Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

Stay Secure with the Latest Linux Advisories

Opensuse Large Esm H800
openSUSE

openSUSE Chromedriver Moderate Security Issues Fixed 2026-10958-1

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed libmozjs Moderate Update CVE-2025-70103

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed Perl HTML Parser Moderate CVE-2026-8829 Advisory

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H800
openSUSE

openSUSE Tumbleweed kernel-devel Moderate Security Issue 2026-10954-1

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed Gleam Moderate Threat Fixed 2026-10953-1

Calendar White Jun 08, 2026
moderate
Ubuntu Large Esm H900
Ubuntu

Ubuntu 25.10 Systemd Critical Arbitrary Code Exec DNS Issues USN-8402-1

Calendar White Jun 08, 2026
Critical
Opensuse Large Esm H800
openSUSE

openSUSE Epiphany Important Password Handling Issue CVE-2023-26081

Calendar White Jun 08, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS 8399-1 Pillow Denial of Service Risk CVE-2026-42308

Calendar White Jun 08, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS Poppler Critical DoS Code Execution Vuln USN-8400-1

Calendar White Jun 08, 2026
Critical
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -5 articles for you...
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorycriticaldebian

Debian: DSA 229-1 Critical: IMP SQL Injection Remote Attack

Using carefully crafted URLs a remote attacker is able to inject SQL code into SQL queries without proper user authentication.. -------------------------------------------------------------------------- Debian Security Advisory DSA 229-1 This email address is being protected from spambots. You need JavaScript enabled to view it. Debian -- Security Information Martin Schulze January 15th, 2003 Debian -- Debian security FAQ -------------------------------------------------------------------------- Package : imp Vulnerability : SQL injection Problem-Type : remote Debian-specific: no CVE Id : CAN-2003-0025 Jouko Pynnonen discovered a probem with IMP, a web based IMAP mail program. Using carefully crafted URLs a remote attacker is able to inject SQL code into SQL queries without proper user authentication. Even though results of SQL queries aren't directly readable from the screen, an attacker might. update his mail signature to contain wanted query results and then view it on the preferences page of IMP. The impact of SQL injection depends heavily on the underlying database and its configuration. If PostgreSQL is used, it's possible to execute multiple complete SQL queries separated by semicolons. The database contains session id's so the attacker might hijack sessions of people currently logged in and read their mail. In the worst case, if the hordemgr user has the required privilege to use the COPY SQL command (found in PostgreSQL at least), a remote user may read or write to any file the database user (postgres) can. The attacker may then be able to run arbitrary shell commands by writing them to the postgres user's ~/.psqlrc; they'd be run when the user starts the psql command which under some configurations happens regularly from a cron script. For the current stable distribution (woody) this problem has been fixed in version 2.2.6-5.1. For the old stable distribution (potato) this problem has been fixed in version 2.2.6-0.potato.5.1. For the unstable distribution (sid)these problems have been fixed in version 2.2.6-7. We recommend that you upgrade your IMP packages. Upgrade Instructions -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 2.2 alias potato --------------------------------- Source archives: Size/MD5 checksum: 557 76665368f11feb7adce9796815821d04 Size/MD5 checksum: 66837 18cfcbbc6eb09ed11085e84701cb1ffb Architecture independent components: Size/MD5 checksum: 410972 acf2cfbd75191cdcb68ec714b22d2adf Debian GNU/Linux 3.0 alias woody -------------------------------- Source archives: Size/MD5 checksum: 638 8d877729002750b2962eff3b14294bb9 Size/MD5 checksum: 95177 47ca6f61febbe839fc27f4e53f8fde8d Architecture independent components: Size/MD5 checksum: 426826 134e3d543d2d32f1fe9f84664a819dd0 These files will probably be moved into the stable distribution on its next revision. --------------------------------------------------------------------------------- For apt-get: deb Debian -- Security Information stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. Package info: `apt-cache show ' and https://www.debian.org/distrib/packages . A critical IMP SQL injection vulnerability can compromise system integrity. Upgrade to version 6.3.2 or higher to secure your installations promptly.. SQL Injection, Debian Security, IMP Fixes, Remote Attack. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jan 15, 2003 Critical Debian
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydebiancross-site scripting

Debian: DSA-126-1 Critical: Horde IMP Cross-Site Scripting Issue

A cross-site scripting (CSS) problem was discovered in Horde and IMP (a webbased IMAP mail package). This was fixed upstream in Horde version 1.2.8and IMP version 2.2.8.. ------------------------------------------------------------------------ Debian Security Advisory DSA-126-1 This email address is being protected from spambots. You need JavaScript enabled to view it. Debian -- Security Information Wichert Akkerman April 16, 2002 ------------------------------------------------------------------------ Package : imp Problem type : cross-site scripting (CSS) Debian-specific: no A cross-site scripting (CSS) problem was discovered in Horde and IMP (a web based IMAP mail package). This was fixed upstream in Horde version 1.2.8 and IMP version 2.2.8. The relevant patches have been back-ported to version 1.2.6-0.potato.5 of the horde package and version 2.2.6-0.potato.5 of the imp package. This release also fixes a bug introduced by the php security fix from DSA-115-1: the php postgres support changed subtle which broke the postgres support from imp. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.2 alias potato --------------------------------- Potato was released for alpha, arm, i386, m68k, powerpc and sparc. Source archives: MD5 checksum: b77256b8029270a8de5240e8a5533cae MD5 checksum: 85ec854ef905a906997088649a12d60c MD5 checksum: e8c010d3227f4c55e5b5c68b9921aee5 MD5 checksum: a874af4a6ef5ef8b3e5fd59f40db13c2 Architecture independent archives: MD5 checksum: df0fe8f732da4edee3f78202c9e2127a MD5 checksum: ffd216c15b27c1c3449512a5ccaa5af2 These packages will be moved into the stable distribution on its next revision. -- ---------------------------------------------------------------------------- apt-get: deb Debian -- Security Information stable/updates main dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Critical XSS vulnerability patched in Horde andIMP. Refer to Debian Security Advisory DSA-127-2 for additional details.. Debian Security,Cross-Site Scripting,Horde IMAP,Security Patch. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Apr 16, 2002 Critical Debian
Banner 1 1028x280 1708121660 1771599717
87
Ls Advisories Debian Esm H240
Price Tag 1security advisoryremote exploitsoftware update

Debian: DSA-073-1 Severe: IMP Remote Exploits, Threats & Fixes

The Horde team released version 2.2.6 of IMP (a web based IMAP mailprogram) which fixes three security problems. Their release announcementdescribes them as follows:. ------------------------------------------------------------------------ Debian Security Advisory DSA-073-1 This email address is being protected from spambots. You need JavaScript enabled to view it. Debian -- Security Information Wichert Akkerman August 11, 2001 ------------------------------------------------------------------------ Package : imp Problem type : 3 remote exploits Debian-specific: no The Horde team released version 2.2.6 of IMP (a web based IMAP mail program) which fixes three security problems. Their release announcement describes them as follows: 1. A PHPLIB vulnerability allowed an attacker to provide a value for the array element $_PHPLIB[libdir], and thus to get scripts from another server to load and execute. This vulnerability is remotely exploitable. (Horde 1.2.x ships with its own customized version of PHPLIB, which has now been patched to prevent this problem.) 2. By using tricky encodings of "javascript:" an attacker can cause malicious JavaScript code to execute in the browser of a user reading email sent by attacker. (IMP 2.2.x already filters many such patterns; several new ones that were slipping past the filters are now blocked.) 3. A hostile user that can create a publicly-readable file named "prefs.lang" somewhere on the Apache/PHP server can cause that file to be executed as PHP code. The IMP configuration files could thus be read, the Horde database password used to read and alter the database used to store contacts and preferences, etc. We do not believe this is remotely exploitable directly through Apache/PHP/IMP; however, shell access to the server or other means (e.g., FTP) could be used to create this file. This has been fixed in version 2:2.2.6-0.potato.1 . Please note you will also need to upgrade the horde package to the same version. wget url willfetch the file for you dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.2 alias potato --------------------------------- Potato was released for alpha, arm, i386, m68k, powerpc and sparc. Source archives: MD5 checksum: 66f6581b1e5f4417660f490caa24a16f MD5 checksum: 5ae80d5f9a83fdee7887a251fff1ad24 MD5 checksum: 9a63f630e56d3f6a9382dddfc8d74392 MD5 checksum: dfd678eac1cb0942122a9e3c3ae132de MD5 checksum: bee66abb8039518f060cc2b6de06daa6 MD5 checksum: 8f7920c8173e1ef2724cb25a311f9ca8 Architecture independent archives: MD5 checksum: 397e13b5242dda2fe381cd1b8dd43140 MD5 checksum: 22ceec9831933491ce0af72f6f437a9c These packages will be moved into the stable distribution on its next revision. For not yet released architectures please refer to the appropriate directory . -- ---------------------------------------------------------------------------- apt-get: deb Debian -- Security Information stable/updates main dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . The Debian DSA-073-1 advisory details critical security fixes for IMP mail software, addressing remote exploits affecting users.. Debian Security,Horde Update,Remote Exploits,IMPSecurity,EmailProtection. . LinuxSecurity.com Team

Calendar 2 Aug 11, 2001 Debian
87
Ls Advisories Debian Esm H240
Price Tag 1security advisoryremote exploitcritical

Debian: Critical Advisory on Horde and Imp Moderate Remote Exploit

A vulnerability exists that could allow a user to run arbitrary commands on the server.. -----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------------------ Debian Security Advisory This email address is being protected from spambots. You need JavaScript enabled to view it. Debian -- Security Information Wichert Akkerman September 10, 2000 - ------------------------------------------------------------------------ Package : horde and imp Problem type : remote exploit Debian-specific: no imp as distributed in Debian GNU/Linux 2.2 suffered from insufficient checking of user supplied data: the IMP webmail interface did not check the $from variable which contains the sender address for shell metacharacters. This could be used to run arbitrary commands on the server running imp. To fix this horde (the library imp uses) has been modified to sanitize $from, and imp has been patched to improve checking of user input. The updated versions are horde 1.2.1-0 and imp 2.2.1-0, and we strongly recommend you upgrade both packages immediately. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.1 alias slink - --------------------------------- The slink release did not contain horde and imp. Debian GNU/Linux 2.2 alias potato - --------------------------------- Potato was released for the alpha, arm, i386, m68k, powerpc and sparc architectures. Source archives: MD5 checksum: b8043b7e3ffaa77ac7e1d2ceea251d94 MD5 checksum: ac8b3ef0fcb82ea13b17ff3139d64383 MD5 checksum: 6799d4fa13a565fee72c7b24933162f3 MD5 checksum: fb21210aa6e60c47b8387911f353c307 Architecture indendent archives: MD5 checksum: 092bf9089947620cf5b6385a132088bd MD5 checksum: 3e74e9fea07e52726f1c0e50b07c4348 These files will be moved into soon. For not yet released architectures please refer to the appropriate directory . ----------------------------------------------------------------------------- For apt-get: deb Debian -- Security Information stable updates For dpkg-ftp: dists/stable/updates Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. - -- - ---------------------------------------------------------------------------- For apt-get: deb Debian -- Security Information stable updates For dpkg-ftp: dists/stable/updates Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQB1AwUBObuHGajZR/ntlUftAQHJSAL/ZmrCYrulLefKnR43jmkoe2BLYbAP3r7J 0LqdY9PdyOUIoe7NMawTZvD/D7XiKpcHwQ+oddJ6YGYRMwy/6c7fPhoiimPZcqOe MbM+NBpd9n7242XEZEb8Ge3z8DDxHD20 =hBAX -----END PGP SIGNATURE----- . Critical upgrade notice for Horde and Imp due to remote exploit risks. Immediate action is recommended for server security.. Horde Exploits, Imp Security, Debian Issues, Remote Exploits, Command Injection. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Sep 10, 2000 Critical Debian
Banner 1 1028x280 1708121660 1771599717
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here