Stay Vigilant with Timely Linux Security Advisories

Refine advisories

X Clear Filters

Important (4)

Python Imaging Library (3)

Ubuntu (4953)

denial of service (18313)

pillow (31)

security advisory (115043)

vulnerability (1826)

DoS (7091)

code execution (4150)

importance (139)

poppler (257)

Fedora (3)

OpenSUSE (1)

Published Date Range

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Linux Advisory Watch

Linux Security Week

Community Poll

More Polls

What got you started with Linux?

Message!

Self-taught through trial and error
Formal training or courses
A job that required it
Other

No answer selected. Please try again.

Please select either existing option or enter your own, however not both.

Please select minimum {0} answer(s).

Please select maximum {0} answer(s).

/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json

150

radio

Self-taught through trial and error (78.51%)

78.51% votes

Formal training or courses (4.3%)

4.3% votes

A job that required it (4.87%)

4.87% votes

Other (12.32%)

12.32% votes

[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

bottom 200

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

We found -5 articles for you...

security advisoryFedoraapplication update

Fedora 37: php-Smarty Security Advisory - Injection Attack Prevention

## [3.1.47] - 2022-09-14 ### Security - Applied appropriate javascript and html escaping in mailto plugin to counter injection attacks [#454](https://github.com/smarty-php/smarty/issues/454) ### Fixed - Fixed use of `rand()` without a parameter in math function [#794](https://github.com/smarty-php/smarty/issues/794) - Fixed unselected. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-d5fc9dcdd7 2022-11-10 22:04:44.630537 --------------------------------------------------------------------------------Name : php-Smarty Product : Fedora 37 Version : 3.1.47 Release : 1.fc37 URL : https://www.smarty.net/ Summary : Smarty - the compiling PHP template engine Description : Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. This implies that PHP code is application logic, and is separated from the presentation. Autoloader: /usr/share/php/Smarty/autoload.php --------------------------------------------------------------------------------Update Information: ## [3.1.47] - 2022-09-14 ### Security - Applied appropriate javascript and html escaping in mailto plugin to counter injection attacks [#454](https://github.com/smarty-php/smarty/issues/454) ### Fixed - Fixed use of `rand()` without a parameter in math function [#794](https://github.com/smarty-php/smarty/issues/794) - Fixed unselected year/month/day not working in html_select_date [#395](https://github.com/smarty-php/smarty/issues/395) ## [3.1.46] - 2022-08-01 ### Fixed - Fixed problems with smarty_mb_str_replace [#549](https://github.com/smarty-php/smarty/issues/549) - Fixed second parameter of unescape modifier not working [#777](https://github.com/smarty-php/smarty/issues/777) ## [3.1.45] -2022-05-17 ### Security - Prevent PHP injection through malicious block name or include file name. This addresses CVE-2022-29221 ### Fixed - Math equation `max(x, y)` didn't workanymore [#721](https://github.com/smarty-php/smarty/issues/721) ## [3.1.44] - 2022-01-18 ### Fixed - Fixed illegal characters bug in math function security check [#702](https://github.com/smarty-php/smarty/issues/702) ## [3.1.43] - 2022-01-10 ### Security - Prevent evasion of the `static_classes` security policy. This addresses CVE-2021-21408 ## [3.1.42] - 2022-01-10 ### Security - Prevent arbitrary PHP code execution through maliciously crafted expression for the math function. This addresses CVE-2021-29454 ## [3.1.41] - 2022-01-09 ### Security - Rewrote the mailto function to not use `eval` when encoding with javascript ## [3.1.40] -2021-10-13 ### Changed - modifier escape now triggers a E_USER_NOTICE when an unsupported escape type is used https://github.com/smarty-php/smarty/pull/649 ### Security - More advanced javascript escaping to handle https://html.spec.whatwg.org/multipage/scripting.html#restrictions-for-contents-of-script-elements thanks to m-haritonov ## [3.1.39] - 2021-02-17 ### Security - Prevent access to `$smarty.template_object` in sandbox mode. This addresses CVE-2021-26119. - Fixed code injection vulnerability by using illegal function names in `{function name='blah'}{/function}`. This addresses CVE-2021-26120. ## [3.1.38] - 2021-01-08 ### Fixed - Smarty::SMARTY_VERSION wasn't updated https://github.com/smarty-php/smarty/issues/628 ## [3.1.37] - 2021-01-07 ### Changed - Changed error handlers and handling of undefined constants for php8-compatibility (set $errcontext argument optional) https://github.com/smarty-php/smarty/issues/605 - Changed expected error levels in unit tests for php8-compatibility - Travis unit tests now run for all php versions > = 5.3, including php8 - Travis runs on Xenial where possible ### Fixed - PHP5.3 compatibility fixes - Brought lexer source functionally up-to-date with compiled version ## [3.1.36] - 2020-04-14 ### Fixed -Smarty::SMARTY_VERSION wasn't updated in v3.1.35 https://github.com/smarty-php/smarty/issues/584 ##[3.1.35] - 2020-04-14 - remove whitespaces after comments https://github.com/smarty-php/smarty/issues/447 - fix foreachelse on arrayiterators https://github.com/smarty-php/smarty/issues/506 - fix files contained in git export archive for package maintainers https://github.com/smarty-php/smarty/issues/325 - throw SmartyException when setting caching attributes for cacheable plugin https://github.com/smarty-php/smarty/issues/457 - fix errors that occured where isset was replaced with null check such as https://github.com/smarty-php/smarty/issues/453 - unit tests are now in the repository ## 3.1.34 release - 05.11.2019 13.01.2020 - fix typo in exception message (JercSi) - fix typehint warning with callable (bets4breakfast) - add travis badge and compatability info to readme (matks) -fix stdClass cast when compiling foreach (carpii) - fix wrong set/get methods for memcached (IT-Experte) - fix pborm assigning value to object variables in smarty_internal_compile_assign (Hunman) - exclude error_reporting.ini from git export (glensc) ## 3.1.34-dev-6 - 30.10.2018 - bugfix a nested subblock in an inheritance child template was not replace by outer level block with same name in same child template https://github.com/smarty-php/smarty/issues/500 29.10.2018 - bugfix Smarty::$php_handling == PHP_PASSTHRU (default) did eat the "\n" (newline) character if it did directly followed a PHP tag like "?> " or other https://github.com/smarty-php/smarty/issues/501 14.10.2018 - bugfix autoloader exit shortcut https://github.com/smarty-php/smarty/issues/467 11.10.2018 - bugfix {insert} not works when caching is enabled and included template is present https://github.com/smarty-php/smarty/issues/496 - bugfix in date-format modifier; NULL at date string or default_date did not produce correct output https://github.com/smarty-php/smarty/pull/458 09.10.2018 -bugfix fix of 26.8.2017 https://github.com/smarty-php/smarty/issues/327 modifier is applied to sum expressionhttps://github.com/smarty-php/smarty/issues/491 - bugfix indexed arrays could not be defined "array(...)"" 18.09.2018 - bugfix large plain text template sections without a Smarty tag > 700kB could could fail in version 3.1.32 and 3.1.33 because PHP preg_match() restrictions https://github.com/smarty-php/smarty/issues/488 --------------------------------------------------------------------------------ChangeLog: * Fri Oct 14 2022 Shawn Iwinski - 3.1.47-1 - Update to 3.1.47 - CVE-2022-29221 (RHBZ #2088250, 2088251) - CVE-2021-29454 (RHBZ #2044970, 2044971) - CVE-2021-21408 (RHBZ #2043595, 2043596) - Security update (RHBZ #2126854, 2126855, 2126856) --------------------------------------------------------------------------------References: [ 1 ] Bug #2043595 - CVE-2021-21408 php-Smarty: template authors could run restricted static php methods [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2043595 [ 2 ] Bug #2043596 - CVE-2021-21408 php-Smarty: template authors could run restricted static php methods [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=2043596 [ 3 ] Bug #2044970 - CVE-2021-29454 php-Smarty: template authors could run arbitrary PHP code by crafting a malicious math string [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2044970 [ 4 ] Bug #2044971 - CVE-2021-29454 php-Smarty: template authors could run arbitrary PHP code by crafting a malicious math string [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=2044971 [ 5 ] Bug #2088250 - CVE-2022-29221 php-Smarty: php injection via malicious block name or include file name [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2088250 [ 6 ] Bug #2088251 - CVE-2022-29221 php-Smarty: php injection via malicious block name or include file name [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=2088251 [ 7 ] Bug #2126855 - php-Smarty: javascript injection in mailto function [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=2126855 [ 8 ] Bug #2126856 - php-Smarty: javascript injection in mailto function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2126856 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-d5fc9dcdd7' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Fedora Release Bulletin highlights vulnerabilities in php-Symlink, presenting comprehensive information on the corrections and enhancements made.. Fedora Update, php Smarty Security, Template Engine Update, Injection Prevention, Security Fixes. . Severity: Important. LinuxSecurity.com Team

Nov 10, 2022 •Important Fedora

202

security advisoryimportant updateopenSUSE

openSUSE 15.3: 2021:2941-1 Important Sssd Shell Command Injection

An update that solves one vulnerability and has two fixes is now available. . openSUSE Security Update: Security update for sssd ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:2941-1 Rating: important References: #1183735 #1187120 #1189492 Cross-References: CVE-2021-3621 CVSS scores: CVE-2021-3621 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for sssd fixes the following issues: - CVE-2021-3621: Fixed shell command injection in sssctl via the logs-fetch and cache-expire subcommands (bsc#1189492). - Add LDAPS support for the AD provider (bsc#1183735). - Improve logs to record the reason why internal watchdog terminates a process (bsc#1187120). - Fix watchdog not terminating tasks (bsc#1187120). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-2941=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.16.1-23.11.1 libipa_hbac0-1.16.1-23.11.1 libipa_hbac0-debuginfo-1.16.1-23.11.1 libnfsidmap-sss-1.16.1-23.11.1 libnfsidmap-sss-debuginfo-1.16.1-23.11.1 libsss_certmap-devel-1.16.1-23.11.1 libsss_certmap0-1.16.1-23.11.1 libsss_certmap0-debuginfo-1.16.1-23.11.1 libsss_idmap-devel-1.16.1-23.11.1 libsss_idmap0-1.16.1-23.11.1 libsss_idmap0-debuginfo-1.16.1-23.11.1 libsss_nss_idmap-devel-1.16.1-23.11.1 libsss_nss_idmap0-1.16.1-23.11.1 libsss_nss_idmap0-debuginfo-1.16.1-23.11.1 libsss_simpleifp-devel-1.16.1-23.11.1 libsss_simpleifp0-1.16.1-23.11.1 libsss_simpleifp0-debuginfo-1.16.1-23.11.1 python3-ipa_hbac-1.16.1-23.11.1 python3-ipa_hbac-debuginfo-1.16.1-23.11.1 python3-sss-murmur-1.16.1-23.11.1 python3-sss-murmur-debuginfo-1.16.1-23.11.1 python3-sss_nss_idmap-1.16.1-23.11.1 python3-sss_nss_idmap-debuginfo-1.16.1-23.11.1 python3-sssd-config-1.16.1-23.11.1 python3-sssd-config-debuginfo-1.16.1-23.11.1 sssd-1.16.1-23.11.1 sssd-ad-1.16.1-23.11.1 sssd-ad-debuginfo-1.16.1-23.11.1 sssd-common-1.16.1-23.11.1 sssd-common-debuginfo-1.16.1-23.11.1 sssd-dbus-1.16.1-23.11.1 sssd-dbus-debuginfo-1.16.1-23.11.1 sssd-debugsource-1.16.1-23.11.1 sssd-ipa-1.16.1-23.11.1 sssd-ipa-debuginfo-1.16.1-23.11.1 sssd-krb5-1.16.1-23.11.1 sssd-krb5-common-1.16.1-23.11.1 sssd-krb5-common-debuginfo-1.16.1-23.11.1 sssd-krb5-debuginfo-1.16.1-23.11.1 sssd-ldap-1.16.1-23.11.1 sssd-ldap-debuginfo-1.16.1-23.11.1 sssd-proxy-1.16.1-23.11.1 sssd-proxy-debuginfo-1.16.1-23.11.1 sssd-tools-1.16.1-23.11.1 sssd-tools-debuginfo-1.16.1-23.11.1 sssd-wbclient-1.16.1-23.11.1 sssd-wbclient-debuginfo-1.16.1-23.11.1 sssd-wbclient-devel-1.16.1-23.11.1 sssd-winbind-idmap-1.16.1-23.11.1 sssd-winbind-idmap-debuginfo-1.16.1-23.11.1 References: https://www.suse.com/security/cve/CVE-2021-3621.html https://bugzilla.suse.com/1183735 https://bugzilla.suse.com/1187120 https://bugzilla.suse.com/1189492 . A significant enhancement for Fedora tackles a vulnerabilities in audacity alongside various improvements.. openSUSE security update, sssd commands, Linux security patches. . Severity: Important. LinuxSecurity.com Team

Sep 03, 2021 •Important OpenSUSE

security advisorymoderatesecurity issue

Ubuntu 20.04: 2020-72dcac134f Important: Enhanced Application Security

harden the binaries (rhbz#1548670). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-49ab80333f 2018-04-15 02:32:41.336876 --------------------------------------------------------------------------------Name : star Product : Fedora 28 Version : 1.5.3 Release : 12.fc28 URL : Summary : An archiving tool with ACL support Description : Star saves many files together into a single tape or disk archive, and can restore individual files from the archive. Star supports ACL. --------------------------------------------------------------------------------Update Information: harden the binaries (rhbz#1548670) --------------------------------------------------------------------------------References: [ 1 ] Bug #1548670 - star: Partial build flags injection https://bugzilla.redhat.com/show_bug.cgi?id=1548670 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade star' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. . The latest Fedora 28 patch enhances the security of the star utility. It reinforces binary protections and rectifies injection vulnerabilities, ensuring improved overall performance.. Fedora 28 Update,Binary Security Hardening,Star Tool Security,Injection Fix. . Severity: Important. LinuxSecurity.com Team

Apr 15, 2018 •Important Fedora

security advisorysecurity updatefedora

Fedora 24 wget Security Advisory for CRLF Injection Risk

Fixed CVE-2017-6508: CRLF injection in the url_parse function in url.c. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-ed1c665a3f 2017-06-10 02:26:23.692686 --------------------------------------------------------------------------------Name : wget Product : Fedora 24 Version : 1.18 Release : 2.fc24 URL : http://www.gnu.org/software/wget/ Summary : A utility for retrieving files using the HTTP or FTP protocols Description : GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with FTP servers and Range with HTTP servers to retrieve files over slow or unstable connections, support for Proxy servers, and configurability. --------------------------------------------------------------------------------Update Information: Fixed CVE-2017-6508: CRLF injection in the url_parse function in url.c --------------------------------------------------------------------------------References: [ 1 ] Bug #1429984 - CVE-2017-6508 wget: CRLF injection in the url_parse function in url.c https://bugzilla.redhat.com/show_bug.cgi?id=1429984 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade wget' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announcemailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. . Corrections implemented for wget in Fedora 24, rectifying CRLF injection vulnerabilities within the url_parse function, incorporating essential security enhancements.. CVE Fixes, Wget Security Update, Injection Threat Resolution. . Severity: Important. LinuxSecurity.com Team

Jun 10, 2017 •Important Fedora

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Linux Advisory Watch

Linux Security Week

Community Poll

More Polls

What got you started with Linux?

Message!

Self-taught through trial and error
Formal training or courses
A job that required it
Other

No answer selected. Please try again.

Please select either existing option or enter your own, however not both.

Please select minimum {0} answer(s).

Please select maximum {0} answer(s).

/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json

150

radio

Self-taught through trial and error (78.51%)

78.51% votes

Formal training or courses (4.3%)

4.3% votes

A job that required it (4.87%)

4.87% votes

Other (12.32%)

12.32% votes

bottom 200

Stay Secure with the Latest Linux Advisories

openSUSE Chromedriver Moderate Security Issues Fixed 2026-10958-1

openSUSE Tumbleweed libmozjs Moderate Update CVE-2025-70103

openSUSE Tumbleweed Perl HTML Parser Moderate CVE-2026-8829 Advisory

openSUSE Tumbleweed kernel-devel Moderate Security Issue 2026-10954-1

openSUSE Tumbleweed Gleam Moderate Threat Fixed 2026-10953-1

Ubuntu 25.10 Systemd Critical Arbitrary Code Exec DNS Issues USN-8402-1

openSUSE Epiphany Important Password Handling Issue CVE-2023-26081

Ubuntu 26.04 LTS 8399-1 Pillow Denial of Service Risk CVE-2026-42308

Ubuntu 26.04 LTS Poppler Critical DoS Code Execution Vuln USN-8400-1

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

Fedora 37: php-Smarty Security Advisory - Injection Attack Prevention

openSUSE 15.3: 2021:2941-1 Important Sssd Shell Command Injection

Ubuntu 20.04: 2020-72dcac134f Important: Enhanced Application Security

Fedora 24 wget Security Advisory for CRLF Injection Risk

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

openSUSE Chromedriver Moderate Security Issues Fixed 2026-10958-1

openSUSE Tumbleweed libmozjs Moderate Update CVE-2025-70103

openSUSE Tumbleweed Perl HTML Parser Moderate CVE-2026-8829 Advisory

openSUSE Tumbleweed kernel-devel Moderate Security Issue 2026-10954-1

openSUSE Tumbleweed Gleam Moderate Threat Fixed 2026-10953-1

Ubuntu 25.10 Systemd Critical Arbitrary Code Exec DNS Issues USN-8402-1

openSUSE Epiphany Important Password Handling Issue CVE-2023-26081

Ubuntu 26.04 LTS 8399-1 Pillow Denial of Service Risk CVE-2026-42308

Ubuntu 26.04 LTS Poppler Critical DoS Code Execution Vuln USN-8400-1

Refine advisories

severity

Topics

Distro

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!