Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 2 articles for you...
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryhigh severityfedora

Fedora 40: FEDORA-2024-129d8ca6fc High: Type Confusion in Nom-Tam-FITS

Change for system JDK from 17 to 21. upstream security release 122.0.6261.94 High CVE-2024-1938: Type Confusion in V8 High CVE-2024-1939: Type Confusion in V8 fixed bug with requires. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-129d8ca6fc 2024-03-07 22:24:39.963937 -------------------------------------------------------------------------------- Name : nom-tam-fits Product : Fedora 40 Version : 1.15.2 Release : 22.fc40 URL : http://nom-tam-fits.github.io/nom-tam-fits/ Summary : Java library for reading and writing FITS files Description : FITS (Flexible Image Transport System) is the standard data format in astronomy used for the transport, analysis, and archival storage of scientific data sets. This library provides efficient I/O for FITS images and binary tables. All basic FITS formats and GZIP compressed files are supported. -------------------------------------------------------------------------------- Update Information: Change for system JDK from 17 to 21. upstream security release 122.0.6261.94 High CVE-2024-1938: Type Confusion in V8 High CVE-2024-1939: Type Confusion in V8 fixed bug with requires Automatic update for lucene-9.9.2-1.fc40. bump java source/target to 1.8, fixes 2266639 -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 2 2024 Jiri - 1.15.2-22 - Rebuilt for java-21-openjdk as system jdk -------------------------------------------------------------------------------- References: [ 1 ] Bug #2123726 - consoleImageViewer crashes at start https://bugzilla.redhat.com/show_bug.cgi?id=2123726 [ 2 ] Bug #2261062 - directory-maven-plugin: FTBFS in Fedora rawhide/f40 https://bugzilla.redhat.com/show_bug.cgi?id=2261062 [ 3 ] Bug #2266639 - directory-maven-plugin fails to build with java-21-openjdk https://bugzilla.redhat.com/show_bug.cgi?id=2266639 [ 4 ] Bug#2266934 - CVE-2024-1938 chromium: type confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266934 [ 5 ] Bug #2266937 - CVE-2024-1939 chromium: type confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266937 [ 6 ] Bug #2267486 - Include Java 21 as system Java Change in Fedora 40 Beta https://bugzilla.redhat.com/show_bug.cgi?id=2267486 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-129d8ca6fc' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam, report it: . Recent Java library enhancements released for Fedora, targeting critical security vulnerabilities linked to Type Confusion in V8 for the system's JDK.. Nom-Tam-FITS, Fedora Update, Type Confusion. . LinuxSecurity.com Team

Calendar 2 Mar 07, 2024 Fedora
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorymoderatesoftware update

Debian Bullseye: DSA-5324-1 Moderate Security Flaw in iText Alert

It was discovered that the CompareTool of iText, a Java PDF library which uses the external ghostscript software to compare PDFs at a pixel level, allowed command injection when parsing a specially crafted filename. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5323-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Markus Koschany January 19, 2023 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libitext5-java CVE ID : CVE-2021-43113 Debian Bug : 1014597 It was discovered that the CompareTool of iText, a Java PDF library which uses the external ghostscript software to compare PDFs at a pixel level, allowed command injection when parsing a specially crafted filename. For the stable distribution (bullseye), this problem has been fixed in version 5.5.13.2-1+deb11u1. We recommend that you upgrade your libitext5-java packages. For the detailed security status of libitext5-java please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/libitext5-java Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Update libitext5-java library to rectify command injection vulnerabilities present in CompareTool, which can be exploited through specially crafted filenames.. libitext5-java, command injection, iText PDF, Debian security. . LinuxSecurity.com Team

Calendar 2 Jan 19, 2023 Debian
Banner 2 1028x280 1708121730 1 1771599631
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorydenial of servicesoftware update

Debian 10: DLA-3100-1 High: Gson Deserialization Attack Risks

It was discovered that Gson, a Java library that can be used to convert Java Objects into their JSON representations and vice versa, was vulnerable to a de- serialization flaw. An application would de-serialize untrusted data without sufficiently verifying that the resulting data will be valid, letting the . -------------------------------------------------------------------------Debian LTS Advisory DLA-3100-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Markus Koschany September 07, 2022 -------------------------------------------------------------------------Package : libgoogle-gson-java Version : 2.8.5-3+deb10u1 CVE ID : CVE-2022-25647 Debian Bug : 1010670 It was discovered that Gson, a Java library that can be used to convert Java Objects into their JSON representations and vice versa, was vulnerable to a de-serialization flaw. An application would de-serialize untrusted data without sufficiently verifying that the resulting data will be valid, letting the attacker to control the state or the flow of the execution. This can lead to a denial of service or even the execution of arbitrary code. For Debian 10 buster, this problem has been fixed in version 2.8.5-3+deb10u1. We recommend that you upgrade your libgoogle-gson-java packages. For the detailed security status of libgoogle-gson-java please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/libgoogle-gson-java Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: . Debian Advisory DLA-3101-1 highlights a vulnerability in libxml2 that poses potential risks for unauthorized data manipulation.. Java Library, Gson Security, Debian Advisory, Denial of Service, Security Update. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Sep 07, 2022 Important Debian LTS
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorymoderateupdate

Debian: DSA-5227-1 Moderate: Gson Java Library De-serialization Flaw

It was discovered that Gson, a Java library that can be used to convert Java Objects into their JSON representations and vice versa, was vulnerable to a de- serialization flaw. An application would de-serialize untrusted data without sufficiently verifying that the resulting data will be valid, letting the . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5227-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Markus Koschany September 07, 2022 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libgoogle-gson-java CVE ID : CVE-2022-25647 Debian Bug : 1010670 It was discovered that Gson, a Java library that can be used to convert Java Objects into their JSON representations and vice versa, was vulnerable to a de- serialization flaw. An application would de-serialize untrusted data without sufficiently verifying that the resulting data will be valid, letting the attacker to control the state or the flow of the execution. This can lead to a denial of service or even the execution of arbitrary code. For the stable distribution (bullseye), this problem has been fixed in version 2.8.6-1+deb11u1. We recommend that you upgrade your libgoogle-gson-java packages. For the detailed security status of libgoogle-gson-java please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/libgoogle-gson-java Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Safeguard your software systems. Apply the latest security patch for Gson to mitigate potential exploitation threats.. Gson Security Update, Java Library Security, Deserialization Flaw.. LinuxSecurity.com Team

Calendar 2 Sep 07, 2022 Debian
Banner 2 1028x280 1708121730 1 1771599631
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorysecurity issueremote code execution

Debian: libxstream-java Important Remote Code Execution DSA-5100-2

Multiple security vulnerabilities have been discovered in XStream, a Java library to serialize objects to XML and back again. These vulnerabilities may allow a remote attacker to load and execute arbitrary . -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512 - -------------------------------------------------------------------------Debian Security Advisory DSA-5004-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Markus Koschany November 10, 2021 https://www.debian.org/security/faq - -------------------------------------------------------------------------Package : libxstream-java CVE ID : CVE-2021-39139 CVE-2021-39140 CVE-2021-39141 CVE-2021-39144 CVE-2021-39145 CVE-2021-39146 CVE-2021-39147 CVE-2021-39148 CVE-2021-39149 CVE-2021-39150 CVE-2021-39151 CVE-2021-39152 CVE-2021-39153 CVE-2021-39154 CVE-2021-21341 CVE-2021-21342 CVE-2021-21343 CVE-2021-21344 CVE-2021-21345 CVE-2021-21346 CVE-2021-21347 CVE-2021-21348 CVE-2021-21349 CVE-2021-21350 CVE-2021-21351 CVE-2021-29505 Multiple security vulnerabilities have been discovered in XStream, a Java library to serialize objects to XML and back again. These vulnerabilities may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. XStream itself sets up a whitelist by default now, i.e. it blocks all classes except those types it has explicit converters for. It used to have a blacklist by default, i.e. it tried to block all currently known critical classes of the Java runtime. Main reason for the blacklist were compatibility, it allowed to use newer versions of XStream as drop-in replacement. However, this approach has failed. A growing list of security reports has proven, that a blacklist is inherently unsafe, apart from the fact that types of 3rd libraries were not even considered.A blacklist scenario should be avoided in general, because it provides a false sense of security. For the oldstable distribution (buster), these problems have been fixed in version 1.4.11.1-1+deb10u3. For the stable distribution (bullseye), these problems have been fixed in version 1.4.15-3+deb11u1. We recommend that you upgrade your libxstream-java packages. For the detailed security status of libxstream-java please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/libxstream-java Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Numerous vulnerabilities in XStream could facilitate unauthorized code execution, highlighting an urgent requirement for a software update to safeguard users.. XStream Security, Debian Update, Java Library Security. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Nov 10, 2021 Important Debian
87
Ls Advisories Debian Esm H240
Price Tag 1security advisoryremote code executiondebian

Debian: libxstream-java Moderate Remote Code Execution Vulnerability DSA-5004-1

Multiple security vulnerabilities have been discovered in XStream, a Java library to serialize objects to XML and back again. These vulnerabilities may allow a remote attacker to load and execute arbitrary . - ------------------------------------------------------------------------- Debian Security Advisory DSA-5004-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Markus Koschany November 10, 2021 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libxstream-java CVE ID : CVE-2021-39139 CVE-2021-39140 CVE-2021-39141 CVE-2021-39144 CVE-2021-39145 CVE-2021-39146 CVE-2021-39147 CVE-2021-39148 CVE-2021-39149 CVE-2021-39150 CVE-2021-39151 CVE-2021-39152 CVE-2021-39153 CVE-2021-39154 CVE-2021-21341 CVE-2021-21342 CVE-2021-21343 CVE-2021-21344 CVE-2021-21345 CVE-2021-21346 CVE-2021-21347 CVE-2021-21348 CVE-2021-21349 CVE-2021-21350 CVE-2021-21351 CVE-2021-29505 Multiple security vulnerabilities have been discovered in XStream, a Java library to serialize objects to XML and back again. These vulnerabilities may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. XStream itself sets up a whitelist by default now, i.e. it blocks all classes except those types it has explicit converters for. It used to have a blacklist by default, i.e. it tried to block all currently known critical classes of the Java runtime. Main reason for the blacklist were compatibility, it allowed to use newer versions of XStream as drop-in replacement. However, this approach has failed. A growing list of security reports has proven, that a blacklist is inherently unsafe, apart from the fact that types of 3rd libraries were not even considered. A blacklist scenario should be avoided in general, because it provides afalse sense of security. For the oldstable distribution (buster), these problems have been fixed in version 1.4.11.1-1+deb10u3. For the stable distribution (bullseye), these problems have been fixed in version 1.4.15-3+deb11u1. We recommend that you upgrade your libxstream-java packages. For the detailed security status of libxstream-java please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/libxstream-java Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . A new patch for the XStream Java library has been issued to address various code execution vulnerabilities affecting Debian systems. Ensure your infrastructure is secure today!. libxstream-java, remote code execution, debian security. . LinuxSecurity.com Team

Calendar 2 Nov 10, 2021 Debian
Banner 2 1028x280 1708121730 1 1771599631
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorysecurity issuecritical

Debian 9 Stretch DLA-2769-1 Critical: Libxstream-java Remote Code Exec

Multiple security vulnerabilities have been discovered in XStream, a Java library to serialize objects to XML and back again. These vulnerabilities may allow a remote attacker to load and execute arbitrary . -------------------------------------------------------------------------Debian LTS Advisory DLA-2769-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Markus Koschany September 29, 2021 https://wiki.debian.org/LTS -------------------------------------------------------------------------Package : libxstream-java Version : 1.4.11.1-1+deb9u4 CVE ID : CVE-2021-39139 CVE-2021-39140 CVE-2021-39141 CVE-2021-39144 CVE-2021-39145 CVE-2021-39146 CVE-2021-39147 CVE-2021-39148 CVE-2021-39149 CVE-2021-39150 CVE-2021-39151 CVE-2021-39152 CVE-2021-39153 CVE-2021-39154 Multiple security vulnerabilities have been discovered in XStream, a Java library to serialize objects to XML and back again. These vulnerabilities may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. XStream itself sets up a whitelist by default now, i.e. it blocks all classes except those types it has explicit converters for. It used to have a blacklist by default, i.e. it tried to block all currently known critical classes of the Java runtime. Main reason for the blacklist were compatibility, it allowed to use newer versions of XStream as drop-in replacement. However, this approach has failed. A growing list of security reports has proven, that a blacklist is inherently unsafe, apart from the fact that types of 3rd libraries were not even considered. A blacklist scenario should be avoided in general, because it provides a false sense of security. See also https://x-stream.github.io/security.html#framework For Debian 9 stretch, these problems have been fixed inversion 1.4.11.1-1+deb9u4. We recommend that you upgrade your libxstream-java packages. For the detailed security status of libxstream-java please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/libxstream-java Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Suggested enhancement for libxstream-java to address various security vulnerabilities that could result in remote code execution threats.. Debian LTS, LibXStream-Java, Remote Code Execution, Security Update. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Sep 29, 2021 Critical Debian LTS
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisoryupdatedebian

Debian 9: DLA-2405-1 Update: Httpcomponents-Client Security Fix

Oleg Kalnichevski discovered that httpcomponents-client, a Java library for building HTTP-aware applications, can misinterpret a malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2405-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Markus Koschany October 10, 2020 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : httpcomponents-client Version : 4.5.2-2+deb9u1 CVE ID : CVE-2020-13956 Oleg Kalnichevski discovered that httpcomponents-client, a Java library for building HTTP-aware applications, can misinterpret a malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. For Debian 9 stretch, this problem has been fixed in version 4.5.2-2+deb9u1. We recommend that you upgrade your httpcomponents-client packages. For the detailed security status of httpcomponents-client please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/httpcomponents-client Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Implement a patch to resolve the vulnerability in httpcomponents-client identified by Oleg Kalnichevski as outlined in Debian LTS advisory DLA-2405-1.. httpcomponents-client update, Debian LTS security, Java application security. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Oct 10, 2020 Critical Debian LTS
Banner 2 1028x280 1708121730 1 1771599631
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here