Alerts This Week
Warning Icon 1 541
Alerts This Week
Warning Icon 1 541

Stay Secure with the Latest Linux Advisories

Ubuntu Large Esm H800
Ubuntu

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H800
Ubuntu

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Calendar White Jun 03, 2026
Critical
Oracle Large Esm H900
Oracle

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Calendar White Jun 03, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Calendar White Jun 02, 2026
moderate
Oracle Large Esm H800
Oracle

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Calendar White Jun 02, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Calendar White Jun 02, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -7 articles for you...
198
Ls Advisories Archlinux Esm H240
Price Tag 1security advisoryhigh severityarbitrary code execution

Arch Linux Alert: ASA-201811-8 Critical Vulnerability in Lib32-Libcurl

The package lib32-libcurl-compat before version 7.62.0-1 is vulnerable to arbitrary code execution. . Arch Linux Security Advisory ASA-201811-8 ======================================== Severity: High Date : 2018-11-06 CVE-ID : CVE-2018-16839 CVE-2018-16840 Package : lib32-libcurl-compat Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-797 Summary ====== The package lib32-libcurl-compat before version 7.62.0-1 is vulnerable to arbitrary code execution. Resolution ========= Upgrade to 7.62.0-1. # pacman -Syu "lib32-libcurl-compat> =7.62.0-1" The problems have been fixed upstream in version 7.62.0. Workaround ========= None. Description ========== - CVE-2018-16839 (arbitrary code execution) The internal function Curl_auth_create_plain_message fails to correctly verify that the passed in lengths for name and password aren't too long, then calculates a buffer size to allocate. On systems with a 32 bit size_t, the math to calculate the buffer size triggers an integer overflow when the user name length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. - CVE-2018-16840 (arbitrary code execution) A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct. Impact ===== A malicious remote server might be able to execute arbitrary commands by closing the connection from a client using easy handlers. A malicious user could execute arbitrary code by passing a very long username or password used for SASLauthentication. References ========= https://curl.se/docs/CVE-2018-16839.html https://github.com/curl/curl/commit/f3a24d7916b9173c69a3e0ee790102993833d6c5 https://curl.se/docs/CVE-2018-16840.html https://github.com/curl/curl/commit/81d135d67155c5295b1033679c606165d4e28f3f https://security.archlinux.org/CVE-2018-16839 https://security.archlinux.org/CVE-2018-16840 . Arch Linux advisory ASA-201811-8 highlights vulnerabilities in lib32-libcurl-compat, urging users to update with `sudo pacman -Syu` for security.. libcurl compatibility, archlinux security, software advisory, critical execution risk. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Nov 10, 2018 Critical ArchLinux
200
Ls Advisories Scientific Esm H240
Price Tag 1security advisorynetwork securityauthentication issue

Scientific Linux 6: SLSA-2014:0561-1 Moderate: curl Security Update

Moderate: curl security and bug fix update. Date: Tue, 27 May 2014 18:10:33 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Moderate: curl on SL6.x i386/x86_64 MIME-Version: 1.0 Synopsis: Moderate: curl security and bug fix update Advisory ID: SLSA-2014:0561-1 Issue Date: 2014-05-27 CVE Numbers: CVE-2014-0015 CVE-2014-0138 -- It was found that libcurl could incorrectly reuse existing connections for requests that should have used different or no authentication credentials, when using one of the following protocols: HTTP(S) with NTLM authentication, LDAP(S), SCP, or SFTP. If an application using the libcurl library connected to a remote server with certain authentication credentials, this flaw could cause other requests to use those same credentials. (CVE-2014-0015, CVE-2014-0138) This update also fixes the following bugs: * Previously, the libcurl library was closing a network socket without first terminating the SSL connection using the socket. This resulted in a write after close and consequent leakage of memory dynamically allocated by the SSL library. An upstream patch has been applied on libcurl to fix this bug. As a result, the write after close no longer happens, and the SSL library no longer leaks memory. * Previously, the libcurl library did not implement a non-blocking SSL handshake, which negatively affected performance of applications based on libcurl's multi API. To fix this bug, the non-blocking SSL handshake has been implemented by libcurl. With this update, libcurl's multi API immediately returns the control back to the application whenever it cannot read/write data from/to the underlying network socket. * Previously, the curl package could not be rebuilt from sources due to an expired cookie in the upstream test-suite, which runs during the build. An upstream patch has been applied to postpone the expiration date of the cookie, which makes it possible to rebuild the package from sources again. *Previously, the libcurl library attempted to authenticate using Kerberos whenever such an authentication method was offered by the server. This caused problems when the server offered multiple authentication methods and Kerberos was not the selected one. An upstream patch has been applied on libcurl to fix this bug. Now libcurl no longer uses Kerberos authentication if another authentication method is selected. All running applications that use libcurl have to be restarted for this update to take effect. -- SL6 x86_64 curl-7.19.7-37.el6_5.3.x86_64.rpm curl-debuginfo-7.19.7-37.el6_5.3.i686.rpm curl-debuginfo-7.19.7-37.el6_5.3.x86_64.rpm libcurl-7.19.7-37.el6_5.3.i686.rpm libcurl-7.19.7-37.el6_5.3.x86_64.rpm libcurl-devel-7.19.7-37.el6_5.3.i686.rpm libcurl-devel-7.19.7-37.el6_5.3.x86_64.rpm i386 curl-7.19.7-37.el6_5.3.i686.rpm curl-debuginfo-7.19.7-37.el6_5.3.i686.rpm libcurl-7.19.7-37.el6_5.3.i686.rpm libcurl-devel-7.19.7-37.el6_5.3.i686.rpm - Scientific Linux Development Team lastline . A balanced update to curl's security in Scientific Linux rectifies significant vulnerabilities concerning network verification and potential memory overflow issues.. curl Update, Scientific Linux, Authentication Issue, libcurl Security, Network Vulnerability. . LinuxSecurity.com Team

Calendar 2 May 27, 2014 Scientific Linux
Banner 1 1028x280 1708121660 1771599717
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here