Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -7 articles for you...
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisoryupdatebug fix

RedHat: RHSA-2020-1544 Important Update for Ansible Engine 2.7

An update for ansible is now available for Ansible Engine 2.7 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Ansible security and bug fix update (2.7.17) Advisory ID: RHSA-2020:1544-01 Product: Red Hat Ansible Engine Advisory URL: https://access.redhat.com/errata/RHSA-2020:1544 Issue date: 2020-04-22 CVE Names: CVE-2020-1733 CVE-2020-1735 CVE-2020-1737 CVE-2020-1739 CVE-2020-1740 CVE-2020-1746 CVE-2020-10684 CVE-2020-10685 ==================================================================== 1. Summary: An update for ansible is now available for Ansible Engine 2.7 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Ansible Engine 2.7 for RHEL 7 Server - noarch 3. Description: Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The following packages have been upgraded to a newer upstream version: ansible (2.7.17) Bug Fix(es): * CVE-2020-10684 Ansible: code injection when using ansible_facts as a subkey * CVE-2020-10685 Ansible: modules which use files encrypted with vault are not properly cleanedup * CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive * CVE-2020-1735 ansible: path injection on dest parameter in fetch module * CVE-2020-1737 ansible: Extract-Zip function in win_unzip module does not check extracted path * CVE-2020-1739 ansible: svn module leaks password when specified as a parameter * CVE-2020-1740 ansible: secrets readable after ansible-vault edit * CVE-2020-1746 ansible: Information disclosure issue in ldap_attr and ldap_entry modules See: https://github.com/ansible/ansible/blob/v2.7.17/changelogs/CHANGELOG-v2.7.rst for details on bug fixes in this release. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1801735 - CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive 1802085 - CVE-2020-1735 ansible: path injection on dest parameter in fetch module 1802154 - CVE-2020-1737 ansible: Extract-Zip function in win_unzip module does not check extracted path 1802178 - CVE-2020-1739 ansible: svn module leaks password when specified as a parameter 1802193 - CVE-2020-1740 ansible: secrets readable after ansible-vault edit 1805491 - CVE-2020-1746 ansible: Information disclosure issue in ldap_attr and ldap_entry modules 1814627 - CVE-2020-10685 Ansible: modules which use files encrypted with vault are not properly cleaned up 1815519 - CVE-2020-10684 Ansible: code injection when using ansible_facts as a subkey 6. Package List: Red Hat Ansible Engine 2.7 for RHEL 7 Server: Source: ansible-2.7.17-1.el7ae.src.rpm noarch: ansible-2.7.17-1.el7ae.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7.References: https://access.redhat.com/security/cve/CVE-2020-1733 https://access.redhat.com/security/cve/CVE-2020-1735 https://access.redhat.com/security/cve/CVE-2020-1737 https://access.redhat.com/security/cve/CVE-2020-1739 https://access.redhat.com/security/cve/CVE-2020-1740 https://access.redhat.com/security/cve/CVE-2020-1746 https://access.redhat.com/security/cve/CVE-2020-10684 https://access.redhat.com/security/cve/CVE-2020-10685 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXqBQhNzjgjWX9erEAQhvEg/+Ksod9qxxzrVN34cfFckIMXskkJitGlVt yRM3VRHtUQPO+Cu7rLPXIwZEo9XgNc8eCelD6KjcKz0AMvQShJZmka3WeJnwNqEg aBTh+UGQ8mFXrX87C8B89OLMlnXW643gMqMxIzT6PChdtB+5bGNAJQjBpagXa+Lb qX/9z2AXkuwS8J5B3foTtsimyHyPCzfnHJAjfrGmq8nL7VOoaeQGOB4RlGzSfxIT rULDV0s6QQD1UH6e6iiQhnncGr5Etf2Nt6OeHCQnIIL43M38VKmdu8W41vmqSYMZ m/rwtlXx7knf+sBblPjR+PvOX4esNCWUbNlieLOp1Q0bPfnCf5Qk++B0e6nxQ6LT m+7m8q8ps7/eZBjpBCZ4W4HzRIxrLJm/oDKYQwul7expcQ/IgbgbpvFaU9OiPWlq 7LgB1d/p52USlRbC34p3xqqpWTIl4wVjwgGdapoWr/wRa7tMvMxU803Bd6j/47xR FF48fM1VS0It0QUv2UTqKgviX6H6fEoCbg2AUKkb4QIGZN7Z7LPMGdk6FA//Uc/C Q29tnoiheXF0aTlwUeWKmRuIfMHXPiCRdjcOhaJRnWHHf23GzGuNeFrb4uGn8ibm rp7M82Sx5e+4CAjuoOhsYeiiNbg1gZpBazz8g5Bd+fC1pBxubbsWmJlShyoalwS9 /uJ0RbEisq8=h9wP -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Canonical releases a significant enhancement for Ubuntu Server tackling various security vulnerabilities and resolving persistent bugs.. Ansible Engine Update,RHEL 7 Security,Important Ansible Advisory,Security Fixes Ansible. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Apr 22, 2020 Important Red Hat
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisoryRed Hat Linuxmoderate

Red Hat Linux 7.2 RHSA-2002:062-08 Moderate: DocBook Insecure Access

The default stylesheet used when converting a DocBook document tomultiple HTML files allows an untrusted document to write filesoutside of the current directory.. ` --------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: Insecure DocBook stylesheet option Advisory ID: RHSA-2002:062-08 Issue date: 2002-04-11 Updated on: 2002-04-26 Product: Red Hat Linux Keywords: docbook stylesheet Cross references: RHSA-2002:061 Obsoletes: --------------------------------------------------------------------- 1. Topic: DocBook is a document markup language that can be transformed into other formats using a stylesheet. The default stylesheet provided with Red Hat Linux has an insecure option enabled. 2. Relevant releases/architectures: Red Hat Linux 6.2 - noarch Red Hat Linux 7.0 - noarch Red Hat Linux 7.1 - noarch Red Hat Linux 7.2 - noarch 3. Problem description: The default stylesheet used when converting a DocBook document to multiple HTML files allows an untrusted document to write files outside of the current directory. This is because element identifiers (specified in the document) are used to form the names of the output files. If an untrusted document uses a full pathname as an identifier, it can cause that file to be written to -- as long as the user performing the conversion has write access. Updated docbook-utils packages are available that disable this feature and enable filenames to be generated based on the type of the element rather than its identifier. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0169 to this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which arecurrently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed ( for more info): 6. RPMs required: Red Hat Linux 6.2: SRPMS: noarch: Red Hat Linux 7.0: SRPMS: noarch: Red Hat Linux 7.1: SRPMS: noarch: Red Hat Linux 7.2: SRPMS: noarch: 7. Verification: MD5 sum Package Name -------------------------------------------------------------------------- 263e520f94a1685cef9f1e4cafc8e485 6.2/en/os/SRPMS/stylesheets-1.54.13rh-1.1.src.rpm 7065d23d1f0c1f7e9903d642f45e2b14 6.2/en/os/noarch/stylesheets-1.54.13rh-1.1.noarch.rpm 5147e48a9799d6c4be9e61986628cc9a 7.0/en/os/SRPMS/stylesheets-1.54.13rh-5.1.src.rpm e1ce94d77e1bb5dbfda409b6f53f9858 7.0/en/os/noarch/stylesheets-1.54.13rh-5.1.noarch.rpm faa79f4d0d834fb4ddb5a82ec9d2ad64 7.1/en/os/SRPMS/docbook-utils-0.6-13.2.src.rpm affe6a01d519aedbf1f25783650e9e2a 7.1/en/os/noarch/docbook-utils-0.6-13.2.noarch.rpm e56145c2247e7cc05f3dddba079db3cd 7.1/en/os/noarch/docbook-utils-pdf-0.6-13.2.noarch.rpm 1d68f5de2052550307fbb3182f751915 7.2/en/os/SRPMS/docbook-utils-0.6.9-2.1.src.rpm e6b43a27e4712ee6a91871605092acab 7.2/en/os/noarch/docbook-utils-0.6.9-2.1.noarch.rpm a45e3dddc9f3269c3db77bd153697df3 7.2/en/os/noarch/docbook-utils-pdf-0.6.9-2.1.noarch.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: About You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tamperedwith, examine only the md5sum with the following command: rpm --checksig --nogpg 8. References: CVE -CVE-2002-0169 Copyright(c) 2000, 2001, 2002 Red Hat, Inc. `. Red Hat's advisory addresses a moderate security flaw in DocBook stylesheets that allows unauthorized file access.. RedHat Advisory, DocBook Security, Stylesheet Update, Insecure Conversion, File Overwrite Issue. . LinuxSecurity.com Team

Calendar 2 May 01, 2002 Red Hat
Banner 2 1028x280 1708121730 1 1771599631
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here