Alerts This Week
Warning Icon 1 664
Alerts This Week
Warning Icon 1 664

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -5 articles for you...
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisoryupdateimportant

openSUSE 15.4: SUSE-SU-2025:0233-1 important: nodejs HTTP2 leak

An update that solves two vulnerabilities can now be installed.. # Security update for nodejs18 Announcement ID: SUSE-SU-2025:0233-1 Release Date: 2025-01-24T16:05:13Z Rating: important References: * bsc#1236250 * bsc#1236258 Cross-References: * CVE-2025-22150 * CVE-2025-23085 CVSS scores: * CVE-2025-22150 ( SUSE ): 7.4 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-22150 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2025-22150 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2025-23085 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-23085 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for nodejs18 fixes the following issues: Update to 18.20.6: * CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERR_PROTO (bsc#1236250) * CVE-2025-22150: Fixed insufficiently random values used when defining the boundary for a multipart/form-data request in undici (bsc#1236258) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or"zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-233=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-233=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-233=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-233=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-233=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-233=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-233=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-233=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-233=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-233=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * nodejs18-devel-18.20.6-150400.9.33.1 * nodejs18-debugsource-18.20.6-150400.9.33.1 * corepack18-18.20.6-150400.9.33.1 * npm18-18.20.6-150400.9.33.1 * nodejs18-18.20.6-150400.9.33.1 * nodejs18-debuginfo-18.20.6-150400.9.33.1 * openSUSE Leap 15.4 (noarch) * nodejs18-docs-18.20.6-150400.9.33.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * nodejs18-devel-18.20.6-150400.9.33.1 * nodejs18-debugsource-18.20.6-150400.9.33.1 * npm18-18.20.6-150400.9.33.1 * nodejs18-18.20.6-150400.9.33.1 * nodejs18-debuginfo-18.20.6-150400.9.33.1 * SUSE Linux Enterprise High Performance Computing ESPOS15 SP4 (noarch) * nodejs18-docs-18.20.6-150400.9.33.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * nodejs18-devel-18.20.6-150400.9.33.1 * nodejs18-debugsource-18.20.6-150400.9.33.1 * npm18-18.20.6-150400.9.33.1 * nodejs18-18.20.6-150400.9.33.1 * nodejs18-debuginfo-18.20.6-150400.9.33.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * nodejs18-docs-18.20.6-150400.9.33.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * nodejs18-devel-18.20.6-150400.9.33.1 * nodejs18-debugsource-18.20.6-150400.9.33.1 * npm18-18.20.6-150400.9.33.1 * nodejs18-18.20.6-150400.9.33.1 * nodejs18-debuginfo-18.20.6-150400.9.33.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * nodejs18-docs-18.20.6-150400.9.33.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * nodejs18-devel-18.20.6-150400.9.33.1 * nodejs18-debugsource-18.20.6-150400.9.33.1 * npm18-18.20.6-150400.9.33.1 * nodejs18-18.20.6-150400.9.33.1 * nodejs18-debuginfo-18.20.6-150400.9.33.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * nodejs18-docs-18.20.6-150400.9.33.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * nodejs18-devel-18.20.6-150400.9.33.1 * nodejs18-debugsource-18.20.6-150400.9.33.1 * npm18-18.20.6-150400.9.33.1 * nodejs18-18.20.6-150400.9.33.1 * nodejs18-debuginfo-18.20.6-150400.9.33.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * nodejs18-docs-18.20.6-150400.9.33.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * nodejs18-devel-18.20.6-150400.9.33.1 * nodejs18-debugsource-18.20.6-150400.9.33.1 * npm18-18.20.6-150400.9.33.1 * nodejs18-18.20.6-150400.9.33.1 * nodejs18-debuginfo-18.20.6-150400.9.33.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) *nodejs18-docs-18.20.6-150400.9.33.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * nodejs18-devel-18.20.6-150400.9.33.1 * nodejs18-debugsource-18.20.6-150400.9.33.1 * npm18-18.20.6-150400.9.33.1 * nodejs18-18.20.6-150400.9.33.1 * nodejs18-debuginfo-18.20.6-150400.9.33.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * nodejs18-docs-18.20.6-150400.9.33.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * nodejs18-devel-18.20.6-150400.9.33.1 * nodejs18-debugsource-18.20.6-150400.9.33.1 * npm18-18.20.6-150400.9.33.1 * nodejs18-18.20.6-150400.9.33.1 * nodejs18-debuginfo-18.20.6-150400.9.33.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * nodejs18-docs-18.20.6-150400.9.33.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * nodejs18-devel-18.20.6-150400.9.33.1 * nodejs18-debugsource-18.20.6-150400.9.33.1 * npm18-18.20.6-150400.9.33.1 * nodejs18-18.20.6-150400.9.33.1 * nodejs18-debuginfo-18.20.6-150400.9.33.1 * SUSE Manager Server 4.3 (noarch) * nodejs18-docs-18.20.6-150400.9.33.1 ## References: * https://www.suse.com/security/cve/CVE-2025-22150.html * https://www.suse.com/security/cve/CVE-2025-23085.html * https://bugzilla.suse.com/show_bug.cgi?id=1236250 * https://bugzilla.suse.com/show_bug.cgi?id=1236258 . Critical security patch for nodejs18 on openSUSE tackles significant concerns regarding memory inefficiencies and entropy generation.. nodejs18 update, openSUSE security advisory, software patching. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jan 24, 2025 Important OpenSUSE
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorypackage updateimportant

SUSE: 2025:0234-1 important: nodejs18 critical memory leak fix

* bsc#1236250 * bsc#1236258 Cross-References: * CVE-2025-22150 . # Security update for nodejs18 Announcement ID: SUSE-SU-2025:0234-1 Release Date: 2025-01-24T16:34:23Z Rating: important References: * bsc#1236250 * bsc#1236258 Cross-References: * CVE-2025-22150 * CVE-2025-23085 CVSS scores: * CVE-2025-22150 ( SUSE ): 7.4 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-22150 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2025-22150 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2025-23085 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-23085 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for nodejs18 fixes the following issues: Update to 18.20.6: * CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERR_PROTO (bsc#1236250) * CVE-2025-22150: Fixed insufficiently random values used when defining the boundary for a multipart/form-data request in undici (bsc#1236258) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-234=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-234=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) *nodejs18-debugsource-18.20.6-8.33.1 * nodejs18-debuginfo-18.20.6-8.33.1 * nodejs18-18.20.6-8.33.1 * npm18-18.20.6-8.33.1 * nodejs18-devel-18.20.6-8.33.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * nodejs18-docs-18.20.6-8.33.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * nodejs18-debugsource-18.20.6-8.33.1 * nodejs18-debuginfo-18.20.6-8.33.1 * nodejs18-18.20.6-8.33.1 * npm18-18.20.6-8.33.1 * nodejs18-devel-18.20.6-8.33.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * nodejs18-docs-18.20.6-8.33.1 ## References: * https://www.suse.com/security/cve/CVE-2025-22150.html * https://www.suse.com/security/cve/CVE-2025-23085.html * https://bugzilla.suse.com/show_bug.cgi?id=1236250 * https://bugzilla.suse.com/show_bug.cgi?id=1236258 . Essential enhancements in nodejs18 significantly bolster security, tackling two primary vulnerabilities. Discover additional details regarding the updates today.. nodejs18 Security, SUSE Updates, Linux Security measures. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jan 24, 2025 Important SuSE
Banner 1 1028x280 1708121660 1771599717
203
Ls Advisories Mageia Esm H240
Price Tag 1security advisoryinsufficient randomnesspython-werkzeug

Mageia 2020-0004 Moderate: python-werkzeug Low Randomness in Debugger PIN

Updated python-werkzeug packages fix security vulnerability: Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id (CVE-2019-14806). . MGASA-2020-0004 - Updated python-werkzeug packages fix security vulnerability Publication date: 05 Jan 2020 URL: https://advisories.mageia.org/MGASA-2020-0004.html Type: security Affected Mageia releases: 7 CVE: CVE-2019-14806 Updated python-werkzeug packages fix security vulnerability: Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id (CVE-2019-14806). References: - https://bugs.mageia.org/show_bug.cgi?id=25768 - - https://www.cve.org/CVERecord?id=CVE-2019-14806 SRPMS: - 7/core/python-werkzeug-0.15.3-1.mga7 . Mageia 2021-0005 tackles a vulnerability in python-flask due to inadequate token generation. Check for further insights.. python-werkzeug, security update, Mageia vulnerability. . LinuxSecurity.com Team

Calendar 2 Jan 05, 2020 Mageia
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorycriticaldebian

Debian: DSA-1544-2 Critical: Pdns-Recursor Remote Attack

Thomas Biege discovered that the upstream fix for the weak random number generator released in DSA-1544-1 was incomplete: Source port randomization did still not use difficult-to-predict random numbers. This is corrected in this security update.. - ------------------------------------------------------------------------Debian Security Advisory DSA-1544-2 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Florian Weimer July 16, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------Package : pdns-recursor Vulnerability : insufficient randomness Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-1637 Debian Bug : 490069 Thomas Biege discovered that the upstream fix for the weak random number generator released in DSA-1544-1 was incomplete: Source port randomization did still not use difficult-to-predict random numbers. This is corrected in this security update. Here is the text of the original advisory: Amit Klein discovered that pdns-recursor, a caching DNS resolver, uses a weak random number generator to create DNS transaction IDs and UDP source port numbers. As a result, cache poisoning attacks were simplified. (CVE-2008-1637) In the light of recent DNS-related developments (documented in DSAs 1603, 1604, 1605), we recommend that this update is installed as an additional safety measure. (The lack of source port randomization was addressed in the 3.1.6 upstream version.) In addition, this update incorporates the changed IP address of L.ROOT-SERVERS.NET. For the stable distribution (etch), this problem has been fixed in version 3.1.4-1+etch2. For the unstable distribution (sid), this problem has been fixed in version 3.1.7-1. We recommend that you upgrade your pdns-recursor package. Upgrade instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - -------------------------------Source archives: Size/MD5 checksum: 34915 0d67af6859a24778f87137fb159b19d6 Size/MD5 checksum: 171270 e35d774e3282285a59a7f8038a036b61 Size/MD5 checksum: 1198 264388cc310a18ffcede810e510d26dc alpha architecture (DEC Alpha) Size/MD5 checksum: 499184 d975957b892261bef540029738fbc816 amd64 architecture (AMD x86_64 (AMD64)) Size/MD5 checksum: 418498 f5c48c3dfa05a888c38416b7c3b1e9ee i386 architecture (Intel ia32) Size/MD5 checksum: 433786 33e5e4d147b1f7408dee93f014845e4b ia64 architecture (Intel ia64) Size/MD5 checksum: 598166 f1b98150ec6cb205eb10d5dcc69f1684 powerpc architecture (PowerPC) Size/MD5 checksum: 434308 4d9376157024a98cb3217f884c74f42f s390 architecture (IBM S/390) Size/MD5 checksum: 408966 87930fd404bbab5c43332711511fedc7 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Measures to address the foreseeable unpredictability within pdns-recursor, aimed at thwarting external threats, are outlined in this security bulletin.. pdns-recursor,dns security,remote attacks,randomness issue. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jul 16, 2008 Critical Debian
Banner 1 1028x280 1708121660 1771599717
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here