Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

Stay Secure with the Latest Linux Advisories

Opensuse Large Esm H800
openSUSE

openSUSE Chromedriver Moderate Security Issues Fixed 2026-10958-1

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed libmozjs Moderate Update CVE-2025-70103

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed Perl HTML Parser Moderate CVE-2026-8829 Advisory

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H800
openSUSE

openSUSE Tumbleweed kernel-devel Moderate Security Issue 2026-10954-1

Calendar White Jun 08, 2026
moderate
Opensuse Large Esm H900
openSUSE

openSUSE Tumbleweed Gleam Moderate Threat Fixed 2026-10953-1

Calendar White Jun 08, 2026
moderate
Ubuntu Large Esm H900
Ubuntu

Ubuntu 25.10 Systemd Critical Arbitrary Code Exec DNS Issues USN-8402-1

Calendar White Jun 08, 2026
Critical
Opensuse Large Esm H800
openSUSE

openSUSE Epiphany Important Password Handling Issue CVE-2023-26081

Calendar White Jun 08, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS 8399-1 Pillow Denial of Service Risk CVE-2026-42308

Calendar White Jun 08, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS Poppler Critical DoS Code Execution Vuln USN-8400-1

Calendar White Jun 08, 2026
Critical
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -5 articles for you...
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorysecurity issuecritical

Debian 10: DLA-3515-1 Critical Security Issue in Cjose Integrity

An incorrect Authentication Tag length usage was discovered in cjose, a C library implementing the Javascript Object Signing and Encryption (JOSE) standard, which could lead to integrity compromise. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3515-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Guilhem Moulin August 04, 2023 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : cjose Version : 0.6.1+dfsg1-1+deb10u1 CVE ID : CVE-2023-37464 Debian Bug : 1041423 An incorrect Authentication Tag length usage was discovered in cjose, a C library implementing the Javascript Object Signing and Encryption (JOSE) standard, which could lead to integrity compromise. The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag as provided in the JSON Web Encryption (JWE) object, while the specification says that a fixed length of 16 octets must be applied. This could allows an attacker to provide a truncated Authentication Tag and to modify the JWE accordingly. For Debian 10 buster, this problem has been fixed in version 0.6.1+dfsg1-1+deb10u1. We recommend that you upgrade your cjose packages. For the detailed security status of cjose please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/cjose Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Debian LTS Advisory DLA-3516-1 highlights security vulnerabilities in libjpeg library. Users are urged to perform updates.. Debian Security, Integrity Compromise, Cjose Library Updates, Security Advisory. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Aug 04, 2023 Critical Debian LTS
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorysecurity updatecritical

Red Hat Process Automation Manager 7.12.0 Critical: Remote Code Execution

An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Critical: Red Hat Process Automation Manager 7.12.0 security update Advisory ID: RHSA-2022:0296-01 Product: Red Hat Process Automation Manager Advisory URL: https://access.redhat.com/errata/RHSA-2022:0296 Issue date: 2022-01-26 CVE Names: CVE-2020-28491 CVE-2021-20218 CVE-2021-29505 CVE-2021-39139 CVE-2021-39140 CVE-2021-39141 CVE-2021-39144 CVE-2021-39145 CVE-2021-39146 CVE-2021-39147 CVE-2021-39148 CVE-2021-39149 CVE-2021-39150 CVE-2021-39151 CVE-2021-39152 CVE-2021-39153 CVE-2021-39154 CVE-2021-44228 ==================================================================== 1. Summary: An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.12.0 serves as an update to Red Hat Process Automation Manager 7.11.1, and includes bug fixes and enhancements, which are documented in the Release Notes documentlinked to in the References. Security Fix(es): * log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228) * jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception (CVE-2020-28491) * kubernetes-client: fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise (CVE-2021-20218) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.corba.* (CVE-2021-39149) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration (CVE-2021-39145) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration (CVE-2021-39151) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapSearchEnumeration (CVE-2021-39147) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.toolkit.dir.ContextEnumerator (CVE-2021-39148) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.xml.internal.ws.client.sei.* (CVE-2021-39141) * xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue (CVE-2021-39146) * xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue (CVE-2021-39154) * xstream: Arbitrary code execution via unsafe deserialization of sun.tracing.* (CVE-2021-39144) * xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl (CVE-2021-39139) * xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl (CVE-2021-39153) * xstream: Infinite loop DoS via unsafe deserialization of sun.reflect.annotation.AnnotationInvocationHandler (CVE-2021-39140) * xstream: remote command execution attack by manipulating the processed input stream (CVE-2021-29505) * xstream: Server-side request forgery (SSRF) via unsafe deserializationof com.sun.xml.internal.ws.client.sei.* (CVE-2021-39150) * xstream: Server-side request forgery (SSRF) via unsafe deserialization of jdk.nashorn.internal.runtime.Source$URLData (CVE-2021-39152) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1923405 - CVE-2021-20218 fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise 1930423 - CVE-2020-28491 jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception 1966735 - CVE-2021-29505 XStream: remote command execution attack by manipulating the processed input stream 1997763 - CVE-2021-39139 xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl 1997765 - CVE-2021-39140 xstream: Infinite loop DoS via unsafe deserialization of sun.reflect.annotation.AnnotationInvocationHandler 1997769 - CVE-2021-39141 xstream: Arbitrary code execution via unsafe deserialization of com.sun.xml.internal.ws.client.sei.* 1997772 - CVE-2021-39144 xstream: Arbitrary code execution via unsafe deserialization of sun.tracing.* 1997775 - CVE-2021-39145 xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration 1997777 - CVE-2021-39146 xstream: Arbitrary code execution via unsafe deserialization ofjavax.swing.UIDefaults$ProxyLazyValue 1997779 - CVE-2021-39147 xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapSearchEnumeration 1997781 - CVE-2021-39148 xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.toolkit.dir.ContextEnumerator 1997784 - CVE-2021-39149 xstream: Arbitrary code execution via unsafe deserialization of com.sun.corba.* 1997786 - CVE-2021-39150 xstream: Server-side request forgery (SSRF) via unsafe deserialization of com.sun.xml.internal.ws.client.sei.* 1997791 - CVE-2021-39151 xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration 1997793 - CVE-2021-39152 xstream: Server-side request forgery (SSRF) via unsafe deserialization of jdk.nashorn.internal.runtime.Source$URLData 1997795 - CVE-2021-39153 xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl 1997801 - CVE-2021-39154 xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value 5.References: https://access.redhat.com/security/cve/CVE-2020-28491 https://access.redhat.com/security/cve/CVE-2021-20218 https://access.redhat.com/security/cve/CVE-2021-29505 https://access.redhat.com/security/cve/CVE-2021-39139 https://access.redhat.com/security/cve/CVE-2021-39140 https://access.redhat.com/security/cve/CVE-2021-39141 https://access.redhat.com/security/cve/CVE-2021-39144 https://access.redhat.com/security/cve/CVE-2021-39145 https://access.redhat.com/security/cve/CVE-2021-39146 https://access.redhat.com/security/cve/CVE-2021-39147 https://access.redhat.com/security/cve/CVE-2021-39148 https://access.redhat.com/security/cve/CVE-2021-39149 https://access.redhat.com/security/cve/CVE-2021-39150 https://access.redhat.com/security/cve/CVE-2021-39151 https://access.redhat.com/security/cve/CVE-2021-39152 https://access.redhat.com/security/cve/CVE-2021-39153 https://access.redhat.com/security/cve/CVE-2021-39154 https://access.redhat.com/security/cve/CVE-2021-44228 https://access.redhat.com/security/updates/classification#critical 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYfGCddzjgjWX9erEAQh0DQ//a2/cW2TUvO2IgyhaGm2FzUtSp/K3yQAT ltzGkVMSxhRIVsaiXYmwG06vDSTMRWisS10sPishpHnjLqgnNXJynFBaVm5210Au C0kRY8rbhWbro3fYDtN40PoLdjfRaeu85pq4pmKww53NEPISZOni+nmj2Zzk2iXn KOwOob9jTRIGJBs8ZUoHKBpFZR9BfrJ57OUDgOTdDt8EBi87JyRZNipU4U786mAq i0LtvsXkrIUfXe+eqGn2NnLBwf7V6NHmv6/E1BrG6nnyZQxup48wsORrEk4DLG8H I41QzVXumpS+h8wSVFPju0jMUShmj17RLibGvflDPxRoH/AQ7PHEmA3aTyIiws7/ JxV4j1Irr7x/q8PZOJ04bpAt5FLfMMaic9nHh1h3m98tlZOrAKJXWG+o+GEejEeo DJSHcE1udfWX03XWSGg+0660kfFLZZAlniIlENZHKTazl7DqFB109/60jewwghdV 0i2z1o4HDupsScmPp0eW7Qwi3cQssJ7VjuhRde3FqOkkQ2utDP++NjMZjfBRWiqS OJRycjjGfsNVjUcHXyRpx4lk8on/lnLhzO5MYualvpOhLLosEyjarNnkNCKITSwu Nr+EiWuvxddJUtVxkMn8SNKmAgiMn9VqizVxJU/YJg7GuYmXvuQujVz5ulH/f8jN ImmAojcnVn4=eOUb -----END PGP SIGNATURE----- -- RHSA-announce mailinglist This email address is being protected from spambots. You need JavaScript enabled to view it. . An essential security patch for Red Hat Process Automation Manager addresses numerous code execution vulnerabilities and integrity concerns.. Red Hat Process Automation, Remote Code Execution, Security Advisory. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jan 26, 2022 Critical Red Hat
Banner 2 1028x280 1708121730 1 1771599631
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisorylow severitystunnel

Gentoo: GLSA-202105-02 Low: Stunnel Certificate Integrity Issue

Stunnel was not properly verifying TLS certificates, possibly allowing an integrity/confidentiality compromise.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202105-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: stunnel: Improper certificate validation Date: May 26, 2021 Bugs: #772146 ID: 202105-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Stunnel was not properly verifying TLS certificates, possibly allowing an integrity/confidentiality compromise. Background ========= The stunnel program is designed to work as an SSL/TLS encryption wrapper between a client and a local or remote server. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/stunnel < 5.58 > = 5.58 Description ========== It was discovered that stunnel did not correctly verified the client certificate when options "redirect" and "verifyChain" are used. Impact ===== A remote attacker could send a specially crafted certificate, possibly resulting in a breach of integrity or confidentiality. Workaround ========= There is no known workaround at this time. Resolution ========= All stunnel users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-misc/stunnel-5.58" References ========= [ 1 ] CVE-2021-20230 https://nvd.nist.gov/vuln/detail/CVE-2021-20230 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202105-02 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . Gentoo GLSA 202109-01 addresses vulnerabilities in OpenSSL that compromise security and functionality.. Stunnel Impairment,Critical Security Advisory,Gentoo Linux Security,Certificate Authentication Issues,SSL/TLS Compromise. . Severity: Low. LinuxSecurity.com Team

Calendar 2 May 26, 2021 Low Gentoo
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisoryGentoonormal severity

Gentoo: GLSA-202007-55 Normal: libetpan STARTTLS Threat

A vulnerability was discovered in libetpan's STARTTLS handling, possibly allowing an integrity/confidentiality compromise.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202007-55 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libetpan: Improper STARTTLS handling Date: July 28, 2020 Bugs: #734130 ID: 202007-55 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability was discovered in libetpan's STARTTLS handling, possibly allowing an integrity/confidentiality compromise. Background ========= libetpan is a portable, efficient middleware for different kinds of mail access. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/libetpan < 1.9.4-r1 > = 1.9.4-r1 Description ========== It was discovered that libetpan was not properly handling state within the STARTTLS protocol handshake. Impact ===== There may be a breach of integrity or confidentiality in connections made using libetpan with STARTTLS. Workaround ========= There is no known workaround at this time. Resolution ========= All libetpan users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-libs/libetpan-1.9.4-r1" References ========= [ 1 ] CVE-2020-15953 https://nvd.nist.gov/vuln/detail/CVE-2020-15953 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202007-55 Concerns? ======== Security is a primary focus ofGentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . A Gentoo security alert concerning libetpan's flawed STARTTLS implementation that may result in possible integrity vulnerabilities.. libetpan, STARTTLS, Gentoo Advisory, security issues. . LinuxSecurity.com Team

Calendar 2 Jul 28, 2020 Gentoo
Banner 2 1028x280 1708121730 1 1771599631
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here