Alerts This Week
Warning Icon 1 684
Alerts This Week
Warning Icon 1 684

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -3 articles for you...
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisorydenial of serviceUbuntu

Ubuntu 25.04: node-cipher-base Important Input Manipulation USN-7746-1

cipher-base could be made to stall or return incorrect hash values if it received specially crafted input.. ========================================================================== Ubuntu Security Notice USN-7746-1 September 11, 2025 node-cipher-base vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: cipher-base could be made to stall or return incorrect hash values if it received specially crafted input. Software Description: - node-cipher-base: abstract base class for crypto-streams Details: Nikita Skovoroda discovered that cipher-base did not properly manage certain inputs. An attacker could possibly use this issue to manipulate the internal state of hash functions, resulting in hash collisions, denial of service, or other unspecified impact. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 node-cipher-base 1.0.4-6+deb13u1ubuntu0.25.04.1 Ubuntu 24.04 LTS node-cipher-base 1.0.4-6+deb13u1ubuntu0.24.04.1 Ubuntu 22.04 LTS node-cipher-base 1.0.4-6+deb13u1ubuntu0.22.04.1 Ubuntu 20.04 LTS node-cipher-base 1.0.4-4ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 18.04 LTS node-cipher-base 1.0.4-1ubuntu0.1~esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7746-1 CVE-2025-9287 Package Information: https://launchpad.net/ubuntu/+source/node-cipher-base/1.0.4-6+deb13u1ubuntu0.25.04.1 https://launchpad.net/ubuntu/+source/node-cipher-base/1.0.4-6+deb13u1ubuntu0.24.04.1 . Follow these steps to fix the security vulnerability in node-cipher-base on Ubuntu: updatethe repository, check for upgrades, and confirm the package version.. node-cipher-base update, security advisory for Ubuntu, denial of service risk. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Sep 11, 2025 Important Ubuntu
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorydenial of servicecode execution

Debian 11 bullseye DLA-4147-1 moderate: fig2dev code execution and DoS

Multiple vulnerabilities were found in fig2dev, a utility for converting XFig figure files, which could lead to code execution or denial of service upon specially crafted input files. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-4147-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Guilhem Moulin April 30, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : fig2dev Version : 1:3.2.8-3+deb11u3 CVE ID : CVE-2025-46397 CVE-2025-46398 CVE-2025-46399 CVE-2025-46400 Multiple vulnerabilities were found in fig2dev, a utility for converting XFig figure files, which could lead to code execution or denial of service upon specially crafted input files. CVE-2025-46397 A stack overflow vulnerability could allow code execution via local input manipulation via bezier_spline() function. CVE-2025-46398 A stack overflow vulnerability could allow code execution via local input manipulation via read_objects() function. CVE-2025-46399 A segmentation fault issue could lead to denial of service via local input manipulation via genge_itp_spline() function. CVE-2025-46400 A segmentation fault issue could lead to denial of service via local input manipulation via read_arcobject() function. For Debian 11 bullseye, these problems have been fixed in version 1:3.2.8-3+deb11u3. We recommend that you upgrade your fig2dev packages. For the detailed security status of fig2dev please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/fig2dev Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Debian LTS advisory DLA-4147-1 highlights critical vulnerabilities in fig2dev, allowing unauthorized codeexecution and potential service disruptions, jeopardizing system integrity. Debian LTS, fig2dev update, security threats, code execution, denial of service. . LinuxSecurity.com Team

Calendar 2 Apr 30, 2025 Debian LTS
Banner 4 1028x280 1708121825 1771600306
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorydenial of servicedebian

Debian: DLA-3267-1 Critical: libxstream-java Denial Of Service

XStream serializes Java objects to XML and back again. Versions prior to 1.4.11.1-1+deb10u4 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation of the processed input stream. The attack uses the hash code . -------------------------------------------------------------------------Debian LTS Advisory DLA-3267-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Markus Koschany January 11, 2023 https://wiki.debian.org/LTS -------------------------------------------------------------------------Package : libxstream-java Version : 1.4.11.1-1+deb10u4 CVE ID : CVE-2022-41966 Debian Bug : 1027754 XStream serializes Java objects to XML and back again. Versions prior to 1.4.11.1-1+deb10u4 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation of the processed input stream. The attack uses the hash code implementation for collections and maps to force recursive hash calculation causing a stack overflow. This update handles the stack overflow and raises an InputManipulationException instead. For Debian 10 buster, this problem has been fixed in version 1.4.11.1-1+deb10u4. We recommend that you upgrade your libxstream-java packages. For the detailed security status of libxstream-java please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/libxstream-java Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Ubuntu Security Notice USN-4900-1 fixes vulnerabilities in libjpeg-turbo that may lead to remote code execution if exploited, ensuring system integrity with this update. libxstream-java, Denial of Service Mitigation, remote attack. .Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jan 11, 2023 Critical Debian LTS
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorycriticalFedora

Fedora 34: FEDORA-2021-b21bbfa198 Critical: PhpMailer Input Manipulation

**Version 6.4.1** (April 29th, 2021) * **SECURITY** Fixes CVE-2020-36326, a regression of CVE-2018-19296 object injection introduced in 6.1.8, see SECURITY.md for details * Reject more file paths that look like URLs, matching RFC3986 spec, blocking URLS using schemes such as `ssh2` * Ensure method signature consistency in `doCallback` calls * Ukrainian language update * Add. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-b21bbfa198 2021-05-12 05:41:31.251870 --------------------------------------------------------------------------------Name : php-phpmailer6 Product : Fedora 34 Version : 6.4.1 Release : 1.fc34 URL : https://github.com/PHPMailer/PHPMailer Summary : Full-featured email creation and transfer class for PHP Description : PHPMailer - A full-featured email creation and transfer class for PHP Class Features * Probably the world's most popular code for sending email from PHP! * Used by many open-source projects: WordPress, Drupal, 1CRM, SugarCRM, Yii, Joomla! and many more * Integrated SMTP support - send without a local mail server * Send emails with multiple To, CC, BCC and Reply-to addresses * Multipart/alternative emails for mail clients that do not read HTML email * Add attachments, including inline * Support for UTF-8 content and 8bit, base64, binary, and quoted-printable encodings * SMTP authentication with LOGIN, PLAIN, CRAM-MD5 and XOAUTH2 mechanisms over SSL and SMTP+STARTTLS transports * Validates email addresses automatically * Protect against header injection attacks * Error messages in 47 languages! * DKIM and S/MIME signing support * Compatible with PHP 5.5 and later * Namespaced to prevent name clashes * Much more! Autoloader: /usr/share/php/PHPMailer/PHPMailer6/autoload.php --------------------------------------------------------------------------------Update Information: **Version 6.4.1** (April 29th, 2021) * **SECURITY** FixesCVE-2020-36326, a regression of CVE-2018-19296 object injection introduced in 6.1.8, see SECURITY.md for details * Reject more file paths that look like URLs, matching RFC3986 spec, blocking URLS using schemes such as `ssh2` * Ensure method signature consistency in `doCallback` calls * Ukrainian language update * Add composer scripts for checking coding standards and running tests --------------------------------------------------------------------------------ChangeLog: * Mon May 3 2021 Remi Collet - 6.4.1-1 - update to 6.4.1 --------------------------------------------------------------------------------References: [ 1 ] Bug #1955757 - CVE-2020-36326 php-phpmailer6: Object injection through Phar Deserialization via addAttachment with a UNC pathname [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1955757 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-b21bbfa198' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . This patch for php-phpmailer6 addressesvulnerabilities concerning object injection and directory traversal in Fedora.. phpmailer security fixes,file path validation,object injection. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 May 12, 2021 Critical Fedora
Banner 4 1028x280 1708121825 1771600306
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisorycriticaldirectory traversal

Ubuntu 20.10, 20.04 LTS: USN-4707-1 Critical TCMU Input Threat

tcmu could be made to crash if it received specially crafted input.. =========================================================================Ubuntu Security Notice USN-4707-1 January 28, 2021 tcmu vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.10 - Ubuntu 20.04 LTS Summary: tcmu could be made to crash if it received specially crafted input. Software Description: - tcmu: TCM-Userspace backend Details: It was discovered that TCMU lacked a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: libtcmu2 1.5.2-5ubuntu0.20.10.1 tcmu-runner 1.5.2-5ubuntu0.20.10.1 Ubuntu 20.04 LTS: libtcmu2 1.5.2-5ubuntu0.20.04.1 tcmu-runner 1.5.2-5ubuntu0.20.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4707-1 CVE-2021-3139 Package Information: https://launchpad.net/ubuntu/+source/tcmu/1.5.2-5ubuntu0.20.10.1 https://launchpad.net/ubuntu/+source/tcmu/1.5.2-5ubuntu0.20.04.1 . Critical TCMU input issue could crash Ubuntu 20.10 and 20.04 LTS systems with crafted input, requiring urgent update.. TCMU Vulnerability, Ubuntu Update, Input Manipulation. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jan 28, 2021 Critical Ubuntu
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorycode executiondebian

Debian 8: DLA-1986-1 Critical: Ruby-Haml Input Manipulation Risk

In haml, when using user input to perform tasks on the server, characters like < > " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional . Package : ruby-haml Version : 4.0.5-2+deb8u1 CVE ID : CVE-2017-1002201 In haml, when using user input to perform tasks on the server, characterslike < > " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code. For Debian 8 "Jessie", this problem has been fixed in version 4.0.5-2+deb8u1. We recommend that you upgrade your ruby-haml packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Update ruby-haml to address an input handling issue that may result in potential code execution risks.. input escaping, security update, ruby-haml, Debian LTS. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Nov 10, 2019 Critical Debian LTS
Banner 4 1028x280 1708121825 1771600306
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here