Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Stay Secure with the Latest Linux Advisories

Fedora Large Esm H800
Fedora

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Calendar White Jun 02, 2026
Important
Oracle Large Esm H800
Oracle

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Calendar White Jun 02, 2026
moderate
Oracle Large Esm H900
Oracle

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Calendar White Jun 03, 2026
Critical
Ubuntu Large Esm H800
Ubuntu

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Calendar White Jun 03, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 1 articles for you...
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedoracryptography

Fedora 44 perl-CryptX Moderate Key Recovery Risk CVE-2026-41564

0.088 2026-04-23 - Crypt::KeyDerivation - new functions: pbkdf1_openssl, bcrypt_pbkdf, scrypt_pbkdf, argon2_pbkdf - Crypt::Misc - new functions: random_v7uuid, is_uuid - bundled libtomcrypt update branch:develop (commit: 2e441a17. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-f533fcc0b6 2026-05-02 02:10:24.452774+00:00 -------------------------------------------------------------------------------- Name : perl-CryptX Product : Fedora 44 Version : 0.088 Release : 2.fc44 URL : https://metacpan.org/release/CryptX Summary : Cryptographic toolkit Description : This Perl library provides a cryptography based on LibTomCrypt library. -------------------------------------------------------------------------------- Update Information: 0.088 2026-04-23 - Crypt::KeyDerivation - new functions: pbkdf1_openssl, bcrypt_pbkdf, scrypt_pbkdf, argon2_pbkdf - Crypt::Misc - new functions: random_v7uuid, is_uuid - bundled libtomcrypt update branch:develop (commit: 2e441a17 2026-04-15) - bundled libtommath update branch:develop (commit: ae40a87 2026-04-20) - security fix CVE-2026-41564 https://github.com/DCIT/perl- CryptX/security/advisories/GHSA-24c2-gp6c-24c6 -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 23 2026 Xavier Bachelot - 0.088-2 - Add missing BR: perl(Time::HiRes) * Thu Apr 23 2026 Xavier Bachelot - 0.088-1 - Update to 0.088 (RHBZ#22461073) - Fix CVE-2026-41564 (RHBZ#2461084,RHBZ#2461085) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2461085 - CVE-2026-41564 perl-CryptX: CryptX: Private key recovery due to predictable pseudo-random number generation after forking [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2461085 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-f533fcc0b6' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Update for Fedora 44 perl-CryptX addresses key recovery risk with CVE-2026-41564, enhancing cryptographic functions.. Fedora perl-CryptX CVE-2026-41564 cryptography. . Severity: Important. LinuxSecurity.com Team

Calendar 2 May 02, 2026 Important Fedora
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydenial of servicedebian

Debian: DSA-4380-1 Critical: Golang-1.8 Denial Of Service And Key Recovery

A vulnerability was discovered in the implementation of the P-521 and P-384 elliptic curves, which could result in denial of service and in some cases key recovery. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4380-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff February 01, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : golang-1.8 CVE ID : CVE-2018-6574 CVE-2018-7187 CVE-2019-6486 A vulnerability was discovered in the implementation of the P-521 and P-384 elliptic curves, which could result in denial of service and in some cases key recovery. In addition this update fixes two vulnerabilities in "go get", which could result in the execution of arbitrary shell commands. For the stable distribution (stretch), these problems have been fixed in version 1.8.1-1+deb9u1. We recommend that you upgrade your golang-1.8 packages. For the detailed security status of golang-1.8 please refer to its security tracker page at: Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - --------------------------------------------------. vulnerability, p-521, p-384, elliptic, curves, which. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Feb 01, 2019 Critical Debian
Banner 3 1028x280 1708121785 1771599793
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydenial of serviceupdate

Debian: DSA-4379-1 Critical: Golang-1.7 Denial Of Service and Key Recovery

A vulnerability was discovered in the implementation of the P-521 and P-384 elliptic curves, which could result in denial of service and in some cases key recovery. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4379-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff February 01, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : golang-1.7 CVE ID : CVE-2018-7187 CVE-2019-6486 A vulnerability was discovered in the implementation of the P-521 and P-384 elliptic curves, which could result in denial of service and in some cases key recovery. In addition this update fixes a vulnerability in "go get", which could result in the execution of arbitrary shell commands. For the stable distribution (stretch), these problems have been fixed in version 1.7.4-2+deb9u1. We recommend that you upgrade your golang-1.7 packages. For the detailed security status of golang-1.7 please refer to its security tracker page at: Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Update golang-1.7 to address vulnerabilities related to denial of service and potential key recovery concerns. This is in accordance with the crucial Debian security advisory DSA-4379-1.. Debian Security Advisory, Denial Of Service, Golang Security Update, Key Recovery Issue. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Feb 01, 2019 Critical Debian
198
Ls Advisories Archlinux Esm H240
Price Tag 1security advisorydenial of serviceremote access

Arch Linux: ASA-201804-2 Medium: OpenSSL Denial Of Service and Key Issue

The package openssl before version 1.1.0.h-1 is vulnerable to multiple issues including denial of service and private key recovery. . Arch Linux Security Advisory ASA-201804-2 ======================================== Severity: Medium Date : 2018-04-01 CVE-ID : CVE-2017-3738 CVE-2018-0739 Package : openssl Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-540 Summary ====== The package openssl before version 1.1.0.h-1 is vulnerable to multiple issues including denial of service and private key recovery. Resolution ========= Upgrade to 1.1.0.h-1. # pacman -Syu "openssl> =1.1.0.h-1" The problems have been fixed upstream in version 1.1.0.h. Workaround ========= None. Description ========== - CVE-2017-3738 (private key recovery) There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. - CVE-2018-0739 (denial of service) A stack-exhaustion issue has been found in OpenSSL

Calendar 2 Apr 09, 2018 Medium ArchLinux
Banner 3 1028x280 1708121785 1771599793
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorygnupgcritical

Debian: DSA-3960-1 Critical Attack on GnuPG Key Recovery

Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom discovered that GnuPG is prone to a local side-channel attack allowing full key recovery for RSA-1024. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-3960-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Salvatore Bonaccorso September 01, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : gnupg CVE ID : CVE-2017-7526 Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom discovered that GnuPG is prone to a local side-channel attack allowing full key recovery for RSA-1024. For the oldstable distribution (jessie), this problem has been fixed in version 1.4.18-7+deb8u4. We recommend that you upgrade your gnupg packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . OpenSSL has identified a serious local exploit flaw that enables DSA-2048 key extraction, users urged to upgrade to reduce potential threats.. GnuPG Key Recovery, Debian Update, Local Side-Channel Attack. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Sep 01, 2017 Critical Debian
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorygnupgdebian

Debian 7 Wheezy: DLA-1080-1 Critical: GnuPG Local Attack Risk

Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom discovered that gnupg is prone to a local side-channel attack allowing full key recovery for RSA-1024. . Package : gnupg Version : 1.4.12-7+deb7u9 CVE ID : CVE-2017-7526 Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom discovered that gnupg is prone to a local side-channel attack allowing full key recovery for RSA-1024. See https://eprint.iacr.org/2017/627 for details. For Debian 7 "Wheezy", these problems have been fixed in version 1.4.12-7+deb7u9. We recommend that you upgrade your gnupg packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Explore the latest gnupg patch targeting local side-channel vulnerabilities in Debian LTS to enhance system security.. Debian LTS, GnuPG Security, Local Attack Prevention, RSA Key Recovery. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Aug 31, 2017 Critical Debian LTS
Banner 3 1028x280 1708121785 1771599793
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydebiankey recovery

Debian: DSA-3901-1 Critical: Libgcrypt Key Recovery Vulnerability

Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom discovered that Libgcrypt is prone to a local side-channel attack allowing full key recovery for RSA-1024. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-3901-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Salvatore Bonaccorso July 02, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libgcrypt20 CVE ID : CVE-2017-7526 Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom discovered that Libgcrypt is prone to a local side-channel attack allowing full key recovery for RSA-1024. See https://eprint.iacr.org/2017/627 for details. For the oldstable distribution (jessie), this problem has been fixed in version 1.6.3-2+deb8u4. For the stable distribution (stretch), this problem has been fixed in version 1.7.6-2+deb9u1. For the testing distribution (buster), this problem has been fixed in version 1.7.8-1. For the unstable distribution (sid), this problem has been fixed in version 1.7.8-1. We recommend that you upgrade your libgcrypt20 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Libgcrypt patch released for Debian fixing vulnerabilities linked to side-channel exploitations. Immediate upgrade advised.. Debian Update, Libgcrypt Issue, Key Recovery Vulnerability. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jul 02, 2017 Critical Debian
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisorymoderatedenial of service

Ubuntu 16.04 LTS: USN-3163-1 Moderate: NSS Denial of Service

Several security issues were fixed in NSS.. =========================================================================Ubuntu Security Notice USN-3163-1 January 04, 2017 nss vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in NSS. Software Description: - nss: Network Security Service library Details: It was discovered that NSS incorrectly handled certain invalid Diffie-Hellman keys. A remote attacker could possibly use this flaw to cause NSS to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5285) Hubert Kario discovered that NSS incorrectly handled Diffie Hellman client key exchanges. A remote attacker could possibly use this flaw to perform a small subgroup confinement attack and recover private keys. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-8635) Franziskus Kiefer discovered that NSS incorrectly mitigated certain timing side-channel attacks. A remote attacker could possibly use this flaw to recover private keys. (CVE-2016-9074) This update refreshes the NSS package to version 3.26.2 which includes the latest CA certificate bundle. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.10: libnss3 2:3.26.2-0ubuntu0.16.10.1 Ubuntu 16.04 LTS: libnss3 2:3.26.2-0ubuntu0.16.04.2 Ubuntu 14.04 LTS: libnss3 2:3.26.2-0ubuntu0.14.04.3 Ubuntu 12.04 LTS: libnss3 2:3.26.2-0ubuntu0.12.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart anyapplications that use NSS, such as Evolution and Chromium, to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-3163-1 CVE-2016-5285, CVE-2016-8635, CVE-2016-9074 Package Information: https://launchpad.net/ubuntu/+source/nss/2:3.26.2-0ubuntu0.16.10.1 https://launchpad.net/ubuntu/+source/nss/2:3.26.2-0ubuntu0.16.04.2 https://launchpad.net/ubuntu/+source/nss/2:3.26.2-0ubuntu0.14.04.3 https://launchpad.net/ubuntu/+source/nss/2:3.26.2-0ubuntu0.12.04.1 . Several NSS vulnerabilities have been identified and are reported in this Ubuntu Security Bulletin for different Ubuntu versions.. NSS Issues, Ubuntu Security, Denial of Service, Key Recovery. . LinuxSecurity.com Team

Calendar 2 Jan 04, 2017 Ubuntu
Banner 3 1028x280 1708121785 1771599793
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here