Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
197
security advisorydebiangolangDebian 11: Moderate CORS Vulnerability in golang-github-gin-contrib-cors
An issue has been found in golang-github-gin-contrib-cors, a Gin middleware/handler to enable CORS support. The issue is related to improper wildcard handling and an attacker might be able to circumvent . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4285-1
Aug 28, 2025
Debian LTS
203
security advisorysecurity updateTomcatMageia 9: MGASA-2024-0267 Critical: Tomcat Resource Consumption Issue
Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed . MGASA-2024-0267 - Updated tomcat packages fix security vulnerability Publication date: 15 Jul 2024 URL: https://advisories.mageia.org/MGASA-2024-0267.html Type: security Affected Mageia releases: 9 CVE: CVE-2024-34750 Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed. (CVE-2024-34750) References: - https://bugs.mageia.org/show_bug.cgi?id=33367 - https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.90 - https://www.cve.org/CVERecord?id=CVE-2024-34750 SRPMS: - 9/core/tomcat-9.0.90-1.mga9 . The security notice MGASA-2024-0267 released for Apache Tomcat points out the vulnerabilities related to the management of HTTP/2 streams in Mageia 9.. Apache Tomcat, Mageia Security, HTTP/2 Exploit, Resource Management, Security Updates. . Severity: Critical. LinuxSecurity.com Team
Jul 15, 2024
•Critical
Mageia
100
security advisoryimportantserver patchSUSE: 2024:2413-1 Important: Tomcat10 Improper Handling
* bsc#1227399 Cross-References: * CVE-2024-34750 . # Security update for tomcat10 Announcement ID: SUSE-SU-2024:2413-1 Rating: important References: * bsc#1227399 Cross-References: * CVE-2024-34750 CVSS scores: * CVE-2024-34750 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * Web and Scripting Module 15-SP5 * Web and Scripting Module 15-SP6 An update that solves one vulnerability can now be installed. ## Description: This update for tomcat10 fixes the following issues: * CVE-2024-34750: Fixed an improper handling of exceptional conditions (bsc#1227399). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-2413=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-2413=1 * Web and Scripting Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP5-2024-2413=1 * Web and Scripting Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP6-2024-2413=1 ## Package List: * openSUSE Leap 15.5 (noarch) * tomcat10-admin-webapps-10.1.25-150200.5.25.1 * tomcat10-servlet-6_0-api-10.1.25-150200.5.25.1 * tomcat10-10.1.25-150200.5.25.1 * tomcat10-lib-10.1.25-150200.5.25.1 * tomcat10-docs-webapp-10.1.25-150200.5.25.1 * tomcat10-jsp-3_1-api-10.1.25-150200.5.25.1 * tomcat10-jsvc-10.1.25-150200.5.25.1 * tomcat10-embed-10.1.25-150200.5.25.1 * tomcat10-webapps-10.1.25-150200.5.25.1 * tomcat10-el-5_0-api-10.1.25-150200.5.25.1 * openSUSE Leap 15.6 (noarch) * tomcat10-admin-webapps-10.1.25-150200.5.25.1 * tomcat10-servlet-6_0-api-10.1.25-150200.5.25.1 * tomcat10-10.1.25-150200.5.25.1 * tomcat10-lib-10.1.25-150200.5.25.1 * tomcat10-docs-webapp-10.1.25-150200.5.25.1 * tomcat10-doc-10.1.25-150200.5.25.1 * tomcat10-jsp-3_1-api-10.1.25-150200.5.25.1 * tomcat10-jsvc-10.1.25-150200.5.25.1 * tomcat10-embed-10.1.25-150200.5.25.1 * tomcat10-webapps-10.1.25-150200.5.25.1 * tomcat10-el-5_0-api-10.1.25-150200.5.25.1 * Web and Scripting Module 15-SP5 (noarch) * tomcat10-admin-webapps-10.1.25-150200.5.25.1 * tomcat10-servlet-6_0-api-10.1.25-150200.5.25.1 * tomcat10-10.1.25-150200.5.25.1 * tomcat10-lib-10.1.25-150200.5.25.1 * tomcat10-jsp-3_1-api-10.1.25-150200.5.25.1 * tomcat10-webapps-10.1.25-150200.5.25.1 * tomcat10-el-5_0-api-10.1.25-150200.5.25.1 * Web and Scripting Module 15-SP6 (noarch) * tomcat10-admin-webapps-10.1.25-150200.5.25.1 * tomcat10-servlet-6_0-api-10.1.25-150200.5.25.1 * tomcat10-10.1.25-150200.5.25.1 * tomcat10-lib-10.1.25-150200.5.25.1 * tomcat10-jsp-3_1-api-10.1.25-150200.5.25.1 * tomcat10-webapps-10.1.25-150200.5.25.1 * tomcat10-el-5_0-api-10.1.25-150200.5.25.1 ## References: * https://www.suse.com/security/cve/CVE-2024-34750.html * https://bugzilla.suse.com/show_bug.cgi?id=1227399 . Important new tomcat10 release tackles vulnerabilities on openSUSE systems, promoting enhanced security for server administration and workflows.. openSUSE Security Update, tomcat10 Patch, Server Maintenance. . Severity: Important. LinuxSecurity.com Team
Jul 11, 2024
•Important
SuSE
91
security advisorygentoothreatGentoo: GLSA 202007-56 Normal: Claws Mail STARTTLS Handling Threat
A vulnerability was discovered in Claws Mail's STARTTLS handling, possibly allowing an integrity/confidentiality compromise.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202007-56 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Claws Mail: Improper STARTTLS handling Date: July 28, 2020 Bugs: #733684 ID: 202007-56 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability was discovered in Claws Mail's STARTTLS handling, possibly allowing an integrity/confidentiality compromise. Background ========= Claws Mail is a GTK based e-mail client. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mail-client/claws-mail < 3.17.6 > = 3.17.6 Description ========== It was discovered that Claws Mail was not properly handling state within the STARTTLS protocol handshake. Impact ===== There may be a breach of integrity or confidentiality in connections made using Claws Mail with STARTTLS. Workaround ========= There is no known workaround at this time. Resolution ========= All Claws Mail users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =mail-client/claws-mail-3.17.6" References ========= [ 1 ] CVE-2020-15917 https://nvd.nist.gov/vuln/detail/CVE-2020-15917 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202007-56 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuringthe confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jul 28, 2020
Gentoo
203
security advisorysecurity updatebuffer overflowMageia: 2019-0302 Moderate: Java 1.8.0-OpenJDK Buffer Overflow Issues
The updated packages fix several bugs and some security issues: Missing restrictions on use of custom SocketImpl (Networking, 8218573). (CVE-2019-2945) . MGASA-2019-0302 - Updated java-1.8.0-openjdk packages fix security vulnerabilities Publication date: 23 Oct 2019 URL: https://advisories.mageia.org/MGASA-2019-0302.html Type: security Affected Mageia releases: 7 CVE: CVE-2019-2945, CVE-2019-2949, CVE-2019-2962, CVE-2019-2964, CVE-2019-2973, CVE-2019-2975, CVE-2019-2978, CVE-2019-2981, CVE-2019-2983, CVE-2019-2987, CVE-2019-2988, CVE-2019-2989, CVE-2019-2992, CVE-2019-2999 The updated packages fix several bugs and some security issues: Missing restrictions on use of custom SocketImpl (Networking, 8218573). (CVE-2019-2945) Improper handling of Kerberos proxy credentials (Kerberos, 8220302). (CVE-2019-2949) NULL pointer dereference in DrawGlyphList (2D, 8222690). (CVE-2019-2962) Unexpected exception thrown by Pattern processing crafted regular expression (Concurrency, 8222684). (CVE-2019-2964) Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505). (CVE-2019-2973) Unexpected exception thrown during regular expression processing in Nashorn (Scripting, 8223518). (CVE-2019-2975) Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892). (CVE-2019-2978) Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532). (CVE-2019-2981) Unexpected exception thrown during Font object deserialization (Serialization, 8224915). (CVE-2019-2983) Missing glyph bitmap image dimension check in FreetypeFontScaler (2D, 8225286). (CVE-2019-2987) Integer overflow in bounds check in SunGraphics2D (2D, 8225292). (CVE-2019-2988) Incorrect handling of HTTP proxy responses in HttpURLConnection (Networking, 8225298). (CVE-2019-2989) Excessive memory allocation in CMap when reading TrueType font (2D, 8225597). (CVE-2019-2992) Insufficient filtering of HTML event attributesin Javadoc (Javadoc, 8226765). (CVE-2019-2999) References: - https://bugs.mageia.org/show_bug.cgi?id=25576 - https://access.redhat.com/errata/RHSA-2019:3128 - https://www.oracle.com/security-alerts/cpuoct2019.html - https://www.cve.org/CVERecord?id=CVE-2019-2945 - https://www.cve.org/CVERecord?id=CVE-2019-2949 - https://www.cve.org/CVERecord?id=CVE-2019-2962 - https://www.cve.org/CVERecord?id=CVE-2019-2964 - https://www.cve.org/CVERecord?id=CVE-2019-2973 - https://www.cve.org/CVERecord?id=CVE-2019-2975 - https://www.cve.org/CVERecord?id=CVE-2019-2978 - https://www.cve.org/CVERecord?id=CVE-2019-2981 - https://www.cve.org/CVERecord?id=CVE-2019-2983 - https://www.cve.org/CVERecord?id=CVE-2019-2987 - https://www.cve.org/CVERecord?id=CVE-2019-2988 - https://www.cve.org/CVERecord?id=CVE-2019-2989 - https://www.cve.org/CVERecord?id=CVE-2019-2992 - https://www.cve.org/CVERecord?id=CVE-2019-2999 SRPMS: - 7/core/java-1.8.0-openjdk-1.8.0.232-1.b09.2.mga7 . Recent updates to java-1.8.0-openjdk packages tackle significant security vulnerabilities, including thorough CVE citations and corresponding severity ratings.. java security update, Mageia packages, security advisories, application vulnerabilities. . LinuxSecurity.com Team
Oct 23, 2019
Mageia
200
security advisoryimportantdovecotSciLinux: SLSA-2019:2885-1 Important: Dovecot Out Of Bounds Write Risk
* dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes (CVE-2019-11500) . Synopsis: Important: dovecot security update Advisory ID: SLSA-2019:2885-1 Issue Date: 2019-09-23 CVE Numbers: CVE-2019-11500 --* dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes (CVE-2019-11500) --SL6 x86_64 dovecot-2.0.9-22.el6_10.1.i686.rpm dovecot-2.0.9-22.el6_10.1.x86_64.rpm dovecot-debuginfo-2.0.9-22.el6_10.1.i686.rpm dovecot-debuginfo-2.0.9-22.el6_10.1.x86_64.rpm dovecot-mysql-2.0.9-22.el6_10.1.x86_64.rpm dovecot-pgsql-2.0.9-22.el6_10.1.x86_64.rpm dovecot-pigeonhole-2.0.9-22.el6_10.1.x86_64.rpm dovecot-devel-2.0.9-22.el6_10.1.x86_64.rpm i386 dovecot-2.0.9-22.el6_10.1.i686.rpm dovecot-debuginfo-2.0.9-22.el6_10.1.i686.rpm dovecot-mysql-2.0.9-22.el6_10.1.i686.rpm dovecot-pgsql-2.0.9-22.el6_10.1.i686.rpm dovecot-pigeonhole-2.0.9-22.el6_10.1.i686.rpm dovecot-devel-2.0.9-22.el6_10.1.i686.rpm - Scientific Linux Development Team . Important patch for Dovecot resolving issues related to incorrect handling of NULL byte vulnerabilities on SL6.x environments.. dovecot, out of bounds, SL6 security advisory. . Severity: Important. LinuxSecurity.com Team
Sep 23, 2019
•Important
Scientific Linux
89
security advisoryFedoracode executionFedora 27: 2018: A10C1D234E Critical: VIM-Syntastic Code Execution
new upstream release v3.9.0. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-a10c1d234e 2018-08-08 15:32:12.724729 --------------------------------------------------------------------------------Name : vim-syntastic Product : Fedora 27 Version : 3.9.0 Release : 1.fc27 URL : https://github.com/vim-syntastic/syntastic Summary : A vim plugins to check syntax for programming languages Description : Syntastic is a syntax checking plugin that runs files through external syntax checkers and displays any resulting errors to the user. This can be done on demand, or automatically as files are saved. If syntax errors are detected, the user is notified and is happy because they didn't have to compile their code or execute their script to find them. --------------------------------------------------------------------------------Update Information: new upstream release v3.9.0 --------------------------------------------------------------------------------ChangeLog: * Mon Apr 23 2018 Pavel Raiskup - 3.9.0-1 - new upstream release, per release notes: https://github.com/vim-syntastic/syntastic/releases/tag/3.9.0 * Tue Apr 10 2018 Philippe Makowski - 3.8.0-12 - add text subpackage, fix rhbz#1562001 * Fri Feb 9 2018 Fedora Release Engineering - 3.8.0-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1580432 - CVE-2018-11319 vim-syntastic: Improper handling of searches for configuration files can lead to arbitrary code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1580432 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-a10c1d234e' at the command line. For more information, refer to the dnfdocumentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Aug 08, 2018
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!