Calendar 2 Feb 19, 2009 Scientific Linux
Banner 1 1028x280 1708121660 1771599717
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here