Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 17 articles for you...
172
security advisorycode executionXSSUbuntu 24.04, 22.04, 20.04, 18.04: USN-7497-1 critical: CarrierWave issues
Several security issues were fixed in CarrierWave.. ========================================================================== Ubuntu Security Notice USN-7497-1 May 07, 2025 ruby-carrierwave vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in CarrierWave. Software Description: - ruby-carrierwave: Ruby file upload library Details: Rikita Ishikawa discovered that CarrierWave did not correctly sanitize certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-21305) Norihide Saito discovered that CarrierWave did not correctly sanitize certain inputs. An attacker could possibly use this issue to execute a cross-site scripting (XSS) attack. (CVE-2023-49090) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS ruby-carrierwave 1.3.2-2ubuntu0.24.04.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS ruby-carrierwave 1.3.2-2ubuntu0.22.04.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS ruby-carrierwave 1.3.1-2ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS ruby-carrierwave 1.2.2-1ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7497-1 CVE-2021-21305, CVE-2023-49090 . Boost the security of CarrierWave on Ubuntu LTS by auditing dependencies, validating uploads, sanitizing data, managing permissions, implementing CSP, and monitoring logs. CarrierWave Security, Ubuntu Advisory, Ruby File Upload Fix, Code Execution Threat. . Severity: Critical. LinuxSecurity.com Team
May 07, 2025
•Critical
Ubuntu
172
security advisorysoftware updatecross site scriptingUbuntu 24.10, 20.04, 18.04: USN-7318-1 moderate: spip security issues
Several security issues were fixed in spip.. ========================================================================== Ubuntu Security Notice USN-7318-1 March 04, 2025 spip vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in spip. Software Description: - spip: website engine for publishing Details: It was discovered that svg-sanitizer, vendored in SPIP, did not properly sanitize SVG/XML content. An attacker could possibly use this issue to perform cross site scripting. This issue only affected Ubuntu 24.10. (CVE-2022-23638) It was discovered that SPIP did not properly sanitize certain inputs. A remote attacker could possibly use this issue to perform cross site scripting. This issue only affected Ubuntu 18.04 LTS. (CVE-2022-28959) It was discovered that SPIP did not properly sanitize certain inputs. A remote attacker could possibly use this issue to perform PHP injection attacks. This issue only affected Ubuntu 18.04 LTS. (CVE-2022-28960) It was discovered that SPIP did not properly sanitize certain inputs. A remote attacker could possibly use this issue to perform SQL injection attacks. This issue only affected Ubuntu 18.04 LTS. (CVE-2022-28961) It was discovered that SPIP did not properly sanitize certain inputs. A remote authenticated attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2022-37155) It was discovered that SPIP did not properly sanitize certain inputs. A remote attacker could possibly use this issue to perform SQL injection attacks. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2023-24258) It was discovered that SPIP did not properly handle serialization under certain circumstances. A remote attacker could possibly use this issue to executearbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2023-27372) It was discovered that SPIP did not properly sanitize HTTP requests. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2024-8517) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 spip 4.3.1+dfsg-1ubuntu0.1 Ubuntu 20.04 LTS spip 3.2.7-1ubuntu0.1+esm2 Available with Ubuntu Pro Ubuntu 18.04 LTS spip 3.1.4-4~deb9u5ubuntu0.1~esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7318-1 CVE-2022-23638, CVE-2022-28959, CVE-2022-28960, CVE-2022-28961, CVE-2022-37155, CVE-2023-24258, CVE-2023-27372, CVE-2024-8517 Package Information: https://launchpad.net/ubuntu/+source/spip/4.3.1+dfsg-1ubuntu0.1 . Multiple security issues in spip have been addressed for Ubuntu 24.10, 20.04, and 18.04 LTS; make sure to upgrade your systems.. spip vulnerabilities, Ubuntu security notice, software updates, input cleaning. . Severity: Medium. LinuxSecurity.com Team
Mar 04, 2025
•Medium
Ubuntu
172
security advisorymoderatedenial of serviceUbuntu 22.04 LTS USN-6994-1 Moderate: Netty Denial of Service
Several security issues were fixed in Netty.. ========================================================================== Ubuntu Security Notice USN-6994-1 September 05, 2024 netty vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: Several security issues were fixed in Netty. Software Description: - netty: Java NIO client/server socket framework Details: It was discovered that Netty did not properly sanitize its input parameters. A remote attacker could possibly use this issue to cause a crash. (CVE-2023-34462) It was discovered that Netty incorrectly handled request cancellation. A remote attacker could possibly use this issue to cause Netty to consume resources, leading to a denial of service. (CVE-2023-44487) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS libnetty-java 1:4.1.48-4+deb11u2build0.22.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6994-1 CVE-2023-34462, CVE-2023-44487 Package Information: . Ubuntu Security Notice USN-6995-1 concerns vulnerabilities in OpenSSL, resolving certificate verification flaws and potential man-in-the-middle risks.. ubuntu security notice, netty threat, denial of service, input sanitation error. . Severity: Important. LinuxSecurity.com Team
Sep 09, 2024
•Important
Ubuntu
172
security advisorycriticalremote code executionUbuntu 20.04 LTS: USN-4700-1 High: PyXDG Input Validation Issue
PyXDG could be made to run programs as your login if it received specially crafted input.. =========================================================================Ubuntu Security Notice USN-4700-1 January 19, 2021 pyxdg vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 ESM Summary: PyXDG could be made to run programs as your login if it received specially crafted input. Software Description: - pyxdg: python library to access freedesktop.org standards Details: Alexandre D'Hondt discovered that PyXDG did not properly sanitize input. An attacker could exploit this with a crafted .menu file to execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: python-xdg 0.25-4ubuntu1.1 python3-xdg 0.25-4ubuntu1.1 Ubuntu 16.04 LTS: python-xdg 0.25-4ubuntu0.16.04.1 python3-xdg 0.25-4ubuntu0.16.04.1 Ubuntu 14.04 ESM: python-xdg 0.25-4ubuntu0.14.04.1~esm1 python3-xdg 0.25-4ubuntu0.14.04.1~esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4700-1 CVE-2019-12761 Package Information: https://launchpad.net/ubuntu/+source/pyxdg/0.25-4ubuntu1.1 https://launchpad.net/ubuntu/+source/pyxdg/0.25-4ubuntu0.16.04.1 . Exploiting tailored inputs in PyXDG could lead to unauthorized entry on Ubuntu LTS systems. Ensure to update promptly to reduce vulnerabilities.. PyXDG Vulnerability, Remote Access Exploit, Input Validation Threats. . LinuxSecurity.com Team
Jan 19, 2021
Ubuntu
100
security advisorysecurity issueremote code executionSUSE Enterprise: 2021:0090-1 Important: Hawk2 RCE Issue
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for hawk2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0090-1 Rating: important References: #1179998 Cross-References: CVE-2020-35458 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for hawk2 fixes the following security issue: - CVE-2020-35458: Fixed an insufficient input sanitation that could have led to remote code execution (bsc#1179998). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2021-90=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): hawk2-2.4.0+git.1607523195.05cd3222-2.33.1 hawk2-debuginfo-2.4.0+git.1607523195.05cd3222-2.33.1 hawk2-debugsource-2.4.0+git.1607523195.05cd3222-2.33.1 References: https://www.suse.com/security/cve/CVE-2020-35458.html https://bugzilla.suse.com/1179998 . Critical SUSE Security Patch for hawk2 addresses remote command execution vulnerability identified as CVE-2020-35458. Apply using zypper.. SUSE,Hawk2,Security Update,Remote Execution,Input Sanitation. . Severity: Important. LinuxSecurity.com Team
Jan 12, 2021
•Important
SuSE
100
security advisorymoderateinteger overflowSUSE: 2020:2408-1 Moderate: freerdp Integer Overflow Issue
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for freerdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2408-1 Rating: moderate References: #1174321 Cross-References: CVE-2020-15103 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for freerdp fixes the following issues: - CVE-2020-15103: Fix integer overflow due to missing input sanitation in rdpegfx channel (bsc#1174321). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-2408=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): freerdp-2.1.2-15.10.1 freerdp-debuginfo-2.1.2-15.10.1 freerdp-debugsource-2.1.2-15.10.1 freerdp-devel-2.1.2-15.10.1 libfreerdp2-2.1.2-15.10.1 libfreerdp2-debuginfo-2.1.2-15.10.1 libwinpr2-2.1.2-15.10.1 libwinpr2-debuginfo-2.1.2-15.10.1 winpr2-devel-2.1.2-15.10.1 References: https://www.suse.com/security/cve/CVE-2020-15103.html https://bugzilla.suse.com/1174321 _______________________________________________ sle-security-updates mailing list
Sep 01, 2020
SuSE
203
security advisoryremote accessinteger overflowMageia: 2020-0338 Critical: Freerdp Integer Overflow Crash
Integer overflow due to missing input sanitation in rdpegfx channel. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a memcpy) (CVE-2020-15103). . MGASA-2020-0338 - Updated freerdp packages fix security vulnerability Publication date: 18 Aug 2020 URL: https://advisories.mageia.org/MGASA-2020-0338.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-16135 Integer overflow due to missing input sanitation in rdpegfx channel. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a memcpy) (CVE-2020-15103). The freerdp package has been updated to version 2.2.0, fixing this issue and other bugs. References: - https://bugs.mageia.org/show_bug.cgi?id=27047 - https://github.com/FreeRDP/FreeRDP/releases/tag/2.2.0 - https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4r38-6hq7-j3j9 - https://www.cve.org/CVERecord?id=CVE-2020-16135 SRPMS: - 7/core/freerdp-2.2.0-1.mga7 . A security patch for freerdp software resolves integer overflow flaws and enhances input validation mechanisms.. Freerdp Security Update, Mageia Security Advisory, Remote Desktop Vulnerability. . Severity: Critical. LinuxSecurity.com Team
Aug 18, 2020
•Critical
Mageia
89
security advisoryupdatebuffer overflowFedora 22: FEDORA-2015-8196 moderate: Rawstudio Buffer Overflow
Rawstudio from github https://github.com/rawstudio/rawstudio/ .. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-8196 2015-05-14 20:19:50 -------------------------------------------------------------------------------- Name : rawstudio Product : Fedora 22 Version : 2.1 Release : 0.1.20150511git983bda1.fc22 URL : Summary : Read, manipulate and convert digital camera raw images Description : Rawstudio is a highly specialized application for processing RAW images from digital cameras. It is not a fully featured image editing application. The RAW format is often recommended to get the best quality out of digital camera images. The format is specific to cameras and cannot be read by most image editing applications. Rawstudio makes it possible to read and manipulate RAW images, experiment with the controls to see how they affect the image, and finally export into JPEG, PNG or TIF format images from most digital cameras. -------------------------------------------------------------------------------- Update Information: Rawstudio from github https://github.com/rawstudio/rawstudio/ . -------------------------------------------------------------------------------- ChangeLog: * Wed May 13 2015 Sérgio Basto - 2.1-0.1.20150511git983bda1 - Rawstudio from github https://github.com/rawstudio/rawstudio/ . - Drop all patches beacuse they are upstreamed. - https://docs.fedoraproject.org/en-US/packaging-guidelines/SourceURL/ - Updated requirements. - Use a parcial copy of autogen.sh to build this package. * Sat May 2 2015 Kalev Lember - 2.0-19 - Rebuilt for GCC 5 C++11 ABI change -------------------------------------------------------------------------------- References: [ 1 ] Bug #1221249 - CVE-2015-3885 dcraw: input sanitization flaw leading to buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=1221249 [ 2 ] Bug #1120093 - CVE-2014-4978 rawstudio: Insecure use of temporary file https://bugzilla.redhat.com/show_bug.cgi?id=1120093 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update rawstudio' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Jul 18, 2015
•Important
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!