Alerts This Week
Warning Icon 1 659
Alerts This Week
Warning Icon 1 659

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -5 articles for you...
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorycriticaldebian

Debian LTS DLA-3839-1 Critical: Putty ECDSA Key Compromise Risk

A biased ECDSA nonce generation allowed an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. In other words, an adversary may already have enough signature information to compromise a victim's . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3839-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Bastien Roucariès June 20, 2024 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : putty Version : 0.74-1+deb11u1~deb10u2 CVE ID : CVE-2024-31497 A biased ECDSA nonce generation allowed an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. This allowed an attacker to (for instance) log in to any servers the victim uses that key for. To obtain these signatures, an attacker need only briefly compromise any server the victim uses the key to authenticate to. Therefore, if you have any NIST-P521 ECDSA key, we strongly recommend you to replace it with a freshly new created with a fixed version of putty. Then, to revoke the old public key and remove it from any machine where you use it to login into, so that a signature from the compromised key has no value any more. The only affected key type is 521-bit ECDSA. That is, a key that appears in Windows PuTTYgen with ecdsa-sha2-nistp521 at the start of the 'Key fingerprint' box, or is described as 'NIST p521', or has an id starting ecdsa-sha2-nistp521 in the SSH protocol or the key file. Other sizes of ECDSA, and other key algorithms, are unaffected. In particular, Ed25519 is not affected. For Debian 10 buster, this problem has been fixed in version 0.74-1+deb11u1~deb10u2. Werecommend that you upgrade your putty packages. For the detailed security status of putty please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/putty Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Ubuntu Security Notice USN-1234-1 addresses vulnerabilities in OpenSSH that jeopardize RSA key integrity under specific conditions.. Putty Security, Debian LTS Advisory, ECDSA Attack, NIST P-521 Security. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jun 20, 2024 Critical Debian LTS
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisorycriticalsystem access

Edubuntu: Critical iTALC Remote Control Vulnerability 1061-1 Identified

Stéphane Graber discovered that the iTALC private keys shipped with the Edubuntu Live DVD were not correctly regenerated once Edubuntu was installed. If an iTALC client was installed with the vulnerable keys, a remote attacker could gain control of the system. Only systems using keys from the Edubuntu Live DVD were affected. [More...]. ==========================================================Ubuntu Security Notice USN-1061-1 February 11, 2011 italc vulnerability CVE-2011-0724 ========================================================== A security issue affects the following Edubuntu releases: Edubuntu 9.10 Edubuntu 10.04 LTS Edubuntu 10.10 This advisory does not apply to the corresponding versions of Ubuntu, Kubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Edubuntu 9.10: italc-client 1:1.0.9.1-0ubuntu16.1 Edubuntu 10.04 LTS: italc-client 1:1.0.9.1-0ubuntu18.10.04.1 Edubuntu 10.10: italc-client 1:1.0.9.1-0ubuntu18.10.10.1 After a standard system update, if you had originally installed from the Edubuntu Live DVD and the bad keys were found, you will need to redistribute the newly generated public keys to your iTALC clients and restart each session. For more details, see: https://wiki.ubuntu.com/iTalc/Keys Details follow: Stéphane Graber discovered that the iTALC private keys shipped with the Edubuntu Live DVD were not correctly regenerated once Edubuntu was installed. If an iTALC client was installed with the vulnerable keys, a remote attacker could gain control of the system. Only systems using keys from the Edubuntu Live DVD were affected. Updated packages for Edubuntu 9.10: Source archives: Size/MD5: 16671 1463aaba5c51b8cec0d60b95f748604e Size/MD5: 1920 08011f20c0f1ef67bc9585cb1e7b1afd Size/MD5: 3294206 5acc6bd10139bc3e05e7106d27410e46 amd64 architecture (Athlon64, Opteron,EM64T Xeon): Size/MD5: 542156 64fb51a7bc9f270430816c26d9975087 Size/MD5: 1104570 3ec712ffb519e2d435049fef207fd2c6 Size/MD5: 203938 2f304ef75066085440e3d212a8b369cb i386 architecture (x86 compatible Intel/AMD): Size/MD5: 511854 8a7275b9a5d0bd04c72f3eb9ca1b331d Size/MD5: 1107262 d7cfffe6dac606775375e924a30e26f3 Size/MD5: 205602 2cf1ef5e65abe30128c079c3f1449384 armel architecture (ARM Architecture): Size/MD5: 538896 eb7379ae546c8536ca02c89e2bca4ef8 Size/MD5: 1091678 5b7b38132f58ecc7888c1c1f2be2ec69 Size/MD5: 193496 3c34296c12cf3196c4461c5fb466e26d lpia architecture (Low Power Intel Architecture): Size/MD5: 517964 58315714b8f7ac8947d10c006e2338b7 Size/MD5: 1112450 1e07a33fd32a2b39e2f98247fea1fd91 Size/MD5: 207090 a8de2ff7e3a63d7941c907c6f7662327 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 509256 6d3ab8b223c052daf61505e3699c548c Size/MD5: 1104256 a60f8f7864eaccd3925ed159f9922a52 Size/MD5: 207212 3f17a9133c795d574afbcaab646c0a6a sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 535652 3b4d443d9c446be018420f8d24660ec7 Size/MD5: 1113496 a69b5373083c72ae1f7fee5a8ec1ad2d Size/MD5: 199270 1d46750c6fdb042ebbc3fc8da0b87cc3 Updated packages for Edubuntu 10.04 LTS: Source archives: Size/MD5: 17359 01b5b5b9b20a3318de6eebff121bc060 Size/MD5: 1944 462055fb0ec328c3bc732189bb9b78ff Size/MD5: 3294206 5acc6bd10139bc3e05e7106d27410e46 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 540436 adf3a38bca52cfec45c0062451ae58e3 Size/MD5: 1116274 8bf410d86837d1bd44afce17a7c3259b Size/MD5: 205174 4182e5ce1528aeb2892f9cc6dc551bec i386 architecture (x86 compatible Intel/AMD): Size/MD5: 509254 fc058ac14090555b5b9a5b6258021506 Size/MD5: 1118644 4bb71f3d4d5b8ef2e77d5c9d37d340a2 Size/MD5: 206942 c875777d44d896765f38daea53b48449 armel architecture (ARM Architecture): Size/MD5: 514320 fc6ee6aeda4a44b55170b1e12935548d Size/MD5: 1096032 eecadd401d07293479828fd46119184a Size/MD5: 190692 ddfcda169a7002e70271b28c4ef0a719 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 506784 480566c62a80d3e1a031e663b82cd227 Size/MD5: 1115134 f622aaae7105494eff7c18f6bc69aba4 Size/MD5: 208300 a54eb8025c139551ed43c58560e3c90f sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 558922 bba1195414cc2683a0726c27bfd24916 Size/MD5: 1126202 bf3a680e3a0d2d51fc936490fb7a1e0f Size/MD5: 200984 67e38faf389fa0b4aaad118d00dd99e6 Updated packages for Edubuntu 10.10: Source archives: Size/MD5: 18083 39a981929bf84da42a97a54864228949 Size/MD5: 1944 24f547e0d9d843a7840bad3a9175819c Size/MD5: 3294206 5acc6bd10139bc3e05e7106d27410e46 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 532426 8d13c2c03230c8122d7bf3a0f1d5dbfd Size/MD5: 1117386 9eaa534098d4c5493fff03517c7b9545 Size/MD5: 203276 bf0bc8803ea8bf6b516ddaab9577a881 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 501438 ff1bcd699abfcc7901238a393441eb10 Size/MD5: 1120146 384a7eec9820349758c14026b11ce4ad Size/MD5: 205172 afce197eedd356c41c0363578247a815 armel architecture (ARM Architecture): Size/MD5: 570806 87388b75705ac4b3215b03d7233159fa Size/MD5: 1105250 51a40f0a7e63051a169f1c8dfc36b89e Size/MD5: 194404 e654aee0c1608fdbd939e854e694134a powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 499942 1ff63b28c25c2127e45d3bedbd1bbbae Size/MD5: 1117620 a7ca6291800aeb99410b39056fd58982 Size/MD5: 206704669dbbfde3b0fe231bb05d4522d95165 . A flaw in iTALC found within the Edubuntu Live DVD poses a threat of unauthorized system entry. Discover methods to fortify your security.. iTALC Security, Edubuntu Advisories, Remote Access, System Vulnerability, Key Management. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Feb 11, 2011 Critical Ubuntu
Banner 4 1028x280 1708121825 1771600306
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisoryminimal severitygentoo

Gentoo: GLSA-200312-06 Critical: OpenSSL Client Key Exposure

Two flaws have been found in GnuPG 1.2.3. First, ElGamal signing keys can be compromised. These keys are not commonly used. Quote from [More...]. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200312-05 - -------------------------------------------------------------------------- GLSA: 200312-05 Package: app-crypt/gnupg Summary: GnuPG ElGamal signing keys compromised and format string vulnerability Severity: minimal Gentoo bug: 34504, 35639 Date: 2003-12-12 CVE: CAN-2003-0971, CAN-2003-0978 Exploit: unknown Affected: =1.2.3-r5 DESCRIPTION: Two flaws have been found in GnuPG 1.2.3. First, ElGamal signing keys can be compromised. These keys are not commonly used. Quote from : "Phong Nguyen identified a severe bug in the way GnuPG creates and uses ElGamal keys for signing. This is a significant security failure which can lead to a compromise of almost all ElGamal keys used for signing. Note that this is a real world vulnerability which will reveal your private key within a few seconds." Second, there is a format string flaw in the 'gpgkeys_hkp' utility which "would allow a malicious keyserver in the worst case to execute an arbitrary code on the user's machine." See for details. SOLUTION: All users who have created ElGamal signing keys should immediately revoke them. Then, all Gentoo Linux machines with gnupg installed should be updated to use gnupg-1.2.3-r5 or higher. emerge sync emerge -pv '> =app-crypt/gnupg-1.2.3-r5' emerge '> =app-crypt/gnupg-1.2.3-r5' emerge clean // end -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (Darwin) iD8DBQE/2XUCnt0v0zAqOHYRAlrEAJwNpCuOGrcBcjKnC/c/F3AOxsTX3gCfU9ah 0gaONEybmmq0x4/vJheoXwg=F5DR -----END PGP SIGNATURE----- . GnuPG security alert highlights vulnerabilities in DSA keys within release 2.0.5. Users must upgrade promptly to ensureprotection.. GnuPG Flaws,Gentoo Security,ElGamal Vulnerability,Software Update. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Dec 12, 2003 Critical Gentoo
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisoryRed Hatgnupg

Red Hat: RHSA-2001:063-02 Critical: GnuPG Key Compromise Risk

These updates address a potential vulnerability which could allow anattacker to compute a user's secret key.. ` --------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: Updated gnupg packages available Advisory ID: RHSA-2001:063-02 Issue date: 2001-05-02 Updated on: 2001-05-16 Product: Red Hat Linux Keywords: gnupg klima rosa Cross references: Obsoletes: RHSA-2000:131 --------------------------------------------------------------------- 1. Topic: Updated gnupg packages are now available for Red Hat Linux 6.2, 7, and 7.1. These updates address a potential vulnerability which could allow an attacker to compute a user's secret key. 2. Relevant releases/architectures: Red Hat Linux 6.2 - alpha, i386, sparc Red Hat Linux 7.0 - alpha, i386 Red Hat Linux 7.1 - i386 3. Problem description: By modifying an unsuspecting user's private keyring, an attacker can cause a user to generate incorrect signatures for data. If a user generates both a correct and an incorrect signature for the same data, the different signatures can be used to compute the user's secret key. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMsbeing upgraded on your system. 5. Bug IDs fixed ( for more info): 33473 - secret keyring compromise leading to secret key disclosure 6. RPMs required: Red Hat Linux 6.2: SRPMS: alpha: i386: sparc: Red Hat Linux 7.0: SRPMS: alpha: i386: Red Hat Linux 7.1: SRPMS: i386: 7. Verification: MD5 sum Package Name -------------------------------------------------------------------------- 89938a0670ba2588cf0c109c05b2a604 6.2/en/os/SRPMS/gnupg-1.0.5-0.6.x.src.rpm 338782bd895ab81fb7e84d36005fa95e 6.2/en/os/alpha/gnupg-1.0.5-0.6.x.alpha.rpm 3ff455f2312c083994ab7e9c7369e325 6.2/en/os/i386/gnupg-1.0.5-0.6.x.i386.rpm bae79560d0a6cde8746492d15a57ec19 6.2/en/os/sparc/gnupg-1.0.5-0.6.x.sparc.rpm 3a7fed8e807ccb992ce0e05d0a7bbdff 7.0/en/os/SRPMS/gnupg-1.0.5-1.src.rpm 3b84f8fcdd97846ec3435bcdc0a8e4c5 7.0/en/os/alpha/gnupg-1.0.5-1.alpha.rpm c5633eb35d1dc7c753da7ea850eba864 7.0/en/os/i386/gnupg-1.0.5-1.i386.rpm 3a7fed8e807ccb992ce0e05d0a7bbdff 7.1/en/os/SRPMS/gnupg-1.0.5-1.src.rpm c5633eb35d1dc7c753da7ea850eba864 7.1/en/os/i386/gnupg-1.0.5-1.i386.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg 8. References: Integrovaná softwarová a síťová řešení - ICZ Group Copyright(c) 2000, 2001 Red Hat, Inc. `. Critical GnuPG packages update available for Red Hat to prevent secret key compromise due to user keyring attack.. Red Hat Updates,Gnupg Security,Secret Key Risk,Linux Advisory,Security Flaw. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 May 17, 2001 Critical Red Hat
Banner 4 1028x280 1708121825 1771600306
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here