Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian LTS openssl Important Use-After-Free NULL Pointer Issues DLA-4624-1

Calendar White Jun 09, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 alsa-lib Important Denial of Service Fix USN-8044-2

Calendar White Jun 09, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS node-shell-quote Important Denial of Service CVE-2026-9277

Calendar White Jun 09, 2026
Important
Mageia Large Esm H800
Mageia

Mageia 9 Suricata Critical Performance Security Issues MGASA-2026-0181

Calendar White Jun 09, 2026
Critical
Mageia Large Esm H900
Mageia

Mageia 9 PackageKit Important TOCTOU Race Escalation CVE-2026-41651

Calendar White Jun 09, 2026
Important
Mageia Large Esm H900
Mageia

Mageia 9 Unbound Critical Remote Code Execution Advisory 2026-0034

Calendar White Jun 09, 2026
Critical
Ubuntu Large Esm H800
Ubuntu

Ubuntu 26.04 LTS Netatalk Multiple Security Issues USN-8395-1

Calendar White Jun 09, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 43 mingw-objfw 1.5.5 Update Security Fix FEDORA-2026-de23fedf3e

Calendar White Jun 08, 2026
Fedora Large Esm H900
Fedora

Fedora 43 objfw Important Update 1.5.5 Bug Fixes June 2026

Calendar White Jun 08, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":549,"type":"x","order":1,"pct":78.54,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.29,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.86,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.3,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -7 articles for you...
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisoryXSSDoS

OpenShift: RHSA-2023-3663-01 Important: Jenkins Plugin Security Issues

An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: jenkins and jenkins-2-plugins security update Advisory ID: RHSA-2023:3663-01 Product: OpenShift Developer Tools and Services Advisory URL: https://access.redhat.com/errata/RHSA-2023:3663 Issue date: 2023-06-19 CVE Names: CVE-2022-2048 CVE-2022-22976 CVE-2022-40149 CVE-2022-40150 CVE-2022-41966 CVE-2022-42003 CVE-2022-42004 CVE-2023-1370 CVE-2023-1436 CVE-2023-20860 CVE-2023-26464 CVE-2023-27898 CVE-2023-27899 CVE-2023-27903 CVE-2023-27904 CVE-2023-32977 CVE-2023-32981 ==================================================================== 1. Summary: An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8 - noarch 3. Description: Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Security Fix(es): * xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966) * json-smart: Uncontrolled Resource Consumption vulnerability injson-smart (Resource Exhaustion) (CVE-2023-1370) * springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860) * log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging (CVE-2023-26464) * Jenkins: XSS vulnerability in plugin manager (CVE-2023-27898) * Jenkins: Temporary plugin file created with insecure permissions (CVE-2023-27899) * jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin (CVE-2023-32977) * http2-server: Invalid HTTP/2 requests cause DoS (CVE-2022-2048) * springframework: BCrypt skips salt rounds for work factor of 31 (CVE-2022-22976) * jettison: parser crash by stackoverflow (CVE-2022-40149) * jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003) * jackson-databind: use of deeply nested arrays (CVE-2022-42004) * jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436) * jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin (CVE-2023-32981) * jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150) * Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903) * Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2087214 - CVE-2022-22976 springframework: BCrypt skips salt rounds for work factor of 31 2116952 - CVE-2022-2048 http2-server: Invalid HTTP/2 requests cause DoS 2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS 2135247 - CVE-2022-42004 jackson-databind: use of deeplynested arrays 2135770 - CVE-2022-40150 jettison: memory exhaustion via user-supplied XML or JSON data 2135771 - CVE-2022-40149 jettison: parser crash by stackoverflow 2170431 - CVE-2022-41966 xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow 2177626 - CVE-2023-27899 Jenkins: Temporary plugin file created with insecure permissions 2177629 - CVE-2023-27898 Jenkins: XSS vulnerability in plugin manager 2177632 - CVE-2023-27903 Jenkins: Temporary file parameter created with insecure permissions 2177634 - CVE-2023-27904 Jenkins: Information disclosure through error stack traces related to agents 2180528 - CVE-2023-20860 springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern 2182788 - CVE-2023-1436 jettison: Uncontrolled Recursion in JSONArray 2182864 - CVE-2023-26464 log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging 2188542 - CVE-2023-1370 json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) 2207830 - CVE-2023-32977 jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin 2207835 - CVE-2023-32981 jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin 6. Package List: OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8: Source: jenkins-2-plugins-4.11.1686831822-1.el8.src.rpm jenkins-2.401.1.1686831596-3.el8.src.rpm noarch: jenkins-2-plugins-4.11.1686831822-1.el8.noarch.rpm jenkins-2.401.1.1686831596-3.el8.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2022-2048 https://access.redhat.com/security/cve/CVE-2022-22976 https://access.redhat.com/security/cve/CVE-2022-40149 https://access.redhat.com/security/cve/CVE-2022-40150 https://access.redhat.com/security/cve/CVE-2022-41966 https://access.redhat.com/security/cve/CVE-2022-42003 https://access.redhat.com/security/cve/CVE-2022-42004 https://access.redhat.com/security/cve/CVE-2023-1370 https://access.redhat.com/security/cve/CVE-2023-1436 https://access.redhat.com/security/cve/CVE-2023-20860 https://access.redhat.com/security/cve/CVE-2023-26464 https://access.redhat.com/security/cve/CVE-2023-27898 https://access.redhat.com/security/cve/CVE-2023-27899 https://access.redhat.com/security/cve/CVE-2023-27903 https://access.redhat.com/security/cve/CVE-2023-27904 https://access.redhat.com/security/cve/CVE-2023-32977 https://access.redhat.com/security/cve/CVE-2023-32981 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZJBOjdzjgjWX9erEAQiIaxAAqRYmp33KBW/CzJxQJPBVI+FFOVBPJw4N FtPLHkS8dOc1jn8G9iFNB65yJIRNR22P7pMgAeLTxQdKfSRcqXATnRb9KeGyS9rc zywKYyEgnijy6vw/0fU1xFl6nWxvmQILZbE74ifH0viiyjRRHsNmtNt4Qxad3FGI UFrmJ56s4YozyfbWtuZmbgtAeQ7BvuofSLaDPUDAcycsVdZ09QOlZjjRF1P06b+S Qd4pivaACd1ofI6lmLXsF2cU+iSbOs8N9NyVEBgh/K7BdevBvcpivvb6E24GuNu8 2YvG+cY5fdv3Z+LIrr3OSepH9PIRcJqKFmMCBPxHQ0K74dv3Vu1xzNyLf+dfy7xZ qerl648jXX2OQ6uOb4nYCG+F9OL0VKIVLluNQE9nPtkTe1S/HNAjMIwl15jl/td0 fhjQrDCs6xRV4/tu+UvwC6cbyoEJES0WAsveF0vwKTN3+4Bq+DpPv29zbRwv+rXY MlVqM4LsNwK0u9DiuoAPr5/l8irCwD9ekGyaoSyclOLYfhixXc2A0sowRxA6adPt IyBKKn4R6k/Rsm10KyRn6zSSwFjnFemgf30yLpnq2kffjHcZfakpeTbgS5VkRIdG SNA+ZZAYQXfK41I9kVQj82cxBEeeomdTvSYo7+IErUcEAATL+CJZO7RyF8rLJe8z 9EuOj2l9FI4=nbrJ -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Crucial Patch from Red HatTackles Vulnerabilities in Jenkins and Jenkins-2-Plugins to Bolster System Security.. jenkins security update, OpenShift tools, Important CVE fixes. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jun 19, 2023 Important Red Hat
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedoraremote code execution

Fedora 22: 2015-5643 Critical: Jenkins Matrix Plugin Remote Code Execution

Fix CVE-2015-1806 (SECURITY-125). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-5643 2015-04-06 16:25:16 -------------------------------------------------------------------------------- Name : jenkins-matrix-project-plugin Product : Fedora 22 Version : 1.4.1 Release : 1.fc22 URL : https://github.com/jenkinsci/matrix-project-plugin Summary : Jenkins Matrix Project Plugin Description : This package provides Jenkins plugin which adds support for Multi-configuration (matrix) project type. -------------------------------------------------------------------------------- Update Information: Fix CVE-2015-1806 (SECURITY-125) -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update jenkins-matrix-project-plugin' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/admin/lists/package-announce.lists.fedoraproject.org/ . Urgent security patch released for Jenkins Matrix Project Plugin on Fedora 22 tackling vulnerability SECURE-125.. jenkins-matrix-project-plugin,Fedora 22,security update,software management,remote code execution. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Apr 21, 2015 Critical Fedora
Banner 2 1028x280 1708121730 1 1771599631
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":549,"type":"x","order":1,"pct":78.54,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.29,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.86,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.3,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here