Alerts This Week
Warning Icon 1 541
Alerts This Week
Warning Icon 1 541

Stay Secure with the Latest Linux Advisories

Ubuntu Large Esm H800
Ubuntu

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H800
Ubuntu

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Calendar White Jun 03, 2026
Critical
Oracle Large Esm H900
Oracle

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Calendar White Jun 03, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Calendar White Jun 02, 2026
moderate
Oracle Large Esm H800
Oracle

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Calendar White Jun 02, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Calendar White Jun 02, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 7 articles for you...
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorydebianprivilege escalation

Debian 11 inetutils Important DLA-4527-1 Privilege Escalation Threat

Several vulnerabilities were discovered in the inetutils implementation of telnetd and telnet, which may result in privilege escalation or information disclosure. CVE-2026-28372 Ron Ben Yizhak from SafeBreach found that the fix for CVE-2026-24061 was. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4527-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Andreas Henriksson April 11, 2026 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : inetutils Version : 2:2.0-1+deb11u4 CVE ID : CVE-2026-28372 CVE-2026-32746 CVE-2026-32772 Debian Bug : 1130741 1130742 Several vulnerabilities were discovered in the inetutils implementation of telnetd and telnet, which may result in privilege escalation or information disclosure. CVE-2026-28372 Ron Ben Yizhak from SafeBreach found that the fix for CVE-2026-24061 was not complete and can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. While Debian bullseye does not include util-linux 2.40 this problem does thus not affect it, but was still addressed in case someone manually updates util-linux and thus exposes this vulnerability. CVE-2026-32746 Adiel Sol, Arad Inbar, Erez Cohen, Nir Somech, Ben Grinberg, Daniel Lubel of DREAM Security Research Team found that the telnetd server has a buffer overflow in the LINEMODE SLC (Set Local Characters) suboption handler. This can lead to potential pre-login remote code execution. CVE-2026-32772 Justin Swartz discovered that telnet allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR. This can lead to information disclosure. For Debian 11 bullseye, these problems have been fixed in version 2:2.0-1+deb11u4. We recommend that you upgrade yourinetutils packages. For the detailed security status of inetutils please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/inetutils Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Discover the Debian LTS DLA-4527-1 advisory detailing critical inetutils vulnerabilities affecting telnet. Immediate updates recommended!. Debian vulnerabilities, inetutils, privilege escalation, telnet security, LTS advisory. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Apr 11, 2026 Important Debian LTS
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydebianprivilege escalation

Ubuntu systemd Privilege Elevation Vulnerabilities DSA-8194-7

Several vulnerabilities were discovered in the inetutils implementation of telnetd and telnet, which may result in privilege escalation or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 2:2.4-2+deb12u3.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6193-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Salvatore Bonaccorso April 03, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : inetutils CVE ID : CVE-2026-32746 CVE-2026-32772 Debian Bug : 1130741 1130742 Several vulnerabilities were discovered in the inetutils implementation of telnetd and telnet, which may result in privilege escalation or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 2:2.4-2+deb12u3. For the stable distribution (trixie), these problems have been fixed in version 2:2.6-3+deb13u3. We recommend that you upgrade your inetutils packages. For the detailed security status of inetutils please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/inetutils Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Addressing privilege escalation and info disclosure risks in Debian inetutils, fixes available for oldstable release.. Debian inetutils security advisory, privilege escalation, information disclosure, security update. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Apr 03, 2026 Important Debian
Banner 3 1028x280 1708121785 1771599793
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorycriticaldebian

Debian trixie inetutils Critical Telnetd Authentication Bypass DSA-6144-1

Ron Ben Yizhak discovered that the inetutils implementation of telnetd didn't sanitise the CREDENTIALS_DIRECTORY environment variable before passing it to the login binary. This could be exploited to bypass authentication and login as root. For the stable distribution (trixie), this problem has been fixed in. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6144-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Salvatore Bonaccorso February 19, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : inetutils CVE ID : not yet available Ron Ben Yizhak discovered that the inetutils implementation of telnetd didn't sanitise the CREDENTIALS_DIRECTORY environment variable before passing it to the login binary. This could be exploited to bypass authentication and login as root. For the stable distribution (trixie), this problem has been fixed in version 2:2.6-3+deb13u2. We recommend that you upgrade your inetutils packages. For the detailed security status of inetutils please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/inetutils Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . inetutils telnetd flaw allows bypass of authentication, leading to potential root access; fix recommended for Debian trixie.. Debian inetutils security telnetd authentication. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Feb 19, 2026 Critical Debian
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisoryUbuntuimportant

Ubuntu 25.10 Inetutils Telnetd Auth Bypass USN-7992-1 CVE-2026-24061

Inetutils could allow unintended access to network services.. ========================================================================== Ubuntu Security Notice USN-7992-1 February 02, 2026 inetutils vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Inetutils could allow unintended access to network services. Software Description: - inetutils: Collection of common network programs Details: Kyu Neushwaistein discovered that telnetd in Inetutils incorrectly handled certain environment variables. A remote attacker could use this issue to bypass authentication and open a session as an administrator. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 inetutils-telnetd 2:2.6-1ubuntu3.1 Ubuntu 24.04 LTS inetutils-telnetd 2:2.5-3ubuntu4.1 Ubuntu 22.04 LTS inetutils-telnetd 2:2.2-2ubuntu0.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7992-1 CVE-2026-24061 Package Information: https://launchpad.net/ubuntu/+source/inetutils/2:2.2-2ubuntu0.2 . Important security update for Ubuntu Inetutils addresses access issues in telnetd that may lead to unauthorized access.. Ubuntu Security, Inetutils, network services, telnetd access, system update. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Feb 03, 2026 Important Ubuntu
Banner 3 1028x280 1708121785 1771599793
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisoryGentooremote code execution

Gentoo inetutils High Remote Code Exec CVE-2026-24061 GLSA 202601-01

A vulnerability has been discovered in the telnetd module of inetutils, which allows remote code execution as root.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202601-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: inetutils: Remote Code Execution Date: January 26, 2026 Bugs: #969065 ID: 202601-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability has been discovered in the telnetd module of inetutils, which allows remote code execution as root. Background ========== Inetutils is a collection of common network programs including a telnet client and server. Affected packages ================= Package Vulnerable Unaffected ------------------ ------------ ------------ net-misc/inetutils < 2.7 > = 2.7 Description =========== The telnetd server invokes /usr/bin/login (normally running as root) passing the value of the USER environment variable received from the client as the last parameter. If the client supply a carefully crafted USER environment value being the string "-f root", and passes the telnet(1) -a or --login parameter to send this USER environment to the server, the client will be automatically logged in as root bypassing normal authentication processes. This happens because the telnetd server do not sanitize the USER environment variable before passing it on to login(1), and login(1) uses the -f parameter to by-pass normal authentication. Impact ====== An attacker can login as root via the telnetd daemon. Workaround ========== Reinstall inetutils with the telnetd USE flag disabled. This is the default in Gentoo. Resolution ========== All inetutils users with the telnetd USE flag enabled should upgradeto the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-misc/inetutils-2.7" References ========== [ 1 ] CVE-2026-24061 https://nvd.nist.gov/vuln/detail/CVE-2026-24061 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202601-01 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2026 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Discover the high severity security flaw in Gentoo's inetutils allowing remote code execution. Update recommended.. Gentoo inetutils security remote code execution. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jan 26, 2026 Critical Gentoo
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorycriticaldebian

Debian 11 inetutils Auth Bypass Vulnerability Allows Remote Shell Access

Kyu Neushwaistein aka Carlos Cortes Alvarez found that inetutils, a collection of common network programs, was vulnerable to an authentication bypass problem in telnetd, which could lead to remote root shell access (if telnetd is enabled and exposed). As described also in the GNU InetUtils security advisory, it is not. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4453-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Andreas Henriksson January 25, 2026 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : inetutils Version : 2:2.0-1+deb11u3 CVE ID : CVE-2026-24061 Debian Bug : 1126047 Kyu Neushwaistein aka Carlos Cortes Alvarez found that inetutils, a collection of common network programs, was vulnerable to an authentication bypass problem in telnetd, which could lead to remote root shell access (if telnetd is enabled and exposed). As described also in the GNU InetUtils security advisory, it is not recommended to run telnetd server at all. At a minimum, restrict network access to the telnet port to trusted clients only. There is after all no encryption built into the telnet protocol, so authentication details would be sent in plain text over the network (which thus needs to be trusted). For more details see the GNU InetUtils Security Advisory: https://lists.gnu.org/archive/html/bug-inetutils/2026-01/msg00004.html For Debian 11 bullseye, this problem has been fixed in version 2:2.0-1+deb11u3. We recommend that you upgrade your inetutils packages. For the detailed security status of inetutils please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/inetutils Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . inetutilsfaces critical authentication bypass, enabling potential remote root access in exposed telnetd services.. Debian Inetutils Authentication Bypass Remote Access. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jan 25, 2026 Critical Debian LTS
Banner 3 1028x280 1708121785 1771599793
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydebianremote access

Debian: inetutils Important Telnetd Login Bypass CVE-2026-24061 DSA-6106-1

Kyu Neushwaistein discovered that telnetd from inetutils does not sanitize the USER environment variable before passing it on to login. A remote attacker can take advantage of this flaw to login as root, bypassing normal authentication processes. For the oldstable distribution (bookworm), this problem has been fixed. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6106-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Salvatore Bonaccorso January 22, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : inetutils CVE ID : CVE-2026-24061 Debian Bug : 1126047 Kyu Neushwaistein discovered that telnetd from inetutils does not sanitize the USER environment variable before passing it on to login. A remote attacker can take advantage of this flaw to login as root, bypassing normal authentication processes. For the oldstable distribution (bookworm), this problem has been fixed in version 2:2.4-2+deb12u2. For the stable distribution (trixie), this problem has been fixed in version 2:2.6-3+deb13u1. We recommend that you upgrade your inetutils packages. For the detailed security status of inetutils please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/inetutils Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Remote access flaw in inetutils telnetd allows attackers to bypass authentication. Upgrade recommended for users.. inetutils login bypass, Debian security update, telnetd vulnerability, remote access flaw, cybersecurity patching. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jan 22, 2026 Important Debian
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorycriticaldebian

Debian 10: DLA-3611-1 Critical: Inetutils Code Execution and Escalation

Security issues were discovered in inetutils, a collection of GNU network utilities, which could lead to privilege escalation or potentially execution of arbitrary code. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3611-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Guilhem Moulin October 08, 2023 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : inetutils Version : 2:1.9.4-7+deb10u3 CVE ID : CVE-2019-0053 CVE-2023-40303 Debian Bug : 945861 1049365 Security issues were discovered in inetutils, a collection of GNU network utilities, which could lead to privilege escalation or potentially execution of arbitrary code. CVE-2019-0053 Thorsten Alteholz discovered that CVE-2019-0053 was patched incorrectly in inetutils 2:1.9.4-7+deb10u3. The original vulnerability remained: inetutils' telnet client doesn't sufficiently validate environment variables, which can lead to stack-based buffer overflows. (This issue is limited to local exploitation from restricted shells.) CVE-2023-40303 Jeffrey Bencteux discovered that several setuid(), setgid(), seteuid() and setguid() return values were not checked in ftpd/ rcp/rlogin/rsh/rshd/uucpd code, which may lead to privilege escalation. For Debian 10 buster, these problems have been fixed in version 2:1.9.4-7+deb10u3. We recommend that you upgrade your inetutils packages. For the detailed security status of inetutils please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/inetutils Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Ubuntu Security Notice USN-3452-1 tackles vulnerabilities in gnome-shell, recommending that usersupdate their systems without delay.. Debian Security Advisory, Inetutils Update, Critical Fix, Privilege Escalation. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Oct 08, 2023 Critical Debian LTS
Banner 3 1028x280 1708121785 1771599793
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here